Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
en:how_to_manually_manage_server_device_encryption_key [2018/04/02 17:21] ethan created |
en:how_to_manually_manage_server_device_encryption_key [2018/10/17 08:39] kate [Configuration] |
||
---|---|---|---|
Line 11: | Line 11: | ||
Please take note of the cautions before using this feature: \\ \\ | Please take note of the cautions before using this feature: \\ \\ | ||
**Device**\\ | **Device**\\ | ||
- | * all the users on the device are deleted and transferred to the device again | + | * ALL the users on the device are deleted and transferred to the device again when this feature is turned on. |
- | * When a new device is added to the server that has been encrypted, all data will be deleted and synced again with the server | + | * When a new device is added to the server that has been encrypted, ALL data will be deleted and synced again with the server |
- | * Secure Tamper will be on by default when you use this feature. You cannot turn the feature off. This means that when the device is removed from the bracket, all data in the device will be deleted. | + | * Secure Tamper will be on by default when you use this feature. You cannot turn the feature off. This means that when the device is removed from the bracket, ALL data in the device will be deleted. |
**User**\\ | **User**\\ | ||
- | * Any users with PIN or password have to reconfigure the password because it is not usable after the encryption | + | * Any users with PIN or password have to reconfigure the password because it is not usable after the encryption. |
- | * You cannot apply this feature if any user has a PIN or password. You have to delete all of them before proceeding | + | * You cannot apply this feature if any user has a PIN or password. You have to delete all of them before proceeding. |
* If smart cards were issued before the encryption, card + fingerprint authentication will work but card + PIN will not work. The smart card will have to be issued again with a new PIN. | * If smart cards were issued before the encryption, card + fingerprint authentication will work but card + PIN will not work. The smart card will have to be issued again with a new PIN. | ||
<callout type="primary" icon="true"> | <callout type="primary" icon="true"> | ||
Line 24: | Line 24: | ||
**Database** \\ | **Database** \\ | ||
* The database goes through a migration phase to encrypt the database once you apply the feature. BioStar client is not usable at this state. | * The database goes through a migration phase to encrypt the database once you apply the feature. BioStar client is not usable at this state. | ||
- | * The migration process deletes ALL data in the database and the devices are synced with the server again. During the database migration | + | * The migration encrypts personal data (password, PIN, face and finger template) in the database. |
**Encryption Key** \\ | **Encryption Key** \\ | ||
* The manually configured security key is stored in a secret location and not the database | * The manually configured security key is stored in a secret location and not the database | ||
Line 31: | Line 31: | ||
===== Configuration ===== | ===== Configuration ===== | ||
- | 1. Log in to Biostar 2 with the admin account. \\ | + | 1. Log in to Biostar 2 with the admin account for **user ID 1.** Other administrator users can't access **Advanced Security Settings.** \\ |
2. Go to **Setting** > **SERVER** > **Advanced Security Settings** \\ | 2. Go to **Setting** > **SERVER** > **Advanced Security Settings** \\ | ||
3. Turn on **Secure communication with device**. \\ | 3. Turn on **Secure communication with device**. \\ |