Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
en:how_to_manually_manage_server_device_encryption_key [2018/10/17 08:36] kate [Configuration] |
en:how_to_manually_manage_server_device_encryption_key [2021/12/20 14:26] (current) peterk |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | {{tag>"System Configuration" "BioStar 2" "TLS" "secure communication" “Encryption Key”}} | + | {{tag>"System Configuration" "BioStar 2" "TLS" "secure communication" “HashKey”}} |
| - | ====== How to Manually Manage Server & Device Encryption Key ====== | + | ====== How to Manually Manage Server & Device HashKey ====== |
| ===== Concept ===== | ===== Concept ===== | ||
| - | This is a new security feature that is introduced with BioStar 2.6. which allows you to choose your own encryption key to encrypt your database and devices. \\ | + | This is a new security feature that is introduced with BioStar 2.6. which allows you to choose your own HashKey to encrypt your database and devices. \\ |
| <callout type="danger" icon="true"> | <callout type="danger" icon="true"> | ||
| __Do not proceed with using this feature before fully understanding the effect of the encryption feature.__ \\ | __Do not proceed with using this feature before fully understanding the effect of the encryption feature.__ \\ | ||
| Line 24: | Line 24: | ||
| **Database** \\ | **Database** \\ | ||
| * The database goes through a migration phase to encrypt the database once you apply the feature. BioStar client is not usable at this state. | * The database goes through a migration phase to encrypt the database once you apply the feature. BioStar client is not usable at this state. | ||
| - | * The migration encrypts personal data (password, PIN, face and finger template) in the database. | + | * The migration encrypts personal data (password, PIN, face, and finger template) in the database. |
| - | **Encryption Key** \\ | + | **HashKey** \\ |
| * The manually configured security key is stored in a secret location and not the database | * The manually configured security key is stored in a secret location and not the database | ||
| - | * In P2 and N2 devices, the security key is stored in the secure element which is a separate hardware from the flash memory | + | * In P2 and N2 devices, the security key is stored in the secure element which is separate hardware from the flash memory |
| - | * You must keep record of your manual security key that you configured | + | * You must keep a record of your manual security key that you configured |
| ===== Configuration ===== | ===== Configuration ===== | ||
| - | 1. Log in to Biostar 2 with the admin account for **user ID 1.** Other administrator users can't access the menu. \\ | + | 1. Log in to Biostar 2 with the admin account for **user ID 1.** Other administrator users can't access **Advanced Security Settings.** \\ |
| - | 2. Go to **Setting** > **SERVER** > **Advanced Security Settings** \\ | + | 2. Go to **Setting** > **SECURITY** > **Advanced Security Settings** \\ |
| 3. Turn on **Secure communication with device**. \\ | 3. Turn on **Secure communication with device**. \\ | ||
| Line 38: | Line 38: | ||
| 4. Click **Continue** when a warning popup appears. \\ | 4. Click **Continue** when a warning popup appears. \\ | ||
| - | 5. Turn on **Server & device encryption key manual management**. \\ | + | 5. Turn on **Server & device Hashkey management**. \\ |
| <callout type="danger" icon="true"> | <callout type="danger" icon="true"> | ||
| Do not proceed with using this feature before fully understanding the effect of the cautions mentioned above. \\ | Do not proceed with using this feature before fully understanding the effect of the cautions mentioned above. \\ | ||
| Line 44: | Line 44: | ||
| 6. Click **Continue** when a warning popup appears. \\ | 6. Click **Continue** when a warning popup appears. \\ | ||
| <callout type="primary" icon="true"> | <callout type="primary" icon="true"> | ||
| - | If you still have any users with PW or PIN other than the default admin (ID 1) user you have to delete all of the password and PIN before proceeding. \\ Else you cannot turn on the feature. \\ | + | If you still have any users with PW or PIN other than the default admin (ID 1) user you have to delete all of the password and PIN before proceeding. \\ If not, you cannot turn on the feature. \\ |
| </callout> | </callout> | ||
| - | 7. Click **Change** on the **Encryption Key** item. \\ | + | 7. Click **Change** on the **HashKey** item. \\ |
| {{:en:2x_sc_encryption_key_management_002.png?nolink&1200|}} \\ | {{:en:2x_sc_encryption_key_management_002.png?nolink&1200|}} \\ | ||
| 8. Enter your new encryption value. \\ | 8. Enter your new encryption value. \\ | ||
| <callout type="primary" icon="true"> | <callout type="primary" icon="true"> | ||
| - | Your encryption key must be 32 letters in length. \\ | + | Your Hashkey must be 32 letters in length. \\ |
| </callout> | </callout> | ||
| 9. Enter your default administrator password. This will be the password for the default ID 1 admin. \\ | 9. Enter your default administrator password. This will be the password for the default ID 1 admin. \\ | ||
| Line 67: | Line 67: | ||
| {{:en:2x_sc_encryption_key_management_005.png?nolink&400|}} \\ | {{:en:2x_sc_encryption_key_management_005.png?nolink&400|}} \\ | ||
| ===== Turning the Feature Off ===== | ===== Turning the Feature Off ===== | ||
| - | When turning the feature off again, the same PIN and PW restrictions are applied. \\ | + | When turning the feature off again, the same PIN and PW restrictions must be applied. \\ |
| - | You will have to delete all users PIN and password to proceed. \\ | + | You will have to delete all user's PINs and passwords to proceed. \\ |
| 1. Log in to Biostar 2 with the admin account. \\ | 1. Log in to Biostar 2 with the admin account. \\ | ||
| - | 2. Go to **Setting** > **SERVER** > **Advanced Security Settings** \\ | + | 2. Go to **Setting** > **SECURITY** > **Advanced Security Settings** \\ |
| - | 3. Turn off **Server & device encryption key manual management**. \\ | + | 3. Turn off **Server & device Hashkey management**. \\ |
| <callout type="primary" icon="true"> | <callout type="primary" icon="true"> | ||
| If you still have any users with PW or PIN other than the default admin (ID 1) user you have to delete all of the password and PIN before proceeding. \\ Else you cannot turn off the feature. \\ | If you still have any users with PW or PIN other than the default admin (ID 1) user you have to delete all of the password and PIN before proceeding. \\ Else you cannot turn off the feature. \\ | ||