A transport layer security (TLS/SSL) feature for the communication between the server and device has been implemented in BioStar 2.4.
This feature would stop malicious users from connecting to the device by pretending to be the server with the same server IP.
NB. The BioStar 2 server uses port 51213 for TLS. When enabling the Secure Communication with Device configuration, it is also necessary to ensure that inbound and outbound TCP network communication is permitted on this port for the server.
This security is achieved by storing a digital certificate in the device.
When the device connects to the server, it will exchange an encryption key (session key) using the digital certificate to provide server identity verification.
It will take several minutes for the devices to reconnect to the server.
- BioEntry W2 FW 1.1.0 or later
- BioStation L2 FW 1.2.0 or later
- BioStation A2 FW 1.3.0 or later
- BioStation 2 FW 1.4.0 or later
Follow the steps below to configure the secure communication. It is not turned on by default.
1. Log in to BioStar 2.
2. Click Setting.
3. Click Server.
4. On the Secure Communication with Device tab, set Secure communication with device as Use
If you want to use a external certificate from a CA (certificate authority) such as VeriSign, Comodo, GoDaddy and etc, check Use external certificates and Upload the file.
Do not turn off the secure communication option if the device is physically disconnected from the network while using the secure communication feature.
If the feature is turned off, the certificate of BioStar 2 will be deleted and the device will not be able to connect to the server again.
To connect the device to the server again, the certificate saved in the device must be deleted or the device must be reset to factory default.
For more details regarding factory default, refer to the manual of the device.