ekey security standards

Enjoy comfort with maximum security

Security of ekey fingerprint access solutions

For its products, ekey guarantees the highest standard in security against misuse and unauthorized access to the access system. In addition, ekey has taken the following recommendations and guidelines into account in the development, design and manufacture of its products:

  • Recommendations of the Federal Office for Information Security www.bsi.bund.de
  • Recommendations of VdS Schadenverhütung GmbH (Trust through security) on access control systems www.vds.de
  • ekey fingerprint scanners are secure against false positives with a false acceptance rate of 1:10 million. This is 1,000 times more secure than a 4-digit code. The probability of unauthorized access and falsification of fingerprints is thus practically impossible in both the private and commercial sectors.
    (This is far above the specification of VDS2358 – Chapter 11.3, which requires >1:100 000).
  • ekey fingerprint scanners are equipped with a capacitive line sensor. The detection of the finger requires a pulling movement over the sensor, whereby no fingerprint is left on the device and therefore can neither be removed nor reproduced.
  • The sensor technology of ekey fingerprint scanners can distinguish between living and dead tissue (RF sensor technology). The reproduction of fake fingers is therefore very complex and can only be done in the laboratory under ideal conditions and with extraordinary expertise.
  • ekey fingerprint scanners with card reading function as an alternative identification possibility (using RFID transponders) use the secure, key-based MIFARE DESFire EV1 procedure.
    (This corresponds to the specifications of guideline VDS2358 – chapter 11.3 regarding variation possibilities and copy protection).
  • With the ekey code pad keypad, 4 to 8-digit pin codes can be used for identification.
    (This corresponds to the specifications of guideline VDS2358 – chapter 11.3).
  • ekey fingerprint scanners have a readout protection. The identification features (minutiae) stored in the finger scanner cannot be read out and further processed. (This corresponds to the requirements of the guideline VDS2358 – chapter 11.4)
  • No fingerprint image can be reproduced from the stored template, as this is converted into a binary numerical code by means of a specially developed algorithm.
  • Voltage failures do not change the identification features in the memory and do not trigger an opening impulse.
    (This corresponds to the specifications of guideline VDS2358 – chapter 13.3).
  • ekey fingerprint scanners were developed for use in unprotected outdoor areas and for use in the home and commercial sector.
    (They correspond to environmental class IV according to VDS guideline VDS2358).
  • ekey fingerprint scanners are registration units. The ekey control unit (actuator unit) with the switching relay for controlling the lock mechanism is separate from the fingerprint scanner and mounted in the secure interior area (security area).
  • ekey fingerprint scanners and ekey control unit are connected via an encrypted data connection. Attempts at tampering (e.g. short-circuiting connecting cables) do not trigger an opening impulse.
  • ekey fingerprint scanners can only be reset to factory settings by the administrator. To do this, it is absolutely necessary to access the control unit in the safe indoor area (security area) and to enter a security code – this is not possible from the outside.
  • Neither in ekey fingerprint scanners nor in ekey control units are hidden access authorization data (e.g. factory code) stored, via which the installer or the manufacturer can gain access without the administrator’s intervention.
    (This corresponds to the specifications of VDS2358 – chapter 13.11.)

Data connections to devices and systems located outside the security area are protected against manipulation by the following mechanisms:

  • A secure coupling procedure is used to establish the connection. (e.g. Bluetooth Secure Simple Pairing). A coupling code of at least 6 digits must be used.
  • If a pairing code is entered incorrectly 3 times, a time lock occurs.
  • Data transmissions are encrypted without exception.
  • It is not possible to transfer malware to ekey devices via data connections.
  • It is not possible to replace or manipulate identification features stored via an interface.
  • The data connections can be deactivated by the administrator and can only be reactivated by the administrator.

In principle, insurance coverage is provided if access is properly blocked.

The conclusion is that, with regard to the risk of burglary, it is relevant from an insurance perspective whether the door/access device is actually locked or not. The question of whether the locking mechanism is operated mechanically or electronically is secondary.

As a general rule, accesses with electronic locking systems (such as ekey fingerprint access systems) should control secure and automatically locking mechatronic locks (e.g. motorized lock). Unlocked access (if the door only falls into the latch or door with electric strike) is usually not insured.