Access Control certified ANSSI : Unfailing safety chain

imprimer ajouter aux favoris

CERTIFICATION-ANSSI

Respecting the notion of unfailing security, protecting access to the building is not enough. It is also important to set up mechanisms to secure the system itself.

Throughout the TIL TECHNOLOGIES architecture, from the badge to the server, electronic and electrical protections are implemented automatically to prevent both failures and human errors, malicious acts (internal and external) or piracy.

Following European high-security standards

ARCHITECTURE SECURITE NIVEAU 1 ANSSI


ARCHITECTURE SECURITE NIVEAU 1 ANSSI

Control units secured to the European High-Security Standards

  • TLS v1.2 encrypted IP communications (certificates, signed, life signal) between TILLYS NG, KSM NG and MICRO-SESAME from MS 2018
  • Bus RS485 ML/V3 of TILLYS NG encrypted AES 128 bits with automatic and regular modification of the keys, life signal, with initialisation of the keys customizable by the end customer on KSM NG
  • Bus ML allow an optimum and secure take up of existing cable
  • Protection from Denial of Service (DoS) attacks by the Firewall of control units
  • Access to embedded and secure web server (HTTPS, SSH disabled by default)
  • Compatible with 802.1X, fixed @IP or DHCP, IPV6 ready
  • MLPS communicates 128-bit AES encrypted RS485 bus with EVOLUTION readers
  • MLPS with "safe" SAM / HSM certified EAL5 +, to protect keys
  • High availability through standalone operation of TILLYS NG control units and direct communication between them
  • Informations about breakdowns or malicious acts : pull-out, case opening,communication and power failure (low battery, charger)
  • Protection against errors and sabotage thanks to balanced inputs, RS 485 outputs and buses, protected against short circuits, overvoltages and polarity Reversals
  • Robust industrial control units (T: -10 ° to + 55 ° C, MTBF of 175 000 hours)
  • Downloadable, signed automation firmware included with known CVE patches
  • Remote control to desensitize the equipment (keys are deleted) before feed back of the after-sale service

Access control readers

  • Secured to the European high-security standards, «transparent reader» (no encryption key stored in the reader)
  • Secure communication between control units and Evolution readers (RS485 encrypted AES 128 bits), signed and with sign of life, pull-out reader alarm
  • Available in reader + keyboard version, secured to the European high-security standards
  • The reader can read up to 4 types of different DESFIRE EV badges to the MLPS/MLDS

IT and network infrastructure

  • Hot redundancy of the MICRO-SESAME server for automatic recovery from hardware failures, without service disruption or loss of data
  • Compatible with secure computing environment (VPN / VLAN networks, 802.1x radius server, LDAP directory, IPv6 ready SNMP v3 (network status)
  • COM network port filtering
  • All encoders, enrollers and client computers don't keep the card keys

Access to applications and supervision

  • Access to the MICRO-SESAME software supervisor by password managed by the LDAP directory
  • Fine management of operator rights on
    MICRO-SESAME, WEB-SESAME, API REST :display levels and access to features, sites, entities, access classification, according to specific profiles
  • Traceability of operator actions in a dedicated interface
  • Operator password protected in BDD HASH SHA-512 + 512 random charaters SEL
  • WEB-SESAME portal page protected against "CSRF attacks"

Encryption of secure badges

  • Desfire EV1 and EV2 Technology
  • The KEY SECURE MANAGER software and the key ceremony allow the end customer to control (create, modify, delete) the encryption keys that protect access to each application of the badge (access control, photocopier, restaurant, etc.). ..)
  • Multi-application encoding and graphic badge printing in one operation
  • Diversification of key to have different keys per badges
  • KSM NG keys are exported in an AES 256 bits encrypted contener and imported in MS 2018 to a centralized download keys to MLPS/MLDS

CERTIFICATION-ANSSI



Commitment

Les engagements TIL TECHNOLOGIES

TIL wants to achieve economic performance in respecting the environment and social equity.

High Security ANSSI

Quality approach

With the Qualification & Certification First Level of Security TIL guarantees the high security of its products and its solution MICRO-SESAME.

Group

VITAPROTECH group logo

French leader in physical access security of sensitive site, VITAPROTECH GROUP has 160 employees divided on 5 sites over the world.

Support

HOTLINE, AND AFTER-SALES SERVICE

Download the after-sales service form


Copyright © 2019 TIL TECHNOLOGIES. All rights reserved.

notre métieur: la sécurité sans faille