Integration of TPM Modules into Security and Access Control Hardware

A diverse range of measures is required to address the threats of the modern era, impacting a wide spectrum of entities from private sector companies to government institutions and affecting society and the economy at large. Leading these mandatory measures is the access control security infrastructure, an indispensable element of physical security. These systems, which control and audit access, not only ensure physical security but also act as a frontline defense against virtual threats.

KVKK and its European counterpart, GDPR, are critically important laws in the context of personal rights and freedoms. These laws aim to protect personal data and, consequently, to preserve the sanctity of private life. With the migration of personal data from paper archives to digital environments, measures for protecting personal data have taken on a new dimension. In parallel with new technological developments, there has been a diversification and a noticeable increase in the types of malicious activities. These attack attempts have begun to endanger societal interests by targeting corporate data in addition to personal data.

A Forward-Thinking Approach to Access Control Security

Access control devices process personal data, particularly critical information such as identity credentials and biometric templates. If the devices you use to manage and audit the physical environment do not possess multi-layered security and cryptographic measures, the risk of personal data being sabotaged and compromised arises. For example, if a device managing your biometric or card-based access system is physically removed from the wall it is mounted on, all the data stored within it could fall into the hands of third parties. Such a risk can lead to severe penalties under KVKK and GDPR, as well as significant issues of corporate trust and reputation. It is precisely at this point that a new approach developed by BioAffix has begun to gain traction in the industry.

In 2014, BioAffix put into practice its vision of bringing a new paradigm to the industry: to eliminate individual and corporate security concerns by integrating multi-layered hardware and software into access control and security systems. Thanks to the TPM module used in all relevant products within the BioAffix ecosystem, all data processed on the devices—such as log records, identity, authorization, and location information—is kept encrypted. The cryptographic process works on the principle that data encrypted by the TPM module can only be decrypted and made readable with the unique keys generated by the module itself. In the event of a potential virtual or physical tampering attempt on the device, the encrypted data is rendered unreadable, making access impossible. The use cases for TPM modules are not limited to corporate infrastructures. For more details on TPM, which also serves as a highly beneficial security barrier for end-users, please see our blog article.

Multi-Dimensional Security with TPM Modules, HSM, and MUL-SEC

All data on the internal disk of BioAffix devices is stored in an encrypted state by the TPM (Trusted Platform Module), in accordance with international security doctrines and NATO standards. This approach aims to keep data secure at all times by preventing any sabotage attempts targeting the device’s data storage area. In the event of any external interference with the storage, it becomes impossible to meaningfully read the information on the disk, as all data is recorded in an unreadable format.

BioAffix devices address security in a multi-dimensional manner through the TPM module, combined with HSM and the MUL-SEC software developed by Ones Technology. Thanks to the integration of the BioAffix OneServer with an HSM (Hardware Security Module), all personal user data—such as identity, biometric, and access information—is written to and read from the database in an encrypted format. All data used by the BioAffix product family for access and verification undergoes advanced, up-to-date, and high-security cryptographic operations during read and write cycles, making it impossible to intercept or read externally. As a result, data encrypted with the HSM cannot be read by any third party, including IT department personnel.

The double-layered MUL-SEC SSL tunnel, developed by Ones Technology, manages data traffic between BioAffix devices and the BioAffix OneServer through encrypted communication enclosed within this dual tunnel. When communication is protected by MUL-SEC, even if your existing load balancer terminates the primary SSL protection, the connection between the BioAffix product family and OneServer remains perpetually protected by MUL-SEC security technology.

With this pioneering approach developed to counter modern threats, the protection of personal and corporate data through multi-layered encryption protocols is ensured. Access control processes implemented in data centers, RF-shielded rooms, command and control centers, and other critical campuses and sites are elevated beyond conventional standards with this vision, now exceeding the requirements of international security protocols.