Respecting the notion of unfailing security, protecting access to the building is not enough. It is also important to set up mechanisms to secure the system itself.
Throughout the TIL TECHNOLOGIES architecture, from the badge to the server, electronic and electrical protections are implemented automatically to prevent both failures and human errors, malicious acts (internal and external) or piracy.
Following European high-security standards


Control units secured to the European High-Security Standards
- TLS v1.2 encrypted IP communications (certificates, signed, life signal) between TILLYS NG, KSM NG and MICROSESAME from MS 2018
- Bus RS485 ML/V3 of TILLYS NG encrypted AES 128 bits with automatic and regular modification of the keys, life signal, with initialisation of the keys customizable by the end customer on KSM NG
- Bus ML allow an optimum and secure take up of existing cable
- Protection from Denial of Service (DoS) attacks by the Firewall of control units
- Access to embedded and secure web server (HTTPS, SSH disabled by default)
- Compatible with 802.1X, fixed @IP or DHCP, IPV6 ready
- MLPS communicates 128-bit AES encrypted RS485 bus with EVOLUTION readers
- MLPS with "safe" SAM / HSM certified EAL5 +, to protect keys
- High availability through standalone operation of TILLYS NG control units and direct communication between them
- Informations about breakdowns or malicious acts : pull-out, case opening,communication and power failure (low battery, charger)
- Protection against errors and sabotage thanks to balanced inputs, RS 485 outputs and buses, protected against short circuits, overvoltages and polarity Reversals
- Robust industrial control units (T: -10 ° to + 55 ° C, MTBF of 175 000 hours)
- Downloadable, signed automation firmware included with known CVE patches
- Remote control to desensitize the equipment (keys are deleted) before feed back of the after-sale service
Access control readers
- Secured to the European high-security standards, «transparent reader» (no encryption key stored in the reader)
- Secure communication between control units and Evolution readers (RS485 encrypted AES 128 bits), signed and with sign of life, pull-out reader alarm
- Available in reader + keyboard version, secured to the European high-security standards
- The reader can read up to 4 types of different DESFIRE EV badges to the MLPS/MLDS
IT and network infrastructure
- Hot redundancy of the MICROSESAME server for automatic recovery from
hardware failures, without service disruption or loss of data
- Compatible with secure computing environment (VPN / VLAN networks,
802.1x radius server, LDAP directory, IPv6 ready
SNMP v3 (network status)
- COM network port filtering
- All encoders, enrollers and client computers don't keep the card keys
Access to applications and supervision
- Access to the MICROSESAME software supervisor by password managed by the LDAP directory
- Fine management of operator rights on
MICROSESAME, WEBSESAME, API REST :display levels and access to features, sites, entities, access classification, according to specific profiles
- Traceability of operator actions in a dedicated interface
- Operator password protected in BDD HASH SHA-512 + 512 random charaters SEL
- WEBSESAME portal page protected against "CSRF attacks"
Encryption of secure badges
- Desfire EV1 and EV2 Technology
- The KEY SECURE MANAGER software and the key ceremony allow the end customer to control (create, modify, delete) the encryption keys that protect access to each application of the badge (access control, photocopier, restaurant, etc.). ..)
- Multi-application encoding and graphic badge printing in one operation
- Diversification of key to have different keys per badges
- KSM NG keys are exported in an AES 256 bits encrypted contener and imported in MS 2018 to a centralized download keys to MLPS/MLDS
