The Link Device

An intelligent device designed to facilitate the unification of physical security with mobile authentication applications. Easy installation that takes less than 30 minutes.

How does it work?

Turn your reader into a mobile-enabled authenticator by installing the link device. 

The User Experience

The Architecture

How to Install

Be up in running in less than 30 minutes!

A convenient, flexible and scalable method of adding an additional layer of security to physical access points with step-up authentication. 

What you’ll need

The Link Device is one of three components for this solution

Hand tapping card at server cabinet

Link Device or LR1 Reader

An intelligent device designed to facilitate the unification of physical security with mobile authentication applications. Easy installation, less than 30 minutes.

Multi Factor Authentication

Link Admin Console

A web platform to manage users, devices, rules, system configuration and two-factor authentication scheduling. Syncs users via the solutions ACM sync feature.

Mobile Authenticator

The second factor of authentication to the presented card. This can be BioConnect’s provided mobile authentication app (using biometrics or a simple yes/no approval), or a supported 3rd Party Authenticator

Hardware Specifications

Learn more about the Link Device specifications.

Note: it is compact enough to fit inside your panel enclosures.

Xtensa LX6 dual-core 240MHz with Secure Boot ATmega168 16MHz
Dynamic Memory
500kB SRAM
Long-Term Storage
4MB hardware-encrypted flash storage (FIPS-197 compliant)
Network Connectivity
10Base-T / 100Base-TX 802.11B/G/N, WPA/WPA2 Secure 2.4GHz Wireless Mesh (optional) Bluetooth 4.2 BR/EDR/BLE
Input Voltage
+12 V DC / PoE (+44VDC)
Wiegand Interface
4 pairs: Wiegand In/Out + LED control
4 pairs: 12-30VDC (dry), 2.5A inductive, 5A resistive
Operating Temperature
-40°C (-40°F) to +125°C (+257°F)
86.4mm X 132.9mm X 24.7 mm

Security & Privacy

Confidently add the Link device to your access control solution with the highest level of security available.

Hardware: The Link Device

The communication between the Link hardware and the BioConnect cloud service is protected using mutually authenticated TLS 1.2 certificates on a secure MQTT protocol. Our hardware has multiple layers of redundancy to ensure your access events go through, even in the event of one or more of power, hardware or software failure.

  1. Mechanical bypass to ACM in loss of power to the hardware device.
  2. Device bypass to ACM if hardware device loses internet connection or cannot connect to the BioConnect cloud service.
  3. Hardware equipped with partition to load an older OTA config/Firmware.
  4. Cloud redundancy for each service for BioConnect Link hardware device.
  5. Link has a dedicated hardware watchdog and software watchdog; either of these will completely reboot and reinitialize the Wiegand circuitry within 250ms of detecting a hardware or software error.

Software: Link Admin Console

Operates behind HTTPS, using TLS 1.2 and provides a standard web application to administer the solution, for example, adding users, schedules, devices, and cards. Our software uses a microservice infrastructure to follow modular software design principles, allowing for higher manageability and scalability. Our cloud service has been designed to scale horizontally, and vertically as required. This is to ensure that access requests are processed regardless of failures and seamlessly handles peak traffic loads.

    Privacy and Data Storage

    Data in Transit: Each device is securely provisioned with a X509 certificate, and BioConnect does not have access to the device’s locally generated private key. For a device, certificate-based authentication is the sole method of logging into the BioConnect cloud exchange; there are no generic usernames or pre-shared passwords that could be obtained by a third-party and then used to forge a connection to your cloud service. In addition to the encrypted transport layer, all user physical access data is separately protected, using either strong symmetric encryption or anonymized using one-way secure hashing. (HMAC-AES256) before it leaves the device.

    Data at Rest: All local flash memory is protected by hardware encryption (AES-256), using a random key that is generated locally on each device and securely stored in a dedicated hardware enclave. Over-The-Air configuration upgrades support full, automatic rollback in the event of configuration errors.