Don’t let a secret tunnel topple your castle. OSDP encryption is crucial to your commercial security.

By Neal Bellamy, IT Director at Kenton Brothers

Open Supervised Device Protocol - OSDPAs in all security, it only takes one weak link to bring the whole castle down. You can have the best moat, the best turrets, and the best drawbridge. But if there was a secret, unguarded passage and the enemy discovered it, it could certainly lead to your demise. In the commercial access control world, the Weigand Protocol is that un-guarded secret passage.

The Weigand Protocol

The Weigand protocol has been used since the 1980s and is named after the Weigand Effect. The Weigand protocol is used to detect the 1’s and 0’s sent from a commercial security reader to the access control panel. (To be clear, there are two separate transmissions that happen when you present a card to a reader.)

The first communication is from the card to the reader itself. This transmission can be protected by the card technology being used. Both the card and the reader have to have the same technology to be compatible. iClass®, Mifare®, and Felica® are examples of card technology where the transmission is encrypted between the card and reader. Proximity is another type of card technology, but the transmission is not encrypted

The second transmission is from the reader to the door controller. With very few exceptions, the Weigand protocol has been the method to support this transmission. If you have an encrypted card technology (and you should) it’s like encoding a message with the Enigma machine, then translating back to plain German and sending the un-encrypted message on horseback to its next location. If the courier gets intercepted while the message is unencrypted… all of that amazing security of the message has been wasted. If someone could change the message without you knowing, you might even make the wrong decision. You might think this is CIA/MI5 material, but it is way more accessible than you think.

Enter the $25 Weigand interface.

Weigand InterfaceIf you look online, you can find a board that can be installed between a reader and control panel that will intercept and log every access card being used. The board is smaller than a poker chip and can be installed behind a reader pretty easily. Once installed, it is powered by the door controller and is completely invisible to the reader and access control system. The attacker can leave it in place for a few days or a few weeks, while it collects every card read. Then, when they are ready, they can retrieve the list of cards from the built-in Wi-Fi interface. If the attacker only needs access to get into that single door, they can even “replay” the card number from the Weigand interface back to the door controller, probably granting access. If they need access to multiple doors, they could use the information to recreate identical cards to the ones you are using.

Placing one of these Weigand interfaces at the front door of a facility could be devastating for your building security.

OSDP = Open Supervised Device Protocol

There is hope. The answer is to also encrypt communication from the reader to the panel.

Open Supervised Device Protocol (OSDP) aims to do this and more. OSDP has been an international standard since 2020 and is all about encrypted communications. It also adds bi-directional communication with readers (know when readers are offline/disconnected), allowing more than one reader on a port, etc. Over the last couple of years, board and reader manufacturers have been implementing OSDP into access control hardware. While not every manufacturer or model supports OSDP, support is growing. For most systems, OSDP can be added on a door-by-door basis. You can convert high-profile doors to OSDP while waiting to upgrade low-risk doors if your budget doesn’t support an all-or-nothing approach.

Stronger DefenseI need to mention a side note here for Gallagher. When I first encountered Gallagher security products in 2010, they were already using their HBUS technology for their readers. While Gallagher supports OSDP, the HBUS technology provides very similar benefits as OSDP like encryption, bi-directional communication, and multiple readers on a port… but HBUS has been doing it for much longer. An additional benefit with Gallagher HBUS and readers is being able to create your own card encryption key easily. This means that no other organization in the world will have a card that can be read on your Gallagher system. This is not a requirement for Gallagher, but it is super simple to do and is part of our standard procedures when installing a new Gallagher system.

Transmitting card numbers from the reader to your access control panels might be the chink in your access control’s armor. As part of our security standard, KB will make sure you are using encrypted communication from the card all the way to the access control system.

If you need help evaluating the next steps in your access control setup or how to get started on the right foot, let us know! Just give us a call and we will be happy to help.

Integrating Facial Recognition into Access Control Physical Security, Increasing Security and Convenience!

By David Strickland, Vice President of Kenton Brothers

“Innovate or Die”

Facial RecognitionWhen walking through Kenton Brothers Systems for Security, you will see this phrase prominently displayed on the walls throughout our building. Innovation is one of our core values and it’s a big reason we continue to provide remarkable physical security solutions for our customers… going on 126 years.

The world is very different than it was 125 years ago, and so are the solutions we provide to mitigate today’s security risks. The need for robust access control measures to safeguard sensitive areas is more critical than ever. As the security industry innovates, traditional methods like mechanical locks, keycards and PINs are gradually being replaced by cutting-edge biometric technologies. Among these, facial recognition stands out as a revolutionary tool, offering enhanced security and convenience in commercial access control physical security.

This blog explores the role of facial recognition as a biometric credential in access control. Here are five ways we think it will have a big impact.

1. Enhanced Security through Uniqueness:

Facial recognition technology capitalizes on the uniqueness of each individual’s facial features. Unlike passwords or keycards, which can be lost, stolen, or shared, faces are inherently unique, making them an ideal biometric credential. By registering authorized personnel in the system, access control devices can accurately match live facial images with the stored templates, ensuring that only authorized individuals gain entry.

2. Seamless and Contactless Authentication:

One of the standout advantages of facial recognition in access control is its contactless nature. Users no longer need to physically interact with devices or carry identification cards. Authentication is as simple as glancing at a camera, making it more convenient and hygienic—particularly in a post-pandemic world where reducing physical contact is thought to be essential.

3. Rapid and Real-Time Identification:

Facial RecognitionFacial recognition technology operates at impressive speeds, providing real-time identification results. This capability is especially valuable in high-traffic areas like airports, offices, and educational institutions, where quick and efficient access control is necessary. The system can process multiple faces simultaneously, reducing bottlenecks and ensuring smooth entry flows.

4. Integration with Existing Systems:

Facial recognition can seamlessly integrate with existing access control infrastructure. Many modern access control systems are designed with open architecture, allowing easy integration with biometric devices. By retrofitting facial recognition solutions into their current systems, organizations can upgrade security measures without a complete overhaul.

5. Multifactor Authentication with one “credential”:

The fusion of facial recognition with other biometric security measures, such as fingerprint or iris recognition, could create biometric systems that offer even higher security levels and resistance to spoofing attempts.  Multifactor authentication all within one “credential” – the human body!

So what about the other side of the coin… Can facial recognition be spoofed?

Yes, facial recognition can be defeated if the installation and calibration processes aren’t followed correctly. One innovation in the commercial security world is helping along that front. For instance, some systems such as  IDEMIA use liveness detection, which ensures that the face presented for authentication is a live, three-dimensional image rather than a photograph. This feature guards against spoofing attempts, where adversaries try to trick the system with static images.

The future of facial recognition in access control physical security looks very promising. Advancements in artificial intelligence and machine learning algorithms will likely improve the accuracy and efficiency of these systems. Additionally, including 3D facial recognition technology could further improve security by adding an extra layer of depth and precision to the identification process.

We believe Facial Recognition as a biometric credential in access control physical security represents a remarkable leap forward in safety and convenience. With enhanced security features, contactless authentication, and rapid identification capabilities, facial recognition technology is reshaping access control best practices.

Want to learn more? Let’s get together and discuss how utilizing this technology can increase your commercial physical security while increasing convenience: two things that are traditionally in conflict!

 

Commercial Safe Drilling Services are a Dying Art. We’ve Got You Covered

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Commercial Safe DrillingSafes are made to keep items secure and for the most part they do a really good job, sometimes too good a job. When safe locks fail, get tampered with, and can’t be unlocked, you have a few options.

One option is having a certified and trained safe professional try to manipulate and open it using a variety of techniques. Second, depending on the type of safe, you can cut the hinges or bolts. And third, you can perform a drilling process. Using the drilling technique can take hours to even days, especially if it is a GSA high security safe.

There are preventative measures you can take to try and help avoid a safe lock from failing:

  • Preventative maintenance. Having a certified professional come on site to perform quarterly or yearly maintenance. They can assess how the safe is operating, provide proper testing, apply proper mechanical lubricants, and advise of any issues before a lock fully fails. Sometimes, locks just fail… but at Kenton Brothers we have seen time and time again preventative maintenance extending the life of the locks. This helps our clients get ahead of any potential issues with their safe(s) which helps financially in the long run.
  • Do not use WD-40 on locks. WD-40 will do more damage to your safe lock than helping it. If you want to apply the right lubricant, please contact Kenton Brothers and we would be happy to sell you the correct products to use on your safe.
  • Use the right locks for the right applications. This is a consistent issue. Our techs go on site and find safe locks that are not the correct rating, or not the right application, for their use requirements. Depending on the nature of your business, or what you are storing in the safe, there are certain requirements from a government level (GSA) that have to be met by law. We are obligated to report these situations when we find them. There are two options to resolve this situation: 1) Provide pricing to bring the safe up to standard or 2) Strip the safe of its certifications and fill out appropriate paperwork.
  • Always keep track of your safe combinations in a safe/secure location. This is an easy way to avoid service calls.
  • Make sure the company you are hiring to work on your safe/safe locks is certified. Your security provider must have experience with safe locks. Just because they are a mechanical locksmith does not mean they are certified to work on safe locks. Unauthorized fixes or attempts to fix can void warranties and cause damage to the equipment.

Commercial Safe Drilling Commercial Safe Drilling Commercial Safe Drilling

A real world story about why this matters.

Recently, we received a service call about a high security safe that was not opening. When our technician arrived on site, he found seven GSA Red Label containers. All seven had the wrong locks on them. (Remember, we are required to report these types of infractions.) We provided our customer with two options: replace all the safe locks or strip them of their certifications. The customer chose to bring one of their safes up to code and strip the rest. This was an expensive process for the customer because we had to drill one of the safes and supply the correct lock, and then do a considerable amount of government related paperwork.

Our customer could have avoided the expense of fixing incorrect locks if they had reached out to a certified GSA company when installing the containers in the first place. We would have advised them on the proper procedures and protocols. They wouldn’t have had to make the decision to decertify six expensive safes. The moral of the story is that hiring certified professionals to work on your safes may be more expensive initially, but in the long run it will be worth the investment!

We have been fortunate to work on safes of every size and level of security.

We have three GSA certified, trained, and continually educated technicians on our team. Let Kenton Brothers be the partner who keeps your safes operating correctly (or allow us to open them when you can’t!)

To schedule service of your safe please give us a call or email service@kentonbrothers.com.

Video: Planning and Implementing Elevator Security

By Erik Andress, Sales Management Professional at Kenton Brothers

In today’s video we’re discussing elevators. In particular, how to secure them with cameras and access control. Elevators can be tricky… They require a lot of planning and coordination with the elevator company. We’ll get into some of those details today and what you need to know!

Step one is by far the most important stage and that’s planning.

Securing an elevator requires collaboration between the elevator company the security integrator as well as the client. The client lets the security innovator know how they want the elevator to function and behave. The security integrator works with the elevator company to make that possible.

Let’s use a an example: Where do you want the card reader mounted? Is it on the outside of the elevator denying access altogether or is it on the inside of the cab denying access just to certain floors? Or both? You may want to deny access to the elevator because it’s not for the public. You may also want to deny access to certain floors because it is a secure facility.

There are details we have to understand. Is there already traveling cable in the elevator? Is there space for us to install our equipment? Where is the control panel for the elevator, and where should our control panel go for access control? It can get complicated quickly.

Step two is integration.

We work with a professional elevator technician to make sure the proper cables are in place and integrate the card reader into the elevator’s controls.

Step three is configuration.

Now that the systems are integrated, we need to make sure that we go back to the client’s expectations of how they wanted the elevator to function. We need to make sure that our configuration is lining up with exactly what they asked for.

Step four is to test and calibrate.

When you put security inside of an elevator, you’re introducing a lot of moving pieces. With access control or commercial video surveillance, we need to make sure that we spend time testing the system. We need to make sure the camera’s field of views are dialed in correctly.

The final step is training.

We need to make sure that the admins and users of the system understands exactly how the system works and how changes can be made.

If you need help securing the elevators in your company buildings, we can help. Just give us a call!

Top 10 Technician Tips to Keep Your Commercial Security Systems Up and Running

Top 10By David Strickland, Vice President of Kenton Brothers

At Kenton Brothers Systems for Security, we believe that the best advice comes from the field. Our technicians are fantastic at taking great care of our customers.  So we asked them about creating a Top 10 list for our customers on how to keep their commercial security systems running well. Here’s what they told us.

Top 10 Technician Tips:
What customers can do to keep their commercial security systems running well.

  1. Top 10 Proactive Tips to Keep Your Commercial Security Systems Up and RunningPut a recurring reminder on your calendar to replace batteries.
  2. Test and verify system functionality on a monthly basis.
  3. When you see damaged, loose, or missing devices, address the problem sooner than later.
    (Replace these weathered devices proactively to prevent a cascading failure later.)
  4. Put the KB service phone number and email in your contact list. This will help identify us when we call or email.
  5. Put KB service contact information on all control panels, NVRs, power supplies, etc.
  6. Have a system inspection and maintenance program. (This extends the life of your system.)
  7. Properly train your team members on the proper procedures of how to interact with system and devices.
  8. Limit personnel with system keys and passwords. (Provide separate login credentials for each authorized user and don’t share passwords. Limit the physical access to those same panels.)
  9. Top 10 Proactive Tips to Keep Your Commercial Security Systems Up and RunningPoint out system devices and cabling to contractors when remodeling to prevent damage or system interruption.
  10. Keep equipment access areas clean and clear for technicians to work and service your systems.

Our technicians take a lot of pride in providing the very best service in the region. They are all factory certified. In an age where customer service is often an afterthought or an annoyance, the KB technicians stand out as champions for our customers.

Please let us know if we can help support you in implementing these Top 10 Technician Tips!