Don’t let a secret tunnel topple your castle. OSDP encryption is crucial to your commercial security.

/in , /by

By Neal Bellamy, IT Director at Kenton Brothers

Open Supervised Device Protocol - OSDPAs in all security, it only takes one weak link to bring the whole castle down. You can have the best moat, the best turrets, and the best drawbridge. But if there was a secret, unguarded passage and the enemy discovered it, it could certainly lead to your demise. In the commercial access control world, the Weigand Protocol is that un-guarded secret passage.

The Weigand Protocol

The Weigand protocol has been used since the 1980s and is named after the Weigand Effect. The Weigand protocol is used to detect the 1’s and 0’s sent from a commercial security reader to the access control panel. (To be clear, there are two separate transmissions that happen when you present a card to a reader.)

The first communication is from the card to the reader itself. This transmission can be protected by the card technology being used. Both the card and the reader have to have the same technology to be compatible. iClass®, Mifare®, and Felica® are examples of card technology where the transmission is encrypted between the card and reader. Proximity is another type of card technology, but the transmission is not encrypted

The second transmission is from the reader to the door controller. With very few exceptions, the Weigand protocol has been the method to support this transmission. If you have an encrypted card technology (and you should) it’s like encoding a message with the Enigma machine, then translating back to plain German and sending the un-encrypted message on horseback to its next location. If the courier gets intercepted while the message is unencrypted… all of that amazing security of the message has been wasted. If someone could change the message without you knowing, you might even make the wrong decision. You might think this is CIA/MI5 material, but it is way more accessible than you think.

Enter the $25 Weigand interface.

Weigand InterfaceIf you look online, you can find a board that can be installed between a reader and control panel that will intercept and log every access card being used. The board is smaller than a poker chip and can be installed behind a reader pretty easily. Once installed, it is powered by the door controller and is completely invisible to the reader and access control system. The attacker can leave it in place for a few days or a few weeks, while it collects every card read. Then, when they are ready, they can retrieve the list of cards from the built-in Wi-Fi interface. If the attacker only needs access to get into that single door, they can even “replay” the card number from the Weigand interface back to the door controller, probably granting access. If they need access to multiple doors, they could use the information to recreate identical cards to the ones you are using.

Placing one of these Weigand interfaces at the front door of a facility could be devastating for your building security.

OSDP = Open Supervised Device Protocol

There is hope. The answer is to also encrypt communication from the reader to the panel.

Open Supervised Device Protocol (OSDP) aims to do this and more. OSDP has been an international standard since 2020 and is all about encrypted communications. It also adds bi-directional communication with readers (know when readers are offline/disconnected), allowing more than one reader on a port, etc. Over the last couple of years, board and reader manufacturers have been implementing OSDP into access control hardware. While not every manufacturer or model supports OSDP, support is growing. For most systems, OSDP can be added on a door-by-door basis. You can convert high-profile doors to OSDP while waiting to upgrade low-risk doors if your budget doesn’t support an all-or-nothing approach.

Stronger DefenseI need to mention a side note here for Gallagher. When I first encountered Gallagher security products in 2010, they were already using their HBUS technology for their readers. While Gallagher supports OSDP, the HBUS technology provides very similar benefits as OSDP like encryption, bi-directional communication, and multiple readers on a port… but HBUS has been doing it for much longer. An additional benefit with Gallagher HBUS and readers is being able to create your own card encryption key easily. This means that no other organization in the world will have a card that can be read on your Gallagher system. This is not a requirement for Gallagher, but it is super simple to do and is part of our standard procedures when installing a new Gallagher system.

Transmitting card numbers from the reader to your access control panels might be the chink in your access control’s armor. As part of our security standard, KB will make sure you are using encrypted communication from the card all the way to the access control system.

If you need help evaluating the next steps in your access control setup or how to get started on the right foot, let us know! Just give us a call and we will be happy to help.

Integrating Facial Recognition into Access Control Physical Security, Increasing Security and Convenience!

/in , , /by

By David Strickland, Vice President of Kenton Brothers

“Innovate or Die”

Facial RecognitionWhen walking through Kenton Brothers Systems for Security, you will see this phrase prominently displayed on the walls throughout our building. Innovation is one of our core values and it’s a big reason we continue to provide remarkable physical security solutions for our customers… going on 126 years.

The world is very different than it was 125 years ago, and so are the solutions we provide to mitigate today’s security risks. The need for robust access control measures to safeguard sensitive areas is more critical than ever. As the security industry innovates, traditional methods like mechanical locks, keycards and PINs are gradually being replaced by cutting-edge biometric technologies. Among these, facial recognition stands out as a revolutionary tool, offering enhanced security and convenience in commercial access control physical security.

This blog explores the role of facial recognition as a biometric credential in access control. Here are five ways we think it will have a big impact.

1. Enhanced Security through Uniqueness:

Facial recognition technology capitalizes on the uniqueness of each individual’s facial features. Unlike passwords or keycards, which can be lost, stolen, or shared, faces are inherently unique, making them an ideal biometric credential. By registering authorized personnel in the system, access control devices can accurately match live facial images with the stored templates, ensuring that only authorized individuals gain entry.

2. Seamless and Contactless Authentication:

One of the standout advantages of facial recognition in access control is its contactless nature. Users no longer need to physically interact with devices or carry identification cards. Authentication is as simple as glancing at a camera, making it more convenient and hygienic—particularly in a post-pandemic world where reducing physical contact is thought to be essential.

3. Rapid and Real-Time Identification:

Facial RecognitionFacial recognition technology operates at impressive speeds, providing real-time identification results. This capability is especially valuable in high-traffic areas like airports, offices, and educational institutions, where quick and efficient access control is necessary. The system can process multiple faces simultaneously, reducing bottlenecks and ensuring smooth entry flows.

4. Integration with Existing Systems:

Facial recognition can seamlessly integrate with existing access control infrastructure. Many modern access control systems are designed with open architecture, allowing easy integration with biometric devices. By retrofitting facial recognition solutions into their current systems, organizations can upgrade security measures without a complete overhaul.

5. Multifactor Authentication with one “credential”:

The fusion of facial recognition with other biometric security measures, such as fingerprint or iris recognition, could create biometric systems that offer even higher security levels and resistance to spoofing attempts.  Multifactor authentication all within one “credential” – the human body!

So what about the other side of the coin… Can facial recognition be spoofed?

Yes, facial recognition can be defeated if the installation and calibration processes aren’t followed correctly. One innovation in the commercial security world is helping along that front. For instance, some systems such as  IDEMIA use liveness detection, which ensures that the face presented for authentication is a live, three-dimensional image rather than a photograph. This feature guards against spoofing attempts, where adversaries try to trick the system with static images.

The future of facial recognition in access control physical security looks very promising. Advancements in artificial intelligence and machine learning algorithms will likely improve the accuracy and efficiency of these systems. Additionally, including 3D facial recognition technology could further improve security by adding an extra layer of depth and precision to the identification process.

We believe Facial Recognition as a biometric credential in access control physical security represents a remarkable leap forward in safety and convenience. With enhanced security features, contactless authentication, and rapid identification capabilities, facial recognition technology is reshaping access control best practices.

Want to learn more? Let’s get together and discuss how utilizing this technology can increase your commercial physical security while increasing convenience: two things that are traditionally in conflict!

 

Video: Planning and Implementing Elevator Security

/in , , , /by

By Erik Andress, Sales Management Professional at Kenton Brothers

In today’s video we’re discussing elevators. In particular, how to secure them with cameras and access control. Elevators can be tricky… They require a lot of planning and coordination with the elevator company. We’ll get into some of those details today and what you need to know!

Step one is by far the most important stage and that’s planning.

Securing an elevator requires collaboration between the elevator company the security integrator as well as the client. The client lets the security innovator know how they want the elevator to function and behave. The security integrator works with the elevator company to make that possible.

Let’s use a an example: Where do you want the card reader mounted? Is it on the outside of the elevator denying access altogether or is it on the inside of the cab denying access just to certain floors? Or both? You may want to deny access to the elevator because it’s not for the public. You may also want to deny access to certain floors because it is a secure facility.

There are details we have to understand. Is there already traveling cable in the elevator? Is there space for us to install our equipment? Where is the control panel for the elevator, and where should our control panel go for access control? It can get complicated quickly.

Step two is integration.

We work with a professional elevator technician to make sure the proper cables are in place and integrate the card reader into the elevator’s controls.

Step three is configuration.

Now that the systems are integrated, we need to make sure that we go back to the client’s expectations of how they wanted the elevator to function. We need to make sure that our configuration is lining up with exactly what they asked for.

Step four is to test and calibrate.

When you put security inside of an elevator, you’re introducing a lot of moving pieces. With access control or commercial video surveillance, we need to make sure that we spend time testing the system. We need to make sure the camera’s field of views are dialed in correctly.

The final step is training.

We need to make sure that the admins and users of the system understands exactly how the system works and how changes can be made.

If you need help securing the elevators in your company buildings, we can help. Just give us a call!

Top 10 Technician Tips to Keep Your Commercial Security Systems Up and Running

/in , /by

Top 10By David Strickland, Vice President of Kenton Brothers

At Kenton Brothers Systems for Security, we believe that the best advice comes from the field. Our technicians are fantastic at taking great care of our customers.  So we asked them about creating a Top 10 list for our customers on how to keep their commercial security systems running well. Here’s what they told us.

Top 10 Technician Tips:
What customers can do to keep their commercial security systems running well.

  1. Top 10 Proactive Tips to Keep Your Commercial Security Systems Up and RunningPut a recurring reminder on your calendar to replace batteries.
  2. Test and verify system functionality on a monthly basis.
  3. When you see damaged, loose, or missing devices, address the problem sooner than later.
    (Replace these weathered devices proactively to prevent a cascading failure later.)
  4. Put the KB service phone number and email in your contact list. This will help identify us when we call or email.
  5. Put KB service contact information on all control panels, NVRs, power supplies, etc.
  6. Have a system inspection and maintenance program. (This extends the life of your system.)
  7. Properly train your team members on the proper procedures of how to interact with system and devices.
  8. Limit personnel with system keys and passwords. (Provide separate login credentials for each authorized user and don’t share passwords. Limit the physical access to those same panels.)
  9. Top 10 Proactive Tips to Keep Your Commercial Security Systems Up and RunningPoint out system devices and cabling to contractors when remodeling to prevent damage or system interruption.
  10. Keep equipment access areas clean and clear for technicians to work and service your systems.

Our technicians take a lot of pride in providing the very best service in the region. They are all factory certified. In an age where customer service is often an afterthought or an annoyance, the KB technicians stand out as champions for our customers.

Please let us know if we can help support you in implementing these Top 10 Technician Tips!

Building a Commercial Security Training Wall for Scenario Testing

/in , /by

Building a Commercial Security Training Wall for Scenario TestingA customer, Rich, recently came to us with a problem. His access control environment has three generations of Software House’s access control boards as well as a fourth type of access control board, the Edge panel. Software House has done a good job of adding features as the boards have been upgraded over the years, but this means that the older boards do not have the same feature sets as the newer ones. Understanding the capabilities of each board is not always easy.

Rich also wanted to understand some of LifeSafety’s Power Supply features, something not currently being used in his environment.

He could have separated out seven or eight of the doors in his environment and used those for testing. However, testing in the production environment could have led to customer dissatisfaction (when things didn’t go as planned.) So, our best option was to build a training wall.

The Training Wall

Building a Commercial Security Training Wall for Scenario TestingCreating a training wall with four different boards and two doors per board would take up a lot of room and be fairly costly. We ended up creating two demonstration doors where they could be switched to one of the four access control boards. One of the doors we set up as fail-secure, meaning the door is still locked if power is removed. The other door was set up as fail-safe, meaning the door is unlocked when the power is removed. We did this to demonstrate the different ways of connecting the power supply and to provide a realistic scenario that might be found in the field.

Now, Rich has a way to test the different locking scenarios with the different feature sets of each board. Since two doors are connected to the boards, he can also test read in/read out, piggybacking, tail-gating, interlocked doors, and other scenarios involving more than one door. The training wall can also serve as a training area for new programmers, or new installation crews to show how the doors should be programmed or how the wires need to be connected.

We love unique challenges.

This certainly was a unique challenge for us. It’s the first time a customer has asked us to create a training wall for them. If you need a training wall or have another unique challenge, let us know! At Kenton Brothers, we embrace new challenges. Innovation is in our blood.