There’s no more basic concern for security stakeholders than controlling which, where, and when individuals can move about their properties. Therefore, it’s of grave importance that access control solutions keep up with the times. Ironically, systems that were state-of-the-art ten years ago may, today, present more risk exposure than old-fashioned mechanical systems. Widely used 125 kHz prox cards can be cloned at local gas stations and grocery stores with greater ease than duplicating a modern car key. Meanwhile, cybercriminals have discovered that poorly secured electronic access control systems provide a potential attack vector for penetrating deep into corporate networks.
A high-security access control solution must address vulnerabilities from all angles: hardware, credentials, and software.
ProdataKey’s all-new line of Red readers, controllers, and credentials, combined with its cloud-based, mobile-first pdk.io software platform, sets the bar for high-security access control. Better yet, it does so while maintaining the affordability, usability, and scalability that security directors and systems integrators expect from PDK. Here’s how:
Hardware:
Open Supervised Device Protocol (OSDP):
Developed by the Security Industry Association (SIA) to improve interoperability among access control and security products, OSDP has replaced Wiegand as the preferred access control communication standard, offering heightened security and improved functionality. It features bi-directional, encrypted communication that protects user data traveling to the controller and any data returning to the reader. All PDK Red hardware employs OSPD communication protocols.
Tamperproof Readers:
Sometimes, criminals’ attempts to bypass a security system rely on brute force. Red readers are designed to shut down if anyone other than an authorized installer tries to disconnect them from their wiring or pull them off the wall. Furthermore, someone can’t swap out a Red reader or replace it with an unauthorized device without access to the pdk.io software platform.
Firmware Upgrade Capability:
Cybercriminals are always upping their game, developing new strategies to break into networks. Manufacturers must be vigilant in releasing firmware updates to address these threats, and customers must deploy them as soon as they’re available.
Red readers and controllers communicate via two-way OSDP protocol, meaning firmware updates can be pushed directly to readers without requiring a site visit by the supporting dealer. Updates can occur more quickly and frequently, anytime PDK engineers add enhanced security features. By keeping readers current, vulnerabilities are minimized.
Ease of Installation:
While this may not seem like a security benefit, it can be. When the labor required to install a system is reduced significantly, customers can spend more on technology – like securing more doors. In Red’s case, OSPD eliminates the need for wiring home-runs between each reader and its controller. The system features auto-discovery of devices, easy configuration via a mobile device, and convenient and cost-effective power-management options.
Ease of installation also means systems get installed, configured, and programmed correctly. When systems integrators are proficient at leveraging technology to its maximum potential, customers benefit from a more secure, robust solution.
Credentials:
Red High-Security Credentials:
Prox cards – standard access control components for decades – are nearing the end of their useful lifecycle, as they can no longer provide the security they were designed to deliver. They’re easy to clone, and access control systems can’t differentiate between an original and its copy. Hackers don’t even need to be tech-savvy to make counterfeit cards. Mass-marketed kiosks and websites are available to do the job for them.
DESFire EV2 technology, utilized in newer 13.56 MHz Smart Cards, eliminates these risks. DESFire EV2 uses 128-bit encryption, a standard that cybersecurity experts consider virtually unbreakable. The cards cannot be cloned. DESFire EV2 also allows companies to modify their encryption key, if necessary, without affecting their system's infrastructure.
Red high-security credentials employ DESFire EV2 technology and are proprietary to the Red system. They can only be issued by PDK and authorized channels. Red Smart Cards also feature up to 8K of memory, useful for storing personal data like PoS or biometrics. As access control systems become integrated with other security and operational technologies, the programmable memory of Red high-security credentials will offer convenience and flexibility to users, who can use one card for many purposes.
2-Factor Authentication:
Security is heightened when users must provide two ways of authenticating their identity – with something they "have" and something they "know." Red keypad readers have the option to require users to enter a numeric PIN (something they know) and present their PDK-issued credential (something they have). This extra precaution diminishes the likelihood that an unauthorized user can successfully use a stolen card.
Mobile Credentials:
PDK mobile credentials can work with Red readers and offer enhanced security on several dimensions. Phones are much less likely to be lost than cards or fobs, and when they are, owners usually deactivate them immediately. By contrast, employees who lose their access card on a Friday may not notice it missing until Monday and then spend another few days hoping it will turn up before reporting it missing.
The technology also is inherently more secure. Phones require passcodes or biometric verification to unlock. Bluetooth communications between phones and readers are encrypted, as is a phone's storage, so that if a device's data is stolen, it's unreadable. Credentials are unique to each device and cannot be shared or copied. Also, like Red readers, smartphones can be updated frequently and quickly with software enhancements, ensuring they're equipped with the latest security fixes.
Software:
Red high-security access control is powered by PDK’s industry-leading mobile-first cloud platform, pdk.io. The security advantages of a mobile-first platform are manifest in a variety of ways:
Event Notification and Response:
A mobile-first platform provides administrators with full system management capabilities in the palm of their hand, anywhere, any time. When the software issues an alert, operators receive it in real-time, regardless of their location. From their phone, administrators can see if doors are propped open, an unauthorized person has attempted entry, and other conditions or events that require a response. In many cases, they can also address the situation via the app.
Remote administrators can deactivate permissions for terminated employees. Such immediacy eliminates worries that disgruntled workers may retain access to a property longer than necessary. Administrators can also issue new credentials and unlock doors for employees or authorized visitors – all from their phones. These capabilities reduce the perceived need by employees to attempt system "workarounds," like lending their card to a coworker who forgot his or leaving a door propped open for an expected visitor.
A quick call to security can provide access as needed.
Integrations with PDK partner manufacturers provide added functionality. For example, video clips from security cameras can be associated with each card swipe. Gunshot detection sensors might trigger lockdown conditions. By linking events from the pdk.io platform with other software, security responses happen faster and provide decision-makers with more comprehensive situational awareness.
Flexible Lockdown Capabilities:
Establishing lockdown protocols is a standard part of today's emergency planning. Most buildings have one or several strategically placed emergency buttons that administrators can push to activate a lockdown. Pdk.io offers a virtual button, as well, easily accessible within its mobile interface. For example, a school Principal can lock down her school while barricaded within a closet. She doesn't need to risk her safety trying to get to a hardwired button. Pdk.io also allows authorized first responders to override the system to gain access to the facility during a lockdown. Special permissions associated with their credentials enable them to open locked doors as needed, which then return to a lockdown state for other cardholders until the emergency is over.
Anti-Passback:
Even the most secure credentials can be misused by employees. Anti-passback is a programmable security feature available through pdk.io that prevents cardholders from "passing back" their access card or credential-enabled mobile device to another person after entry, allowing them to enter too. It does so by requiring individuals who have scanned through an entry reader to scan out through a corresponding exit reader before the credential will allow them to re-enter the premises.
Highly Secure Cloud Platform:
One reason IT departments show a growing preference for hosted physical security solutions is because they want to prevent on-premises access control and camera systems from becoming gateways for cybercriminals. Moving them to the cloud keeps their networks safer. However, cloud platforms too can be vulnerable to attack, allowing hackers to unlock doors, change permissions, and perform other nefarious acts.
PDK employs multiple security standards and protocols to secure connectivity between each Cloud Node and the pdk.io cloud service, hosted on Google Cloud and AWS. The software utilizes the most stringent authentication and encryption systems, with security configurations regularly reviewed and updated to mitigate attacks. Data is routinely backed-up and stored to make compliance and disaster recovery seamless.
Summary
Access control systems are part of any facility’s first line of security defense, allowing the “right” people in and keeping the “wrong” ones out. These systems themselves must also be secure. If bad actors can penetrate the technology, the access control system can no longer do its job.
PDK’s new Red line of high-security hardware, powered by pdk.io cloud-based, mobile-first software, offers a uniquely holistic approach to systemwide security, protecting hardware, credentials, and software using industry best practices for cyber and physical security.
About ProdataKey
PDK is a team of security integrators with decades of hands-on, in-the-field experience. PDK believes that the best technology is created by professionals who know what it takes to secure a facility properly and provide the end-user with a solution that instills confidence and safety.
PDK is passionate about creating technology to enhance the security, safety, and overall experience of both the professionals installing electronic access control and those that live with and use the system. PDK continues to create technology every day to enhance its products and the products of its technology partners.