Hans Schipper, business development, Nedap
The fact that those of us who work in physical access control are not used to giving devices a strong digital identity has led to the present situation in which we lack sufficient protection from cyber-threats.
This was one of the reasons we sought collaboration with AET Europe. They are specialised in assigning identities to devices, which makes it possible to establish trusted communication between devices in a system.
Reinoud Weijman, AET Europe
When we communicate online we want to know who is sending us a message and be certain a message we send arrives at its destination and has not been intercepted along the way. This becomes even more important in the case of digital communication with a party such as a bank.
This is why a secure HTTPS connection is established when we bank via the internet; that way we know we are truly communicating with our own bank. Similarly, a digital identity ensures that only devices “that know each other” can communicate with each other.
Therefore it is also a way to prevent hackers from sabotaging a system or sending messages to devices. Because when you give devices in a system a digital identity, only trusted devices get access.
So how do we give devices an identity? This can be done by assigning them a digital certificate – a kind of ‘digital passport’ authorised by an independent party, namely a certificate authority.
This has long been common practice in the world of IT security, but the concept hasn’t yet truly taken hold for physical security. But why?
Why physical devices aren’t assigned a digital identity
Hans Schipper, business development, Nedap
In the physical security world we have been connecting door controllers to the IP network for around fifteen years now. Those controllers obtain important information through this network: whether or not a person should be granted access.
Currently we mainly just see the practical aspect of that communication: I need an IP address to enable the controller to communicate with the system. But if this door controller determines whether or not someone is given access to an organisation, we need to be sure these door controllers and devices can be trusted.
We also need to know beyond a doubt that no other devices can access the system and send commands to these controllers. Because that would mean that a hacker can open doors for people who are not authorised to enter.
And, once inside, those people can wreak havoc, both physically and digitally.
Hans Schipper, Nedap
Convergence of IT and physical security has been a hot topic in our market for years. In order to address this market demand, we saw the need to apply IT principles to our access control system.
And to do this properly we turned to AET for their expertise. In our opinion, the most secure system uses digital certificates and these should be stored in a Secure Access Module (SAM) – similar to the SIM card we are all familiar with from mobile phones. And it must also be simple to manage these certificates.
Reinoud Weijman, AET Europe
AET Europe offers a management system for digital certificates. We have integrated this system in Nedap’s AEOS access control system. This way a customer can place digital certificates, authorised by their own Certificate Authority, on SAM cards themselves.
The SAM cards are then installed in AEOS door controllers, after which trusted communication takes place to and from the AEOS server.
Hans Schipper, Nedap
We see that that companies – and particularly those that take security seriously – want to maintain complete control themselves. Therefore digital certificates are generated within the organisation and are not known to the manufacturer or supplier. This way the organisation has exclusive control over the trusted communication.
More importantly, it is impossible for hackers to establish communication with these door controllers. The system is secure from end to end and meets today’s highest security standards.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
