NXT-MSC - Controller Encryption

NXT-MSC - Controller Encryption

1.0 NXT-MSC Controller Encryption

Introduction

The ability to encrypt the communications path is needed when that path includes a network that is shared and carries other data. In the case of a serial connection, physical access to the communication wires is required and encryption is typically not required. The Doors.NET™ system has the ability to encrypt the data between the Application Server and the Gateways/Clients and also between the Gateway and the Controllers. It is important to note that these are independent of each other and can be different encryption algorithms and bit strength.

 

Encryption capabilities are implemented in two areas: Network socket communications between the Application Server and all incoming connections and the Gateway communications to each controller connected to that Gateway.

 

 

2.0 Encryption Options

The encryption options for the network sockets are:

  • No Encryption
  • RC2
  • DES
  • TripleDES (128 or 192 bit keys)
  • AES/Rijndael (128,192 or 256 bit keys) - Please contact Keri Systems directly if this option is required.


 

3.0 Data Security Between the Controllers and the Gateway

Data security for connections between the controllers and the Gateway is provided by the full implementation of the Federal Information Processing Standard, FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3. The common notation AES followed by a numeric suffix indicates the particular key size used in the implementation. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway. A thorough description of the AES algorithm can be found in NIST-197.

 

 

4.0 Configuring Encryption on the Controller

Enabling the data security feature ensures that panels can only connect to the correct gateway. If other SCP gateways are present on the system, panels with data security enabled will not connect to them.

 

4.1 Set a Password on the Controller

  1. Add the panel to the gateway in the normal way.
  2. Ensure that the panel is on-line.
  3. Select the controller entry in the hardware tree.



  4. The panel properties, navigate to “Communication Settings” and set “ Password Required” to “Yes”. Enter your chosen password in the “Password” field and save the changes. The MSC Gateway will send the password settings to the panel automatically.



4.2 Access the Controller Internal Configuration

  1. Click on the Design Mode icon in the upper-left of the admin client.



  2. The title bar will now show that Design Mode is enabled.



  3. Right-click on the controller and select Internal Controller Configuration.



  4. The internal config window will appear.
  5. From the web page menu select Host Communications - Primary.
  6. Then click the refresh icon.



  7. The host communications settings will appear on the right side of the window.
  8. In the Primary Host Port settings set Network Security to TLS Required. 



  9. Save the settings and then click the APPLY and REBOOT button.
  10. After a few seconds the controller will go offline and you can close the internal config window.
  11. At this point you should also click the Design Mode icon to disable Design Mode.

5.0 Enable TLS on the Controller Communication Channel

The final step is to also enable TLS on the controller's communication channel.

  1. On the hardware tree expand communication channels (listed beneath the gateway).
  2. Select the communication channel which is assigned to the controller you have configured.

    Note: If the controller name has been changed you can check which is the assigned communication channel by selecting the controller again and locating the channel in the controller properties.



  3. With the correct comms channel selected the properties will be on the right.
  4. Locate the TLS Required setting and set it to True.



  5. Save the comms channel settings.
  6. Within a few seconds communication to the controller will resume and the controller status will show Online (Encrypted).

     


    • Related Articles

    • NXT-MSC 2D Data Sheet

      NXT-MSC (Mercury-Powered) 2-Door Controller Data Sheet (attached)

    • NXT-MSC 4D Data Sheet

      NXT-MSC (Mercury-Powered) 4-Door Controller Data Sheet (attached)

    • NXT-MSC - Controller Internal Configuration

      Effective from Doors.NET v4.0.3 it is now possible to make various controller configuration changes within Doors.NET rather than via a web browser. This section explains how to access the controller internal configuration and which configuration ...

    • NXT-MSC Controller - Controller Setup Guide

      1.0 Introduction This document covers the basic setup of an NXT Mercury Powered (NXT-MSC) controller in Doors.NET or Borealis. It assumes your Doors.NET or Borealis system has already been setup. Important Notes: A Doors.NET system should be licensed ...

    • NXT-MSC Controller - Feature Highlights

      NXT Mercury-Powered (MSC) 2D/4D Controller Feature Highlights Cardholders • Temporary Cards (automatic card expiration) by use count, number of days or date/time • Supervisor Cards, 2 Man Rule, Man Trap/Airlock • Area Control for Local Anti-Passback, ...