1.0 NXT-MSC Controller Encryption

Introduction

The ability to encrypt the communications path is needed when that path includes a network that is shared and carries other data. In the case of a serial connection, physical access to the communication wires is required and encryption is typically not required. The Doors.NET™ system has the ability to encrypt the data between the Application Server and the Gateways/Clients and also between the Gateway and the Controllers. It is important to note that these are independent of each other and can be different encryption algorithms and bit strength.

Encryption capabilities are implemented in two areas: Network socket communications between the Application Server and all incoming connections and the Gateway communications to each controller connected to that Gateway.

2.0 Encryption Options

The encryption options for the network sockets are:

• No Encryption
• RC2
• DES
• TripleDES (128 or 192 bit keys)
• AES/Rijndael (128,192 or 256 bit keys) - Please contact Keri Systems directly if this option is required.

3.0 Data Security Between the Controllers and the Gateway

Data security for connections between the controllers and the Gateway is provided by the full implementation of the Federal Information Processing Standard, FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3. The common notation AES followed by a numeric suffix indicates the particular key size used in the implementation. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway. A thorough description of the AES algorithm can be found in NIST-197.

4.0 Configuring Encryption on the Controller

Enabling the data security feature ensures that panels can only connect to the correct gateway. If other SCP gateways are present on the system, panels with data security enabled will not connect to them.

To set up the feature:

1. Add the panel to the gateway in the normal way.
2. Ensure that the panel is on-line.
3. Select the controller entry in the hardware tree.
   
   
   
   
4. The panel properties, navigate to “Communication Settings” and set “ Password Required” to “Yes”. Enter your chosen password in the “Password” field and save the changes. The MSC Gateway will send the password settings to the panel automatically.
   
5. Browse into the panel using a web browser of the “Scan Network” feature of Doors.Net.

6. Navigate to the “Host Comm” page.

7. In the “Data Security field select either “ TLS Required” or “TLS if Available” Click on “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.

8. “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.
   
   
   
   

9. Go back to the panel properties page in Doors.Net – hardware. In the “Misc\Communications” field you will see the panel as “Online (Encrypted).