NXT-MSC - Controller Encryption

NXT-MSC - Controller Encryption

1.0 Introduction

The ability to encrypt the communications path is needed when that path includes a network that is shared and carries other data. In the case of a serial connection, physical access to the communication wires is required and encryption is typically not required. The Doors.NET™ system has the ability to encrypt the data between the Application Server and the Gateways/Clients and also between the Gateway and the Controllers. It is important to note that these are independent of each other and can be different encryption algorithms and bit strength.

Encryption capabilities are implemented in two areas: Network socket communications between the Application Server and all incoming connections and the Gateway communications to each controller connected to that Gateway.

 

2.0 Encryption Options

The encryption options for the network sockets are:

  • No Encryption
  • RC2
  • DES
  • TripleDES (128 or 192 bit keys)
  • AES/Rijndael (128,192 or 256 bit keys) - Please contact Keri Systems directly if this option is required.


3.0 Data Security Between the Controllers and the Gateway

Data security for connections between the controllers and the Gateway is provided by the full implementation of the Federal Information Processing Standard, FIPS-197, utilizing the Advanced Encryption Standard (AES), also known as Rijandael, a symmetric encryption algorithm. FIPS-197 supersedes the aging Data Encryption Standard (DES) defined in FIPS-46-3. The common notation AES followed by a numeric suffix indicates the particular key size used in the implementation. AES-128 indicates the use of a 128-bit key and is the algorithm/bit strength supported between the controller and the Gateway. A thorough description of the AES algorithm can be found in NIST-197.

 

4.0 Configuring Encryption on the Controller

Enabling the data security feature ensures that panels can only connect to the correct gateway. If other SCP gateways are present on the system, panels with data security enabled will not connect to them.

To set up the feature:

  1. Add the panel to the gateway in the normal way.
  2. Ensure that the panel is on-line.
  3. Select the controller entry in the hardware tree.

    MSC Select Controller

  4. The panel properties, navigate to “Communication Settings” and set “ Password Required” to “Yes”. Enter your chosen password in the “Password” field and save the changes. The MSC Gateway will send the password settings to the panel automatically.
  5. Browse into the panel using a web browser of the “Scan Network” feature of Doors.Net.
  6. Navigate to the “Host Comm” page.

  7. In the “Data Security field select either “ TLS Required” or “TLS if Available” Click on “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.

  8. “Accept” to save the entry, then navigate to “Apply Settings” to reboot the panel.

    MSC Controller Encryption Settings


5.0 Enable Encryption on the Communication Channel

The final step is to enable encryption on the controller's communication channel.
  1. In Doors.NET, go to Setup >> Hardware Setup >> All.
  2. Locate the Communication Channels node.
  3. Select the controller's specific communication channel.
  4. Ensure Advanced View is enabled for the channel properties.
  5. Locate the TLS Required entry.
  6. Ensure TLS Required is set to True.



  7. Save the channel settings.
  8. Go back to the panel properties page in Doors.Net – hardware. In the “Misc\Communications” field you will see the panel as “Online (Encrypted).

    Online Encryption Status



    • Related Articles

    • NXT-MSC Controller - Controller Setup Guide

      1.0 Introduction This document explains how to access and change the NXT Mercury-Powered settings via Doors.NET Design Mode or using an older version of Mozilla Firefox web browser. It also explains how to factory reset the controller, import the ...
    • NXT-MSC Controller - Firmware Upgrade

      NXT Mercury Powered Controller Firmware Upgrade Procedure When you run the installer you will see a notification if the MSC controller firmware needs upgrading. You will also see a notification in live events when a new controller is added to the ...
    • NXT-MSC - Controller Internal Configuration

      Effective from Doors.NET v4.0.3 it is now possible to make various controller configuration changes within Doors.NET rather than via a web browser. This section explains how to access the controller internal configuration and which configuration ...
    • NXT-MSC Controller - Feature Highlights

      NXT Mercury-Powered (MSC) 2D/4D Controller Feature Highlights Cardholders • Temporary Cards (automatic card expiration) by use count, number of days or date/time • Supervisor Cards, 2 Man Rule, Man Trap/Airlock • Area Control for Local Anti-Passback, ...
    • NXT-MSC Controller - Advanced and Extended Features

      1. 0 Introduction The NXT-MSC (Mercury-Powered) controller is programmed with the firmware of a Mercury EP1502 controller. It has all the standard and advanced functionality of an EP1502, such as: temporary cards (by use count, number of days or ...