Nedap’s new end-to-end security solution is the first to offer digital protection for access control by unifying best practices from both IT and physical security.
Until now, the latest best practices protecting IT systems from digital threat haven’t been used for physical access control systems. It’s an oversight that’s leaving many companies vulnerable to cyber attacks.
Nedap and AET Europe have worked together to overcome this by developing AEOS end-to-end security. Taking a forward-thinking new approach, they’ve combined the best practices of both IT and physical security – all in one access control system.
Albert Dercksen, Head of R&D at Nedap, explains why AEOS end-to-end security is needed: “IT and physical security have been following different rules to protect systems. But modern access control systems are, in fact, IT systems connected to corporate networks and should be treated as such. That’s why we’ve applied the digital security principles used in IT to AEOS, our physical access control system.”
Communication secured from end-to-end
In AEOS end-to-end security, Nedap and AET Europe have combined the IT principles of encryption and strong authentication. This ensures storage in every element of AEOS is secure, as is communication between all elements.
Both DESFire keys and digital certificates are stored in a Secure Access Module (SAM) inside door controllers. This leaves card readers with no role in decrypting data, so secure communication between card and controller is guaranteed. And, by storing digital certificates in the same SAM, strong authentication is achieved to ensure secure communication between controller and server.
In this way, AEOS end-to-end security offers far higher protection against both physical and digital threats. It also enables keys to be updated securely and centrally, without having to physically attend each card reader.
AEOS end-to-end security meets a stringent level of security requirements across Europe, and is already being used to protect critical infrastructures in several countries. In France, for example, it’s gained CSPN certification from the French information security agency, ANSSI.