Bosch Security Systems Access Control Cards, Tags & Fobs

Today’s security industry technology standards create a common framework for achieving predictable performance. Systems are made more secure and easier to install, use and integrate with other devices. Standards are also intended to be living documents, open to continual refinements to benefit manufacturers, integrators and end users. An excellent example is the Open Supervised Data Protocol (OSDP), which is now the industry’s gold standard for physical access control installations. It was designed to offer a higher level of security with more flexible options than the aging defacto Weigand wiring standard. Updating OSDP-readers simultaneously One recent addition enables end users to push firmware and software updates to thousands of OSDP-enabled card readers simultaneouslyOSDP, first introduced in 2011 by the Security Industry Association (SIA), continues to evolve with significant manufacturer input. One recent addition enables end users to push firmware and/or software updates to a few or thousands of OSDP-enabled card readers simultaneously. Weigand technology requires updates to be made one at a time at each reader. Regularly changing reader encryption keys is an excellent way to enhance facility security. It’s easy using the OSDP file transfer capability and the latest DESFire EV2 credentials containing multiple encryption keys. You can transfer the next code on the card to all readers and the job is done. And there’s no need to create a new card for each user or reprogram each individual reader. AES-128 encryption ensures cybersecurity It’s time to migrate entirely away from Weigand technology. If greater security, convenience and reduced labour from the latest OSDP updates isn’t reason enough, here are a few more things to consider. The 40-year-old Weigand protocol provides no signal encryption, making it easy for hackers to capture the raw data transmitted between cards and readers. OSDP readers support AES-128 encryption while providing continuous monitoring of wires to guard against cybercriminals. Weigand reader installations require homerun cable pulls from the control panel to each peripheral device. OSDP readers can be daisy chained, providing additional savings on cabling and installation time. Weigand technology is simply too slow to work with today’s most versatile and secure card technologies. OSDP readers work with virtually all modern access control cards. The OSDP standard also works with biometric devices; Weigand does not. Meeting requirements of FICAM guidelines SIA is pushing to make the latest OSDP version a standard recognised by the ANSI, a move to enhance the global competitiveness of U.S. security businessesAlso, OSDP is becoming a must-have standard for organisations demanding the highest security levels. The standard meets requirements of the Federal Identity, Credential and Access Management (FICAM) guidelines that affect how the access control industry does business with the federal government. SIA is pushing to make the latest OSDP version a standard recognised by the American National Standard Institute (ANSI), a move to enhance the global competitiveness of U.S. security businesses. There’s still a large worldwide reader installation base that works solely with the Weigand protocol. Admittedly, changing them all at one time may be prohibitively expensive; however, standards should be viewed as a journey, not a destination. That’s why a measured migration is the right choice for many organisations. Begin by securing the perimeter. Replace only the outside-facing Weigand readers. As long as the walls are secured, the inside can remain a softer target until OSDP-compatible readers can be added indoors. The case for moving to OSDP as a standard is compelling. It offers our industry the opportunity to design access control software and products that provide what end users want most – greater security, flexibility and convenience.

It’s not surprising that people are nervous about the security of newer technologies, many of which are part of the Internet of Things (IoT). While they offer greater efficiency and connectivity, some people still hesitate. After all, there seems to be a constant stream of news stories about multinational corporations being breached or hackers taking control of smart home devices. Both of these scenarios can feel personal. No one likes the idea of their data falling into criminal hands. And we especially don’t like the thought that someone can, even virtually, come into our private spaces. The reality, though, is that, when you choose the right technology and undertake the proper procedures, IoT devices are incredibly secure. That said, one of the spaces where we see continued confusion is around access control systems (ACS) that are deployed over networks, particularly in relation to mobile access, smartcards, and electronic locks. These technologies are often perceived as being less secure and therefore more vulnerable to attacks than older ACS systems or devices. In the interest of clearing up any confusion, it is important to provide good, reliable information. With this in mind, there are some myths out there about the security of ACS that need to be debunked. The fact that these devices communicate with an ACS via Bluetooth or Near Field Communication (NFC) leads to one of the main myths we encounter Myth #1: Mobile credentials are not secure The first myth we have to look at exists around mobile credentials. Mobile credentials allow cardholders to access secured doors and areas with their mobile devices. The fact that these devices communicate with an ACS via Bluetooth or Near Field Communication (NFC) leads to one of the main myths we encounter about the security of credentialed information. There is a persistent belief that Bluetooth is not secure. In particular, people seem to be concerned that using mobile credentials makes your organisation more vulnerable to skimming attacks. While focusing on the medium of communication is an important consideration when an organisation deploys a mobile credentialing system, the concerns about Bluetooth miss the mark. Bluetooth and NFC are simply channels over which information is transmitted. Believing that Bluetooth is not secure would be the same as suggesting that the internet is not secure. In both cases, the security of your communication depends on the technology, protocols, and safeguards we all have in place. So, instead of wondering about Bluetooth or NFC, users should be focused on the security of the devices themselves. Before deploying mobile credentials, ask your vendor (1) how the credential is generated, stored, and secured on the device, (2) how the device communicates with the reader, and (3) how the reader securely accesses the credential information. When you deploy smartcard technology as part of your ACS, you should choose the latest generation, such as MiFARE DesFIRE EV1 or EV2 and HID iCLASS SEOS Myth #2: All smartcards are equally secure The question “how secure are my smartcards?” is a serious one. And the answer can depend on the generation of the cards themselves. For example, while older smartcards like MiFARE CLASSIC and HID iCLASS Classic offer better encryption than proxy cards and magstripe credentials, they have been compromised. Using these older technologies can make your organisation vulnerable. As a result, when you deploy smartcard technology as part of your ACS, you should choose the latest generation, such as MiFARE DesFIRE EV1 or EV2 and HID iCLASS SEOS. In this way, you will be protecting your system as well as your buildings or facilities. Some traditional readers and controllers can also pose a serious risk to your organisation if they use the Wiegand protocol, which offers no security. While you can upgrade to a more secure protocol like OSDP version 2, electronic locks are a very secure alternative worth considering. It is also important to understand that not all smartcard readers are compatible with all smartcard types. When they are not compatible, the built-in security designed to keep your system safe will not match up and you will essentially forego security as your smartcard-reader will not read the credentials at all. Instead, it will simply read the non-secure portion—the Card Serial Number (CSN) —of the smartcard that is accessible to everyone. While some manufacturers suggest that this is an advantage because their readers can work with any smartcard, the truth is that they are not reading from the secure part of the card, which can put your system and premises at risk. Using electronic locks can help protect facilities and networks through various security protocols, including encryption and authentication Myth #3: Electronic locks are more vulnerable These days, there are still many who believe that electronic locks, especially wireless locks, are more vulnerable to cybercriminal activity as compared to traditional readers and controllers. The concern here is that electronic locks can allow cybercriminals to both access your network to get data and intercept commands from the gateway or nodes over the air that would allow them access to your buildings or facilities. The reality is that using electronic locks can help protect facilities and networks through various security protocols, including encryption and authentication. Additionally, because many of these locks remain operational regardless of network status, they provide real-time door monitoring. This means that many electronic locks not only prevent unauthorised access but also keep operators informed about their status at all times, even if a network goes down. Outdated technology and old analogue systems are more vulnerable to attacks When it comes to deploying electronic locks, it is important to remember that, like any device on your network, they must have built-in security features that will allow you to keep your information, people, and facilities safe. Be prepared to unlock future benefits Ultimately, the information in your IP-based ACS is at no greater risk than any other information being transmitted over the network. We just have to be smart about how we connect, transmit, and store our data. In the end, maintaining the status quo and refusing to move away from old technology is not a viable option. Outdated technology and old analogue systems are more vulnerable to attacks. The reason it is so important to debunk myths around ACS and, at the same time, get people thinking about network security in the right way is that network-based systems can offer an ever-increasing number of benefits. When we deploy new technology using industry best practices and purchase devices from trusted vendors, we put ourselves and our networks in the best possible position to take full advantage of all that our increasingly connected world has to offer.

The basic principles of access control are well established: only authorised people should have access to secure areas, only at times that can be defined in advance, and only within a system that can identify exactly who went where, and when. Traditional mechanical lock-and-key systems cannot accomplish this — at least, not without loading a huge admin burden onto security staff. But modern, electronic wireless access control has the flexibility to achieve it. What criteria determine the right sort of access control for your organisation? It makes sense to assess what is desirable against what is affordable or available in the electronic access control market today. Asking yourself these 5 questions will lead to a wise investment in the right technology: Wireless locks like Aperio work seamlessly with existing systems from over 100 different access control providersDo you want to extend your existing system, or begin from scratch? You are not stuck with locks chosen by a previous management team. Security needs change. Wireless locks like Aperio, for example, work seamlessly with existing systems from over 100 different access control providers, integrated online or offline. You will save time and money extending your current system with a technology like Aperio and users can continue with their existing credentials. Going forward, it makes sense to choose locks built using open architecture, for added flexibility and to future-proof your next investment. Who are the site users and what kind of credentials suit their needs? In many industries, access to premises is required by permanent staff and short-term contractors: your access system needs to be flexible. Different systems offer credentials stored on cards and fobs, or on programmable, battery-powered keys. For example, the new Openow app for SMARTair wireless locking converts a user’s smartphone into a virtual key. You issue and revoke user keys using the intuitive software, an efficient, flexible mobile management solution. What is the structure of the site (or sites) you protect? You will need different locks for high-traffic and low-traffic doors, indoor and outdoor use. Almost everywhere, wireless locks are much easier to install and to maintain than traditional wired magnetic locks — and more cost-effective to run. Certified wireless security locks provide extra protection for sensitive areas needing stringent standards. If you have a mobile workforce or manage dispersed sites, consider the credential management practicalities. For example, programmable keys that are easy to update with a Bluetooth-enabled smartphone app — like ASSA ABLOY’s CLIQ Connect solution — will save your staff time and money. For outdoor access points, you will need gate locks or padlocks certified for operation in extreme conditions Do you want to secure more than just doors? Some wireless systems have locks for cabinets, machines, windows and even server racks (handy if you want an extra layer of control over co-located servers). There will be workflow advantages in monitoring these ‘non-doors’ — medicine stores, for example, or car parks or lifts — from the same admin interface as your doors. Site users will appreciate the convenience of carrying one credential for every access need. For outdoor access points, you will need gate locks or padlocks certified for operation in extreme conditions. For example, CLIQ mechatronic padlocks are currently deployed outdoors at utility sites in Scandinavia and supermarkets in East Africa. Do you need real-time capabilities? Choose an Online system and you can manage and amend access control doors at any time and from anywhere, using the admin software. You can monitor sensitive areas like medicine stores remotely and in real time, and can revoke access rights if a user credential gets lost. In an emergency, remote locking or unlocking of an entrance could be critical. Aperio wireless locks, for example, are integrated with online electronic access and real-time monitoring systems in hospitals, manufacturing plants and student halls of residence. With some systems, including SMARTair, you can combine ‘Update on Card’ and Online updating for different doors within the same installation. The CLIQ Connect app and programmable keys make real-time control over remote sites or teams possible. Wireless access control offers a compelling mix of audit compliance, easy installation, cost efficiency, and seamless integration. It makes life easier for security managers, and is deployed in premises as diverse as power plants and co-working spaces; museums and care homes; banks, schools and skyscrapers.

Located in the South East of England, Basingstoke and Deane is a local government district and borough in the county of Hampshire. With Basingstoke as its largest town, the area is known for family-friendly living and is home to over 175,000 people. Basingstoke and Deane Borough Council consists of 60 elected members who discuss local politics, municipal budgets and taxes at regular meetings. For full transparency with the members of their constituency, the council streams live video of all its meetings, including public votes, on their YouTube channel. Automatic camera control To ensure a high level of video production, the Borough Council decided to upgrade their conference system. After discussing their requirements with Andover-based system integrator VP Bastion, a fully IP-based DICENTIS Conference System from Bosch was installed. The system meets the council’s key priorities by offering the highest audio quality, full integration of live voting, built-in automatic camera control and direct streaming with speaker-name indication. Council members wanted the freedom to sit anywhere in the council chamber during council sessions Additionally, council members wanted the freedom to sit anywhere in the council chamber during council sessions – while still being automatically identifiable on camera – and the installation needed to accommodate for the limited desk space and cabling voids. The system includes 63 DICENTIS Discussion devices with touchscreens (to support the required voting and identification capabilities for council members), nine DICENTIS discussion-only devices for guest speakers, and automatic camera control software. High directive microphones All the discussion devices are mounted on raised brackets to maximise desk space and are equipped with high directive microphones to deliver crystal-clear audio. Council members have the freedom to sit at any seat in the meeting room, as the system automatically registers their presence at a specific location thanks to the NFC (Near Field Communication) card registration on the discussion devices. When a speaker activates its microphone, the system’s automatic camera control points the camera towards their location, zooming in and displaying their image on the big screen. Additional features were added to the installation thanks to DICENTIS’ compatibility with third-party software. Two companies – Arbor Media, European market leader in conference recording and streaming services, and MVI Engineering, expert in creating conference software solutions – worked together to create a webcasting and conference control software package that was integrated with the DICENTIS system. Integrated conference system The new DICENTIS system has supported a seamless and transparent democratic process This solution helped to fulfil all the Borough Council’s requirements, including report generation via live image feed and identification by name and party affiliation on the council’s YouTube channel. In addition to displaying the DICENTIS-enabled voting results on the council chamber’s big screen, it is now possible to share the voting results on the YouTube Live feed. Since the installation, the new DICENTIS system has supported a seamless and transparent democratic process at Basingstoke and Deane Borough Council. “Having a fully integrated conference system with audio-video feeds from meetings automatically streamed to the council’s YouTube channel was a must,” says Iain Steele, Director of VP Bastion. Behind the scenes, via the third-party MVI Engineering application, the system automatically upgrades to the latest software versions. These centralised updates save time and operating costs. With the potential to increase the system’s functionality and size in the upcoming years, the council has a future-proof and expandable conference solution from Bosch, which already supplies around 50 percent of councils in the United Kingdom and Ireland.  

With roots dating back to the year 1948, Italian pharmaceutical company Alfasigma is dedicated to advancing the state of healthcare under the company motto, ‘Pharmaceuticals with Passion’. Headquartered in Bologna, the multinational corporation was created in 2017 by the merger between Alfa Wassermann and Sigma-Tau. As a result, Alfasigma now employs about 3,000 people and markets a wide range of therapeutic drugs in 18 countries including the US, China, Russia and several European countries with annual revenues of EUR 1.06 billion. In order to keep up with the company’s ongoing evolution while emphasising building protection, Alfasigma decided to update the infrastructure of its corporate offices in Milan and Bologna. This large-scale remodelling project also required updating the fire alarm, intrusion detection and video security systems at both facilities to the highest standards. Security cameras for outdoor surveillance On the exterior of the buildings, FLEXIDOME IP starlight 7000 VR cameras were installed to provide 24/7 securityAssuming a long-term perspective, Alfasigma management headed into the project with three key requirements: First, saving cost by refurbishing already installed system components such as intrusion and fire alarm detectors. Second, accommodating for future building expansions and saving additional costs by installing a future-proof and scalable system. And third, adding around-the-clock security to the building’s exterior through modern security cameras built for outdoor use. For this reason, Alfasigma commissioned Bosch as the one-stop provider to equip the Milan office – home to the International Division – as well as corporate headquarters in Bologna with an IP-based solution. The video security set-up includes high-definition DINION IP 5000 HD cameras connected to recording stations and offering 1080p resolution images at 30 fps. On the exterior of the buildings, FLEXIDOME IP starlight 7000 VR cameras were installed to provide 24/7 security. Recording at 1080p and 60fps, the cameras incorporate starlight technology to deliver relevant images even in challenging light conditions. Extremely weather-resistant, water-tight and able to withstand high impacts, the cameras are highly suited for outdoor use, confirmed by IP66, NEMA type 4X and IK10 rating and installation in mission-critical environments such as airports and government buildings worldwide. MAP 5000 installed with LSN detectors The new fire alarm system is interfaced with the voice alarm system Plena via Smart Safety Link“The video surveillance products are excellent and have impressed me the most. We are very satisfied, above all, with the high quality of the products,” said Stefano Borsarini, Facility, Maintenance and EHS Manager at Alfasigma facilities in Bologna and Milan. The cameras are supplemented by the intrusion panel Modular Alarm Platform MAP 5000 installed with LSN detectors – a large portion refurbished from the legacy system – to safeguard Alfasigma’s offices at night. Fire alarm is provided by the Modular Fire Panel 5000 Series with four loops, processing signals from 190 fire alarm detectors and 28 manual call points. The new fire alarm system is interfaced with the voice alarm system Plena via Smart Safety Link thus optimising the operational security via a monitored connection. Successfully installed and customised according to client specifications, the Bosch fire alarm, intrusion detection and video security solution maintains the safety of Alfasigma’s employees and property at both sites. It also fulfils the key customer requirement of accommodating for future expansions in a modular, IP-based system that is able to keep pace with Alfasigma’s rapid evolution as an innovative multinational company.

Decades of experience, innovative ideas, a strong commitment to quality, and a full range of first-class offset printing services: Mohn Media Mohndruck GmbH, a company of the Bertelsmann Printing Group, is one of Europe’s providers of printing and media services. At its facility in Gütersloh, Germany, some 2,000 employees are involved in professionally creating and executing tailored solutions for customers across a variety of industries. To avoid endangering staff and production, the company also has extremely high standards where the plant’s safety and security are concerned. And Bosch has supported the print specialists with advanced technology and services through multiple system generations. Cutting-edge solution The latest new project involved implementing a networked solution to improve fire safety “Again and again, we’ve been impressed by the innovative solutions that Bosch comes up with for us,” says Jörg Naumann, who heads the company’s fire brigade. “Bertelsmann has been partnering with Bosch for over 35 years, and for good reason.” The latest new project involved implementing a networked solution to improve fire safety in the eight-meter-high waste paper warehouses. On average, around 300 tons of paper are stored there at any given time. Problems in waste paper removal would directly impact production. To enable prompt responses to any fire events in these sensitive areas, the Bosch experts planned and implemented a cutting-edge solution. Fire detection system AVIOTEC, the first video-based fire detection system to be certified by VdS Schadenverhütung GmbH (the VdS is an independent, renowned institution for enterprise safety and security, and harmonised body for international safety standards) plays a key role in it. Intelligent algorithms directly integrated in cameras reliably detect the first signs of any smoke or flame. This technology detects fires at their source much more reliably than conventional detectors Particularly in challenging large-volume buildings, this technology detects fires at their source much more reliably than conventional detectors, which are not triggered until smoke reaches them. The data generated by the new fire protection solution come together in the Bosch Video Management System. If AVIOTEC identifies a potentially dangerous situation in any of the waste paper warehouses, it immediately alerts the continuously staffed emergency service desk of the plant fire brigade. Building integration system The situation can then be checked on a video screen and appropriate steps will be initiated. The use of this innovative technology permits very early detection of any fires. This prevents major damage and resulting production downtimes, thus saving the company a great deal of time and money. To additionally enhance security and efficiency, all of the integrated on-site systems for fire protection and video security are managed by the Building Integration System from Bosch. As required, the security systems can be centrally or locally monitored and controlled by staff as appropriate. Not only Mohn Media benefits from this, but also all of the other companies of the Bertelsmann Printing Group operating at the same site.