Why Go Keyless?

The challenges associated with lost and stolen physical keys are often top of mind when security teams start thinking about keyless options. However, there are many more benefits to consider if you’re thinking about going keyless.  

Keyless padlock on telecom MNO towerco gate

What do we mean when we say “keyless access control”?  

Obviously, keyless access control solutions don’t require traditional metal keys. But people often refer to access control systems that require a card or fob as “keyless”. While this type of access control solution is becoming more popular, when we say “keyless”, we mean that the solution doesn’t require any physical thing to control access rights: no keys, no access cards, and no fobs. The keys are virtual; digital tokens are stored in mobile devices and automatically transmitted over the air. 

The benefits of going keyless 

Control 

Digital keys allow you to control not only who has access to your assets and infrastructure, but when. Concerns about bad actors getting their hands on master keys are alleviated, and there are none of the headaches associated with retrieving keys from departing staff. Virtual keys pair access with identity, so you know exactly who is accessing your sites.  

Security

Securing your assets is important to protect your assets, but it is equally important for the cybersecurity of your network. A keyless access control solution designed with security at the forefront is an order of magnitude more secure than traditional locks and keys. Virtual keys are much harder to duplicate than mechanical keys, and can’t be lost, stolen, or misplaced. And because digital keys are matched to a specific user, people tend to behave better when they know their name is attached to an access event.  

Scalability 

With explosive growth in some sectors, and unprecedented circumstances related to the recent pandemic in others, no one knows what their business will look like one, three, or five years from now. Keyless access control allows you choose whether you want to start with a few test sites or go for your whole network, and then effortlessly scale access with your business. Whether you’re looking to scale with acquisition of assets or employees, or adding more, or more remote sites, to your portfolio, digital keys provide scalability without exponentially compounding operational expenses. Virtual keys future-proof your access control strategy. 

Operational Insights 

Virtual keys, backed by a cloud infrastructure, provide insights into operational processes across your assets and organization. These insights can help refine strategies from everything to resource planning to reconciling billing with contractors. It’s often challenging for operations teams to understand the actual processes being undertaken at remote or satellite sites. Access logs and audit trials provide the intelligence needed to make better business decisions and understand process gaps.   

Compliance 

Keyless access control goes beyond securing your sites and assets. Regulated industries require identity management and the burden of proof falls on organizations to prove regulatory compliance to governing bodies. Keyless access control, backed by a robust cloud solution, allows organizations to create defensible audit trails, safeguard regulated assets and processes, and assure compliance with industry requirements. We envision a world where the access control strategy drives innovation in the areas of regulatory and safety compliance. 

The benefits of cloud 

Most of the benefits of a truly keyless solution are found in the integration with cloud technology. A good cloud implementation makes customer adoption easy.  With a cloud solution, there are no costly servers to install or maintain on-site. The cloud infrastructure manages everything from issuing and revoking keys to the capture and storage of data related to the access control solution.  
 
As with any cloud solution, you need to make sure that your data is protected and appropriately encrypted. The right partner for your keyless access control solution will put security at the forefront of their platform, and ensure that the software is kept up to date to comply with evolving security standards. 

The benefits of mobile access 

Issuing virtual keys to mobile devices ensures that keys get to the people who need them, when they need them, and for however long they need them. Whether you’re issuing a key to a long-standing employee or a service contractor, to a site in the city, or 500 miles away in the middle of nowhere, the experience is the same. 

Sera4’s keyless solution is powered by Teleporte, a proprietary app which uses multiple methods of authentication to ensure that identity and permissions are verified. These authentication methods provide a more secure, compliant access control solution than traditional locks and keys, and Teleporte is also able to capture attempted accesses, not just successful opens.  

No network? No problem. Teleporte isn’t dependent on live network access. It’s important that users be able to access sites and infrastructure, no matter how remotely located, so the app doesn’t require internet access to open a lock.  

Moving from a point solution to a strategic initiative 

With advancements in keyless technology, and the growth of cloud infrastructure, access control is now considered an integral part of the overall security strategy. Keyless solutions allow the creation of holistic, cohesive access control systems, where the access mechanisms integrate with each other, as well as with existing systems and applications. 

Sera4 provides all the convenience and benefits of a keyless solution without sacrificing security or reliability. Our solutions are purpose-built to provide secure, scalable, and reliable access control across all of your assets and sites, from cabinets and cages to outdoor enclosures. Our hardware is built to withstand the harshest environments, and our software is elegantly designed to manage identity, generate audit trails, prove compliance, and improve operational efficiency.  

While we don’t envision a world without mechanical keys, keyless solutions provide flexibility, scalability, and customization that just isn’t possible with traditional locks and keys. Different industries and sites face different security and access control challenges, whether due to number of access points, number of users, or the remoteness of a site. Cloud-based access control systems can be configured to meet any need.  

To learn more about Sera4 keyless access control solutions, book a demo with our team. 

Sera4 Introduces Authorized Integrator Program

Sera4 is pleased to announce its Global Authorized Integrator Program. This program creates a reliable support structure for contractors and installers who install and service Teleporte. It provides a uniform quality of service to our end users.

Some benefits of the program include structured training for installers, access to a comprehensive knowledge base, preferential Sera4 support, and the opportunity to access the Warranty+ extended warranty program

Sera4 has already signed up our first Authorized Integrators. Contact us if you are interested to join the program or if you need to locate an Authorized Integrator.

Hidden Access Control: Security through Obscurity

Sometimes the best way to protect something is to hide it.

To some people, a keyhole or a padlock or a handle on something will act as a public notice that reads Valuables Inside. Those who are motivated to steal notice these signals. And when they’re identified by those people, they can tell the story about how to break them at a glance.

With keyless access, you can design a more secure system to protect your assets with a fully hidden mechanism. Imagine how the hood of your car opens, and you’ll have a good idea of what we mean. With a Sera4 Lock Controller, you can design a door, a panel or other secure hinged compartment that pops open by the touch of a smartphone. A door like this is more secure because it’s more hidden. It won’t have a handle, a keyhole, a padlock or other signals that it opens. And even when somebody might want to break in, it’s not clear where or how to start an attack.

Vertical Infrastructure: AX5 controlling access on a smart light pole.

5G demands denser networks in urban areas. This means that communications equipment is being installed in places like fake trees, park benches and lamp posts. These are places where people aren’t expecting to find anything valuable, and keeping access points obscure keeps them out of sight and out of mind. The only way to tell that there is an access point is to check with the Teleporte app on your phone.

Reliability

In the unfortunate event of a system failure, a door without a handle can be a difficult thing to open. The most common type of failure is a power failure: dead batteries. This is where our Access Pad can help. It provides a power connector (for a common 9V battery) to conveniently and discreetly power a dead system to get it open. In the rare case of a radio or app incompatibility, the Access Pad enables our Failsafe Unlock feature.

Sera4 Access Pad

With the latest technology, access points can be designed to be more secure and look better at the same time.

Please reach out to us. Each application is a little bit unique. We’d love to discuss how we can help conceal your access points.

The case against Remote Unlock

Every now and again we are asked the question “can we remotely unlock things with Teleporte?”  We understand where the question comes from. Most IoT devices are focused on remote sensing or control from a distance. Smart devices allow you to do things like set your home’s temperature from the other side of the world. It’s easy to assume that smart locks should behave in a similar way.

We often get asked to include this feature but we have purposefully built Teleporte so that a person is required in the physical presence of the device. We wanted to render unlocking something remotely from a command center impossible. And it is important for you, our customers to understand why.

Practical Risks

First, we do allow you to remotely enable a user, so there is no argument for someone new or unexpected needing access. In what situation then would you want to release a lock without an individual there? We can’t think of a practical scenario. Having someone on-site means that when the lock is opened the asset is being watched the whole time. Someone can close a gate behind them, reducing the time an asset is not secured. And most importantly, a person on-site can lock up again. Many locks are designed to fall or pop open when unlocked, and without someone there to close them, a remote unlock function would not guarantee a corresponding and critical lock function. 

Second, you don’t just want anyone on site when access is granted: you want to know who is getting in. With a remote unlock, there is little guarantee that the person going into a site is the one who is supposed to be. Smartphones are actually very sophisticated to identify a user with passwords and biometrics and their location with GPS. A local virtual key is much more reliable than a remote unlock process.

Cybersecurity

Finally, we want to mitigate the risks of hacking and cybercrime. In 2019, artificial intelligence designed and carried out more cyberattacks than people did. The attacks are getting more sophisticated. At Sera4, we use the best cybersecurity practices, but no one can predict everything.  If there is a logical path to remotely unlock something, there is a risk that it will happen; be it a sophisticated hacking attack or something as innocent as an error in an API integration. Imagine the catastrophe if the locks on a critical infrastructure network were all remotely opened at the same time. We designed Teleporte to ensure that this is impossible. 

We appreciate the excitement around technical feasibility and fancy features such as remote unlock, but every feature comes at a cost. Our goal is to the safety and security of our systems first, ensuring less risk and more reliability to you.

Sera4 appoints Precision Marketing as US Sales Engineers

Sera4 is pleased to announce that Precision Marketing Inc. is now the exclusive frontline Technical Sales Representative firm for the Sera4 keyless access control product line for the Telecom, Utility, Transportation and Military/Aerospace markets for the following U.S. states: AL, AR, CT, DC, DE, FL, GA, IA, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MS, NC, ND, NE, NH, NJ, NY, OH, OK, PA, RI, SC, SD, TN, TX, VA, VT, WI, WV.

Now in it’s 46th year of operation, servicing 37 US states, and a team comprised of 16 field solutions engineers and 7 inside support staff, PMI has established itself as a technical representation leader in markets such as Telecom, Utility, Transportation and Military/Aerospace. 

The partnership with PMI is effective immediately and it is a clear demonstration of Sera4’s commitment to serve the keyless digital access control market in the United States.

Go Keyless

It may not be apparent at first glance: going keyless is about a lot more than just not having to carry around a key or a fob. It’s about added security, new concepts of control, smarter operations and reporting. 

When we say “go keyless”, we mean abandoning any physical thing that controls access rights. That means no keys, no access cards, and no fobs. The keys are virtual; digital tokens stored in smartphones and automatically transmitted over the air.

Control

Virtual keys afford greater control over who has access to your assets. Keys can be granted to or revoked from people who aren’t physically present. Virtual keys can do things that ordinary keys can’t, like only permit access within a time window or limit the number of times they can be used. And with virtual keys, they can be automatically given many people in a service team and to many sites at once. These things would be impossible or very cumbersome with traditional keys.

Security

Despite first impressions and consistent news about poorly-executed smartlock designs, virtual keys can be more secure than physical keys. Imagine how we all do internet banking today. At Sera4, we use the same security principles and architectures to keep the same levels of reliability, security and scale. Where physical keys can be mechanically cloned, it is much harder to hack a digital certificate. Physical keys can be passed from person to person, or misplaced and picked up by strangers. Even more relevant is that virtual keys identify the user, which provides a lot of practical security. Many fewer people will brazenly steal from a site when they know they are being identified in real time.

Information

When business sites go keyless, they get automatic real time access logs. This can greatly reduce the cost of security protocols or even compliance with standards like ISO 9001. The data that comes back is already digital, more accurate and more detailed than traditional paper logs. Businesses should be analyzing this data routinely to identify waste in their processes and optimize their operations. Profiling site accesses can yield valuable insight about where contractors are not doing their jobs. Imagine a contractor that has billed to do a job that will take at least 2 hours, but the access logs show them on site for only 3 minutes.

Convenience

Most people will not forget their phone at home. Their car pairs with it and it’s clear when it’s missing. So many life functions depend on it. A physical key or card can be left at home without a thought until the moment it’s needed. So much truck roll is saved by not having to drive to get keys, either ones forgotten or fetching them from a depot. Virtual keys are with you whenever you need them!

And, of course, going keyless is also about the convenience. I used to go out with a wallet, a phone and a keyring. Then the wallet was absorbed into the phone with services like Apple Pay. Now, the keyring is also absorbed, and my pockets thank me. What I like best is when I need to get into a lock that wouldn’t have been on my physical keyring. Contact us to learn more about how friendly the future can be.

BIAS against Bluetooth

Another vulnerability of the Bluetooth security stack has been revealed this week: Bluetooth Impersonation AttackS (BIAS).

Unfortunately, this highlights another concern with the Bluetooth stack and is, in-part, due to the wide range of devices and configurations that Bluetooth has to support. The suggested remedy is for “the Bluetooth SIG [to update] the Bluetooth Core Specification”. (Source: bluetooth.com)

All this implies it will be up to chipset vendors to find and work around the problem in the interim.

Credit: The Hacker News tells us more …

The biggest risk is likely to be against mobile devices (mobile phones and laptops). Previously-paired devices can no longer be trusted. i.e. you could be communicating with a bad actor (impersonator).

As a word of caution: other Bluetooth-enabled smart locks and mobile software solutions may incorporate this same flaw. This would allow you to pass the digital keys to the wrong device: A “man-in-the-middle” attack.

Rest assured: Teleporte relies on digitally signed certificates to ensure that communications are encrypted. Only true Sera4 locks or lock controllers have the decryption key. All this happens without using the Bluetooth security stack — so access to your Teleporte locks remains secure and unaffected by BIAS.

A peek inside the Teleporte Cloud from Rancher

Here is a link to a blog from our friends at Rancher. It provides a sneak peek inside how we do cloud. Our own Jeff Klink discusses the advantages of the current Teleporte Cloud architecture. Read it and see how we deliver the security, reliability and scalability that Teleporte is known for.

Rancher is a container orchestration software company. We use their services to help us manage the Teleporte network.

Failsafe Unlock Explained

The Teleporte keyless access control system uses digital certificates as keys and controlled through a mobile phone application.  We have proven this method to be secure, scalable and reliable. Teleporte works on practically all Android and iOS devices (over 700 models in use and counting), so we ensure great user adoption. Users access the vast majority of our locks in this way.

With the recent launch of Teleporte server 3.4, we introduced the Failsafe Unlock feature. With this, you can still get into your locks in the event your smartphone isn’t working; whether the phone’s battery is dead at the end of a long working day or somehow your phone is damaged and no longer functions. The Failsafe Unlock feature provides you with a 4-digit flash pattern that you replicate by holding the button on the lock or with our Access Pad. Entering the valid code will grant access to the lock.

How Failsafe Unlock works as a user.

Failsafe Unlock is even easier to use from the administrator’s side. The administrator will tell the user the code and record who they gave it to in the admin panel. This way, Teleporte system maintains the access logs. The code is unique to each lock and is only valid for a few hours. Failsafe Unlock is now available to all Teleporte Enterprise subscribers.

With this innovation, we are enabling the transition to digital access control by eliminating the last of the reservations for going keyless. For more information, contact us or click here for more product information.

Deploying Teleporte during the pandemic

The COVID-19 pandemic is the biggest adjustment in business operations in a generation. Authorities worldwide are asking everyone to stay home or to maintain a social distance from others if we need to go out. No one knows how this situation will evolve, how long until we get a vaccine, and what permanent effects will persist in a “new normal”.

At Sera4, while we can’t practically retool to make facemasks, we can help with social distancing and help to monitor remote sites when technicians visit less frequently. Teleporte’s keyless infrastructure means that you grant access virtually – no handing out keys, cards or fobs; no paper sign-in sheets. You can make your process more efficient and secure, while maintaining the social distance that is now required. 

A lot of people we speak with are concerned about the risks of going digital on something as important as site access control. No one wants a system that doesn’t work as intended every single time, and many people are afraid of the risks of a hacking attack. These are legitimate concerns, given the poor reliability of many new technologies and the steady stream of bad press about smartlock solutions that have been hacked.  

We are very aware of these concerns and work hard to address them. Starting from a security infrastructure that has its roots in BlackBerry, we have built Teleporte to be the most secure keyless access system, built on a patented system that uses digital certificate – just like internet banking. Having measured a 99.97% access success rate over the last 1 million openings on the Teleporte network worldwide, we maintain that Teleporte is as reliable as a traditional lock and key.

We’ve also made Teleporte a very safe and simple system to deploy. Being a cloud-based solution, it requires no IT integration project, no servers, no data connections, no power (in the case of our padlock), no maintenance routines. Just install a padlock or a lock controller on your door, enclosure or gate and visit teleporte.sera4.com to manage access. And that’s it!  

Contact us or our network of distributors and integrators to learn how Teleporte is the right solution to roll out in the face of social distancing. Or click here and take a look through some of our information to decide for yourself.