Sera4 Presenting at BICSI EMEA Virtual Conference Sept 10

Register now for BICSI’s next Virtual ICT (vICT) forum. Sera4 is up first, presenting Today’s Trends and Drivers in Access Control for Critical Infrastructure.

EMEA Virtual ICT Forum – Powered by BICSI
10 September 2020
11:00 AM – 3:00 PM GMT
Earn 3 BICSI CECs
BICSI Members: 25 USD; Nonmembers: 45 USD

How Teleporte achieves Scale, Security & Reliability

Our own Jeff Klink is interviewed by SiliconAngle at Kubecon 2020 and authored an article in InformationAge, sharing how Teleporte Cloud is designed for scale, security and reliability. Both pieces focus on Sera4’s leading transformation into a distributed microservices cloud architecture, with some recommendations for others who want to follow us.

Sera4 releases Work Sessions

Sera4 is thrilled to announce that we have launched Work Sessions. This represents a significant advancement of our Site Assurance module in Teleporte. Work Sessions is available now to all Teleporte Enterprise subscribers. 

Over years of digitizing access control for industrial infrastructure, we see a consistent story emerging. Access and time-on-site is more complex than it is for someone getting into a safe or opening a bicycle lock. Often, teams access sites and sometimes arrive and leave at different times. There are usually several locks or access points on a site. With Work Sessions, we are making the process of access management and site security much more fluid and powerful.

Linking Event Records

With Work Sessions, we group Teleporte activity from the moment the first person arrives on-site and checks in, to the time the last person leaves. This means that once a site is open, locks can be open and closed within a work session without opening and closing the site. A different person may close the site and mark it as secure (all locks registered closed).

The interconnectedness of events in a Work Session

A record of the links between events in a site visit can be as powerful as it is convenient.

  • Understand how long a job takes to complete on site, and even get verified timing on specific components of a job
  • Have workers take accountability for ensuring the site is secured when leaving
  • Control who gets access based on prior behavior
  • and more

All of this is automatic and in the background while you enjoy the benefits of going keyless with Teleporte.

Available Now

To access the latest features including Work Sessions, Teleporte users will upgrade to the Teleporte App version 5.4. Our servers are already updated.

Click here for access to the latest documentation on the Teleporte Features and learn more, or contact us. We would be pleased to arrange a demonstration of Site Assurance and what it can do for you.

Security Update June 2020

Last week the NVD (National Vulnerabilities Database) was updated with 19 new vulnerabilities affecting IoT devices.

Specifically, the ICS-Cert advisory for vulnerabilities in the TCP/IP stack used by some IoT devices, highlight important aspects of design and function of security devices. Sera4 products are not vulnerable to any of these attack vectors.

Security by Design

Our locks and controllers use the Teleporte Embedded software stack, which:

  • does not include a TCP/IP stack,
  • includes the capacity to perform software updates, and
  • is regularly tested, maintained, and updated.

As a part of Security by Design, it’s important to limit the number of software and libraries used in developing a service. Some vendors may include a TCP/IP stack or services simply because the device’s operating system includes those features. Teleporte Embedded integrates only components that it strictly requires.

In-Field Updates

Equally, it is important that IoT devices are maintained and can be updated (in the field after entering service) to ensure security certificates don’t expire, and devices are left without security or support.

Teleporte is actively maintained, with regular updates to features and capabilities – the mobile application and lock software are always improving.

Keeping these in mind, rest assured that Sera4 leads the way in innovation and security for your critical application. To learn more about Sera4’s security innovations, contact us. We’d love to talk with you.

The case against Remote Unlock

Every now and again we are asked the question “can we remotely unlock things with Teleporte?”  We understand where the question comes from. Most IoT devices are focused on remote sensing or control from a distance. Smart devices allow you to do things like set your home’s temperature from the other side of the world. It’s easy to assume that smart locks should behave in a similar way.

We often get asked to include this feature but we have purposefully built Teleporte so that a person is required in the physical presence of the device. We wanted to render unlocking something remotely from a command center impossible. And it is important for you, our customers to understand why.

Practical Risks

First, we do allow you to remotely enable a user, so there is no argument for someone new or unexpected needing access. In what situation then would you want to release a lock without an individual there? We can’t think of a practical scenario. Having someone on-site means that when the lock is opened the asset is being watched the whole time. Someone can close a gate behind them, reducing the time an asset is not secured. And most importantly, a person on-site can lock up again. Many locks are designed to fall or pop open when unlocked, and without someone there to close them, a remote unlock function would not guarantee a corresponding and critical lock function. 

Second, you don’t just want anyone on site when access is granted: you want to know who is getting in. With a remote unlock, there is little guarantee that the person going into a site is the one who is supposed to be. Smartphones are actually very sophisticated to identify a user with passwords and biometrics and their location with GPS. A local virtual key is much more reliable than a remote unlock process.

Cybersecurity

Finally, we want to mitigate the risks of hacking and cybercrime. In 2019, artificial intelligence designed and carried out more cyberattacks than people did. The attacks are getting more sophisticated. At Sera4, we use the best cybersecurity practices, but no one can predict everything.  If there is a logical path to remotely unlock something, there is a risk that it will happen; be it a sophisticated hacking attack or something as innocent as an error in an API integration. Imagine the catastrophe if the locks on a critical infrastructure network were all remotely opened at the same time. We designed Teleporte to ensure that this is impossible. 

We appreciate the excitement around technical feasibility and fancy features such as remote unlock, but every feature comes at a cost. Our goal is to the safety and security of our systems first, ensuring less risk and more reliability to you.

Sera4 appoints Precision Marketing as US Sales Engineers

Sera4 is pleased to announce that Precision Marketing Inc. is now the exclusive frontline Technical Sales Representative firm for the Sera4 keyless access control product line for the Telecom, Utility, Transportation and Military/Aerospace markets for the following U.S. states: AL, AR, CT, DC, DE, FL, GA, IA, IL, IN, KS, KY, LA, MA, MD, ME, MI, MN, MS, NC, ND, NE, NH, NJ, NY, OH, OK, PA, RI, SC, SD, TN, TX, VA, VT, WI, WV.

Now in it’s 46th year of operation, servicing 37 US states, and a team comprised of 16 field solutions engineers and 7 inside support staff, PMI has established itself as a technical representation leader in markets such as Telecom, Utility, Transportation and Military/Aerospace. 

The partnership with PMI is effective immediately and it is a clear demonstration of Sera4’s commitment to serve the keyless digital access control market in the United States.

Go Keyless

It may not be apparent at first glance: going keyless is about a lot more than just not having to carry around a key or a fob. It’s about added security, new concepts of control, smarter operations and reporting. 

When we say “go keyless”, we mean abandoning any physical thing that controls access rights. That means no keys, no access cards, and no fobs. The keys are virtual; digital tokens stored in smartphones and automatically transmitted over the air.

Control

Virtual keys afford greater control over who has access to your assets. Keys can be granted to or revoked from people who aren’t physically present. Virtual keys can do things that ordinary keys can’t, like only permit access within a time window or limit the number of times they can be used. And with virtual keys, they can be automatically given many people in a service team and to many sites at once. These things would be impossible or very cumbersome with traditional keys.

Security

Despite first impressions and consistent news about poorly-executed smartlock designs, virtual keys can be more secure than physical keys. Imagine how we all do internet banking today. At Sera4, we use the same security principles and architectures to keep the same levels of reliability, security and scale. Where physical keys can be mechanically cloned, it is much harder to hack a digital certificate. Physical keys can be passed from person to person, or misplaced and picked up by strangers. Even more relevant is that virtual keys identify the user, which provides a lot of practical security. Many fewer people will brazenly steal from a site when they know they are being identified in real time.

Information

When business sites go keyless, they get automatic real time access logs. This can greatly reduce the cost of security protocols or even compliance with standards like ISO 9001. The data that comes back is already digital, more accurate and more detailed than traditional paper logs. Businesses should be analyzing this data routinely to identify waste in their processes and optimize their operations. Profiling site accesses can yield valuable insight about where contractors are not doing their jobs. Imagine a contractor that has billed to do a job that will take at least 2 hours, but the access logs show them on site for only 3 minutes.

Convenience

Most people will not forget their phone at home. Their car pairs with it and it’s clear when it’s missing. So many life functions depend on it. A physical key or card can be left at home without a thought until the moment it’s needed. So much truck roll is saved by not having to drive to get keys, either ones forgotten or fetching them from a depot. Virtual keys are with you whenever you need them!

And, of course, going keyless is also about the convenience. I used to go out with a wallet, a phone and a keyring. Then the wallet was absorbed into the phone with services like Apple Pay. Now, the keyring is also absorbed, and my pockets thank me. What I like best is when I need to get into a lock that wouldn’t have been on my physical keyring. Contact us to learn more about how friendly the future can be.

BIAS against Bluetooth

Another vulnerability of the Bluetooth security stack has been revealed this week: Bluetooth Impersonation AttackS (BIAS).

Unfortunately, this highlights another concern with the Bluetooth stack and is, in-part, due to the wide range of devices and configurations that Bluetooth has to support. The suggested remedy is for “the Bluetooth SIG [to update] the Bluetooth Core Specification”. (Source: bluetooth.com)

All this implies it will be up to chipset vendors to find and work around the problem in the interim.

Credit: The Hacker News tells us more …

The biggest risk is likely to be against mobile devices (mobile phones and laptops). Previously-paired devices can no longer be trusted. i.e. you could be communicating with a bad actor (impersonator).

As a word of caution: other Bluetooth-enabled smart locks and mobile software solutions may incorporate this same flaw. This would allow you to pass the digital keys to the wrong device: A “man-in-the-middle” attack.

Rest assured: Teleporte relies on digitally signed certificates to ensure that communications are encrypted. Only true Sera4 locks or lock controllers have the decryption key. All this happens without using the Bluetooth security stack — so access to your Teleporte locks remains secure and unaffected by BIAS.

Don’t Call Us, We’ll Call You (Webhooks Are Here)

With every security component added into a critical infrastructure, comes the inherent need for information, automation and control. As the number of critical components in your infrastructure grow, so does complexity and the necessity to stream information as it happens. Integrators and clients are now looking to being on the receiving end of data in real time in order to provide critical dashboard updates. We’ve listened and we’ve delivered.

With Teleporte Cloud server 3.5, we have added a critical component to our API capabilities: the concept of webhooks. In a “don’t call us, we’ll call you” manner, Teleporte Cloud is now capable of calling your secure endpoint with real-time data concerning events that are happening inside your system. Webhooks are to APIs as fuel is to a fire; they can ignite your integrations and get your organization on the receiving end of updates as they happen. Remember, polling APIs is so 1990’s, go real-time by enabling webhooks.

To better understand what the difference between an API and Webhooks are, consider this simple analogy:

APIs are request based. They are useful for pulling data on demand.
Webhooks are event-based. They are useful for receiving critical events when they happen.

API + Webhooks = Complete Automation Capabilities

Teleporte Cloud now supports webhooks that can be configured for updates to important events (such as the creation or deletion of digital keys), access requests to locks and even the creation, deletion or update of system users. As an example, if you’re looking to know that ‘administrator X with email [email protected] created a digital key to lock 21, on site B that is valid from Tuesday at 9am to Tuesday at 5pm’ as it happens, then webhooks are your holy grail! Get on top of and react quicker to events happening in your infrastructure by enabling webhooks.

Feel free to ask us about our Slack integration. Our webhooks support Slack out of the box and can have your team seeing the benefits of webhooks within seconds.

Get more details about webhooks at https://apidocs.sera4.com or contact us to discuss how you can get webhooks working for you.

High-Security Keyless

In protecting your assets, there is always a tradeoff between convenience and security. For example, when you go into your office every day, you want to get in through the main doors without any delay.  But when the asset requires the highest security,  added rigour such as additional security checks are necessary.

The vault application is a good example of how keyless solutions are catching up with old standards for addressing high-security requirements.

  • Vaults often include locks whereby 2 keys are required and placed more than 6 feet apart. Two individuals, each of whom have their own unique key, must open the lock at the same time for the door to open. This approach prevents a single rogue actor from opening a door when they do not have authorized access
  • Another high-security standard opens a door after several minutes of unlock delay. This delay, connected with alarms, is a strong deterrent for criminals. They know that law enforcement will be coming while they are waiting for the door to open.

Bringing these features to Keyless

Sera4 has released Teleporte Cloud server 3.5 and Teleporte Mobile application 5.2. All Teleporte Enterprise customers now have access to high-security protocols to match the use cases above. 

  • The new Multi-Authentication Unlock feature requires two or more users to unlock a lock. Each user has their own key for that one lock and each user must issue the unlock command to the same lock. The lock only opens after all required users try to open the lock on their own account.
  • The new Delayed Open feature can be enabled on a lock-by-lock basis. The administrator can configure the delay. When someone unlocks a Sera4 lock in the Teleporte Mobile application, it will open only after the specified delay.

At Sera4, we envision a fully keyless world. With these innovations, we bring keyless benefits to the highest-security applications, such as vaults. We expect that there will be many applications for these new features that we haven’t even imagined yet.

For more information on the available features on the Teleporte Cloud server, click here. Or simply and contact us to arrange for a demo. We’re excited to show off our latest innovations.