Hugo Wendling

Can a smart card be used securely for multiple applications (and among multiple manufacturers )? End users are demanding such interoperability, and they also want openness to switching out components of their access control systems in the future without being “locked in” to one vendor. Those are the goals of the LEAF Identity consortium, a collection of companies that share and support end user-owned encryption keys stored securely in smart cards with MIFARE DESFire EV2 chips and are used to authenticate access control credentials and read the data required to access multiple applications secured by multiple vendor devices. Smart card systems - more secure Almost everyone in the industry now knows that low-frequency (125 kHz) “prox” cards are not secure; in fact, low-cost cloning equipment is readily and inexpensively available. As the industry transitions to encrypted cards, challenges of interoperability persist. Keeping smart card systems more secure are AES 128 encryption keys encoded onto the card chips. Information is exchanged via radio frequency (RF) in a challenge-response interaction when a card is presented to a reader. The most recent LEAF EV2/EV3 cards allow up to 16 devices to be individually accessed using 16 unique keys, respectively that are stored in the smart cards (and among a variety of manufacturers). LEAF Identity Consortium enables interoperability with encrypted Smart Cards LEAF Memory Model specifies a standard EV2 (EV1 backward compatible) smart card data format and application access protocols that ensure each manufacturer’s devices can interface with a card chip in the same way. Specifically, each card has a “common data structure” based on the LEAF Memory Model, which means that the location of information is arranged on a card chip in a predictable and consistent manner. Each end-user application (for door readers, secure printing, vending, etc.) stored in the card is secured with their own cryptographic key. Member companies adhere to that structure in order to be interoperable with a single credential. There are no license fees or intellectual property rights involved. Keysets The approach involves a LEAF Custom Cryptographic Keyset (LEAF Cc Keysets) owned by the end-user. “When we present these concepts to integrators, they realize that, first, they need to get their clients to pay attention to the risks around proximity cards and to migrate to encrypted card technology,” says Laurie Aaron, Executive Vice President, WaveLynx Technologies Corp. “Then we explain the benefits of customer-owned keys and of the LEAF data structure. Then integrators can differentiate themselves by selling the value of the end-user staying in control and having unlimited interoperability.” WaveLynx Access control manufacturer WaveLynx is implementing the LEAF concept, which is the brainchild of CEO Hugo Wendling, who saw the advantages of leveraging the ability of an EV2 chip card to authenticate access to multiple applications by multiple manufacturer’s devices. WaveLynx set up the specification, maintains the website, and is involved when a manufacturer wants to become LEAF Enabled. They provide a key management service (for life) to end-users based on LEAF capabilities. End-users “own” the keys and can submit a request to WaveLynx to have us securely share them with any other manufacturer. Sharing a key involves two key custodians from WaveLynx Technologies and the Vendor who is receiving the customer’s keys, each of whom only has access to half of the encrypted key in order to keep it secure.  Keys are shared via a “key ceremony”. Combining capabilities The LEAF consortium provides a way for manufacturers to work together to provide an ecosystem of devices that are compatible with a single encrypted smart card without the need to embed proprietary reader modules in their devices or license another manufacturer’s technology, thereby making it possible for them to increase their market share. Working together, independent manufacturers can assemble a group of devices to compete more effectively with larger manufacturers. In effect, they combine their capabilities in order to offer the end-user viable options and to compete. LEAF Consortium partners include Allegion, ASSA ABLOY, Brivo, Eline by DIRAK, Linxens, RFIDeas, and Telaeris. Biometric partners include Idemia and IrisID. Biometric devices may either store their biometric on the card or on a central database and access it through the badge number. The LEAF standard continues to evolve. Although the standard does not currently offer mobile credentials, a common mobile credential standard is currently being discussed and designed by the Consortium.  

WaveLynx Technologies, a developer and manufacturer of customizable physical security devices and credentials, announces a strategic integration alliance with Genetec Inc., which will serve as a reseller of WaveLynx access control products and LEAF operable solutions.  Genetec develops open-architecture software, hardware and cloud-based services for the IP physical security and public safety industry serving enterprise and government organizations via a network of resellers, certified channel partners, integrators and consultants. The company’s flagship product, Genetec Security Center, is built on an open architecture, and unifies IP-video surveillance, access control, automatic license plate recognition (ALPR), VoIP communications and analytics system.  Seamless Transition WaveLynx Technologies designs non-proprietary, secure access control solutions for its customers, such as its signature Ethos readers which provide a seamless transition from legacy proximity credentials to highly secure smart cards and mobile credentials. WaveLynx Technologies is pioneering the LEAF standard to ensure end users have the freedom to select multiple, independent manufacturer’s solutions.  Having several common customers, the technology and distribution relationship is designed to provide those customers the combined support and innovation of Genetec and WaveLynx Technologies. Genetec is one of the top providers of unified VMS, access control, ALPR, communications and analytics systems in the world Market-Relevant Technology “Genetec is one of the top providers of unified VMS, access control, ALPR, communications and analytics systems in the world and WaveLynx offers current, market-relevant technology without being encumbered by legacy designs and backward compatibility issues,” states Hugo Wendling, President of WaveLynx Technologies. “Our combined solutions and technology results in progressive access control solutions to our customers.” “As Genetec continues to create clever innovations for unified IP physical security, our Security Center Synergis and Synergis Cloud Link hardware help our end-users seamlessly evolve their access control systems,” said Francois Brouillet, Commercial Manager, Access Control, Genetec. “Through this integration and distribution partnership with WaveLynx Technologies, we are excited to offer extended capabilities and choices for our end-users as they update and expand their access control systems,” added Brouillet.

WaveLynx Technologies, a developer of customisable physical security readers and credentialing, announced a strategic partnership with Safetrust, a developer of IoT-enabled mobile credentials for buildings and information systems. Safetrust’s advanced mobile solution and identity management platform along with WaveLynx’s highly secure, flexible access control hardware solutions are now fully merged into a complete mobile security platform. Safetrust’s mobile credentials will be natively integrated with WaveLynx’s line of access readers, allowing already- established Safetrust credentials to be securely communicated via WaveLynx’s Bluetooth readers. The partnership is designed to offer the market an end-to-end solution that enables a seamless transition from traditional proximity cards to the future of smart credentials. WaveLynx Technologies, a developer of customisable physical security readers and credentialing, announced a strategic partnership with Safetrust Multiple Credential Technologies   WaveLynx readers have the ability to read multiple credential technologies, enabling customers to gradually transition from proximity cards to a more secure credential technology, such as MIFARE DESFire smart cards or Bluetooth mobile credentials. WaveLynx wall mount readers are compatible with virtually every access control system on the market, offering the latest security and convenience through its OSDP Autodetect feature that enables a seamless transition from non-encrypted Wiegand protocol to the OSDP secure-channel protocol. In partnership with Safetrust, the door access readers are 100% compatible with an enterprise-level, cloud-hosted Bluetooth credential- and identity-management application available on iOS and Android devices. Safetrust provides the highest levels of certificate authentication found in a mobile application, adhering to AES and NIST encryption and identity standards. By incorporating the physical attributes of a “badge” into the mobile application, Safetrust credentials enable mobile identity management that allows authorized personnel to identify individuals within range through a visual ID on their mobile device. These credentials bridge the gap between physical and logical access, making it possible for the same mobile device that works with WaveLynx wall mount door readers for facility access to work with USB devices for computer data access, printer access and digital document signing. WaveLynx wall mount readers are compatible with virtually every access control system High-Performance Door Reader “The WaveLynx approach to openness and adherence to industry protocols has made the native integration with Safetrust an easy transition,” says Jason Hart, CEO of Safetrust, located in Fremont, CA.  “This integration enables customers to deploy an upgradeable and manageable high-performance door reader for fast and seamless mobile building access, while producing additional IoT business intelligence.  With over-the-air and over-the-wire upgrade capabilities, the WaveLynx readers can be updated to include new standard mobile, identity and IoT protocols as they evolve. WaveLynx develops hardware and we develop software- it’s a perfect fit.” “Together, Safetrust and WaveLynx are bringing a ‘best of breed’ software and hardware solution for mobile facility access to the market,” says Hugo Wendling, President of WaveLynx Technologies. “In my opinion, Safetrust is lightyears ahead of the competition with regards to Bluetooth identity and credential solutions. We are fortunate to have formed such a great business relationship with Safetrust that complements and supports our WaveLynx products.” 

WaveLynx Technologies, a developer of customizable physical security readers and credentialing, announced the release of their newest wall mount access reader to their Ethos product portfolio. The Ethos product line are the first access readers manufactured to leverage the full extent of the Security Industry Association’s (SIA) Open Supervised Device Protocol (OSDP) V2.1.7 specification with the use of Secure Channel-encrypted communication and remote upgrade and maintenance capabilities. SIA’s OSDP V2.1.7 is more secure than the most common access control protocol, improving interoperability among access control and security products. OSDP Secure Channel also supports high-end AES-128 encryption, which is required in most government applications. WaveLynx Technologies’ readers are the first to be validated with industry-leading access control systems to communicate over secure channel and effectively update an access reader from a remote location.Our Ethos readers’ capability to save end-users time and money distinguishes itself from any other product" Collaborations Between Industry Leaders The WaveLynx engineering team worked closely with the engineering teams of other industry-leading companies including Mercury Security, Viscount Systems and STANLEY Security to validate the functionality across multiple platforms, as well as with their test systems for both Secure Channel and Firmware Boot loading capability. “The announcement of the WaveLynx Technologies Ethos reader is something the industry can really be proud of,” states Joe Gittens, Director, SIA Standards. “SIA OSDP has long been a security-minded solution, and now WaveLynx’s pioneering new product unlocks the potential of OSDP 2.1.7 with features designed for ease of management. We are excited to continue working with SIA members like WaveLynx in the SIA OSDP Working Group to deliver added value to the security industry.” New Era Of Secure Communications For large corporations and enterprise environments, this new reader will save valuable time, money and resources. Rather than spending thousands of dollars to remove hundreds of door readers from walls, manually configure the readers and then re-install each, a technician can now upgrade several readers at once with the tap of a keyboard. This cuts the time needed to upgrade each reader to approximately four minutes down from 20 minutes, while increasing security and intelligence. As more access control manufacturers convert from the standard Wiegand Protocol to the more secure OSDP, Ethos readers will automatically detect and convert the reader to the updated protocol, avoiding the need to replace outdated readers and allowing the end-user’s investment to progress into the new era of secure communication without additional cost or disruption. “Our Ethos readers’ capability to save end-users time and money distinguishes itself from any other product,” says Hugo Wendling, President of WaveLynx Technologies Corporation. “Being able to change the behavior of a reader and update its firmware remotely marks the beginning of new era in security. Our readers are now integral and fully managed components of any access control system, making our reader technology a sure bet for our customers’ present and future requirements.”