Honeywell Pro-Watch 7000 Security Manual page 16

AES
Enable AES encryption by configuring both the host and controller. Load the
encryption keys (128 or 256-bit) on both sides before enabling AES.
Encryption mechanism
The below critically sensitive data and its encryption mechanism used in the PW7K
system.
Encryption in Communication
Category
PW7K to OSDP
PW7K to Host Software
PW7K to Web Client
PW7K TO SIO
Reader Communications
OSDP (Open Supervised Device protocol) secure channel (V2) is a bi-directional
secure protocol using symmetric keys shared between the reader and controller, it
is recommended to use OSDP in Secure mode always.
OSDP is recommended for reader communications as it provides secure method
of communication.
Wiegand Readers
Wiegand protocol based readers are vulnerable to attack. Hence OSDP is recom-
mended for reader communications as it provides a secure method of communica-
tion.
Controllers to SIO Communication
The PW7K panel supports two types of downstream communication.
•
•
8
RS485 SIO: communication on this network is encrypted using AES 128/256
pre shared keys, cables used for these communications must be concealed in
the secured area and must not be freely accessible.
IP based Downstream Modules: IP-enabled input/output modules support AES
encryption (128-bit) by default. It also has provision to use TSL between the
controller and downstream module. Refer to the PW7K User manual.
PW7K Security Manual
Encryption Type SSL/TLS Version
AES128
TLS TLS 1.2
TLS TLS 1.2
AES256
Notes
OSDP reader communication
Proprietary protocol
HTTPs protocol
Proprietary protocol
@Honeywell Inc