Safer by design

Access control systems are only as secure as their fundamentals

Physical and virtual security should no longer be dealt with as unrelated issues. Keys can be copied, badges are shared, and an unattended desk can give the wrong person the right credentials. That can result in a hacked computer and stolen intellectual property.

We've worked hard to build a multi-layered, advanced system to meet the requirements of security-conscious organizations. As an Openpath customer, your safety is our highest priority.

Physical security

Smart devices can instantly improve your security profile by enabling multi-factor and/or biometric authentication, one time passwords, employee location awareness, and instant credential revocation.

Learn about our hardware

Virtual security

Local computers will often remain vulnerable, and need time-consuming upgrades to various system software. Openpath’s cloud software is continuously upgraded and updated to protect against emerging threats.

Learn about our software

The Openpath approach

Samy Kamkar, Chief Security Officer and Co-founder, speaks about our approach to security

Certified and compliant

Fortify your security and compliance. End-to-end encryption, mobile credentials that can't be cloned, and multi-factor authentication with offline functionality for peace of mind, even if the internet goes down. Openpath integrates with your VMS for real-time awareness and alerts, with lockdown and tailgating capabilities to reduce security incidents.

Openpath is also fully SOC 2, GDPR and CCPA compliant. Our hardware is UL 294 and FCC compliant, meets European and Canadian standards, and our readers are IP65 rated. We can also help you meet your physical security requirements, like HIPAA and PCI.

Risk is everywhere

PINs

Personal Identification Numbers are easily shared or forgotten, and troublesome to change.

Cloning

Low frequency proximity cards and magnetic stripe cards are very vulnerable to record and replay cloning.

Cards

Cards are frequently lost, stolen, or shared between employees, with low ability to identify individual users.

Reader vandalism

Card readers that store any data on them are vulnerable to physical tampering and can expose data or even compromise an access control system.

The Openpath solution

Directory integration

Maintain a single source of truth for all your users. Synchronize your Openpath users with your directory like Google G Suite, Office 365, Azure Active Directory, Okta, or OneLogin.

Real-time monitoring

Dashboards display successful and failed entries, sensor alerts, and ajar notifications in real-time and help you track the state of access controls around your physical perimeter.

Audit trail integrity

Create and securely store an ongoing log of all confirmed access to your location to help support forensic investigation of any incidents and meet record retention requirements.

Biometric authentication

For any sensitive locations and entries, you can leverage fingerprint authentication or facial recognition that is already built into smartphones.

Encrypted RFID cards

Openpath recommends and offers DESFire EV2 access cards. They offer some of the strongest encryption and security available, with no publicly known vulnerabilities.

Multi-factor authentication

Enable multi-factor authentication on any entry for added security.

Reader security

Reader security may be the most overlooked, vulnerable point in an access control system. Our readers store no sensitive data or secret material. They act as a blind proxy between the credential and control unit and offer no value to those who attempt to tamper with it.

Cloud security

All communication with the cloud is encrypted end-to-end with strong public key cryptography and mutual authentication.

Identity oversight

If an employee or user joins or leaves the company, authorization is instantly granted or revoked.

IoT

Companies are faced with the challenge of managing IoT devices, often running old, insecure, and difficult to upgrade firmware. Because our system is fully managed, we keep your system secure from emerging threats.

CloudSync

CloudSync is our offline first technology, which allows the system to operate even if your Internet connection goes down.

Mobile security

All phone communication is fully encrypted, end-to-end, without any dependence on the security of the underlying wireless protocols.

FAQs

Openpath standards

Openpath hardware is thoroughly tested and certified with all the standards and regulations you need in an access control system.

UL 294 Standard for Access Control System Units

We are registered and listed with MET Labs, a UL certified compliance agency.

Openpath Listing number: E114811
Certification for UL 294 & UL60950-22
UL 294 Approval Document

Federal Communications Commision (FCC)

Openpath hardware complies with Part 15 of FCC rules.

Industry Canada (IC)

Openpath hardware complies with Industry Canada regulations.

Openpath hardware conforms with health, safety, and environmental protection standards for products sold within the European Economic Area (EEA).

IP65

Openpath Smart Readers are rated IP65 according to the Ingress Protection code against dust and water.

RoHS

Openpath Smart Readers are RoHS compliant, which restricts the use of specific hazardous materials found in electrical and electronic products.

Security and privacy go hand in hand

The way an access control system handles your data is paramount, which is why Openpath is commited to protecting it.

View privacy policy

Helping you meet your requirements

Openpath’s access control system was designed to help organizations meet all their compliance requirements for physical security.

PCI Requirements

PCI Requirements for Physical Security (Requirement 9), and Track and Monitor All Access to Systems (Requirement 10).

Securing Offices, Rooms and Facilities

ISO 27001 requirements for Physical entry controls (A.11.1.2) as well as Securing offices, rooms and facilities (A.11.1.3).

MPAA Requirements

MPAA Best-Practices Requirements for Entry/Exit Points (PS-1.0), Visitor Entry/Exit (PS-2.0), Perimeter Security (PS-4.0), Authorization (PS-6.0), Electronic Access (PS-7.0), and Logging and Monitoring (PS-10.0).

CJIS Requirements

CJIS Requirements for Auditing and Accountability (5.4), Access Control (5.5), Identification and Authentication (5.6), Physical Protection (5.7), and Media Protection (5.8)

HIPAA Requirements

HIPAA Requirements for Workforce Security, Information Access Management, Facility Access Controls, Access Controls, Audit Controls, and Person or Entity Authentication.