SSCP PROTOCOL

SSCP, for Smart and Secure Communication Protocole, is the communication protocol promoted by SPAC Alliance. Sovereign, this standard is open, bidirectional, and highly secure. It is the most widely used protocol in CSPN-certified access control solutions. Its interoperability enables it to interact with a broad ecosystem.

These characteristics ensure long-term compliance with the European regulatory framework, regardless of an entity’s status or level of criticality, and allow the full potential of a modern security system to be utilized.

COMMUNICATION PROTOCOL

PROTOCOL

In physical security, a protocol organizes and secures communication between two elements. The SSCP protocol protects exchanges between a device (reader, printer, connected lock…) and the controller of a security solution.

OPEN AND INTEROPERABLE STANDARD

OPEN

SSCP IS OPEN

The openness of the SSCP protocol allows the integration of sustainable and market-controlled solutions. The changes driven by a threat, regulatory text, or market need are encouraged, simplified, and accelerated.

SSCP IS INTEROPERABLE

In fact, the SSCP protocol facilitates interoperability between the various devices in the physical security ecosystem.

Originally designed to control access readers, the scalability of the SSCP protocol allows the market to create new command sets to integrate other connected devices such as encoding printers, reader peripherals, and UHF antennas for long-range vehicle identification and industrial traceability, even enabling the control of intrusion detection systems, IoT devices, or authenticating objects such as video surveillance cameras.

HIGH SECURITY AND BIDIRECTIONAL PROTOCOL

HIGH SECURITY

BIDIRECTIONAL FOR DYNAMIQUE MANAGEMENT

 

Bidirectional communication enables dynamic device management. This type of communication allows, for example, the system or door controller to manage a fleet of access control readers in real-time. SSCP offers multiple command scripts, providing users with an extraordinary functional richness through a variety of application scenarios, from the simplest to the most complex.

There is no need to manually adjust configurations to change the reader’s behavior. With SSCP, biometric or keypad authentication can be automatically activated in real-time to enhance security based on a defined schedule or the type of identification technology used.

SSCP natively enables direct interaction with the access badge chip, allowing not only reading but also writing to the badge to modify keys, access rights, biometric templates, and more.

 

HIGH-SECURITY EUROPEAN PROTOCOL

SSCP provides communication that is systematically authenticated, encrypted, and signed from the identifier to the management system, helping to establish end-to-end security.

SSCP offers:

  • Systematically authenticated communication (AKEP 2 key), encrypted and signed with public algorithms (AES 128 + HMAC SHA 256) recommended by international bodies and European institutions.
  • Key generation in compliance with NIST specifications (NIST SP 800-108 – KDF3 – SHA 256).

The SSCP protocol protects against man-in-the-middle attacks and secures:

  • Transferred data
    • Authentication, write, and read commands for identifiers
    • PIN codes
  • Code execution, for example, in an access control reader during handling

    SSCP CERTIFICATION

    TRANSPARENT MODE AND MULTI FACTOR

    TRANSPARENT

    Designed for high security

     

    From its inception, the SSCP protocol was designed to incorporate the highest levels of security and comply with the strictest requirements of European security agencies, including ANSSI and BSI.

    In access control solutions, SSCP offers a “Transparent” communication feature, enabling system and reader manufacturers to comply with the 1 and 1 bis architectures recommended by ANSSI.

    These architectures are now regarded as the most secure and are increasingly deployed across Europe.

     

    Transparent Mode Multi-Factor Authentication

    Recent updates to ANSSI guidelines, such as the recommendation guide for access control and video surveillance systems and the CPSN security target model, now include the possibility for multi-factor authentication within Architecture 1 and recommend additional encryption of communication between the reader and the UTL.

    SPAC Alliance and its members contributed to the development of these documents through its working groups and its commitment to several French and European initiatives.

     

    The Protocol for Sustainable Security

    These security advancements further emphasize the importance of integrating SSCP, which aims to secure communications by fully meeting all requirements in standards, guides, and recommendations such as the General Security Framework (RGS) / ANSSI-PG-083 and the ANSSI guide on cryptographic algorithm selection.

    SSCP MULTI-LAYER STRUCTURE

    MULTI LAYER

    SSCP Protocol Characteristics and Functionality Explained Schematically:

    SSCP SECURITY LAYER

    Imagine an electrical cable made up of two wires:

    • The first wire represents the hardware equipment, meaning the connected devices (such as the device’s user interface or functional equipment).
    • The second wire represents the identification technology used: RFID, Bluetooth, Biometrics, etc.

    SSCP ENCAPSULATION LAYER

    It enables the “formatting” of the frame data in SSCP format, ensuring the integrity of the frame, its start and length, protocol version, connection type (RS232, RS485, TCP/IP, USB…), hardware address, and protocol mode (transparent or not).

    It determines the interoperability of the SSCP protocol.

    To read a frame, it is necessary to decrypt the data and then verify the signature after mutual authentication. SSCP thus provides all guarantees of secure data communication: confidentiality, authenticity, and integrity. A frame counter prevents any replay attacks.