Perrugi Brain.
The encrypted lock bus.

An encryption board placed between the keypad and the electronic lock. Every unlock command is signed and encrypted end-to-end — an attacker cannot sniff the code, replay a frame, or modify the signal. Extended with a CAN bus and industrial Ethernet for large facility deployments: hotels, office buildings, factories.

Request samples Full specification
Perrugi Brain
AES-256
AES-256 GCM
CAN 2.0B
CAN 2.0B
100/1000 Base-T
Industrial Ethernet
< 50 ms
Round-trip latency
SE
Secure Element

Four layers of cryptographic protection.

No compromises on the bus. Communication between the keypad and the electronic lock is the most fragile part of the system — this is where the unlock authority lives. Perrugi Brain closes that channel the way banking traffic is closed: cipher, key in hardware, replay protection, audit.

AES-256-GCM encryption

Every frame heading toward the lock is encrypted with AES-256 in GCM mode and stamped with an authentication tag. Without a valid tag the lock rejects the command — even if the frame looks correct on the wire.

Key in Secure Element

Session keys and pairing certificates live in a dedicated Secure Element (CC EAL5+). They cannot be read through the debug interface, by physical disassembly, or via side-channel attacks.

Replay protection

Every frame carries a 96-bit nonce and a message counter. Replaying an old "open" command is detected instantly and logged as an attack attempt.

Tamper-evident log

Every operation — unlock, rejected attempt, integrity failure — is written to a signed log. The log cannot be erased selectively; any tampering is immediately visible in the audit.

CAN, Ethernet, RS-485 — one module.

Perrugi Brain plugs into places a typical lock cannot reach: large facility deployments, hotels, office buildings, industrial plants. Three buses in one module — pick the one that matches your wiring plan.

CAN 2.0B up to 1 Mb/s

CAN bus with priority arbitration. Dozens of locks on a single bus, deterministic response time, immunity to noise in industrial environments.

Industrial Ethernet 100/1000

RJ-45 with galvanic isolation and PoE-in (802.3af/at). Power and data on a single cable — ideal for hotel and office deployments.

RS-485 as a fallback

Half-duplex RS-485 up to 500 kb/s as an emergency channel. Drop-in compatibility with existing access control systems — no rewiring.

Architecture of the signed frame.

The keypad does not talk to the lock directly. Perrugi Brain sits between them — a gateway that translates user intent into a signed, encrypted command. The lock opens only when the frame is fresh, signed, and correctly encrypted.

  • Pairing with the keypad via X.509 certificates
  • ECDH session key exchange on every boot
  • Rolling 96-bit nonce and message counter
  • HMAC-SHA256 as the integrity tag
  • Encryption operation under 8 ms

For access control system integrators.

Perrugi Brain is a module that adds a cryptographic layer to your existing access control system — no need to replace locks, redo wiring, or deploy a new app. The board sits "in between" and no one but you needs to know it is there.

Easy retrofit

Standard industrial and hotel lock connectors. Fits in an existing back-box — no drilling, no rewiring.

Custom cryptography

Your own root certificates, your own PKI, your own key rotation rules. Enterprise customers keep full control over trust.

Engineering support

An integration engineer assigned to your project. Mounting diagrams, protocol documentation, evaluation samples.

Enterprise programme

Partner pricing for integrators, SLA for technical support, dedicated extended warranty terms.

API and SDK

REST API for key management, SDK in C/C++ and Python, integrations with Active Directory, LDAP and SIEM systems.

Security certifications

Compliant with ISO/IEC 27001, NIST SP 800-57 and GDPR requirements for access logs. Audit documentation available on request.

Full technical specification.

All material parameters of the module — from cryptography and buses to power and certifications. Complete technical documentation available on request for integration partners.

Board dimensions
85 × 55 × 14 mm (euroboard form factor)
Microcontroller
ARM Cortex-M33 · 200 MHz · TrustZone
Cryptography
AES-256-GCM · ECDH P-256 · HMAC-SHA256 · Secure Element CC EAL5+
CAN bus
CAN 2.0B · up to 1 Mb/s · priority arbitration · galvanic isolation
Ethernet
100/1000 Base-T · RJ-45 · PoE-in 802.3af/at · 1500 V isolation
Fallback bus
RS-485 half-duplex · up to 500 kb/s · screw terminal
Power
12–48 V DC · PoE 802.3af/at · up to 4 W draw
Additional I/O
2× binary input · 1× relay output · 1× UART debug
Operating temperature
–40 °C to +85 °C (industrial range)
Protection
Conformal coating · tamper sensor · ESD ±15 kV
Mounting
DIN rail · installation box · OEM enclosure
Certifications
CE · RoHS · FCC · ISO/IEC 27001 (process) · CC EAL4+ in preparation
Warranty
Thirty-six months on the enterprise programme
Support
Dedicated integration engineer · four-hour response SLA

Secure the lock bus across your facility.

Perrugi Brain is a module for hotels, office buildings, manufacturing plants, and any deployment where access control is a critical security layer. Write to us — we will prepare a pilot offer and an implementation quote.

Get in touch [email protected]

Address

Bielsko-Biała, Poland

Response time

Within a day