Web Services for Network Security Appliance
S2 Security Corporation of Wellesley, MA, was founded by John L. Moss, former CEO and founder of Software House (now a unit of Tyco International), to develop network-ready products that integrate access control, alarm monitoring, video and temperature monitoring. The company’s first product, the S2 NetBox, is a network appliance that implements a complete, integrated, solid-state security management system that is operated securely from a Web browser. There is no front-end software to install.
In March of this year S2 announced the availability of a Web services-based application program interface for the NetBox. The Web services approach reduces initial integration costs and eliminates the kind of maintenance headaches that previous types of integrations could be subject to.
Building Automation Perspective
Applying the concept of moving intelligence out to the network edge (a concept which inspired the company’s name), NovusEdge provides the EdgeProtect product line for physical access control and asset protection monitoring through modular, scalable, intelligent IP-enabled network-edge solutions. Intending to allow building controls integrators to leverage their existing knowledge, NovusEdge provides a standards-based architecture that supports OPC (OLE for Process Control), BACnet over IP, LonTalk and Modbus protocols for integration with building automation systems. A single EdgeController device can provide all access control, alarm monitoring and video monitoring and recording functionality, but is first (and cost-affordably) configured to meet initial requirements, retaining the capability for easy expansion later if needed.
For maximum compatibility with corporate networks and high acceptability to IT departments, NovusEdge products use the following protocols for network communications: IP, TCP/IP, VOP/IP, IUDP, ICMP, IGMP, SMTP, ARP, FTP, and PPP. The NovusEdge access control software suite works with any server platform supporting Java 2—including Microsoft Windows, UNIX, Red Hat Linux, IBM AIX, and Sun Solaris. This breadth of operating system support provides maximum compatibility with customer IT department preferences.
IT Company Revolutionizes Physical Security
CoreStreet Ltd. of Cambridge, MA, uses established IT security technologies (PKI-based digital signatures and messaging that follow related IT standards) in a unique patented architecture for smart card-based access control systems. The benefits derive from using the cardholders as the network and using access control smart cards to carry system messages.
With the CoreStreet technology, a small percentage of strategically located readers are network-connected to the access control system front end. The remaining readers require no network connection because they are card-connected. Access cards carry messages from the card-connected readers (such as “access granted” or “access denied”) to the networked readers, which send them back to the access control system’s database.
Networked readers in turn pass along a revocation list via cards to the card-connected readers. The information on each card expires at a predetermined interval (usually daily), so any revocation list will be small because it only needs to cover the current day’s revocations. Network-connected readers are used to refresh the card information and are located so that the normal flow of traffic accomplishes the daily card refreshes.
What makes this approach possible is the simple but ingenious combination of secure messaging via cards, role-based access control (borrowed from the IT world), and rule-based access decisions by readers—all of which eliminate cardholder database lookups. The CoreStreet technology places access rules in the readers that specify which roles (such as Salesperson, Cleaner, or Shipping Clerk) have access at what times.
Using standards-based information security, proof of a cardholder’s roles is written to the access control smart card. The reader makes the access decision based upon a match-up of roles and rules when the card is presented. No access control panel or network connection is needed, because no database lookup is required (and door control hardware comes with the readers).
Eliminating the database lookup means that an unlimited number of simultaneous access decisions can be made by an unlimited number of readers. Thus a CoreStreet-enabled system can scale up to 1 million readers and 10 million cardholders, with central management of all access points, whether or not their readers are on the network.