The Next Great Phase of Physical Access Control

July 23, 2019
Interoperability forges a critical connection to loT devices and peripherals

Proprietary systems, closed operating platforms and integrations that require extensive software reprogramming or modifications are finally falling out of favor in the physical security industry. A new horizon based on network-connected and IP-based products is in sight, with the promise of leveraging billions of devices soon. The digital transformation is here, and an industry that embraces and plans for seamless connectivity will be well-poised to take advantage of this rapidly changing landscape.

End users are vying for ease of operation and the ability to select and upgrade products without expensive rip-and-replace scenarios, thus forcing siloed systems and proprietary technologies into things of the past. Hardware and software organizations are working together, partnering in technology and implementation. New cybersecurity processes are becoming embedded in security, surveillance and automated processes—from product conception to final commissioning.

Customers want to pick and choose among appropriate technologies—ones that work best for the application and not those simply dictated as a result of the existing infrastructure. They also want to be able to handle every security task they deem critical or essential from their current management system, without costly add-ons.

Today’s end users are also demanding convenience and seamless connectivity from device-to-device. They want to know what the system will do, how much it will cost to operate and how it is suited to technology refresh and upgrade strategies. They are well-versed in their risk management profiles and look to select a holistic solution that meets their current and upcoming objectives.

In physical access control systems (PACS), which have advanced rapidly in areas such as the cloud and integrations for video and intrusion, the next logical step is the ability to support emerging devices and peripherals. Open protocols, standards and industry-accepted conformant products that focus on unbridled interoperability between manufacturers and vendors will be critical as advanced technology, such as analytics and ancillary devices, enter the realm of physical security and access control.

Smart Cities, Buildings and Spaces

According to Statista, a provider of market and consumer data, in 2019, the total installed base of Internet of Things (IoT) connected devices was expected to reach 26 billion; by 2025 the research company projects the number to amount to more than 75 billion worldwide.

Statista defines the loT as a “vast network of smart objects which work together in collecting data and autonomously performing actions.”  This network connects people to everyday things in their lives, whether it’s their home automation system, video cameras or access control notifications. Now and in the future, the term loT will encompass a dizzying array of smart objects working together to gather and analyze data and information—and automatically performing the designated actions. Machine to machine (M2M) technology, as well as deep learning and artificial intelligence will further escalate this trend.

IP physical access control is also seeing increased market interest for innovative new identification technology and door control solutions such as license plate recognition; iris, fingerprint and facial recognition; mobile credentials/wireless locks; door interface units and input/output (I/O) and relay boards that enable and control these and other devices.

It’s in this current environment that PACS now operate—with functions that are core to risk management and mitigation and focusing on interoperability—using open platforms as a building block to ongoing integration. A single, unified vision for access control will be the next logical continuum in the move to smart cities, spaces and buildings, fostered by standards, common interface protocols and open systems.

ONVIF is an organization whose mission is to facilitate the standardization of interfaces that enable interoperability between IP-based physical security products. Application and extension of the ONVIF open platform is the next step in the future of loT functionality as it continues to move in the direction of incorporating ancillary devices, peripherals and exterior technologies from different manufacturers.

The overall mission of ONVIF is to establish a common communication interface for all security devices and clients, across security disciplines, systems and vendors. Standardized interfaces promote and encourage effective interoperability, regardless of brand and with openness to all companies and organizations. ONVIF profiles and conformant products can support one or more of the following Profiles: Profile A for broad access control configuration (credentialing, management); Profile C for basic access control; Profile G for edge storage and retrieval; Profile Q for quick installation; Profile S for streaming video; and Profile T for advanced video streaming.

Currently, ONVIF access control Profile C and Profile A cover an access control unit (ACU) device and an access control management client and allow for the mixing and matching of access control devices and clients within a system. Newer technologies on the periphery require interfaces between these new devices and the ACU or the access control management software, which are not yet covered by existing profiles A, C and S.

The orchestrated and purposeful migration to a new body of work is the cornerstone of the continuing development of IP and network-based systems. This next point of study in PACS from ONVIF would enable additional types of products, such as surveillance cameras, gate controllers and other input systems to do credential identification and interact with various types of management systems from different manufacturers—further driving the adoption of ONVIF interfaces in the PACS and video surveillance space. The new directive will also increase the potential contracting use cases for systems integrators and end-user customers in physical access control through broader solution sets available from manufacturers.

Biometrics/License Plate Recognition

In the example of facial recognition (see Figure 1 below), the example shows an existing video camera with facial recognition capability and a relay output port. The use case is a scenario where an entrance door to a building has a camera that can read facial biometric data and sends the data to a client, possibly unlocking the door if instructed by the client to do so. With the new profile interface, the camera is capable of relaying biometric data to the client where it is authorized. The client then sends back a signal that access is granted or denied.

In the example of license plate recognition technology (LPR) (see Figure 2 below), the LPR subsystem usually includes an auxiliary gate, ground coil and LED display device. The LPR machine is equivalent to the license plate reader. Through the optical character recognition (OCR) function, the vehicle license, brand, color and other attributes are automatically output.

As with the facial recognition example, the interface between the devices and the client does not specifically control the decision. The device simply passes credential information (e.g., card number, license plate number, biometric data, etc.) to a client that can make the access decision.

The interface takes the intelligence from the external device and allows communication of the specific access control device into the system. In the future, it may also be possible for combinations of information, data and decision making from a wide range of devices, not just access control and video.

The widespread and cascading benefits of the ability to integrate new ancillary systems, peripheral devices and remote technologies can have significant impacts throughout the entire security industry.

For users, open devices provide the flexibility to specify optimal products for specific needs without being locked into a certain vendor. Users can integrate control panels and management software from different manufacturers, rather than remain pigeon-holed to a technology or solution. In addition, open systems promote lower total cost of ownership and future proofing, with nearly unlimited choices of hardware and software. An ONVIF conformant video management software, for instance, will allow users to integrate ONVIF conformant devices from different hardware manufacturers. With software that supports both ONVIF and proprietary application programming interfaces (APIs), users can choose to use the ONVIF interfaces for certain functionalities and the proprietary API for other features at the same time. Having ONVIF conformant products is like having an insurance policy that protects the end-user’s technology investment.

For systems integrators and specifiers, ONVIF conformant products provide flexible, cost-effective and future-ready systems. Systems integrators can select products from different interoperable vendors while focusing on seamless integration. This also opens a tremendous opportunity to expand its core business into new competencies by giving customers additional value-add solutions.

For manufacturers and software providers, the benefits include the ability to provide greater product innovation and less time to market, as well as easier market acceptance, access to projects and the ability to forge new technology partnerships. For software developers, implementing ONVIF specifications instead of various brand-specific interfaces to address basic functionalities can free up time to focus on developing innovative solutions.

Cyber Readiness

While ONVIF does not set security policy, many industry-proven cybersecurity measures can be included in the common interface established by ONVIF. Among these are Certificate-Based Client Authentication; Keystores and TLS servers. There are also best practices, such as forcing a default password change or out-of-the-box hardening. ONVIF and other standards groups help ensure and deploy real-time security by including industry-accepted and established cybersecurity measures in profiles and standards.

In addition, the upcoming body of work targets edge devices that do not themselves take the access control decision and therefore do not need to store any sensitive data. The core purpose is to take some credential input, pass it on to an access control unit or management system that evaluates if the credential has the correct permissions and returns the decision to the new device which grants or denies access.

All types of different systems, whether facial recognition, license plate recognition, door stations or other remote devices, can maintain their own communication protocols and manufacturers can integrate conformant products. Ancillary product vendors can grow their products more effectively and access control manufacturers have the ability to control many more devices because they can communicate over a standard protocol.

Smart Spaces

The future is intelligent spaces, with hundreds of different systems, devices, sensors and peripherals working together. Gartner defines smart spaces as physical or digital environments populated by humans and enabled by technology, which are increasingly connected, intelligent and autonomous. Safe/smart city deployments and loT systems are helping to accelerate the acceptance of interoperability over proprietary systems.

Integration is more effective when it creates a holistic ecosystem based on a common technology platform that can easily and securely add new devices and peripherals. ONVIF is continuing to develop its next level of work in this critical area.

In the future, as part of PACS management, we may see dynamic identity that authenticates the person and not just the credential. To enable a single digital identity that is authenticated across logical and physical environments, security organizations need a combination of digital capabilities including facial recognition, video analytics and IoT sensors.

We can speculate about the future, but ONVIF is preparing for it, working to integrate ancillary systems to access control and video surveillance and embracing new remote technologies and the loT.

About the Authors:

Per Björkdahl is the current Chair of the ONVIF Steering Committee and has been since the fall of 2012. Per is involved with ONVIF’s conformance initiatives and represents the member-driven organization as a speaker at trade shows and other technology events and to the media at large. His professional career includes a lifelong commitment to technical convergence with Axis Communications and companies like TAC (now part of Schneider Electric), advocating for the acceptance of communications standards in the building automation industry. Per has worked in the physical security industry for more than 25 years and was an early supporter of IP technology within the industry. Per is currently Axis Communications’ Director of Business Development, a position he has held for more than 16 years. 

Bob Dolan is the Director of Technology for Security Solutions at Anixter. He brings with him over 29 years of sales, management, and technical experience in the physical security industry. After working with end-users and integrators for many years, Bob earned his RCDD (Registered Communication Distribution Designer) certification from BICSI (Building Industry Consulting Standards International) in 2009 and his CPP (Certified Protection Professional) from ASIS in 2012. Bob is also the Vice Chairman of the ONVIF Technical Services Committee.