Coming into ISC West, many in the industry had expected a renewed push toward use of mobile credentials (contained on smartphones, for example) instead of cards for access control. HID Global didn’t disappoint. A highlight of the second day of the show was a press conference in which HID Global announced new elements of its initiative to lead the industry into use of mobile credentials.

Uses Of Smart Phone Credentials For Identity Management

HID already provides SEOS mobile credentials, and the company foresees continuing movement into areas such as use of smart phones to store secure citizen IDs, cloud-based user authentication, and involvement in the coming Internet of Things (IoT). HID wants to lead the next phase of the mobility journey, while educating the market on the convenience and value of mobile credentialing.

Key to the success of mobile credentials is to balance the need for convenience and the need for security, and to provide a smooth upgrade path. The company wants to build on innovation, to expand applications and use cases for mobile, to leverage and expand partnerships, and to develop and implement a solution with connected products and complemented by services. In short, they seek to deliver end-to-end trust.

HID Mobile Access Solution

The HID Mobile Access Solution provides security with the convenience of using a smartphone as an access credential, with cloud-based management services powered by SEOS.  Announced at the press conference were support for Android Wear and Apple Watch devices, and software development kits (SDKs) for third party integration. Also announced was a new strategic partnership between HID Global and NXP’s SmartMX-based secure element devices. Through the collaboration, NXP and HID Global aim to enable the use of wearable devices to open electronic locks at commercial buildings, hotels and workplaces in the future. Additionally, NXP and HID Global are cooperating on a broad range of opportunities to expand the adoption of secure access to more applications and use cases.

HID’s goID platform enables secure IDs to be loaded directly over-the-air onto a smartphone. Government IDs around the world will be transitioning to smart phones in some cases.

Mobile Security System Management And Data Access

There are other roles for smartphones highlighted at ISC West, too. More and more manufacturers are introducing mobile apps that provide end users access to the data from their various systems - whether video, access control, intrusion or whatever - using a smartphone.

For example, access control company Galaxy Control introduced two apps at ISC West, each available for Apple iOS or Android formats. One app, called PersonPoint, allows authorized users to activate and de-activate cardholders remotely, with the added benefit of viewing e-mail activity reports. DoorPoint is the other app, which allows users to remotely lock, unlock and pulse doors, view door status and view activity report data. In an emergency situation, the app also allows security personnel to activate and reset crisis modes if necessary and to view current crisis mode status.

Hands-Free Identification

Galaxy Control also announced a new integration with SRI Identity; an iris recognition biometrics provides dependable, hands-free and touchless identification at a low price point. The biometric system interfaces with Galaxy like any other reader, while providing higher security.

SRI Identity’s IOM (Identity on the Move) Access Control Tablet is a viable option to replace card readers in new or existing access systems, and provides advantages over traditional readers.

Arecont Vision announced its MegaVideo Flex tethered camera line at ISC West
Arecont Vision announced it MegaVideo Flex tethered camera line, providing
a variety of resolution options, including 1.2MP, 1080p, 3MP, or 5MP

Growing Popularity Of Analog HD

There was video to see on the second day of the show, too, and not all of it was IP. More cameras with analog HD are now being used, and, as of ISC West, the various analog HD (1080p) formats - AHD, HD-CVI, HD-TVI  - can now be combined into a single system.

Advantages of analog HD include lower costs, no compression or latency and the ability to use existing infrastructures of coax cabling - just replace the cameras and the DVRs. The technology is already popular around the world, and manufacturers expect it to increase in the United States.

Korean company Nextchip is at ISC West to help spread the word about AHD and to educate the market on the technology’s capabilities. Nextchip has been coming to ISC for eight years; they make the chips that go into cameras that use AHD technology - they say it is the defacto standard based on their having the largest market share. Nextchip sells to various camera manufacturers; a combination image processor and transmission chip inside the camera interfaces of a matching receiver chip installed in an analog HD DVR. More than 60 percent of the company’s business is in China - they have a branch in Shenzhen. The overall message: IP video may be popular, but there are alternatives (including AHD) that might be ideal for some systems.

On the IP video side, Arecont Vision announced its MegaVideo Flex tethered camera line, providing a variety of resolution options, including 1.2MP, 1080p, 3MP, or 5MP. The H.264 remote focus true day/night indoor/outdoor cameras consist of a low-profile camera sensor attached to the main unit using a USB cable up to 40 feet long. There are also optional IR LEDs available for night viewing. Applications include ATMs; there are many new uses for the versatile cameras.

IDIS’s Proactive Exhibiting Approach To ISC West

Booth traffic held up well on the second day of the show, but at least one exhibitor vowed not to depend on the show being busy in order for his booth to be busy. Keith Drummond, Senior Director of Sales of IP video manufacturer IDIS, says his sales team focused on setting up appointments, including some with end users, in advance of the show. The result is that the IDIS booth had more traffic on the first day of the show this year than for the entire show last year; and the second day appeared to be about 50 percent higher than that, Drummond commented.

Since IDIS’ Direct IP technology was introduced to the U.S. market a year ago, the company has made a lot of progress - there are now repeat customers (in addition to future customers). IDIS facilitated introductions between their dealer channel and end users at their booth during ISC West.

IDIS has implemented H.265 throughout its systems; they’re ahead of the curve compared to the rest of the industry that has not embraced the new standard as fast.  “End-to-end can embrace technology and get it to market faster, and less costly,” says Drummond. Components “know” each other, and performance and functionality are native throughout, which reduces the burden on integrators.

IDIS also has a new 64-channel NVR, and is featuring new pan-tilt-zoom capabilities called “rubber band control” and “slingshot control.” With the former, left-clicking on a mouse makes it easy to follow a target, accurately and rapidly, with the target remaining centered in the frame. The “slingshot” control involves clicking and magnifying a spot on a video screen to automatically direct the PTZ to view that location. In general, the features provide smoother and more effective control of PTZs.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

What Is The Impact Of Remote Working On Security?
What Is The Impact Of Remote Working On Security?

During the coronavirus lockdown, employees worked from home in record numbers. But the growing trend came with a new set of security challenges. We asked this week’s Expert Panel Roundtable: What is the impact of the transition to remote working/home offices on the security market?

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

How Have Security Solutions Failed Our Schools?
How Have Security Solutions Failed Our Schools?

School shootings are a high-profile reminder of the need for the highest levels of security at our schools and education facilities. Increasingly, a remedy to boost the security at schools is to use more technology. However, no technology is a panacea, and ongoing violence and other threats at our schools suggest some level of failure. We asked this week’s Expert Panel Roundtable: How have security solutions failed our schools and what is the solution?