Grab your iPhone, kick your robot into the start position and answer that video alarm indicating suspicious behavior – or is it a dirty bomb? – at the Starbucks on Market Street.
It’s Security Magazine’s second annual look at innovations and technologies that will impact security. This year, the editors and an outside research firm contacted 100 chief security officers, systems integrators and solution providers at large enterprises.
Some of the ideas they identified have been rolling around the computer or communications industries for a while but are now seeping into security. Others are intrinsic. Others still, like the over hyped iPhone, come out of left field.
Readers are encouraged to e-mail the editor firstname.lastname@example.org any nominations for innovations and technologies that now or will soon impact security.
ACCESS CONTROLApplication Service Providers or ASPs
Abbreviated as ASP, a third-party entity that manages and distributes software-based services and solutions to customers across a wide area network from a central data center. In essence, ASPs are a way for companies to outsource some or almost all aspects of their information technology needs. They may be commercial ventures that cater to customers, or not-for-profit or government organizations, providing service and support to end-users.
According to ASPnews.com, ASPs are broken down into five sub-categories:
- Enterprise ASPs – deliver high-end business applications.
- Local/regional ASPs – supply wide variety of application services for smaller businesses in a local area.
- Specialist ASPs – provide applications for a specific need, such as Web site services or human resources.
- Vertical market ASPs – provide support to a specific industry, such as healthcare.
- Volume business ASPs – supply general small/medium-sized businesses with prepackaged application services in volume.
ASP innovations call for partnerships. One example, AMAG Technology has formed a strategic partnership to provide an enterprise Web-based ASP integrated security and building management solution. AMAG’s technology is deeply integrated with Touchcom’s OneFacility, a unique ASP Web site for security and building management applications.
Among its 27 applications, OneFacility integrates access control, intrusion detection, turnstiles access, elevator access, photo identification, electronic directories, visitor management, vendor management, work orders, preventive maintenance, freight and certificate of insurance management, tenant communication, security force programs and fire/life safety functions. OneFacility allows each building tenant company to manage its own employee database, empowering each company to directly administer and report on its company’s activity. Building owners/managers establish each tenant company’s security parameters and OneFacility ensures that security parameters are not exceeded.
The AMAG Symmetry/OneFacility security system is installed on-site and communicates directly with the Web site. This solution’s architecture provides for redundant, off-site storage of the security database and all event logs which is critical for business continuity planning. Users always have the most current version of the software protecting their property.
The ability of a system to respond gracefully to an unexpected hardware or software failure. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault-tolerant computer systems mirror all operations – that is, every operation is performed on two or more duplicate systems, so if one fails the other can take over.
A constant in traditional information technology, fault tolerance has come to the security industry.
Introduced at the Las Vegas International Security Conference, PCSC more recently showed its rack-mountable version of the fault tolerant controller. IT friendly, it is available with standard 19 inch rack rails, allowing for secure applications within locked and/or ventilated cabinets. Access and maintenance to the FT controller by IT and security professionals is an easy task as the unit is treated like any other piece of hardware among the server array. Optional dual vacuum fluorescent displays allow for quick status indication and higher visibility when placed within glass door cabinets.
Introduced earlier this year, PCSC’s next generation of access controllers is revolutionary, according to the vendor. It offers the security industry’s first high availability access control system with redundant host, controllers and communication. The peer-to-peer network of master controllers and door interface modules provides for a level of reliability which is required for today’s security environment but has, until now, been unavailable. The FT architecture provides full security during primary communications failure or hardware failure. An automatic self-healing process, real-time dynamic network architecture or RDNA, which during a failure, the system will automatically reconfigure its network and continue to process access decisions, alarm and other transactional information to and from the host system.
HSPD-12, FIPS 201, TWICHomeland Security Presidential Directive 12 policy directs a common identification standard for federal employees and contractors.
Wide variations in the quality and security of forms of identification used to gain access to secure federal and other facilities where there is potential for terrorist attacks need to be eliminated. Therefore, it is the policy of the United States to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors (including contractor employees).
Secure and reliable forms of identification for purposes of HSPS-12 means identification that is issued based on sound criteria for verifying an individual employee’s identity; is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; can be rapidly authenticated electronically and is issued only by providers whose reliability has been established by an official accreditation process. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application.
In response to HSPD 12, the NIST Computer Security Division initiated a program for improving the identification and authentication of federal employees and contractors for access to federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification (PIV) of Federal Employees and Contractors, incorporates three technical publications specifying several aspects of the required administrative procedures and technical specifications that may change as the standard is implemented and used. “Interfaces for Personal Identity Verification” specifies the interface and data elements of the PIV card; “Biometric Data Specification for Personal Identity Verification” specifies the technical acquisition and formatting requirements for biometric data of the PIV system; and “Cryptographic Algorithms and Key Sizes for Personal Identity Verification” specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.
The Transportation Worker Identification Credential (TWIC) program is a Transportation Security Administration and U.S. Coast Guard initiative. The TWIC program provides a tamper-resistant biometric credential to maritime workers requiring unescorted access to secure areas of port facilities, outer continental shelf facilities, and vessels regulated under the Maritime Transportation Security Act, or MTSA, and all U.S. Coast Guard credentialed merchant mariners. An estimated 750,000 individuals will require TWICs. To obtain a TWIC, an individual must provide biographic and biometric information such as fingerprints, sit for a digital photograph and successfully pass a security threat assessment conducted by TSA.
A smart card, chip card or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting.
Contact smart cards have a small gold chip about 1cm by 1cm on the front. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.
Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer, a point of sale terminal or a mobile telephone.
Since the chips in the financial cards are the same as those used for mobile phone Subscriber Identity Module (SIM) cards, just programmed differently and embedded in a different shaped piece of PVC, the chip manufacturers are building to the more demanding GSM/3G standards. This is allowing financial card terminals to become smaller and cheaper, and moves are afoot to equip every home PC with a card reader and software to make Internet shopping more secure.
A second type is the contactless smart card, in which the chip communicates with the card reader through RFID induction technology (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet.
Most advanced smart cards are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board.
Such smart cards are mainly used for digital signature and secure identification.
Smart doors are based on a controller area network or CAN data communication network, a standard used for many years in the car industry. It enables connected devices to exchange and share encrypted information. Every device (e.g. electric strike, proximity reader, door automatics, etc.) is connected through a 4-wire cable; Two wires for power and two for data communication.
IN USE: Plug-and-Play
The concept’s foundation is an information data bus, connecting all the door devices to each other instead of a central door controller. The intelligence is built into each and every device instead of centralized in one dedicated logic unit. ASSA-ABLOY's Hi-O is a Plug-and-Play system, meaning that a device will work with its basic configuration as soon as it gets connected – just as when a USB-memory stick is plugged into a computer. The communication between the devices is encrypted in order to prevent intrusion.
Broadband refers to telecommunication that provides multiple channels of data over a single communications medium, typically using some form of frequency or wave division multiplexing.
Extendable Markup Language (XML)
XML is not a replacement for HTML.XML and HTML were designed with different goals: XML was designed to describe data and to focus on what data is. HTML was designed to display data and to focus on how data looks. XML was not designed to do anything. XML was created to structure, store and to send information – used to allow for the easy interchange of documents on the Web.
IN USE: Transfer Among Diverse Systems
Service Oriented Security Infrastructure (SOSI) from Brivo enables transfer of information between very diverse systems using an XML API to exchange data in the XML standard so both systems can “understand” one another.
This can include a classic example of a human resources system such as PeopleSoft passing information to the access control system. New employees are automatically assigned proper credentials, and terminated employees have theirs automatically revoked.
Integrating Web applications opens the door to new services, such as combining online hotel reservations with access control, so a guest arriving after hours can be assigned a PIN code to enter after the front desk is closed for the night.
Finally, the ability to integrate disparate services, such as ID management, becomes a reality, enabling customers to build the exact system they need without creating it from scratch. The cost savings are great, and the capabilities are limited only by the customer’s desires.
In one example, a resort property has a parking problem. With limited spaces and agents throughout the country making reservations, guests often arrive to find no available spots. Credentials are in the form of a card that allows access to the lot at any time, even after the guest’s stay is over, meaning that former guests have access to the lot—and new guests drive in circles looking for a space.
A creative XML solution solves several problems. Agents, regardless of their location, can now book parking spots along with accommodation reservations. With such integration, the limited number of spots can no longer be overbooked. And the crucial piece for this project—no longer do credentials remain valid forever. Instead, a valid credential exists only as long as the accommodation is booked. Once a guest checks out, even if they keep their card, it will no longer allow them to enter the garage.
In this way, parking is controlled to provide convenience to current guests, but it also opens up an additional revenue stream. By being able to guarantee a place for the guest’s entire stay, the resort can charge for the spot.
In a real estate example, there are kiosks located in shopping malls that allow prospective buyers to register to visit properties offered by the real estate company. Without being linked to a system, the kiosks’ information must be manually retrieved and there is no tracking of actual visits, no way to know who is visiting, and therefore no follow-ups. There is also a need for a way to get valid credentials to visitors—either an agent must meet the visitor, or the property would have to be left open.
The XML interface links the kiosks to the access control system and in turn to the individual properties. Wireless control panels at each property avoid the need for special wiring. The visitors are able to register at the kiosks and immediately receive a Personal Identification Number (PIN) that will grant them access to the property. The PINs can be valid only during certain times, to avoid multiple visits and sharing of credentials with nonregistered visitors.
A networking standard that supports data transfer rates up to 100 Mbps (100 megabits per second). 100BASE-T is based on the older Ethernet standard. Because it is 10 times faster than Ethernet, it is often referred to as Fast Ethernet.
Global Positioning System (GPS)
When people talk about “a GPS,” they usually mean a GPS receiver. The Global Positioning System is actually a constellation of 27 Earth-orbiting satellites (24 in operation and three extras in case one fails). The U.S. military developed and implemented this satellite network as a military navigation system, but soon opened it up to everybody else.
Each of these 3,000- to 4,000-pound solar-powered satellites circles the globe at about 12,000 miles (19,300 km), making two complete rotations every day. The orbits are arranged so that at any time, anywhere on Earth, there are at least four satellites “visible” in the sky.
A GPS receiver’s job is to locate four or more of these satellites, figure out the distance to each, and use this information to deduce its own location. This operation is based on a simple mathematical principle called trilateration.
A mass notification system enables one person, with just one call, to communicate with ten or tens of thousands of people anywhere, anytime and on any device — including phone (landline, mobile and satellite), fax, computer, PDA and pager — using voice and text communications (such as e-mail, SMS and Instant Messenger). The mass notification system will continue to cycle through each and every communication device available until the message is delivered and confirmed by the recipient.
Mesh networking is a way to route data, voice and instructions between nodes. It allows for continuous connections and reconfiguration around broken or blocked paths by “hopping” from node to node until the destination is reached. A mesh network whose nodes are all connected to each other is a fully connected network.
Mesh networks differ from other networks in that the component parts can all connect to each other via multiple hops, and they generally are not mobile. Mesh networks can be seen as one type of ad hoc network. Mobile ad-hoc networking (MANet), and mesh networking are therefore closely related, but mobile ad hoc networks also have to deal with the problems introduced by the mobility of the nodes.
Mesh networks are self-healing: The network can still operate even when a node breaks down or a connection goes bad. As a result, a very reliable network is formed. This concept is applicable to wireless networks, wired networks and software interaction.
Power-over-Ethernet or PoE
Power over Ethernet or PoE technology describes a system to transmit electrical power, along with data, to remote devices over standard twisted-pair cable in an Ethernet network. This technology is useful for powering IP telephones, wireless LAN access points, Web cams, Ethernet hubs, embedded computers and other appliances where it would be inconvenient, expensive (mains wiring must often be done by qualified and/or licensed electricians for legal or insurance reasons) or infeasible to supply power separately. The technology is somewhat comparable to POTS telephones, which also receive power and data (although analog) through the same cable. It works with an unmodified Ethernet cabling infrastructure.
There are several general terms used to describe this feature. The terms Power over Ethernet (PoE), Power over LAN (PoL) and Inline Power are synonymous terms used to describe the powering of attached devices via Ethernet ports.
IN USE: PoE at Choctaw Nation
“Choctaw Nation is experiencing a high level of growth that demands the kind of sophisticated surveillance technology that network cameras provide,” said Dan Breshears, executive director of Tribal Police Security and Surveillance for Choctaw Nation of Oklahoma. “A network-based system enabled our team to take advantage of Power over Ethernet, eliminating the need for power outlets at camera locations further increasing the constant and ongoing use of the system.”
Axis Communications is handling the gear in the three casinos owned by the Choctaw Nation of Oklahoma. The network cameras will be used in conjunction with the Universal Video Management System (UVMS) solution from Petards, Inc., a developer of advanced video surveillance systems and one of the leading security suppliers to the Choctaw Nation.
Network cameras were installed in the Durant, Broken Bow and Pocola casino locations to monitor gaming floors, high-stakes poker tables and slot machines. The Choctaw Nation selected a network-based solution because it wanted to implement a more advanced surveillance system that could handle the increased foot traffic in existing and new casinos, and because the network cameras were easy to install and maintain.
Crowds, noise and variations in lighting typically found in casino settings often compromise the ability to secure video that is clear enough to identify thieves and be used as evidence in a court of law. The Choctaw Nation selected cameras for advanced image processing that enables it to deliver crisp images in low lighting conditions.
Wireless Mesh Networking
Same as mesh networking but totally or partially wireless.
COMPUTERApplication Program Interface (API)
It’s been around for many years. Application program interface is really a set of routines, protocols and tools for building software applications. A good API makes it easier to develop a program by providing all the building blocks. A programmer puts the blocks together.
Most operating environments, such as MS-Windows, provide an API so that programmers can write applications consistent with the operating environment. Although APIs are designed for programmers, they are ultimately good for users because they guarantee that all programs using a common API will have similar interfaces. This makes it easier for users to learn new programs.
Generally, data mining (sometimes called data or knowledge discovery) is the process of analyzing data from different perspectives and summarizing it into useful information - information that can be used to secure assets, increase revenue, cuts costs or all three. Data mining software is one of a number of tools for analyzing data from many different dimensions or angles, categorize it and summarize the relationships identified.
Technically, data mining is the process of finding correlations or patterns among dozens of fields in large relational databases. Although data mining is a relatively new term, the technology is not. Companies have used powerful computers to sift through volumes of supermarket scanner data and analyze market research reports for years. However, continuous innovations in computer processing power, disk storage and statistical software are dramatically increasing the accuracy of analysis while driving down the cost.
For example, one Midwest grocery chain used the data mining capacity of Oracle software to analyze local buying patterns. They discovered that when men bought diapers on Thursdays and Saturdays, they also tended to buy beer. Further analysis showed that these shoppers typically did their weekly grocery shopping on Saturdays. On Thursdays, however, they only bought a few items. The retailer concluded that they purchased the beer to have it available for the upcoming weekend. The grocery chain could use this newly discovered information in various ways.
In security operations, data mining can reach helpful conclusions on shoplifting or the driving patterns, hours and accident rate in a corporate parking lot. Data mining could also leverage security systems so that the data collected would apply to business needs.
The simplest definition of metadata is that it is data about data - more specifically information (data) about a particular content (data).
An item of metadata may describe an individual datum (content item) or a collection of data (content items). Metadata is used to facilitate the understanding, use and management of data. The metadata required for this will vary with the type of data and context of use. So, in the context of a library, where the data is the content of the titles stocked, metadata about a title might typically include a description of the content, the author, the publication date and the physical location. In the context of a camera, where the data is the photographic image, metadata might typically include the date the photograph was taken and details of the camera settings. In the context of an information system, where the data is the content of the computer files, metadata about an individual data item might typically include the name of the field and its length.
MPEG-7 is an ISO/IEC standard developed by MPEG (Moving Picture Experts Group), the committee that also developed the Emmy Award winning standards known as MPEG-1 and MPEG-2, and the MPEG-4 standard. MPEG-1 and MPEG-2 standards made interactive video on CD-ROM and digital television possible. MPEG-4 is the multimedia standard for the fixed and mobile Web-enabling integration of multiple paradigms.
MPEG-7, formally named “Multimedia Content Description Interface,” is a standard for describing the multimedia content data that supports some degree of interpretation of the information meaning, which can be passed onto, or accessed by, a device or a computer code. MPEG-7 is not aimed at any one application in particular; rather, the elements that MPEG-7 standardizes support as broad a range of applications as possible.
The Microsoft .NET Framework is a software component that can be added to or is included with the Microsoft Windows operating system. It provides a large body of pre-coded solutions to common program requirements, and manages the execution of programs written specifically for the framework. The .NET Framework is a key Microsoft offering, and is intended to be used by most new applications created for the Windows platform.
The pre-coded solutions that form the framework’s class library cover a large range of programming needs in areas including: user interface, data access, database connectivity, cryptography, Web application development, numeric algorithms and network communications. The functions of the class library are used by programmers who combine them with their own code to produce applications.
Programs written for the .NET Framework execute in a software environment that manages the program’s runtime requirements. This runtime environment, which is also a part of the .NET Framework, is known as the Common Language Runtime (CLR). The CLR provides the appearance of an application virtual machine, so that programmers need not consider the capabilities of the specific CPU that will execute the program. The CLR also provides other important services such as security mechanisms, memory management, and exception handling.
Video Servers and Server Farms
A video server digitizes analog video signals and sends digital images directly over an IP network, such as a LAN, intranet or Internet. It essentially turns an analog video system into a network video system and enables users to view live images using a Web browser or a video management software on any local or remote computer on a network. It allows authorized viewers from different locations to simultaneously access images from the same analog camera, as well as network cameras if they are added to the system.
An IP-based surveillance system will give you the ability to secure people and property, or monitor equipment and facilities, remotely from anywhere there is a networked computer. In addition, by utilizing the serial ports of a video server, you can remotely control existing equipment such as pan/tilt/zoom devices or video recorders. A video server can be connected to a wide variety of specialized cameras.
There can be in-house or third party video server farms which are essentially s collection of servers for larger installation or multiple clients.
IDENTIFICATIONExplosives, Weapons and Contraband (EWC) Detection
Metal detectors have formed the backbone of the people screening market since the seventies but are somewhat limited in their detection capability and are increasingly being complemented by newer technologies with broader sensory capability. The increasing number of incidents involving improvised explosive devices has driven demand for technologies such as explosives trace detection (ETD), backscatter x-ray and millimeter wave imaging to ensure that the highest level of security at our airports and other vulnerable sites is maintained.
ETD portals allow for the detection of a whole range of contraband and are not just exclusive to explosives. Backscatter x-ray machines negate the need for pat-downs or strip searches by providing an onscreen image of the body, identifying the size and location of objects nestled beneath clothing. One of the promised benefits of millimeter wave technology is its ability to scan from distance making it particularly attractive in areas where human traffic is a problem for traditional screening methods.
Market research analyst at IMS Research, James McManus commented, “There has been a lot of investment into the development of new people screening technology and there is currently a wide array of competing technologies. Despite some early teething problems, many of these technologies are being successfully installed. The challenge has been to keep false alarm rates to a minimum whilst maintaining normal throughput. Developers have also had to strike a balance between effective screening and the issue of privacy and public acceptance, which they are now starting to achieve.”
Radio Frequency Identification (RFID)
Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is an object that can be stuck on or incorporated into a product, animal or person for the purpose of identification using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader.
Most RFID tags contain at least two parts. One is an integrated circuit for storing and processing information, modulating and demodulating a (RF) signal and perhaps other specialized functions. The second is an antenna for receiving and transmitting the signal. A technology called chipless RFID allows for discrete identification of tags without an integrated circuit, thereby allowing tags to be printed directly onto assets at lower cost than traditional tags.
Today, a significant thrust in RFID use is in enterprise supply chain management, improving the efficiency of inventory tracking and management. However, a threat is looming that the current growth and adoption in enterprise supply chain market will not be sustainable. A fair cost-sharing mechanism, rational motives and justified returns from RFID technology investments are the key ingredients to achieve long-term and sustainable RFID technology adoption.
Single Sign-on and Enterprise-wide Single Sign-on
Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. It is a means of convergence. The process authenticates the user for all the applications he or she has been given rights to and eliminates further prompts when they switch applications during a particular session.
In e-commerce, single sign-on is designed to centralize consumer financial information on one server, not only for the consumer’s convenience but also to offer increased security by limiting the number of times credit card numbers or other sensitive information must be entered. Microsoft’s “Passport” single sign-on service is an example of a growing trend towards the use of Web-based single sign-ons that allow users to register financial information once and shop at multiple Web sites.
For enterprise use, single sign-on can handle both physical and logical security.
IN USE: Healthcare Sign-in
For Chuck Christian of Indiana-based Good Samaritan Hospital, one of his biggest business challenges was to “provide secure access to the clinical information, while verifying the identity of the individual accessing the information without making it overly difficult or complex.”
Good Samaritan is a values-driven regional hospital that provides quality care in a patient-centered atmosphere to communities of Knox and surrounding counties.
Christian’s strategies are complex. “You need to be aware and educated on what is considered prudent practices, understand the business of healthcare, while focused on the importance of the information that has been entrusted to your care.”
There are also rules and regulations to follow.
He believes that intrusion detection and prevention are always at the top of the list. This means “expanding upon our single sign-on (SSO) platform to include additional layers and methods of authentications, with the potential of integrating physical building access and security into the process. We continue to work to mitigate the risk of expanding remote access to clinical systems.”
Z Backscatter X-ray
The technology displays both organic and inorganic materials, revealing objects such as guns and knives, explosives, composite weapons, and other hidden threats and contraband. The software provides a sketch outline of the passenger with information for the security operator to identify the nature and location of threats, thus eliminating the need for intrusive and time-consuming pat-down searches. For added privacy, the system is not capable of storing, exporting, printing or transmitting images. All images are automatically deleted from the system immediately after they are reviewed by the operator who is located in a remote, secure area away from the screening process.
IN USE: TSA Goes for SmartCheck Personnel Screening System
The Transportation Security Administration is buying more SmartCheck units from American Science and Engineering, Inc. With a maximum value of $10.8 million, the first phase of the contract has been funded for the lease of five SmartCheck Personnel Screening Systems with an option to purchase. The contract also provides TSA with an option to purchase an additional 75 SmartCheck systems over the next two years. The contract includes warranty service and training.
INTEGRATED SYSTEMSAirline Passenger Scanning – Registered Traveler
Mixing personal scanning, biometrics, background checks and a database, several groups of companies now offer Registered Traveler programs for fast-lane access through airport security.
IN USE – Clear Registered Traveler
“Clear has a reputation for improving the airport experience of travelers,” said Robert Bream, president of North American Card Services for FIS. “With this agreement, we are excited to become the first loyalty rewards program to offer our cardholders this streamlined, customer-friendly airport experience.”
Clear membership enables members to receive expedited processing at airport security checkpoints. Clear lanes are open at JFK Terminals 1, 4 and 7 in New York City and at airports in Cincinnati, San Jose, Indianapolis and Orlando. Clear lanes will open soon at Newark’s Terminal B. Clear has also been chosen by Little Rock and Albany airports, where programs are scheduled to launch soon – giving Clear ten venues at eight airports. In addition, Washington, D.C. (Reagan and Dulles) airports, and San Francisco and Denver International Airports have issued announcements to launch registered traveler programs this fall.
FIS will feature Clear in its ScoreCard loyalty rewards program, which is distributed to millions of cardholders annually. Cardholders will have the opportunity to redeem points for a one-year Clear membership.
FIS, a leading provider of technology and services to financial service industries, is one of the largest and most successful financial services technology companies in the world, supporting the success of more than 7,800 financial institutions in more than 60 countries.
Verified Identity Pass’s Clear Registered Traveler is the largest registered traveler program operating at U.S. airports. A partner is GE Security.
Casino Surveillance – Video, Access, Slots and Alarms
Technology is pushing innovations at casinos as chief security officers seeks integrated security solutions that combine video surveillance with slots, for example.
“The Mashantucket Pequot Tribal Nation has partnered with North American Video to work together to build Foxwoods’ newest state-of-the-art surveillance system,” said Timothy D. Bohr, surveillance director, Mashantucket Pequot Tribal Nation. “North American Video has been part of the Foxwoods family for over 10 years, and I am personally grateful for their expertise in the industry, as well as their first class staff.”
The contract includes the design and implementation of a state-of-the-art digital video surveillance system from American Dynamics integrated with access control, slot data and alarm systems. The new MGM Grand at Foxwoods is scheduled to be completed in the summer of 2008.
The mega-resort and gaming destination, which is the property of the Mashantucket Pequot Tribal Nation, presently boasts the largest casino in the world. The $700 million MGM Grand expansion project will add two million square feet of overall space to the resort, featuring significantly increased hotel, entertainment, restaurants and gaming venues as well as enhanced corporate retreat, meeting and convention resources to the destination.
First Responders’ Shared Communications
Local law enforcement, firefighters, emergency medical technicians and private security officers are gaining from new innovative technology with emphasis on crisis management and more easily shared communications.
Dr. Bruce Gestrin, assistant superintendent of Meridian, Idaho, Joint School District No. 2 had a strong three card hand. “A federal grant, the work of Prepared Response and of course the help and cooperation of all our area’s first responders will take our district to a new level in terms of security and safety in case of an emergency. This has been a great opportunity for our school system.”
Prepared Response has installed the Rapid Responder Crisis Management System to protect 50 school sites in the district. The district received a $355,922 Emergency Response and Crisis Management Grant from the U.S. Department of Education to help improve its campus emergency preparedness and crisis management capability.
The program provides first responders with critical facility data allowing them to respond faster, in a more coordinated manner with other agencies and with enhanced situational awareness to better protect both students and staff. It runs on laptop computers and allows first responders to instantly access more than 300 data points, including tactical plans, floor plans, aerial and geospatial imagery, interior and exterior photos, staging areas, hazardous materials quantities and locations, utility shut-offs, and evacuation routes for virtually any school facility. Local first responders met with school officials and others during orientation meetings in early Spring to collaborate and discuss response plans for the district.
Apple’s first Internet-enabled smartphone. It combines the features of a mobile phone, wireless Internet device, and iPod into one package.
Perhaps the iPhone’s most innovative feature is its 3.5-inch multitouch screen. This screen allows an interface based on touch, rather than a keyboard, mouse, or stylus, and allows items onscreen to be manipulated by two finger touches, rather than just one. The iPhone can also be viewed in landscape or portrait mode, with the screen automatically shifting based on the angle that the phone is held. The iPhone runs a version of Apple’s Mac OS X operating system.
The iPhone – or its upcoming competitors – could act as application launchers for patrolling security officers as well as mobile chief security officers.
IN USE: iPhone Applications
Numerous applications have already been introduced for the iPhone. There is no doubt that smartphones with video will turn into a security tool. The only drawback – cellular infrastructure needs updating.
Intelligence at the Edge
There will be more intelligence and decision-making at the edge of systems – cameras, readers, detectors, sensors. With myriad more data, video and audio information being collected from more points, central monitoring and recording will, some say, be overwhelmed unless some analysis is conducted in edge appliances with less but higher priority traffic sent to video farms.
Port Security – Control, Data, Communications, Detection
Technology creates innovations at ports and cargo protection.
IN USE: A Five Year Plan
The City of Long Beach and the Port of Long Beach are working with Adesta, a systems integrator and project management company for communication networks and electronic security systems, on a three phase project that will bring leading edge technology to enhance port security. Phase 1 will be optimization of the existing system, and recommendations, implementation and commissioning of an integrated system. Phase 2 encompasses development and implementation of a program for the integration of a scalable System Management Software Component, which will have the capability to manage a combination of control, data, communications and detection services/systems. Phase 3 will be development of a program for the implementation of a 5-year integration plan that will be linked to a multiagency/regional communications and data network.
Long Beach is the second busiest seaport in the United States and a major gateway for trade with Asia. The Port has experienced phenomenal trade growth in recent years. Cargo has nearly quadrupled over the past 15 years, and is projected to triple over the upcoming 15 years. Therefore, top security is a dominant issue. Adesta has the superior expertise as a systems integrator, and a vital awareness of the industry to help the Port maintain their current status and improve their future status in the global trade marketplace with long-term security solutions.
SECURITY VIDEOComputer Vision and Object Recognition
Computer vision is the science and technology of machines that see.
As a scientific discipline, computer vision is concerned with the theory and technology for building artificial systems that obtain information from images. The image data can take many forms, such as a video sequence, views from multiple cameras, or multi-dimensional data from a medical scanner.
As a technological discipline, computer vision seeks to apply the theories and models of computer vision to the construction of computer vision systems. Examples of applications of computer vision systems include systems for:
- Controlling processes (e.g. an industrial robot or an autonomous vehicle).
- Detecting events (e.g. for visual surveillance)
- Organizing information (e.g. for indexing databases of images and image sequences),
- Modeling objects or environments (e.g. industrial inspection, medical image analysis or topographical modeling),
- Interaction (e.g. as the input to a device for computer-human interaction).
Sub-domains of computer vision include scene reconstruction, event detection, tracking, object recognition, license plate recognition, indexing, ego-motion and image restoration.
IN USE: License Plate Recognition in Baltimore
For Ken Strong, safety division chief of the Baltimore Department of Transportation, his new, intelligent eyes are seeing and delivering. “Before buying the license plate recognition solution, we would find approximately 250 violators in two weeks. Now, with AutoVu, we are identifying more than 350 violators over the same time period. Over the course of a year, this represents about 1.4 million dollars in additional revenue for the city.”
Genetec is providing Baltimore the mobile license plate recognition solution to track down scofflaws with three or more 30-day overdue parking tickets. In the past, by inefficient means, parking officers had to manually enter each license plate number individually. Now Baltimore parking officers can patrol the city streets and identify violators instantly without leaving their vehicles.
The system also allows parking supervisors to monitor officers’ activity from the back-office. Staff can also perform searches and generate reports using the collected data.
Baltimore currently has four vehicles equipped with the license plate recognition solution and plans to acquire additional systems in the coming year in order to identify parking violators in residential areas.
In addition to finding parking violators, such technology makes it possible to locate stolen vehicles. Vehicles are linked to a national database containing the license plate numbers of reported stolen vehicles. Whenever the system comes across one of these numbers, an alarm is triggered. In March alone, 38 stolen vehicles were identified by the system.
Firmware and Video Analytics
Software (programs or data) that has been written onto read-only memory (ROM). Firmware is a combination of software and hardware. ROMs, PROMs and EPROMs that have data or programs recorded on them are firmware.
IN USE: Firmware Updating
Firmware is the new way to deliver critical features for video content analysis along with other enhancements, including a recording scheduler and encryption. A case in point, Bosch Security’s firmware release 2.5 offers a licensable option to enable intelligent video motion detection to move intelligence to the edge in both IP cameras and IP video encoders.
Added features for the software include object identification by aspect ratio, idle-object and object-removal detection and trajectory mapping for identifying suspicious behavior, such as loitering.
Such new firmware also provides a higher level of security with Secure Socket Layer protocols and 56-bit encryption for Web browsing and for connections to video management systems. The release also provides 802.1x authentication support, enabling the system administrator to authenticate products trying to connect to the network.
Most computer networks today are based on IP, or Internet Protocol, communications. IP video applications make use of the same information technology as do most other network-based applications.
Digital IP video is captured by network connected cameras and is transmitted over wired or wireless LAN, WAN or Internet networks. IP video corporation solutions enable comprehensive video management, including monitoring, recording, playback, and analysis. Use of the standard IP protocol enables video integration with access control, facility management system, or other database applications.
The question that is often asked is; “Why video motion detection should be used in preference to many other technologies?” Digital Video Motion Detection (VMD) is the digitization and analysis of a video picture generated, usually by a security camera. Movement is detected as a change in the video signal in relation to a reference image of a specific location, video scene or part of a video scene. It is actually “Computer Vision” and is used in many scientific and industrial applications as well as security.
VMDs provide instant alarm verification by providing a video picture to security personnel and/or a video recording device, allowing for a quick and appropriate response.
VMDs are not bound to detection in a straight line, as are most other technologies such as IR beam barriers that is used in PIR and microwave motion detectors. A single camera can protect a large area and can be selective in its detection in a given area. With the use of “masking” (selecting only a part or parts of the video scene that the VMD will protect, ignoring activity in the unmasked portions), the VMD can discriminate between multiple zones created on one camera view. Depending on the performance (and cost), the system can be extremely sensitive, down to a single pixel of video.
Open Standards and Architecture – Video
Despite the advent of digital video surveillance, many systems remain proprietary and closed, making it hard to mix and match software applications and devices from different vendors and tap into the full potential of the technology. However, the industry is starting to produce Internet Protocol Video Surveillance (IPVS), software-driven solutions that are based on open standards and architectures. These latest systems tap into the full processing and analytical power of computers, making it possible to interconnect a range of technologies such as biometrics, point-of-sale and access control systems.
The move towards open, software-driven IPVS solutions is part of a transformation that is taking place in the basic building block of video surveillance – the video recorder.
The security industry first developed the digital video recorder (DVR) to overcome limitations of the VCR. However, DVR appliances typically use proprietary software and custom chip sets. Users are often locked into suppliers and manufacturers with proprietary components that can be expensive to repair or replace. Many PC-based DVR systems have similar drawbacks – proprietary hardware makes them costly to maintain and repair.
Because of these limitations, surveillance systems are now increasingly built using network video recorders. NVRs use standard computer components, operating systems and Internet Protocol technology to allow full control and management of IP video surveillance cameras over LAN, WAN and the Internet. The new digital technology has revolutionized the industry by taking the concept of digital video recording and making it a totally open-based network software application.
According to Gadi Piran, president and chief technology officer of On-Net Surveillance Solutions, “open” means easier integration.
An ecosystem has emerged to support the security industry in line with the increasingly open and software-driven nature of IPVS. Vendors of alarm systems, access control systems, biometrics devices, POS systems and video content analytics software are making it possible to access functionality and interconnect components via standards that have long been used in enterprise IT but are relatively new to security.
This allows security consultants and software developers to flexibly interconnect systems. System vendors have developed management software that processes inputs from other security systems and makes it possible to define event alerts. They tap into the processing and visual pattern matching capabilities of computers and help monitor alerts, evaluate threats and intelligently deliver video streams to the right security staff at the right time.
The intelligence built into soft IPVS systems provides for better detection of threats and more flexible delivery of security information. State-of-the-art systems make it possible to define security threat “signatures.” Built-in content analytics monitor the video streams and other inputs and present the images that match the signature and thus indicate the presence of a threat or suspicious behavior.
When combined with intelligent delivery (i.e. the ability to share the right security information with the right people at the right time) these systems generate significant ROI. They make it possible to reduce staff size and overhead because one person can effectively monitor hundreds of cameras.
Taking advantage of existing networking infrastructure to connect the cameras makes it easier to upgrade systems. In the case of software upgrades, this can be done over the network. Also, there is no need to deploy coaxial cabling and point-to-point infrastructure required for analog security video or DVR-based systems
Since these systems intelligently monitor video streams, and can automatically detect threats, fewer people need to stay vigilant to the growing number of video streams. You get increased security because of increased coverage, and significant savings due to reduced operating costs and infrastructure.
3-dimension Motion Detection
Same as motion detection but with the use of more than one camera and usually with processing at a monitoring center or through a digital video recorder or network video recorder.
SIDEBAR: It’s a Matter of TrustThe technologist tasked to create new generation contactless card systems for HID Global commented that, whether it is a piece of plastic or a piece of access code, the aim is to maintain trust throughout a transaction. Dr. Scott Guthery, as HID’s new systems architect, has been an active participant in shaping some of the landmark secure identity technology standards. At the national level, he was the co-author of a standard which defines the U.S government’s Personal Identity Verification (PIV) card. He also led the team that created the first Java Card, and was later the software architect for Windows for Smart Cards.
The focus will “be on a single authentication for every employee,” said Guthery. There are no technological barriers to what some call digital identity or single sign-on. “But there are organizational barriers and complexities on the market side.”
In the mix of innovations and technologies, “You have to know what customers want, let them lead. IP-based access systems; radio frequency-based tech,” added Dr. Tam Hulusi, HID Global’s executive vice president.
In a world where so many enterprises are bit businesses, contended Guthery, safeguarding of those bits is more important and they move through wired and wireless networks on through use of a secure token. Hulusi agreed and pointed out that as we reduce identity to a single management function, privacy is crucial. In some ways, it will turn on how much information people give about themselves.
SIDEBAR: Feel the Change – EverydaySecurity technology is in a state of transition and change. “You can feel it everyday and it makes some people uncomfortable. But I am seeing the reality of convergence now; it’s that IT-centric solution,” commented Mark Nazarenus of Integral Technologies.
On the horizon: The monitoring of security equipment on a day-to-day basis. Simple Network Management Protocol or SNMP is a network management protocol used almost exclusively in TCP/IP networks. It provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance and security.
When it comes to security and IT working together, whether for infrastructure projects or in terms of convergence of physical and logical security, Nazarenus’s view is of positive tension. “We changed direction about twelve to 14 months ago when we went to a .NET environment. Certain things we want to own go to our core technologies; from others we can to integrate into them,” he pointed out.
Innovations will revolve around IT standards and practices.
“Take our relationship with APC-MGE,” he added.
With such products and services, essential IT-based security systems are monitored and better protected by providing real-time monitoring of the health of the security system while increasing equipment lifecycle and lowering total cost of ownership through predictive environmental monitoring of physical conditions that cause failure.
For the Integral executive, innovations and technologies are making a full circle with security, “the managing the information, data management.”
SIDEBAR: Users Group Input Matters“I try to look at everything. If the focus is just on security technology, then I might miss something new or innovative,” contended Mike Regelski, chief technology officer at Lenel Systems International. CTOs such as Regelski have widened the mission beyond traditional security technology and have built bridges to end-users. “Our users group samples the reseller community as well as security directors and IT. All that information helps us create a roadmap, a vision of where we should go.”
Communications and computer technologies are driving a lot of security innovations. “We look at ourselves today as the operating system in security. At our heart we are a software company.”
The Lenel CTO sees the “sweet spots” as architecture and the platform. “What customers want are solutions – video management software, analytics and storage all seamlessly integrated into a solution across the platform.”
Innovations, said Regelski, don’t depend on “pushing out boxes. Hardware is a commodity. Software and the platform” are where future developments will emerge.
Technology turnover is escalating, just as it has in computer and communications businesses. “End-users are reluctant to upgrade often but opportunities, market conditions and technologies change more often,” he added.
SIDEBAR: The Three Faces of ConvergenceConvergence, like the term systems integration before it, begs for one definition but, instead, they are many.
For Brett Bontrager, head of the Stanley Security’s Convergent Solutions group, there are several ways to see what's happening today. “Convergence is the integration of functions. Security systems and IT are sharing infrastructure; there is IP-based sharing; and end-users are demanding access to data from enterprise databases.” Then there is the convergence of physical and logical security.
Among the innovation drivers:
“I think the biggest thing is real-time evaluation of risk so that the enterprise can institute proper measures more quickly.”
He also sees industry consolidation continuing and the larger companies will have more resources, including developers, to bring to market new ideas. “Industry companies fall into three buckets – product makers, national/regional integrators and local integrators.”