Mobile Access Trends
Although the wider adoption of 5G, together with faster connection speeds and improved bandwidth, opens up new prospects for telecom service providers, it also poses new risks in terms of network security. This article explains how telcos can make their newly-established 5G networks as well as telecom software solutions more impenetrable and secure. Implement robust device authentication protocols 5G is set to spur a wide-scale adoption of connected devices in the business and consumer spheres. But apart from new revenue opportunities, the influx of IoT devices, designed with limited computational abilities and little to no in-built security, presents a security concern to network operators. This complication, however, was anticipated during 5G development, and the network was supplied with the new authentication framework. Building on 4G’s cryptographic primitives and security characteristics, it allows for non-SIM-based credentials, such as token cards, certificates, and pre-shared keys, in addition to traditional physical SIM cards. Three mutual authentication protocols Moreover, 5G offers telecom operators to choose between three mutual authentication protocols—5G-AKA, EAP-AKA, and EAP-TLS, compatible with both mobile phones and SIMless devices. 1) 5G authentication and key agreement protocol 5G-AKA protocol uses asymmetric randomised encryption, making it immune to IMSI-catcher attacks But because of the unique specifications of each protocol, the choice needs to be thorough. The novel 5G authentication and key agreement (5G-AKA) protocol, built for purpose by 3GPP, is understandably making waves at the moment. This challenge-response authentication method uses asymmetric randomised encryption, making it immune to IMSI-catcher attacks, and stands out with improved roaming security features that prevent billing fraud. However, due to its novelty, 5G AKA is not fully studied, and some researchers have already recognised security shortcomings in the protocol, which render it vulnerable to linkability attacks. 2) EAP-AKA EAP-AKA is an older AKA-based challenge-response authentication protocol with the same level of security properties as 5G-AKA but differs from it in some technicalities, such as message flow and key derivation. 3) EAP-TLS The addition of non-AKA-based authentication protocol EAP-TLS in 5G is a positive innovation, even if its use is limited to private networks or IoT environments. EAP-TLS uses a fundamentally different certificate-based mutual authentication model, which removes the need to store a large volume of long-term keys in the home network, as in the case of 5G-AKA and EAP-AKA. But on the other hand, EAP-TLS comes with a certificate management overhead and has security vulnerabilities that can be exploited when the infrastructure is misconfigured. Upgrade legacy security controls The onset of 5G is bringing about the escalation of DDoS attacks in number, scale, and complexity The pivot to 5G and environment virtualisation not only creates new security challenges for telcos but also exacerbates some all-time threats. That’s why providers are encouraged to upgrade their existing safeguards. First and foremost, the onset of 5G is bringing about the escalation of DDoS attacks in number, scale, and complexity, so telecom operators, who have been hackers’ primary targets over the years, need to enhance their protection even more in 2022. Blackholing Blackholing, or rerouting suspicious traffic into a “black hole” and thus dropping it from the network, is the most common DDoS mitigation measure in the telecom industry. The tactic would be efficient if not for one fatal flaw; it destroys both malicious and legitimate traffic, which in the highly connected nearest future can have disastrous consequences for a smart hospital, factory, or city. Machine learning detection mechanisms So in preparation for 5G, operators can pivot to a more preserving tactic of DDoS mitigation involving scrubbing centres and dedicated facilities where DDoS-generated traffic is analysed and legitimate traffic is separated and forwarded back to the original destination. To minimise the traffic downtime, which can reach up to 30 minutes, telecoms can adopt machine learning detection mechanisms to discern malicious traffic in a fraction of the time an infosec specialist needs. Backing up data Providers are advised to implement automated malware monitoring and detection engines into each network slice Due to the pivot to vertical connectivity, the telecom industry also puts itself in the firing line of high-scale ransomware attacks targeting consumers. Against this backdrop, the importance of backing up customer and device data as well as making it inaccessible to third parties with encryption cannot be stressed enough. Other than that, providers are advised to implement automated malware monitoring and detection engines into each network slice, tailored to the type of devices it serves, instead of a single, one-size-fits-all solution. Manage security compliance In addition to following the 3GPP standards while deploying their 5G networks, telecom companies looking to partner with enterprises across industries and geographies need to be mindful of other relevant cybersecurity regulations. 1) Regional laws In the EU, the GDPR is the major regulation defining data protection and privacy. Since it applies to the IoT device's lifecycle, telecom operators with plans to venture into vertical connectivity must follow it. Such network providers also need to take into account the Cybersecurity Act, an EU-wide cybersecurity certification framework for ICT products, services, and processes. ePrivacy Regulation ePrivacy Regulation is currently under discussion, focusing mostly on electronic communications There is also the Toolbox on 5G Security issued by the European Commission for EU member states as a recommendation for telecom companies to strengthen their 5G deployment security. Although the regulation is voluntary, it is implemented on a national level, so service providers are expected to comply with it. Beyond this, the ePrivacy Regulation is currently under discussion, focusing mostly on electronic communications. When passed, it is expected to strengthen communications security while also opening up new business opportunities for telcos. Internet of Things Cybersecurity Improvement Act In the US, there was no single federal IoT legislation until the Internet of Things Cybersecurity Improvement Act was signed into law at the end of 2020. The Act requires the National Institute of Standards and Technology (NIST) to develop security standards for managing federal government smart devices, and despite its narrow focus, it is highly anticipated to have a wide-ranging impact on IoT device manufacturers, connectivity providers, and industrial IoT security overall. NIST hasn’t released the final version of its guidelines yet, but telcos developing service offers in the US are advised to keep them in mind. IoT cybersecurity initiatives In contrast, despite being at the forefront of IoT development, the Asia-Pacific region does not have substantial public or private IoT cybersecurity initiatives. Still, considering the rising importance of smart devices in the services sector and manufacturing as well as an alarming growth in cyberattacks against IoT, countries are highly likely to start drafting and enacting relevant laws in the nearest future. 2) Industrial guidelines While most industries usually conform to national data privacy and security laws, other sectors are handling sensitive data that follow their regulations. Healthcare For IoMT connectivity providers to comply, it’s necessary to build specific data transmission and storage Healthcare is a sector with one of the most rigorous data security laws aimed at protecting patients' health information; HIPAA in the US, PDA in some EU countries, and DISHA in India. For IoMT connectivity providers to comply, it’s necessary to build specific data transmission, storage, and integrity safeguards together with sophisticated access control mechanisms into their services. Banking and finance Another industry with established data security guidelines is banking and finance. PCI DSS, a universal standard mostly focusing on payment data security, also contains hardware and software security policies. They touch upon device communication encryption, specific protocols and standalone device security measures, and recommendations for IoT application development. Final thoughts Like any emerging technology, 5G is a disruptor, so telcos should implement it carefully, paying special attention to the security of their networks and telecommunications software solutions. In particular, organisations should adopt more advanced device authentication protocols, modernise outdated security controls, and manage relevant cybersecurity regulations.
The Global Security Exchange (GSX 2022) in Atlanta in September 2022 is the latest example of the energetic post-COVID resurgence of security trade shows. On the vibrant show flow, discussions centered on topics such as the security industry’s need for more employees and the lingering impact of a months-long supply chain crisis. Against a backdrop of continuing industry challenges, exhibitors and attendees were diverted by a wealth of new opportunities as the industry rebounded. Several major players had big product announcements at GSX 2022 in Atlanta. Manufacturers unveil the latest technology The big news at Genetec was “5.11.” That’s the newest version of Security Center, which is “all in,” i.e., providing everything Genetec offers in a single “unified” platform. The unified approach streamlines the process for systems integrators, makes quotes easier, and adds value for customers. Standard, Pro, and Enterprise versions provide video, access, and LPR “right out of the box.” Genetec is also launching a new web and mobile client for the “next generation operator.” Paid intern programme Kyle Hurt says the security industry’s biggest challenge is attracting personnel Kyle Hurt, Genetec’s Senior Sales Director, North America, says the security industry’s biggest challenge is attracting personnel (even more challenging that the supply chain.) Genetec’s response is a robust paid intern programme, welcoming 120 interns into various departments for a full semester. The programme helps to feed Genetec’s need for new talent. “You can’t coach passion,” said Hurt. WiseNet Edge Hanwha Techwin introduced a “serverless camera” at GSX 2022, named the WiseNet Edge. It is a video camera with a built-in solid-state hard drive for storage. The camera can store its own video and take in other camera feeds. In effect, it operates like an NVR but is less expensive and with an internal solid-state drive. Video can be viewed through a cloud browser, and Hanwha’s WAVE software, loaded on the camera, enables the management of several cameras at a site. High-res video is stored inside the camera, and any information can be shared with the cloud according to the needs of the application. i-PRO Mini i-PRO launches its own Video Insight video management system and MonitorCast access control i-PRO has fully transitioned away from Panasonic and is charting its own ambitious future path. Seeking to be “bold, trusted, and flexible,” the company is releasing a raft of new products, filling in previous gaps in the line, and bringing forward new innovations, including a full complement of AI. In addition to hardware, they have their own Video Insight video management system and MonitorCast access control, which was part of the Video Insight acquisition in 2015. An i-PRO Mini is a tiny camera, smaller than a smartphone. All cameras are NDAA compliant. People are coming together “The show has been phenomenal,” said Josh Letourneau, Chief Commercial Officer, Prosegur USA. “It’s very nice to see that people are coming back. After the pandemic, we are finally in a position of coming together. Lots of organisations are coming to see us.” Intelligence-led risk management Prosegur is a global company looking to expand aggressively in the United States, creating multiple “metropolitan service areas,” where the company’s fully integrated offerings are available. What makes the company unique is its “intelligence-led risk management,” says Josh Letourneau, adding “It’s more than AI, it’s about human intelligence, too." Prosegur sees evolution and growth opportunities in the U.S. market. “We are one of the largest companies no one has heard of,” adds Letourneau. “The show seems as back to normal as possible,” said Keith Bobrosky, President of Delta Scientific, who attended the show although his company did not exhibit, adding “There seems to be a generally positive spirit about the show this year.” Physical security protocols Bobrosky sees data centres as the next big market for his company’s vehicle barriers Bobrosky’s company has worked aggressively to avoid the impact of supply chain issues, ordering plenty of extra inventory to avoid the possibility of a part running out of stock. “We got ahead of it and are past the worst of it,” he said. Bobrosky sees data centres as the next big market for his company’s vehicle barriers. “The government will mandate physical security protocols for cybersecurity locations because they house data that affects national security,” he says. Robots and indoor drones ADT Commercial highlighted robots and indoor drones for security apps at their booth. The newest versions of the humanlike robots offer extra padding, more fluid movement, and 360-degree viewing for a better virtual reality (VR) experience, including better peripheral vision. Robots can operate for four hours without a charge and “know” when to return to the charger (to “top off” every hour). Fully autonomous indoor drones can also replace guards, flying near the ceiling and generally after business hours. The use of either robots or drones can lower costs when compared to hiring human guards. Varied uses for canines in security Glen Kucera, Chief Executive Officer, MSA Security, highlighted the capabilities of canines for explosives and firearms detection. “People don’t realise the flexibility of what they can do,” he said. Kucera says canines provide a sophisticated solution to address the escalating active shooter and criminal threat. MSA Security was acquired last year by Allied Universal, adding to the company’s varied offerings for threat detection and management. Rather than individual products, Allied Universal’s emphasis at the show was on bringing solutions together. Their message: Risk is multi-dimensional and different from one client to the next. Access control Access control needs to develop more modern interfaces to compete with new technology companies AMAG’s news at the show included a new president, David Sullivan, who highlighted AMAG’s role as one of the “last independent access control companies.” He said, “The beauty of AMAG is its installed base and loyal integrator channel.” Sullivan sees changing trends in how office space is managed in the wake of the pandemic. More workplace management applications will emerge, with one of the elements being access control. Access control also needs to develop more modern interfaces to compete with new technology companies entering the market. An encouraging sign is that AMAG had its best year ever in 2021. Orion Entrance Control Orion Entrance Control showed off one of its modern new turnstiles at the RealNetworks/SAFR booth at GSX 2022. The turnstile incorporates an access control module from Elatec to update and expand card reader functionality. Using the module streamlines Orion’s processes and avoids having to update a customer’s readers individually. The turnstile at GSX also incorporated a facial recognition system from SAFR, which could be used instead of, or in addition to, the access control reader. Balancing the cloud and on-premise systems Salient Systems is looking to balance the use of on-premise and cloud systems and emphasise data instead of video. Rather than a single market, Salient sees security as a variety of smaller markets, each focused on different needs. Salient’s customers are typically larger and have multi-site deployments with thousands of cameras. On-premise systems appeal here because they offer an element of control. Open-platform APIs Internal teams at customer sites are seeking out and finding new ways to leverage the data from video systems “People have a keen interest in control and ownership of their data,” says Sanjay Challa, Chief Product Officer, Salient Systems. Internal teams at customer sites are seeking out and finding new ways to leverage the data from video systems, and some of the uses fall outside the traditional “security” market. Open-platform application programming interfaces (APIs) enable more integration with various systems, and broader applications enable customers to leverage budgets from other stakeholders in an organisation. Add-on services “They’re unwilling to shift the entire solution to the cloud, but they want to leverage cloud technologies,” says Challa. For Salient, a cloud system provides remote access to monitor and service video installation remotely. “We enable the integrator to reach into your system to provide a higher level of service,” says Sanjay Challa. He concludes, “Our add-on services bring the best of the cloud to on-premise systems, and integrators don’t have to roll a truck to solve a problem with the system. We are focused on helping integrators succeed.”
Who needs cards when everyone has a smartphone? That’s the key question underlying the access control industry’s transition to mobile credentials. But the transition is easier said than done, and mobile credentialing, for all its advantages, also has limitations, which further innovation continues to address. Wider acceptance comes next, driven by use cases in various vertical markets. We asked this week’s Expert Panel Roundtable: What are the latest developments in mobile access control?
The growing mobile ownership rate, the emergence of more user-friendly banking apps, the tech-native younger generation, and, of late, the pandemic-induced shift to online, all create a fertile ground for mobile banking. Unfortunately, the acceleration of banking app adoption today goes hand in hand with the increase of targeted security threats. In 2022, a month wouldn’t go by without a headline-making mobile banking attack or incident that resulted in stolen funds and sensitive personal information from thousands of users. Security as an afterthought Nevertheless, a fair share of BFSI companies persists to treat security as an afterthought during and after mobile banking app development. The 2021 State of Mobile Banking App Security report shows that 82% of enterprise executives consider mobile channels important. However, 39% of respondents did not run any vulnerability analysis or penetration tests on their mobile solutions. Five-step guide Neglecting a banking app’s security is a dead-end track that leads to severe financial repercussions In the turbulent threat landscape of today, neglecting your banking application’s security is a dead-end track that leads only to severe financial and reputational repercussions. Being banking software developers with a long-standing experience in cybersecurity, we devised a five-step guide to help financial institutions build shell-proof mobile banking apps, maintain them this way, and safeguard customers from mobile security troubles. #1: Test security throughout SDLC and beyond The safety of mobile banking is a subject of many regional and industrial standards, so companies traditionally design the security architecture of their apps around these guidelines and call it a day. While regulatory compliance is vital, financial institutions often mistakenly bank on it alone and perform security-related activities late in the SDLC. As a result, there is a good chance pre-release quality assurance (QA) can discover deeply ingrained security flaws that will require fundamental corrections. What’s even worse, if the QA fails to do so, the app will be released with inherent vulnerabilities. Threat modeling Engineers should not only implement security controls into the source code but also review it for bugs and flaws The best way to make an app safe by design is to integrate security testing into the development lifecycle. At the start of the project, the team needs to explore relevant external and internal threats and, drawing on the analysis, specify security requirements for the application alongside functional and performance ones. At the design stage, it’s a great practice to perform threat modeling, as it allows developers to understand which elements of the app require protection most and what security controls will fit the purpose. Also, during the application development, engineers should not only implement security controls into the source code but also review it for bugs and flaws at each iteration. Thus, all vulnerabilities are rooted out immediately, before the app goes to production. #2: Implement a strong authentication layer Access control is the foundation of security, and mobile banking is no exception. By equipping an app with a proper authentication mechanism, banks ensure that only the customer is allowed to view and manage their personal funds, while third parties, malicious and not, are kept out, thus eliminating the risk of unauthorised access. Despite remaining a predominant user authentication method, passwords have long been showing their insufficiency in the modern threat landscape. Two-factor or biometric authentication Relying on physiological human characteristics to identify a person is highly accurate and spoof-proof Two-factor authentication, on the other hand, has many uses in the financial industry, and app user verification is one of them. Requiring two separate forms of identification, commonly a password and a single-use code sent via SMS, push notification, or email is still a much stronger secure option than passwords. Biometric identification is an authentication technology that gained traction only recently, but its efficiency propelled its adoption as a verification method in mobile apps across industries, with finance leading the way. Relying on physiological human characteristics, such as fingerprints, facial features, voice, or iris to identify a person, the technology is highly accurate and spoof-proof. #3: Encrypt user data and communications Financial institutions are no strangers to encryption. Most banks today leverage the virtually unbreakable 256-bit advanced encryption standard (AES) or equivalent methods to make customers’ personal and payment information inaccessible to unauthorised parties. Needless to say, a mobile banking app should incorporate similarly robust encryption mechanisms to protect user data. It can be the customary AES, but it can also be another encryption technology that fits the app’s specifics better. Transport Layer Security protocol It’s necessary to bake in specialised encryption mechanisms for securing app-to-device communication It is also important to secure the traffic between the app and the server, and the Transport Layer Security protocol (TLS) fits the bill here. Things can get more challenging if you plan on integrating your mobile app with wireless BLE and IoT technologies for proximity-based marketing, in-branch experience personalisation, and wayfinding. In this case, it’s necessary to bake in specialised encryption mechanisms for securing app-to-device communication and ward off man-in-the-middle attacks. # 4: Integrate in-app protection In recent years, due to the growth of malware targeting applications, bank customers were increasingly plagued with malicious software of all stripes. Of course, these days, there is strict oversight over financial cybercrime, and specialised law enforcement together with private-sector IT specialists usually take prompt measures to disarm emerging malware. Nevertheless, considering the steadily growing adoption of mobile banking, malicious software targeted at new apps will continue surfacing monthly while the existing scripts will be upgraded to circumvent dedicated safeguards. In-app protection By relying on in-app protection, banks can efficiently shield their app from emerging attacks To be a step ahead of the attackers, financial institutions need to embrace a more comprehensive approach and consider bolstering source-code security controls with robust in-app protection features. Designed by cybersecurity tech companies, in-app protection is a set of tools that can be easily integrated into an application. These solutions typically include mechanisms for security monitoring and malware detection, network connection manipulation, and external tampering that vendors update on a regular basis. Thus, by relying on in-app protection, banks can efficiently shield their app from emerging attacks. #5: Raise customers’ security awareness Regrettably, after the release, your mobile banking app’s security is not completely in your hands. Users' poor choices can easily obliterate all the efforts towards building and maintaining the solution impregnable. Some can turn off biometric authentication if they see no point in it, while others can click on a phishing link because it is sent from a domain looking just like yours. Hence, it’s not enough to deliver a highly protected mobile banking solution, you should also teach users how to render their app experience safe. Security education Banks need to educate their customers about the benefits and dangers of trusting third parties with app credentials First and foremost, banks need to educate their customers about good mobile banking security habits, from the importance of strong passwords and the benefits of two-factor or biometric authentication to the dangers of trusting third parties with app credentials and using public networks when conducting financial operations. However, banks should present this information in a detailed but engaging way, for example through short posts or animated videos, otherwise, there are a high chance customers will not bother to pay heed to it. Stay alert to stay secure Over the recent years, mobile banking has burgeoned, but with this growth came a whole new set of threats, exploiting apps’ inherent vulnerabilities, loose security controls, and customer unawareness, with the burden of warding them off falling on their owners. The battle for mobile banking security is ongoing, and to win it, banks need to respect security basics while also remaining open and flexible regarding emerging security tech.
Latest Access control news
TDSi announces it has achieved Cyber Essentials Plus Certification following its initial Cyber Essentials certification back in June. Cyber Essentials Plus further demonstrates the company’s dedication to fully securing its operations, as well as its products and services, with a hands-on technical verification by an independent assessor, following an earlier self-assessment. Backed by the UK Government through the National Cyber Security Centre (NCSC), Cyber Essentials helps any size or type of organisation to protect itself, its customers and partners, and anyone else that relies on it from a range of common and potentially dangerous cyber-attacks. Initial remote assessment Alex Rumsey, Sales Director at TDSi commented, “We are delighted to have received certification for Cyber Essentials Plus, which builds still further on our initial certification earlier this year. Having this additional level of assessment is a clear indication to TDSi’s customers and partners that we take our own cybersecurity just as seriously as that of our products and that no part of our operations is left exposed to potential threats.” We are delighted to have received certification for Cyber Essentials Plus" To gain Cyber Essentials Plus certification TDSi’s IT infrastructure was thoroughly assessed in person by a technical expert, following the initial remote assessment for TDSi’s initial Cyber Essentials certification by IASME Consortium Ltd. By testing TDSi’s network and IT devices, the independent assessor was able to check for any potential issues that may have been missed at the self-assessment stage and to offer additional advice if required. Appropriate password management Cyber Essentials Plus enables TDSi to demonstrate the cybersecurity of its whole IT infrastructure including onsite systems, Bring Your Own Device (BYOD) elements, cloud-based systems, and externally managed IT services, along with appropriate password management, malware protection, and security updates management. Alex Rumsey added, “This is further proof that TDSi and our products offer the highest levels of protection and security. Any security system – be it physical security or IT security – is only as well protected as its weakest point. With the two sides of security now inextricably linked, it is essential that we demonstrate full IT integrity and Cyber Essentials Plus does just that, so we are very proud to boast this latest certification as proof of this.”
Industry 4.0, digital facility management, distributed systems, IoT – radio frequency band usage is constantly increasing. These demands are, for example, being met by allocating ever higher transmission frequencies. Mobile radio standard 5G or technical building equipment such as WLAN already communicates well above the 2.7 Gigahertz limit specified for EMC interference immunity tests in the “product family standard” for alarm systems EN 50130-4. Service portfolio An adaptation of the harmonised standards taking into account higher test frequencies is expected; the generic standards EN IEC 61000-6-1/2 already include these. Given the critical discrepancy between the currently valid test spectrum and the actual radio interferences, VdS adapts its service portfolio. Minimal extra costs "The standard specifications are being overtaken by reality, as usual, we assure manufacturers at an early stage," explains Frank Hunold, the Head of the EMC laboratories at VdS, adding “This is why we have already upgraded our absorber halls for testing with electromagnetic fields to 6 GHz. Our customers now can include this in ongoing test procedures at minimal extra costs, thus avoiding separate re-tests at a later stage.“
Union Community, the largest multi-modal biometric security solution company in Korea, and Touchless Biometric Systems (CEO Stefan Schaffner) pioneer for touchless biometric solutions, announces that they have signed a Memorandum Of Understanding (MOU), to expand their partnership on global level. Through this MOU, the two companies plan to intensify their cooperation in technology but also in distribution of their product ranges in different parts of the world. This partnership will fuel the growth and help the two companies to expand their global presence and underline their leading role in the biometric world. Challenging and customised solutions Shin Yo-sik, CEO of Union Community, said, “The MOU with TBS for Union Community’s global expansion, is an important step to accelerate our ambitious growth plans. It will help us to further strengthen our market position.” Union gives us access to an extended range of state-of-the-art hardware" “The two partners are highly complementary in terms of markets and offering. While TBS is specialised on challenging and customised solutions, Union gives us access to an extended range of state-of-the-art hardware. For our customers, it’s the best of two worlds.” says Stefan Schaffner, CEO at TBS. Touchless biometric solutions Founded in 2000, Union Community has expanded its business areas from access control systems using fingerprint recognition and face recognition algorithms to iris recognition systems. Recently, it has secured market share based on active activities such as launching premium products and introducing a system integration with a heat sensor. Swiss-based Touchless Biometric Systems AG (TBS) is a trusted provider of touchless biometric solutions for Access Control and Workforce Management. Its biometric framework covers even the most challenging workflows and security requirements. TBS hard- and software is integrated into the security systems and deployed at various airports, datacentres, industrial, financial, and government installations.
Door access with mobile phone is constantly increasing. Mobile phone is excellent for carrying digital access rights – secure, convenient and available to everyone. Mobile credential is transferred from phone to reader using the phone’s Bluetooth connection. The connection between the reader and phone is protected by secure encryption – the same as mobile payments are using. Mobile access by phone also enables using the phone’s own security locking, such as fingerprint, as a part of the verification process. This option is not available with traditional physical transponders without a separate, often expensive biometric reader. Traditional physical transponders Mobile access and Idesco ID mobile access solutions make access control and especially access credential management and their delivery to users much easier. So far, previous mobile access solutions in the market have been merely cloud-based services. System installers have had to implement separate cloud service for mobile access credential management, parallel to their own access control system. They have had to register to this separate cloud service whenever they want to manage mobile access rights. Idesco ID is a service for the management of mobile access rights in an existing access control system where traditional, physical transponders are also managed. Indeed, it enables sending mobile credentials to users’ phones directly from their own system, without the need to register to parallel systems. Environment-friendly solution Mobile access with Idesco ID is an economical and environment-friendly solution Mobile access with Idesco ID is an economical and environment-friendly solution, especially for temporary access rights. Users don’t need to assign physical plastic cards or transponders for their customers if they need access rights only for a couple of days. If users manage and assign temporary access rights for management personnel, mobile access rights are very handy; they can send them remotely to their phones, saving time and resources. Idesco ID provides different options to use the service. If an organisation is sending new mobile credentials to phones regularly, continuous Idesco ID Enterprise service could be their best choice. Another option is to send mobile credentials to all phones in lump, meaning that Idesco ID service is used only during this transfer. Managing access credentials Small organisations, sending mobile credentials only occasionally, could benefit most from Idesco ID Entry level solution. There, user first downloads Idesco ID application which creates a mobile credential in their phone, then lets it be read into the system by a separate Enrolment Station device, e.g. in reception. Whatever mode of service they choose, they always manage access credentials in their own system, and Idesco ID will not become a part of their own system. Mobile app users don’t need to create accounts in cloud or manage passwords. Only their phone number or additionally also an email address is needed from them, and that is only for sending the mobile credential. After sending, their phone number and email address are removed from Idesco ID service.
Access control applications
Remote location, 24/7 access requirements, multiple users - automation was the answer for the owner of this storage facility who needed to prevent false alarms and ensure around-the-clock security for its customers. Located in rural Somerset, Dan Riddle, Owner of Southwood Secure Storage, wanted to secure a new storage container facility. Various challenges particular to the case meant that no off-the-shelf product or service ticked every required box. But, close teamwork between the client and SafeSite Facilities resulted in a custom automated system being installed, which the client has future plans to roll out across other sites. Background of the storage container facility The storage container facility consists of a large outdoor space, with fencing and the main access controlled gate The storage container facility consists of a large outdoor space, with fencing and the main access controlled gate, keeping the containers housed securely within. The biggest challenge was how to allow alarms triggered by break ins, without also generating false alarms when a genuine, authorised user enters the facility. The client also required CCTV to cover the expansive site, and a visual deterrent to dissuade people from attempting unauthorised access attempts in the first place. Repurposing a COVID solution One option was for customers to be given an alarm fob to disarm and arm the system on entry and exit. But this posed a security risk if left unarmed accidentally. It could also give malicious customers the ability to disarm the system if they wished. An additional challenge was how to know not to arm the system if there was still another customer inside. SafeSite Facilities worked closely with the client to devise a bespoke automated system which delivers on all fronts, comprising access control, CCTV cameras, a rapid deployment tower, and 24/7 remote monitoring. Customer access is a two-stage process – firstly the main gate which has two-factor authentication – a fob and a pin code. Bespoke automated system During the height of the COVID pandemic, security installers encountered a new need from customers" Once access is granted through the gate, the customer uses a simple key to open their specific container. The new approach involves repurposing a COVID feature of the main gate access control system to control the alarming of the CCTV. Adam, The CCTV Technical Manager at SafeSite Facilities, explains: “During the height of the COVID pandemic, security installers encountered a new need from customers - clients couldn’t have site areas becoming too crowded, so they needed a way to prevent even authorised staff entering, at least until the population dropped to an acceptable number. Security manufacturers responded by integrating population counters into their access control systems.” Deny additional entry Some access control systems, including the one in use here – Paxton’s Net2 – keep a running count of people in a specified area, and deny additional entry should the space become too crowded. “Even though the need on this project wasn’t COVID related, we realised we could piggyback on the functionality for this project,” explains Adam. “The access control system keeps a tally of individuals entering and exiting the compound and alarms are automatically disabled when the system recognises that there are authorised people on site. When all authorised people on site have fobbed out, the alarm system automatically rearms, without any specific action or knowledge from the customer.” Rapid deployment CCTV tower The client also required a visual deterrent so, at the heart of the monitoring system is an imposing rapid deployment CCTV tower. It’s physical presence - featuring florescent colours which echo police warnings – helps make the site look far from an easy target. Additional pole-mounted CCTV cameras are also located around the site to ensure full coverage Additional pole-mounted CCTV cameras are also located around the site to ensure full coverage. The integrated 4G routers are registered with most network providers and will intelligently switch between them, seeking the strongest signal to provide reliable coverage of the site. Automation and humans work together The automated solutions are coupled with a 24-hour remote monitoring service, provided by Safesite. Should an alarm be raised, the monitoring service is alerted and the CCTV footage reviewed in order to gauge the most suitable response – either highlighting incidents for the facility’s security response team to handle, or escalating to the police, if required. Pretty much any aspect of the system can be controlled using a smartphone app, from anywhere in the world, which gives great flexibility. The system also creates an audit trail of events, which can be used for security and safety reasons. The client can, for instance, generate reports detailing which days and hours see the most footfall, or they can find out when a particular customer entered the site. “This has been a great project to be involved in,” Adam continues. “It’s worked out very well – we’ve created a simple system for the client and its customers to use, the site is secure and false alarms are very low.”
Protecting a site that is 15 km squared and has a perimeter measuring 19 km is quite an undertaking. Add in high winds which rule out the use of drones in the area and no phone or internet reception either and have a challenge on hands. This was the situation G4S in Turkey was faced with when they took on a two-year contract in 2022 to secure Öksüt Mine. Based in the middle of the country to the east of Ankara, it is owned by Centerra Gold and is forecast to produce 4 million tonnes of gold a year when fully operational. With potential threats from robbers, terrorists, and environmental campaigners, the site requires a 24/7 security presence. Risk assessment G4S’ first step was to conduct a risk assessment to identify the most appropriate security solution. Halil Yetik, Regional Manager at G4S in Turkey, said: “While Oksut isn’t the largest mining site that we secure, it’s still one of the most challenging. We knew we couldn’t pull something off the shelf for this kind of project given the constraints we were up against - we knew we’d need a tailor-made solution.” The use of traditional video monitoring was ruled out (several hundred cameras would be required to cover the whole site which wouldn’t be financially viable) so other options were explored. The team wanted to have maximum flexibility since the digging areas change regularly. 'View and Drive' security cameras The cameras don’t require any setup or cables and come with a generator and a solar kit After installing 250 fixed cameras around the site and perimeter, the team also came up with the ‘View and Drive’ concept: cameras (one dome and two CCTV) are attached to a telescopic pole with zoom functionality that is fitted to a trailer, allowing them to be easily moved around the site. It also doesn’t require any setup or cables and comes with a generator and a solar kit connection in case of any power shortages. Perimeter security and monitoring “We can move these cameras around the site to any area that we want to monitor closely, depending on where the most activity is on that particular day or week,” said Halil Yetik, adding “We also patrol the perimeter in vehicles every two hours to check for any suspicious activity, so we’re covering all bases.” Body-worn camera and radio It’s not just cameras that are relied on to secure the site, with 69 security professionals also stationed at the mine at any one time. Most are posted to different security points spread across the site which are equipped with panic buttons linked to the G4S central operations centre in İstanbul. Each security professional also has a body-worn camera and radio (while the site has no phone or internet connection, a radio network has been established). Tailor-made training programme There are strict control measures for officers assigned to the processing room who are required to wear PPE" The G4S team also wanted to create a specially designed training programme for security professionals, who are often required to work alone during their eight-hour shifts. “We designed a training programme with a particular focus on perimeter security, entrance and exit rules, and how to identify a suspicious package or person,” said Halil. “Health and safety are also really important because officers are often on their own, so we have a clear protocol for what to do if someone feels ill while on duty. There are also very strict control measures for officers assigned to the processing room who are required to wear PPE.” Kokpit: a security operation management software Security professionals can also share videos and images of any incidents that occur through Kokpit, a security operation management software developed by G4S in Turkey. Accessible via a mobile phone, videos or images of any incidents can easily be shared with the operations centre and Centerra Gold, which Halil says, “helps us to be really transparent and builds trust with them.” Critically, Kokpit can work offline too. Integrated security solution “This project is the perfect example of an integrated security solution with people and technology working hand in hand,” said Halil, adding “A lot of time and thought went into developing security cameras that are mobile, but it was just as important that the same attention was given to training our people to ensure they are well-prepared to work on such an unusual and challenging site.”
Fenwick Iribarren Architects have many years’ experience working with BIM. They have benefited from its transparency on projects in Spain and abroad. For Campus Acciona, a landmark new business and office development in the Hortaleza neighbourhood of Madrid, they sought a trusted BIM partner to streamline the specification process. According to Javier Iribarren, BIM brings many collaboration advantages to complex workflows: “Projects are much more coordinated between the different disciplines, resulting in a more developed project arriving on site,” he explains. “In a few years it is going to be the only way of developing these projects.” Ensuring software packages For their Madrid project, Fenwick Iribarren aimed to save time in coordinating specification and parameters between building materials and their Revit design. Ensuring software packages work together creates a transparent ‘living model’ with the right level of detail, as well as an up-to-date document resource with long-lasting value for building maintenance and security teams. They also believed this project’s success would introduce their other stakeholders in real estate development to the merits of a strong BIM partnership. Partnering with an ASSA ABLOY specification and BIM specialist based in Spain helped coordinate the fast-changing information that Fenwick Iribarren require through design stage. They could quickly share alternative scenarios via the BIM model, for example. Data-rich collaboration All kinds of solutions — from door closers to mechanical cylinders— are available with a few clicks “The BIM process is an ongoing dialogue, a process which helps architects, building contractors, investors, and project owners to work collaboratively,” says Marc Ameryckx from ASSA ABLOY Opening Solutions EMEIA, adding “More than just workflow management or virtual modelling, BIM is a data-rich collaboration. For a large, 554-door development like Campus Acciona, the transparency and efficiency benefits of a BIM partnership are huge.” Openings Studio streamlines information flow from ASSA ABLOY’s specification database directly to an in-progress Revit design. All kinds of solutions — from door closers to mechanical cylinders— are available with a few clicks. This replaces the time-consuming process of adding door parameters manually. Streamlines information flow Marc Ameryckx continues, “The software is very easy to learn,” Javier adds. “It is especially useful to update changes since it detects updates in the model. A high level of programming is not required and you don’t need to use other packages like Excel to extract or import schedules.” He adds, “The workflow and the after-care experience have been great.” The range of solutions available from ASSA ABLOY also helped save specification time. “ASSA ABLOY’s comprehensive range includes door systems and electronic locks and strikes, innovative door closers, and access control solutions tailored to the office sector.” Campus Acciona Campus Acciona is equipped with ASSA ABLOY Door Closers (DC340, 500, 700, and 840); TESA TOP mortise panic exit devices; CF60 series fire-rated mortise locks; Cubo single lever handles; and TX80 Euro profile high-security double cylinders.
Set to be completed in 2023, the administrative building - ORGANICA will become one of the smartest office buildings in the Moravian-Silesian region. The digitalisation and implementation of communication tools are led by Sharry whose workplace experience platform is also used in New York's skyscrapers. At ORGANICA, Sharry is connecting a tenant engagement mobile application with smart parking and visitor management system. Smart building Developed by Contera, ORGANICA is an administrative building in the heart of Ostrava. Upon its completion, it will also be known as a “smart building”, with up to 2,500 users being able to utilise a unique software by Sharry. Through the mobile app as the key elements of the workplace ecosystem, they will unlock their premium offices and also other services and amenities in the building and nearby. Smart access Employees will unlock lobby turnstiles and doors in shared spaces with their smartphones or smartwatches Rather than using plastic cards, employees will unlock lobby turnstiles and doors in shared spaces with their smartphones or smartwatches. With one click they can reserve a parking spot, meeting room, or order food. At the same time, the application will connect them with businesses in the area that can send them special offers or alert them to their daily menu offerings. USB charging stations “From the beginning, we have considered ORGANICA to be an extremely friendly building, both for its users and the environment," said Martin Budina, Project Director at Contera. He adds, "Apart from using the software from Sharry, users will also find charging stations for their electric cars and bikes and make use of USB charging stations located on benches in the atrium." Environmentally friendly Martin Budina continues, "Air distribution is handled by an intelligent system and the building’s heating system will be automatically regulated based on the season and weather forecast due to a metro station on site." He adds, "ORGANICA is designed to be environmentally friendly and partially self-sufficient due to a system that will utilise rainwater for irrigation, as well as the use of solar panels." High caliber development We are excited that Sharry is supporting the development of the latest technology that is being used" “ORGANICA is one of the most significant projects for redefining the new face of Ostrava. We are excited that Sharry is supporting the development of the latest technology that is being used around the world in cities like New York, Chicago, Warsaw, and Budapest," adds David Hartl. "I see Sharry as a technological platform that perfectly compliments the high caliber development and excellent architecture of ORGANICA,” said David Hartl, Head of Sales and Business Development at Sharry. Virtual reception and data analysis ORGANICA is offering 25,545 sqm of office, retail, and multi-use space. The 6-floors project features a stylish reception that dominates the shared areas on the ground floor. Utilising the software from Sharry, the building's main reception can also be set into a self-service mode which allows for guest registration without the need to interact with lobby reception staff. QR code Guests will be able to reserve a parking spot online. They will receive a special QR code over an email that serves as a one-time ticket to open the ground floor turnstiles in common areas, with no need for a plastic card or printed guest pass. Guests can also register themselves into a visitors’ guest book at the building’s common reception the same way they do self-service check-in at the airport and proceed straight to the tenant's reception. Central web administration Building administrators will make use of a central web administration where they can assign access with one click Building administrators will make use of a central web administration from Sharry where they can assign access with one click, as well as monitor the use of the space or building occupancy. The detailed data collection enables effective operations in the building that has been awarded a prestigious ecological certification BREEAM Excellent. Connecting people and technology Tietoevry, a Finish IT software and service company providing IT and product engineering services globally, will be one of the main tenants at ORGANICA, with its Czech office located in the smart building. “ORGANICA and Tietoevry have a mutual goal to innovate which is illustrated by the fact that our employees were involved in the design of the office space." "We believe that the horizontally designed building will allow for the team to be “closer” to each other which translates into collaboration, new ideas, and innovation. The building’s technology will also help us to collaborate with people who are not at the office at the same time,” said Jana Krajcarová, HR manager at Tietoevry.