The authoritative resource for physical and converged security

hi-tech

security
PRINT

NEWS BRIEFS
solutions
Forbatt_Sep-cover 2018-Final4.pdf 1 15/8/2018 17:18

WEBSITE
VOLUME 24 NO 10 | NOVEMBER 2018 R25 (INCL VAT)

RESIDENTIAL ESTATE
business directory 2019
SECURITY
Handbook 2018
The journal for decision makers who solve today’s security challenges
The directory for decision makers who solve today’s security challenges

CM

MY

CY

CMY

ONLINE Frictionless access everywhere

MorphoWave Compact
TM

BY IDEMIA

Published by
HI-TECH SECURITY SOLUTIONS

Complete information offering to suit your needs

The Print Magazines
Annual subscription includes10 monthly magazines from February to November plus our
four annuals – The CCTV Handbook, The Access & Identity Management Handbook,
The Residential Estate Security Handbook and the Hi-Tech Security Business Directory.

Email News Briefs

Twice a week our News Briefs cover the latest news and views. Fast, to the point and direct to
your inbox, they are the ideal way for professionals to stay in touch with what matters to them.

The Hi-Tech Security Solutions website

www.securitysa.com
The place where professionals search for products, services and suppliers. With access to every
article we have published since 2002, this is the ultimate security reference site.

The Digital Magazines

This is the most convenient way to stay in the know if you’re on the go. You can view the e-book
version of any of the magazines online or download them as a PDF.

Contact us to order your free* subscription

+27 11 543 5800 or [email protected]
*The publisher has the right to refuse a free application if the respondant does not qualify in terms of our target audience.

Hi-Tech Security Solutions

The journal for decision makers who solve today’s security challenges
www.securitysa.com Access & Identity Management Handbook 2019 1
 contents
Editor’s note................................................................................................... 4 Cyber security
Trends Managing who, what and why..............................................16
Today’s access control isn’t only concerned with who has access,
Open source identity initiative................................................6 but also what has access, why they need it and what they are
Industry-first open source identity initiative promises to eliminate doing with it.
vendor lock-in and reduce costs for governments around the
world. Convergence
Significant differences in perceptions on state Physical/logical convergence................................................20
of digital trust...........................................................................8 The convergence between physical and logical (or cyber) security
Nearly half of businesses admit to selling customer data, despite will be a game changer because it will change the way we do
claiming data protection as paramount; consumer behaviour everything.
shows strong correlation between loss of business and lack of
digital trust. Physical and logical convergence is a fact............................22
Convergence, the next buzzword? A dated buzzword? Is
Managing identities convergence merely integration on steroids? What is convergence?

Trust but continually verify...................................................10 The expanding role of IT in access control...........................26

Hi-Tech Security Solutions looks at access and identity management What role is IT playing in the world of physical access control and
and asks some industry players what ‘zero trust’ and how far will its role expand in future?
‘least privilege’ means.
Biometrics

Taking augmented identity to the world..............................30

Hi-Tech Security Solutions spoke to IDEMIA’s Gary Jones about his
career with the company and its new vision of Augmented Identity.

A scan of fingerprint biometrics............................................32

Hi-Tech Security Solutions spoke to some of the leading fingerprint
biometric vendors to find out more about the state of this market.

BIMS set to change identity management...........................43

Ideco has announced that its Biometric Identity Management
System (BIMS) is now available to the market.

Tracking biometrics into a brave new digital world............44

Integrated multimodal biometric solutions are increasingly popular
for more accurate identity verification and faster real-time results.

Panasonic’s Face Recognition Server....................................47

Deep learning allows for partial face recognition and
Best Shot selection.

A better approach to fingerprint biometrics........................48

LES optical direct imaging sensors claim to offer a smarter
alternative to prism-based scanners.

Your face tells a story.............................................................50

Facial recognition has advanced to the point where it can be rolled
out over large areas and accuracy is no longer a hit-and-miss affair.

2 Access & Identity Management Handbook 2019 www.securitysa.com

Access selection guide................................. 52
Biometrics selection guide.......................... 66
Access control
Key components of access control........................................76
What are the key components in a modern access control system?
The right access decisions......................................................78
Making the right access control decision depends on what you
want secured and how secure it should be.
IP is no stranger to access control.........................................82
IP communications takes your access control system beyond
simply opening the door.
Applying the SaaS model to access control..........................84
The software-as-a-service model has proven transformative to
many organisations, and even entire industries.
Access in the cloud
Cloud-based access control...................................................89
Running your access control through a cloud service has made
people nervous in the past, but today’s solutions are hard to beat.
Controlling access in the cloud..............................................90
In the access control arena, the adoption of cloud-based access
control continues to grow as companies become more open to
the idea of relying on it to perform such a vital function.
Video-based access
They sure don’t make them like they used to......................92
A doorbell used to be a simple thing. Today, however, they offer
two-way communications and even video.
Workforce management
Integrating access with OHS and operations.......................96
Veracitech has developed access control plug-ins to add
certifications and key management decision-making to traditional
access control.
Questions on workforce management.................................97
Paul Chari talks about workforce management in modern
organisations.
43 years of workforce optimisation......................................98
SACO has evolved into much more than just a workforce
management platform.
Visitor management
Video-based parking management................................... 100
Using surveillance video for vehicle counting improves parking
management at an attractive cost.
Deploying an integrated access control solution............. 104
Integration is core to effective visitor management from the point
of entry to the point of exit.
Identifying good visitor management practices.............. 105
The SA driver’s licence is a good source of accurate information
about visitors.
Reliability a fundamental in visitor management............ 106
Make sure your visitor management hardware and software meet
the requirements of your environment.
Digital identity
Digital channels and the evolution of ID........................... 108
While the concept of identity (ID) remains unchanged, the rapid
evolution of digital technology has dramatically extended both its
application and form factor.
Using tomorrow’s tools to solve today’s
security problems................................................................ 111
The criminals have a security roadmap in place, do you?
Case studies
Fingerprints protect privacy for AIDS testing.....................112
High-speed door solutions are cool.........................................113
Integrated security and event management......................114
Aesthetics and access........................................................................115
Accessing Toyota..................................................................................116
Behave or buy new tyres.................................................................116
Fruity, insulated access......................................................................117
Security, convenience and comfort..........................................119
Seamless access to multiple doors............................................120
Trendy access control........................................................................121
Eliminating tailgating at Wits........................................................121
Hospital adopts integrated solution.........................................122
Directory of access and identity
management suppliers........ 123
www.securitysa.com Access & Identity Management Handbook 2019 3
from the editor’s desk

Converging access control

The Access & Identity
Management Handbook 2019
is published by

Welcome to the Access & Identity

Management Handbook 2019. We’re
solutions
publishing this in January as opposed to
our traditional end-of-year publishing www.securitysa.com
schedule to make sure you have some bed-
time reading for the start of the year. If you
Published by
have the physical magazine in your hands,
Technews Publishing (Pty) Ltd
you’ll be glad to know it was designed to 1st Floor Stabilitas, 265 Kent Avenue,
operate during rolling blackouts (or ‘load Randburg
shedding’ to be politically correct). Box 385, Pinegowrie 2123
Tel: +27 11 543 5800
Last year was a tough one for most
Fax: +27 11 787 8052
of the security industry in Africa, and
the world for that matter, so let’s hope ISSN 1562-952X
2019 sees an about-turn in the budget
Editor
restrictions we have become accustomed
Andrew Seldon: [email protected]
to, although Eskom seems hell-bent on
making sure the South African economy Deputy Editor
hits the bottom and starts digging. This is, Brett van den Bosch: [email protected]
however, a good time to be in the candle
business. Contributors
Pine Pienaar
This year’s handbook contains articles Mark Paynter
covering a variety of topics, but there is one Allyson Koekhoven
in physical access control decisions, even to
common thread among almost all of them,
the point of specifying equipment, so we Business Manager
the way in which the IT industry is now
are not merely hyping the convergence idea Vivienne Dorrington:
a part of physical access control and will [email protected]
because it sounds trendy. We also cover the
play a greater role going forward. Whether
whole concept of the full convergence of
it’s access based on the IP protocol, cloud Advertising sales
physical and logical access, something most Tracy Wolter: [email protected]
and hosted technologies, cyber security or
people see as a given for the future, but one Laura van der Merwe: [email protected]
the greater role of IT personnel in access
which nobody seems to know exactly how
control decisions, IT has moved in and Subscription Services
to accomplish as your traditional physical
traditional physical access control is very To subscribe to Hi-Tech Security Solutions
security people are a different species from including the
much a converged industry today.
your traditional IT people. It’s been said they Access & Identity Management Handbook
That is not to say there is no future for Contact: [email protected]
don’t actually speak the same language.
the physical access control manufacturers,
Nonetheless, convergence will happen as
integrators and installers, far from it. The Design and layout:
more security risks involve physical security Technews Production Department
society we live in requires securely controlled
products and installations as an easy way to
access from the home to business and
get into the corporate network (not that IT All rights reserved. No part of this publication may be
even restricted government and national reproduced, adapted, stored in a retrieval system or
departments have anything to boast about
­transmitted in any form or by any means, electronic,
utility installations – not that anyone wants
when it comes to security). Perhaps a new ­mechanical, photocopying, recording or otherwise,
to steal any outdated Eskom equipment, ­without the prior written permission of Technews
breed of converged access control specialists
­Publishing (Pty) Ltd,
but the concept remains. The difference is
will emerge to change the industry for Reg No. 2005/034598/07
these systems need to be integrated and
the better, or we can all rely on Eskom to
interoperate with the digital world, hence Disclaimer
ensure that cyber risks are nullified (because
the need for IT skills. And I think the need for While every effort has been made to ensure the
computers don’t work on candle power), but accuracy of the information contained
cyber security skills is a given in whatever herein, the publisher and its agents cannot be held
then we will still need physical access experts
industry you are in these days. responsible for any errors contained, or any loss incurred
to control the flow of people. as a result. Articles published do not necessarily reflect
In one of our articles we cover a webinar the views of the publishers. The editor reserves the right
HID Global broadcast in which it showed to alter or cut copy. Articles submitted are deemed
to have been cleared for publication.
how IT departments are getting involved Andrew Advertisements, inserts and company contact details are
printed as provided by the advertiser. Technews Publishing
(Pty) Ltd cannot be held responsible for the accuracy or
veracity of supplied material.
LETTERS TO THE ­EDITOR
Letters to the Editor should be addressed to Andrew Seldon at [email protected].
­Sending material to this publication will be considered automatic permission to use in full
or in part in our Letters column. Be sure to include your name, e-mail address, city and
postal code. We reserve the right to edit all letters.

4 Access & Identity Management Handbook 2019 www.securitysa.com

 A bespoke systems engineering house providing high-end security, video and access automation
systems in the industrial, mining, corporate and national key-point sectors across southern Africa.

DESIGN | SUPPLY | INSTALL | SUPPORT | MAINTAIN

Access automation Key management systems

Video surveillance systems Time management & attendance systems

People management systems Biometric identification systems

Perimeter intrusion detection High-level integration between systems

Representing global-leading security

a Motorola Solutions Company

Authorised OEM partner A direct channel partner An accredited partner/ Authorised system Integration solutions
for Avigilon video systems channel for Gallagher integration partner. partner for Sagem and
Veracitech is a direct partner and
expert-recognised systems house with direct engineering security systems. Morpho products.
for Autec Babylon in southern and procurement to
Africa. Our executives introduced Avigilon HQ in Canada.
Autec Babylon to the southern
Africa market in the early 1990s
and have built up an unparalleled
experience and knowledge base
in system design and integration
with Autec Babylon.
Veracitech
30 years of successful high-end security solutions.
+27 11 888 7251
[email protected]
www.veracitech.co.za

www.securitysa.com Access & Identity Management Handbook 2019 5

TRENDS
Open source identity initiative
Industry-first open source identity initiative promises to eliminate vendor lock-in
and reduce costs for governments around the world.
In a move that promises to accelerate the
development of national identity schemes
across the world, the Secure Identity
Alliance has announced its Open Source API
(Application Program Interface) initiative.
Directly addressing the high-cost
problems of vendor lock-in and the lack
of standardisation within today’s identity
ecosystem, this new Open Source API
project will deliver technical interoperability
between civil registration registries and civil
identification registries.
Developed within the SIA and endorsed by
the world’s leading identity system vendors,
this initiative demonstrates an industry-wide
commitment to breaking down the technical
barriers to achieving the United Nations goal
of establishing a legal identity for every citizen.
By allowing multiple identity registries
and systems to ‘talk’ to one another –
independent of technology, solution
architecture or vendor – the Open Source
API will solve the interoperability challenges
that have hampered the evolution of national
identity systems. By delivering technical
interoperability, governments can maximise
the value of their existing identity systems
and infrastructure, and invest in new solutions
without integration problems or single vendor
dependency.
In other words, governments can invest
with confidence, preserving the value
6 Access & Identity Management Handbook 2019 www.securitysa.com
of existing systems while evolving their
environments without the fear of vendor
lock-in. This will ensure that governments are
able to confirm citizens are the same person
across various registries and issuing agencies,
and that an individual’s data – or attributes
– are up-to-date. Doing so protects the
individual against the risk of identity theft and
state agencies against fraud.
The Open Source API has been
shared on Github (https://github.com/
SecureIdentityAlliance) and anyone wishing to
contribute is welcome.
The Secure Identity Alliance is dedicated
to supporting the provision of legal, trusted
identity for all, and to drive the development
of inclusive digital services necessary for
sustainable, worldwide economic growth and
prosperity. It believes legal, trusted identity
is the cornerstone of rights protection, social
inclusion and digital economic development
– and the access point to a wide range of
essential public and private services.
Welcoming the announcement, Dr Joseph
J. Atick, executive chairman of the ID4Africa
Movement, said: “The importance of initiatives
of this type cannot be underestimated. A
poll of delegates during the recent annual
meeting of the ID4Africa Movement identified
vendor lock-in as the biggest concern for those
tasked with delivering national ID schemes.
As the ID market matures, governments and
implementing bodies must be free to select
the most appropriate solutions without
commercial or technical restrictions. The SIA’s
Open Source API is a key enabler and a major
step towards harmonising identity schemes
across Africa.”
Launching the initiative, Debora Comparin,
who leads the Open Source API for the SIA,
comments: “This initiative is all about making a
difference for governments and implementing
bodies across the world. It not only reflects
how fast the identity market is maturing, but
also the commitment of its major players to
solving legacy proprietary challenges through
ever deeper levels of collaboration and
openness. The publication of the Open Source
API on GitHub is the first step and we welcome
contributions from all players in the identity
value chain.”
Frédéric Trojani, chairman of the Board
of the SIA, comments: “While the abundance
of proprietary technology is the natural
consequence of the lack of recognised
standards, we feel the industry must play a role
in redressing the imbalance. As a not-for-profit
association supported by the world’s leading
identity providers, SIA is uniquely positioned
to drive this openness agenda through our
experience, technical expertise and global
influence.”
More information is available at www.
secureidentityalliance.org.
www.securitysa.com Access & Identity Management Handbook 2019 7
TRENDS
Significant differences in ­perceptions
on state of digital trust
Nearly half of businesses admit to selling customer data, despite claiming data
­protection as paramount; consumer behaviour shows strong correlation between
loss of business and lack of digital trust.
CA Southern Africa announced that CA
Technologies revealed the results of an
extensive global survey of consumers,
cybersecurity professionals and business
executives about their views on digital trust.
Conducted by analyst firm Frost &
Sullivan, the inaugural report, titled ‘Global
State of Digital Trust Survey and Index 2018,’
highlights how consumers perceive and
trust organisations to protect their digital
data. It also includes significant data about
how business leaders and cybersecurity
professionals at organisations view their
responsibilities of data stewardship, the
licensing of consumer data to third-parties and
the technologies they are implementing to
protect data and customer privacy.
This report comes at a critical time, as
consumers are increasingly transacting online
– whether for work, leisure or play – providing
organisations with access to vast amounts of
data, from consumer profiles and personal
information to user behaviour and habits. With
that increasing store of data also comes greater
responsibility to protect it against abuse from
external and internal sources.
8 Access & Identity Management Handbook 2019 www.securitysa.com
Amidst a continuous stream of headlines
about major data breaches in enterprise
and government agencies, the degree to
which consumers have placed their trust
in organisations to protect their personally
identifiable information (PII) online has never
been more relevant. In 2017 alone, the number
of confirmed data breaches globally was
staggering. Against this backdrop, it is crucial
for business leaders to understand worldwide
public sentiment concerning the sharing of
information online, and the impact of data and
privacy breaches on the company’s bottom line.
A price to pay
“We are at a crossroads in the information
age, as more companies are being pulled into
the spotlight for failing to protect the data
they hold, so with this research, we sought
to understand how consumers feel about
putting data in organisations’ hands and
how those organisations view their duty of
care to protect that data,” said Jarad Carleton,
industry principal, Cybersecurity at Frost &
Sullivan. “What the survey found is that there
is certainly a price to pay – whether you’re a
consumer or you run a business that handles
consumer data – when it comes to maintaining
data privacy. Respect for consumer privacy
must become an ethical pillar for any business
that collects user data.”
Responses to the survey showed that the
Digital Trust Index for 2018 is 61 points out of
100, a score that indicates flagging faith from
the consumers surveyed as it pertains to the
ability or desire of organisations to fully protect
user data. The index was calculated based on
a number of different metrics that measure
key factors around the concept of digital trust,
including how willing consumers are to share
personal data with organisations and how well
they think organisations protect that data.
Key findings from the report include:
• Nearly half (48 percent) of consumers report
that they currently use, or have used in the past,
services of organisations that were involved in a
publicly disclosed data breach and, of those, 48
percent have stopped using the services of an
organisation because of a breach.
• There is a 14-point gap between the Digital
Trust Index of consumers (61 percent) and
the perceptions by business decision-makers
 TRENDS

and cybersecurity professionals (75 percent),

signifying mismatched perceptions among “78% of consumers responded that it is very
these audiences in a measurement of
perceived consumer trust versus actual
important or crucial that their PII (personally
consumer trust. identifiable information) be protected online.”
• Only half of consumers surveyed (49 percent)
are willing to provide their personal data in
Sullivan in March and April 2018. The survey’s Download the infographic at https://www.
exchange for digital services.
respondents assume senior business and IT ca.com/content/dam/ca/us/files/infographic/
• 90 percent of organisations claim that they
positions at public and private enterprises the-true-state-of-digital-trust.pdf (short URL:
are very good at protecting consumer data,
across nine industry sectors. www.securitysa.com/*CAinfog).
showing a high level of self-confidence,
Download the full report at https://www.
despite the fact that nearly half (48 percent)
ca.com/content/dam/ca/us/files/white-paper/ For more information, contact CA Southern
of business executives admitted that their
the-global-state-of-online-digital-trust.pdf Africa, +27 11 417 8594, heidi.ziegelmeier@
organisation has been involved in a publicly
(short URL: www.securitysa.com/*CAreport). caafrica.co.za.
disclosed consumer data breach in the last
year.
• 43 percent of business executives admit
to selling consumer data that includes
personally identifiable information, while
only 15 percent of cybersecurity professionals
surveyed knew that their company was
selling data containing PII.
These results point to a significant
gap between how organisations view
their responsibilities on data stewardship
and consumer expectations around how
organisations protect consumer data. In the
application economy where data is king,
organisations must prioritise data privacy
and security or risk serious ramifications.
Organisations can mitigate these risks by
taking a proactive stance on security, such as
Digital trust in a zero-trust online world
narrowing their policies for sharing user data, In a blog post related to the above report, CA’s David Duncan addresses digital trust. Below are
reducing privileged user access, implementing some highlights of his article. To read the full post, go to https://blog.security.com/does-digital-
continuous user authentication technologies, trust-matter-in-a-zero-trust-online-world/ (short URL: www.securitysa.com/*cazero).
and adopting better cybersecurity and privacy • So, what is digital trust and what does it mean? Frost & Sullivan’s Principal Cybersecurity
controls to stop hackers. Analyst Jarad Carleton, in the 2018 Global State of Online Digital Trust Report, defines it as:
“In today’s digital world, consumers expect Digital trust is the confidence placed in an organisation to collect, store and use the digital
security and privacy to go hand-in-hand with information of others in a manner that benefits and protects those to whom the information
a great user experience. The study clearly pertains.
shows that trust is fleeting if organisations • In parsing this sentence, a few keywords stand out: CONFIDENCE, PROTECT, BENEFIT. Think for
don’t do their due diligence to protect just a minute about all of the online apps and web services you use during the course of an
consumer data from getting into the wrong average digital day, all of the privacy permissions you have granted to apps on your mobile
hands,” said Mordecai Rosen, general manager, devices, the extended network of health care providers and financial organisations that have
Security at CA Technologies. “Now, more than access to your most sensitive personal information, and online shopping sites that store your
ever, organisations need to understand that credit card information and corroborating personal details. Do you have confidence that they
success in the digital economy requires that will protect your information in a way that benefits you?
they embrace a security-first mindset – a key • A loss of trust can be an ‘Extinction Level Event’ for organisations and their executives. Size,
tenet in our Modern Software Factory model. scope, public awareness and availability of other alternatives or choices for consumers are all
A loss of digital trust has implications on all factors that determine if the impact to an organisation is short-term and moderate, or if it is
aspects of a business and brand perception, long-term and significant.
so organisations owe it to their customers and • How are organisations responding? A strategy recently being adopted in the cybersecurity
shareholders to get it right.” industry is to implement a ‘Zero-Trust’ authentication operating model and technical
infrastructure to reduce the risk of a data breach. The Zero-Trust operating model enforces a
Survey methodology model of mandatory authentication and discretionary access control by requiring that anyone
The global online survey of 990 consumers, or anything inside or outside an organisation’s network perimeters prove that they (or it) are
336 security professionals and 324 business who they say they are, before granting access, and that the user’s rights to access the apps,
executives across 10 countries was sponsored services or data is evaluated and restricted in scope based on a concept of ‘least privilege.’
by CA Technologies and conducted by Frost &

www.securitysa.com Access & Identity Management Handbook 2019 9

MANAGING IDENTITIES
Trust but continually verify
By Andrew Seldon.
Hi-Tech Security Solutions looks at access and identity management and asks some
industry players what ‘zero trust’ and ‘least privilege’ access means.
The concepts of zero trust and least privilege
access and identity management are gaining
a lot of airtime these days. While not new, in
organisations’ attempts to control all forms
of access and manage the cyber threats to
systems and data, these concepts are seen as
more important. In the physical security world,
these ideas are also not new, but they have
often taken a back seat to traditional physical
security issues.
However, as physical and logical security
increasingly converge (and even when
the two are separated, there is always a
connection between them), access and
identity management has become a critical
issue. In this article, Hi-Tech Security Solutions
looks at access and identity management and
asks some industry players what zero trust and
least privilege access means and how it can be
rolled out to incorporate the converged world
of security.
Starting out, we asked what the terms ‘least
privilege’ and ‘zero trust’ mean in the world of
access and identity management. And looking
at the world around us, what do they mean as
we move into an IoT (Internet of Things) world
where connected things are as important as
connected people, and devices on the edge
send continuous streams of data to servers and
data centres?
With the sheer number of people and
devices that are able to connect to our
networks today, there are an almost infinite
number of possible connections that will
want access, legitimate or not. Therefore,
Kurt Burger, sales manager at Altron Bytes
System Integration, says organisations must
10 Access & Identity Management Handbook 2019 www.securitysa.com
implement a least privilege model to allow the
right people to access only the areas and data
that is pertinent to them.
Mayleen Bywater, senior product manager
for cloud security solutions at Vox, explains
that the terms least privilege and zero trust
refer to the understanding a business has of
who has access to what information, when
and how. “The business has to ensure that
users have the correct access to the right data
at any given time. When IoT is brought into
the environment, where it connects various
networks, people and devices, the business
needs to ensure that it knows who or what is
connecting, to where or what, and who has
access to the data and analytics.”
She adds that this is a crucial area
for companies to control in terms of
Mayleen Bywater.
managing and mitigating risks in their data
environments, whether it is on-premise, in
the cloud or via edge devices, especially with
legislation such as GDPR and PoPIA in mind.
Sagan Pillay, CA Southern Africa security
solution strategist, adds that least privilege
and zero trust are part of the defence-in-depth
strategy organisations apply to ensure the
right access is provided to the right person
or people at the right time. It’s basically
understanding what is happening in every
transaction, from a simple exchange of data to
complex financial transactions.
In most organisations, this is decided by the
individual’s job. Person X needs to do certain
things and is therefore granted rights to access
the places, applications and data to fulfil that
function. Unfortunately, many organisations
have become lazy and when people move to a
new position or even leave the company, their
historical rights remain in place.
For example, someone may take over
a job and the routine solution would be to
give them the same access rights as their
predecessor. Too often, the predecessor’s
rights are not modified to change or remove
their access and neither are the new person’s
old access rights modified to remove access to
what they required in their previous roles. This
is, obviously, a security risk.
The idea of zero trust can also be
aligned to the concept of zero tolerance,
says Pillay. This implies strong control of all
access and a demand that systems trust an
identity completely before any transaction
is permitted. “Strictly enforced, this binds a
Continued on page 12
www.securitysa.com Access & Identity Management Handbook 2019 11
MANAGING IDENTITIES

Continued from page 10 for example) or an unknown device, the

physical identity to a logical identity by various
means, such as the physical location, biometric
authentication or even the device used in
requesting access. The organisation takes
these factors and more into account and builds
a trusted profile that can grant seamless access
when all the trust boxes are ticked, or create
more ‘friction’ when something is amiss.”
He provides the following example. When
someone wants remote access to certain
applications and data, the system may allow
quick and seamless access because, over
time, it has learned that this individual often
accesses these areas after hours (from home,
for example). The system already knows the
home network, so that is a box ticked; it also
knows the device used, such as a work laptop,
which is another box ticked; the individual
is using a work VPN and has logged into the
system using their authorised username
and password, another box ticked. They will
therefore be allowed in without creating more
authentication friction.
If the same person requests access from
an unknown network (Wi-Fi at the airport,
system will automatically realise something
is different and, depending on what is being
accessed, request further authentication – or
deny access altogether. A similar process can
apply when an individual is accessing systems
and data from their work computer over the
work network, but because the organisation
has combined physical and logical identities
and access control, the system knows they
haven’t entered the premises that day and can
therefore safely block access.
Similarly, Burger says the zero-trust idea
basically means “never trust, always verify”.
Even when a known person connects from a
known device and network, there needs to be
something that verifies that it is a legitimate
connection. This can be done through some form
of token or credential (such as a certificate on
their device), or we can also now use behavioural
biometrics to determine who is typing on a
keyboard or swiping on a mobile device.
When something wrong is detected, the
system can escalate the abnormality and set
procedures can be initiated to confirm that
someone is using a stolen device or perhaps all
is well but the individual has hurt themselves
and is not using their systems as normal.

Overcoming user resistance

When it comes to access control, physical
or logical, the question of user resistance
is always an issue. Users want to get things
done as quickly as possible with the least
hassle, leading to shared passwords, tailgating
and even choosing the dumbest passwords
possible. And while the trade-off between
security and convenience has become
somewhat of a cliché today, it is something
administrators need to always be aware of and
try to prevent.
Bywater believes the best way to manage
this is to set rules or have parameters in place
where users can’t use the word ‘password’ or
‘123’ as a password. The business can also set
up a rule that users can’t re-use a password
they have used before. This will ensure that
users do not use their pets’ names or the same
details every month. Companies should also
enforce policies such as regular password
changes to ensure effective access control.
She adds that users often use the same
password in multiple scenarios in order to
make it easier to remember, which is a severe
security risk. “The key is to create a single
sign-on identity management system that links
different systems into one. This enables users
to change one password on a regular basis
and it will pull across systems and applications.
It alleviates the pain point of changing
Sagan Pillay.
passwords across multiple applications
and creates a best practice policy for the
business around passwords. It is important for
companies to enforce these policies as hackers
know how to exploit security vulnerabilities
such as weak passwords.”
Pillay agrees, but adds that passwords are
only one level of security. We currently need
passwords as a base-layer for access and
authentication, but organisations must also
have other authentication means over the
layers of security they have in place protecting
more sensitive systems and data. Certificate or
token-based authentication can create these
additional layers, often without user input.
For example, if you have been granted access
via your mobile device, a certificate can be
installed on the device that tells the privileged
access management system that the device is
considered secure – although there are various
layers and processes to consider. This process
can also be applied to IoT access.
Burger is a believer in biometrics for
identity authentication. He says the idea of

12 Access & Identity Management Handbook 2019 www.securitysa.com

 MANAGING IDENTITIES

Privileges for things

In the IoT age, companies can amass an
Access and identity management insights
enormous amount of information from
Dragan Petkovic, security product leader ECEMEA at Oracle, offers some quick insights into things, whether simple sensors or complex
access and identity management in business today. surveillance cameras. There are great benefits
in the autonomous transmission, collection
The business needs behind AIM tools and solutions and collation (analysis) of data, but there are
The question of whether you need access and identity management (AIM) or not should also risks as this data is often sent to servers
not even be asked. Practicing minimum privileges and periodically reviewing access should that you wouldn’t want open for general
be part of any organisation’s policy. access. It seems too easy these days for
Identity management needs to be tightly integrated with other functions such as the someone to add malware to the data stream
security operations centre as well as mobile and network security. It is also more important and to receive unauthorised data via the same.
than ever due to regulatory requirements on the one side and nexus forces on the other. It Pillay advocates a privileged access
is the foundation of transformational forces, including mobility, big data, IoT and cloud. management approach to securing the IoT,
Identity management should not be just another silo, it should work in unison with which would see these systems only being
other security solutions. able to access organisational devices within
specific criteria and with set authorisations
Protection from the inside out in terms of what can and can’t be done. This
Protecting corporate assets from outside threats is a good starting point, but when would be supported by gateway monitoring
someone brings a threat inside the business, the results can be catastrophic. This becomes and authentication as an added security
particularly problematic when dealing with employees who are privy to sensitive protocol to ensure nothing unusual comes
information and who may have high-level decision-making powers. through.
Most privacy frameworks give a clear mandate that access to personal/private data “The business must ensure that these
should be given to a limited number of individuals within the organisation. Access devices are set up with the right rules and
restriction, practicing minimum privileges, being able to periodically review it and with alerts built in,” notes Bywater. “As much
demonstrate it is a clear case for identity governance and access control. as we want systems to be automated and
autonomous every step of the way, it is still
Deciding who has access necessary for an individual or for want of a
Access to data is fundamental for most organisations and we’re seeing that physical and better word, a human, to interrogate the data
logical entitlements are converging. When implementing identity management it is and mitigate an incident. Checkpoints should
paramount to align security controls to the value of the data. be in place across the network to make sure
Secondly, more organisations are moving their workloads to the cloud, which is often that current threats are mitigated and that
overlooked when it comes to identity and access governance. Cloud can be vulnerable an administrator builds rules to protect the
when it comes to identity management as very often it is managed by line-of-business environment on an ongoing basis.
and security functions do not have control over it. Not having control can lead to all kinds “For example, if someone tries to bypass
of problems such as administrator account proliferation or dormant accounts. Cloud the system or gain access to the network, an
deployment should be done in a considered manner and when done in such a way it can be automated system can probably pick this up,
more secure than on-premise models limiting restrictions to company data. but if someone does manage to hack into the
system and override rule sets, the business
How access fits in with the overall security should have an administrator that can identify,
Access to data is fundamental for most organisations and we’re seeing that physical and verify and address the issue. It is key for the
logical entitlements are converging. When implementing identity management it is business to understand who has changed what
paramount to align security controls to the value of the data. at all times and to have an audit trail.”
Access management is a journey. Getting your directions right the first time is essential. Again, Burger highlights the ability to
Having realistic and achievable milestones mapped to direct business benefits is the most install digital certificates on devices as a means
important part of the journey. The management usually has high expectations, but loses of automatic authentication.
interest quickly, so those realistic milestones keep them engaged.
Secure access control and the cloud
For more information, contact Oracle, +27 11 319 4753, www.oracle.co.za. Cloud services are quickly becoming as normal
as having servers on-site for many companies,
and many organisations have already
outsourced most of their server computing
being hacked is no longer a possibility but but, depending on the environment and requirements to remote servers. We have
will happen at some stage. Tools exist that can situation, multifactor biometric authentication also seen many companies opting for access
even predict when these breaches are likely should become the norm. In this way, even if control solutions that are cloud-based, putting
to happen, allowing organisations to prepare. your password is compromised, there is another the administrative tasks of access control as
However, he says prevention is a better course layer of protection in the form of biometrics, well as the maintenance and hosting functions
of action and advises that, as noted above, which are much harder to fake – assuming the in a service provider’s hands.
nobody should rely on passwords alone. technology chosen includes liveness detection Pillay explains that cloud-based access is a
Not only does he recommend biometrics, and other defence against fakes. Continued on page 14

www.securitysa.com Access & Identity Management Handbook 2019 13

MANAGING IDENTITIES
Continued from page 13
reality today and will grow along with general
cloud services, and that there are many options
as to how companies can make use of access
systems based in the cloud. The maturity and
reliability of cloud services is rising and we will
see many traditionally in-house applications
being made available as cloud services in future.
“Cloud services are growing exponentially
and if your business is not on board it leaves
you behind from a technology and digital
transformation perspective,” adds Bywater.
“Cloud is simplifying services for businesses,
making it easier for them to access and
use a whole host of services. It also brings
down the cost of managing and maintaining
infrastructure.
“A business’s data is its number one asset.
With cloud, the business has an audit trail of
who has access to which systems and services
and what was updated or not updated. The
cloud is a realistic and reliable option for access
and identity management as security is top of
mind for cloud service providers.
“It is always a good idea to ask the cloud
service provider about the security measures
that are in place and whether it is necessary
for the business to add its own measures,” she
advises.
Burger agrees that cloud is the way to go,
but also advises that there is not a one-size-
fits-all solution that can be applied to every
company like a template. Every organisation
needs to take the time to determine what form
of cloud services would best suit them, even
adjusting the solution depending on the areas
14 Access & Identity Management Handbook 2019 www.securitysa.com
they are protecting. Accessing the parking
lot and the canteen could easily be a cloud
service, but accessing the vault would require a
bit more thought.
He also highlights the benefits of
integrating your physical access control with
your logical access. He says this adds another
layer to your authentication security by noting
the physical location of the individual and the
relevance of him/her accessing a server from
there. An example often used is if someone has
not entered the office building and is trying to
Dragan Petkovic.
log into a PC in the building. This should raise
a flag. And as noted above, for remote access,
depending on where the person is logging
in from and the device they are using will
determine if they are allowed access, and if so,
how much.
No matter what solution you select, Burger
says, you need to design a system that works
for what you need and then look for the
technology that will make it work, not decide
on the technology and then see how you can
jam it into your organisation.
Access and identity management is
common in every organisation and even at
home, it is just the complexity of the processes
that vary. In the business world, authentication
is more crucial than ever in a world where
cyber criminals seem to have almost no
restrictions. Controlling access to company
resources, logical and physical, on-site and in
the cloud, is therefore a critical aspect in your
security arsenal, and combining the two into
a collaborative effort to protect the enterprise,
its people and assets is no longer an idea that
could happen one day, it needs to happen
now. The catch, as discussed elsewhere in
this publication, is getting the physical and
IT disciplines on the same wavelength and
capitalising on the areas of speciality of both.
For more information, contact:
Heidi Ziegelmeier, CA Southern Africa, +27 11
417 8594, [email protected].
Mayleen Bywater, Vox, +27 87 805 0000,
[email protected],
www.vox.co.za.
www.securitysa.com Access & Identity Management Handbook 2019 15
CYBERSECURITY
Managing who, what and why
By Andrew Seldon.
Today’s access control isn’t only concerned with who has access, but also what has
access, why they need it and what they are doing with it.
The access and identity market is no stranger
to cybersecurity and all the implications of
losing control over your physical and logical
assets. However, in the past the physical side of
this industry has been a laggard in protecting
its customers and products from cyber risks.
This lack has become more of a problem
over the past few years as we have seen physical
access and time and attendance products using
IP communications as well as being integrated
with other business systems. Today, allowing
strangers to access and control a physical
access point can also give them a foot in the
door of your organisation’s complete identity
management system and, if not properly
protected, other sensitive corporate systems.
It is therefore critical for physical security
decision-makers to make sure their systems
are protected from cyber attack, no matter
how unlikely it may seem that something like
a simple reader on the door could be used to
compromise the company.
Marco della Peruta from Sensor Security,
explains that the most vulnerable information
in an access installation is the organisation’s
database of people, and following that, the
time and attendance logs and the payroll
information. “Too often we keep payroll
information highly confidential, but the path
from database to payroll could often be
intercepted or investigated by the software
installation team, for example.
“The key here would be to ensure that this
database, and the ensuing path, are protected
and managed correctly. Even the pulling of
16 Access & Identity Management Handbook 2019 www.securitysa.com
reports from the system is a possible danger to
the access of information.”
Protection can be achieved by ensuring
the database is on an independent computer.
This should also not have attachments
to the existing network infrastructure or
Internet. If there is a need for connections,
he says encryption of data as well as the
connection should be ensured. Additionally, all
information, apart from the temporary cache,
should exist on a central machine and not on
individual devices that are easily accessible.
He adds that people and access
permissions are also extremely important as
this is where breaches happen in most cases.
Limiting access to very few key personnel
should, therefore, be standard practice.
Elvey’s Chris Lelicanin adds that at each
exposure point there should be technology-
driven solutions in place that protect the
organisation, users and their data. In a scenario
where the user badges on a secure access
control device, we should use encrypted
secure card credentials, which can take the
form of a wearable, smart device, physical
access card or similar. The user’s fingerprint can
also be used as a secure credential. There are
also physical means along the lines of anti-
tamper features which erase secure data on
edge devices and door controllers.
When looking at the transaction point
between device and controller, he says OSDP
is a secure protocol to prevent any tapping
of information between the device and door
controller, as well as to the central server where
TCP/IP communication is protected through
encryption technologies such as TLS. On the
server side, you want a system that has strong
user permissions, and from which you can view
comprehensive audit logs and easily manage
expiration of personal data.
He adds that these technologies also
struggle to stand alone, “there is no point in
locking the doors of your car but you leave the
windows open, a comprehensive system needs
to be employed.”
Securing the database
David Corder from Saflec Systems says a good
start is to ensure that the permissions on the
database are set up sufficiently in order to limit
access to only the people who should have
access. You then limit the personal data that
is captured to what is strictly necessary for
the business processes used within the access
control setup. This is necessary for parts of the
PoPI act anyway, so it is becoming a necessity
for database administrators to keep in mind.
SQL Server databases use TDE (Transparent
Data Encryption) on the actual data files which
protects the data on the hard drive or external
backups. In any event, all communications
between the database and any software
package that reads from or writes to the
database needs to be configured to use the
highest level of encryption available – this is
currently Transport Layer Security (TLS) 1.2
with 256-bit AES encryption. This protects
the data in transit between data reader and
Continued on page 18
www.securitysa.com Access & Identity Management Handbook 2019 17
CYBERSECURITY
Continued from page 16
database, however what is typically done is
that there is an additional business layer that
ensures that the person looking at the data
is only seeing the information that has been
made available to them on a user-rights basis.
Making it reality
As can be seen above, effectively securing
your access systems is not a simple task,
although there are products out there that
make the process of securing the full access
control chain simpler and automated. As with
all security issues, complexity is the enemy of
security as most people opt for ease-of-use
and convenience to be able to get the job
done as fast as possible.
If personal data protection wasn’t a relevant
issue for users, we wouldn’t be hearing of
class action suits and settlements against
major tech companies for user data breaches,
says Lelicanin, and regulations and acts such
as GDPR and PoPI would be non-existent.
One of the big challenges is that so many
organisations are of the mindset that we’re ‘not
in the firing line’ or ‘it won’t happen to us’, but
the reality is that all of us are at risk from cyber
threats. It’s a serious issue and there are huge
ramifications for organisations willing to play
footloose with user data.
Della Peruta says most people will talk
the correct language about security, but the
implementation does not always exist. “We
are sometimes called to do a recovery on a
database and find it is often far too easy to get
access to it, such as with a TeamViewer link.
“I hear about ransomware that still hits
systems, which is indicative of a lack of security
and easy access from the Internet, LAN or
even a USB. There are a few customers that
really do in-depth protection, but many do
not. Education about technology and what is
happening in the real world, such as IoT and
security breaches, should be a key component
of the system integrator’s service.”
Corder’s experience is that traditionally the
people in charge of the access control have
been more worried about ensuring that people
have access to the building than locking down
18 Access & Identity Management Handbook 2019 www.securitysa.com
the areas where people are given access. It
tends to be when there is an issue of theft that
they then start trying to work out who has
been given access where and by whom.
“This trend is starting to change and as
time goes by people are more concerned with
ensuring that the data is accurate and security
auditors are starting to push for proof that the
system is secure (only authorised people are
being given access to certain areas),” Corder
notes. “As for cyber risks like hacking, I think
that the industry is starting to care more, but
it’s considered an ‘outside risk’. ”
Should we all OSDP?
While it is easy to place physical access control
products and installers/integrators in the box
of not being aware of cybersecurity, that is
not really true. One of the solutions devised
to improve the security of data transferred in
access control transactions is Open Supervised
Device Protocol (OSDP), an access control
communications standard developed by the
Security Industry Association to improve
interoperability among access control
and security products (see more at www.
securityindustry.org/industry-standards/open-
supervised-device-protocol). OSDP is touted
as a Wiegand replacement because of the
additional security built into the protocol.
Adding to the conversation, Lelicanin
states, “Wiegand has been around for close
on 35 years and is a standard in the industry;
the problem is it hasn’t kept up with user and
organisational data security needs. Weigand
is unmonitored, easy to hack and suffers from
interference and cable length is limited, to
name a few disadvantages. OSDP is an open
standard so there is interoperability between
hardware of different manufacturers. It also
has greater support for biometrics due to
the increased bandwidth and supports
bi-directional communication. “
Corder explains that OSDP has several
advantages over Wiegand: “generally fewer
wiring cores, longer run distances, multi-drop
rather than star, multiple different devices
on one network line, less hard-coded ways
of interpreting the data and bi-directional
communications immediately come to mind”.
(See more in the article: The advantages of
OSDP, www.securitysa.com/60145n).
However, he says the greatest advantage
is the Secure Channel, which is the encryption
between third-party devices and controllers.
Unfortunately, even some of the big players
out there have only basic implementations of
OSDP and don’t support Secure Channel yet.
“We are working with various companies to
try and increase the up-take of the protocol,
especially the optional cybersecurity.”
The benefits of OSDP are installation
and security related, says Della Peruta.
“Cybersecurity is not always espionage
over the Internet, but any stage where
electronic information is intercepted and
understood. OSDP becomes important here
as the communication medium might still
be accessible, but the high levels of data
encryption remove the risk of listening or
talking down the line.”
Lelicanin adds that the good news is
that forward thinking manufacturers have
incorporated and integrated both technologies
into their products, this lets legacy sites stagger
their security requirements and balance them
with their existing upgrade budgets.
Integrating to everything?
Controlling who or what has access to who
or what is what access control is all about,
whether in the physical or logical world.
As we move into the age of the Internet of
Things (IoT), the question of controlling access
between millions or even billions of devices
will become something the access industry
needs to take note of and prepare for. In this
scenario, the question of why also becomes
an issue. There may be acceptable access to or
from a device or server, but we need to know
why the access is happening, is it a legitimate
exchange of data or has someone hijacked
a device and is trying to install malware on a
server? Is the access control industry ready
and are the management capabilities for such
dispersed systems available?
There is no question that we are moving
towards a more inclusive integrated

environment, according to Della Peruta.
The past of discrete packages where access,
intrusion, video and building management are
different brands and disconnected are over.
“I believe there are a few directions on this
the industry needs to become comfortable
with, such as threat management, business
efficiency management and marketing
­analysis. We are not just using the individual
components anymore, but collectively for
much greater functionality. We no longer
purchase devices for a simple function, but the
devices exist as a means to a greater solution.”
Some examples he provides include:
• Monitor water usage and linking that with
access control and video.
• Have a more accurate understanding of hotel
guests to cater better and improve on food
and maintenance costs while simultaneously
making the venue more appealing.
• Collective security information to understand
if a high security site could have a vulner­
ability through a perimeter system fault.
“Naturally, such a level of integration
does become dangerous in terms of all
the equipment that needs to interact
with a common platform. Who operates
and configures such a platform? Are they
experienced in the type of industry and
technology? Are they an ethical moral group?
The realm of integration such as this goes
beyond ONVIF, and more the direction of PSIM
software systems.”
Accessing the IoT
Access control can already be considered part
of the IoT, most systems already connect to
the Internet and many are pioneers in IoT, says
Corder. IT networks themselves are becoming
more secure and are starting to require
authentication to the network itself, using
something like 802.1x. Access control products
will soon have to support this in order to be
allowed on the networks themselves – and this
is a good thing in that it provides an extra layer
of security.
“I think the way the industry is heading
will be that all access control devices will be
Internet-enabled devices that are configured
using IT systems like Active Directory. Personal
mobile devices are also increasingly being
used as the access token using Bluetooth
Low Energy, NFC or similar technologies with
the ability to report back or do biometric
authentication using Internet or LAN services.”
Similarly, Lelicanin also believes we are
there already. “Personally, I think the most
successful platforms will be ones that offer
www.securitysa.com Access & Identity Management Handbook 2019
CYBERSECURITY
cloud services, are modular and scale to
address the client’s specific needs, have
integrated and complete solutions that
incorporate your access, CCTV, fire and
intrusion and take the hassle out of security.
So, while we still focus on securing
readers, devices, data and servers within our
organisations, the future security concerns
of the access industry will have to include far
more ‘things’ that are requesting and sending
access or data. Even though most of these are
simple sensors that deal in small bits of data
that are generally necessary for analysis, but
not a security threat, unfortunately the data
pathways will be a tempting target for those
intent on getting into your network. Access
administrators will therefore need to make
sure they secure their networks from direct and
indirect attack. If it is not already, cybersecurity
will soon be a core component of the access
control industry.
For more information contact:
Elvey, +27 11 401 6700, [email protected],
www.elvey.co.za.
Saflec Systems, +27 11 477 4760,
[email protected], www.safsys.co.za.
Sensor Security, +27 11 314 9419, info@
sensorsecurity.co.za, www.sensorsecurity.co.za.
19
CONVERGENCE
Physical/logical convergence
By Andrew Seldon.
The convergence between physical and logical (or cyber) security will be a game
changer because it will change the way we do everything.
The question of convergence is nothing new
to the physical security industry. It wasn’t
too long ago that surveillance technologies
converging onto the IP platform was the
thing everyone was talking about and we
have since seen a massive shift from analogue
surveillance to IP-based surveillance –
although analogue is far from dead. Similarly,
we have seen almost all the areas of the
physical security industry moving to IP as a
way to better control connected systems and
integrate with other products.
Today, however, we are seeing a new
convergence game in town, one that will
have a far greater impact than IP convergence
ever had. One of the reasons for this is
that nothing in this industry will remain
unaffected. The convergence between
physical and logical (or cyber) security will be
a game changer, not simply as a result of new
technologies available and new skills those in
the industry will have to learn, but because
it will change the way we do everything,
from planning to design and all the way to
installation and maintenance.
Another enormous challenge will be
20 Access & Identity Management Handbook 2019 www.securitysa.com
getting physical and logical security people
and departments to work together and speak
the same language. At the NEC XON summit
at Sun City this year, Bertus Marais, divisional
GM of XON Safety & Security, noted that the
convergence of physical and cybersecurity
is already a reality in many organisations. He
noted that companies today are demanding a
holistic view of their security operations and
if the two worlds are separate, that simply
leaves a gap in your security posture.
Everyone is involved
Roger Truebody also notes that physical/
logical convergence is a discussion more
people are having, but he says, it is a very
difficult topic to deal with as a generality.
The discussion is definitely growing, but the
level of the discussions vary from industry
to industry, and in some cases, company to
company.
Those who see security as important
to their future business success are further
ahead of the curve due to various pressures
they find themselves under, as well as past
experiences of losing access to their systems
(and hence losing money) due to a cyber-
attack. Truebody adds that the point of
contention in almost all discussions is not
technical or skills related, but cultural.
The ‘IT guys’ and the ‘security guys’
have different priorities, personalities and
challenges, and very different working
cultures – even those working in the same
company. Overcoming these differences is
where the hard work starts.
Mark Walker, associate vice president:
sub-Saharan Africa at IDC Middle East, Africa
& Turkey, agrees, noting that the current
allocation of duties among the physical and
logical teams are still very much in their silos
and the teams have a singular view of their
tasks and roles in the organisation. He says
it is also a question of turf, especially among
senior people who are worried what may
happen to their position if the silos converge.
What’s needed from both sides is a
broader view of the business, adds Walker.
Security personnel should start looking at
security from a business and user point of
view, expanding their concept of security
to incorporate the whole business. To use

a familiar term, he says they need to look
at integrating all their security systems and
platforms into a holistic enterprise solution.
This will include everything, from data and
network perimeter protection, through to
facilities management and surveillance, and
all the way to integrating the latest artificial
intelligence (AI) solutions – such as predictive
and/or behavioural analytics.
Starting the process
No matter the challenges, the convergence
process is not one that will go away and
companies that delay starting will only
see their people, assets and systems more
vulnerable and more targeted by more
sophisticated attacks – because they are
easier targets. Truebody says the starting
point is to first sit down, talk to each other,
and develop the will to make convergence
happen.
Once you know that it is going to happen
and have buy-in from everyone concerned,
you can then start with a risk analysis that
does a full audit of your physical, logical and
business security risks. In a nutshell, Truebody
says that once identified, you can then go
further with impact analysis and so forth,
developing integrated prevention, protection
and recovery strategies.
However, he warns that while it may
look good on paper, if the will and buy-in is
­missing, it will not happen as convergence is
a significant clash of culture and ego – who
Mark Walker.
is going to be the boss of the converged
security department.
Walker echoes these sentiments, noting
that getting the two cultures working from
the same scorecard is the first challenge that
has to be overcome. The parties need to get
talking and raise general awareness at the
top about the enterprise’s holistic security
challenges.
The next step is to continue the
communications while also acknowledging
the scope of the task ahead. Then comes the
strategy to converge the security function
into one and the challenge of putting it all
under one executive – a chief security officer
(CSO) or someone with authority to speak to
the board.
Walker also recommends that automating
as much of the converged security function as
possible is critical in terms of getting the best
results, as well as streamlining integration
challenges.
Small wins
While the convergence of physical and logical
security is a complex operation and the chore
of getting people from different cultures
to work together is enormous, companies
can also go for smaller wins to prove its
effectiveness.
As an example, Marais said this
convergence can simply be an application
that logs your computer off, or activates a
screen lock when it sees you are no longer
Roger Truebody.
www.securitysa.com Access & Identity Management Handbook 2019
CONVERGENCE
sitting in front of it. This combination of
physical and cyber is simple, but it can
prevent unknown people using your
computer, prevent ‘over-the-shoulder’
password stealing and even be integrated
with physical access control in order
to prevent you from logging onto your
computer if you haven’t entered the building
(or a trusted location). Similarly, if it notices
you have left the building or your area of
work without logging off, it can do so for you.
Vernon Fryer, CISO and GM Cyber
Security at NEC XON, provides an example
of convergence happening in some Cyber
Defence Operation Centres (CDOC) NEC XON
runs in South Africa and further up on the
continent.
These CDOCs are examples of
convergence in that one of their functions
is to monitor IoT devices, which includes
security systems, such as surveillance cameras
and other electronic readers or sensors. The
central server automatically monitors any
number of devices over time and creates a
base line of various data points. Should any of
these standard readings change, the control
centre is immediately alerted that something
has changed and operators can investigate.
The readings under scrutiny include
almost anything, and range from a simple
change in state (from on to off, for example),
through to changes in the firmware (in case
malware is installed as happened in the
Mirai botnet attack), to changes in a device’s
configuration or if a device is accessed from a
strange IP address.
Any changes are noted and investigated
by the CDOC personnel, thereby ensuring the
cybersecurity of physical security devices and
other IoT systems. This relieves pressure on
the operators and makes sure these devices
remain in working order over the long term.
Another integration Fryer says the CDOCs can
perform is to integrate social media feeds to
pick up trends, as well as to identify people
caught on camera from pictures on their
social media feeds.
One article can’t cover the full scope of the
convergence between physical and logical
security, but it is clear that this is a task we
need to get to grips with. Physical security
experts have to adapt to the IT world and all
that entails, including learning the language
and customs of what can be a completely
foreign culture in the office next door. The
result of this convergence will be a complete
security strategy that protects organisations
on all fronts from threats that are only
increasing in size, scope and sophistication.
21
CONVERGENCE
Physical and logical convergence is a fact
By Mark Paynter.
Convergence, the next buzzword? A dated buzzword? Is convergence ­merely
­integration on steroids? What is convergence?
Most electronic physical security solutions are
now network-based and incorporate multiple
IoT (Internet of Things) devices. This means
that they should be logically protected against
exploits and vulnerabilities which could quickly
escalate to far more serious system wide or
even domain-wide risk. If you are serious
about minimising risk for your customers and
protecting your clients’ assets, then logical-
physical convergence is a necessary step for all
Internet and network connected systems.
Many electronic security companies claim
to be experts in electronic security yet often
their major nerve centre appliances and
servers are accessible using the default web
interface on port 80 and the default OEM user
name and password via their guest Wi-Fi. Is
this really true security? Do security industry
captains understand the above three lines?
If not, then we have a serious problem and
questions need to be asked around why are
they not costing and planning in expert ICT
security specialist advice?
Is being competent in terms of selling
electronic security solutions but failing to
secure these systems against cyber attacks not
ultimately opening more rabbit holes of risk?
Dark web mining risk, privacy invasion risk,
intelligence gathering for malicious intent, to
name but a few.
Imagine surveillance cameras that cover the
22 Access & Identity Management Handbook 2019 www.securitysa.com
movements of sensitive or high-risk subjects
and assets being maliciously and silently
accessed by criminals. Safe? Definitely not.
By 2020, over 25% of identified attacks in
enterprises will involve IoT, even though IoT
will account for less than 10% of ICT security
budgets¹. A worrying statistic, especially when
one researches the devastating potential of
cyber attacks via exposed or vulnerable IoT
devices. Furthermore, Gartner predicts the
number of connected things will reach 6.4
billion this year, hitting 20.8 billion by 2020
and IDC predicts that the global IoT market will
have grown to $1.7 trillion by then. Are you
seeing where this is going? The IoT industry
is mushrooming and in the quest for revenue
and marketshare we appear to be forgetting
basic cyber risk mitigation and the fact that
these devices are potentially creating gaping
black holes in the Internet.
New vectors for attack
Top cyber-trend analysts go as far as saying
that the next world war will be fought on the
Internet, and leading cybersecurity thought
leaders believe that nation-sponsored malware
and backdoors have already been built into
many OEM components at chip, processor and
MCB level and are just waiting for the right
time when the infamous button is pushed.
While this may sound far-fetched, it only takes
a basic Google search to find hundreds of
examples online of attacks on key components
and facilities.
In 2015, a couple determined they could
hack a ‘smart’ sniper rifle and change its
target. A few months later, the FDA issued an
alert about a connected hospital medicine
pump that could be compromised and have
its dosage changed. Earlier that same year a
cyber attack on a German steel mill left a blast
furnace running with no perceived means of
shutting it down.²
The Internet of Things (IoT) has the
potential to create numerous benefits for
businesses and consumers in terms of big
data and new levels of automation, but it also
creates new vectors for cyber attacks.
These days, objects as innocuous as your
toaster or alarm clock can be collecting, using,
or sending data. This creates a whole new
world for hackers to exploit, and you’d better
believe they’re doing just that.
If you are not convinced, simply type “IoT
attack sewage treatment plant” into Google. The
results will leave you viewing IoT differently.
Crosstalk between industries
Ten years ago, while working with an ICT
company which was attempting to penetrate
the physical security and intelligent building
Continued on page 24
 www.securitysa.com Access & Identity Management Handbook 2019 23
For dealer enquiries: 0861 PT SALE
CONVERGENCE
Continued from page 22
market, I realised how much terminology
is shared between the ICT and the security
industries.
Intrusion detection was the first word
which I stumbled on which overlapped and
had dual meaning. In the security industry
I came from, the words ‘intrusion detection’
had always referred to burglar alarms and
peripheral components, such as detectors,
contact relays and seismic sensors and the
word ‘intruder’ had referred to a trespassing
criminal who was gaining access to a private
property without consent and with malicious
intent. In the ICT industry, however, an
intrusion detection system is an intelligent
ecosystem of software, algorithms, devices and
applications which monitor ICT networks and
computer systems for policy violations and
malicious network activity.
The next was the word ‘firewall’. Where I
came from, a firewall was something the fire
system techies discussed with the builders
during construction site visits and project
meetings and it had to do with delaying or
preventing the spread of a fire. In the ICT world
I soon learnt that a firewall was a network
security system with intricate inbound and
outbound traffic rules (not the spiet kop
type of traffic), application filtering (not a
Google Play Store type of application), port
blocking (not the ship type), MAC address
filtering (not the Apple one) and all sorts of
other interesting propeller-head talk (above
average IQ engineers whose conversation is
so intellectually advanced that it flies straight
over my head).
Mark Paynter.
24 Access & Identity Management Handbook 2019 www.securitysa.com
To be honest, there were many other
examples which I stumbled on. Words such
as switches, access control, access tokens and
keypads to name but a few which have a dual
meaning.
One of my then colleagues within the
group, a great guy by the name of Jonathan
Kropf, was heading up the computer hardware
division. Jonathan was sharp as razors and
extremely humble despite having a few million
ZAR of specialists in his downstream reporting
structure. He used to help me out whenever
I was battling with a personal PEBKAC issue
(Problem Exists Between Keyboard And Chair). I
would call him and say, “Hey Jono – The guys are
talking about a VPN certificate for the instance?
We don’t have a certificate for VPN competency.
What is that? Is it like a CPO for a VIP?”
He would normally laugh patiently and talk
me through opening my Internet browser and
typing in www.google.com and then typing in
the question I was asking him, and say “there we
go Mark, next time remember Google is free”.
Jonathan introduced me to their ICT security
team who were tasked with the network and
appliance security for their sizeable national
client base. The ICT security team’s vocabulary
was a whole new language. When I heard them
discussing smurf attacks, grey nets, phishing,
vishing and “Dee Dos” teardrop attacks, I gave
up trying to understand for the time being and
I glided quietly back to my safe zone of PIRs,
NVRs, CCTV, RFID and PTZs.
I began to grasp, however, that there was an
uncomfortable but sizeable and distinct overlap
between ICT and traditional physical security.
I realised that cameras, DVRs, NVRs, intrusion
alarms, fire alarms and access control readers
were all forming part of what was becoming
known as the IoT or Internet of Things.³
You can’t separate them
Fast forward to 2018 (more than a decade later).
IoT becomes a very real core part of the physical
security industry, experts are asking what will
be done to plug the gaping logical security
vulnerabilities around cameras, access readers
Examples of what happens when
logical security is not present in
IP camera systems
• https://www.youtube.com/
watch?v=Fa5r_9-M2Fw
• https://www.youtube.com/
watch?v=njZnD7QjC4I
• https://www.youtube.com/
watch?v=cBXSt624ofU
etc. This has gone so far that The US House of
Representatives has passed H.R. 5515, a bill
that includes a ban on the US government’s
use of Dahua, Huawei and Hikvision. This
follows growing US awareness that Hikvision
is controlled by the Chinese government
(https://ipvm.com/reports/heres-what-really-
sets-hikvision-apart, https://ipvm.com/reports/
hikvision-influence), plus last year’s disclosure of
Dahua and Hikvision security vulnerabilities.
The technology and innovation curve of
convergence between logical and physical
security systems has grown evermore vertical
and the symbiotic relationship between IoT and
physical security intensifies daily.
Some of the most interesting examples of
logical and physical security convergence are
found around identity management, policy
management, BYOD frameworks and intelligent
traffic management. As data leaks become
a daily occurrence and data privacy is being
discussed in every major technology company,
encryption policies and methods also begin to
overlap and converge with physical security.
A few examples of this obvious overlap are:
• JFK airport in the US has been testing
fully autonomous ‘Patrolling Robots’ from
Knightscope Technologies (https://www.
knightscope.com). These robots have
extensive IoT capabilities for biometric
facial recognition, gas detection sensors,
noise detection sensors for gunshots or
distress screams, surveillance sensors and
cameras, thermal vision, odour detectors and
scanners, and the ability to broadcast recorded
and live messages in the event of an incident.

The main role of these Knightscope robots
is to register any suspicious activity and alert
the person responsible on duty. When they are
on duty, they are moving around according to
the GPS and lasers, which helps them measure
and calculate distances and also LIDAR – light
image detection and ranging. A robotic
security guard. Operator login is managed by
password and user name or biometrics.
• Drones/UAVs from SAPS airwing linked to shot
spotter technology which enables high altitude
UAVs to be dispatched to the location of a
gunshot and track the perpetrators using GPS
technology along with thermal and standard
video feeds which stream live to ground
support units and policing operations centres.
• Biometric and smartcard login systems for
networks and workstations – A UID token
management system which integrates with
packages such as Microsoft Active Directory
makes passwords a thing of the past and
instead forces all passwords through a
biometric fingerprint reader and manages
the backend password cycling and updating
automatically using maximum security
policies. People cannot share, lose, forget or
steal them. They simply sign on with a smart
card or their biometrics. At the same time, a
system like this prevents and deters fraud by
creating Identity Chains that link users to their
transactions, compiling an audit trail of who
did what, where and when.
• An increasing amount of physical-security
systems are IP-enabled, offering a way to
merge with existing networks, or establish a
separate IP network.
• A converged employee badge for physical
access to buildings and access to computers
is possible and sets a course in establishing a
common identity-management system.
• Businesses, especially in retailing
environments, can benefit from advanced
IP-based video surveillance that allows for
integration of findings about shopper traffic,
displays and relative effectiveness of sales
when combined with business data.
Advice for system integrators and
installers
Some basic logical tips to help minimise the risk
of smart device infection:
• Physical security systems are becoming
technically sophisticated and it is wise to
involve the IT department in their installation
and management. Information gathered
from physical security systems can often be
merged as risk and threat factors with logical
IT security.
• Reboot devices periodically – especially
routers – and if viable, set the device to reboot
CONVERGENCE
periodically at quiet times. Ensure device
redundancy/failover is present if the device
is a key component to the security system.
Rebooting will often get rid of malware already
installed, however, in most cases it will remain
therefore this should be merely one weapon in
your arsenal.
• Understand the DMZ portion of your network
and use it wisely to keep possible non-
essential IoT culprits off the safe side of your
network. If necessary, tier the firewalls with a
double router configuration.
• Close ALL unused ports. If there is no option
for this, consider implementing a secondary
router/switch to manage this. For example, if
you do not use Telnet (port TCP:23) to connect
to the router then it is a good idea to disable
it so as to close off a potential loophole to
intruders.
• One of the safest and most foolproof weapons
against cyber attacks is to blacklist all MAC⁴
addresses except those of devices which are
authorised and allowed access to the system.
• Always change the manufacturer passwords
at initial setup even if the device does not
prompt you to do so. If you are running an
intelligent system wide password cycling tool
such as SuperSign, then integrate this into as
many IoT endpoints as possible.
• Ensure you use complex passwords of at least
eight characters long, including numbers,
special characters, upper and lower-case letters.
• Check often for new firmware versions and
patches and install as soon as possible. If
feasible, set up an auto-script configuration to
run update alerts from the OEMs listings.
• Don’t allow external network access to the
device unless absolutely necessary.
Electronic security appliances and
components are IoT devices and need to
be more strictly regulated. This will put the
onus on OEMs to ship IoT products which are
designed around cybersecurity instead of
purely around usability and revenue.
For more information, contact Terpay Group,
+27 74 566 3663, [email protected],
www.terpaygroup.com.
1. IoT-OT and IT Security Convergence - Ruggero
Contu - Research Director Gartner.
2. Conner Forrest for ZDNet – Internet of Things. The
Security Challenge.
3. IoT– A term first mentioned by Kevin Ashton, of
MIT during a RFID presentation he made to Procter &
Gamble (P&G) in 1999.
4. Media Access Control address (MAC address) of
a device is a unique identifier (UID) assigned to a
network interface controller (NIC) for addresses. Not
to be confused with an Apple MAC or a MacBook.
www.securitysa.com Access & Identity Management Handbook 2019 25
CONVERGENCE
The expanding role of IT in access control
By Andrew Seldon.
What role is IT playing in the world of physical access control and how far will
its role expand in future?
It is a fact that IT is becoming more involved in
the physical security world. In a small minority
of companies, these two departments are
actually merging, although this is a mammoth
task fraught with problems, not only in terms
of technology, but primarily in terms of culture.
In the access control world, one could say
it’s normal for IT to be involved in networking
(assuming the access systems make use of the
corporate network and/or the IP protocol), but
the scope of IT has slowly been creeping into
more of the access control functions. In smaller
companies, for example, it’s not unusual for the
service provider responsible for the company’s
IT to also take the responsibilities of physical
security.
So how far has IT made inroads into the
access control world in general? HID Global
broadcast a webinar in October 2018 in
which it revealed some new research into the
increasing role IT departments and personnel
are playing in the physical access control
world. The webinar was hosted by HID Global’s
Brandon Arcement and Matt Winn. After
discussing the findings of the research, they
went on to advise physical security operators
as to how they can embrace their IT colleagues
further, with the goal of improving the holistic
security posture of their organisations.
The survey was conducted by The 05
Group, sponsored by HID and was completed
in March 2018. As the title of this article notes,
the research found that IT departments are
now more involved than ever in organisations’
physical access control decisions and
implementation, and that trend is set to
increase.
The 05 Group surveyed 1 576 individuals
from more than a dozen industries, including
26 Access & Identity Management Handbook 2019 www.securitysa.com
education (19%), information (16%),
government (11%), manufacturing (8%), health
services (8%), and security, professional and
business services (8%). Of the respondents,
35% were IT managers, 26% were IT directors,
13% were IT staff, 8% were CIO/CTO, and
3% were VPs of technology. The survey also
spanned companies of different sizes, with
24% having less than 100 employees, 22%
101-500 employees, 11% have 501-1000
employees, 17% have 1001-5000, 6% have
5001-9999, and 6% have 10 000-24 999
employees. The results therefore cover a broad
spectrum of companies and industries.
The numbers tell a story
The research offers a significant amount of data
about the role of IT in access control, however
the webinar brought out a few pertinent facts
(a link to the white paper written by HID from
the research is at the end of this article). When
asking the organisations being surveyed “Who
is primarily responsible for physical access
control in your organisation”, the responses
were as follows:
• 29% said both IT and physical security.
• 26% said IT only.
• 25% said facility management handles the
job.
• 12% said physical security only.
• 8% said the property management company
was tasked with access control.
With a quarter of the respondents already
saying IT is responsible for access control, and
a further 29% saying it is shared between the
two departments, it’s clear that the divide
between IT and physical security is rapidly
vanishing – and in some cases, altogether
gone. And this is a trend that will continue; in
organisations where IT is not involved in access
control, 36% of the respondents said it will be
within the next five years.
For those organisations where access
control responsibilities are shared, 47% of
the respondents report it had been shared
within the past five years. Similarly, where IT
owns the responsibility, 42% of the companies
say they were given this task within the last
five years. Once again we see that IT/physical
security convergence in the access world is an
expanding reality.
We mentioned IT’s influence in access
control above in terms of the networking
of access systems, however, this is an old
function. The webinar showed that both
IT professionals as well as physical security
professionals see IT being involved in all areas
of access control. When it comes to physical
security professionals:
• 66% of physical security professionals see IT
involved in influencing the decision-making
process.
• 48% see IT’s involvement in integrating access
and other systems.
• 37% see IT involved in implementation.
• 22% see IT involved in managing the systems.
From the other side of the table, IT
professionals have a similar view:
• 76% expect to influence decision making.
• 72% will be involved in integration.
• 59% will be involved in implementation.
• 39% expect to be involved in managing
systems.
Not all wine and roses
Of course, as these different cultures work
together, there are bound to be some issues.
Continued on page 28
www.securitysa.com Access & Identity Management Handbook 2019 27
CONVERGENCE
Continued from page 26
It is in the field of integration where IT sees
problems. Half of the IT people surveyed have
issues with the lack of integration of access
systems with other IT systems. This is an area
in which the access control industry could
make significant changes in the short-term
to ensure their software and hardware can be
more easily integrated with existing business
management and security systems.
When it comes to new access control
systems, the IT school has a few things it
wants to see on the vendors’ to-do list. They
want improved ease of use (71%), the ability
to support or add new technologies (68%),
mobile access (59%), and integration with
existing security platforms (54%).
It’s also clear from the survey that IT
is not all that comfortable with access
control technology. Areas such as credential
management, decision making with respect
to access control systems, how system
components work and also individual features
within access systems can cause a bit of
nervousness among the IT folk. These are
areas in which physical security professionals
can make their mark, as they are more skilled
in dealing with these issues as well as others
unique to their industry.
Helping IT in access
The driver behind this convergence is not a
technical issue, but is itself a convergence of
a number of separate drivers. HID notes the
primary drivers are:
• Converged threats that impact both physical
and logical infrastructure. If you have a
physical vulnerability it puts your logical
systems at risk, and vice versa.
• Proliferation of networked devices in the
age of IoT (the Internet of Things) which all
require both physical and logical security.
Interestingly, the webinar held its own real-
time survey of the attendees and this topic
was selected as having the biggest impact
on access control’s shift to IT with half of the
audience selecting it.
• Compliance to new regulations, which again
rely on both sides of the table.
• Budget consolidation, which we are all
suffering through.
• A shift in reporting structures as executives
try to get a handle on the seemingly endless
threats companies face on all fronts.
When it comes to the role of physical
security professionals and how they can assist
in the convergence between the two sides
and help improve organisational security,
80% of the respondents said they play a role
[email protected]
,
in establishing best practices, while 50% see
28 Access & Identity Management Handbook 2019 www.securitysa.com
physical security having a role in preventing
unauthorised access in general, and 49% say
they can help in achieving compliance. In
order to streamline collaboration, the HID
webinar suggests, among other issues, that
both sides need to work on aligning project
priorities and determining responsibilities,
and balancing the technical acumen of
IT when it comes to access products and
management.
A converged example
The webinar went on to provide an example
of how the two divisions could work together
in an access control installation. When it
comes to the physical access control host, HID
advises organisations to integrate physical
access control systems (PACS) with an IT
source of identity such as LDAP. Furthermore,
administrators should ensure there is a set
policy around regular software updates
and patches, while they should also take
advantage of IT’s experience (and equipment)
to ensure high availability.
When it comes to the controller, HID
advises organisations to settle some of the
issues raised above by requiring an open
controller platform that can be integrated
with other technologies and other vendors’
products. Preventing vendor lock-in is a
costly lesson IT departments have learned.
It also suggests considering an ‘IP-at-the-
door’ topology, keeping controller firmware
updated to the latest versions, using strong
passwords and encrypting communication
between controllers and hosts (and using
OSDP – Open Supervised Device Protocol
– for encrypted reader communications).
Find out more about OSDP in the article ‘The
advantages of OSDP’ at www.securitysa.
com/60145n.
Another strong warning was to take care
when selecting access credentials as many
of the card and fob technologies available
are easy to replicate, making it simple for
the wrong people to easily gain access.
There are secure card technologies out there
and these should be used as a standard. A
business benefit of these more advanced
credentials is that they can also be used for
additional business functions, such as secure
printing, vending machines and network
logon.
The webinar presenters also touched
on the benefits of using users’ mobile
devices as credential holders. These can
offer higher levels of authentication, easier
administration and more user convenience
that does not come at the expense of the
company’s security.
Whether you are on the IT or physical
security side, the most important part
of the research (depending on your
biases) can be seen in the answer to the
question “Do you believe that increased
collaboration between physical security and
IT can improve the overall security of your
organisation?” An overwhelming 95% of all
the respondents said “yes”.
While the full convergence of physical
and logical security is still some way off,
people in the access control sector obviously
understand that IT and physical security
working together is critical to develop a
successful security defence strategy for their
organisations. In the access control industry
this may be easier to achieve, but as noted
in the introduction, it is often a question of
culture (or ego, to be blunt) that prevents
collaboration and results in organisations
being vulnerable to the ever-increasing
threats they face from well-organised
criminal syndicates, as well as unhappy
teenagers with too much time on their
hands.
The full paper from the research can be
found at https://www.hidglobal.com/doclib/
files/resource_files/the_rising_role_of_it_in_
physical_access_control_-_final.pdf.
For more information contact HID Global,
+27 60 988 2282,
www.hidglobal.com.
www.securitysa.com Access & Identity Management Handbook 2019 29
BIOMETRICS
Taking augmented identity to the world
By Andrew Seldon.
Hi-Tech Security Solutions spoke to IDEMIA’s Gary Jones about his career with the
company and its new vision of Augmented Identity.
In the early 2000s, a company named Ideco, in
close partnership with IDEMIA, was a driver in
bringing biometric technology to the South
African market. In fact, this company was so
successful that South Africa became a world
leader in biometric adoption for a number of
years.
The first employee, and eventually
managing director of Ideco Biometric Security
Solutions, was Gary Jones; he developed a
successful channel model which proved so
successful that Morpho quickly became the
leading fingerprint biometric technology in
South Africa.
Jones then moved to the USA in 2009 to
join Morpho and lead the restructuring of the
channel in that region, which includes most of
the world’s largest and leading manufacturers
of access control and time and attendance
systems.
“Reaching the US market was no small task
as any change takes a long time due to the
market’s size.” Jones says it took a good three
to four years to see results in the world’s largest
economy. But, over the years, biometrics have
become accepted in this market, and in many
instances are a mandatory requirement. “Not
30 Access & Identity Management Handbook 2019 www.securitysa.com
only have we been a major contributor to this
growth in acceptance of biometrics, thanks to
the performance of our technology, but we
have achieved the market leading position for
biometric access and time solutions in North
America”
With the coming together of Oberthur
and Morpho, the company is now known as
IDEMIA.
Jones is now IDEMIA’s VP of Global
Channel and Marketing for biometric access
and time solutions, and is tasked with
broadening the company’s market share and
share of mind globally. This is happening at
a good time as IDEMIA is now focused on
Augmented Identity.
Augmented Identity
Far from just being another marketing slogan,
Augmented Identity has a basis in reality,
specifically when it comes to security in our
daily business and personal lives. Jones says
there has always been a trade-off between
security and convenience in the real world.
If you wanted security, you had to accept
complexity; if you wanted convenience, it was
security that was compromised.
Augmented Identity, as Jones explains it, is
a reliable identity authentication mechanism
that fits in with whatever we are doing,
providing the convenience, while also ensuring
trust to guarantee secure, authenticated and
verifiable transactions.
The MorphoWave Tower was the first
product aimed at this market in the biometric
access and time space. It allows people
to authenticate their identities simply by
scanning (or waving) their fingerprints over a
scanner while on the move – without having to
touch a sensor. The Tower has done extremely
well in the US market due to its convenience
as well as the security it offers (its sensor
technology is also certified by the FBI).
As you wave your fingers over the scanner
on the MorphoWave, it scans all four fingers
at 78 fps (frames per second) and it does a
3D scan. This is like putting your fingers on a
traditional sensor 78 times in a second. This
naturally collects high resolution data which
increases the matching rate and hence the
security of the fingerprint biometrics.
Additionally, because people don’t actually
touch anything, the hygiene factor is increased
and more people can be scanned faster. Jones
 BIOMETRICS

says it’s possible to authenticate 45 people per minute as they walk

down a passage or through an entrance, with a single device.

A cost-conscious Wave
To cater for a wider diversity of installations, as well as more cost-
conscious markets like South Africa, IDEMIA recently launched the
MorphoWave Compact, which offers the same authentication facility at
a lower cost. He says IDEMIA’s partners in the region were very excited
about the Compact and were selling it before it even landed in Africa. Of
course, the company has a number of other products, including facial
recognition solutions to supplement the MorphoWave in its pursuit of
its Augmented Identity ideal.
With trips to South Africa a regular part of his job these days, Jones
says South Africa and Africa are key markets for IDEMIA, partially due to
the country’s history of biometric adoption, as well as the willingness of
the market to push the boundaries.
The market in South Africa today is different from the one
in which the former company Morpho and Ideco were able to
establish fingerprint biometrics as a reliable and trustworthy identity
authentication mechanism all those years ago. There are more
companies active in the market and more competition, but Jones
believes IDEMIA is in a good position to take the market to the next level
as both businesses and individuals embrace the ease and convenience, For more information contact IDEMIA, +27 11 286 5800,
as well as the improved security in a world of Augmented Identity. [email protected], www.idemia.com.

www.securitysa.com Access & Identity Management Handbook 2019 31

BIOMETRICS
A scan of fingerprint biometrics
By Andrew Seldon.
Given the increase in the use of fingerprint
technology in public and private organisations,
as well as some recent announcements on the
reliability or lack or reliability of certain types
of sensors and algorithms in the fingerprint
biometric market, Hi-Tech Security Solutions
spoke to some of the leading fingerprint
biometric vendors in the market to find out
more about the state of this market.
To cover the scope of what fingerprint
biometrics offer, we started by asking how
fingerprint biometric readers work and what
and how they store the data they collect,
how reliable they are and then moved into
the usage thereof. And finally, we asked our
interviewees how end users should make the
decision as to what fingerprint biometrics they
should look at purchasing for their particular
needs.
Often when looking for input on an article
like this, one has to dig around to get the
information one can use. In this case, we
received such a large amount of information
we had to cut out a significant amount of data.
Our information providers have put the effort
in to take readers on a learning experience
of what goes into fingerprint biometrics
and what are the issues you, the buyer and
user need to look out for when considering
fingerprint biometrics for access and identity
management. Hi-Tech Security Solutions
appreciates their time and effort in supplying
the below information. Our interviewees are:
• Deon van Rensburg for ViRDI,
• Walter Rautenbach for Suprema,
32 Access & Identity Management Handbook 2019 www.securitysa.com
• Claude Langley for HID Global, and
• Gary Jones for IDEMIA.
ViRDI Distribution SA, Deon
van Rensburg
ViRDI is a biometric brand from
UnionCommunity Co. in South Korea. The
company is active in over 120 countries,
including in South Africa and the rest of Africa,
and offers a range of biometrics devices, from
fingerprint to facial recognition. Deon van
Rensburg represents the ViRDI office in South
Africa and up into Africa.
Deon van Rensburg.
Although fingerprint biometric scanners
use imaging technology (in the form of CCD
or CMOS) to capture images of the fingerprint,
most biometric vendors do not keep images of
the fingerprint in the database.
Here I must add that it depends on
what the application is. Level 1 and Level 2
scanners are for commercial use, i.e. access
control and time and attendance and have no
need for images to be kept in the database.
Level 3 scanners are for governmental, law
enforcement and banking use for identity
management purposes and do keep images
in the database. Level 3 systems also compare
these fingerprint images to central databases
such as HANIS or AFIS.
The process for extracting, matching and
authentication is complex.
• The user presents their finger to the platen on
the optical scanner of the biometric terminal.
• The optical scanner then extracts a number of
images of the fingerprint in digital format.
• The extraction portion of the algorithm then
extracts unique identifiable features from the
digital image. We call these unique features
minutiae points.
• Once these minutiae points have been
identified and extracted, the system discards
the physical images and everything is
converted into a complex hexadecimal string
that is unique to every vendor.
• This hexadecimal string is called a template.
• The template is then compared via the
matching portion of the algorithm to the
template that resides within the database.
• Dependent on the results, the user is then
either verified, identified or rejected.
• The ViRDI system is unique in that it extracts
two templates per fingerprint and then
compares to two templates of the same

fingerprint in the database. This provides
us with faster and more secure transaction
times.
International standards for
fingerprint biometrics
There are two international standards available
for commercial systems. ANSI / NIST-ITL-1-2011
(updated 2013 & 2015 and includes ANSI 378 &
ANSI 381) and ISO / IEC 19794 (includes parts 4
& 8:2006). These standards indicate minimum
requirements for greyscale, dpi, platen size,
output format etc., as well as interoperability
between different fingerprint biometric
systems. According to the NIST website these
standards “…supports the proliferation of low-
cost commercial fingerprint sensors with limited
coverage, dynamic range, or resolution”.
However, they are minimum standards and
most Tier-1 vendors use proprietary algorithms
that far exceed these minimum standards as
well as proprietary scanning systems (what
we call the fingerprint scanning module)
that includes LED lighting technology, platen
construction, lenses and optical devices.
The PIV/AFIS systems used by governments,
law enforcement and banking have the MINEX
standard since they compare, verify or identify
fingerprints from a centralised database such
as HANIS or AFIS and all images must comply
to one set of standards since a fingerprint
taken with a Level 3 PIV/AFIS scanner in South
Africa must be exactly the same as one taken
in the USA or Europe.
Safety, security and privacy
Reputable biometric vendors have been
cognisant of the possibility of reverse
engineering fingerprints and templates for at
least a decade and they spend huge amounts
of money on R&D specifically to prevent
any form of fraud or reverse engineering.
Governing the usage and storage of biometric
data are subject to various standards and even
legislation. ISO 27001, for instance, provides
minimum standards on storage and encryption
of such data.
Speaking from the ViRDI point of view on
how we prevent reverse engineering: when
our algorithm extracts the minutiae points
from the fingerprint, we only include the
data relating specifically to those minutiae
points in the algorithmic hexadecimal string
(or template). We then encrypt the template
with a proprietary encryption that exceeds
ISO 27001, very similar to a standard 512-bit
encryption.
When data flows between terminal and
database, the data is also encrypted using this
proprietary encryption. If a ‘hacker’ was able to
BIOMETRICS
hack this encryption and was able to unearth It comes down to reliability, safety, security,
the base hexadecimal string (template) and durability, speed of use and the extra features
was able to reverse engineer the extraction required to provide the solution the user
algorithm, all he or she would find was requires.
the location of a few minutiae points on a
fingerprint since we do not extract any other Recommended technology
details, such as ridge flows (i.e. loops, whorls, I would advise that South Africa pays more
arches, tented arches), ridge patterns or any attention to LFD technology since fingerprint
such data required to reconstruct a fingerprint. fraud from users is one of the biggest issues
Think of it as GPS coordinates with no map. affecting us now, especially in the time and
attendance vertical. If the system can also
Specific scanning technology perform Multispectral Response Imaging it
ViRDI uses patented LFD scanning technology. would be an added bonus. There is probably
This is a multi-step process. First, the platen is only a handful of Tier 1 manufacturers
manufactured from Sapphire Crystal to make available in SA (and when I say available, I
it scratch resistant for longer life span, and also don’t only mean available for sale, but also
to reduce the risk of transfer of bacteria. The having technical support, repairs, distributed
scanning process is subject to a live fingerprint points of presence etc.) and if the end-user has
being placed on the platen. Until a live finger is a larger system they need to stay with these
placed on the platen, the complete fingerprint manufacturers.
scanning module remains in low power state. When looking at the deployment of the
Once the scanning process activates, the system, the end-user must decide whether
fingerprint module bombards the fingerprint they want the TATA or the BMW. If it is a simple
with multi-coloured LED light. By using one- or two-door deployment, the TATA may
this light source, we are able to achieve be just the device (for a simple application),
Multispectral Response Imaging, i.e. we do not but it won’t be able to handle 30 or 40 doors
solely use the epidermis of the fingerprint and on one system – it will fall over.
the scanning process is subject to a number Continued on page 34
of factors inside the dermis that needs to be
within acceptable parameters. Only once these
have been complied with does the system
begin taking images of the fingerprint.
This is also not a straightforward process as
the lenses inside the fingerprint module have
been specifically designed – and patented – by
ViRDI for the best possible image to reach the
image sensor. Once the images have been
captured, the algorithm extracts two separate
templates of the minutiae points and converts
it into a template which is then encrypted
using our proprietary encryption. Matching
can either take place on the terminal or on the
server, or at both locations.
The ViRDI algorithm is currently the highest
rated commercially available for embedded
devices with an EER (Equal Error Rate, which is
a combination of FAR and FRR) of 0.234%, FRR
of 0.1% and FAR of 0.0001%. Our algorithm
complies with (and exceeds) ANSI / NIST and
ISO as well as some more obscure standards
such as WQL.
The question of whether it is worth paying
more for our device than some cheap-and-
nasty device is similar to the question asking
why buy a luxury BMW as opposed to a TATA.
Both have bodies, both have seating, both
have wheels, both have engines, both have
transmissions and both have the same basic
function – transporting people from one point
to another. So why buy one over the other?
www.securitysa.com Access & Identity Management Handbook 2019 33
BIOMETRICS
Continued from page 33
This is where the BMW comes in. It was
designed for SMME and enterprise systems,
with all the bells and whistles required (i.e.
access control, T&A, meal management,
integration with PSIM systems, integration with
logical access control, compliance with fire
bylaws, ability to easily integrate with third-
party management software solutions etc.).
Currently ViRDI has the largest commercial
biometric deployment in the world with more
than 300 000 enrolled users, more than 4000
terminals and more than 1 000 000 transactions
per day on a single system. The TATA will never
be able to handle this type of deployment.
Biometric technology advice
Stay away from anything that looks and
smells cheap because invariably they are and
the end-user is going to spend money on
this technology only for it to fail and quite
possibly result in them renouncing biometric
technology as a failure. Ensure the product is
available from multiple sources, that technical
support is available all through the value chain,
that repairs can be done in country and most
importantly, if the company that supplied the
device originally is unable to provide further
support, service and maintenance, that another
supplier can step in easily to assist them.
Look for devices that have IP ratings –
Africa is harsh on electronic devices and you
don’t want a device that will fail at the drop of
a hat because of our environment. Lastly, look
for a biometric system that can easily integrate
with other software packages, such as T&A or
software management suites.
For more information contact ViRDI
Distribution, +27 11 454 6006,
[email protected]
, www.virditech.co.za. simple answer is that a very large portion of
Suprema Africa, Walter
Rautenbach
Suprema is another South Korean biometric
company that is present in around 133
countries around the world. It was the first
biometrics company listed on Korea’s stock
market and is represented in Africa by Suprema
Africa, a distribution division of neaMetrics.
neaMetrics CEO, Walter Rautenbach answers
our questions on fingerprint biometrics.
The purpose of a fingerprint scanner is
to capture a fingerprint image. Basically, it is
a replacement for the old way of putting ink
on your finger and then placing it on a piece
of paper. The closer it gets to what it actually
looks like on paper is a big part of how good
the fingerprint sensor is and that is where
international certifications of image quality
34 Access & Identity Management Handbook 2019 www.securitysa.com
Walter Rautenbach.
such as NIST (National Institute for Science
& Technology) Image Quality Standards,
abbreviated as IQS, as well as specific FBI
standards come into play.
These standards normally confirm that
the image the fingerprint scanner returns is
classified as a true representation of the actual
finger. One might ask why are we comparing it
to paper impressions, is that not outdated? The
is that it is more secure (if someone steals
fingerprint data stored on current Automated
Fingerprint Identification Systems (AFIS)
originates from paper records. Although living
in the age of digitisation, records originating
from paper records will still be here for many
years due to historical records, lack and cost
of digital infrastructure, and because paper
records are still actively used in the process of
crime scene data collection.
A functional fingerprint system always
includes two elements, enrolment and
matching. Enrolment is the process where the
fingerprint is captured, fingerprint template
extraction is performed (although this can be
done at a later time) and where either or both
the fingerprint image and template is stored
on a database.
The second function, and really the main
purpose of a biometric identity system, is the
process of matching a fingerprint against a
previously recorded enrolment. Although
loosely referred to as biometric identification,
the matching can really be classified as
either authentication or identification.
Authentication, also known as verification,
is where biometrics of a known person are
captured, template extraction is performed
and then matched against the person it claims
to be from on the database. Typical samples
of authentication are when you supply your
ID, card, user name or some personal data to
enable retrieval of your record, and where
you need to confirm you are who you say you
are (i.e. applying for a passport, authorising a
financial transaction or in some cases where
you log into your PC or mobile device).
The process of identification is then
different from authentication because during
identification, a specific identity is not claimed
and confirmed, but rather a biometric template
is extracted and used to find a person on a
database with many enrolments to establish
who the person is. When the police find your
fingerprints at a crime scene, they do not know
who you are and the latent fingerprints found
at the scene are scanned against the database
to see if it can find a person on the system due
to previous crimes. Identification is also used
as a form of convenience, for example with
access control, to avoid the inconvenience of
presenting a card or entering an ID – just place
your finger to see if you exist and have access.
The main differentiator between fingerprint
identity systems is whether the fingerprint
image or only the extracted fingerprint
template is stored. General consumer-based
systems, such as access control and T&A,
only store the fingerprint templates. The
main motivators for only storing templates
your fingerprint image it is almost as good as
chopping off your finger).
Templates are also much smaller in size
making it faster to transmit them, as well as
easier to store a lot of people on a small device.
Unfortunately, some systems need to store the
image and the reason for that is so that it can
be visually confirmed by a fingerprint expert
in a court of law, or on a large AFIS system
that can possibly return multiple matches or
HIT candidates. It is with these systems where
the importance of the fingerprint image
truly representing the actual finger, and the
associated certifications relating to this, plays
a vital role.
Looking at standards
Institutions such as NIST and the FBI are
Continued on page 36
www.securitysa.com Access & Identity Management Handbook 2019 35
BIOMETRICS
Continued from page 34
forerunners of standards and benchmarking
systems. This can broadly be subdivided
into two categories: the fingerprint image
produced by the fingerprint scanner on the
one hand, and fingerprint algorithms on the
other.
When looking at fingerprint images, the
FBI certifications Appendix F/G, PIV, FAP and
more exist, basically prescribing the quality
and size a fingerprint scanner should produce.
Quality, in layman’s terms, refers to how well
it represents the actual fingerprint, and size,
which does matter because the more of the
fingerprint that can be captured, the more
data that can be used by the algorithms that
process the images.
Fingerprint algorithms, or at least the good
ones, normally offer two types of extraction,
one that produces proprietary templates, of
which the content and structure is unknown
and only usable by the manufacturer’s system,
and then the second being the production
of an open standard, normally ISO/ANSI
compliant fingerprint templates. Where ISO/
ANSI templates are produced, they can be used
by any vendor supporting these standardised
templates, and since the structure is open,
the core finger data being extracted can be
evaluated by a fingerprint expert by plotting
36 Access & Identity Management Handbook 2019 www.securitysa.com
bifurcations and ridge endings on the image to
verify the accuracy.
It is for this reason that NIST, in
collaboration with the fingerprint
community, started MINEX, short for Minutia
Interoperability Exchange. There are various
MINEX standards all focusing on cross
vendor interoperability. Here vendors get
the opportunity to do fingerprint template
extraction (extracting minutia) from a
given data set and then to benchmark their
matching algorithm, or other open standard
algorithms, using open standard fingerprint
templates against a large and given fingerprint
test data set. Vendors that participate in
these tests get a performance ranking across
other vendors, but remember that rankings
change on a daily basis as vendors rework their
algorithms to deliver better results. I consider
the impact of MINEX as exceptional, not only
because it focuses on interoperability, but
also because it drives vendors to continuously
improve.
Looking specifically at the matching
capabilities of proprietary fingerprint
algorithms, not using open standards, then
FVC (Fingerprint Verification Competition)
is a well-known benchmark. It started as a
competition every second year, but the last
was in 2006 after which they progressed to
FVC-onGoing, allowing participants to do the
test again at any time. This means a vendor can
tweak, test, tweak – instead of waiting for two
years, which once again is great for algorithm
improvement.
Buyers must ensure their selected
vendor does not boast about their algorithm
improvements based on internal results, but
use internationally recognised test benches
and standards such as MINEX, FVC-onGoing
and others recommended or prescribed by
institutions such as NIST, FBI and ISO biometric
workgroups.
Security and privacy
Fingerprint images are more hackable than
fingerprint templates, but in both cases, with
today’s technology, rebuilding a modelled
3D image of a finger is not impossible and
most likely is already being done. Even if an
un-hackable fingerprint image or template was
available, and I really wanted your fingerprint
image, why would I not just find a way to lift
your latent print off an object you touched and
then use the same to recreate that modelled
fingerprint?
Deterrence of unethical access and use of
biometric identity data can only be achieved
through continuous change and a vendor and/
or solution provider that follows the same
principles and who is willing to openly and
honestly consult. To not obfuscate or avoid
answering the question with some usefulness,
the following are some of the deterrents at
hand:
Liveness detection: Perhaps the simplest
solution is using fingerprint hardware as well
as algorithms that detect fake fingers. We have
to continue monitoring what defines ‘live’,
especially with 3D technology venturing into
organ production.
Data protection: All solutions
should ensure to encrypt both data
being communicated and stored using
internationally recognised and current
encryption standards. It is not uncommon
for solution providers to apply proprietary
obfuscation over and above recognised
encryption since continuous efforts are
being applied on a daily basis by ethical
and unethical parties to break recognised
encryption standards through mathematical
and brute force mechanisms. Although this
does complicate things for hackers, it also
creates a ‘proprietary’ threat to the vendor who
might be vulnerable to lock down. The benefits
and downfalls of each need to be evaluated on
a case-by-case basis.
Biographic and biometric data
separation and fragmentation: Separating
biometric and biographic information across
infrastructure helps protect data. For example,
should a hacker gain access to a server with
biometric data, where no personal data or
identifiers exist, the usefulness of the data
deteriorates. In other words, if I get access
to all biometric data for Bank X, but I do not
know whom they belong to, how would I use
this data to do fraudulent authentication? As a
hacker, I would now have to hack into another
infrastructure stack and identify how these two
data sets are linked.
Suprema’s technology
Suprema’s range of enrolment and
authentication finger sensors, and selected
access and T&A range complies with various
FBI regulations. These include PIV, Mobile
ID, FAP and Appendix F, designed to ensure
compliance to image quality and size
regulations. It is important to note that the
nature of the certifications do not allow all
fingerprint readers to have all certifications. For
example, due to its size, a slap or palm scanner
does not fall into the Mobile ID certification
range and Appendix F is designed for FAP45
(FAP relates to specific sizes) and up.
Most of Suprema’s fingerprint scanners
also include liveness detection, some in the
form of hardware components and some
 BIOMETRICS

using software based or machine learning techniques to detect

fabricated fingerprints. This technology is referred to as Suprema’s
Liveness Detection Engine (LDE) and more information can be
found at https://www.youtube.com/watch?v=1MTkGWXgfQg,
or at http://kb.supremainc.com/knowledge/doku.
php?id=en:tc_whitepaper_suprema_live_finger_detection.
A big challenge in the past was the capturing of dry and
deteriorated fingerprint images, so some vendors introduced
multispectral imaging technology that overcame these challenges
and gained huge popularity, including the South African market
due to a large part of the identity population’s involvement in hard
labour, as well as old age (pensioners).
Multispectral technology performance is exceptional, but not
100% understood. Multispectral imaging technology produces
an image that can even detect subdermal traits, meaning worn
fingerprints can function normally. The downfall of this technology
is that it does not produce an image that looks 100% like the
original and for this reason, FBI certification is not possible.
In instances where these images are being used for
authentication, against systems where AFIS data population is
done by means of paper scans and FBI certified optical technology,
the results will not be as accurate as when using good certified
optical hardware. One must keep in mind that a multispectral
image in its original form does not look like a normal fingerprint
image. Image processing is performed to produce a compliant 500
dpi greyscale image and since subdermal elements are not present
in standard optical or paper records, these can influence match
results.
Suprema developed its own patented technology referred to
as Multi-dynamic Range (MDR) technology, now implemented
on all its new fingerprint authentication and access and
T&A terminals with exceptional results. The technology can
be compared to the changes from High Definition (HD)
television to Ultra High Definition (UHD) or even 4K when
comparing the results. More can be read here about this
technology at http://kb.supremainc.com/knowledge/doku.
php?id=en:tc_technology_multi_dynamic_range_technology.
Suprema’s fingerprint algorithms are ISO/ANSI compliant and
involvement in and with top results at FVC-onGoing and MINEX
illustrates involvement in industry benchmarking as well as the
quality of the results it delivers. The top MINEX results further
show that Suprema algorithms do not only perform well in its
proprietary systems, but also where open standards are used in
biometric identity.

Advice to buyers
Different use cases can be based on needs and purpose. In all
cases, we expect biometric technology to positively confirm or
identify a person, with tolerances only accepted based on the
limitation of the science of fingerprint mathematics. In summary to
the previously provided data:
• Determine if your system requires you to store fingerprint images
or only the templates. If images are required, then do ensure your
fingerprint scanner complies with known certifications (i.e. FBI
and NIST quality standards).
• Enrolment vs authentication. Keep in mind that initial enrolment,
or reference data collection, is the most important part of a
biometric identity solution. A bad enrolment will result in poor
matching performance.
Continued on page 38

www.securitysa.com Access & Identity Management Handbook 2019 37

BIOMETRICS
Continued from page 37
• Difficult fingers. Not all fingerprint hardware
is the same. Make sure to test your
considered vendor hardware on people that
have experienced problems with their fingers
in the past
• Liveness detection. Does your vendor provide
liveness detection options?
• Does your vendor have a large-scale
international track record?
• Have the algorithms, that you use, been
benchmarked? Various international
benchmarking platforms/bodies exist (NIST/
FBI/FVC/MINEX). Investigate this before you
purchase.
• Is your vendor compliant with open
standards?
• How will the data on your system be
protected? Is data encrypted and are
internationally accepted encryption
standards used? Does your vendor adhere
to data protection regulations such as PoPIA
and GDPR?
The above are some questions that need to
be asked before initiating a fingerprint identity
system. There are many more considerations to
be evaluated on a case-by-case basis. The most
important question is if you have a reliable
partner, with extensive experience in the
field, that can offer you good advice from the
beginning, guide you through the lifetime of
your biometric identity system and who keeps
abreast with daily technology developments to
ensure your system remains an asset and does
not turn into a liability.
For more information contact:
• neaMetrics, +27 11 784 3952,
[email protected]
, www.neametrics.com. either of the processes below:
• Suprema, +27 11 784 3952,
[email protected]
, www.suprema.co.za. conduct the minutia extraction and one-to-
HID Global Lumidigm:
Claude Langley
Part of ASSA ABLOY, HID Global focuses on
trusted identities that make it possible for
people to transact, work and travel. The
company absorbed Lumidigm a few years
go and the company now functions as a
biometric division of HID. Claude Langley is the
biometrics business development manager for
Africa at HID Global – Lumidigm.
The three most common technologies used
for fingerprint sensors are multispectral (HID),
optical and capacitive. Each technology varies
in its ability to capture an image, determine
its liveness and match against the stored
information.
Fingerprint sensors essentially all take
an image of a fingerprint, which is captured
38 Access & Identity Management Handbook 2019 www.securitysa.com
Claude Langley.
when an individual places their finger on the
sensor platen, yet not all technologies provide
equivalent results. Once the image has been
captured, either the sensor or the back-end
biometric system extracts specific unique
characteristics of a fingerprint from the image,
called minutia, to create a unique template.
Depending on the architecture of the
biometric system, a fingerprint sensor can do
scene. The combination of liveness plus high
• Take an image and send it to the database to
fingerprint biometric sensors.
one (1:1) or one-to-few (1:N) match on the
server.
• Take an image and conduct the minutia
extraction and template generation on the
sensor, sending only a binary data string
(template) to the database to perform a 1:1 or
1:N match on the server.
• Take an image and conduct the minutia
extraction and template generation on the
sensor, then request the template linked to
that individual from the server or a smart card
to conduct a 1:1 match on the sensor.
• Take an image and conduct the minutia
extraction and template generation on the
sensor, then perform a 1:1 or 1:N match to
template(s) stored on the device.
There are various international standards
to regulate how fingerprints are scanned,
processed and stored. Common image format
standards are WSQ, ISO/IEC 19794-4:2005 and
ANSI/INCITS 381-2004. Common template
interoperability standards are ANSI 378
and MINEX III all of which are supported by
multispectral sensors.
‘No Match’ or ‘False Reject’ errors can
happen for a variety of reasons, most of which
are not related to the image format, but rather
to the quality of the information received. If an
image is used, then it’s necessary to capture
and distinguish real fingerprint minutia from
dirt particles, water, dry skin, etc. If poor
information is captured, only from the surface
of the skin, then this information will also not
suffice to provide the expected match.
The privacy question
The use of templates does create a layer of
obfuscation that will make it more difficult
for a ‘hacker’ to reverse engineer a fingerprint
minutia template to a full fingerprint. However,
the danger does exist. This reinforces the point
that fingerprint sensors should include a highly
sophisticated liveness model to ensure that
the data being matched is not only correct, but
it is confirmed to be generated from a living
person. If liveness is utilised in conjunction
with the fingerprint information, the fear of
identity theft can be reduced, if not removed
altogether.
Secondly, fingerprints are not private. While
they are unique, we leave them everywhere
we go, on glasses at restaurants, tables, door
handles, walls, elevator buttons, etc. To obtain
someone’s surface fingerprint data, one does
not need to hack a database and reverse-
engineer a fingerprint template. They just need
to pull a fingerprint like is done at a crime
performance is what creates the true value of
HID’s fingerprint technology
HID biometrics uses a patented technology
called multispectral imaging which was
specifically developed to overcome the
fingerprint-capture problems that have
plagued conventional fingerprint sensors
when they are used in the real world – outside
the lab.
Multispectral imaging utilises multiple
spectrums of light and advanced polarisation
techniques to extract unique fingerprint
characteristics from both the surface and
subsurface of the skin and to determine
relevant fingerprint data. Subsurface capability
is important because the fingerprint ridges
seen on the surface of the finger have their
foundation beneath the surface of the skin
Continued on page 40
www.securitysa.com Access & Identity Management Handbook 2019 39
BIOMETRICS
Continued from page 38
in the capillary beds and other sub-dermal
structures.
Unlike surface fingerprint characteristics,
which can be obscured during imaging by
moisture, dirt or wear, the ‘inner fingerprint’
lies undisturbed and unaltered beneath the
surface. When surface fingerprint information
is combined with subsurface fingerprint
information and reassembled in an intelligent
and integrated manner, the results are more
consistent, more inclusive and more tamper
resistant. The use of multispectral imaging also
contributes to our industry-leading liveness
detection.
As of the printing of this article, HID V
series multispectral imaging sensor is the only
sensor to achieve a perfect 100% detection of
fake finger attacks during the ISO/IEC 30107-3
Presentation Attack Detection (PAD) standard
certification testing process. (See more at
https://www.hidglobal.com/press-releases/hid-
global-lumidigmr-multispectral-fingerprint-
technology-earns-first-perfect-score.)
Many of HID Global’s Lumidigm sensors
also offer the use of the Innovatrics MINEX
III algorithm. As published by NIST on the
12th of November 2015, HID became the
first vendor to achieve full PIV compliance in
MINEX III while also ranking first in most of the
main accuracy and interoperability criteria.
The Innovatrics template generator is one of
the most accurate out of all vendors and the
Innovatrics template matcher performed the
best in the native one-finger ranking where it
was placed first among all submissions.
The bottom line is that HID’s multispectral
sensors offer the best performing sensor for
image quality combined with the best liveness
detection available. If matching is required
on the sensor, we offer a top-ranked minutia
extraction and matching algorithm.
Recommended technology for
Africa
The fingerprint sensor should match the use
case, yet in most cases where fingerprint
biometrics is used, the goal is to properly
validate the identity of an individual.
Typically, performance matters and adoption
of the technology is hindered if authorised
individuals are not matched quickly. Liveness
should matter as the true value of biometrics is
only realised when it is used.
The potential impact of poor accuracy to
a government or a banking application can
be significant compared to a factory time and
attendance application. Organisations need to
understand the level of attack sophistication,
frequency of attack and the value of what
40 Access & Identity Management Handbook 2019 www.securitysa.com
they are protecting. There are over 35 000
different materials which can be used to
make fake fingers and hundreds of videos
on the Internet on how to make them.
Government entities, banks and factories
must all consider the diversity of finger
types in their user population and base their
requirements for biometric technology on
these factors. HID’s multispectral imaging
technology captures details below the
surface of the finger and therefore performs
capture, liveness detection and matching on
all the most difficult finger types.
Purchase considerations
There are many considerations when
making a buying decision on biometric
technology. The three most important
include:
• Capture: How effectively does the sensor Gary Jones.
match my authorised individuals on a
supplied by a tier-1 MINEX III certified
consistent basis over time in the real-world
algorithm for fingerprint templates, including
setting? This is covered by the metrics
ANSI 378 and ISO 19794-2 MINEX templates
related to the ability to capture usable
supplied by a Tier-1 fingerprint algorithm
biometric data on the first attempt for
partner, independently tested and validated
every user. Ability to capture is the most
by the U.S. National Institute of Standards
essential performance consideration
and Technology (NIST).
in commercial biometric applications.
Consumers expect ‘100/100’ capture
For more information contact Claude Langley,
performance, even in challenging
HID Biometrics, +27 83 321 2922,
environmental conditions and for diverse
[email protected].
populations.
• Liveness: How effectively does the
fingerprint sensor determine whether
IDEMIA: Gary Jones
The combination of Oberthur Technologies
the fingerprint is real or is a fake?
(OT) and Safran I&S (Morpho) resulted in
Liveness detection refers to the ability to
IDEMIA, a company that has coined the term
confirm that the captured finger image
Augmented Identity. Gary Jones is the VP for
is legitimate and from a live finger by
channels and marketing at IDEMIA (see more
comparing complex optical characteristics
in the article “Taking augmented identity to
of the material presented against known
the world” on page 30).
characteristics of living skin. This unique
The first stage of fingerprinting is referred
ability of multispectral imaging provides
to as ‘acquisition’ because the sensor acquires
accurate fingerprint liveness detection and
an image of the fingerprint, which is a pattern
eliminates the perception that fingerprint
of ridges and valleys.
images must be kept secret to be trusted
Next comes the feature extraction phase
for user authentication. Fingerprint images
during which the unique features of the print
are not secrets.
(referred to as minutia, are detected and
• Match: How effectively does the minutia
extracted). Minutiae are the points where
extraction and matching occur? Is the
ridges start or end (terminations), or where
data interoperable or am I locked into
they split from one into two (bifurcations), as
a proprietary template format that
well as various combinations thereof.
requires me to purchase only a certain
type of sensor? To prevent vendor
lock-in and to provide choice for users of
commercial biometric systems, fingerprint
authentication solutions should use
interoperable and independently tested
global fingerprint minutia standards. HID
Global’s fingerprint matching technology
uses existing ISO 19794-2 templates

The image below shows the process including an advanced method
of enrolment using multiple acquisitions of the same finger which are
compared/matched against each other, and then consolidated to create
a more complete and reliable template.
International biometric standards
Biometric sensor standards govern both the image size and quality
produced by a sensor. They define parameters such as resolution (ppi),
distortion, illumination consistency as well as image dimensions. FBI
PIV IQS is the standard most commonly relied upon for sensors used in
access control and/or time and attendance.
There are also standards for biometric template generation, such as
the ANSI INCITS 378 format, which is designed as a common template
format which can be used by any vendor. This resultant interoperability
allows templates generated by a system from manufacturer A, to be
compatible with a system from manufacturer B, and so on.
Most major biometric vendors submit their algorithms to NIST
(National Institute of Standards & Technology) for independent
benchmarking. These benchmarks are heavily relied upon by major
users of biometrics, but equally present a valuable resource for smaller
customers to determine the robustness and performance of a given
vendor’s biometric algorithms, now and over an extended period as the
benchmarks have been running for multiple years.
This can help determine how long a vendor has demonstrated
leading performance, how consistent their solutions are over time, and
how much they invest in R&D to ensure continuous improvement of
their products over time.
NIST conducts benchmarks for both proprietary and interoperable
template formats, and it is important to select a vendor with strong
performance in both domains to ensure robustness and future proofing
of the enrolment data and solution.
Preventing identity theft
This also ties back to the encoding process mentioned above.
BIOMETRICS
Additionally, there are four key aspects needed to prevent against
identity theft risks:
The nature of data stored.
• One key reason biometric systems discard the image is to make the
process of reverse engineering as complex or improbable as possible.
Even if we assume a hacker somehow gets hold of a template, a reverse
engineering process will always result in differences from the original
image (as it will be a synthetic/generated image from a much smaller
subset of data).
• This is analogous to a children’s join-the-dots drawing. You can join
the dots in the correct order millions of times, but depending on how
the lines flow, every resultant picture can look slightly different, and
even small differences can have a significantly negative impact when
matching fingerprints.
• Irrespective, the process of reverse engineering is a very complex one
and typically not worthwhile for reasons described below.
System security architecture
At a high level, this includes:
• Hardware/software architecture and resultant robustness against
physical and network penetration,
• Defining access roles and privileges, and
• How the data is encrypted at rest and during transmission.
Spoof detection
This is a key line of defence in biometric systems. Today’s leading
technologies employ complex mechanisms to determine if the
biometric being presented is genuine or some kind of 2D or 3D spoof
attack (such as a fake finger or hand). This drastically reduces the risk or
threat posed by stolen or hacked biometrics
Multi-modal or multi-factor authentication
• By incorporating two biometric factors (e.g. face and fingerprint),
the security of a system can be increased even further. Similarly, by
scanning more than one finger on a hand the accuracy is increased
whilst also increasing the complexity of spoof attacks.
• Incorporating a card and/or PIN in addition to the biometric (or any
combination thereof ) can also be used to further strengthen the
robustness of a system against attack
o Something you know
o Something you have
o Something you are
Continued on page 42
www.securitysa.com Access & Identity Management Handbook 2019 41
BIOMETRICS
Continued from page 41
No system is 100% bulletproof, but one can
design a system to make the level of effort far
outweigh either the reward, or alternate means
of achieving the same goal.
Technology from IDEMIA
As the global leader in biometrics for over four
decades, IDEMIA manufactures a wide range of
FBI PIV IQS-certified optical sensor technology
for access control and time and attendance
markets. These include:
• High-speed touchless 3D fingerprint sensors
(MorphoWave) which scan all four fingers
with a simple wave of the hand.
• Large area contact-based single fingerprint
sensors used in our MorphoSmart and
MorphoAccess Sigma readers.
In addition, IDEMIA’s fingerprint algorithms
are consistently ranked #1 on NIST benchmarks
and are trusted by the world’s largest users
of biometrics. Due to the strength of our
algorithms we are able to offer customers
the ability to configure a security threshold
(assurance level) that is strictly enforced by
our readers irrespective of the database size.
Cheaper biometric products typically suffer
from performance/accuracy degradation as
the user population grows.
Unlike many cheaper alternatives, our
technology is designed and built to last, and
therefore ensures the highest ROI. This is
[email protected]
,
42 Access & Identity Management Handbook 2019 www.securitysa.com
validated by the large number of customers
who are still using Morpho readers installed
almost 20 years ago, which are still performing
better than many new entrants on the market
today. Our sensors and algorithms are proven
in the harshest industries and environments,
and comply with major industry standards.
Our most advance offerings, MorphoWave
Compact and MorphoWave Tower, are
in a league of their own. The 3D imaging
technology is able to acquire up to 30% more
data from each finger and scan all four fingers
multiple times in 3D during a single wave. This
is faster than many competing readers can
scan one finger in 2D.
With in-motion matching, users do not
need to stop or pause at the reader, resulting in
throughput exceeding 45 people per minute.
A major breakthrough with this technology
is that both security and convenience are
increased simultaneously, therefore requiring
no compromises.
User and technology
recommendations
We regularly see some important
fundamentals being overlooked in the
commercial sector. Clients often choose to
buy cheaper technology because they don’t
think of themselves as having the same
accuracy requirements as a major government
organisation, for example. However, a few
simple examples can be used to illustrate the
importance of accuracy and its impact on cost:
• In a time and attendance system, every false
clocking (either because a fingerprint did not
match, or worse, matched incorrectly) leads to
downstream payroll errors that require human
intervention to correct. This has a direct labour,
time and financial cost, which over only a
few months can exceed the cost differential
between a cheap biometric system and an
industry-leading biometric solution.
• In an access control application, a company
with 1000 employees transiting through
a conservative five access points per day,
may have over 1 million access transactions
per year. We often see cheaper biometric
systems being configured with low matching
thresholds such as 1 in 1000 False Accept
Rate (FAR) in order to avoid high levels of
inconvenience due to False Rejection Rate
(FRR). This would result in approximately 1000
incorrect false authorisations per year, leading
to a high risk or fraudulent access and making
the system audit highly questionable.
In addition to potential theft or malicious
attack related losses, implementing an
insecure system opens the organisation to
significant liability risk.
South African organisations should look
closely at the total cost of ownership when
selecting a biometric system. Referencing major
benchmarks such as NIST and researching
which technologies are trusted by major
organisations such as Interpol and the FBI, who
rely heavily on biometrics, is a reliable indicator
of which technology is thoroughly proven, can
scale well, and ultimately can be trusted.
Factors such as local support from the
manufacturer in conjunction with a well-
established channel network of resellers
and installers in the region should also be
considered. Another factor is how long the
vendor/manufacturer has been present in
the market. A biometric system should be
looked at as an investment that should
last a minimum of 5 years but typically
10+ years is common for industry
leaders.
In other words, never
compromise. A more accurate,
proven solution will pay for itself
within months when compared
to cheaper alternatives.
For more information contact
IDEMIA, +27 11 286 5800,
www.idemia.com.

BIMS set to change identity ­management
By Andrew Seldon.
Ideco has announced that its Biometric Identity Management System
(BIMS) is a­ vailable to the market.
Local biometrics integrator, Ideco Biometric
Security Solutions, has announced that its
Biometric Identity Management System (BIMS)
has finally received all the accreditations it
requires to be used for capturing and confirming
identities via a number of modalities.
The BIMS hardware and software was
designed and built in South Africa by Ideco
(at a cost of over R20 million in R&D), with the
support of the Department of Trade and Industry
(DTI) as well as the Department of Science and
Technology. Now that the system is being taken
to market, the DTI has recommended it for use
in government departments and has provided
a letter of recommendation for potential
international customers.
BIMS is a portable biometric enrolment
solution that is able to run on battery power
for up to 12 hours. It can capture six different
biometric modalities: fingerprints, palm vein,
face, iris, voice and signature. Ideco’s CEO,
Marius Coetzee, says that while the device is a
complex piece of technology, it was designed
to be easy to use while capturing biometric
readings that meet international standards:
• Fingerprints are captured by dual LES
­technology scanners which are FBI Appendix
F certified.
• Faces are captured by 5-megapixel cameras
that are ICAO compliant.
• Iris capture is according to NIST-
recommended image quality.
• Palm vein biometrics uses the near-infrared
PalmSecure sensors.
• Voice is captured by an integrated
omnidirectional audio recorder.
[email protected]
, www.ideco.co.za.
Marius Coetzee.
• Signatures are captured on a digital signature
pad that records 4D coordinates (X, Y,
pressure and time).
BIMS is also equipped with a range of
connectivity options, including Bluetooth,
Wi-Fi, 3G, GPS and LAN. When an individual’s
biometrics are captured, the resulting
templates are compressed and encrypted
before being sent to a secure server where
they are stored in the cloud. No matter which
biometrics the customer may require, the
resulting identification templates are secure
and only accessible to authorised people.
Each BIMS device is configurable to the
needs of each customer. A configuration file
on the server is set up for specific tasks, for
example to capture people’s fingerprints and
www.securitysa.com Access & Identity Management Handbook 2019
BIOMETRICS
facial biometrics. When the device is started, it
communicates with the server and downloads
the correct configuration file and sets the
system up accordingly. This allows companies
to use the device for a range of tasks, simply
setting up the configuration files specifying
what the next job will be.
The system consists of two touchscreens;
the operator works on one side while the
person submitting their biometrics sits
opposite them facing their own screen.
Because BIMS captures biometrics
according to accepted international standards,
it is ideal for governments looking to capture
a range of biometrics for citizen identification.
For example, South Africa’s Home Affairs could
use a single device to capture fingerprints,
faces and even signatures from people
applying for passports – from a single device.
It can also be used in banking and retail
environments to register new accounts and
ensure that people are who they claim to be.
Coetzee explains, “The need for secure and
authentic identity management has reached
crisis proportions globally, with demand for
advanced, agile and multi-modal biometric
identity management. Until now, no one could
deliver six modalities in a single portable
device, which can be used in any configuration
for multiple levels of identification, as well as
integrating into existing enterprise systems
quickly and easily.”
For more information contact Ideco
Biometric Security Solutions, 086 104 3326,
43
BIOMETRICS

Tracking biometrics into a brave

new digital world
By Pine Pienaar, MD, Afiswitch.

Integrated multimodal biometric solutions are increasingly popular

for more accurate identity verification and faster real-time results.
The concept of using of biometrics – measuring
an individual’s unique physical and behavioural
characteristics or traits – to confirm a
person’s identity, was conceived thousands
of years ago. For instance, since the dawn of
time people relied on facial recognition to
distinguish between people they did or did
not know. The use of fingerprinting can also
be dated as far back as 500 BC1, whereby these
unique markers were recorded on tablets as
part of verifying the identities of parties to a
transaction.
Whilst society of that time didn’t recognise
the full potential and value of biometrics, the
solutions we use today are still embedded in
the authenticity of these origins. Where the
science behind biometrics really started to
evolve during the 19th and 20th centuries (to
read more on the chronological developments
in the 19th and 20th centuries to modern
biometrics, please see the ‘Detect and protect’
series of articles on my LinkedIn profile.) and
some of the milestones that defined how we
understand and use biometrics today include:
• 18232 – Dr J. E. Purkinje, a professor of
anatomy at the University of Breslau was the
first to publish an essay on the varied ridge
patterns of fingerprints and classified them
into pattern types.
• 18802 – Discussions first commenced on the use
of fingerprints for accurately verifying personal
identification. This followed an article by
Dr Henry Faulds, a Scottish doctor in Tokyo,
Japan, that was published in the scientific
journal Nature, in which he observed the
wide diversity in fingerprints between
individuals and that these markings
remained unchanged throughout life.
• 18823 – The Bertillon System was introduced.
Although use of the Bertillon System as a
standalone method to verify an individual’s
identity, saw a dramatic decline following
the case of William West and Will West at
a Federal Prison in Leavenworth, Kansas,
in 1903, the methodology of the Bertillon
System is still pursued in biometrics and
forensic science today.
• 19364 – The concept of using iris patterns
as a means of recognising and verifying an
individual’s identity was first introduced.
• 19605 – Face recognition becomes semi-
automated, and later the first model of acoustic
speech for identification was proposed.
• 19803 – The first computer database of
fingerprints was developed, which came
to be known as the Automated Fingerprint
Identification System, (AFIS).
° The AFIS was introduced in South Africa in
the 1990s, though this system and other
versions that came after it weren’t very
successful and by 1995 this system was
disbanded. However, efforts continued
to create a system that was optimised
and effective, and a new system was
re-introduced in the country in 2002.
Continued on page 46

44 Access & Identity Management Handbook 2019 www.securitysa.com

BIOMETRICS
Continued from page 44
° Research6 indicates that the AFIS market
will continue to experience solid growth
and the market is expected to be worth US$
8.49 billion by 2020.
It is interesting to note that most of these
developments centred around physiological
traits and unimodal biometric systems. In fact,
much of the focus during the 20th century was
on building devices, back-end databases and
systems that could correctly capture and store
fingerprints so that these records could later
be used to make an accurate and automated
comparison when a ‘one-to-one’ or a ‘one-to-
many’ request was entered into the system.
For that time period, it was strongly
believed that fingerprints alone would be the
universal identifier that could be used for a
number of applications for authenticating and
verifying a person’s identity, but it was soon
realised that other systems could be built on
top of this, including verification for security,
access control, or verifying personal and/or
criminal records, for example.
For the most part, automated fingerprint
identification systems still form the basis of
most biometric solutions today. However,
following the advent of the Internet and given
the pervasiveness of fake documents – linked
to fake identities or identity theft – as well as
major world events such as 9/11, it was realised
that a standalone biometric identifier is not
suitable to meet all the security requirements
of various applications. As a result, the industry
is increasingly transitioning from unimodal
to more integrated multimodal biometric
solutions for more accurate identity verifications
and to deliver faster results in real-time.
[email protected]
,
As an emerging trend, multimodal
biometric solutions can take input from
a single, or multiple devices, capturing
two or more different physiological or
behavioural traits for identity authentication
and verification – depending on the
application and security measures required.
The combinations for a specific application
can vary and may include any number of
identifiers from fingerprints to iris, face or
voice recognition, or a person’s signature –
even a person’s gait signature (distinguishing
someone by the way they walk, although less
known). These biometric identifiers may be
used in combination with any other unique
traits to identify an individual.
For consumers, businesses, government
services and even national and global security
on a macro level, these solutions offer
increased recognition rates and as a result
improved accuracy in verifying the authenticity
of an individual’s identity. Additionally, these
46 Access & Identity Management Handbook 2019 www.securitysa.com
Pine Pienaar.
solutions are able to take live measurements
of more than one biometric identifier and
check them against multiple systems based on
approved integration which presents results
in real-time – this process reduces the risk of
the spoofing or hacking, which inherently
also increases the level of security. (Spoofing
refers to a person attempting to cheat or trick a
biometric system by using a copy or imitation
of the biometric identifier of the authentic
subject. For example, someone trying to use a
copy of another person’s fingerprint.)
While unimodal fingerprint systems
will continue to have a place in the market,
multimodal biometric solutions are certainly
more robust and reliable. But, the real value of
these solutions is in the diverse applications in
which they can be used, across any sector or
industry, to better protect personal information
– and to detect and protect against fraud and/or
other illicit or criminal acts.
As we leap forward to the current brave
new digital age, due to the ongoing waves of
digital transformation, biometric solutions are
dubbed to go mainstream as the foundation to
managing identity authentication and digital
security. In fact, an IBM Security Report7 found
that while 67% of respondents said they are
comfortable using biometric authentication
today, 87% say they’ll be comfortable with it in
the future.
As the digital play in biometrics rapidly
evolves, these solutions include fingerprints,
facial recognition and even iris or retina
scanners on mobile devices, at ATMs and self-­
service check-in counters at airports. Devices
and solutions will be designed and built
specifically to address the need application
and the fluidity of this modern world. In fact,
there are already examples of such applications
being implemented and tested globally. Going
forward, we expect that mainstream adoption
of biometrics will impact how employers,
service providers and technology companies
provide end-users with access to these devices,
applications and services in the future.
However, the biggest challenge for the
industry and for the public and private entities
that want to adopt biometric solutions as
part of their identity verification and security
protocols, is to obtain user (consumer) buy-
in. There are concerns over how and where
biometric data will be captured and stored
– and how secure the information will be.
Though these concerns can be easily allayed as
it is possible to securely capture, encrypt and
store biometric data, and the research by IBM7
shows that consumers are ready and willing
to make use of biometric solutions. The onus
is now on the industry and organisations to
make use of flexible identity platforms that
provide users with accuracy, security, speed
and convenience – which makes the identity
verification process a positive user experience.
In today’s fast-paced lifestyles, knowing
who you are dealing with is critical in order to
manage personal, business and even s­ ocietal
risks on a macro level. The fundamental
attribute of biometrics remains as the ability to
verify an individual’s identity, which continues
to become ever more prevalent in the digital
age. Therefore, with the added benefits of
agility and scalability offered by digital and
mobile biometric solutions, mainstream
adoption is only a matter of time.
For more information contact Afiswitch,
+27 12 679 2900,
www.afiswitch.com.
References
1. https://www.biometricupdate.com/201802/
history-of-biometrics-2
2. https://books.google.co.za/books?id=kN
yPkc2ADTsC&pg=PA13&lpg=PA13&dq=
1680+fingerprinting+history&source=bl
&ots=w_lCfgQ6AEwDHoECAUQAQ#v=o
nepage&q=1680%20fingerprinting%20
history&f=false
3. http://www.crimescene-forensics.com/
Crime_Scene_Forensics/History_of_
Fingerprints.html
4. https://www.biometricupdate.com/201206/
explainer-iris-recognition
5. https://www.biometricupdate.com/201601/
explainer-facial-recognition
6. https://www.marketsandmarkets.com/
PressReleases/automated-fingerprint-
identification-system.asp
7. IBM, Future of Identity Study, 2018

Panasonic’s Face Recognition Server
Deep learning allows for partial face recognition and Best Shot selection.
Panasonic has adopted deep learning
technology in its face recognition products.
This has led to the successful development
and commercialisation of the face recognition
technology that overcomes the difficulties of
conventional technologies, such as recognising
faces when they are tilted, changed by ageing,
or partially hidden with sunglasses. Panasonic
will offer this product as a personal recognition
solution for video security in various situations,
such as the monitoring of public facilities and
entry management.
The new software features a core
engine that boasts the world’s highest face
recognition performance. The product
achieved the highest level of face recognition
performance in the world in a comparison test
(IJB-A Face Verification Challenge Performance
Report/IJB -A Face Identification Challenge
Performance Report) of NIST (the National
Institute of Standards and Technology) of the
United States.
This high-precision face recognition
software can identify faces that are difficult
to recognise with conventional technologies,
including faces at an angle of up to 45 degrees
to the left or right or 30 degrees up or down,
and those partially hidden by sunglasses.
In addition, the new software features
the ‘iA (intelligent Auto) mode’ that
automatically adjusts settings for the camera
to shoot optimal images best suited for face
recognition. When it is used with Panasonic’s
[email protected]
,
i-PRO EXTREME series network cameras
installed with the ‘Best Shot License Key’ that
comes bundled with the software, only the
‘Best Shots’ will be sent to the server for face
recognition. The combination of Panasonic
core devices and the face recognition software
maximises the performance of the software’s
core engine to achieve high-precision
recognition. The company plans to add a
function to recognise faces partially covered
with a surgical mask, which is difficult with
conventional systems.
Cameras equipped with the iA function
enables image analysis to be performed on the
camera and then send only the best images
to the server. This will result in reducing server
and network loads, which leads to overall
system cost reductions. In the case of 10 or
more network cameras connected to the
system, the costs can be reduced by about 40%
to 50% compared to conventional systems that
do not use the Best Shot function.
Software features
High precision: The deep learning technology
used in the new software was jointly
developed with the National University of
Singapore and improves face recognition
performance by up to 500% compared to
conventional systems. (The rejection rate
reduced to 20% when the wrong person
acceptance rate is set to 0.01 with the IJB-A
face image dataset.)
A unique algorithm that combines deep
learning with a similarity calculation method
www.securitysa.com Access & Identity Management Handbook 2019
BIOMETRICS
that suppresses errors enables recognition in
situations that were difficult with conventional
face recognition technology.
iA function and Best Shot: The iA function
enables cameras to automatically detect the
scene and automatically optimise the settings
accordingly to improve the detectability of
the video images. The camera automatically
detects the moving objects, movement
speed, faces, and light intensity (day/night/
headlights) found in video that are usually
hard to see due to subject movement and
backlight, and optimises the settings in
real-time and capture more optimal video of
the subject.
Performing facial recognition on the server
using the Best Shot images reduces server load
and hard drive capacity requirements as well
as permitting up to 20 network cameras to be
connected to a single server. (The number of
cameras that can be connected depends on
the number of people passing by the camera
and the retention period for face images.)
System expandability: Simple batch
registration of a maximum of 10 000 faces is
possible with the standard Face Recognition
Server Software. The optional Face Registration
Expansion Kit enables registration of up to
30 000 faces at large-scale facilities.
For more information, contact Franz Kersten,
Panasonic South Africa, +27 11 312 7015,
www.panasonic.com.
47
BIOMETRICS
A better approach to
fingerprint biometrics
An Integrated Biometrics White Paper.
LES optical direct imaging sensors: a smarter
alternative to prism-based scanners.
Not all optical biometric fingerprint scanners are created equal.
The type of sensor used has a powerful impact on speed, accuracy,
reliability and portability. Most scanners rely on fragile, heavy
prism assemblies to generate high-quality images. This whitepaper
introduces Integrated Biometrics’ Light Emitting Sensor (LES)
optical technology and demonstrates how it creates faster, more
reliable results than any other fingerprint scanning system currently
available.
The LES optical scanning advantage
Integrated Biometrics sensors use LES film – a patented
electroluminescent polymer – rather than prisms to generate
exceptionally high-resolution scans when touched by one or more
fingers. The conductive properties of a finger energise particles
of dielectric phosphor suspended in the thin film substrate. The
luminescent glow of the phosphors produces an exact image of the
fingerprint.
LES sensors are optical devices that fully meet the standards
for electro-luminescent (EL) optical imaging, as determined by the
United States National Institute of Standards and Technology (NIST).
Page 14 of NIST Special Publication 500-280v2 defines the EL optical
direct imaging used in LES as: A contact technology in which the
ridges and an Alternating Current (AC) signal cause an EL panel to
emit light which is captured by an imaging system.
The LES sensor generates the light needed for the scan, rather
than a complicated assembly of platen, light source, and prism. The
resulting image is captured using digital camera optics. LES sensors
require far less power than prism-based systems. They are thinner
and lighter, making LES the ideal medium for portable scanning
systems. LES is unaffected by oils from previous fingerprints, dirt,
heat, or cold. Operators can use LES sensors in a wider range of
operating conditions, without having to clean the sensor between
scans.
This superior performance generates high-resolution optical
scans that are FBI-certified (Appendix F and PIV), ensuring products
that meet or exceed this ‘gold standard’ for biometric fingerprint
validation. LES delivers these scans extremely rapidly, with built-in
testing to eliminate spoofing and other attempts at fraudulent
validation.
How LES technology works
Integrated Biometrics’ LES-based sensors generate high-resolution
fingerprint scans by using energy to excite phosphorus particles
suspended across a thin film substrate. The electroluminescent
particles’ light emission varies, based on a finger’s ridges and valleys.
Contact with the sensor therefore produces an accurate, high-
resolution image of the fingerprint (Figure 1).
48 Access & Identity Management Handbook 2019 www.securitysa.com
Unlike glass-based sensor systems that require significant
amounts of light to create a scan, LES sensors need only a small
amount of energy, plus the conductive properties of a human
finger placed on the sensor’s bezel and platen, to excite the
phosphor particles in the film. The result is an image so detailed
that even sweat pores are evident within a fingertip’s ridges and
valleys. High-speed digital cameras capture these high-resolution
images. Either a CMOS camera with a traditional glass lens or thin
film transistor (TFT) camera, depending on the intended use of the
scanner.
Since LES sensors rely upon conductivity from the bezel across
the finger to the platen to generate an image, LES scanners
automatically position fingers for optimal scanning and maximum
surface area. Any attempt at spoofing using non-conductive
materials is automatically rejected, since no image can result
(Figure 2).
Image files transfer to host PCs, tablets or smartphones using
an ordinary USB interface. This connection also acts as the sensor’s
power source, removing the need for a separate wired connection
The FBI chooses Integrated Biometrics
The United States Federal Bureau of Investigation (FBI) is one of
many law enforcement agencies that recognise the advantages that
come from LES-based fingerprint scanners. The FBI recently selected
Integrated Biometrics’ Kojak scanner as the sole source for a major
purchase. The reason, according to the FBI, was that:
“No other fingerprint scanners were found capable of meeting
the weight, size, and power requirements, as well as meet the
requirement of being FBI certified.”
When performance and portability are critical, LES optical
fingerprint sensors are clearly the superior choice.
Source: Federal Bureau of Investigation. Requisition Number
DJF-16-0100-PR-0002913, December 2015

Figure 1.
Figure 2.
or battery pack. LES scanners can operate
for hours using a cellphone battery without
additional auxiliary power, making this
technology ideal for field operations using
smartphones and tablets.
A smarter approach for biometric
fingerprint scanning
Integrated Biometrics’ LES sensors deliver
reliable, 500ppi FBI-certified optical
fingerprint scans in compact devices that
are more portable than any other scanners
currently available. Integrated Biometrics’
sensors automatically enforce proper
scanning position for the maximum surface
area across one or more fingerprints. They
enrol or scan multiple fingers quickly (2fp and
442fp), without requiring the surface to be
cleaned between scans.
LES sensors recognise the topography of
a finger using the conductivity properties of
human skin, rather than the surface image
generated by backlit glass platens and prisms.
This difference in functionality helps detect
and reject spoofing and other attempts at
evasion.
[email protected]
,
Since LES sensors use a thin polymer
film rather than heavy, fragile glass surfaces
and complicated prism assemblies and light
sources, fingerprint scanners using LES work
in extremes of temperature, dirt, glare, and
humidity where other technologies cannot.
The scanning surface itself is resistant to
minor abrasions, and there are no light
sources to burn out and replace.
Low energy consumption makes LES
sensors ideal for portable applications,
drawing power through the USB connection
of a typical smartphone or tablet.
Integrated Biometrics is the first, and
the only provider of FBI-certified optical
fingerprint sensors using LES technology. Its
superior performance, durability, light weight
and low power requirements have made it
the obvious choice for federal, state and local
law enforcement and border control agencies,
as well as handheld device manufacturers
seeking a better solution for biometric
identity validation. Today’s heightened
security concerns and performance
requirements demand a smarter approach
to optical fingerprint scanning. Integrated
Biometrics’ LES-based sensors meet that
requirement.
www.securitysa.com Access & Identity Management Handbook 2019
BIOMETRICS
Why is LES technology better than
traditional prism-based scanners?
While LES technology is optical, it does differ
in positive ways from traditional technologies
that employ a clear glass platen and prism.
Traditional optical sensors only ‘see’ the surface
topography of the finger (or fake finger)
presented on the glass. This technology is
susceptible to image spoofing. LES sensors
inherently guard against spoofing as they
require the friction ridge of the finger to
contact the film while simultaneously
contacting the device’s bezel. The connection
between LES film and bezel complete a circuit
and create the fingerprint image. Without the
conductivity properties of the human finger,
fake fingers will not work. Additionally, the
oils, latent prints, and dirt that are often left
behind and ruin images on a traditional glass
platen, are simply not ‘visible’ when using the
LES sensor. This simple difference between
LES and prism-based sensors means no more
cleaning the platen after every single use – LES
technology excels in unattended applications.
FBI standards for biometric
fingerprint identity validation
There are two standards currently in use for
fingerprints: Appendix F and PIV-071006.
• Appendix F has stringent image quality
conditions, focusing on the human
fingerprint comparison and facilitating
large-scale machine many-to-many
matching operation.
• PIV-071006 is a lower level standard
designed to support one-to-one
fingerprint verification. Certification is
available for devices intended for use in
the FIPS 201 PIV programme.
Integrated Biometrics’ LES optical
scanners meet both standards, using LES
sensors to deliver a lighter, more robust
scanner that requires far less power than
traditional prism-based systems.
Source: FBI Biometric Centre for Excellence
The full paper can be downloaded
at https://integratedbiometrics.com/
wp-content/uploads/2017/05/INB-WP-LES-
Smarter.pdf
For more information, contact
Robert Jones, Integrated
Biometrics, +27 60 503 7077,
www.integratedbiometrics.com.
49
BIOMETRICS
Your face tells a story
By Andrew Seldon.
Facial recognition has advanced to the point where it can be rolled out over large
areas and accuracy is no longer a hit-and-miss affair.
There are many companies offering facial
recognition today, most of them incorporating
some form of artificial intelligence into their
identification and authentication offerings.
Unfortunately, facial recognition has not
gained the best reputation over the years,
although there are some success stories in
controlled environments.
NEC XON held its seventh annual summit
at Sun City in October and mixed in with
the various discussions on Industry 4.0, safe
cities and artificial intelligence (among other
topics), facial recognition gathered more than
a few mentions as a non-intrusive and reliable
identification mechanism of the future.
Following the summit, Hi-Tech Security
Solutions spoke to Bertus Marais, GM, public
safety and security at NEC XON about facial
recognition and NEC’s work in this regard.
When considering the previous lack of
reliability of facial recognition, due in large
part to issues such as uncontrolled lighting or
people not looking directly at the camera, or
wearing caps and other clothing that hides
part of the face, Marais says environmental
difficulties have always played a role and will
continue to do so.
However, he adds that the algorithms
behind facial recognition have improved so
remarkably that things like the angle of a
person’s face or the lighting make much less
difference today. The camera hardware has
also improved and continues to do so, but
the biggest improvements have been in the
50 Access & Identity Management Handbook 2019 www.securitysa.com
Bertus Marais
algorithms that work behind the scenes to
interpret the data they receive.
Indirect and old views
The issue of lighting and whether the subject
is looking directly at the camera, or if he/
she is wearing sunglasses or a cap (and even
ageing) is no longer as big a hindrance to facial
biometrics. Marais says NEC has made huge
inroads in this regard.
“Performance will always be best if you
have a fully visible and well-lit frontal image
and an image pair within five to 10 years of
each other, for example a passport and source
that are maximum 10 years apart. However, the
real world does not always work like that.
“In the real world people wear hats and
glasses, their faces are often partially obscured,
often at an angle and presented in various
lighting conditions. The more the image of the
face deviates from perfect, or the bigger the
age gap becomes, the lower the match scores.
A weak algorithm will deviate widely between
good and poor quality images, while a strong
algorithm’s accuracy will tail off, but with a
gradual and predictable drop.”
When a face is enrolled into the NEC facial
biometric system, he says the AI-enabled
technology automatically simulates how the
face would look, not only in ideal conditions,
but also in a variety of lighting conditions and
angles. Additionally, the technology does not
need to see all of the face to get a good match.
Ageing does impact the match scores, but
the tail-off is very predictable; we have many
examples of a 30+ year age gap still yielding
successful results. “As a general rule, if a human
could identify someone from the facial picture,
our algorithm is highly likely to as well; this
usually translates to about 70% of the face being
visible. Unlike a human, the algorithms can do
this against many thousands of faces in real-time.”
Privacy and facial biometrics
If we assume that facial biometrics work well, the
privacy issues of using it in public spaces needs
to be addressed as there will be nothing to stop
anyone from identifying you anywhere if there
are no rules to manage the use of the technology.
Facial recognition offers a unique platform
that can help in many areas of society, notes
Marais, from providing benefits such as
national security, law enforcement, and more.
Other examples include speeding up and

streamlining a traveller’s airport experience,
to reducing fraud in the financial sector,
to ensuring that aid reaches the intended
recipient after a disaster, to ensuring that a self-
registered problem gambler can get the help
they need, all the way through to hospitality,
VIP solutions and beyond. All of these areas
offer a unique opportunity to provide benefits
to society, but each has a very different context
and use-case. These must be addresses with a
privacy model appropriate to the use-case.
“The key to this question is, “What is the
context of the use-case?” It is reasonable to
assume that a national security agency acting on
firm intelligence responding to a potential life-
endangering scenario will take a very different
view to a local retail outlet using the technology
to provide a VIP customer experience,” states
Marais. “Different use-cases will take different
approaches to areas such as where the cameras
are placed, what they are used for, who is
captured, what records are stored, what records
are enrolled, data retention periods, encryption
and security, alerting mechanisms, audit, etc.
“As with all technologies, robust regulatory
frameworks and policies should be encouraged
to drive ethical and responsible adoption,”
he continues. “The public, governments,
corporations and customers have a role to play
in this area. From a technological standpoint,
the system is taking the exact same data as a
regular CCTV camera; in fact, it is storing less
information as most facial recognition systems
tend not to store the entire video, but rather
just the faces. The underlying point is that use
of any facial recognition system should be
subject to an appropriate level of control; this
comes down to context of the use case and the
governing frameworks.”
Facial biometrics closer to home?
Most of the concepts of facial recognition we
hear about are in a safe-city scenario or being
used in airports or public transport, but what
about identity authentication in the workplace
or even at home? Could your laptop’s webcam
act as a touchless authentication mechanism
to make online shopping or logging into your
corporate network as simple as a glance?
Liveness detection is a crucial issue in
this regard, adds Marais. Some specialised
webcams have depth of field sensing, which
is crucial to liveliness detection, but the
technology is not widely adopted because it
is expensive and not as mature as we would
like for tasks such as identity-based access
privileges to physical and virtual environments.
“Your average laptop camera or webcam
is essentially a 2D view of the world. You can
trick most of those into facial recognition
with a good quality photograph or video of a
person. The camera has no way of knowing if
it’s looking at a live human being.
“Current high-end camera technology
that gets a real 3D view of the world is far
better and cannot be so easily tricked. But it’s
expensive so it’s unusual to deploy it today.
We prefer not to position facial biometrics for
access control, but rather for surveillance.”
He continues, “we prefer to use a different,
two-factor system for access control. For
example, if the facial recognition system sees
me walking past the restrooms it knows I’m not
at my desk. It can check my laptop or desktop
system and, if it’s still active, lock it down so
nobody can access it. Or we use a fingerprint
and a face check, or a normal magnetic access
card combined with fingerprints or facial
recognition.”
www.securitysa.com Access & Identity Management Handbook 2019
BIOMETRICS
Real-world usage
Facial biometrics are being used worldwide
for a number of applications, at ports of entry
and exit they are used to scan hundreds of
thousands of faces daily. They are used for
public surveillance, such as is the case with
an African authority that runs it across urban
CCTV networks. They use it for safety and
incident management. The same technology
will be used for safety, monitoring, and
management at the upcoming Olympics to be
held in Japan. It’s already being used to help
control hooliganism at soccer matches across
Europe and it is being used for border control
at several locations across Africa.
“NEC’s NeoFace Watch facial recognition
software is now so advanced that it is scanning
tens of thousands of faces in minutes, with
many successful frames per face to record a
match. That’s how fast it is,” Marais says. “But it
obviously requires the right infrastructure to
support it, which many cities and facilities now
already have.
“You have to network all the cameras, feed the
data to servers in a properly maintained data centre,
analyse the huge volumes of data intelligently,
return usable results with high accuracy for
processing by humans so they can respond – and
all of that in real time. It’s sophisticated, accurate,
and dependable and organisations, from countries
to cities, installations, structures and public venues
can definitely use existing technologies such as
CCTV and networks. They only add what’s missing
from the total picture.”
For more information contact Mark Harris,
NEC XON, +27 11 237-4500,
[email protected],
www.nec.xon.co.za.
51
ACCESS SELECTION GUIDE
Access and Beyond Access and Beyond

Device/solution: Access Portal S-Series

Device/solution: uPass Reach (Region 1) Long Range Reader Unit
Manufacturer/brand name: NEDAP
Distributors: Access and Beyond
Product description: The uPASS Reach offers long-range vehicle
identification up to 5 metres using the latest UHF technology. Based on
battery-free, passive technology, the uPASS Reach reader is a cost
effective and enduring solution for parking access.
Typical applications: Vehicle access control for security areas,
residential estates and industrial areas
Contact details: Christo Myburgh,
Manufacturer/brand name: Impro
Distributors: Access and Beyond
Product description: The new S-Series range of access control is all
about making things simpler and quicker, with true plug-and-play
hardware that quickly clips together for rapid expansion – no additional
wiring needed. Readers can be installed up to 150 m from the cluster and
module for greater flexibility without masses of additional hardware. Cost
savings are possible by being able to use one cluster, with one module to
manage 8 readers (1+1=8), and time on site is reduced.
Typical applications: Access control expansion

[email protected], Contact details: Christo Myburgh, [email protected],
+27 31 263 1487, www.accessandbeyond.com +27 31 263 1487, www.accessandbeyond.com

ASSA ABLOY ASSA ABLOY SA

Device/solution: Aperio Wireless Access Control

Manufacturer/brand name: Aperio
Distributors: ASSA ABLOY
Product description: Quick and easy to install, Aperio locks can be
operated with the same access cards used on existing access control
systems. With a wide range of high-security, certified battery-powered Device/solution: SMARTair Access Control
locks, Aperio cuts energy costs and reduces maintenance costs. Aperio Manufacturer/brand name: ASSA ABLOY
has locks for various applications, including data centre management Product description: SMARTair is a powerful access control system
solutions. that offers an intelligent, simple step up from keys. It is easy to install
Typical applications: Access control, server locks and access rights are stored in the door device - independent, robust,
Integration support: Access control systems minimising communication problems. It’s easy to add and update user
Contact details: Pieter Geyser, [email protected], rights, and simple to update locks. The locks are battery powered for
+27 11 761 5000, www.assaabloy.co.za easy installation.
Typical applications: Access control
Contact details: Pieter Geyser, [email protected],
+27 11 761 5000, www.assaabloy.co.za

52 Access & Identity Management Handbook 2019 www.securitysa.com


Boomgate Systems
Device/solution: Genius Rapid Vehicle Barrier
Manufacturer/brand name: Boomgate Systems
Distributors: Boomgate Systems
Product description: The Genius Rapid BGST–D107 barrier is designed
to handle a high volume of traffic and has a 100% duty cycle, opening
speed of 1,5 seconds, and life expectancy of 3 million operations. Left
and right-hand barriers are available requiring minimum maintenance.
A battery backup option is available and comes standard with an LED
robot on the cabinet.
Typical applications: Vehicle access control
Integration support: Can integrate with any access control system on
the market
Contact details: Andre Rossouw,
[email protected]
, Contact details: Ernest Mallet,
[email protected]
,
+27 11 674 4441, www.boomgatesystems.co.za
CEM Systems
Device/solution: CEM AC2000 Security Management System
Manufacturer/brand name: CEM Systems
Distributors: Tyco Security Products
Product description: AC2000 is an enterprise access control and
integrated security management system that is highly flexible to meet
unique project needs. Acting as the security management system,
AC2000 provides a powerful command and control front-end for
alarm management of multiple systems including access control,
video, intrusion, fire and perimeter detection.
Typical applications: Transportation, healthcare, education,
corporate, oil and gas
Integration support: CCTV, intrusion, perimeter detection,
fire and more
Contact details: Ernest Mallet,
[email protected]
, Contact details: Ernest Mallet,
[email protected]
,
+44 2890 456 767, www.cemsys.com
ACCESS SELECTION GUIDE
CEM Systems
Device/solution: CEM emerald Intelligent Access Terminal
Manufacturer/brand name: CEM Systems
Distributors: Tyco Security Products
Product description: emerald is an advanced, intelligent IP access
terminal revolutionising the security industry. A powerful reader and
controller in one terminal, emerald features an LCD touchscreen, fully
integrated VoIP intercom, fingerprint reader (biometric variant) and a
range of remote apps and door modes that provide operational benefits
beyond access control.
Typical applications: Indoor and outdoor access terminal, intercom,
room booking, time and attendance
Integration support: Designed for use with CEM’s AC2000 security
management system
+44 2890 456 767, www.cemsys.com
CEM Systems
Device/solution: CEM S700 Intelligent Card Reader/Controller
Manufacturer/brand name: CEM Systems
Distributors: Tyco Security Products
Product description: The S700 is a next generation, fully integrated
card reader and combined controller. It is IP65 rated with a capacitive
light-touch keypad, graphical display and multi-colour LED light bar.
The S700 is a versatile device with a range of door modes for
controlling access to restricted areas, and offers operational benefits
that go beyond security.
Typical applications: Indoor and outdoor access terminal
Integration support: Designed for use with CEM’s AC2000 security
management system
+44 2890 456767, www.cemsys.com
www.securitysa.com Access & Identity Management Handbook 2019 53
ACCESS SELECTION GUIDE

Dahua Technology South Africa Dahua Technology South Africa

Device/solution: ASI1212D
Manufacturer/brand name:
Zhejiang Dahua Technology
Distributors: Elvey, Reditron,
Inhep Digital Security, Security
Warehouse
Product description: The
Dahua access control solution
integrates door control, user
management, real-time video
push, time and attendance, and
E-map. The all-in-one system is
customised to meet the needs of
all managed buildings.
Typical applications:
Device/solution: ASA1222E Waterproof fingerprint
Manufacturer/brand name: Zhejiang Dahua Technology standalone, anti pass-back,
Distributors: Elvey, Reditron, Inhep Digital Security, Security Warehouse access control, network access,
Product description: The Dahua access control solution integrates door alarm
control, user management, real-time video push, time and attendance, Integration support:
and E-map. The all-in-one system is customised to meet the needs of all Developer API
managed buildings. Contact details: Fritz Wang,
Typical applications: Standalone time and attendance [email protected],
Integration support: Developer API +27 72 628 6810,
Contact details: Fritz Wang, [email protected], www.dahuasecurity.com
+27 72 628 6810, www.dahuasecurity.com

Dahua Technology South Africa Doculam

Device/solution: ASC1204B-S
Manufacturer/brand name: Zhejiang Dahua Technology
Distributors: Elvey, Reditron, Inhep Digital Security, Security Warehouse
Product description: The Dahua access control solution integrates door
control, user management, real-time video push, time and attendance,
and E-map. The all-in-one system is customised to meet the needs of all
managed buildings.
Typical applications: Four door access controller, anti pass-back, alarm
function, user management
Integration support: Developer API
Contact details: Fritz Wang, [email protected], competitors.
+27 72 628 6810, www.dahuasecurity.com
Device/solution: Magicard PVC Card Printers
Manufacturer/brand name: Magicard
Distributors: Doculam
Product description: Magicard ID card printers are a superior brand of
printer backed by the industry’s best warranties. The printers’ ability to
support field upgrades to transform them from single side printers to
double side printers allows for flexibility to adapt to clients’ changing
requirements. The additional card security features that come with the
Magicard Rio range of printers helps the brand stand out against its
Typical applications: Access control, student cards, driver’s licences,
loyalty cards
Contact details: Shaun Stanley, [email protected],
+27 21 557 0666, www.doculam.co.za

54 Access & Identity Management Handbook 2019 www.securitysa.com

 ACCESS SELECTION GUIDE

Doculam Doculam
Device/
solution: Alcohol
Breathalysers
Manufacturer/
brand name:
Alcovisor
Distributors:
Doculam
Product
description: The
Alcovisor range
of breathalysers
Device/solution: Metal detectors
carry a selection
Manufacturer/brand name: Garrett
of specifications
Distributors: Doculam
suited to each access screening application. The range
Product description: Garrett metal detection products form an
is made up of the Mark X, Mercury and Alcofind units. As alcohol
essential part of threat detection for a number of different sectors in the
screening forms part of an organisation’s health and safety regulations,
security industry. The walkthrough units come with 36 zones of
this is normally performed at a company’s ingress and egress points. The
detection and are superior in their class. Normally used in conjunction
Alcovisor range has been performing exceptionally well over the past
with the Garrett walkthrough units are the Garrett handheld super
12 years since its introduction to South Africa and continues to win the
scanners which professionals in the security industry trust as being
market’s trust.
reliable and having stood the test of time.
Typical applications: Access control, screening, industry,
Typical applications: Access control, security at checkpoints in airports,
law-enforcement
government facilities, entertainment and transportation venues, to
Contact details: Shaun Stanley, [email protected],
mention a few
+27 21 557 0666, www.doculam.co.za
Contact details: Shaun Stanley, [email protected],
+27 21 557 0666, www.doculam.co.za

ET Nice ET Nice

Device/solution: WIDE Vehicle Barriers
Manufacturer/brand name: ET Nice
Distributors: Regal Distributors, Elvey, Stafix, IDS
Product description: WIDE manual and automated boom pole systems
for vehicle traffic access control, including optional extras, accessories
and spares. Proudly designed, manufactured and supported in South
Africa.
Typical applications: Access automation
Integration support: Electronic technology
Contact details: Gerald Kirsten, [email protected], +27 21 404 8000,
www.niceforyou.com/za
Device/solution: Gate and garage door operators
Manufacturer/brand name: ET Nice
Distributors: Regal Distributors, Elvey, Stafix, IDS
Product description: A world without barriers. Automated gates and
garage doors created for residential and high-traffic areas. Available
with a full range of accessories proudly designed, manufactured and
supported in South Africa.
Typical applications: Access automation
Integration support: Electronic technology
Contact details: Gerald Kirsten, [email protected], +27 21 404 8000,
www.niceforyou.com/za

www.securitysa.com Access & Identity Management Handbook 2019 55

ACCESS SELECTION GUIDE

ET Nice iMAT Manufacturing

Device/solution:
iMAT Full-Height
Turnstile with Guide
Manufacturer/
brand name: iMAT
Distributors: iMAT
Product
description:
Built to last, iMAT
Manufacturing’s
range of full height
turnstiles offers
excellent security
no matter the
application.
Device/solution: ET Blu Mix transmitters and receivers
Typical
Manufacturer/brand name: ET Nice
applications: Physical
Distributors: Regal Distributors, Elvey, Stafix, IDS
access control
Product description: The most cost-effective, simple solution to take
Integration support:
control of your world. Transmission range of up to 750 m. South Africa’s
Biometrics, payroll
favourite and safest solution with its unhackable code and longest
Contact details:
range. Lifetime warranty on all transmitters.
iMAT, [email protected],
Typical applications: Access automation
+27 21 556 3866,
Integration support: Electronic technology/system integrator
www.imat.co.za
Contact details: Gerald Kirsten, [email protected] +27 21 404 8000,
www.niceforyou.com/za

Impro Technologies Impro Technologies

Device/solution: Access portal management software

Device/solution: Access in a Box
Manufacturer/brand name: Impro Technologies
Distributors: Powell Tronics, Elvey, Access & Beyond
Product description: One of the most cost effective solutions
available, Access in a Box comprises everything needed to manage
up to eight doors, securely housed in a metal enclosure. Installation time
and cost is reduced through the use of three-core cable and users can
access their system 24/7 with their smartphone, tablet or PC, around the
world.
Typical applications: Access control, door entry, web-based solution
Contact details: Mike Kidson,
Manufacturer/brand name: Impro Technologies
Distributors: Powell Tronics, Elvey, Access & Beyond
Product description: Access control management software providing
advanced functionality, packaged within a simple to use interface,
whilst ensuring easy maintenance. The software provides all the tools
needed to securely manage access control – whether a small business
or a large enterprise operation, the system scales with the user’s
needs. Free software, along with Pro and Enterprise versions are
available.
Typical applications: Access control, web-based solution
Integration support: Comprehensive API, 24-hour technical support
centre, integration with CCTV, elevator control, T&A and more

[email protected], +27 11 469 5568, Contact details: Mike Kidson, [email protected], +27 11 469 5568,
www.impro.net www.impro.net

56 Access & Identity Management Handbook 2019 www.securitysa.com

 ACCESS SELECTION GUIDE

Impro Technologies iPulse Systems

Device/solution: iPB4 Biometric
and Multi-Class Card Reader
Manufacturer/brand name:
iPulse Systems
Distributors: iPulse Systems
Product description: The iPB4
is a competitively priced indoor
fingerprint-based biometric access
control unit with optional
smartcard support and a small
footprint, ideally suited to
corporate environments. A fully
programmable Wiegand interface
Device/solution: Access Portal makes the iPB4 a flexible, cost-
Manufacturer/brand name: Impro Technologies effective solution for new and
Distributors: Powell Tronics, Elvey, Access & Beyond existing security systems.
Product description: Access Portal is a highly scalable, simple to Typical applications: Access
use access control solution comprising all the hardware, software control, workforce management
and accessories to protect premises – whether a small business or Integration support: Full secured
multinational enterprise. Available in a plastic or secure metal housing, API framework
the solution scales with the user’s needs to manage a few people, or a Contact details: Sales team,
million people. [email protected], 0860 478 573,
Typical applications: Access control www.ipulsesystems.com
Integration support: Free 24-hour technical support centre, accredited
training and broad array of security integrations
Contact details: Mike Kidson, [email protected], +27 11 469 5568,
www.impro.net

iPulse Systems Paxton Access

Device/solution: IQSuite.cloud
Manufacturer/brand name: iPulse Systems
Distributors: iPulse Systems
Product description: Simple, secure and powerful: IQSuite.cloud
brings the as-a-service model to the access control and workforce
management space. Control and manage access to all your secure
areas, and track when and where team members use the system from
anywhere. Live clock events ensure that you know instantly who is using
what door, and what time they were there.
Typical applications: Access control, visitor management, workforce
management
Integration support: Full secured API framework Device/solution: PaxLock Pro
Contacts details: Sales team, [email protected], 0860 478 573, Manufacturer/brand name: Paxton Access
www.ipulsesystems.com Distributors: Regal Security, Reditron
Product description: PaxLock Pro is Paxton’s wireless networked access
control solution in a door handle. It communicates wirelessly to the
server PC via a Net2Air Bridge, reducing cabling and installation time.
Typical applications: Access control
Integration support: CCTV, fire alarm, intruder alarm, visitor
management
Contact details: Paxton, [email protected], +27 21 427 6691,
www.paxtonaccess.co.za

www.securitysa.com Access & Identity Management Handbook 2019 57

ACCESS SELECTION GUIDE

Paxton Access Paxton Access

Device/solution: Net2 access control

Manufacturer/brand name: Paxton Access
Distributors: Regal Security, Reditron Device/solution: Net2 Entry
Product description: Our networked access control system, Net2, is Manufacturer/brand name: Paxton Access
administered using one or more PCs and can be monitored and man- Distributors: Regal Security, Reditron
aged from a central location. Product description: Net2 Entry is a video door entry system that
• Up to 1 000 doors and 50 000 users. works standalone or alongside Paxton’s Net2 access control. Consisting
• Licence free software for life. of three components that auto-detect on setup – external panel, inte-
• 5 year swap-out warranty. rior monitor and door control unit – it is a plug-and-play solution that
• Simple to install, easy to use. comes with a range of panel options and is suitable for a wide variety
Typical applications: Access control for the mass market of sites.
Integration support: Biometrics, CCTV, fire alarm, intruder alarm, Typical applications: Video door entry
visitor management Integration support: Net2 access control from Paxton
Contact details: Paxton, [email protected], Contact details: Paxton, [email protected],
+27 21 427 6691, www.paxtonaccess.co.za +27 21 427 6691, www.paxtonaccess.co.za

Powell Tronics Reditron

Device/solution: PT-Guest Device/solution: PaxLock Pro

Manufacturer/brand name: Powell Tronics
Distributors: Powell Tronics
Product description: PT-Guest is a fully integrated visitor management
solution for access control, locally developed and supported. It captures
visitor info using portable handheld wireless enabled devices, catering
for pre-authorised visitors via a web, SMS or app interface. Detailed
management reporting gives both security and management control
of visitors.
Typical applications: Visitor management
Integration support: Impro, IXP (and portal), IDEMIA
Contact details: Mike Austen,
Manufacturer/brand name: Paxton Access
Distributors: Reditron
Product description: PaxLock Pro is a wireless access control
solution that can be installed in standalone mode or as part of a
Net2 networked system, offering sites the flexibility to upgrade to a
networked solution as and when required. Two designs are available
for internal and external facing doors, offering more versatility for your
customers than ever before.
Typical applications: Access control
Integration support: Net2 range

[email protected], Contact details: Jacques Bester, [email protected], +27 87 802 2288,
0861 784 357, www.p-tron.com www.reditron.co.za

58 Access & Identity Management Handbook 2019 www.securitysa.com

 ACCESS SELECTION GUIDE

Reditron Regal Distributors SA

Device/solution: MorphoWave Compact Device/solution: PaxLock Pro

Manufacturer/brand name: IDEMIA
Distributors: Reditron
Product description: MorphoWave Compact by IDEMIA allows for ease
of access and quick throughput, making it perfect for high-trafficked
areas like busy offices or industrial sites. Due to its cased, enclosed
nature, the scanner also neutralises any external environmental
factors. Able to scan QR codes, it is perfect for temporal access and
visitor management.
Typical applications: Access control, time and attendance
Integration support: Paxton access control
Contact details: Jacques Bester,
Manufacturer/brand name: Paxton Access
Distributors: Regal Distributors SA
Product description: PaxLock Pro is the latest addition to Paxton’s
range of wireless access control solutions. The design is compatible with
any DIN standard locks for a quick and simple installation. Its smart,
compact appearance and standalone or networked operation means it
can be used in more applications than ever before.
Typical applications: Standalone or networked wireless access control
Integration support: Net2Pro (free), licence-free developer SDK
Contact details: Andrew Levell-Smith,

[email protected], +27 87 802 2288, [email protected], +27 11 553 3300,
www.reditron.co.za www.regalsecurity.co.za

SACO a division of Bidvest Protea Coin Saflec Systems

Device/solution: SACO Workforce Management, SACO Guest,

SACO Anywhere, SACO Workflow
Manufacturer/brand name: SACO a division of Bidvest Protea Coin
Device/solution: SSS-310 Software Solution Packages
Distributors: Bidvest Protea Coin
Manufacturer/brand name: Saflec Systems
Product description: SACO delivers products designed to optimise
Distributors: Saflec Systems
access control and workforce efficiencies and processes through a
Product description: SACS is a user-friendly program designed for the
variety of unified solutions from the SACO stable. Our products
initial configuration and day-to-day maintenance of a site. It has been
provide progressive business intelligence that simplifies decision-
designed with simplicity in mind, however it offers an abundance of
making, reduces turnaround times on operational activities and
features usually only associated with complex BMS solutions at a
improves profitability.
fraction of the cost. Deep integration is available with various biometric
Typical applications: Access control, time and attendance, health and
systems, including the latest fingerprint and facial recognition devices
safety management, asset protection
from IDEMIA, ViRDI and Suprema.
Integration support: Manufacturer proprietary technology, SAP,
Typical applications: Access control, security, time and attendance
Oracle, SAGE, IDEMIA
Integration support: Open database integration, software level
Contact details: Freddy Niehaus, [email protected],
integration on the server
086 123 7226, www.saco.co.za
Contact details: Saflec Systems, [email protected], +27 11 477 4760,
www.saflecsystems.co.za

www.securitysa.com Access & Identity Management Handbook 2019 59

ACCESS SELECTION GUIDE
Saflec Systems
Device/solution: SDC-620 Multiple Door Controller
Manufacturer/brand name: Saflec Systems
Distributors: Saflec Systems
Product description: The SDC-620 replaces the SDC-520 and brings
with it a host of new features and functionalities. It can control up to
eight doors and can be linked with up to 16 SDC door controllers
using a protected RS-485 network. The controller can store up to
1 million tags, 250 000 tag holders, more than 6 million access logs
and 3 million system logs. It also offers 256 powerful offline event/
action combinations.
Typical applications: Access control, security, time and attendance
Integration support: OSDP secure channel compatible, I/O integration,
manufacturer proprietary technology, Wiegand, software level
integration on the server
Contact details: Saflec Systems, [email protected], +27 11 477 4760,
www.saflecsystems.co.za
SALTO Systems
Device/solution: Neo Electronic Cylinder
Manufacturer/brand name: SALTO Systems
Distributors: SALTO Systems, Intertrade Security Distributors
Product description: This all-weather electronic cylinder is fully mobile
capable, featuring Bluetooth Smart and NFC compatibility and permit-
ting operation through Android and Apple devices. The cylinder can be
enabled as an SVN-Flex card updater, allowing any door it is fitted on
to act as a card updater so credentials can be updated all the time and
anywhere.
Typical applications: Online, wireless online and offline access control
on virtually any door combined with mobile access
Integration support: Local and international support is provided
(certified training, technical support, marketing material)
Contact details: Wouter du Toit,
[email protected]
, Contact details: Wouter du Toit,
[email protected]
,
+27 87 701 5858, www.saltosystems.com
60 Access & Identity Management Handbook 2019 www.securitysa.com
Saflec Systems
Device/solution: SDC-650 Multiple Door Controller
Manufacturer/brand name: Saflec Systems
Distributors: Saflec Systems
Product description: The SDC-650 replaces the SDC-550 and brings
with it a host of new features and functionalities. It can control up to
eight doors and can be linked with up to 16 SDC door controllers
using a protected RS-485 network. The controller can store up to
1 million tags, 250 000 tag holders, more than 6 million access logs and
3 million system logs. It also offers 256 powerful offline event/action
combinations.
Typical applications: Access control, security, time and attendance
Integration support: OSDP secure channel compatible, I/O integration,
manufacturer proprietary technology, software level integration on the
server
Contact details: Saflec Systems, [email protected], +27 11 477 4760,
www.saflecsystems.co.za
SALTO Systems
Device/solution: Danalock V3 Motorised Electronic Lock
Manufacturer/brand name: SALTO Systems
Distributors: SALTO Systems, Concept Store
Product description: Danalock V3 fits virtually all existing doors.
Installation is done in a few simple steps, without drilling or working on
the door. The system is set up and managed via an app. Users can thus
use a smartphone to control the door, residents and guests as well as
the house. Communication is wireless and AES 256-bit encrypted.
Typical applications: Residential access control combined with mobile
access
Integration support: Local and international support is provided
(certified training, technical support, marketing material)
+27 87 701 5858, www.saltosystems.com
 ACCESS SELECTION GUIDE

SALTO Systems SALTO Systems

Device/solution: Keys as a Service (KS) Device/solution: SVN-Flex Technology

Manufacturer/brand name: SALTO Systems
Distributors: SALTO Systems, Concept Store
Product description: The Keys as a Service (KS) cloud-based solution
allows real-time access management on the go. Users do not have to
install any software, their system is always up to date and they can easily
integrate with third-party systems via API. Mobile Key technology gives
the ability to open doors through Mobile Key in SALTO KS customers’
mobile app.
Typical applications: Enterprise quality access control for SMEs, retail,
rental properties and shared spaces
Integration support: Local and international support is provided
(certified training, technical support, marketing material)
Contact details: Wouter du Toit,
Manufacturer/brand name: SALTO Systems
Distributors: SALTO Systems, Intertrade Security Distributors
Product description: SALTO’s SVN-Flex technology offers access
management with increased security and more convenience. As
end users do not need extra components like wall readers or door
controllers, spending on hardware is lower. Users do not have to go to
specific doors or locations to update their cards, as any wireless door
can be activated as an SVN-Flex updater.
Typical applications: Online, wireless online and offline access control
on virtually any door combined with mobile access
Integration support: Local and international support is provided
(certified training, technical support, marketing material)

[email protected], Contacts details: Wouter du Toit, [email protected],
+27 87 701 5858, www.saltosystems.com +27 87 701 5858, www.saltosystems.com

Secutel Technologies Suprema

Device/solution:
Xpass Series
Manufacturer/brand
name: Suprema
Distributors: neaMetrics,
ADI Global Distribution,
Elvey, EOH FSS, Gallagher
and various system
integrators
Product description: Ultra-
compact design with PoE
and BLE options. IP65/67
rated for in/outdoor instal-
Device/solution: Access Control Powered by Matrix COMSEC
lation, with IK08 vandal
Manufacturer/brand name: Secutel Technologies
resistance on the D2. S2 and D2 models operate from -35°C to 65°C and
Distributors: Secutel Technologies
feature multi-smartcard reading, including NFC. Mullion or gangbox
Product description: Secutel’s access control solution makes use of
options are available. S2 extras include expanded capacity to 50 000
Matrix COMSEC products to harness the latest technology to provide
user badges and 100 000 event logs.
powerful, easy to install and use solutions. This empowers Secutel
Typical applications: Card based access control, building manage-
to develop systems for the mid-market (education, healthcare, retail
ment systems, CCTV and VMS integration, home, office and production
and public sector) and provide solutions for a wide range of sites and
automation, smart IP door/boom controller
requirements.
Integration support: Developer API, software development integra-
Typical applications: Access control, time and attendance
tion support, open platform Wiegand, RS-485 (OSDP), integrated door
Integration support: Developer API
control, integrated with all major access control manufacturers
Contact details: Danny Pringle, [email protected], +27 10 015 1401,
Contact details: Suprema team, [email protected],
www.secutel.co.za
+27 11 784 3952, www.suprema.co.za

www.securitysa.com Access & Identity Management Handbook 2019 61

ACCESS SELECTION GUIDE

Suprema Turnstar Systems

Device/solution:
BioStar 2
Manufacturer/
brand name: Suprema
Distributors:
neaMetrics, ADI Global Device/solution: Velocity Traffic Barrier
Distribution, Elvey, EOH Manufacturer/brand name:
FSS, Gallagher and Turnstar Systems
various system Distributors: Turnstar Systems
integrators Product description: The Velocity Traffic
Product description: Barrier is an automatic high-speed vehicle
Cloud and web-based barrier fitted with the latest motor drive
open security platform. and control technology. The BLDC motor
Integrate with third- and planetary gearbox offer excellent
party systems, build new applications and functions into BioStar 2 with torque and speed curve characteristics,
web API, device SDK and web inlays. Features cloud implementation and a battery backup system ensures
and updates, auto user synchronisation, auto device discovery, uninterrupted operation in the event of a
anti-passback, fire alarm and BioStar Mobile for Android and iOS. power failure.
Typical applications: Access control, time and attendance, office and Typical applications: Parking lots,
business security shopping malls, office blocks, banks,
Integration support: RESTful web API, device SDK, customised web universities, road closures
inlays, software development integration support Contact details: Scott Davey,
Contact details: Suprema team, [email protected], [email protected], +27 11 786 1633,
+27 11 784 3952, www.suprema.co.za www.turnstar.co.za

Turnstar Systems Turnstar Systems

Device/solution: Citadel Device/solution: Pulse Automatic Special
Security Booth Needs Gate
Manufacturer/brand name: Manufacturer/brand name:
Turnstar Systems Turnstar Systems
Distributors: Turnstar Systems Distributors: Turnstar Systems
Product description: The Product description: The Pulse Automatic
Citadel booth offers a high- Special Needs gate is ideal for unassisted
security solution for any special needs and wheelchair access into
entrance. Fitted with 26 mm a building. The gate is fitted with a heavy
bullet resistant curved and duty BLDC motor and planetary gearbox
flat glass, it offers resistance to and is manufactured from 304 grade
any attempted armed entry. brushed stainless steel. 10 mm toughened
Each curved door is fitted with glass is used for the glass wing. In the
a geared motor which allows event of a collision, the
for access controlled entry and gate auto reverses.
a metal detector with various Typical applications:
sensitivity settings is embedded Office receptions,
in the frame. health clubs,
Typical applications: Banks, universities and
office blocks, data centres anywhere where
Contact details: Scott Davey, unassisted wheelchair
[email protected], access is required
+27 11 786 1633, Contact details: Scott Davey,
www.turnstar.co.za [email protected], +27 11 786 1633,
www.turnstar.co.za

62 Access & Identity Management Handbook 2019 www.securitysa.com

 ACCESS SELECTION GUIDE

Veracitech Veracitech
Device/solution:
XMP-Babylon
Manufacturer/
brand name:
Autec (XMP-Babylon)
Distributors:
Veracitech, Veracitech
Systems Namibia,
Veracitech Engineering
Botswana
Product description:
Powerful, secure, flexible, enterprise level, multi-site access and Device/solution: Traka intelligent key cabinets and locker systems
automation control system. Stable, industrial, intelligent and Manufacturer/brand name: Traka
programmable hardware and software for card readers, door control Distributors: Veracitech, Veracitech Systems Namibia, Veracitech
units and hardware modules used in various applications, such as access Engineering Botswana
automation, time recording, people management, biometrics and Product description: Veracitech is an integration partner and value-
camera control. added reseller for Traka intelligent key cabinets and locker systems.
Typical applications: Access automation, time management, Veracitech has a fully integrated solution for managing Traka systems in
integration, security management the XMP-Bablyon platform, allowing full integration and control of keys
Integration support: Several integration and software/hardware and lockers together with access control and automation.
solutions Typical applications: Key management, lockers, key cabinets, asset
Contact details: Alvin Flaum, [email protected], +27 11 888 7251, lockers, access control, people management, biometrics.
www.veracitech.co.za Integration support: Integration partner for Traka key cabinets and
locker systems on the XMP-Babylon platform.
Contact details: Alvin Flaum, [email protected], +27 11 888 7251,
www.veracitech.co.za

Workforce Management Solutions Workforce Management Solutions

Device/solution:
Gatekeeper Visitor
Management Access
Control System
Manufacturer/brand
name: Workforce
Management Solutions
Distributors: Workforce
Management Solutions
Product description:
Gatekeeper Visitor
Management Access
Device/solution: Janus Keeper Biometric Access Control
Control is a complete
Manufacturer/brand name: Workforce Management Solutions
visitor access control
Distributors: Workforce Management Solutions
system able to integrate
Product description: Janus Keeper Access Control is a complete
with our Janus Keeper
access control system able to integrate with the Gatekeeper visitor
biometric access control
management solution. It includes video management of the access
solution.
control points and transactions, identity management of all people
Typical applications:
going through any controlled points, driver’s licence identification and
Visitor access
licence plate recognition.
control
Typical applications: Access control
Contact details:
Integration support: Integrates with Sigma biometric scanners;
Glenn van der Westhuizen, [email protected], +27 76 571 5944,
GSM based intercom systems
www.workforcemanagementsolutions.co.za
Contact details: Glenn van der Westhuizen, [email protected],
+27 76 571 5944, www.workforcemanagementsolutions.co.za

www.securitysa.com Access & Identity Management Handbook 2019 63

ACCESS SELECTION GUIDE

ZKTeco ZKTeco

Device/solution: ZK-VSCN100 Vehicle Inspection System

Device/solution: UHF 6Pro
Manufacturer/brand name: ZKTeco
Distributors: Regal Distributors SA, Security Warehouse
Product description: UHF 6Pro is a high-performance, long-distance
RFID reader. It is configured with an Impinj R2000 chip and waterproof
casing. It has stable performance, long service life, minimised external
interference and upgraded long reading distance. Therefore, it can be
applied in many remote identification fields.
Typical applications: Access control, entrance control
Integration support: Works with ZKBioSecurity
Contact details: Brent Saaiman,
Manufacturer/brand name: ZKTeco
Distributors: ZKTeco
Product description: ZK-VSCN100 is a portable under-vehicle
inspection system, used to inspect a vehicle’s undercarriage. When a
vehicle passes, the system can quickly recognise the licence plate and
generate a high definition image of its undercarriage, which will be
recorded in the computer. The system can quickly and accurately
identify suspicious objects.
Typical applications: Access control, entrance control
Integration support: Standalone, works with ZKBioSecurity

[email protected], +27 12 259 1047, Contact details: Brent Saaiman, [email protected], +27 12 259 1047,
www.zkteco.co.za www.zkteco.co.za

ZKTeco ZKTeco
Device/solution: LPRS 2000 Hybrid
Identification Vehicle Management
Terminal
Manufacturer/brand name: ZKTeco
Distributors: Regal Distributors SA,
Security Warehouse
Product description: The LPRS2000
is a hybrid identification vehicle
management terminal that adopts
multiple recognition modes for
long-range RFID and licence plate
recognition. It combines the latest
developed high-performance UHF
reader to ensure that the capture rate
Device/solution: C5S-Series IP-based Door Access Control Panel and recognition accuracy of fixed
Manufacturer/brand name: ZKTeco vehicles are up to 100%.
Distributors: Regal Distributors SA, Security Warehouse Typical applications: Access control,
Product description: The C5S supports all card readers, such as the entrance control
ZK KR-series; Wiegand readers and RS-485 card readers; HID Prox, Integration support: Standalone,
iClass and XceedID multi-card technology. It offers users more than works with ZKBioSecurity
access control: After programming, auxiliary relays can interface with Contact details: Brent Saaiman,
lights, alarms and intrusion detection panels. There is a case protecting [email protected], +27 12 259 1047,
the C5S controller. www.zkteco.co.za
Typical applications: Access control, entrance control
Integration support: Works with ZKBioSecurity
Contact details: Brent Saaiman, [email protected], +27 12 259 1047,
www.zkteco.co.za

64 Access & Identity Management Handbook 2019 www.securitysa.com

BIOMETRICS SELECTION GUIDE
BIOMETRICS SELECTION GUIDE

Access and Beyond Boomgate Systems

Device/solution: Morpho 3D
Face Reader
Manufacturer/brand name:
IDEMIA
Distributors: Access and
Beyond
Biometric technology: Facial
Product description: By
analysing the three-dimensional
structure of the subject’s face,
the reader achieves extremely
accurate matching while
ensuring high throughput.
Companies can enhance the Device/solution: Hurricane Mantrap Turnstile
look of their corporate reception Manufacturer/brand name: Boomgate Systems
areas and secure access points Distributors: Boomgate Systems
with the terminal’s sleek, stylish Biometric technology: Fingerprint, facial, retinal, iris
design. Acquisition is hands- Product description: The Hurricane Single Biometric Reader Mantrap
free and contactless, ideal for full-height turnstile is manufactured in South Africa. The turnstile is
environments requiring gloves designed to handle high volumes of traffic and is 100% duty rated. The
or where there are hygiene turnstile can interface with any biometric reader system, any other card
concerns. reader system or breathalyser. The turnstile mechanism comes with a 15
Typical applications: Access year warranty.
control in sensitive environments Typical applications: High-security access control
with special requirements Integration support: Integrates with any existing access control
Contact details: Christo Myburgh, [email protected], Contact details: Andre Rossouw, [email protected],
+27 31 263 1487, www.accessandbeyond.com +27 11 674 4441, www.boomgatesystems.co.za

ET Nice IDEMIA

Device/solution: MorphoWave Compact by IDEMIA

Device/solution: Accentronix /ET Nice Infinity & Nano GSM
Manufacturer/brand name: ET Nice & Accentronix
Distributors: Regal Distributors, Stafix, IDS, Elvey
Biometric technology: GSM and transmitter management solution
Product description: Take control of your world, now from anywhere
in the world, with our smart online management solution to seamlessly
integrate traditional remote transmitters with GSM.
Typical applications: Access automation
Integration support: Smart online transmitter management.
Contact details: Gerald Kirsten,
Manufacturer/brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint
Product description: The MorphoWave Compact captures and matches
four fingerprints on either the right or left hand in any direction. It is
immune to environmental factors such as extreme light or dust. The
patented touchless sensor technology ensures the most accurate and
reliable fingerprint matching for maximum security, which also copes
with wet and dry fingers.
Typical applications: Access control, time and attendance, contactless
Integration support: System integration and MorphoManager
(BioBridge)

[email protected], +27 21 404 8000, Contact details: Chelesile Moya, [email protected]
www.niceforyou.com/za +27 11 601 5500, www.idemia.com

66 Access & Identity Management Handbook 2019 www.securitysa.com

 BIOMETRICS SELECTION GUIDE

IDEMIA IDEMIA

Device/solution: MorphoAccess Sigma

Manufacturer/brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint
Product description: The MA Sigma is a newly launched multiple
recognition (NFC chip reader, PIN and BioPIN codes, contactless card
reader) touchscreen device. It has a modern glossy black design with
features designed for market needs and requirements, and brings
enhanced security and accuracy (FBI PIV IQS certified optical sensor).
Typical applications: Access control; time and attendance
Integration support: System integration
Contact details: Chelesile Moya,
Device/solution: MorphoSmart Optical 300 Series
Manufacturer/brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint
Product description: The MSO300 Series is a family of high-end USB
optical sensors. It is based on Morpho’s 25-year experience in the field of
electro-optics and forensic quality fingerprint processing algorithms.
Typical applications: Enrolment
Integration support: System integration

[email protected], Contact details: Chelesile Moya, [email protected],
+27 11 601 5500, www.idemia.com +27 11 601 5500, www.idemia.com

IDEMIA IDEMIA
Device/solution: MorphoWave
Manufacturer/brand name:
MorphoAccess by IDEMIA
Distributors: Ideco Biometric
Security Solutions, Gallagher
Security, EOH, Impro
Technologies
Biometric technology:
Fingerprint
Product description:
MorphoWave is the world’s
first biometric access solution
to capture and match four
Device/solution: Morpho Smart optical 1300 Series fingerprints with a single hand
Manufacturer/brand name: MorphoAccess by IDEMIA movement. It implements a
Distributors: Ideco Biometric Security Solutions, Gallagher Security, patented, truly contactless
EOH, Impro Technologies technology that not only
Biometric technology: Fingerprint acquires extremely accurate
Product description: The MSO 1300 (USB) has been designed to address fingerprint data but also over-
the needs of logical access control to highly secure PC applications in comes the challenges wet/dry
industrial, corporate and governmental environments. The MSO 1300 fingers and latent prints pose to
Series is based on a fast and cost effective optical sensor and has an conventional scanning systems.
embedded storage capacity of up to 5 000 users (10 000 templates). Typical applications: Access
Typical applications: Enrolment control, time and attendance, contactless
Integration support: System integration Integration support: System integration
Contact details: Chelesile Moya, [email protected], Contact details: Chelesile Moya, [email protected],
+27 11 601 5500, www.idemia.com +27 11 601 5500, www.idemia.com

www.securitysa.com Access & Identity Management Handbook 2019 67

BIOMETRICS SELECTION GUIDE

IDEMIA IDEMIA
Device/solution: Morpho 3-D
Face Reader
Manufacturer/brand name:
MorphoAccess by IDEMIA
Distributors: Ideco Biometric
Security Solutions, Gallagher
Security, EOH, Impro Technologies
Biometric technology: Face
Product description: These
3D facial recognition terminals
are ideal for environments that
Device/solution: MorphoTablet 2
require gloves or where hygiene
Manufacturer/ brand name: MorphoAccess by IDEMIA
is a concern. 3D geometry of the
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
face is calculated with over 40 000
EOH, Impro Technologies
points for enrolment and identi-
Biometric technology: Fingerprint
fication, providing a high-speed,
Product description: The MorphoTablet 2 is an 8-inch touchscreen
hands-free access solution.
tablet with an incorporated FBI PIV IQS and STQC certified optical
Typical applications: Access
fingerprint sensor. The device offers signature capture, contactless
control, enrolment, identification,
smart card and a 13 megapixel camera with dual LED for face capture.
time and attendance
The slim, sleek device operates on 4G, Wi-Fi and Bluetooth, and
Integration support:
weighs a mere 545 grams.
System integration
Typical applications: Access control, time and attendance, KYC, data
Contact details: Chelesile Moya,
capture and other processes
[email protected], +27 11 601 5500,
Integration support: SDK available
www.idemia.com
Contact details: Chelesile Moya, [email protected],
+27 11 601 5500, www.idemia.com

IDEMIA IDEMIA

Device/solution: MorphoAccess VP Series Device/solution: MorphoSmart FingerVP Series

Manufacturer/brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint, vein
Product description: The MA-VP Series is an access control device
available as MA-VP Bio (fingerprint/vein only) or MA-VP Dual
(fingerprint/vein + Mifare/ Desfire cards). It can store up to 10 000
users (20 000 templates), and is IP65 rated and suited for indoor and
outdoor use.
Typical applications: Access control
Integration support: System integration
Contact details: Chelesile Moya,
Manufacturer/brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint, vein
Product description: The MSO FVP is an FBI PIV IQS certified USB
biometric reader using the latest technologies. It simultaneously
captures fingerprint as well as vein templates, and combines
the best of both templates to ensure the highest security and the
best possible performance.
Typical applications: Enrolment
Integration support: System integration

[email protected], Contact details: Chelesile Moya, [email protected],
+27 11 601 5500, www.idemia.com +27 11 601 5500, www.idemia.com

68 Access & Identity Management Handbook 2019 www.securitysa.com

 BIOMETRICS SELECTION GUIDE

IDEMIA IDEMIA
Device/solution: MorphoAccess
Sigma Extreme
Manufacturer/brand name:
MorphoAccess by IDEMIA
Distributors: Ideco Biometric
Security Solutions, Gallagher
Security, EOH, Impro Technologies
Biometric technology:
Fingerprint
Product description: The
MorphoAccess Sigma Extreme is a
Device/solution: MorphoAccess Sigma Lite + touchscreen device with multiple
Manufacturer/brand name: MorphoAccess by IDEMIA recognition interfaces (NFC chip
Distributors: Ideco Biometric Security Solutions, Gallagher Security, reader, PIN and BioPIN codes,
EOH, Impro Technologies contactless card readers). It has a
Biometric technology: Fingerprint modern glossy black design with
Product description: MorphoAccess Sigma Lite + is a slim, sleek and features designed for market
powerful fingerprint access control terminal. It offers time and attendance needs and requirements, and
in and out function keys and enhanced interactivity via a 2,8-inch QVGA delivers enhanced security and
colour touchscreen. The embedded web server enables on-device accuracy through an FBI PIV IQS
enrolment, terminal configuration and transaction log retrieval. This certified optical sensor.
device can perform 1:10 000 user identification in 1 second, and offers Typical applications: Access
a high capacity of up to 10 000 users (30 000 templates). control; time and attendance
Typical applications: Access control, time and attendance Integration support: SDK Thrift, Wiegand, MorphoManager (BioBridge)
Integration support: SDK, Thrift, Wiegand, MorphoManager (BioBridge) Contact details: Chelesile Moya, [email protected],
Contact details: Chelesile Moya, [email protected], +27 11 601 5500, www.idemia.com
+27 11 601 5500, www.idemia.com

IDEMIA iPulse Systems

Device/solution: MorphoAccess Sigma Lite Device/solution: iPB7 Biometric Reader

Manufacturer/ brand name: MorphoAccess by IDEMIA
Distributors: Ideco Biometric Security Solutions, Gallagher Security,
EOH, Impro Technologies
Biometric technology: Fingerprint
Product description: MorphoAccess Sigma Lite is a slim, sleek and
powerful fingerprint access control terminal which can perform 1:10 000
user identification in 1 second. Offering a high capacity of 10 000 users
(30 000 templates), it is designed to fit narrow mounting surfaces such
as glass/aluminium door mullions, turnstiles or server rack doors.
Typical applications: Access control
Integration support: SDK, Thrift, Wiegand, MorphoManager (BioBridge)
Contact details: Chelesile Moya,
Manufacturer/brand name: iPulse Systems
Distributors: iPulse Systems
Biometric technology: Fingerprint, multi-format card reader (optional)
Product description: The iPB7 is a world-class device with technology
far ahead of most of its competitors. The iPB7 is one of the most power-
ful, tough and cost effective biometric devices available in the world.
IP65 rated, with 10 000:1 print matching as standard, and with powerful
IntelliRelay included, the iPB7 is the most affordable biometric device in
its class.
Typical applications: Access control, workforce management
Integration support: Full secured API framework

[email protected], Contact details: Sales team, [email protected], 0860 478 573,
+27 11 601 5500, www.idemia.com www.ipulsesystems.com

www.securitysa.com Access & Identity Management Handbook 2019 69

BIOMETRICS SELECTION GUIDE

Powell Tronics Powell Tronics

Device/solution: PT-Rollcall
Manufacturer/brand name: Powell Tronics
Device/solution: ATOM
Distributors: Powell Tronics
Manufacturer/brand name: Powell Tronics
Biometric technology: Fingerprint
Distributors: Powell Tronics
Product description: For use in education facilities as an electronic
Biometric technology: Fingerprint
examination register, PT-Rollcall offers biometric enrolment integration
Product description: ATOM is a web-based time and attendance
with the education facility’s examination system, so exam invigilators
system that is fully scalable to suit just about every time management
can verify the student’s identity on a portable biometric device.
application. ATOM supports both static and mobile enrolment for staff
It provides a live dashboard, students expected vs. present and
or employees clocking either onsite or in remote areas. It is a local
various management reports.
product with local development and support.
Typical applications: Student exam and classroom attendance
Typical applications: Time and attendance
Integration support: Impro Portal, IDEMIA/Morpho, CCTV
Integration support: Impro, IDEMIA
Contact details: Mike Austen, [email protected],
Contact details: Mike Austen, [email protected],
0861 784 357, www.p-tron.com
0861 784 357, www.p-tron.com

Regal Distributors SA Regal Distributors SA

Device/solution: LK171 / F22 Device/solution: LK353 /
Manufacturer/brand name: AC5000Plus
ZKTeco Manufacturer/brand name: ViRDI
Distributors: Regal Distributors Distributors: Regal Distributors SA
SA Biometric technology: Fingerprint
Biometric technology: Product description: The
Fingerprint AC5000Plus is a mid-range
Product description: The F22 biometric terminal complete with
is a compact unit offering an either a 125 kHz or 13,56 MHz
affordable, feature-packed cardreader and keypad. The IP65
solution to the African market. rated unit is perfect for outdoor
This unit not only offers the installations. The AC5000Plus
latest SilkID sensor with liveness offers the latest algorithm
detection, but also RFID and from ViRDI with live/fake
keypad functions as standard. finger detection.
Typical applications: Typical applications: Access
Standalone or networked control, time and attendance
access control Integration support: UNiS4,
Integration support: Paxton, HikVision
ZKAccess3.5 Contact details: Andrew Levell-Smith,
Contact details: Andrew Levell-Smith, [email protected], +27 11 553 3300,
[email protected], +27 11 553 3300, www.regalsecurity.co.za
www.regalsecurity.co.za

70 Access & Identity Management Handbook 2019 www.securitysa.com

 BIOMETRICS SELECTION GUIDE

Regal Distributors SA SACO a division of Bidvest Protea Coin

Device/solution: AC2100Plus
Manufacturer/brand name: ViRDI
Distributors: Regal Distributors SA
Biometric technology: Fingerprint
Product description: The AC2000Plus
is a mid-range biometric terminal
complete with either a 125 kHz or
13,56 MHz card reader and is mobile Device/solution: SACO Workforce Management, SACO Guest, SACO
card capable. The IP65 rated unit is Anywhere, SACO Workflow
perfect for outdoor installations. Manufacturer/brand name: SACO a division of Bidvest Protea Coin
The AC2000Plus offers the latest Distributors: Bidvest Protea Coin
algorithm from ViRDI with live/fake Biometric technology: Fingerprint
finger detection. Product description: SACO delivers products designed to optimise
Typical applications: Access control, workforce efficiencies and processes through a variety of unified
time and attendance, standalone, solutions from the SACO stable. Our products provide progressive
networked, outdoor business intelligence that simplifies decision-making, reduces turn-
Integration support: HikVision, around times on operational activities and improves profitability.
Paxton, UNiS4 Typical applications: Access control, time and attendance, health
Contact details: Andrew Levell-Smith, and safety management, asset protection
[email protected], Integration support: Manufacturer proprietary technology, SAP,
+27 11 553 3300, Oracle, SAGE, IDEMIA
www.regalsecurity.co.za Contact details: Freddy Niehaus, [email protected],
086 123 7226, www.saco.co.za

Secutel Technologies Suprema

Device/solution:
FaceStation 2
Manufacturer/brand
name: Suprema
Distributors:
neaMetrics, ADI Global
Distribution, Elvey, EOH
FSS, Gallagher and
various system
integrators
Biometric technology:
Facial
Product description:
Suprema’s state-of-the-art FaceStation 2 offers high-speed face
Device/solution: Biometric-enabled access control
matching, live face detection, wide touchscreen, Mifare/Desfire RFID,
Manufacturer/brand name: Secutel Technologies
videophone interface and embedded web server. It offers an improved
Distributors: Secutel Technologies
height range and greater operating illuminance of up to 25 000 lux.
Biometric technology: Fingerprint
Maximum of 30 000 users, 50 000 image logs and 5 million text logs.
Product description: Secutel’s access control solution uses advanced
Typical applications: Access control, time and attendance, building
multispectral sensors to read the surface/subsurface of a finger, giving
management systems, CCTV and VMS integration, home, office and
a clear, strong image. It also reads the subsurface layer even if the
production automation
surface layer is not readable due to fingers being dirty/oily. It
Integration support: Developer API, software development
outperforms other fingerprint sensors and offers robust and reliable
integration support, open platform Wiegand, RS-485 (OSDP),
information of the user.
integrated door control, integrated with all major access
Typical applications: Access control, time and attendance
control manufacturers
Integration support: Developer API
Contact details: Suprema team, [email protected]
Contact details: Danny Pringle, [email protected], +27 10 015 1401,
+27 11 784 3952, www.suprema.co.za
www.secutel.co.za

www.securitysa.com Access & Identity Management Handbook 2019 71

BIOMETRICS SELECTION GUIDE

Suprema Suprema
Device/solution: BioStation L2
Manufacturer/brand name:
Suprema
Distributors: neaMetrics, ADI Global
Distribution, Elvey, EOH FSS, Gallagher
and various system integrators
Biometric technology: Fingerprint
Product description: Essential access
Device/solution: BioStation A2 control and time and attendance
Manufacturer/brand name: Suprema terminal with live finger detection,
Distributors: neaMetrics, ADI Global Distribution, Elvey, EOH FSS, fast data transfer speed, enhanced
Gallagher and various system integrators image processing and quick finger-
Biometric technology: Fingerprint print authentication (1:150 000/
Product description: Premium access control and time and attendance second). It supports fingerprint, RFID
terminal with live finger detection. Features RFID and PIN with a wide- and PIN, and features a 2-inch colour
angle camera with face detection, videophone interface and touch- LCD and programmable function keys.
screen LCD. Maximum users: 500 000(1:1), 100 000(1:N) and 5 million Maximum users: 500 000(1:1),
text logs. Interfaces: TCP/IP, Wi-Fi, PoE, RS-485 and Wiegand. Extensive RF 100 000(1:N).
card options supported. Typical applications: Access control, time and attendance, building
Typical applications: Access control, time and attendance, building management systems, CCTV and VMS integration, home, office and
management systems, CCTV and VMS integration, home, office and production automation
production automation Integration support: Developer API, software development
Integration support: Developer API, software development integra- integration support, open platform Wiegand, RS-485 (OSDP),
tion support, open platform Wiegand, RS-485 (OSDP), integrated door integrated door control, integrated with all major access
control, integrated with all major access control manufacturers control manufacturers
Contact details: Suprema team, [email protected] Contact details: Suprema team, [email protected]
+27 11 784 3952, www.suprema.co.za +27 11 784 3952, www.suprema.co.za

Suprema Suprema
Device/solution: Device/solution: BioLite N2
BioStation 2 Manufacturer/brand name:
Manufacturer/brand Suprema
name: Suprema Distributors: neaMetrics, ADI
Distributors: neaMetrics, Global Distribution, Elvey,
ADI Global Distribution, EOH FSS, Gallagher and
Elvey, EOH FSS, various system integrators
Gallagher and various Biometric technology:
system integrators Fingerprint
Biometric technology: Product description: Packed
Fingerprint in a rugged IP67 housing, N2
Product description: is perfect for outdoor/indoor
Latest Suprema technology in beautiful exterior with massive installations. It supports time
memory. Maximum users of 500 000(1:1), 20 000(1:N) and and attendance and access
3 million logs. Features interactive colour UI, instant matching control for 10 000 users, features
and authentication (20 000/sec), IP65 rating for in/outdoors, multi-class RFID reading technology, BLE and
built-in Wi-Fi, PoE and rapid data transfer (5 000/min). NFC for mobile fingerprint credentials, and operates
Interfaces: TCP/IP, RS-485, RS-232, USB and Wiegand. from -20°C to 50°C. Interfaces: TCP/IP, RS-485 and Wiegand.
Typical applications: Access control, building management FBI certified model available.
systems, CCTV and VMS integration, home, office and production Typical applications: Access control, time and attendance, building
automation, high-end security applications management systems, CCTV and VMS integration, home, office and
Integration support: Developer API, software development production automation
integration support, open platform Wiegand, RS-485 (OSDP), Integration support: Developer API, software development
integrated door control, integrated with all major access control integration support, open platform Wiegand, RS-485 (OSDP), integrated
manufacturers door control, integrated with all major access control manufacturers
Contact details: Suprema team, [email protected] Contact details: Suprema team, [email protected]
+27 11 784 3952, www.suprema.co.za +27 11 784 3952, www.suprema.co.za

72 Access & Identity Management Handbook 2019 www.securitysa.com

 BIOMETRICS SELECTION GUIDE

Suprema Suprema

Device/solution: BioLite Net

Manufacturer/brand name: Suprema
Distributors: neaMetrics, ADI Global Distribution, Elvey, EOH FSS,
Gallagher and various system integrators
Biometric technology: Fingerprint
Product description: IP fingerprint terminal with IP65 rated housing,
for outdoor or indoor installations. Supports full time and attendance
and access control for up to 5 000 users. Features illuminated keypad,
LCD backlight and LED indicator, integrated RFID and offers secure
door control and I/O expansion. Card options: EM, Mifare/Desfire.
BioStar 1 & 2 compatible.
Typical applications: Access control, time and attendance, building
management systems, CCTV and VMS integration, home, office and
production automation
Integration support: Developer API, software development
integration support, open platform Wiegand, RS-485 (OSDP), integrated
door control, integrated with all major access control manufacturers
Contact details: Suprema team,
Device/solution: CoreStation
Manufacturer/brand name: Suprema
Distributors: neaMetrics, ADI Global Distribution, Elvey, EOH FSS,
Gallagher and various system integrators
Biometric technology: Fingerprint
Product description: A secure intelligent door controller that provides
the advantages of biometric-enabled security over a centralised access
control system. It features a multiport interface for fingerprint/RF
readers and supports locks, sensors, RTE and alarm devices. It handles
up to 500 000 users with a matching speed of up to 400 000 matches/
second.
Typical applications: Access control, time and attendance, building
management systems, CCTV and VMS integration, centralised solutions
Integration support: Developer API, software development integration
support, open platform Wiegand, RS-485 (OSDP), integrated door control,
integrated with all major access control manufacturers

[email protected] Contact details: Suprema team, [email protected]
+27 11 784 3952, www.suprema.co.za +27 11 784 3952, www.suprema.co.za

Suprema Suprema
Device/solution: BioEntry
Series
Manufacturer/brand name:
Suprema
Distributors: neaMetrics, ADI
Global Distribution, Elvey, EOH
FSS, Gallagher and various
system integrators
Biometric technology: Device/solution: BioMini Series
Fingerprint Manufacturer/brand name: Suprema
Product description: Packed Distributors: neaMetrics, ADI Global Distributors, Elvey, EOH FSS,
in a slim, mullion-type design, Gallagher and various system integrators
BioEntry Series provides high- Biometric technology: Fingerprint
definition fingerprint image Product description: Range of 500 dpi optical fingerprint sensors with
capture, minutiae extraction scratch-free surface, highspeed USB 2.0 interface and award-winning
and RF card reading capability. W2 offers IK09 vandal-resistant algorithm. BioMini Plus 2, Slim 2 and Combo feature live finger
housing with IP67 rating plus PoE and live finger detection. detection and FBI PIV/FIPS201 and mobile ID FAP certification. All
R2 (designed exclusively for centralised access control systems) models can operate in direct sunlight and the Combo has contact
and P2 make use of OSDP and NFC. and contactless card readers.
Typical applications: Access control, building management systems, Typical applications: Civil and criminal identification, fingerprint
CCTV and VMS integration, home, office and production automation enrolment, biometric identity systems, application user security and
Integration support: Developer API, software development Single Sign-on (SSO), time and attendance
integration support, open platform Wiegand, RS-485 (OSDP), Integration support: Developer API, SDK for Windows and Linux, and
integrated door control, integrated with all major access for Android, software development integration support, customised
control manufacturers solution development, OEM options for hardware integration
Contact details: Suprema team, [email protected] Contact details: Suprema team, [email protected]
+27 11 784 3952, www.suprema.co.za +27 11 784 3952, www.suprema.co.za

www.securitysa.com Access & Identity Management Handbook 2019 73

BIOMETRICS SELECTION GUIDE

Suprema Suprema

Device/solution: BioRugged Series

Device/solution: SFM OEM Modules
Manufacturer/brand name: Suprema
Distributors: neaMetrics
Biometric technology: Fingerprint
Product description: Suprema’s range of fingerprint modules with
SDK for easy integration into hardware solutions requiring biometric
authentication. Various options available with features including live
finger detection, multi-dynamic range technology for operation in direct
sunlight, FBI PIV and mobile ID FAP certification, and automatic finger
placement detection.
Typical applications: Hardware manufacturing, custom time and
attendance and access terminals, POS, ATM, cash deposit boxes and
vending, vehicle ignition, manufacturing control equipment, any
custom hardware requiring fingerprint
Integration support: Developer API, software development
integration support, customised solution development
Contact details: Suprema team,
Manufacturer/brand name: BioRugged
Distributors: neaMetrics
Biometric technology: Fingerprint, facial, iris, voice
Product description: Rugged mobile Android terminals customisable
to include barcode scanning, card reading, RFID, NFC, etc. BioRugged
Ruggbo 20 series and BioWolf LE and 8N terminals have Suprema
SFU-S21 fingerprint scanners integrated into them with live finger
detection and FBI PIV and FAP20 certification for any form of
mobile identity applications.
Typical applications: Government ID, voter registration, census, mobile
policing, remote identification, workforce management, mobile time
and attendance, healthcare, banking, SIM registration, logistics and
warehouse management
Integration support: Developer API, software development integration
support, customised solution development, integrated with major civil
and criminal solution providers, integration into BioStar 2 for mobile
time and attendance

[email protected] Contact details: BioRugged team, [email protected],
+27 11 784 3952, www.suprema.co.za +27 87 073 5820, www.biorugged.com

Suprema Veracitech
Device/solution:
RealScan Series
Manufacturer/brand
name: Suprema
Distributors:
neaMetrics
Biometric
technology:
Fingerprint, palm
Product description:
FBI certified and AFIS Device/solution: Morpho Wave & Sigma family
compliant live scanners Manufacturer/brand name: IDEMIA
with options for single or 10 print flats, rolls, 4 finger slaps and palm. Distributors: Veracitech, Veracitech Systems Namibia,
500 dpi greyscale images, high-quality image capturing with halo Veracitech Engineering Botswana
effect and ghost image elimination, wet or dry fingers, automated Biometric technology: Fingerprint, facial, hand
image quality check and WSQ image compression. Robust, ideal for Product description: Veracitech is an integration partner and value-
static and mobile operations. added reseller for IDEMIA (Sagem/Morpho) biometric terminals.
Typical applications: National ID, immigration and border control, Veracitech offer seamless, fully integrated template enrolment, template
criminal applications (police), civil identification, high-speed distribution, card and card-less terminal/reader usage on the XMP-
fingerprint capturing Babylon platform. The company has successfully integrated the new
Integration support: Developer API, software development MorphoWave terminal.
integration support, customised solution development, integrated Typical applications: Access control, identity management, people
with major civil and criminal solution providers management, time management, biometrics
Contact details: Suprema team, [email protected] Integration support: Integration partner for IDEMIA’s Sagem and
+27 11 784 3952, www.suprema.co.za Morpho products on the XMP-Babylon platform
Contact details: Alvin Flaum, [email protected],
+27 11 888 7251, www.veracitech.co.za

74 Access & Identity Management Handbook 2019 www.securitysa.com

 BIOMETRICS SELECTION GUIDE

ZKTeco ZKTeco
Device/solution:
ZM100 Smart Lock
Manufacturer/brand name:
ZKTeco
Distributors: Regal Distributors SA,
Security Warehouse,
MiRO Distribution, Africlocks,
ERS Biometrics
Biometric technology:
Fingerprint, facial
Product description: The ZM100
smart lock with hybrid biometric
Device/solution: iClock 680 Biometric Fingerprint Reader recognition technology provides
Manufacturer/brand name: ZKTeco a safe and high-security method
Distributors: Regal Distributors SA, Security Warehouse, MiRO of unlocking. It features facial
Distribution, Africlocks, ERS Biometrics and fingerprint recognition, a
Biometric technology: Fingerprint reversible design to suit all door
Product description: iClock 680 is a biometric fingerprint reader for opening directions, and a
time and attendance and access control applications. It adopts a rechargeable lithium battery.
brand-new firmware and provides an unprecedented user experience Typical applications: Access
with stunning GUI, rock-solid stability, fast matching speed and control
expandability. It also supports data backup and retrieve to avoid the risk Integration support: Standalone,
of accidental deletion. works with ZKBioSecurity
Typical applications: Access control, time and attendance Contact details: Brent Saaiman,
Integration support: Standalone, works with ZKBioSecurity. [email protected], +27 12 259 1047,
Contact details: Brent Saaiman, [email protected], +27 12 259 1047, www.zkteco.co.za
www.zkteco.co.za

ZKTeco ZKTeco

Device/solution: PFace202 Time and Attendance and

Access Control Terminal
Manufacturer/brand name: ZKTeco
Distributors: Regal Distributors SA, Security Warehouse, MiRO
Distribution, Africlocks, ERS Biometrics
Biometric technology: Fingerprint, facial, palm vein
Product description: The PFace202 multi-biometric time and
attendance and access control terminal supports up to 600 palm
templates, 1 200 face templates, 2 000 fingerprint templates and
10 000 cards (optional). With ZKTeco’s latest hardware platform and
ZKFace, ZKFinger and ZKPalmVein algorithms, it offers a brand new
UI and user-friendly operating interface.
Typical applications: Access control, time and attendance
Integration support: Standalone, works with ZKBioSecurity
Contact details: Brent Saaiman,
Device/solution: ZK9500 Optical Fingerprint Scanner
Manufacturer/brand name: ZKTeco
Distributors: Regal Distributors SA, Security Warehouse, MiRO
Distribution, Africlocks, ERS Biometrics
Biometric technology: Fingerprint
Product description: The ZK9500 supports finger detection and
captures fingerprint images fast and with high resolution. The product
is easy to use for registering fingerprints on a desktop. Featuring low
power consumption, it is suitable for applications on Android tablets
and mobile phones. ZKTeco provides SDKs for customers to develop
their own applications.
Typical applications: Time and attendance
Integration support: Standalone, works with ZKBioSecurity

[email protected], +27 12 259 1047, Contact details: Brent Saaiman, [email protected], +27 12 259 1047,
www.zkteco.co.za www.zkteco.co.za

www.securitysa.com Access & Identity Management Handbook 2019 75

ACCESS CONTROL
Key components of access control
What are the key components in a modern access control system?
Access control was a growth market
worldwide over the past year, posting
healthier growth than surveillance, although
the surveillance market is much larger in
terms of revenues. The reason for the growth,
or one of them at least, is that access control
is no longer simply opening and closing a
door.
Today, selling readers and cards is a
margin game with lots of competition. On
the other hand, just buying access control
is a budget game and if all you’re buying is
getting people in and out the door then why
bother going for a brand when there are
plenty of cheaper alternatives.
The question is, is opening and closing
doors all you should be looking at when
selling or buying access control today? Hi-Tech
Security Solutions approached Dan Drayton,
international sales manager at Paxton Access,
for some insights into what matters in access
control decisions.
Starting at the beginning, we asked what
companies looking to purchase a new or
upgrade an existing access infrastructure
should be considering before signing on the
dotted line.
76 Access & Identity Management Handbook 2019 www.securitysa.com
“When thinking about implementing
or upgrading an access control solution
there are a few key elements to consider,”
Drayton answers. “In essence, access control
Dan Drayton.
is intelligently opening and closing doors,
but this should be done based on how you
want people to flow through your building.
This can be as simple as setting specific times
when doors are permanently open or locked
based on factors such as risk and busy or
quiet periods.
“Critically important is the simplicity
of the software. Operators of an access
control system can frequently change so the
administration of the system must be simple
and intuitive. Regulatory awareness, such as
utilising access control on fire and escape
routes, must comply with regulations.”
Finally, he says consideration should be
given to system quality, post-sales support
and warranties. Access control is a critical
component of building security, however
faults or issues with the system can cause
huge disruption for building users.
Integration is a must
In addition to the above, Drayton also
believes buyers should consider additional
functionality and features that could be better
suited to their specific situations. In Paxton’s
case, “Our product range covers wireless and
 ACCESS CONTROL

wired IP access control, including IP video intercoms, so clients

can have a fully integrated access control solution from a single
vendor, without any licence fees (Paxton has removed all licence
fees from its product offerings for life). Our system and software
are widely recognised as the simplest to install, commission
and operate, and come with a hassle-free five-year swop out
warranty.”
Similarly, the ability for access systems to integrate with
other brands as well as other security systems (and even IoT
systems), is as important. Paxton has recently noted an increase
in requests for integration between biometric readers from one
brand and the access control backbone from another.
Drayton adds that it is useful for surveillance and access
control to work in harmony, enabling alarms and alerts from
access control to be matched to the visual evidence. “Intelligent
buildings are, without question, the future of our industry where
all building services work in harmony, with little interaction
from the user. This can be achieved in many ways that provide
different benefits to the user, so it’s important that consumers
have a clear idea on what they want from their system to get the
most from it.”
This extends to selecting a system and provider that can
adapt with the user as needs change. Users should look to work
with companies that are investing in technology and bringing
it to market, providing confidence that whatever type of access
control is required can be catered for.

Managing your identities

Arguably, the most important part of an access solution is the
database that contains the people and permissions assigned to
them in terms of where and what they can access. The process to
follow in setting up and maintaining this database differs when
smaller companies are compared to large enterprises, however,
the key is to have a single, accurate and reliable source of access
and identity information.
“Access control systems, like most other technology, are
only as good as the quality of information they contain,” notes
Drayton. “A company’s HR database is quite straightforward to
integrate into an access control system in order to add/delete
users and administer privileges. In smaller organisations, it is
common to have the access control database as a standalone
hub of information. This is where software simplicity is critical,
removing barriers to administrators, keeping all user data up to
date to minimise risk.
“Paxton Access is a manufacturer of IP access control and
video door intercom systems,” states Drayton. “Unique to South
Africa, we have a no licence fee approach to our software for
the life of the installation. Paxton trains more than 500 people
each year in South Africa, free of charge, to specify, install and
commission our systems. This ensures installers have all the
tools needed to provide excellent service and solutions to the
end user. We also have free phone after sales support service
backed up by our hassle free, five-year, swap out warranty for all
products.”

For more information, contact Paxton, +27 21 427 6691,

[email protected], www.paxtonaccess.co.za.

www.securitysa.com Access & Identity Management Handbook 2019 77

ACCESS CONTROL
The right access decisions
By Andrew Seldon.
Making the right access control decision depends on what you want secured
and how secure it should be.
We all want our access control to be the best
and most secure, until we see the price tag. In
the real world, companies all too often select
their access control solutions based on what
fits the budget rather than the requirements of
the business.
This is understandable to a degree given the
broad selection of different product available, as
well as the different price points and quality of
products out there. But what should companies
be doing to ensure they have the right products,
with the right performance in the right places?
Moreover, what solutions are there to choose
from and where would they fit in optimally?
Hi-Tech Security Solutions asked Impro’s MD,
Mike Shipton what he sees in the access control
market today and for his advice to those looking
for new or upgraded access solutions.
One general trend in access control is that of
longevity. People are not inclined to renew their
access installations every three to five years.
There are many examples of companies using
their access control systems successfully for a
decade or two. While this makes for pleasant
budgets, it does make integrating newer
technologies harder – a fact some companies
like Impro have focused on in expanding their
businesses.
Shipton notes that there are still a large
number of companies using legacy systems
78 Access & Identity Management Handbook 2019 www.securitysa.com
today. “This is partly attributed to the system still
meeting their needs, but also due to the capital
investment required to upgrade or replace.
This is an area we [Impro] have specifically
focused on, whereby legacy systems can be
slowly migrated into new technologies without
the traditional rip-and-replace. The benefit of
this is a company is not impacted with a large
investment, but rather smaller values over a
longer period.”
He does, however, see a strong move to
upgrading to new platforms, primarily because
of the increased security and convenience
now available. “If you think many systems are
five to ten years old, technology has moved
on dramatically – whether it’s our cellphones,
computers, cars or TVs, the evolution has been
rapid. Whilst access control has not been as
disruptive, there are certainly industry-changing
technologies which are becoming mainstream
– things such as virtual credentials, where you’re
able to use your cellphone to gain entry or to
manage your system.”
And integration has become a critical issue
in the access market. While he admits there
are still many systems that operate in isolation,
this is changing. Shipton says the need for
integration is crucial – it saves time and
reduces complexity. Furthermore, choosing
solutions that can be combined with those
from other vendors keeps your options open.
“While integrations have been available
in the past, they were often custom projects,
requiring an intensive time and resource
investment. Today, we’ve built APIs that enable
a variety of products and services to quickly
and easily integrate into our systems – from
diverse systems such as elevators, production
management, canteen payments and payroll, to
the traditional CCTV and intrusion systems.”
He adds that another driver for integration
is the ability to manage everything from one
console. “Customers want one place to monitor
and manage their security.”
Overcoming the legacy of legacy
And while many people seem to focus on
the latest and greatest in access and identity
technologies, Shipton adds that legacy systems
bring legacy credentials – the card, tag and fob.
“There are still millions of these being
used around the world today,” he states, “but
this too is changing, and certainly much
faster internationally as the risk of cloning is
a significant concern. While the form of the
credential doesn’t have to change, people
are certainly calling for secure credentials
– we already offer anti-cloning credentials,
including high encryption tags that have
Continued on page 80
www.securitysa.com Access & Identity Management Handbook 2019 79

Continued from page 78
a unique institution code embedded at
manufacture and cannot be ordered by a third
party without the institutions authorisation.”
Impro has also taken these credentials into
the mobile world because we all know where
our phone is, so there is less risk of loss, and we
don’t easily share our phone with others. It’s
also very convenient to have everything within
one device – phone, camera, email, and now
access control. “Add in 256-bit AES encryption
and the ability to revoke credentials over the
air, and you have a win-win solution for both
the organisation and the end user.”
“Biometrics are another popular choice and
are certainly making strong ground as the cost
for these devices continues to reduce,” he adds.
“In the past, biometrics were viewed as a high-
end, high-cost solution but this has changed
dramatically over the past few years. However,
accuracy and read time remains important,
especially in high traffic areas such as front
entrances, or turnstiles – the technology
continues to evolve to ensure that every
fingerprint can be read correctly, every time.
“What will be interesting is the integration of
biometrics with mobile within an access control
setting. We’ve seen how people have quickly
adopted biometrics on their cellphones and
this will drive greater acceptance in everyday
situations. Imagine using your fingerprint or
facial recognition on your mobile device to
open your house, your car, your office door, to
log into your computer and undertake online
transactions. This is fast becoming reality as the
IT world merges into the security sector.”
Where to deploy what?
With all these options, what does the security
manager do in deciding the best fit for the
various access-controlled areas in their
organisation? As noted above, budget is too
often a more important deciding factor than
the applicability and reliability of technology.
The first step, according to Shipton, is
[email protected]
, www.impro.net.
80 Access & Identity Management Handbook 2019 www.securitysa.com
ACCESS CONTROL
to assess what your
greatest risks are, and
what are the areas that
need the highest levels
of security, if any. “Many
companies simply want
to prevent unauthorised
users from accessing the
premises. In this case,
biometrics can be used
at perimeter entrances for
enhanced security, while throughout
the interior areas traditional tags suffice. By
focusing on the perimeter, you’re able to
remove the risk and reduce cost as there are
only a few entrances, as opposed to placing
biometrics at every door.”
If higher security is needed internally, such
as in the server room or vaults, these specific
areas can have additional measures, such as
two or more people tagging in before the door
is opened; or again the use of biometrics. For
example, he notes that some mines are now
deploying facial recognition biometric readers
for high-risk areas, coupled with integrated
safety certificate validation at time of entry,
breathalysers and tagging of equipment – all
to be completed before access is granted.
This isn’t for security purposes only, but rather
also for health and safety due to the legal
ramifications of non-compliance.
“The options really are extensive as we
have solutions to meet every budget, both
from a hardware and software perspective,”
Shipton says. “Whether it’s one door or a
thousand doors, our solutions can grow with
your needs and, more importantly, we offer
off-the-shelf systems. Companies don’t want
extensive custom-built solutions that lock
them into one supplier.
“The first step though, is to identify those
risks and then work with an accredited and
credible installer, who will guide you on the
best solution for your needs.”
Is access getting cloudy?
Nothing can escape the influence and impact
of cloud and remote services today and this
applies to access control as well in the form of
cloud and/or hosted access solutions, as well
as Access Control as a Service (ACaaS). But
are these solutions as simple and secure as
traditional options?
“Absolutely,” states Shipton. “In fact,
depending on the skills or experience of the
personnel managing the on-site system, it can
be a great improvement. For example, many
small to medium sized businesses don’t have
an in-house IT department managing firewalls,
virus protection, server uptimes, fail-overs
and disaster recovery programmes. In a
cloud environment, this is all taken care of by
highly qualified individuals, with guaranteed
contractual uptimes and protection.
“This means the customer can focus on
their core business, knowing specialists in
both cloud and access control are taking care
of their system. The customer also only pays
for what they use. For example, in an on-site
situation, they may buy larger servers to
accommodate for future growth, but in a cloud
scenario this falls away. Only when you need
the extra capacity will you pay for it; and this
makes for easy scalability and growth.”
Another cloud benefit is that new feature
enhancements or updates to products can be
automatically deployed, so you’ve always got
the latest, greatest functionality and security,
built within your operational costs. There
would be no additional licensing or upgrade
fees, no additional personnel on site to deploy.
All this, says Shipton, adds up to a simpler,
quicker and better service.
Top issues to consider
As a final question, Hi-Tech Security Solutions
asked Shipton for his take on what the top
issues would be when planning a new access
control installation.
“Two main things are crucial,” says Shipton,
“the expected life of the system, as this is a
significant investment; as well as the after-sales
support and warranty. We all know there’s
nothing worse than buying something, having
a problem and not getting assistance, or
finding out those parts were imported or no
longer available in South Africa.
“Further to that, I’d also like to see South
Africans supporting South Africans. As our
President recently stated, we need to be
buying local, creating those local jobs and
building our economy. South Africa has high
security solutions, we have the technologies,
and in many cases, we have better solutions
than many international offerings – it is time
we get behind our local businesses.
“To illustrate this, Impro has been
specialising in access control for over 30 years
and we were one of the first companies in the
world to develop RFID solutions. In addition
to our strong market share in South Africa,
we export to over 60 countries, spanning
four continents. International companies are
choosing South African solutions for their
robustness, their security, technological
advancements and convenience.”
For more information contact Impro
Technologies, +27 31 717 0700,
www.securitysa.com Access & Identity Management Handbook 2019 81
ACCESS CONTROL
IP is no stranger to access control
By Andrew Seldon.
IP communications takes your access control system beyond simply
opening the door.
Just as the surveillance market made the move
to IP-based communications, the access control
market is also moving to IP (or some would say,
has moved to IP for all new installations). There
seems to be considerably less hype around the
changes in the access industry as compared
to surveillance, but the move is definitely
happening, even among vendors that built their
brands on proprietary technology.
Hi-Tech Security Solutions decided to look
at what the benefits and advantages of IP
in the access industry are, as well as some
potential snags in the move to this modern
communications protocol. For input, we
approached two experts who are in the midst
of the IP access control world: Wouter du Toit
from SALTO Systems sub-Saharan Africa, and
Dan Drayton, international sales manager at
Paxton Access.
Hi-Tech Security Solutions: What are the
benefits of moving your access control
infrastructure to the IP platform? What
is driving companies to make this move?
Alternatively, why would a company choose
not to move to IP-based access?
Du Toit: IP-based systems have been used for
many years and are widely used in the industry
82 Access & Identity Management Handbook 2019 www.securitysa.com
with little doubt in the stability and speed of
these solutions. The benefits are that you can
easily expand the system and have many more
devices connected (from a SALTO perspective),
integration between sub-systems and third-
party systems is also a lot easier, and with POE
systems a single cable can be used as your
network and power connection. Therefore,
from a hardware perspective there are some
cost benefits. This naturally refers to an access
control domain where we can leverage on
existing IT infrastructure instead of deploying a
separate network.
IP technology is the future and even though
it is still more expensive than conventional
systems, it does simplify management issues. I
am not sure why companies would not embrace
this. I can understand that companies will use a
hybrid of IP and 485 devices to reduce the cost,
but many companies out there have intelligent
ways of dealing with multiple devices from
a single IP address. IP systems allow you to
interact in a way that all other IP systems can
be merged and integrated or interface with
each other.
Drayton: The inherent benefit of utilising IP
technology is that you are using the existing
building infrastructure for your security
system. Historically, access control has been
characterised as a sector dominated by
proprietary cabling solutions and complex
wiring, making products more difficult to install
and maintain. The simplification provided by
IP networks is the main driving force behind
the mass adoption; very few solutions available
in the market today are not IP ready or indeed
dependant. Given that very few solutions
available today do not require a network
backbone in one guise or another, I’m not so
sure there is much choice to not use IP where an
online access control solution is required.
Hi-Tech Security Solutions: Why do we still
have companies that are not using their
IP networks for access control? Are there
hindrances to moving to IP?
Du Toit: It may be a slow adoption rate where
companies have spent significant amounts of
money on their current technology and can’t
just go and convert everything to IP, but with
new projects this is not the case and the only
factor could be cost, but then the advanced
functionality should supersede this argument.
You are buying a solution to solve your current
needs, but also future needs and IP systems
have proven their reliability and scalability.

Drayton: Standalone access control systems
are more cost-effective in terms of the capex
required to install a system in a building.
Migrating to IP is a process of education,
showing installers and end users the benefits
of an online solution where events are
highlighted and acted upon in real time. I
would suggest that some people who are not
that literate about IP technology may be risk
averse to adopting it, but with solutions like
Paxton’s Net2, we are showing the market
that the simplicity of IP access control is easily
within their grasp.
Hi-Tech Security Solutions: In terms of costs
and complexity, does IP-based access
offer benefits or is it much the same
for the technicians in the field and the
administrators? Would the users gain any
benefit from IP or would they simply see
things happening as always?
Du Toit: The user or operator should see no
­difference except that the interfaces used
should be easier to use and offer better
functionality. The technician on the other hand
will need to skill-up and understand the IT
environment that he is working in. This should
not be a challenge, but could be depending on
the skill level of the individual.
IP-based systems are more complex, but in
access control you need to skill-up your staff
to deal with this. Many companies offer basic
IP courses so that staff can understand the
basics and grow from there. Not having the
understanding and skills will make it difficult
for a technician to fault find when a problem
arises, installation of hardware should not be a
problem as most hardware is very easy to install.
Drayton: There are clear benefits for utilising
IP as it makes the installation, support and
maintenance of the system a huge amount
easier. IP technology is being adopted at
an expanding rate across the industry, the
benefit of having multiple systems utilising the
same communication backbone has greatly
simplified the ability to integrate access control
with other security equipment, such as CCTV,
so end-users can match visual recording to
real time events. This is an undeniable benefit
for the end-user. Companies like Paxton
are ­leading the way with making all our
integrations available free of charge to help
installers and end-users reap the benefits.
Hi-Tech Security Solutions: As more ­security
(and other) systems are integrated, would
IP-based access control not provide for
easier integration and more flexibility (if
one wants to do video verification, for
example)?
Du Toit: I think a big driver for IP systems in
security is because of integration and bringing
multiple systems into a single user interface,
where the operator can make informed decisions
quicker, without having to understand all the
backend systems and how to work in them.
Many companies still run multiple systems and
manage them in a standalone way, but this is not
necessary anymore. There are many systems out
there that can tie all your systems together and
they are becoming more affordable.
Drayton: It most certainly would. Any access
control company that has not or is not
developing products for use in IP networks is
­removing itself from the future of our industry.
Hi-Tech Security Solutions: When moving to
IP, cybersecurity becomes a problem. What
steps can one take to ensure your access
control infrastructure is secure?
Du Toit: Your systems should be secured by
encryption so people can’t just tap into your
network and hack the security system from
outside or inside. The only way you should be
able to access the system is from an authorised
terminal with secure credentials, but this should
not be new to security manufacturers, as they
had to protect the security of the hardware in
the field before IP systems came along.
Systems hosted in the cloud must have
multi-factor authentication to ensure a secure
system and only relevant data should be
stored to protect the individuals’ privacy.
Drayton: At Paxton, we take cybersecurity
very seriously and rigorously test our products
to ensure that Net2 remains a highly robust
and secure access control solution. However, it
should not be overstated that the first line of
defence for any company is their responsibility
to take all necessary measures to protect their
networks from cyber threats with firewalls, etc.
Networks can also be partitioned with VPNs to
isolate the security system. Where higher levels
of security are required, it is important that end
users carefully choose their installer partner so
that the right solution is implemented.
Hi-Tech Security Solutions: What products
do you offer that are IP-based and what are
their benefits in the world of access and
identity management?
Du Toit: All systems offered by SALTO, in one
form or another, are IP-based.
www.securitysa.com Access & Identity Management Handbook 2019
ACCESS CONTROL
• SALTOKS is a true cloud-based IP system
sitting on your network via Wi-Fi, POE
network or 4G. One IP address, handling up
to 16 devices and no 485 cabled devices. It is
already integrated with third-party IP camera
systems to bring forward that single view of
events between access control and cameras.
• SALTO Space can handle four million
users and 64 000 devices with a standard
IP interface and hybrid IP solutions. It is
designed to talk to third-party systems
through IP, HTTP, UDP and SHIP (our
integration interface).
• Danalock is aimed at the residential market,
and can interface with your mobile devices
through your home network to give you a
truly keyless security solution.
All of the above solutions are based on
future-proof technology in the IP domain and
protected with encryption.
Drayton: 95% of Paxton’s global sales are
IP-based products. Whether that is our Net2
wired or wireless access control, Net2 Entry
video intercoms or our brand new battery
powered door handle, PaxLock Pro, the Paxton
Net2 range is a complete access control
solution from perimeter to the building centre.
In providing customers with an IP-based,
fully online system with all the benefits of
live events and alarms in real time, we pride
ourselves on the simplicity of our system,
our unique five-year swap warranty and our
licence free for life software.
For more information, contact:
Paxton, +27 21 427 6691, support@
paxtonaccess.co.za, www.paxtonaccess.co.za.
SALTO Systems, +27 11 534 8489, info.za@
saltosystems.com, www.saltosystems.com.
83
ACCESS CONTROL
Applying the SaaS model to access control
By Brett van den Bosch.
The software-as-a-service model has proven
transformative to many organisations, and
even entire industries. The benefits it can offer
are undeniable, but in the security sector
which is risk-averse by necessity, we wanted
to hear the views of some local experts in
access control as a service (ACaaS) to find
out what some of the pros and cons are. Our
interviewees are:
• Mike Shipton, managing director, Impro
Technologies
• Gary Chalmers, CEO, iPulse Systems
• Mike Smiles, managing director, Masc
Solutions
• Mayleen Bywater and Rudi Potgieter, senior
product managers, Vox
Hi-Tech Security Solutions: What are the
pros and cons of ACaaS versus using a
combination of onsite access control and
cloud services for some offsite benefits?
Mike Shipton: Globally, ACaaS is expected to
grow at nearly triple the rate of traditional
access control equipment over the next five
years, according to research company IHS
Markit. Naturally, a large amount of this will
be focused on the European and American
markets, simply because of their strong
adoption of ‘as a service’ business models
– most business software is now operated
‘as a service’ in these markets. Think of your
Microsoft Office 365, CRM packages and
project management tools – all in the cloud.
Whilst these models are growing in South
Africa it’s still at the early adoption stage, but we
expect this to ramp up significantly in the next
few years. One of the most significant benefits
that will drive the growth is the reduction of
upfront costs. As an example, many businesses
will invest in the hardware and IT infrastructure
to enable future growth – in essence, they are
purchasing their future growth, up front, at
great cost, and many of those resources may be
sitting idle as the capacity is not initially being
84 Access & Identity Management Handbook 2019 www.securitysa.com
used. With ACaaS you only pay for what you
need and you’re able to scale up on-demand,
without a capital investment.
Another benefit for businesses is the
guaranteed uptimes, built-in redundancy
and disaster recovery, qualified personnel
managing the systems, as well as 24/7 support.
As ACaaS is an operational cost, much needed
capex can also be focused on the end users’
revenue generating areas i.e. focus on their
core business, while the access control is
managed by specialists in this field.
Having specialists managing your system
also ensures global best practices are adopted
and adhered to – firewalls, virus protection,
DRP, associated data encryption and legal
considerations such as GDPR, as well as all the
associated IT skills. These are expensive skills
which many businesses can’t afford, however
with ACaaS the skill set is standard.
Lastly, the simplicity of accessing the
system is revolutionised, with only an Internet
connection and Web browser needed to
access your site – and this could be done with
a mobile phone, tablet or PC. Both a time and
money saving.
Gary Chalmers: Pure ACaaS allows for centralised
management and support, making the TCO
significantly lower. It also appeals heavily to
distributed organisations who only require a
small number of devices per branch, which
they want to manage and control from a central
point, without needing to have a PC in every
location. ACaaS allows this to be conveniently
controlled and managed from a single source,
which hybrid systems typically do not.
Mike Smiles: ACaaS is no different to using
cloud services – all the access control hardware
remains onsite, software and servers are
removed from a company’s premises and are
housed in data centres designed to meet the
exacting standards necessary for the storage
and management of any business-critical
information.
Compared to traditional access control,
ACaaS offers several advantages, for example:
• The information is stored at remote servers,
which eliminates the need for expensive
hardware at the controlled premises. In
principle this means that ACaaS should be
less expensive than traditional (legacy type)
access control.
• Using ACaaS enables the management of
your access control from anywhere in the
world as long as Internet access is available.
• ACaaS is ideally suited to the monitoring and
control of multiple locations. Information
generated at these facilities is stored at a
single location and is available to authorised
users, 24/7.
This type of service is ideal for all sizes of
system; however, most small businesses do not
have the manpower resources to manage the
system on a daily basis, or don’t have access
to technical support/engineering personnel,
24/7. ACaaS removes these obstacles.
Implementing cloud-based security and/
or ACaaS provides a flexible solution which is
infinitely scalable, by simply adding more doors,
assigning cardholders access authorisation
without the need of changing hardware or
obtaining extra software. Although there’s
concern over possible hacker attacks, most
ACaaS uses encrypted communications and
data storage solutions that are superior to many
server-based systems.
Whilst the majority of the current AcaaS
offerings utilise ‘panels’ to manage card/
biometric readers and control/monitoring
hardware for the secured door, the more
radical options eliminate a large portion of this
hardware by utilising mobile applications that
enable a credential, stored on a smartphone to
identify the phone’s owner and issue a signal
to a basic door controller that permits the staff
Continued on page 86
www.securitysa.com Access & Identity Management Handbook 2019 85
ACCESS CONTROL
Gary Chalmers.
Continued from page 84
member to enter the portals/doors they are
permitted to access.
Mayleen Bywater: This is a multifaceted issue,
which is precisely why I am providing my
insights on the network and security systems
that complement the personal identity
management side of things, whereas my
colleague Rudi Potgieter’s expertise is closer to
the area of physical access control.
The question of using a cloud-service
versus offsite access control really revolves
around capturing the viewer images, storing
the data, and specific requirements from a
client’s perspective so they can then traverse
the network for data and info. For example, if
they have huge video surveillance for access
where they’re going to use visual images they
would need to have something onsite because
of the bandwidth and volume of data. Whereas
if they’re just using IT-based and specific
control measures that are in place, with just
access control based on policy, then cloud is
obviously the way to go, as opex models assist
with cost saving and a managed service can
assist with IT and security confidence.
For many companies, when they need to do
access control they need to trust that they’re
bringing in strangers to do this. From a skills
perspective we can alleviate their problem
from an HR point of view, as well as help with
best practices and try where we can to help
manage their business. Effectively this gives
the client more time to be effective in their
business, so they can go and make money
and let us worry about how to do the access
control component.
Rudi Potgieter: At Vox we try to provide a
solution that caters to clients’ needs, so it can
be either private cloud, public cloud, or a
86 Access & Identity Management Handbook 2019 www.securitysa.com
Mayleen Bywater.
hybrid of the two. We are either investigating
or already have a product for almost every
single one of our current traditional security
solutions in the cloud.
ACaaS represents a predictable cost,
essentially converting capex into opex and
allowing you to budget for it better. It derisks
that portion of your business by decentralising
this data portion and taking it offsite if need
be. It also assists your potential critical skills
shortages, as an organisation doesn’t need to
have advanced IT and other skills in-house.
Hi-Tech Security Solutions: How does one
integrate new access solutions and existing
legacy systems
Mike Shipton: In most access control systems,
the term ‘rip and replace’ is standard. Often,
simply scaling up from one system to another
requires this harsh and expensive route.
However, given the large installed base of
Impro legacy systems, we have developed the
means to slowly migrate from old technologies
to new. This means that many sites are able to
operate with existing hardware, take on new
software, and slowly replace the legacy items
whilst enjoying new software features.
We generally recommend when customers
are wanting to upgrade, or expand, this is the
time to assess the next 10-year path. With
ACaaS this becomes a much easier solution, as
there is not the high capital investment of the
past and, once you have the cloud platform,
it opens a world of new technologies and
services to the end-user which simply cannot
be accessed with very old technology.
Gary Chalmers: iPulse Systems’ IQSuite.cloud
is a true ACaaS platform, designed to work
with both new and legacy equipment. Local
memory resident services and SDKs allow
legacy devices to communicate with the cloud
Rudi Potgieter.
through pre-defined interfaces, ensuring that
any system can be integrated quickly and
efficiently.
Whilst certain value propositions are lost
(such as easy remote support and centralised
management) in these scenarios, clients
are able to leverage existing architecture
for longer, and slowly replace ageing
infrastructure rather than having to face a ‘rip
and replace’ option so often advocated by
security professionals.
Mike Smiles: This is solely dependent on the
legacy hardware currently in use at the facility.
Most ‘traditional’ access control systems
use proprietary hardware that utilises serial
communications such as RS-485 or RS-422. In
instances where the door control hardware/
panels support IP, these are often ‘closed’
systems that have been created to restrict the
end user from using software other than that
provided by the hardware manufacture.
Rudi Potgieter: My understanding is that
yes, this can be challenging, but there are
some in-between applications and physical
on-premise hardware that can be deployed to
translate the environment. So in other words
if you’ve got a brand new install you probably
would push it out via Web services into the
cloud, whereas in an older environment you
might still sync to a local copy of an Impro or
Paxton or whatever that service might be, and
then locally translate it into the correct format
so that you can access it and process it in your
cloud housing, so to speak.
Hi-Tech Security Solutions: How does ACaaS
integrate with other management systems,
like security or building management?
Mike Shipton: The process of integration hasn’t
principally changed. Whether the access

control system is on-premise or operated as
a service, the mechanics are pretty much the
same. However, ACaaS obviously provides
the latest technologies and systems to make
that integration simpler, faster and better. By
having a standard platform, it also ensures
others systems can quickly integrate, rather
than the traditional route of having to do
multiple integrations for each and every
system – integrate once on the platform, and
it’s available for many.
Gary Chalmers: IQSuite.cloud as a platform has
a fully secured API, accessed via an SDK that
makes integration quick and simple. Using
sample code and designed in such a way as to
ensure minimal coding is needed, creating an
integration with an existing system, whether
local or cloud-based, is a matter of hours,
rather than months.
Rudi Potgieter: Whenever technology moves
to the cloud you don’t lose functionality, so
if you have an app that’s already integrated
into a building management system, payroll,
or time and attendance, all of that just moves
to the cloud. You’re essentially just taking
responsibility for the physical infrastructure of
the client’s network. So integration is still part
and parcel of the overall solution – we’re not
going to take functionality away, but actually
add functionality.
Taking services like these to the cloud
also allows for better management of a
mobile workforce, such as field marketers or
merchandisers in a retail environment, or even
security companies that have staff temporarily
deployed at a site. It is nowadays trivial to
have a mobile finger reader whereby a mobile
worker can login and they are then virtually
clocked in at a specific site. So I think it actually
takes the concept to the next level.
Mayleen Bywater: If you’ve got the policies and
processes mapped out properly and you do
the fingerprint or specific single sign-on or any
kind of authentication to a specific person, if
your ERP or other system is dated it does create
a bit of a stumbling block because they would
need to be upgraded or integrated. However
this also presents an opportunity to make sure
clients are running the correct patches, their
version control is correct and that everything
actually works together.
www.securitysa.com Access & Identity Management Handbook 2019
ACCESS CONTROL
What people don’t always do is ensure that
the testing of the network and the testing of
the access control actually complement each
other. In some cases the one will negate the
other, and if you’re not managing it from a
one-provider perspective you are creating a
loophole in your client’s environment.
Hi-Tech Security Solutions: How does one
deal with the risks of losing sensitive data,
especially with respect to GDPR and PoPIA?
Mike Shipton: This is where international
certification becomes crucial. The rigorous
standards enforced internationally must be
adopted to ensure complete compliance with
all legislative requirements. For example, ISO
27001 for technical measures, ISO 27017 for
cloud security, ISO 27018 for cloud privacy,
as well as EU specific certifications such as
BSI’s Common Cloud Computing Controls
Catalogue and adherence to the CISPE (Cloud
Infrastructure Services Providers in Europe)
Code of Conduct.
In addition, strong encryption of all
personal data is a must; as well as the regular
testing, assessing and evaluating of the system
Continued on page 88
87
ACCESS CONTROL
Continued from page 87
to ensure that it is continually monitored and
meets the changing demands of a globally
connected system.
Gary Chalmers: Following international
guidelines for storing and managing data,
and leveraging the inherent underlying
security principles of Microsoft Azure,
allows IQSuite.cloud to maintain a rigorous
and certified methodology for managing
security. In addition to this, our team performs
regular penetration testing around the API
and its security, and constantly update the
underlying authentication and authorisation
models to accommodate the ever-changing
environment.
Mayleen Bywater: Let’s say for example you have
an ERP system and you have access to your
client’s info and/or their personal details from a
payments perspective. If you know you’ve only
given a person access to a specific environment
and there’s a solid audit trail, when something
does happen whereby information is leaked
either maliciously or in error, an organisation’s
security measures mean they can validate and
prove what has occurred.
Hi-Tech Security Solutions: Where would
ACaaS be advised and where not – for
example, is it good for small companies but
not reliable enough for the enterprise?
Mike Shipton: As mentioned previously, the
easiest adoption is for small to medium
[email protected]
, www.impro.net
[email protected]
, www.ipulsesystems.com
[email protected]
,
[email protected]
,
[email protected]
,
Mike Shipton.
88 Access & Identity Management Handbook 2019 www.securitysa.com
businesses who haven’t considered access
control previously due to the costs, or those
same businesses that don’t have the IT
and specialists resources to manage all the
infrastructure. These are normally the earlier
adopters of ACaaS as the benefit is significant
and quickly achieved.
On the enterprise side, the adoption is
slower simply because of their significant
investment in the access control system which
cannot be thrown out overnight. In this
sector, we see a longer term for the migration
as that equipment ages, becomes obsolete
and upgrading becomes a business priority
and reality. Then ACaaS makes very good
sense, especially because of the ability to add
additional services such as mobile or virtual
credentials, alarm and event monitoring,
credential management, SLAs with regulated
services etc.
Gary Chalmers: ACaaS is the future. All other
Mike Smiles.
products are already dead, even if they don’t
realise it. From small companies to large and presentations I’ve seen from our existing
enterprises, ACaaS is the wave of the future. vendors, in the smaller environments cloud
It simply carries too many benefits to ignore, access control is the sweet spot. Businesses
and IT trends have shown that everything will like that don’t necessarily have the skill set
ultimately migrate to the cloud in order to to run with it locally, nor do they have the IT,
remain competitive in terms of TCO. Ultimately, the knowledge etc. So there it works well for
onsite, closed systems are a thing of the past, us to offer it as a complete service – not only
and the dangers they bring are no less than access control in the cloud but access-control-
anything offered by cloud architecture. as-a-service. With our 24/7 nerve centre
we can field these support calls and assist
Mike Smiles: There is no question that the with bringing on board and activating and
take-on rate for ACaaS is far higher in the small deactivating access etc.
business space as opposed to enterprise wide In your larger environments I think they’re
solutions. Major organisations spend years going more for the cloud play because as-a-
and large sums of money selecting access service play is not quite there yet and the guys
control products that are suitable for their are still quite stringent with their policies.
organisation and take many years to change Essentially we are looking at trying to mould
this perspective because of the risks involved. some of our existing, traditional models into a
Small operations quickly identify the cloud model whether the vendor is ready for
benefits of prescribing to a service which that or not. I think we are quite innovative and
enables them to focus on their core business we’ve got the right skills here to be able to take
and eliminate the need to allocate a resource products like that and deploy them in a virtual
to the task of security system administrator. cloud environment for our clients.
The majority of control panels that support
this technology are imported from the USA For more information contact:
or Europe and are relatively expensive. The Impro Technologies, +27 31 717 0700,
delayed implementation of benchmark cloud
services such as those offered by Microsoft iPulse Systems, +27 86 0478 573,
Assure or Amazon Web Services are a barrier
to take-up here in South Africa. Furthermore, Masc Solutions, +27 11 100 0088,
the monthly subscription costs charged
by companies offering this technology are www.mascsolutions.com
currently too expensive to support widespread Vox, +27 87 805 0000,
adoption of the solution.
Rudi Potgieter: From the research I’ve done www.vox.co.za

Cloud-based access control
Running your access control through a cloud service has made people nervous in
the past, but today’s solutions are hard to beat.
One of the most promising, or perhaps challenging aspects of access
control has been the slow growth of cloud-based access throughout
the world. The acceptance of cloud-based access has taken longer
than many vendors would have preferred, some say due to the cost vs.
performance ratio, others say due to security issues associated with
the cloud, while others say it’s due to the reliability of connectivity
options.
Yet, while there are always arguments against cloud access control
services, cloud-based systems in their variety of permutations have
expanded and are finding increased acceptance in various industries.
To find out more about the current state of cloud-based access control,
Hi-Tech Security Solutions spoke to Ernest Mallett, regional director of
Tyco, the security products division of Johnson Controls.
Hi-Tech Security Solutions: Has cloud-based access control reached
the stage where large companies can rely on the solution?
Mallett: Manufacturers such as Tyco, have taken advantage of recent
advances in IP network technology to deliver a cloud-based access control
system which is robust, reliable and secure. 128-bit AES encryption of data
and low bandwidth usage to ensure real-time operation are just two key
attributes for a solution which offers significant operational advantages
over traditional methods of deploying access control, as well as a lower
total cost of ownership.
Hi-Tech Security Solutions: What are the b ­ enefits of implementing
cloud-based access control?
Mallett: There are so many reasons why it makes perfect sense to have
a cloud-based access control system, not the least of which is the ability
to make best use of human resources. Your Managed Service Provider
(MSP) or your security personnel, can be anywhere in the world and yet
be able to remotely manage the access control systems operating at
any number of your sites, and all from the convenience of a desktop PC,
tablet or smartphone. This means a security manager does not need to
be on-site in real-time to manage the access credentials of colleagues,
contractors and visitors, or control many other important features of an
access control system.
[email protected]
.
ACCESS IN THE CLOUD
A professionally designed and commissioned cloud-based access
control solution will provide peace of mind by ensuring access control
readers will continue to operate normally during any network disruption
and that data related to any access control activity is recorded locally.
Hi-Tech Security Solutions: What can companies do to ensure their
internal networks remain secure from hacking or malware when
using a cloud service?
Mallett: While no manufacturer can offer a 100% guarantee, a
combination of a high-level encryption, anti-virus software and regular
software updates which take into account the latest known threats,
should help keep a cloud-based solution one step ahead of the hackers.
Hi-Tech Security Solutions: What is your cloud-based solution and
how does it work?
Mallett: The Kantech hattrix cloud-based access control solution
allows you to manage access control for your entire estate, whether
it’s one door, or thousands spread across multiple sites. With ‘hosted’
or ‘managed’ options, you can choose to work with a hattrix Managed
Service Provider (MSP) to outsource all or just part of your security
activities and management.
Hattrix eliminates the need to incur the capital, running and maintenance
costs of utilising a server which you would normally need to do in order to
operate a medium- to large-sized access control system. It is supported by the
EntraPass web platform and EntraPass Go mobile app which are designed to
enhance the user experience by delivering remote and convenient real-time
access, to manage common security tasks. These include locking/unlocking
doors, managing cards and schedules, requesting reports, viewing live video,
monitoring events by floor plan and more.
With minimal training, authorised personnel are able to configure
hattrix to deliver customised reports by email or they can view activity in
real-time. Scheduled back-ups, audit trails and automated health checks,
ensure that security best practice is adhered to at all times.
For more information contact Johnson Controls Security Products,
+27 82 566 5274,
www.securitysa.com Access & Identity Management Handbook 2019 89
ACCESS IN THE CLOUD
Controlling access in the cloud
By Brett van den Bosch.
Cloud-based services have become an integral
part of our digital lives, allowing us to access our
important information from any smart device,
anywhere in the world. The convenience afforded
extends to organisations too, and they further
stand to gain from operational and cost benefits.
In the access control arena, hosted or managed
services have been around for a few years, and
the adoption of cloud-based access control only
continues to grow as companies become more
and more open to the idea of relying on it to
perform such a vital function within their business.
We spoke to representatives at Excellerate Services
and SALTO Systems to find out more about the
benefits cloud-based access control can offer.
Depending on the end user’s requirements,
Internet connectivity can be an obstacle since
the overall solution relies heavily on connection
outside of the local network, says Glenn Allen,
director of Excellerate Services’ technical
division. “The current climate for information
communications systems in South Africa are
often unreliable/temperamental (unless cost for
deployment is not a factor). Multiple connection
channels, such as wireless, GSM, fibre or satellite
would need to be made available to each of
the end points for redundancy. Obviously,
this depends on the end user’s requirements
as some end users would accept a period of
potential downtime,” he says.
Owing to this potential issue, some clients will
choose to implement a solution that can continue
to run locally if the external connection is lost.
“Depending on the solution the client wants to
implement, technicians will ensure that the system
can function to a certain degree on the local server
should communication be lost to cloud-based
servers, and once the communication is back
up and running, will push database updates to
update the cloud-based backup,” Allen continues.
“Cloud-based solutions provide the benefit
of economies of scale, where hosting is in the
form of a rental from a third-party supplier’s
server, meaning that local infrastructure costs
are diminished. An example can be drawn
from remote areas where there is no wireless
connectivity and no fibre infrastructure, where
this situation would require a locally hosted
solution,” he explains.
According to SALTO Systems’ Wouter du
Toit, in terms of uptime the company’s cloud-
based access control solution, SALTO KS (Keys
as a Service) has close to 100% reliability. “Even
[email protected]
, www.excellerate.co.za
if your Internet connection and therefore your
link to the cloud services platform fails, the
[email protected]
,
system is still self-contained locally, so there’s
90 Access & Identity Management Handbook 2019 www.securitysa.com
Glenn Allen.
no risk – the cloud is just there to ensure
you’ve got live communication to those doors,
and that you can manage them online,” he says.
The SALTO KS solution was a world-first
when it was launched some four and a half
years ago, and was initially regarded with some
trepidation in the marketplace. In the time since
its introduction, other companies have got in
on the act and are offering similar solutions, and
du Toit says the technology has matured to the
point where it is now very well accepted.
“Not just internationally, but in South Africa,
we have a lot of cloud-based sites deployed,
ranging from the more ‘standard’ access control
requirements to the more demanding hospitality
environment,” says du Toit. “So there is no concern
for us as a manufacturer to push this to even
large companies, and we have already done that.
“For organisations that have to control
access across multiple sites, the fact that SALTO
KS is cloud-based makes it easy to manage
people’s credentials regardless of their location,
through their mobile phone, one-time PIN or
other mechanism. This is highly cost-effective
since the only hardware that needs to be
installed at the site is one of our IQ units.”
Going wireless
Wireless technology has been a key enabler for the
proliferation of cloud-based systems, and SALTO’s
solution takes advantage of wireless for local
networking as well as communication with the
cloud. The local networking is enabled by a device
called the IQ as referred to by du Toit above, which
can be plugged into a physical network point via
an Ethernet cable, or communicate wirelessly, or a
combination of both.
The IQ also uses proprietary radio frequency
(RF) or Bluetooth signals to speak to the locks,
and to a controller that can drive an output, if one
is required. The IQ essentially acts like an access
point, establishing a communication path for up
to 16 devices in a radius of 10 to 15 metres. The
Wouter du Toit.
overall solution therefore eliminates the need to
run cables to every door, and is expandable to
any number of doors at a site.
On the cloud side, the IQ can have a
physical network connection to the outside
world, or it can additionally be fitted with a
SALTO SIM card for 4G cellular connectivity as
a failover or as the primary communication
medium. The combined flexibility provided by
these wireless capabilities allows end users to
better control their IT infrastructure costs.
Addressing cybersecurity
To address the ever-present issue of
cybersecurity, du Toit explains that SALTO takes
great care to ensure its clients’ data is secure.
“The data we transmit to the cloud is encrypted,
and we comply with ISO standards to ensure
our clients’ information is not vulnerable or
shared with third parties. The only people that
can access that information are those who the
client explicitly allows to access it – even our
technical resources department cannot access
privileged information without the client’s
permission,” he says.
Allen further recommends that the
implementation of VLAN and firewall technology
ensures that all traffic is monitored, securing the
entire network. “Using a VLAN as well as firewalls
would ensure that the data gets to where it is
intended, however you’d also have to deploy
some sort of encryption of the traffic between
the client and the server to make sure that even
if the data is eavesdropped it is unusable, which
we cater for using SSL and the ability to deploy
signed certificates to the web server.”
For more information contact:
Excellerate Services, +27 31 573 7600,
SALTO Systems Africa, +27 87 701 5858,
www.saltosystems.co.za
VIDEO-BASED ACCESS
They sure don’t make
them like they used to
By Brett van den Bosch.
A doorbell used to be a simple thing: you pushed a button and at the
other end of a pair of wires a bell sounded. Then intercoms came along
and opened up the possibility of two-way communication (although
anyone who remembers the early intercom systems will know the audio
quality left a lot to be desired).
These technologies have improved over the years and additional
functionalities added, so that nowadays systems are available that add
a visual dimension in the form of high-definition video, as well as other
features such as mobile communication. We interviewed the following
people to learn what the current state of the market is:
Markus Bodenstein, key account manager at Axis Communications SA.
Riccardo Battaini, managing director of Came BPT South Africa.
Chris Lelicanin, access control product specialist at Elvey.
Mohammad Meraj Hoda, vice president of Ring.
Hi-Tech Security Solutions: What are the latest offerings in the
market with respect to doorbells and intercoms, and what
functionality do they offer?
Markus Bodenstein: The security market has evolved over the years, and
every year new solutions and products are introduced. The same goes
for access control, of which intercoms form part. Intercoms specifically
have changed and are now intelligent devices that form an integral part
of a security network. It is no longer a standalone analogue unit that
fulfils only one role.
At Axis we have changed the naming convention because it is no
longer an intercom, but a network door station. Axis network door
stations combine communication, video surveillance and remote entry
control in one single device. The Axis network door station offers a
convenient complement to your surveillance installation and helps to
keep your premises secure, providing reliable 24/7 identification.
92 Access & Identity Management Handbook 2019 www.securitysa.com
Riccardo Battaini: Doorbells are becoming more connected. Today you
can have a video doorbell connected wirelessly via Wi-Fi network. This
enables you to answer a visitor call from your smartphone. You may
also have a PIR motion detector integrated which activates the system if
some movement is detected by the entry panel.
Most of these products are coming from the Far East and are very
simple, i.e. they are standalone systems that do not allow for expansion,
multiple entrances or intercoms between the units. Nevertheless, there
is a very important demand in this segment of the market. A big part of
the residential solutions in South Africa are single-family houses and, in
these applications, if the user is not too sophisticated, the Wi-Fi video
doorbell is a good solution in terms of price/performance ratio.
On the intercom side of things, being complete systems, they have
developed more in the direction of wide communication, thanks to the IP
protocol being used for these applications. Today, in my opinion, we are
leading the way with full IP audio and video intercom systems. Our solutions
allow direct connection of the entry panel to the Internet, and an unlimited
number of entry panels and receivers. The only limitation is the capacity of
the network to manage the volume of data generated by the cameras.
Chris Lelicanin: Apart from world-class European-engineered voice and
video technology, the doorbell and intercom market is seeing a growing
trend in the adoption of facial recognition for access, app-based Wi-Fi
call forwarding, and integration into other systems such as intrusion.
Fermax’s latest Meet system gives a good indication of where the
industry is headed in terms of IP systems and features, and functionality
versus cost. A large part of this is also the refinement of existing
tried and tested technologies, less wires for installation, easier setup,
management and deployment of devices.
Continued on page 94
VIDEO-BASED ACCESS
Chris Lelicanin. Markus Bodenstein.
Continued from page 92
Mohammad Meraj Hoda: Since we invented the Video Doorbell in
2013, these devices have become even more sophisticated. The latest
generation of the Video Doorbell offers features such as two-way talk,
1080p HD video, infrared night vision and instant mobile alerts, as well
as recording capability.
Hi-Tech Security Solutions: Can these devices be managed by mobile
devices, and if so, can multiple people control them via their
smartphones?
Markus Bodenstein: With the Axis network door station, you can see,
talk to, identify and open the door to visitors regardless of where
you are. The network door station can be used to create a two-way
communication channel with designated mobile devices, which allows
for flexibility and convenience.
Riccardo Battaini: In the intercoms solution, smartphones become an
extension of the internal receiver. They can be used to receive calls,
initiate calls and activate the entry panels and the cameras connected. IP
intercoms are much more powerful. They allow the user to be connected
via Wi-Fi while inside the property. This is very interesting in the commercial
environment, where until some time ago it was a challenge to allow many
entry panels. We have recently worked on a project – and have several in the
pipeline – with 60 and 70 entry panels in large commercial compounds.
The IP solutions also allow more sophisticated PC-based switchboard
services. Our solutions are even more powerful as we are now capable
of integrating all the Came systems in a single platform in the cloud,
called Came Connect. With this powerful technology we can control
all the Came devices (and partially also some competitors’ devices) like
gate automation, traffic barriers, door automation, audio and video
intercoms, and home automation devices from a single platform.
This solution allows us to provide new kinds of services. For example, the
end user can configure the system in order to send a message to their installer
if there is a potential problem with the safety devices of their gate automation.
In other words, it is the system which initiates a service request, maintenance
or provides information. In some cases, the installer can be informed of a
potential problem at his customer’s site and react immediately.
Chris Lelicanin: The digital age is upon us and you can securely and
remotely have a two-way video conversation or grant access to a visitor.
You can turn the panel off should you not want to be disturbed and the
app can divert the call from the panel to multiple smart devices.
Mohammad Meraj Hoda: Ring’s devices were specifically designed to be
managed through smartphones, but we have taken it further, allowing
94 Access & Identity Management Handbook 2019 www.securitysa.com
Riccardo Battaini. Mohammad Meraj Hoda.
people to see a live view and get alerts on their smartphone, tablet and
PC. We also allow any number of people to access the Video Doorbell
through the app, depending on the type of subscription they have.
Hi-Tech Security Solutions: What security is included to ensure
only authorised people are able to gain access and manage these
devices?
Markus Bodenstein: Cybersecurity has become a hot topic over the past
few years. Axis always goes to great lengths to implement strict security
protocols and requirements to ensure that any Axis device on a network is
as secure as possible. We also provide hardening guides on cybersecurity,
which includes guidelines on how to further enhance the security on your
network – all this information can be found on our website.
Riccardo Battaini: Of course, with the connectivity, the security of the
technology becomes important. As security comes first, our solutions
are cloud-based with the software package sitting in very well protected
data centres. Furthermore, all our applications connected to the Internet
are user name and password protected. This includes web applications,
smartphone apps, but also the devices directly connected to the
Internet, like the entry panels.
Chris Lelicanin: Apart from password protection, there are also encryption
protocols and standards in use to keep assailants at bay. The systems are
well thought out and fortunately there are few points of entry and no data
is stored on the edge device, such as the intercom panel.
Mohammad Meraj Hoda: Because the Video Doorbells are linked to
a specific Wi-Fi network and a specific device, they are password
protected. The ‘shared users’ function allows people to control who
has access to the device, and so avoid the need to give out account
information.
Hi-Tech Security Solutions: Are these systems able to integrate into
a broader management system for centralised control, or are they
standalone solutions?
Markus Bodenstein: The Axis network door station can integrate into
existing and new management systems or it can be used as a standalone
solution. The intelligence on the device allows it to communicate
directly with other devices on the network, to ensure that the system
becomes a working solution that can meet your requirements.
Riccardo Battaini: In our solutions we can have third-party cameras
connected to the system and even the NVR (network video recorder),
if necessary. It is also possible to control – with the limitation of simple

output and input signals – third-party
devices like competitors’ gate automation
or barriers.
This is not so much due to the IP
technology, but more to the flexibility of
our solutions, and we can also interface
with elevators and make it possible to
send a visitor only to the exact floor
where the person to be visited is located.
This is convenient and safe at the same
time.
Chris Lelicanin: Integration and
functionality are essential in today’s
security solutions and systems.
Depending on the size of the
implementation the Fermax Meet system,
for instance, can incorporate access
control, CCTV and motion detection. You
can use the video monitor to view CCTV
or as a panic. Should you need to scale
this or integrate into an existing solution,
the panels can be integrated through
industry standard protocols.
Mohammad Meraj Hoda: Ring’s goal is
to make communities safer by helping
people create a ring of security around
their home. All Ring devices are linked
to the app, which allows homeowners to
keep an eye on their property through
any number of devices.
Hi-Tech Security Solutions: What are the
latest solutions your company has on
offer, and what features and benefits
do they offer?
Markus Bodenstein: Axis offers the Axis
A8004-VE and A8105-E network door
stations, with benefits and features
such as high-quality video and audio,
2-way communication, remote entry
control, 24/7 video identification, and
SIP Support for IP phone integration.
The Axis network door station is also
scalable and definitely futureproof, so
you are able to add door stations, expand
your communication system or upgrade
the backbone of your system as you
grow, while preserving the value of your
investment.
Riccardo Battaini: I think I have explained
everything about Came Connect in my
answers above. The features of the complete
control of all Came installations allow
peace of mind, better and more efficient
maintenance, and enhanced security for all
parties concerned, i.e., end user, installer,
facility manager or body corporate.
VIDEO-BASED ACCESS
Chris Lelicanin: Elvey prides itself on
fulfilling the security sector’s needs. All
Elvey solutions are thoroughly researched
and tested. The manufacturers we partner
with are best in breed and I think in this
context a good example is Fermax, which
covers the spectrum in terms of quality,
functionality at an affordable price, and
ease of use. Fermax incorporates the
following features into its ecosystems:
facial recognition, mobile applications,
access control solutions, IP video
surveillance, lift control management and
integration into home automation systems,
to name a few.
Mohammad Meraj Hoda: The professional-
grade Ring video doorbell Elite lets
homeowners watch over their home and
answer the door from their phone, tablet
and PC. The system allows them to create
and customise their own motion zones,
and when anyone enters the motion zones
or presses the doorbell, they get an instant
alert.
The video doorbell Elite also allows for
on-demand streaming of video and audio
with live view. This device has built-in night
vision sensors and a weather-resistant
design. Ring video doorbell Elite installs
on standard junction boxes with a flush-
mounted finish, and connects to the
network via power-over-Ethernet for
a reliable connection and non-stop
power.
The Ring Video Doorbell 2 comes with
adjustable motion sensors, and when
anyone triggers the motion sensors or
presses the doorbell, homeowners get an
instant alert on their phone, tablet and
PC, allowing them to see, hear and speak
to people at their door from anywhere.
The Video Doorbell 2 also offers live view
and on-demand streaming video and
two-way audio, and features built-in night
vision sensors and a weather-resistant
design. Ring Video Doorbell 2 comes with
an innovative quick-release rechargeable
battery pack, so the doorbell can be
charged without moving the device.
For more information contact:
Axis Communications SA, +27 11 548 6780,
[email protected], www.axis.com
Came BPT South Africa, +27 11 616 3222,
[email protected], www.camebpt.co.za
Elvey, +27 11 401 6700, [email protected],
www.elvey.co.za
Ring, +27 11 237 7000, [email protected],
www.ring.com
www.securitysa.com Access & Identity Management Handbook 2019 95
WORKFORCE MANAGEMENT

Integrating access
with OHS and operations
Veracitech has developed access control plug-ins to add certifications
and key management decision-making to traditional access control.
Occupational Health and Safety (OHS) controls
have become as important as security controls
when it comes to the control of access to a
facility or restricted environments. Many clients
today need to check and manage statutory
accreditations and competency prerequisites
prior to allowing personnel and visitors onto
their premises or work areas.
Some of these requirements include
legislative, HR, health and safety, and
accreditation or competency (training and
induction) prerequisites. This data is generally
managed by the HR department and the
security or access control systems merely
block or unblock the user’s access manually
from time to time when notified that the user’s
‘certification’ is valid or has expired.
Veracitech develops and deploys plug-ins
on the Babylon platform for various active
client applications; one such application is the
Veracitech Babylon Certifications solution.
The plug-in comprises access control and
automation, incorporating the certifications
prerequisites listed above. These certifications
can be defined and managed either directly
in the Veracitech Babylon Certifications
application or can be integrated with existing
HR or other databases.
Various certifications and competencies
can be defined in the system, which can then
control access to certain areas based on whether
the person requesting access meets corporate
requirements and vetting. For example: Babylon Key & Locker Management integration with the Traka backend allows key
• Access can be determined by the security Many industrial clients use smart key and and locker users to be managed seamlessly
level/profile as well as if the user has a valid locker management systems, such the TRAKA in the Babylon user database. Access level
medical check-up or has been certified in a system from ASSA ABLOY to manage who definitions ensure that full control and
certain skill required for access to a specific has access to certain keys. Again, here the management of key and locker rights is
area. client traditionally has to control the key centrally administered from the Babylon
• Before allowing anyone to start a truck or management as a separate, standalone system environment only. Through this high-level
machinery on a plant, the system may first from their access control, security or HR/OHS Babylon/Traka integration, the client can now
check to ensure the individual’s licence systems. With intelligent key systems, keys are incorporate access controls with key/locker
is up to date and that they underwent available 24/7 to authorised staff only, and controls, and even combine this with the
a breathalyser test that morning before usage can be managed. certifications solution mentioned above.
granting access to the truck or machinery. Veracitech has partnered with Traka and is • Access can be allowed / denied based on keys
Feedback to the user and an explanation the only authorised system integration partner returned: e.g., users can be prevented from
for Access Denied can also be displayed on the on the Babylon platform for Traka systems. leaving the site without returning keys.
Veracitech interactive touch display modules Veracitech again developed a plug-in for the • Access rights to keys can be based on not just
at the access points. These are fully integrated Babylon platform, the Veracitech Babylon Key the key profile, but also the validity of the user’s
and managed from the Veracitech Babylon & Locker Management solution. certifications (users can only withdraw a vehicle
Certifications application. In this solution, high-level database or machine key if they have the prerequisite

96 Access & Identity Management Handbook 2019 www.securitysa.com

 WORKFORCE MANAGEMENT

certification status, such as a valid driver’s or
operator’s licence on record, or have passed the
breathalyser test within the last hour, etc.).
• With the access automation features of
XMP-Babylon, one can also control key or
locker rights not just by access profile and
certification prerequisites, but also by live
status processing in the system. For example,
a user can only withdraw a key if his manager
is badged in and present at the time, or a user
can only withdraw a key based on previously
areas accessed (or not accessed) within a
pre-set period.
• Key and locker alarms and events will also be
reported and managed in the XMP-Babylon
Alarm and Even Handling, alerting the
administrator when keys are not returned on
time etc.
There are numerous other applications
and integrations Veracitech has developed
on the Babylon. All told, Veracitech offers the
design, installation, configuration and custom
development and integration of multiple
security and operational systems into the
Babylon platform, which will allow clients to
more efficiently manage their operations,
even distributed operations, reliably from a
central source. Veracitech is a bespoke system
engineering house and direct authorised
OEM partner for Autec XMP-Babylon systems.
The company currently has a client list that
includes companies like Anglo Platinum, De
Beers, Petra Diamonds, Namdeb, Debmarine,
Gemfields, South32, DTI, Transnet and others, For more information, contact Veracitech,
including clients in Namibia, Botswana and +27 11 888 7251, [email protected],
Mozambique. www.veracitech.co.za.

Questions on workforce management

Paul Chari talks about workforce management in modern organisations.
Access control technologies are a staple of the workforce management
industry, often using integrated solutions to combine the functions
of basic access control or time and attendance with more complex
workforce management systems.
To find out a little more about workforce management today, Hi-Tech
Security Solutions asked Paul Chari, principal consultant, EDC Solutions at
dormakaba for his take on the market.
Hi-Tech Security Solutions: How has workforce management
changed over the past few years? What additional fields
are now included in workforce management solutions that
were seen as separate in the past?
Chari: Workforce management has transformed from being looked at as
a cost centre to a resource that should be harnessed. This has attracted
acceptance of modern technologies already used to spearhead other
areas in companies. Workforce management, for example, now includes
access control and production data control.
Interaction has expanded as driven by technology allowing operation
over Ethernet, GSM, Bluetooth and NFC. This means the traditional terminal
mounted in a building with Ethernet, GSM allowing mobile validation
in vehicles and mobile offices, as well as Bluetooth and NFC which allow
mobile phones to be validation media. Apart from communications
methods there are biometric innovations allowing people to use unique
body characteristics in many different ways. Innovation around biometrics
ensures continued change and applications in the way users can interact.
Hi-Tech Security Solutions: Has the mobile revolution
had an impact on workforce management systems?
Chari: Mobile has opened up areas that were previously impossible
to monitor. This impossible scenario has transformed with mobile
containing GSM for data, GPS for positioning, ubiquity and versatile
applications (including biometry of various kinds). Personnel can be
monitored for accountability, safety and customer feedback or on
route to a customer site. This allows flexibility between employee and
personal where service and sales team can go straight from home to
customer and provide reliable assurance via their mobile.
Hi-Tech Security Solutions: How can modern workforce
management tools assist in performance evaluations
and productivity enhancers?
Chari: Production data control allows planned work to be loaded to
various monitoring points. This allows for live tracking of order progress
that includes supervisory inspection points. Job progress can be
recorded via barcode scanners, machine output monitoring and entry
of quantities at various steps. You can even record reasons for work
stoppages allowing you to react appropriately as the data is fed back
direct from the floor. You do not have wait until the end of day / week /
month to react appropriately.
Hi-Tech Security Solutions: Do workforce management
tools, in general, integrate easily with security systems
as an integrated management system, or would
users be required to do the integration work
themselves?
Chari: Workforce management includes security and therefore
security systems. Access control in particular is part of workforce
management as it is the same data with information of where, when
and how a user will have access. Surveillance that involves video or
other sensors would require integration work. Users are not expected to
integrate; they normally request the integration depending on t
heir requirements, which are borne out of necessity (regulations,
security compromises, practicality) or desire for newer or different
technology.
Hi-Tech Security Solutions: What does your company
offer in terms of workforce management solutions and
services?
Chari: dormakaba offers solutions for time data collection, access
management and shop floor data collection. The verticals in focus
are ERP users that already see the value in integrated solutions. Our
solutions are integrated with various ERP vendors to allow extensions of
the functionality. This means ERP users do not have to know an access
point details as they can work within a familiar single place.

www.securitysa.com Access & Identity Management Handbook 2019 97

WORKFORCE MANAGEMENT
43 years of workforce optimisation
SACO has evolved into much more than just a workforce management platform.
Access to accurate information allows
for effective decision-making. Workforce
management solutions empower
organisations to track the relation between
productivity outputs and the cost of
employment, as well as warrant the health
and safety of its workforce, visitors, business
partners and stakeholders. The key prerequisite
however, is ensuring that proven technology
is implemented, in partnership with a trusted
workforce management solutions partner.
Proven track record
Over the past four decades, SACO has earned
a reputation for delivering tangible value in
­business as a trusted provider of workforce
management solutions and has distinguished
itself to be synonymous with innovation and
reliability within the time and attendance
sphere.
Throughout its 43 years, SACO has
enforced an evergreen approach towards
all its solutions, including access control
management, time and attendance
management, health and safety management,
business intelligence, multiple hardware
integrations and IT infrastructure integration.
Proudly Bidvest
SACO is proudly South African and forms part
of Bidvest Protea Coin as a division within
the organisation. Products and solutions are
locally designed and developed, offering a
unique advantage with workforce optimisation
solutions specifically tailored to the African
market. Hardware and software are developed
[email protected]
, www.saco.co.za.
98 Access & Identity Management Handbook 2019 www.securitysa.com
Freddy Niehaus.
to be modular and fully scalable to ensure that
the SACO solution meets the needs of small to
enterprise corporations. SACO takes pride in
offering stakeholders vastly more than what
one would expect from a traditional workforce
management solutions provider.
Innovation
As a result of the Bidvest passion for
innovation, SACO has evolved into much
more than just a workforce management
platform. “Our brand delivers products that are
designed to optimise workforce efficiencies
and processes through a variety of unified
solutions from the SACO stable,” explains
Freddy Niehaus, ­general manager of SACO.
“Our products provide progressive business
intelligence that simplifies decision-making,
reduce turnaround times on operational
activities and improve results where it
matters most – your organisation’s profit line.”
SACO offers an array of products and
innovative platforms, such as SACO Workforce
Management, SACO Anywhere, SACO Guest
and SACO Workflow, to name but a few. These
platforms assist businesses with distinctive
features and benefits such as accurate human
capital identification management, optimised
resource management, productivity and
revenue protection, progressive business
intelligence, asset protection, enterprise
resource planning (ERP) and payroll integration
as well as risk management.
Real business value
“SACO achieves actual results through a
­balanced focus on people and business, a
commitment to consistently improve our
solutions and a drive to simplify that which
seems complex. This ideology is reinforced
in our mantra of balance, consistency and
simplicity,” remarks Niehaus.
Over the course of 43 years, the SACO
brand has solidified its position as a leader in
the workforce optimisation space. “This success
can be credited to our innovative approach,
but it is also due to the simple fact that SACO
values the importance of people as a precious
resource in business,” says Costa Diavastos, CEO
of Bidvest Protea Coin. “At the heart of all our
objectives, lies the aspiration to enhance and
harness the symbiotic relationship between
the employer and employee.”
For more information, contact
Freddy Niehaus, SACO, +27 12 665 8000,
VISITOR MANAGEMENT

Video-based parking management

By Eric Olson, vice president of product management and marketing, PureTech Systems.

Using surveillance video for vehicle counting improves parking management

at an attractive cost.
Many industries utilise surface parking and parking garages as an integral
part of their business models. Managing the safe and efficient parking of
vehicles impacts many aspects of business operations, including safety,
revenue and the overall customer experience. Businesses with a parking
management component need a solution that accurately counts vehicles
in a cost effective manner. Specifically, they desire:
• Accuracy to enable increased revenue, high levels of customer
satisfaction, ensure safety of customers and their vehicles and secure
customer trust in the system.
• Robust capability to operate 24 hours a day/7 days a week in all types
of weather and lighting conditions.
• Intelligence to understand various types of vehicles, which may
occupy a parking space, and not be confused by non-parking objects,
Management of surface lots and parking garages is an integral part of
such as people or bicycles.
many industry business models. Accurately counting vehicles is a key
• Open architecture to integrate with new or existing systems. part of managing these assets.
• Affordable with use of off-the-shelf sensors and reuse of existing
infrastructure.
• Flexible installation options to address locations that may have power
or communication challenges, or support temporary parking venues
through the use or temporary deployments.
Many systems exist to aggregate and report on counting data,
but the sensors traditionally used to collect that data prove to be
either too expensive, too unreliable or difficult to install. Since 2005,
PureTech Systems has applied its video analytics expertise to perimeter
protection situations. When presented with the problem universities
and other large venues were experiencing with parking management,
it was quickly determined that video would be a very effective and cost
efficient sensor for counting vehicles in these situations.

Counting systems must have the intelligence to count only those

Accurate counting with video
A key component of parking management systems is accuracy. According
to an IBM survey, drivers globally spend an average of nearly 20 minutes
per trip in pursuit of a parking space. After 20 minutes of searching for a
parking space, a customer does not want information that there is a spot
available, only to search the entire lot and find that this is not the case. The
result is a miserable customer experience and a low satisfaction rating.
In addition to keeping constituents happy with the parking
experience, businesses with parking management responsibilities also
need to ensure people’s safety and protection of their assets. The longer
it takes a driver to find a parking spot, the more likely they are to park
inappropriately or illegally. This is made worse by the fact that parking
issues tend to be governed by the First Law of Compounding Stupidity,
which states that if a single person or group does something stupid (as
shown in Figure 1) the likelihood of other persons or groups performing
similar stupid acts will increase exponentially.
Applying counting algorithms to video has proved to be extremely
accurate, especially in short-range applications, including parking lots
and garages. The higher levels of accuracy over traditional counting
sensors greatly improves customer satisfaction, with some installations
experiencing daily complaints drop to zero. It allows lot managers to
operate at a fuller capacity, which can increase parking revenue and
help accommodate the maximum number of potential parkers.
vehicles that could potentially occupy a parking spot.
Robust performance
Many lots operate 24 hours a day / 7 days a week, in all types of weather
and lighting conditions. From a counting perspective, this can be
especially problematic for outdoor lots subjected to all types of weather.
Similarly, budget and city codes affect lighting coverage of parking
areas.
Video based counting can accommodate these challenges using
such features as background modelling, to ignore environmental factors
such as rain, falling snow, reflections from headlights and even moving
vegetation. These algorithms operate in conditions where the vehicle
can be ‘seen’, which means in most cases, non-specialised cameras and
existing lighting will suffice.
For no light facilities, thermal and low light cameras have become
very affordable options. Video-based counting systems can utilise these
sensors in areas with low light, or no light, and provide very accurate
counting data.
Counting intelligently
Another challenge with typical sensors is the ability to intelligently
count. They are often confused when encountering different types
Continued on apge 102

100 Access & Identity Management Handbook 2019 www.securitysa.com

www.doculam.co.za doculam
IDENTIFICATION, SECURITY, SAFETY SOLUTIONS & EVENTS

Interested
in becoming a reseller?

We are currently seeking suitable resellers and distributors in Africa for our
top of the range safety and security solutions.
Contact us today to find out more about this opportunity!

X
Durban (Head Office): 140 Umbilo Road, Durban, 4001. P.O. Box 18333, Dalbridge, 4014
Tel: +27 31 201 2092, Fax: +27 31 201 9621, Email: [email protected]

Johannesburg: Unit 2 Verona Office Park, Cnr. MacArthur Ave. & Malibongwe Dr., Robindale Ext 9, Randburg, 2194.
P.O. Box 1013, Pinegowrie, 2123
Tel: +27 11 888 5110, Fax: +27 11 888 9030, Email: [email protected]

Cape Town: 10 Killarney Park, Killarney Gardens, 7441. P.O. Box 1072, Milnerton, 7435.
Tel: +27 21 557 0666, Fax: +27 21 557 0744, Email: [email protected]

Port Elizabeth: 132 Cape Road, Mill Park, 6001. P.O.Box 173, Port Elizabeth, 6000.
Tel: +27 41 373 0390, Fax: +27 41 373 0397, Email: [email protected]

Exports: Tel: +27 21 557 0666, Fax: +27 21 557 0744, Email: [email protected]
www.securitysa.com Access & Identity Management Handbook 2019 101
VISITOR MANAGEMENT
Counting systems are easily self-contained
and deployable to temporary or remote
locations.
Continued from page 100
of objects, including cars, trucks, people,
motorcycles or bicycles. For most applications,
lot owners are only interested in those vehicles
which will potentially take a parking spot (cars
and trucks) and ignore those objects which
may pass through the lot, but will not impact
the number of available parking spots (people,
bicycles, etc.).
Through a feature called classification,
video counting places objects into segments,
such as car, person, animal, bicycle, etc. This
allows the software to count only those items
capable of inhabiting a parking space and
ignoring those that will not affect the total
spaces available.
Synergy with existing systems
Parking management spans many industries,
including universities, entertainment
venues, airports, seaports, hospitals,
convention centres and even public offices
and municipalities. It stands to reason that
each industry has their preferred method to
report, display and disperse this information.
102 Access & Identity Management Handbook 2019 www.securitysa.com
Video-based counting is a very synergistic
approach to this variability, typically acting as
a stand-alone sensor providing simple count
data to an enterprise system, which then
aggregates and communicates the resulting
state to operators and potential parkers.
Transfer of the data between the counting
sensor and the enterprise system is typically
XML, but can be as simple as a discrete signal
output. The information content of the count
can also vary based on the sophistication of
the management system, from a simple count
to a count with many attributes, such as,
object type, object speed, object location, etc.
Additionally, the same camera used to provide
counting information, may also double as a
video feed to the security group.
Affordable
Affordability is a key requirement for parking
management systems. Often there are multiple
lots or the lots are very large in physical
area. When installing a new, or upgrading an
existing, parking management system, this
can result in considerable costs for servers,
sensors, physical and network infrastructure.
As mentioned earlier, video-based counting
can be very affordable using commercial
cameras and the ability to double as a security
sensor is an additional cost savings. Cameras
also have a huge installation advantage in
parking garages, as the cutting of concrete
for in-ground sensors can affect pre-stressed
concrete and require extensive design work.
Flexible installation options
A video-based counting solution also affords
a great amount of installation flexibility.
This is especially true in situations where
the installation of the infrastructure (power,
communications, etc.) is extensive due to
the size of the parking area, or its remote
location. Still other businesses have the need
to set up overflow lots, or temporary parking
for one-time events or special high demand
timeframes. In these cases, installing a camera
counting system along with communication
capability facilitates a quick and effective
means to provide accurate counting for these
types of temporary lots.
Additionally, moving a counting zone is as
easy as making a few changes in the software
to accommodate a new zone in an existing
camera view, or repointing the camera and
defining a new counting zone. Changing
counting zones utilising in-ground sensors,
or beam-break devices, typically requires
uninstalling and then reinstalling sensors at
the new zone entrance and exit.
More than just counting
It is important to mention that the application
of intelligence to video is a fast-growing
technology. In addition to counting, a camera
enabled with video analytics can likely provide
other pieces of valuable data, based on the
selected software solution. Some related
capabilities include the ability to detect
vehicle speed, regardless of the vehicle’s
direction of travel or distance from the camera.
Furthermore, video can detect stopped
vehicles, vehicles in a no parking area, vehicles
that have been in a loading zone for too long,
or indicate that a person has been loitering in
the area for an extended period. A video-based
solution can also help provide trends in vehicle
versus bicycle or pedestrian traffic.
Conclusion
Utilising intelligent video to gain insights into
business operations is becoming more and
more prevalent across all markets. Video is
readily available, cost effective and results in
very accurate data. This is equally true when
considering its use as a counting sensor for
parking management operations. Video-based
counting is
• Extremely accurate.
• Robust in a range of lighting and weather
conditions.
• Provides intelligence to understand vehicle
types.
• Is affordable and supports a variety of
installation options.
• Easily integrates into existing enterprise
systems.
If your business includes parking
management, a video-based counting solution
may be a cost-effective option to consider.
Additional information/links
• Counting solutions: http://www.puretechsystems.
com/solutions-car-counting.html
• Car counting video analytics: http://www.
puretechsystems.com/docs/Video Analytics - Car
Counting.pdf
• Counting examples: http://www.puretechsystems.
com/videos/car-counting.html
• Car counting with service duration: http://www.
puretechsystems.com/docs/Car-Counting-Service-
Duration.pdf
PureTech Systems is a manufacturer of wide-area
perimeter surveillance software solutions including
internally developed outdoor video analytics, PTZ
auto follow, multi-sensor integration and a map-
based (real object size) command and control. With
headquarters in Phoenix Arizona, PureTech Systems
serves national and international markets.
Eric Olson is vice president of product
management and marketing at PureTech Systems
(www.puretechsystems.com). He can be contacted at
[email protected].
www.securitysa.com Access & Identity Management Handbook 2019 103
VISITOR MANAGEMENT
Deploying an integrated access
control solution
By Allyson Koekhoven.
Integration is core to effective visitor management from the point of entry
to the point of exit.
At busy premises such as university campuses,
residential estates, corporate offices or business
parks, the volume of pedestrian traffic can be
immense. The challenge of controlling access
into these premises and then controlling where
staff and visitors go within the premises is one
that requires careful consideration and planning
and the deployment of solutions that are suited
to the specific requirements of the environment.
Gary Chalmers from iPulse Systems says
that he continues to be amazed at the amount
of money South Africans spend on security
and knowing who their staff are, only to allow
“arbitrary people onto their premises after they
have scribbled some random information onto
a piece of paper (the visitor log book). Visitors
have been the most neglected aspect of office
security for a long time, and given the access
to information in South Africa, this is really not
necessary.”
According to Chalmers, the key aspects to
any good visitor system can be encapsulated
into three areas:
At perimeter entrances: This is really about
vehicles, and tracking the information about
the car and the driver. Using one of the many
scanners available, it is easy to scan a licence
disc, scan a driver’s licence, and add some
additional information, such as how many
people are in the vehicle, or where they are
going. Any good visitor system should cater
for this, and allow the secure searching of that
104 Access & Identity Management Handbook 2019 www.securitysa.com
information to get data, such as ‘a white car in
the morning containing three people’.
At the reception: This should allow quick,
seamless identification, whereby a South African
ID number can be verified against one of the
many databases available, and for foreigners, a
slightly more in-depth review and scan/copy of
their identity document. Again, all this should
be stored for later retrieval, in a manner which is
compliant with the PoPI Act.
In remote areas: This should be handled
through a centralised enrolment system,
whereby visitors who wish to go to
unsupervised or remote areas are first enrolled
or added to a system, preferably biometrically,
then granted access at a specific date/time by
the system to an area through a biometric-
controlled access system.
Mike Austen from Powell Tronics says that
once the person enters the physical building,
biometrics work best in this environment and
a number of systems can be integrated into
and managed from one single platform. “How
secure the institution would like the areas to be
would dictate the use of readers in and out of a
door or the use of a push button to exit a door.
These access control systems can then all be
integrated with the CCTV system, alarm system
and fire alarm for instance.”
Chalmers says that iPulse’s VisitorIQ.cloud is
a cloud-based biometric access control system,
which is completely integrated into reporting when a PC is being accessed when
IQSuite.cloud, the company’s access control
system. This allows visitors to be enrolled once,
and then ‘activated’ on the system for a period
of time, on a specific sub set of biometric
readers, to acquire full control of who goes
where in the facilities.
“Most of the data centres in South Africa
use this particular system to control access, as
it allows clear control and reporting, whilst also
providing an additional benefit of incorporating
health and safety videos to validate that people
have seen the information they need to see.
Features like badge printing, integration with
web-based portals and calendars add additional
flexibility and control,” says Chalmers.
In terms of extending these systems to
include access to logical assets like the network
and business software assets, Austen believes
that this would be dependent on how the
‘assets’ are to be monitored and if an integration
is possible. “In other words, will the supplier
provide a set of functions and procedures that
allow the creation of applications which access
the features or data of an operating system,
application, or other service (APIs)?”
Chalmers says that with a full integration
into Microsoft’s Active Directory, staff can be
granted biometric access to their machines,
based on their access rights to the building.
Integration can go as far as forcing computers
to log off when a person leaves the building, or

the PC’s operator is recorded as being off site.
Access control solution providers should be
able to reassure clients that certain standards
are adhered to in order to ensure their access
and identity systems can be integrated with
either new or even legacy systems. Chalmers
says that in order to achieve this, one should
always capture prints in multiple formats to
ensure that clients can migrate their database
in the future.
He points out that while iPulse uses its own
Secugen algorithm for biometric extraction
and matching, the system also records the ANSI
standard to ensure that the enrolled database
can be used by any other system in the future.
“Furthermore, the platform uses a tightly
controlled API for easy integration into any
other system, such as CCTV, existing ticketing
systems or almost any piece of hardware, such
as breathalysers and tablets, to allow for a
seamless view of data from any angle.”
Austen adds that once you have established
[email protected]
,
which brands are commonly used on most
platforms, you can then decide on the
[email protected]
,
backend system. “It is far more cost effective
Identifying good visitor management practices
The SA driver’s licence is a good source of accurate information about visitors.
There are a number of factors that security
managers need to consider when implementing
visitor management and access control
protocols. According to Excellent ID’s Riaan
van den Berg, securing a device that eliminates
the issues around traditional visitor logbooks
entails careful due diligence and a request
from suppliers that they provide a portfolio of
success stories.
“Apart from the problem of highly inaccurate
and often illegible information provided in
paper-based visitor log books, visitors are
often disinclined to write down their personal
information in a medium which can be read by
many people. By using an electronic device to
capture and verify personal data, such as that
found in a South African Driver’s Licence (SADL),
visitors can be assured that the data is safe from
prying eyes,” says van den Berg.
Additionally, with the exception of data that
is contained in a blacklist database, captured
data is generally kept for only a very short
period of time. “Using an electronic device
with its associated software means that one
can also add specific people to the blacklist,
thereby helping to build up a reliable database
of known offenders. And because one can log
into the system at any stage, real-time data is
[email protected]
, www.exid.co.za.
Seamless integration
The iPulse API allows quick and rapid
development of integration frameworks
between the IQSuite.cloud databases and
any other system. Basic level integrations
can be achieved within hours, while
complex integrations are done within
days, given the simplicity and power of the
integration framework. iPulse offers IQSuite.
cloud as a core access control system,
with the additional features provided by
VisitorIQ.cloud allowing for a far more
granular and controlled mechanism for
dealing with visitors in almost any situation.
Powell Tronics supplies and distributes
access control and security solutions
with the added benefit of having its own
in the long term to go with a well-known
nationally supported brand that integrates
and is compatible with most platforms.
Some companies have their own in-house
development teams that make this type of
integration much easier for their clients.”
available for reporting purposes,” he adds.
The use of an electronic identity-scanning
device does not obviate the need for rules
of access. Security officers need to be well
trained and versed in the systematic capture of
visitor data and should be able to react quickly
and efficiently when a person flagged on the
blacklist tries to gain access. However, a lot of
the decision making is taken out of the security
officer’s hands since the verification of personal
identity data is automated when using an SADL
reader,” says van den Berg.
It is important when selecting an
identification verification device to ensure that
it complies with the PoPI Act. Van den Berg
explains that EXID’s own back end software as
well as the physical eSkan device work together
with the responsible operations manager on
site to guarantee that all data is collected in
accordance with the PoPI Act.
The back end system for such a data
collection device requires very little investment
in terms of infrastructure. Typically the system
would require a PC and a network and/or
access to the cloud as the throughput speeds
required are minimal compared to the capture
of surveillance footage, for example.
“This, together with actual cost of the device
www.securitysa.com Access & Identity Management Handbook 2019
VISITOR MANAGEMENT
software development team that allows the
company to assist clients with niche features
that are not generally part of a standard
security system. As part of its offering to
the industry, the company has developed
various modules that seamlessly integrate
into its physical access control solutions.
Examples of these solutions include visitor
and visitor parking management, time &
attendance, network user security, handheld
clocking devices, student exam verification
and mobile mustering devices. In keeping
with its holistic solutions approach, Powell
Tronics has added the AJAX wireless
intrusion system and HikVision IP intercoms
to its distribution offerings.
For more information contact
• Powell Tronics, 0861 784 357,
www.p-tron.com
• iPulse, 0860 IPULSE,
www.ipulse.co.za
and its accompanying software, means that the
solution is extremely cost effective. For example,
the overall cost of the solution for a single site
with one entry/exit, one security officer, one
scanner together with installation, training and
Wi-Fi infrastructure (excluding a PC/server)
could start at under R50 000. The benefits
derived from capturing accurate, verifiable
visitor data are apparent but security managers
do need to do their homework in terms of
aligning themselves with a reputable provider,”
says Van den Berg.
For more information contact EXID, +27 12
548 0940,
105
VISITOR MANAGEMENT
Reliability a fundamental in
visitor management
Make sure your hardware and software meet the requirements of your environment.
With the rapid evolution of biometric
technology, there are many options available
in the marketplace that promise varying levels
of performance. This can create a quagmire of
choices for security decision makers. The most
important elements for consideration in our
demanding South African environment and to
satisfy the need for maximised security, would
be reliability with limited downtime.
With the need for reliability it is wise to
link the security system to the source data, in
this case the institution’s enterprise software
or an estates management software. “The
most successful implementations, where data
reliability is optimised, can be found in projects
where there is a deep integration between the
source/host data and the access control solution.
This also contributes in many cases to the
elimination of manual entries by operators and
security,” says John Powell, CEO of Powell Tronics.
On the physical access side and due to the
often-harsh outdoor installation requirements,
the technology performing the identification
function must be robust and be rated for
outdoor use. Choosing a product that is well
tested in your particular vertical market with a
solid track record in South Africa is vital.
Some of the new technology that is available
focuses on contactless biometric terminals
that use either face (still susceptible to ideal
environments) or wave technology (extremely
forgiving and fast).
The most challenging user group for these
sites is effectively managing visitors as this is
often the most vulnerable point, with many
unique site complexities to manage. Again,
a visitor solution that is fully integrated with
the source data, access control and visitor
management removes various pitfalls that
occur when these various systems are not
operated in a unified manner.
Optimal reporting is all about the quality,
integrity and availability of the data that is
being reported on. Where there are large
numbers of users with complex access
requirements it is essential that the reporting is
done based on individual requirements.
If the access control system and, for
instance the visitor management system,
are not fully linked there will be no way of
reporting on a visitor’s entry or exit through
the access control system.
106 Access & Identity Management Handbook 2019 www.securitysa.com
With a fully integrated solution you would
be able to take advantage of the ability to
schedule an automated report that will provide
vital data such as contractors remaining on
site after a particular time or those visitors
who are on site in the event of an emergency.
Often sites have internal access points that
allow limited authorised access, which requires
specific management and reporting.
Through deep integration, if the source
data is coming from the site’s membership,
enterprise or estate software, elimination
of data entry by security can be drastically
reduced and ensures accuracy and improved
performance with added reliability. By
instituting features like pre-authorisation
through host validation one can eliminate the
security officer from the equation in terms of
decision making, thereby allowing security to
focus on the security aspect of the entry and
exit points.
Compliance is key
The PoPI Act is based around the principles
of consent and purpose. This is not a South
African phenomenon as can be seen globally
through EU legislation around GDPR. Security
companies and other organisations may only
collect personal information from a visitor (data
subject) with their consent and for the specific
purpose of visiting the premises. Further to this,
the manner in which information is stored and
collected needs to be conducted in line with
the PoPI Act. It is important that appropriate
and reasonable organisational and technical
measures should be implemented.
Cybersecurity protection practices such as
the use of encryption on computers or tablets
and smartphones demonstrates responsibility
taken by the estate, thus ensuring appropriate
data privacy action steps are being taken. This
will include password-protected databases
which are hosted and under the security
umbrella of the site’s network where an SLA
should be in place to cover the responsible
disposal of data collected.
The PoPI Act does not place emphasis on
the duration of time personal information
can be kept, rather that personal information
should not be kept longer than is reasonably
necessary. The principle that should be applied
is that when the validity of the purpose for
which personal data is being stored is no
longer applicable it should no longer be
kept. It is permissible to keep it longer for
reasonable business purposes but this must be
defined in an approved retention policy.
Powell believes that one should first establish
the site requirements before installing a backend
system. This leads to critical emphasis on the
infrastructure required and focuses on aspects
such as visitor management, access control,
CCTV and even the logistical considerations for
contractors who require access to the site, since
there may be a need for separate entrances.
“Due care must be given to areas such as
ease of access or convenience, and what level of
security the site needs in order to keep occupants
safe and enhance the flow of traffic in and out of
the estate or premises. Foresight must be given
to the growing demands and future-proofing
that may be required in order for the site to
function optimally. Scalability and budgeting
components will also need to come under the
spotlight in comparison to the value proposition
sought by respective stakeholders,” says Powell.
For more information contact Powell Tronics,
0861 784 357, [email protected],
www.p-tron.com.
www.securitysa.com Access & Identity Management Handbook 2019 107
DIGITAL IDENTITY
Digital channels and the evolution of ID
By The Secure Identity Alliance.
While the concept of identity (ID) remains unchanged, the rapid evolution of digital
technology has dramatically extended both its application and form factor.
In today’s increasingly connected world,
proof of identity has gone mobile, with digital
driving licences and mobile identity cards the
latest in a growing list of ID innovations to
make it onto the smartphone.
For lawmakers, service providers and
citizens, this kind of application offers
tremendous opportunity. In the near term,
these digital documents will provide full
identity or restricted access to relevant
attributes like age, town of residence and
so on, for car hire, bank account opening
or access to age-restricted venues, such
as clubs and bars. They can even support
a variety of notification services including
expiry and renewal, fines reporting and points
management, while enabling greater levels of
monitoring.
Further out, the ability to link identity,
through the licence, to connected cars offers
exciting opportunities for keyless entry and a
host of remote services.
Of course, as technologies and applications
evolve, so must the controls. And here,
government-derived identity will be the
starting point for ensuring that every digitised
identity matches the correct individual.
In this paper we explore the evolution
of identity from physical to digital (or
dematerialised), and take a closer look at the
opportunities this represents – for issuing
authorities, service providers and users.
108 Access & Identity Management Handbook 2019 www.securitysa.com
Creation and verification of identity
in the digital world
The concept of identity remains unchanged –
the set of unique characteristics or attributes
that define who we are, and crucially, that
distinguish one individual from another. These
attributes often include name, date of birth,
physical appearance and a variety of social
factors including home address, occupation
and so on.
In a digital context, attributes may be
extended to biometric data. Typically, these
are confirmed by and/or derived from
government-issued identities based on face-
to-face enrolment, breeder documents and
civil registries.
Verifying identity in the physical world
has been a relatively straightforward task.
Individuals present themselves along with
their state-generated credentials – such as a
passport, ID card or driving licence – to the
organisation requiring proof of identity. With
identity or the ‘age’ attribute successfully
checked, access to the service is granted or the
transaction completed. While things become
more technically complex in the digital world,
the advantages of digitising identity are
certainly significant.
According to a Boston Consulting Group
and Secure Identity Alliance report published
at the end of 2013, going digital could offer
governments around the globe up to $50
billion in annual savings by 2020. Alongside
boosting and rationalising access to ‘trust
based’ services, going digital enables a host
of trusted interactions between society and
individuals. Indeed, a trusted (and secure)
digital identity is becoming ever more critical
for healthcare, education, social welfare and
civil security.
Today, Smart ID documents are already
providing a high level of authentication for
accessing various European governmental
portals. As we move forward these state-
generated credentials offer unmatched
convenience when it comes to creating or
deriving mobile Identity online as they can
be remotely authenticated by the user’s
biometrics. Once created, the mobile identity
then allows online connection, with identity
checking, to new and developing public and
private eServices.
So, as more citizens live and conduct their
lives online, the pressure is on states – which
typically issue or regulate ‘sovereign’ identities
– to extend identity to the digital channel.
Giving citizens a digital identity that can be
used for purposes other than law enforcement.
Many already do so, with live programmes
for example in Belgium, Bulgaria, Estonia and
Latvia.
While these digital channels will
complement and strengthen physical identity
services, they rely heavily on the development

and promotion of sophisticated frameworks.
Digitisation is a journey, there are many
starting points and the role of physical
documentation remains crucial.
The role and importance of state-
issued identity
The issue of trust is fundamental in the digital
ecosystem. Today, we have multiple digital
identities: email addresses, aliases on the
Internet, social network profiles, IP addresses,
bank account details, SIM cards on mobile
phones. Whether all can be trusted is open to
question.
Clearly, providing a disposable email
address or login in the digital space is an
inefficient way of establishing identity as it
does not provide any trust in knowing the
individual behind the digital identity. What’s
needed is for states to make it possible for
citizens to be recognised in an unequivocal
manner.
Just as they do today, when issuing or
regulating physical sovereign identities, states
need to consider providing or approving digital
identity ‘companion’ solutions. Here, states have
a tremendous advantage over private identity
providers. Their enrolment process typically
requires the physical presence of the individuals
– which allows the capture of biometrics and
the creation of a set of documents for identity
proofing. Added to this, most states create
identities with high levels of assurance. It is
therefore logical that states take advantage of
this unique position to create strong mobile
identity than everyone can trust.
It all starts with the digital transformation
of administration services, and the
implementation of structures that harmonise
the sovereign identity of individuals between
physical and digital spaces. These companion
digital IDs could either be linked to or
de-coupled from the sovereign ID.
As with national identity schemes, this all
depends on having the ability to authenticate
the individual – ensuring they are who they
say they are – in the public domain. This will
enable them to use their trusted identity to
verify their access information and services. For
example:
• Can a local council check you are a local
resident before it allows you access to a
service?
• Can a motorcycle rental business verify you
are permitted to ride an 80cc vehicle?
• Can your bank check your residential status?
The evolution of national identity
into the digital channel
While we reside in the physical world, we live
increasingly digital lives. Indeed, the digital
revolution has changed the lives of billions
of people. More households in developing
countries now own a mobile phone than have
access to electricity or improved sanitation
facilities.
According to the GSMA , there are 4,7
billion unique mobile phone subscribers
globally (63% penetration rate), by 2020 there
will be 5,6 billion (72% penetration). What’s
more, smartphone adoption is accelerating.
The GSMA says mobile broadband connections
are set to increase from 47% of all phones in
2015 to 71% by 2020. In the developing world,
mobile broadband already accounts for more
than 80% of connections – by 2020, this will
reach 92%.
Little surprise then that policy-makers
around the world are working hard to
implement new mobile digital policies that
protect citizens without impeding social
and economic progress, ensuring there are
sufficient trusted frameworks in place to help
drive exciting new economic and infrastructure
ecosystems. And enable enhanced social
inclusion for citizens.
www.securitysa.com Access & Identity Management Handbook 2019
DIGITAL IDENTITY
In this new world of mobility, mobile
devices are becoming instruments for digital
identity. And the mobile phone is increasingly
acting as a bridge between physical and digital
identity. A connected, personal and multi-
functional device that’s always on our person,
it’s the ideal tool to contain our identity.
Secure, convenient and manageable,
the mobile device is where our physical and
digital identities converge. Say hello to mobile
identity, where the mobile device becomes a
powerful and convenient point tool for users
to manage their proof of identity.
Making identity mobile
As citizens opt for convenience, ID documents,
like national IDs and driver licences, will
ultimately follow the trend towards mobility.
Since citizens rely on IDs for everyday
scenarios, most are ready and willing to use
their smartphones to simplify this aspect of
life as well.
Indeed, mobile IDs give governments
an unprecedented opportunity to provide
citizens with new levels of convenience.
Imagine being able to receive a digital
companion for your drivers licence or
your ID card – in addition to your physical
documentation – direct to your phone.
Alongside making the secure retrieval of
insurance, address or other identity credentials
fast and easy in the event of an accident, it
is now simplicity itself when you encounter
situations in which you need to prove identity
to transact.
From driver’s licences to national ID cards,
vehicle registrations, residence permits, fishing
permits and more, mobile IDs mark a new era
in which citizens can confidently use their
smartphone to demonstrate they hold secure
and trusted IDs.
So, while today’s citizen may use a national
Continued on page 110
109
DIGITAL IDENTITY
Continued from page 109
ID or driver’s licence at the airport for
domestic travel, with a digital ID securely
stored on their smartphone, citizens can
leave documentation at home. What’s more,
citizens can renew their mobile ID remotely.
There is no need to stand in-line for new
cards or other renewals.
That’s good news for citizens and for
government agencies, which can do their
job more efficiently.
Mobile digital IDs – the digital
driving licence
Governments around the world are
introducing apps that allow citizens to
download and store digital copies of
their vehicle registration, driving licence,
insurance papers and pollution certificates
to their mobile phones. Today, over 30
countries have digital driving licence
programmes – over 276 million licences
were issued in 2015.
Eradicating the need to carry original
documents, these digital companions
are downloadable via an app that can be
instantly verified by the police and other
authorised authorities.
Operational in both online and offline
environments, these mobile IDs provide
citizens with back-up in the event of physical
110 Access & Identity Management Handbook 2019 www.securitysa.com
document loss and, as we’ve seen, instant
identification they can present on their
phone the moment they need it (proof of
age for alcohol purchase or car rental, for
example).
Available in digital format, citizens now
have a highly portable and convenient
way to manage their day-to-day essential
documentation.
And, in the case of a driving licence,
these digital IDs also enable ease of
verification for law enforcement agencies
who can instantly confirm a driver’s
status and driving privileges on the spot.
Similarly, commercial service providers like
car hire companies, pubs and clubs, and a
host of other businesses will benefit.
Conclusion
Digitising ID is a highly effective way to
enhance a citizen’s day-to-day experience,
giving service providers and others a fast,
secure and convenient way to verify status,
age and identity.
Alongside offering a convenient and
fast way to confirm identity, document
provisioning and updating becomes easier.
Citizens can be sent e-reminders to their
digital companion when driver licences
need to be renewed, for example.
Implementing a mobile digital driver
licence app – which is free to citizens – also
creates the foundation for future applications.
Citizens can use their privacy-friendly mobile
wallet service to carry multiple licences:
hunting/fishing, library membership/
emergency contact information and more.
As smartphones become ubiquitous, new
innovations in facilitating the ability to issue
and verify secure identification quickly, safely
and remotely will enable governments to
further extend their relationship with citizens,
enabling users to utilise their smartphone
as a platform for holding their credentials
and other essential documentation for
authentication.
In a world where airlines are already using
mobile phone boarding passes and in which
citizens can use their smartphones to present
tickets for events or gain access to university
campuses and hotel rooms, leveraging the
convenience and power of mobile devices to
deliver secure authenticated digital identities
and other government credentials to citizens
represents a major step forward.
Find our more at www.
secureidentityalliance.org.
This article was first published by
the Secure Identity Alliance: h­ ttps://
secureidentityalliance.org/blog/entry/
digital-channels-and-the-evolution-of-id.

Using tomorrow’s tools to solve
­today’s security problems
The criminals have a security roadmap in place, do you?
Organisations that do not have a clear longer-
term security roadmap in place are putting
themselves at risk of being compromised. The
companies are already investing in tomorrow’s
tools to solve today’s problems that will survive
the ongoing onslaught to circumvent security
solutions. This is the view of Jon Tullett,
research manager – IT Services for sub-Saharan
Africa at International Data Corporation (IDC).
“The first step in creating this roadmap is
to start getting their security under control,”
he says. “This includes using analytics for
behaviour anomaly detection at both a
network and user level, gathering the data to
do baseline profiling. While that is the type
of thing we are already doing today, many
organisations are still not doing it with a long-
term view in mind.”
To get their security under control,
organisations must consider technologies that
play to the cloud and be prepared to evolve
with the technology. User awareness and
training also remain key fundamentals that are
receiving enough attention. “At the moment,
training budgets are horrifically small and
that must be addressed. Start by spending
the money, but more importantly, evolve that
training over time.
“Today, the breach is a credential theft or
phishing attack. Companies that tackle that,
and really invest in training, see tremendous
reductions. A good example of this is Google,
which combined good training with two-factor
authentication for all their internal services
and, since they’ve done that they’ve had zero
phishing cases, but now they’ve moved on,”
says Tullett.
Granular access rights
He says once organisations have this under
control and have done the risk assessments
required, they must start devolving those
rights. “Break it up and create far more granular
access controls. Create accounts which can
only do very specific tasks, so that if they are
compromised, the damage the hacker can
do is limited. That also means that you have
to start evolving the technologies that you’re
using to ones that support this. While it can be
a pain to do it on some platforms, it is usually
baked into modern cloud platforms. The key
here is to ensure that should you need to
DIGITAL IDENTITY
revoke access on mass, you can do it.” purposes. They are following a roadmap and if
The next step is to roll out two-factor you are not doing the same, they are leaving
authentication much more aggressively. you behind.
“For users that may mean a token, mobile “You must remember that these are career
authentication or something similar and for criminals, this is what they do for a living,
system accounts it will probably mean digital and so, if you make it impossible for them
certificates. Whatever it may be, start to to phish, they are going to find something
improve your authentication. Once you have else to compromise. What they are doing will
that in place, you really want to be on top of evolve in response to you. If we can eradicate
activity management. So, looking at what phishing, that’s great, but that threat is going
accounts are doing what. to move to something else and you must be
You can’t really do this until you have your willing to keep following that path.”
accounts consolidated and organised, but you
want to know everything that an account does
in a very standard format. That allows you to
feed the information into an engine and get
an activity report back when something goes
wrong, so that you can identify any anomalies
and address them quickly.
Cloud evolution
He believes that within the next two years,
most of this type of anomaly detection will
be happening largely out of the cloud. “This
is going to happen alongside your evolution
to cloud. The AI platforms in the cloud are
maturing very fast, so within the next couple
of years we’re expecting to see an awful lot of
cloud services just plugging AI in because they
can. So, there will be a lot of machine learning
happening and, further down the line, we will
see people looking at how they can use that to
optimise and automate,” says Tullett.
“In the longer-term, organisations will
also start looking at automation, where an
anomaly will be detected, and automatically
investigated and remediated. While it will
take a couple of years for this to happen,
organisations must include this in their
security roadmaps. Today’s problems are
that you need to start getting your identities
under control and doing better analytics, but
tomorrow that same platform is going to be
your machine learning platform and is going
to be a complex, better managed identity
platform that will do a lot more things.”
He points out that the criminals also have
a roadmap and it is often more advanced
than those of organisations. “They know what
technologies are coming, they are getting the
required skills in place and are already looking
at how to use the technology for various Jon Tullett.
www.securitysa.com Access & Identity Management Handbook 2019 111
CASE STUDY
Fingerprints protect privacy for
AIDS testing
A creative, progressive NGO uses biometric fingerprint scanning to
redefine confidentiality and AIDS treatment in South Africa.
Fingerprints have been the gold standard for
identity for more than 125 years. Instant, accurate
identification can, however, work against the
goals of public health initiatives for diseases such
as AIDS or tuberculosis. Individuals concerned
they may be at risk for these conditions often
avoid testing due to fear of the social the stigma
that comes with a positive diagnosis. As a result,
they refuse examination if required to provide
identification before testing, putting both
themselves and their communities at risk.
Shout It Now, a non-governmental
organisation based in South Africa, dramatically
improved both testing and treatment rates for
AIDS by turning this conventional paradigm
upside down. Rather than using fingerprints
to identify individuals, Shout It Now’s mobile
testing vans use biometric fingerprint scanners
to create a unique and private identifier for each
tested individual. No one must reveal who they
are until they know their HIV status and have
made decisions regarding treatment.
In short, Shout It Now turned biometric
fingerprint scanning into a tool that protects
confidentiality. The practical results represent a
potential revolution in public health.
The process begins with Shout It Now
placing its vans in areas frequented by young
adults. An individual concerned about HIV
[email protected]
,
112 Access & Identity Management Handbook 2019 www.securitysa.com
status enters the first van, where a technician
takes a fingerprint using an application
developed by IDversol, a South African identity
management provider. The fingerprint scanner
itself is Integrated Biometrics’ Watson Mini, a
two-finger device that delivers FBI certified
results in a thin and durable package that
integrates smoothly with the rest of the system
and requires little, if any maintenance.
The fingerprint becomes the patient’s unique
and private identifier. No information passes
to government databases or law enforcement
organisations. The technician performs the
bloodwork and initiates the tests. The patient
receives the results via SMS text within 24 hours.
Those individuals who test positive then have
the option to visit Shout It Now’s companion van
to receive confirmation of results, counselling,
and, when warranted, an initial course of anti-
retroviral therapy (ART). The fingerprint serves as
the link between test results and recommended
treatment. These patients may choose to reveal
their identity at that time, or to wait until they
visit their regular health care provider.
This community-based approach serves up to
250 clients per day per location for 24/7 operation.
Each mobile clinic sets up in less than 15 minutes.
The testing process itself takes as little as
10 minutes. Each van provides instructional
materials in English, Zulu, and Sepedi.
The cost of the programme, as well as the
cost of treatment, receives support from the
United States President’s Emergency Plan
for AIDS Relief (PEPFAR). PEPFAR combines
resources from eight US governmental
agencies, six at the cabinet level, to provide
public-private whole-government support to
transform the global response to AIDS.
Shout It Now designed its mobile testing
system to help South Africa meet the United
Nation’s ‘90-90-90’ goals. The 90-90-90 initiative
encourages nations to diagnose 90% of their
HIV-infected populations, treat 90% of those
diagnosed with antiretroviral medications,
and achieve 90% viral suppression for those
receiving treatment.
The need is urgent. Currently, only 53% of the
world’s HIV-positive population receive testing.
12.9 million people globally remain untreated,
and almost one-third of HIV-infected individuals
on treatment are not virally suppressed. Taken
collectively, these results significantly impact
public health agencies’ ability to control and
prevent the transmission of AIDS.
Shout It Now’s education efforts deliver
impressive results that directly counter these
trends, with 97% of participants agreeing to
same-day testing compared to 34% willing to
undergo HIV testing before the programme.
The organisation’s mobile testing and treatment
vans extend those efforts by making it
exceptionally convenient for individuals to
receive testing, counselling, and treatment in a
safe, confidential environment. The organisation
has been so pleased with the mobile clinics’
initial success that they hope to extend testing
from HIV to tuberculosis soon.
“HIV and AIDS remain the biggest social
issue facing South Africa. As a stakeholder, we
take our role in ensuring the national 90-90-90
targets are met seriously. We have found that
first and foremost, our clients want convenience
– fast, free and friendly service at a time and
location that suits them,” says Bruce Forgrieve,
chairman, Shout-It-Now.
“We are very pleased to have worked with
Shout It Now to bring this programme to
fruition,” said Cher Appunn, founder and CEO
of IDversol. “It’s a fascinating twist on our usual
identity management customer – protecting
identity rather than verifying it and doing so in a
way that advances public health. We also thank
Integrated Biometrics for its participation. We
needed a foundational technology that was fast,
thin, didn’t need cleaning between scans, and
could take a beating out in the field. IB’s Watson
Mini has been an ideal hardware solution for us.”
“Identity is a basic human right, and
accurate, convenient identification is critical
in health care,” added Stephen Thies, Chief
Executive Officer of Integrated Biometrics.
“The ability to encourage testing by using
fingerprints to protect patient confidentiality
is just another fantastic example of how this
technology protects and saves lives. Shout It
Now’s approach and IDversol’s solution for this
public health challenge illustrate how critical
identity is for building a better, safer world.”
For more information, go to http://shoutitnow.
org/ or https://idversol.com/, or contact Robert
Jones, Integrated Biometrics, +27 60 503 7077,
www.integratedbiometrics.com.

High-speed door solutions are cool
High-speed roll-up doors from Maxiflex are helping to maintain constant
temperatures inside the cold storage and refrigeration areas of Makro Riversands
and Makro Springfield.
High-speed roll-up doors from Maxiflex are
helping to maintain constant temperatures
inside the cold storage and refrigeration areas
of Makro Riversands and Makro Springfield
located in Gauteng and KwaZulu-Natal (KZN)
respectively.
“Makro Riversands is a new store that
opened its doors at the end of November
2017 while Makro Springfield was recently
renovated,” says Maxiflex MD, Bram Janssen.
Discussing the application, Janssen explains
that products are stored in a cold room before
being moved to a drop temperature area and
then finally out into the store. “Two high-
speed doors were required for each Makro
store.”
While Gauteng is known for temperature
extremes from summer heat waves and
freezing winters, KZN is notorious for its
hot and humid climate and mild winters. In
these climates, maintaining temperatures in
refrigeration and cold storage environments
can be challenging. Product spoilage
caused by large temperature variations
can be extremely costly for end-users. The
sustainable control of the interior climate of
cold storage/refrigerated areas is therefore
imperative and there simply can be no
compromise.
“So when we received the orders in
mid-2017 for the high-speed doors from
commercial refrigeration solutions specialist,
Insulated Structures, we immediately
recommended the high-speed door range
from Assa Abloy Entrance Systems for both
stores,” says Janssen. “Specially designed for
interior freezer environments and featuring
numerous bespoke characteristics, these
intelligent, reliable, convenient, safe and
energy-efficient high-speed doors present the
perfect entrance solution.”
“Long-standing Maxiflex customer,
Insulated Structures, placed the orders with
us because they are satisfied with the quality
of our products and service delivery,” adds
Janssen.
The high-speed doors incorporate the
latest and most advanced control and safety
systems to deliver reliable interior climate
control, increased energy savings and
improved productivity. For end users this
[email protected]
,
translates to lowest total cost of ownership
CASE STUDY
and a greater return on investment.
Featuring modern drive technology and
MCS frequency converter controls, the doors
can open and close at speeds of up to 2,4 m/s.
These high operating speeds combined with
higher cycles (>100/hour) and excellent
sealing capabilities allow for efficient traffic
flow, minimise temperature variations and
maximise energy savings.
The doors must be installed in conjunction
with an insulated ‘night door’ in order to
maintain the extreme cold temperatures
during periods where there is minimal or
no traffic and can be set on a timer to open
automatically to minimise ice build-up on the
curtain and side-guides and keep the door
functioning properly. Additionally, heating
cables in the side columns and motor also
prevent formation of ice.
During the design of the high-speed
doors, Assa Abloy paid attention to worker
safety and reduced downtime and has
incorporated ‘intelligent’ features into the
doors. Designed with a soft bottom edge
with no rigid parts, the doors are able to
mould around any obstruction to prevent
injury or damage. Moreover, when an object
hits the door, the fabric curtain absorbs the
impact and releases itself from its side-guides
without causing damage or being damaged
itself. The door can be equipped with different
sized windows or full door width vision
panels to increase admission of natural light • The galvanised steel construction ensures
and visibility to create a more comfortable rugged reliability (stainless steel option also
working environment. available).
Another intelligent feature of these • The compact footprint and slim side frames
long- life-cycle doors is the break-away allow fitment even in tight spaces.
and automatic repair system; the curtain • Fast and easy assembly.
reintroduces itself after a crash to reduce Designed for both small and large
downtime and maintenance. In addition, a openings, the high-speed doors are suited to
zip closure system and a flexible, automatic a wide range of industries offering specific
curtain eliminate the risk of work stoppages solutions for applications such as hygienic
and minor collisions. food and pharmaceuticals manufacturing,
Additional features of the high-speed door machine guarding and protection operations.
range include: Maxiflex’s KZN and Johannesburg teams
• A unique direct door drive system actively were responsible for installing the two high-
drives the door curtain which saves costs by speed doors at each of the Makro stores.
eliminating the need for weighted bottom
bars or tension systems. For more information contact Maxiflex Door
• The robust steel IP54 control box is easy to Systems SA, +27 11 392 1709,
program and operate with a clear display
giving a wide range of information. www.maxiflex.co.za.
www.securitysa.com Access & Identity Management Handbook 2019 113
CASE STUDY CASE STUDY

Integrated security
and event
management
High-end central London multi-zone
development chooses Tyco Security
Products’ C•CURE 9000 Security and
Event Management system
High-end central London multi-zone development chooses Tyco Security
Products’ C•CURE 9000 Security and Event Management system to unite its
building management, access control and video surveillance systems for
comprehensive management of the site’s physical security.
Land Securities is the UK’s largest listed commercial real estate company.
Its £14.5 billion portfolio totals 23.6 million square feet and includes some of
London’s most desirable office buildings and the UK’s most successful shopping
and leisure destinations.
Land Securities appointed Skanska to start work on the £260 million
development in Central London comprising of two distinct buildings united by
a new public piazza named New Ludgate. Together, the buildings include more
than 355 000 square feet of office accommodation and 26 800 square feet of
restaurant and retail facilities.
After an extensive competitive tender process, Universal Security Systems
was chosen to design and build a fully integrated security system to protect the
site, people and assets at its prestigious new development.

Integrated security required

The New Ludgate site was built as two separate buildings with video
surveillance, access control and video door intercoms, which were installed
during the building construction phase of the project. It was vitally important
to Land Securities that the development’s new security system could integrate
the various systems together and synthesise their data to provide a clear and
total security picture, preferably through a single user interface. Land Securities
also sought a security solution for New Ludgate that could provide the
scalability and flexibility to accommodate additional tenants in the future and
to adapt as the use of the buildings evolved.
Lee Pegram, engineering director at Land Securities said: “In particular, we
needed a tight integration between our buildings’ lifts systems and the video
surveillance system so that our control room operators could view alarms
that combined video surveillance footage with lift activity. In addition, the
new security system needed to run on the buildings common network, and
communications between systems and devices had to work properly without
impacting other network communications.”

The solution
The security team at Universal Security Systems worked closely with engineers
to design an integrated system that could provide an intuitive GUI for video
management, IP video surveillance, lift integration, access control and video
intercoms. Since several disparate systems needed to be integrated together,
integrator Universal Security Systems wanted to be able to test the unified
system before installing it at New Ludgate, opting to build the entire security
system for a full FAT (Factory Acceptance Test) prior to the final installation.
Together, Universal Security Systems and Land Securities chose Tyco Security

114 Access & Identity Management Handbook 2019 www.securitysa.com

 CASE STUDY

Aesthetics and access

Products’ C•CURE 9000 Enterprise to unite the
New Ludgate buildings’ disparate systems
together. The C•CURE 9000 user interface
provides the single, comprehensive security
view that Land Securities desired from its new
Alpro transom closers are a means of hydraulically
security system. Using C•CURE 9000, security controlling the opening and closing of aluminium doors.
operators can monitor events in real time,
manage personnel, create reports, display
dynamic views, and monitor system activity
using a desktop computer, web client or the
C•CURE Go mobile app.
“The flexibility that C•CURE 9000 offers
allowed us to create a truly unique security
solution for New Ludgate,” said James Crouch,
Director of Universal Security Systems. “One
of C•CURE 9000’s most powerful capabilities is
that you can simultaneously monitor alarms
from several different devices, systems and
buildings in a single user interface. That was
vital to the success of the entire project.”
The choice of C•CURE 9000 Enterprise
provides New Ludgate with an advanced
distributed architecture that can be scaled
according to needs and growth. C•CURE
9000 also gives New Ludgate the option of
implementing visitor management with a visitor
management web portal, and offers conditional
access and dynamic area management for areas
requiring supervised entry and occupancy.
Using C•CURE 9000 to manage and access
data from all of the different systems provides IDF Aluminium has installed transom closers nineteenth-century architect Thomas Cubitt
the option for advanced reporting, which can and latch locks from Alpro Architectural who created much of the surrounding area and
be used to understand events and patterns, and Hardware at a building that provides premium also designed the eastern front of Buckingham
overall business intelligence as well. co-working and flexible office space in central Palace.
The completed project at New Ludgate London near Victoria Station. Fabricator IDF devised a solution featuring
delivered a fully scaleable, integrated security Thomas House in Eccleston Square is a tailored SBD aluminium profiles from Jack
system including video, access control, seven-storey structure with a façade in Regency Aluminium Systems, bespoke glazing, internal
intercom and lift services. The C•CURE 9000 style and a distinctive timber-clad reception screens and the Alpro door management. The
solution enables Land Securities to manage that leads to two wings. It has collaborative Alpro products include Europrofile cylinder
and let out the site to many different tenants, drop-in work areas, meeting rooms and facilities deadlatches which can be combined with
whilst simultaneously ensuring the overall to suit present-day practices. The building has electric strikes to provide the added option of
safety and security for the site. Because the been refurbished for The Office Group, who remote access control.
security system was built on a virtual local area pioneered shared workspaces in Britain and Peter Keen, sales director at Alpro, said:
network, it is a scalable solution that enables now offer these services across multiple London “Installing transom closers on internal doors
future expansion. locations as well as Bristol and Leeds. is unusual but the concealed nature of these
Mark Ponzini, senior project engineer at The Alpro transom closers are a means closers, within the transom header bar, means
Land Securities said: “One of the things that of hydraulically controlling the opening and they are unobtrusive and meet the architect’s
impresses me the most about our C•CURE closing of aluminium doors. They allow precise goal of preserving interior geometry.”
9000 solution is that it works so well with adjustment of the latching and closing force He continued: “All of The Office Group
other systems and devices from different generated by the valve according to the weight premises are design-led, and we have now
manufacturers. Going forward, we also have and height of individual doors as well as type supplied equipment to five of their sites
the option of remotely managing other of usage. including Henry Wood House, a former
systems and devices in other geographical Aesthetics are a major consideration for BBC building in the West End. Our transom
locations from the same C•CURE 9000 work The Office Group who briefed Soda Studio, closers are durable and have been tested
station used for New Ludgate. That kind of an architectural practice known for its clean independently at 250 000 double-action
flexibility is phenomenal.” simple interiors, to create a design in keeping cycles.”
with the neighbouring Georgian squares. In
For more information contact Johnson addition to the working facilities, Thomas For more information, contact Alpro
Controls Security Products, +27 82 566 5274, House has a library, music room, roof terrace Architectural Hardware, +44 1202 676 262,
[email protected]. and gymnasium. It is named after the early [email protected], www.alpro.co.uk.

www.securitysa.com Access & Identity Management Handbook 2019 115

CASE STUDY
Accessing Toyota
Upgrade delivers unified access control for motor manufacturer.
BDI Security Solutions has installed access
control equipment from ACT Vanderbilt at
sites in the UK for car manufacturer Toyota
Motor Manufacturing (UK). The project saw
ACT Vanderbilt developers create a tailored
solution after their closest competitor proved
unable to operate from a virtual environment
and respond promptly to client requests.
Toyota’s Burnaston production process
begins with the pressing of panels from flat
steel on presses ranging up to 3 000 tons and
proceeds to welding, painting, addition of
plastic moulding components and assembly.
The company uses the Kaizen continuous
improvement method to optimise quality
and efficiency through constant incremental
changes. At Deeside, Toyota operates a 115-acre
engine plant. Together, the two sites represent
investment of £2.5bn and employ 3 000 people.
The ACT Vanderbilt installation has
replaced a legacy system that was no longer
future-proof and did not allow access control
listings to be integrated with Toyota’s general
corporate database. The client now has a
Behave or buy new tyres
Chilean shopping centre group chooses Turnstar’s spike barrier.
Mall Plaza is one of Latin America’s leading
shopping centre chains, with 20 commercial
centres operating, of which 16 are in Chile. The
organisation recently increased its focus on
providing security to all stakeholders with the
inclusion of a number of physical security
elements.
“Major concerns for Mall Plaza’s
management were the safety and security
issues around vehicle theft and drivers forcing
their way through the exit. A number of
technologies were evaluated, with the demand
being for guaranteed prohibited illegal crossing
of perimeters by drivers with criminal intent,”
says Turnstar MD Craig Sacks.
Turnstar’s representative in Chile, MESTE S.A.,
was asked to provide spike barrier technology
[email protected]
, www.turnstar.co.za.
116 Access & Identity Management Handbook 2019 www.securitysa.com
unified solution with badge-printing as an
integral and cost-effective element when it
had previously been a separate process.
The equipment includes ACTpro
Mifare1030 mullion proximity readers at both
indoor and outdoor locations. These slim-line
readers support third-party smart cards and
fobs, feature a robust polycarbonate housing
and have an ingress rating of IP67. They are
particularly suited to this type of project
where the smart card is used for multiple
applications across access control and HR. In
order to maximise use of budget and observe
the client’s stringent environmental policy,
a number of fit-for-purpose legacy Mifare
readers were included in the new system.
Toyota is also using ACT Vanderbilt’s
ACTpro eLock MIFARE Classic. This is a
wireless door lock that includes an access
control reader and opening mechanism, all
powered by batteries. eLocks operate with
an ACTpro eLock hub and up to 32 locks can
communicate over a wireless network with
each hub. Battery life is exceptional at over
that would efficiently and seamlessly integrate
with the Amano traffic booms already in place.
Installed at the exit points of the shopping
centre parking areas, these physical barriers
ensure that vehicles can only drive over the
spike barrier once the driver has inserted their
valid parking ticket into the ticket receptacle.
“Our Talon spike barriers are extremely
effective at disallowing vehicles from illegally
and recklessly exiting parking areas. These
high-security road spike barriers are suited for
applications requiring high volume egress and
have been supplied to the Mall Plaza centres
with a surface mount design, across an area of 3
metres,” says Sacks.
The Talon spikes are constructed from
extremely durable galvanised mild steel material
200 000 operations or an estimated three years
on a busy door.
There are visible and audible alerts for
problems with tampering, signal strength and
door status, and wireless connectivity is up to
150 metres (line of sight). The lock is available
with an optional Euro-profile cylinder to
provide key override.
Richard Huison of ACT Vanderbilt said:
“Toyota was able to exploit our import
tool which is an additional module in the
ACTenterprise management suite. The tool
allowed automated integration of human
resources software with the access control user
database and ACT Vanderbilt proved able to
cope with multiple data sources and formats.”
He continued: “There was a requirement
that our product should be able to work in a
virtualised environment since all of Toyota’s
servers are virtualised and hosted at a
European datacentre. ACT Vanderbilt was able
to tick this box as soon as we received the brief.
Across both sites, ACT Vanderbilt products
have been used on over 200 doors.”
to ensure ongoing operation over many years
of service. The spikes are driven by a heavy-duty
torque motor and will automatically lower in the
event of power failures. The unique patented
double sided spikes offer protection for traffic in
any direction and an electronic interlock safely
lowers spikes first and then raises the barrier
arm, thereby ensuring that the tyres of validated
vehicles will not be damaged by raised spikes.
“Mall Plaza is very happy with the solution
we provided and is especially pleased that the
quick 3-second descent time does not cause
bottle necking at the exit points,” says Sacks.
For more information contact
Turnstar Systems, +27 11 786 1633,
 The Hi-Tech Security
The Hi-Tech Security
Business
Business Directory
Directory 2019
2019
www.hsbd.co.za
www.hsbd.co.za
The only place to find the company,
The only place to find the company,
product or brand you are looking for . . .
product or brand you are looking for . . .
Published in print and online for your search convenience.
Published in print and online for your search convenience.
Forbatt_Sep-cover 2018-Final4.pdf 1 15/8/2018 17:18

Forbatt_Sep-cover 2018-Final4.pdf 1 15/8/2018 17:18

South Africa’s most comprehensive

South Africa’s
directory most comprehensive
of who’s-who in the industry
business directory 2019 directory of who’s-who in the industry
business
The directory directory
for decision makers 2019challenges
who solve today’s security
• Comprehensive directory listing of
The directory for decision makers who solve today’s security challenges
• manufacturers,
Comprehensivesuppliers
directoryand
listing of
manufacturers, suppliers and
service providers
C

M
service providers
• Comprehensive listing of manufacturers
Y
C

CM
M

MY

• and
Comprehensive listing of manufacturers
Y

brand names, and the South African

CY
CM

CMY
MY

and brandthereof
names, and the South African
K
CY

CMY

K
suppliers
suppliers thereof
• Categorised and indexed for fast,
• easy
Categorised and indexed for fast,
reference
easy reference

Request your own copy

Request your own copy
if you aren’t already a subscriber to Hi-Tech Security Solutions
if you aren’t
email: already a subscriber toorHi-Tech
[email protected] Security
Tel: +27 11 543Solutions
5800
email: [email protected]

or Tel: +27 11 543 5800
www.securitysa.com Access & Identity Management Handbook 2019 117
CASE STUDY
Fruity, insulated access
Maxiflex delivers sweet door solutions to leading Eastern Cape citrus fruit company.
Maxiflex secured an order for an overhead
panel sectional door from a leading citrus fruit
handling company situated in the Eastern
Cape.
The customer required a specialised door
solution for its new 11 000 m2 warehouse
with a capacity of handling tons of citrus
produce every hour. A quality door solution
was essential as product handling in and out
of the warehouse must be swift to maintain
the facility’s interior temperature in order to
reduce the risk of costly produce spoilage and
losses.
The project was spearheaded by Viaplan
Consulting Engineers and Randcivils. With
quality product and service support stipulated
by the customer as prerequisites, the two
companies immediately turned to Maxiflex to
provide an optimum door solution.
“Maxiflex is known to Viaplan Consulting
Engineers and Randcivils as we have been
involved with them on a number of similar
installations in the area,” explains Bram
Janssen, MD of Maxiflex. “Once we had
identified the customer’s exact requirements,
we immediately knew that the 1042P overhead
panel sectional door from Assa Abloy Entrance
Solutions would cater to the customer’s exact
[email protected]
, www.maxiflex.co.za.
118 Access & Identity Management Handbook 2019 www.securitysa.com
requirements.” Janssen adds that in addition
to its features, the door’s pleasing aesthetic
appearance perfectly complements the
warehouse’s façade.
Ideally suited for warehouses, logistics
centres and factories, the robust, flexible,
efficient and safe door system presents
excellent sealing properties. Each part of the
overhead panel sectional door is built to the
highest standards to ensure reliable operation
even under extremely high workloads and
arduous conditions. Made up of 42 mm
panels, the door forms a 4-way seal when
closed, ensuring insulation from all weather
conditions, protecting the fruit inside the
warehouse. The door’s design has earned a
class 3-certification for water tightness, wind
load and air permeability. Furthermore, by
helping to regulate the warehouse’s internal
temperature, energy costs are kept to a
minimum with subsequent costs savings for
the customer.
From a safety perspective, the panels are
filled with flame retardant polyurethane so the
door won’t accelerate a fire and a control panel
fitted to the door will indicate any faults.
Installation of the overhead sectional
door was completed during the first quarter
of 2018 to the satisfaction of the customer
who also confirmed that they were impressed
with the quality of the product. The customer
also confirms that they have confidence in
the door system as Maxiflex has successfully
supplied these panel sectional doors for similar
warehouse applications in the local area.
“Correct use of the door system is critical as
it will extend the product’s lifespan and keep
running costs to a minimum for subsequent
lowest total cost of ownership for our
customer,” notes Janssen.
In addition to the already well established
sole distributor rights for Assa Abloy
Entrance Solutions in sub-Saharan Africa,
Maxiflex recently acquired exclusive rights
to distribute in southern Africa, Stackdoor,
a pioneering security grille manufactured
in the Netherlands. “We are very pleased to
announce that in the third quarter of 2018,
we obtained the rights from American Mine
Door to manufacture and install underground
ventilation mine doors in South Africa,”
concludes Janssen.
For more information contact Maxiflex Door
Systems SA, +27 11 392 1709,
 CASE STUDY

Security,
convenience
and comfort
High security combined with
convenience and comfort. Bosch
implements a networked solution
for the Prime Tower in Zurich.
Jutting up to a height of 126 m, the 36-storey Prime Tower is
Zurich’s tallest building and number two in Switzerland. Its 40 000
square metres of floor space can accommodate more than 2000
workplaces. It is striking with its futuristic architecture and dark
green reflective exterior. The tower’s impressive details include
a 10 m-high entrance hall and the CLOUDS bar and restaurant
on the top floor boasting an unmatched view far out across the
surrounding landscape.
The operator relies on Bosch to keep the building safe and
secure. And to meet the Prime Tower’s requirements, the company’s
experts recently implemented a modernisation project.
One of the new system’s technical highlights is a combination
of electronic and biometric access control. “Our owner, the firm
of Swiss Prime Site Immobilien AG, attaches great importance
to monitoring who exactly is inside the building at all times,”
explained Annika Hammes, who heads the trustee department at
Wincasa, a building services outfit that was contracted to design
and execute the solution.
“Error-free biometric identification is accomplished by reading
the vein patterns on the backs of people’s hands. This is done
contactlessly for very easy, comfortable use. A total of 120 hand
vein readers have been installed in the building and connected
to the controllers of the eight elevators. Once employees and
guests have been biometrically registered, they board lifts that
automatically take them to the right floors.
Encrypted ID cards are used to access the rental units, thus
making sure that persons can only enter zones for which they have
been authorised. All relevant security information is collected in a
management system so that the responsible employees always have
everything in view and can respond quickly when there is a need.
Bosch handled everything for this project: advising the
client, and then planning and implementing the system. The
modifications were made without interrupting use of the building,
which was a major challenge not only for the project team,
which therefore had to work very swiftly, but also for the tenants
themselves.
“This called for very close cooperation between the Bosch team
and the mixed-use site management (MUSM) team of Wincasa AG,
which met the requirements for continued building use while the
work was ongoing,” explained Hammes.

For more information contact Bosch Building Technologies,

+27 11 651 9600, [email protected],
http://africa.boschsecurity.com.

www.securitysa.com Access & Identity Management Handbook 2019 119

CASE STUDY
Seamless access to multiple doors
Open and secure access to meeting rooms, conference rooms and auditoriums
that can be expanded to multiple sites.
Open Workspaces creates environments
for working, meeting and innovating. The
company has locations all over South Africa,
allowing members access Open environments
in different cities as they require. As a
co-working space, Open needed to be able to
control access to meeting rooms, conference
rooms and auditoriums using a system that
is easy to use, scalable and offers multi-site
functionality.
When looking at an access control system
that would meet its requirements, the business
found that traditional access control solutions
were too expensive as Open wanted to control
every door in real time. In addition, as a
premier location, aesthetics were important
and many access control readers, whether
biometric or tag based, are large and clunky.
Open required seamless access control to
match its design aesthetic. The company also
found that traditional access control systems
required dedicated hardware, skilled operators,
clunky software updates.
The directors of Open then found SALTO
KS and after a rigorous due diligence decided
this was the solution to their access control
problem. Open Workspace’s Mark Seftel says
the benefits SALTO offered were varied, and
include the following:
• Low cost per unit/door compared to
traditional access control.
• Easy to manage and see who’s using what
room at what time. An intuitive online web-
[email protected]
,
platform makes using the system easy.
120 Access & Identity Management Handbook 2019 www.securitysa.com
• Aesthetically pleasing. Access control is
integrated into the actual door lock. No bulky
or ugly add-ons are needed.
• No cabling needed to the lock. Existing doors
can be activated by replacing the existing
lock with an electronic lock.
• Door locks are battery powered, typically
lasting 30 000 operations. The door locks will
operate during a power failure and are non-
dependent on individual battery backups or
UPS power.
• Open members can use one tag for multiple
sites.
• Open team members can monitor user access
and door status from anywhere, even on their
mobile devices.
Accessing Sandton
Open Sandton, which has about 60 doors to
manage, chose the new XS4 escutcheon for
their doors. The BLE (low-power Bluetooth)
version was specified to future-proof Open
Project summary
• Location: West Street, Sandton.
• Number of locks: 60
• Number of active users: 320
• Combination of tags and cards.
• Members can use one tag between all
sites in South Africa.
• The system is fully cloud-based.
• No onsite dedicated hardware needed.
for when the BLE functionality is available on
SALTO KS. Each meeting room door has its
own SALTO KS XS4 Escutcheon and intelligent
mortice lock. The mortise lock is able to send
an alert when a door had been left open, has
an inbuilt panic function and an anti-pick latch.
PoE SALTO KS IQs (hubs) were deployed.
These IQs are powered by PoE switches
strategically placed on each floor. PoE IQs
saved money for Open because they did not
have to provide a power point to each IQ.
The IQs used at Open in Sandton were
connected to the cloud via Ethernet. However,
for future projects, an IQ with an integrated
GSM SIM card will be used. The SIM connects to
available cellular networks in the absence of an
Internet connection. This is a benefit because if
the Internet goes down on-site, the SALTO KS
system will still be online.
The commissioning and installation was
handled by SALTO partner, Concept Store. To
make sure there was minimal disruption to
the location, progress was measured door by
door. Once a door was online, it was tested
and signed off by the client. Because no local
servers are required it is quite easy to do a
sign-off per door instead of completing the
entire site and only then do sign-off (once the
server is up and running), which is the norm for
access control installations in South Africa.
For more information contact SALTO Systems,
+27 11 543 8489,
www.saltosystems.com
 CASE STUDY

Trendy access control

Hirt & Carter demands top-of-the-range physical
security that meets its contemporary look and feel.
Hirt & Carter has a 50-year legacy as a leading
integrator of multi-channel marketing and
communication solutions. Offering complete
tailor-made systems and processes, the
company has extensive premises housing
high-tech, high-value equipment in Durban’s
Umgeni Park.
“Not only is there a real need for careful
control over who enters the Hirt & Carter
premises,” says Craig Sacks, MD of Turnstar,
“but furthermore, the facilities have a modern,
contemporary look and feel, so any physical
access control systems have to blend in with the
trendy environment.”
The order was fairly extensive and included
a sophisticated Triton full-height curved three-
wing single glass turnstile. The turnstile, with
matte graphite grey finish, has bi-directional
electrical control with a failsafe auto unlock
which activates during power failures. Durability
is often compromised for the sake of aesthetics
but this is not the case with the technology
used in the Triton turnstile, which offers years of
sustainable service.
Catering for all visitors, the stainless steel
the reception area is designed with aesthetics in
mind and with a 180° opening.
For other employees and visitors to the
premises, three Trident waist-height single
turnstiles manufactured in durable 316 stainless
steel with Rustenburg Granite tops provide
fast and easy access. Their quiet operation and
sleek appearance makes them the perfect fit for
reception areas. Bi-directional electric control
is complemented by a self-centring rotation
system that ensures the rotor returns to the
starting position after every rotation.
Hirt & Carter has also installed four double
and two single full-height four-arm Titan
industrial turnstiles.
In addition to the turnstiles and special
needs gate, Turnstar also supplied 20 biometric
fingerprint reader mounting brackets in 316
stainless steel and four security gates. Also
manufactured in 316 stainless steel, these left-
handed gates are 1.5 m wide and 2.125 m high,
with a maglock and door closer.
For more information contact Turnstar Systems,
+27 11 786 1633,

[email protected],
semi-automatic special needs gate installed in www.turnstar.co.za.

Eliminating tailgating at Wits

Turnstar deals with tailgating with its Velocity high-speed vehicle barriers.
Wits University is a public institution with five
faculties, 33 schools, 30 service departments,
17 residence halls, all spread over 400 acres.
The institution offers 3 610 courses and houses
approximately 37 000 students and 6 000 staff
members with at least 10 000 vehicles that
pass through its gates each day.
The university has 24-hour CCTV coverage
and security officers on patrol. Mobile vehicle
patrols are also conducted onsite to ensure
that there is safety and security of Wits’ staff,
students and visitors on the campus.
On campus, the university has a card swipe
system to assist in controlling access. In a
recent security upgrade project, the institution
decided to install 18 new Turnstar Velocity
automatic high-speed vehicle barriers at the
busy Yale Road North and Yale Road South
entrances.
Fitted with a 3-metre arm, the Velocity
barriers open in just 1 second, ensuring that
traffic flow is maximised, whilst still providing
a high level of security. The exit booms have a
strict interlock feature whereby two booms are
interlinked to prevent tailgating. “In essence,
a vehicle passes under the first traffic barrier
and then has to wait until it lowers before the
second barrier is lifted for final exit from the
campus,” says Craig Sacks, MD of Turnstar.
The Turnstar Velocity industrial vehicle
barriers at Wits University are manufactured
with white powder coated stainless steel
cabinets and complementary powder coated
blue tops. The vehicle barriers come with four
adjustable raise and lower speed settings,
which provide seamless control as well as
dynamic braking and gentle stop.
The intelligent collision detection and
mid-cycle auto-reverse functions are just two
of the safety features that make this product
desirable. Other built-in standard safety
features include a dual channel loop detector
and an interface on the connection of an
infrared beam system.
In the event that there is a power outage,
the system has a built-in 7 Ah battery backup
with battery protection and it can also operate
on solar power. Effortless manual override
also allows security officers to lift and lower
the barrier in the event of a power failure and
battery exhaustion.
“Not only does the Velocity offer Wits
University a seamless physical access control
solution, but it is also built for longevity. By
eliminating the motor rear-mounted brake and
clutch, and removing the need for proximity
sensors or microswitches for positioning, we
have drastically reduced the cost and time
required for maintenance,” says Sacks.
For more information contact Turnstar
Systems, +27 11 786 1633,

[email protected], www.turnstar.co.za.

www.securitysa.com Access & Identity Management Handbook 2019 121

CASE STUDY
Hospital adopts integrated solution
Bosch equips Adana Integrated Health Campus with an integrated,
end-to-end security system.
Completed in 2017, the Adana Integrated
Health Campus is a state-of-the-art hospital
complex in Turkey comprising three specialised
clinics with a total capacity of 1550 beds.
Located in Adana – the country’s fifth-largest
city – the over 318 000 square-metre facility is
a public-private partnership project realised
in cooperation with the Ministry of Health to
serve patient populations from the surrounding
Adana, Hatay and Osmaniye provinces.
The Adana Integrated Health Campus
prides itself in offering the highest level of
care through specialised physicians and
advanced equipment. The Main Hospital offers
an Oncology Hospital as well as a Cardiology
and Cardiovascular Hospital at a 367-bed
capacity. The Maternity & Pediatrics Hospital
have 349 beds and the General Hospital 584
beds. Before opening to the public, the project
won several awards, including Best Healthcare
Project and World’s Largest Seismic Isolated
Health Campus.
When it came to choosing a security
and safety solution for their high-profile
[email protected]
,
health facility, officials in Adana wanted to
122 Access & Identity Management Handbook 2019 www.securitysa.com
integrate the most advanced hardware on
a single platform covering four areas: video
surveillance, access control, fire alarm plus
public address and voice alarm. Bosch won
the contract as the one-stop provider with the
capacity to unify all systems via its Building
Integration System (BIS) through different
interfaces. The installation was completed by
the Bosch partner Ateksis.
Due to the size and complexity of the
modern campus, this level of integration
proved a true test for the Bosch Building
Integration System (BIS): The IP-based video
surveillance system consists of 2000 cameras
for monitoring critical indoor and outdoor
areas such as entrances and corridors.
Managed on the Bosch Video Management
System (BVMS), live feeds from high-definition
Flexidome, Dinion IP starlight, and Autodome
IP starlight cameras are monitored on-site
through a single control room. Providing fire
safety, BIS controls roughly 45 000 detection
points, including 30 000 fire detectors, plus
manual call points and interface modules
across the campus.
For an extra level of integration, the
hospital’s telephone switchboard is integrated
into the public address and voice alarm system
via BIS to enable public announcement and/or
fire alarms from the nurse desks for immediate
evacuation of patients and their relatives. And
to safeguard the Maternity Clinic against ‘Code
Pink’ cases (baby kidnapping), the Bosch access
control integrates RFID tags on newborn
babies to trigger alarms.
By implementing a complete solution
on a single platform from the start, Adana
Integrated Health Campus sets the standard for
exemplary patient safety in a system marked
by low overall cost of ownership, maintenance
costs, and failure rate. In the bigger picture, the
state-of-the-art campus proves the end-to-end
capabilities of Bosch Building Technologies
and serves as a showcase for the next level of
healthcare and integrated security.
For more information contact Bosch Building
Technologies, +27 11 651 9600,
http://africa.boschsecurity.com
 DIRECTORY OF
access and identity management suppliers
Access and Beyond Blacklight Integrated
Distributor/Supplier Installer/system integrator
Service provider
Contact: Christo Myburgh
Tel: +27 31 263 1487
Contact: Kelly Mclintock

[email protected]
Tel: +27 82 805 8447
Unit C1, 35 Intersite Avenue, Umgeni Business Park, KwaZulu-Natal
[email protected]
www.accessandbeyond.com
820 16th Road, Randtjies Park, Midrand, Gauteng
Branches: Durban, Centurion
www.blacklightconsulting.co.za
Branches: Sales – Johannesburg, Tshwane. Technical footprint –
Access and Beyond specialises in integrated access solutions (RFID and
Johannesburg, Tshwane, KwaZulu-Natal, Cape Town, Hoedspruit
biometrics) and is a value-added distributor of Impro, XTime, IDEMIA
and Nedap. To complete its range, the company also stocks all access
Blacklight Integrated specialises in system design, sales, installation,
control and CCTV peripherals and cable.
offsite monitoring and maintenance of IP surveillance, access systems,
booms, turnstiles, fencing, networking and integrated systems, as well
as Internet of Things (IoT) and IT security.

ADI Global Distribution

Distributor/supplier Boomgate Systems
Manufacturer
Contact: ADI Global Distribution
Distributor/Supplier
Tel: +27 11 574 2500
[email protected]
Contact: Andre Rossouw
5 Platinum Drive, Longmeadow Business Estate, Modderfontein,
Tel: +27 11 674 4441
Johannesburg, Gauteng
[email protected]
www.adiglobal.com/za
18 Minerva Avenue, Leaglen, Gauteng
Branches: Johannesburg, Pretoria, Cape Town, Durban, Bloemfontein,
www.boomgatesystems.co.za
Port Elizabeth
Branches: Cape Town
ADI offers an in-depth product solution for access control from market-
Manufacturer of vehicle and pedestrian access control equipment
leading manufacturers. The company’s consumables include, among
and high security anti-terror products. These include traffic
other things, mag locks, door closers, request to exit, cable and power
barriers (manual and automated), spike barriers, turnstiles,
supplies. It also has an array of system solutions such as biometrics and
pedestrian barriers, road blockers, speedstiles, mantrap cubicles,
proximity readers.
hydraulic bollards, revolving doors, bollards, rubber traffic islands
and camera poles.

ASSA ABLOY
Manufacturer
Distributor/supplier
BT-SA
Contact: Pieter Geyser System integrator
Tel: +27 11 761 5000
[email protected] Tel: 0860 105 183
ASSA ABLOY Commercial House, 9 Nickel Road, Technikon, Gauteng [email protected]
www.assaabloy.co.za 59 Lechwe Street, Corporate Park South, Midrand, Gauteng
Branches: Cape Town, Durban, Port Elizabeth, Ghana, Kenya, www.bt-sa.co.za
Namibia, Nigeria, Tanzania, Uganda, Zimbabwe Branches: Johannesburg, Cape Town, Rustenburg, Witbank, East London

ASSA ABLOY’s range includes SMARTair access control, Aperio
wireless door locks, and a wide range of mag locks, energy efficient
electromechanical locks and electric strikes. Included in its product
offering for the residential market is a range of digital door locks,
including ENTR and Yale digital door locks, ideal for an
automated home.
BT-SA offers end-to-end security solutions that include design,
installation and maintenance of high-tech integrated products. Its
in-house team of experts can integrate all fire and security systems
into a single platform with one-user interface. These products
include a variety of fire detection and suppression, evacuation
systems, access control, CCTV and all intruder detection types.

www.securitysa.com Access & Identity Management Handbook 2019 123

CA Southern Africa Doculam
Manufacturer Distributor/supplier
Installer/System Integrator
Contact: Shaun Stanley
Contact: Heidi Ziegelmeier Tel: +27 21 557 0666
Tel: +27 64 903 2600 [email protected]
[email protected]

140 Umbilo Road, Durban, KwaZulu-Natal
Block F, EOH Office Park, no 1 Osborne Lane, Bedfordview, Gauteng
www.ca.com
Branches: Durban, Cape Town, Johannesburg
The depth and breadth of CA Technologies’ enterprise security
software – from API security, identity and access management
and privileged access management to fraud and risk detection
and prevention – helps protect 49 of the Fortune 50 organisations
in the world and provides you the ability to propel your businesses
forward into the digital world.
www.doculam.co.za
Branches: Durban, Cape Town, Johannesburg, Port Elizabeth
Doculam offers a range of products that relate to the access control industry.
Its Magicard PVC card printers, access cards and ID consumables all assist with
the access control process, while Garrett metal detection products also form
an essential part of threat detection applications as applied to access control.
As alcohol abuse is normally controlled at all entry points, organisations need-
ing to screen for would-be offenders can effectively combat this health and
safety risk with Doculam’s range of Alcovisor breathalysers.

Elvey
CEM Systems Distributor/supplier
Manufacturer
Distributor/Supplier Contact: Elvey
Tel: +27 11 401 6700
Contact: Ernest Mallet [email protected]
Tel: +44 2890 456767 27 Greenstone Place, Greenstone Hill, Edenvale, Gauteng
[email protected] www.elvey.co.za
195 Airport Road West, Belfast, BT3 9ED, United Kingdom Branches: Bellville, Bloemfontein, Cape Town, Durban, Exports, East London,
www.cemsys.com East Rand, George, Greenstone, Johannesburg, Namibia, Nelspruit, Polokwane,
Branches: Johannesburg Port Elizabeth, Pretoria, Rustenburg, West Rand

CEM Systems access control and integrated security management
systems from Johnson Controls secure sites around the world,
ranging from education and healthcare to aviation and more.
Johnson Controls manufactures both CEM hardware and
CEM AC2000 software, offering one of the most comprehensive,
resilient and reliable systems available.
Comb Communications
Manufacturer
Distributor / Supplier
Contact: Amelia Hayward
Tel: +27 11 089 5800
[email protected] Branches: Johannesburg, Cape Town, Port Elizabeth, Durban
Unit 17B, Allandale Park, Markels Close, Midrand, Gauteng
www.comb-communications.com
Leveraging web-based applications alongside functional components
and current technologies is what Comb Communications does best.
Its solutions not only provide you with peace-of-mind and reliability,
but give you the control that truly makes a difference in time
management and the management of access controlled environments.
Elvey provides a wide range of access control technology for the most extensive
range of applications. From time and attendance to monitoring solutions, integrated
or standalone, Elvey provides for all its customers’ typical and diverse needs.
EOH Security and Building
Technologies
Installer/system integrator
Service provider
Contact: EOH Security and Building Technologies
Tel: +27 11 844 3200
[email protected]
www.eoh-fss.co.za
Our offerings are powerful yet flexible, providing a turnkey solution to
manage your workforce effectively. It ranges from enhanced scheduling,
absence management, operational health and safety, access control,
payroll and HR integration. Our solutions include CCTV, BMS systems,
infrastructure and support thereof. 30+ years of experience, guarantees
successful implementations.

ET Nice
Dahua Technology Manufacturer
South Africa Contact: Gerald Kirsten
Manufacturer Tel: +27 21 404 0800
[email protected]
Contact: Zhejiang Dahua Technology 15 Nelson Road, Observatory, Cape Town, Western Cape
Tel: +86 571 8768 8883 www.niceforyou.com/za
[email protected] Branches: Observatory, Brackenfell, Port Elizabeth, Pinetown, Nelspruit,
No.1199, Bin’an Road, Binjiang District, Hangzhou, China Samrand, Germiston
www.dahuasecurity.com
ET Nice, formerly ET Systems, has proudly been designing, manufacturing
Zhejiang Dahua Technology is a product and solution provider in and supporting products in South Africa for the access automation and
the global video surveillance industry. With more than 10 000 security industries for almost 30 years. Today, ET Nice is the optimal choice
employees all over the world, Dahua solutions, products and in the management of integrated automation systems, thanks to a
services are used in over 160 countries and regions. complete variety of smart and user-friendly products.

124 Access & Identity Management Handbook 2019 www.securitysa.com

Genetec Impro Technologies
Manufacturer Manufacturer

Contact: Brent Cary Contact: Mike Kidson

Tel: +27 82 854 1278 Tel: +27 11 469 5568
[email protected] [email protected]

2280 Alfred-Nobel Blvd, Suite 400, Montreal, Quebec, Canada
www.genetec.com
Genetec is an innovative technology company with a broad solutions
portfolio that encompasses security, intelligence and operations.
The company’s flagship product, Security Center, is an open-
architecture platform that unifies IP-based video surveillance,
access control, automatic license plate recognition (ALPR),
communications and analytics.
47B Gillitts Road, Pinetown, KwaZulu-Natal
www.impro.net
Branches: Durban, Johannesburg
Impro has been pioneering the access control industry for over 30 years. Its
access control solutions scale from small installations, all the way to enterprise
multinationals. A proudly South African company, Impro offers customers a no-
quibble warranty exclusive to South African businesses, as well as free 24-hour
technical support and accredited training.

iPulse Systems
GV-TECH Manufacturer
Distributor/Supplier
Contact: Sales team
Contact: Christo Botha Tel: 0860 478 573
Tel: +27 83 516 8213 [email protected]
[email protected] Unit 15A, Skyview Retail Park, 67 CR Swart Drive, Strijdompark,
1st Floor, 106 Jean Avenue, Centurion, Gauteng Randburg, Gauteng
www.gvtech.co.za www.ipulsesystems.com
Branches: Centurion
iPulse Systems designs, manufactures and sells cloud-based access
We import and distribute GeoVision products. Our products control and workforce management systems. All products are designed and
include IP cameras, surveillance recording systems like NVRs manufactured in South Africa, and exported to 27 countries. Products include
and VMS; we also have LPR/ANPR, POS, and access control both hardware and software solutions. iPulse sells IQSuite.cloud, a full access
solutions. We are a total CCTV solutions provider and offer control system hosted on Microsoft Azure.
customised solutions.

Johnson Controls
Installer/system integrator
IDEMIA Distributor/supplier
Manufacturer
Contact: Marius Brits
Contact: Chelesile Moya Tel: +27 11 921 7100
Tel: +27 11 601 5500 [email protected]
[email protected] 42 Electron Avenue, Isando, Gauteng
14 Milkyway Aveune, Linbro Business Park, www.johnsoncontrols.co.za
Johannesburg, Gauteng Branches: Johannesburg, Cape Town, Durban, Carletonvville
www.idemia.com
Johnson Controls works with customers to develop comprehensive, cost-
OT-Morpho is now IDEMIA, a leader in trusted identities for an effective security and fire safety solutions. As a building-wide technology
increasingly digital world. Through augmented identity, IDEMIA integrator, we look at how to both implement the appropriate technologies
empowers citizens and consumers alike to interact, pay, and protect your investment long term. We provide support for the
connect, travel and vote in ways that are now possible in a development, design, deployment and implementation of a breadth of
connected environment. With close to €3bn in revenues, technologies, regardless of the manufacturer.
IDEMIA serves clients in 180 countries.

Mustek Security Technologies

Installer/system integrator
iMAT Distributor/supplier
Manufacturer
Distributor/supplier Contact: Sergio Pedregal
Tel: +27 11 237 1000
Contact: iMAT [email protected]
Tel: +27 21 556 3866 322 15th Road, Randjespark, Midrand, Gauteng
[email protected]

http://mst.mustek.co.za/
32 Sycamore Crescent, Atlas Gardens, Durbanville, Western Cape
www.imat.co.za
Branches: Cape Town, Johannesburg, Durban
iMAT is a manufacturer of physical access control products
including well known turnstiles, vehicle barriers and many
more. Its products are designed to integrate seamlessly will any
biometrics or other triggers, and offer a safe bet for turnstiles
that last.
Branches: Gauteng, Port Elizabeth, East London, Polokwane, Bloemfontein,
Durban, Nelspruit, Mahikeng, Kimberley, Cape Town
Mustek Security Technologies (MST) provides integrated security solutions,
including enterprise-class access control and visitor management solutions
incorporating various technologies such as biometric (finger/face) and
automatic number plate recognition. MST is able to provide a complete
end-to-end solution obviating the need to source various components from
a host of suppliers.

www.securitysa.com Access & Identity Management Handbook 2019 125

neaMetrics Regal Distributors SA
Manufacturer Distributor/Supplier
Distributor/supplier
Contact: Andrew Levell-Smith
Contact: neaMetrics sales Tel: +27 87 802 3800
Tel: +27 11 784 3952 [email protected]
[email protected]

26 Greenstone Place, Greenstone Hill, Edenvale, Gauteng
108 11th Street, Parkmore, Sandton, Gauteng
www.neametrics.com
Branches: Johannesburg, Nairobi, Kinshasa
neaMetrics develops customised, integrated software
solutions for biometric ID (fingerprint, face, iris), identification
(AFIS) and card personalisation (smartcard, RFID, ID cards).
Exclusive distributor of Suprema and other identity products,
providing specialised turnkey ID solutions.
www.regalsecurity.co.za
Branches: Johannesburg, Boksburg, Roodepoort, Midrand, Pretoria,
Centurion, Vanderbijlpark, Nelspruit, Witbank, Polokwane, Cape Town,
Bellville, East London, Port Elizabeth, Durban, Pietermaritzburg, Pinetown,
Bloemfontein
Regal Distributors SA offers a comprehensive range of biometric devices,
RFID and keypad readers available as standalone or combined
technology readers, PAC software and hardware such as maglocks, and an
extensive range of request-to-exit buttons for any application from
entry level to commercial access control installations.

Rhyco Risk Projects

Paxton Access Installer/System integrator
Manufacturer
Contact: Gary Swart
Contact: +27 21 427 6691 Tel: +27 83 306 5499
[email protected] [email protected]

Paxton House, Home Farm Road, Brighton, BN1 9HU,
United Kingdom
www.paxtonaccess.co.za
Paxton designs and manufactures IP access control, door
entry and building intelligence systems for the mid-market
(education, healthcare, retail, leisure, commercial and public
sector). Paxton offers world-class technical support and free
training to all its customers. Every year around 25 000
buildings are secured by Paxton.
Unit 11, Eco Square Park, Witch-Hazel Avenue, Highveld Techno-Park,
Centurion, Gauteng
www.rhms.co.za
Branches: South Africa, Tanzania, Uganda, UAE
Rhyco Risk Projects offers knowledge and expertise to its clients through
consultation, planning, product sourcing and implementation of tailor-made
solutions. The company’s drive is to create exciting new solutions in partnership
with its clients, bringing together cutting-edge integrations from planning to
implementation. Rhyco specialises in CCTV, access control, intruder systems,
fire, PA and evacuation systems, as well as offsite monitoring.

SACO a division of Bidvest Protea Coin

Powell Tronics Manufacturer
Distributor/supplier Installer/System Integrator

Contact: Mike Austen Contact: Freddy Niehaus

Tel: 0861 784 357 Tel: 086 123 7226
[email protected] [email protected]

Unit 19-4, The Waverley Complex, Wyecroft Road, Observatory,
Western Cape
www.p-tron.com
Branches: Cape Town, Durban, Johannesburg, Port Elizabeth
Impro, IDEMIA, Golmar and Powell Tronics’ own brand of P-tron
door furniture and software solutions, provide the market with
top of the range local and global product offerings, unrivalled
expertise and support with unparalleled integrated solutions.
222 Witch-Hazel Avenue, Highveld Techno Park, Centurion, Gauteng
www.saco.co.za/www.proteacoin.co.za
Branches: Centurion, Durban, Port Elizabeth, Cape Town, Rustenburg
SACO, a division of Bidvest Protea Coin, offers services including accurate
human capital identification and management, progressive business
intelligence, workforce efficiency and process optimisation management,
productivity and revenue protection, asset protection, ERP and payroll
integration, and risk management.

Saflec Systems
Manufacturer
Value-added reseller

Reditron Contact: Saflec Systems

Distributor/Supplier Tel: +27 11 477 4760
[email protected]
Contact: Jacques Bester 522 Ontdekkers Road, Florida Hills, Johannesburg, Gauteng
Tel: +27 87 802 2288 www.saflecsystems.co.za
[email protected]

9 Electron Street, Linbro Park, Gauteng
www.reditron.co.za
Branches: Johannesburg, Nelspruit, Cape Town, Durban
IDEMIA, Paxton and ViRDI solutions.
Local manufacturer of quality access control equipment and developer of the
renowned SACS access control system, specialising in offline access control.
Saflec is a value-added reseller for Salto for its Sallis and Salto electronic
locks, and for HID for its Mifare and mobile solutions, both of which are fully
integrated into Saflec’s access control system.

126 Access & Identity Management Handbook 2019 www.securitysa.com

Salto Systems Stallion Security
Manufacturer | Distributor/supplier Installer/System Integrator

Contact: Wouter du Toit Contact: Kevin Monk

Tel: +27 87 701 5858 Tel: +27 11 533 8888
[email protected] [email protected]

Wild Fig Business Park, Block F, Unit 55, 1494 Cranberry Street, Honeydew,
Roodepoort, Gauteng
www.saltosystems.com
Branches: Johannesburg
Salto drives to develop innovative electronic locking solutions based on
simple and efficient technology to build on its portfolio of products both
in design and functionality, making it possible for users to meet their
access needs and secure all their doors. The company delivers networked,
real-time solutions for sectors where security is critical, such as airports,
healthcare, government, corporate, hospitality, mining and education.
35 Siemert Road, Doornfontein, Johannesburg, Gauteng
www.stallion.co.za
Branches: Bloemfontein, Pretoria, CapeTown, Durban, Port Elizabeth
Stallion Electronic Security understands the dynamics of the
integrated electronic security market and can therefore tailor-make
an integrated system to suit any commercial, industrial, mining
or retail facility. The company has the diversity to provide integrated
systems from entry level to the most complex and advanced
networked systems.

Suprema
Secutel Technologies Manufacturer
Installer/System Integrator Distributor/supplier
Distributor/Supplier
Contact: The Suprema team
Contact: Danny Pringle Tel: +27 11 784 3952
Tel: +27 10 015 1401 [email protected]
[email protected] 108 11th Street, Parkmore, Sandton, Gauteng
13 Picaroon Street, Laser Park, Honeydew, Johannesburg, Gauteng www.suprema.co.za
www.secutel.co.za Branches: Johannesburg
Branches: Johannesburg, Polokwane, Cape Town, George, Nelspruit,
Durban, Port Elizabeth, Bloemfontein Suprema is a leader in biometric & identity management solutions,
including access control and T&A, embedded fingerprint modules,
The Secutel access control and visitor management platform combines PC fingerprint solutions, live scanners and e-passport readers.
iPad visitor registration kiosks, electronic door components, peripherals Suprema’s technology is aesthetically pleasing and supported
and software, providing tailor-made networked access control solutions. with award winning algorithms.
Everything fits together, everything works.

Sherlotronics Turnstar Systems

Manufacturer Manufacturer

Contact: Simon Knott Contact: Scott Davey

Tel: +27 11 462 5101 Tel: +27 11 786 1633
[email protected] [email protected]

251 Aintree Avenue, Northriding, Johannesburg, Gauteng
www.sherlotronics.co.za
Established over 25 years ago in Johannesburg, Sherlotronics specialises
in Radio Frequency licence-free remote control systems for the security
industry and access control markets. Sherlotronics is a manufacturer
that strives to maintain a high level of build quality in its remote
control designs.
18 6th Street, Wynberg, Sandton, Gauteng
www.turnstar.co.za
Branches: Cape Town, Durban
Turnstar is an ISO 9001:2015 certified manufacturer of turnstiles, speed
gates, mantrap cubicles, security booths, vehicle barriers, bollards and
road blockers. Production takes place in a 7 700-square metre factory
in Wynberg, with distribution warehouses in the Western Cape and
KwaZulu-Natal.

Softcon
Manufacturer Tyco
Distributor/supplier Manufacturer

Contact: Reynardt Badenhorst / Tihan du Plooy Contact: Ernest Mallett

Tel: +27 12 348 7301 Tel: +27 11 026 9476
[email protected] [email protected]
475 King’s Highway, Lynnwood, Pretoria, Gauteng Unit 3, Thandanani Office Park, Invicta Street, Halfway Gardens,
www.softconserv.com Midrand, Gauteng
Branches: Pretoria, Cape Town www.tycosecurityproducts.com

The core modules of Softcon’s solution revolves around building
management, with the main focus on access control, input/output
monitoring, biometric solutions, smart card solutions, vending control, fuel
control, solutions for visitor control, asset management, ID card production,
cashless point-of-sale at canteens and parking point-of-sale.
Tyco, the security products division of Johnson Controls, manufactures
leading access control, video and intrusion systems, providing a
unified security platform from one trusted source. An extensive cyber
protection programme enforces Tyco’s approach to the design and
development of its products to protect clients from cyber threats.

www.securitysa.com Access & Identity Management Handbook 2019 127

VERACITECH Workforce
Installer/System Integrator Management
Value-added Reseller Solutions
Distributor/supplier
Contact: Alvin Flaum
Tel: +27 11 888 7251 Contact: Glenn van der Westhuizen
[email protected] Tel: +27 76 571 5944
382 Kent Avenue, Ferndale, Randburg, Gauteng [email protected]
www.veracitech.co.za www.workforcemanagementsolutions.co.za
Branches: Johannesburg, Rustenburg, Mokopane, Windhoek,
Walvis Bay, Gaborone Workforce Management Solutions develops and delivers various
software systems to assist residential estates in managing their
Systems engineering house for high-end security, video and access residents, workforce, visitors and contractors.
automation systems in the industrial, mining and national key-point
sectors across southern Africa. OEM partner and expert system house for
XMP-Babylon (Autec), direct channel partner for Avigilon and integration
partner for Traka and IDEMIA.

ZKTeco
Wolfpack Information Manufacturer
Risk
Distributor/Supplier Contact: Hendrik Combrinck
Tel: +27 12 259 1047
Contact: Craig Rosewarne [email protected]
Tel: +27 11 794 7322 Block F, Wellness World Corporate Park, Beethoven Street, Melodie,
[email protected] Hartbeespoort, North West Province
Building 1, Pendoring Office Park, 299 Pendoring Road, Blackheath, www.zkteco.co.za
Northcliff, Gauteng
www.wolfpackrisk.com ZKTeco is a leading global developer of security and time
Branches: Johannesburg management solutions. ZKTeco controls manufacturing, product
design, component assembly and logistics/shipping – all under
Wolfpack Information Risk specialises in business-aligned information risk one roof. ZKTeco develops biometric technology in the mass
and cyber threat management covering the full spectrum of commercial market in a cost-effective manner to ensure efficient
prevention, detection, incident management and resilience requirements. use of biometric technology.

Disclaimer: The information in this publication is furnished for the exclusive use of subscribers and is based on the most reliable data available to
Technews ­Publishing. However, the information was obtained from sources which Technews Publishing does not control and, although every effort has
been made to verify it, the data is volatile. In furnishing this information, Technews Publishing in no way assumes any part of the users’ or suppliers’ risks,
does not guarantee its completeness, timeliness or accuracy and shall not be liable for any loss or injury whatever resulting from the use of or reliance
on the information, or from negligence.

Index to advertisers
Access and Beyond............................................................................11
ASSA ABLOY.........................................................................................77
Boomgate Systems......................................................................... 107
CEM Systems........................................................................................15
Dahua Technology South Africa..................................................... 7
Doculam............................................................................................. 101
ET Nice....................................................................................................91
Genetec............................................................................................... 103
Hi-Tech Security Solutions........................................................1,117
IDEMIA....................................................................................................39
iMat..........................................................................................................95
Impro Technologies...........................................................................79
iPulse Systems.................................................................................OBC
Johnson Controls................................................................................31
Mustek Security Technologies.......................................................19
neaMetrics................................................................................27,35,81
Paxton Access......................................................................................93
Powell Tronics......................................................................................23
Reditron.................................................................................................37
Regal Distributors SA........................................................................29
Saco a division of Bidvest Protea Coin........................................99
Saflec Systems.....................................................................................45
Salto Systems..................................................................................... IFC
Specialised Exhibitions Montgomery.......................................IBC
Stallion Security..................................................................................41
Suprema....................................................................................27,35,81
Turnstar Systems................................................................................17
Tyco.........................................................................................................85
Wolfpack Information Risk..............................................................25
Workforce Management Solutions..............................................87
VERACITECH...........................................................................................5
ZK Teco...................................................................................................65

128 Access & Identity Management Handbook 2019 www.securitysa.com