Functional Description iProtect Security Management Central management An integral, web-based platform Low maintenance and service costs Information available at any location Quick and easy installation Easy to connect to existing infrastructure Software and hardware developed by ourselves Numerous integration possibilities Innovative products Based on open standards Contents 1.0 iProtect Security Management 1.2Server 1.3 1.4 Security Policy 1.3.1 The iProtect security policy 1.3.2 Explanation of the measures taken Web-based solution 1.5Multi-site 2.0 1.6 System administrators 1.7 Energy & Cost savings 1.8 Event driven system 1.9 Alarm Procedure 1.9.1 Alarm distribution 1.9.2 Alarm actions 1.10 Buffering transactions 1.11 Interfaces with applications/systems What is Access Control? 2.1 How does Access Control work in iProtect? 2.1.1iPU-8 2.1.2 The Polyx 2.1.3 Sirius Access Control readers 2.1.4 Wireless Access Control in iProtect 2.1.5 Salto Offline readers 2.2 The unique features of Access Control 2.3 Real-time presence 2.4LDAP 2.5 Special functionalities of the iProtect System 2.5.1Keymap 2.5.2Traka 2.5.3 Cold Standby 2.5.4 Email support 2.5.5Control 2.5.6 Logical switching 2.5.7 Horizontal database separation 2.5.8Reports www.tkhsecurity.com Contents 3.0 What is Camera Surveillance? 3.1 How does Camera Surveillance work in iProtect? 3.2 VMS integration in iProtect 3.2.1 DIVA Features 3.2.2Xprotect* 3.3 3.4 4.0 5.0 Unique iProtect Camera Surveillance functionalities 3.3.1 Video verification 3.3.2 Video on transaction 3.3.3 “Intelligent” cameras Why Camera Surveillance in iProtect? What is Intercom? 4.1 How does iProtect Intercom work? 4.2 Unique Intercom functionalities What is Burglary Detection? 5.1 5.2 How does Intrusion Detection work in iProtect? 5.1.1 Alarm point 5.1.2 Alarm group 5.1.3 Alarm group collection 5.1.4 Alarm output Unique functionalities of Intrusion Detection 5.2.1 Visualisation of Detectors and Alarm Groups on floor plans. 5.2.2 Visualising alarm outputs 5.2.3Events 5.3 5.2.4 Linking access area to Intrusion alarm groups 5.2.5 Importing data Intrusion centres 5.3.1 Galaxy 500 series, G3 and GD (Dimension) via RS232 5.3.2ATS 5.3.3 Alphavision XL 5.3.4IBC-128 5.3.5Restrictions 6.0 What is Time Registration? www.tkhsecurity.com Security Management Intrusion Detection TKH Security Solution Video Surveillance Access Control 1.0 iProtect Security Management 1.1 iProtect is a high-end Security Management System (SMS) with fully integrated Access Control, Camera Surveillance, Intrusion Detection, Intercom, Time Registration and Parking Management. A modular system, it can be constructed according to customer requirements using a variety of the above modules and accompanying licenses for integrated systems. The iProtect system is a web-based security application in which all screens are presented as web pages (HTML). Local installation of user software is not required. Plug-ins and the like are also not used. Furthermore, the iProtect system is scalable and, thanks to the use of web technologies, independent of location. The system can be managed from any location, worldwide. We offer 3 basic versions of the iProtect System - because customer needs differ, as do the sizes of their businesses and buildings: • Small • Medium • Large These basic versions include a number of standard modules and licenses. iProtect Small is the starter version for smaller systems, iProtect Medium is intended for medium-sized systems and iProtect Large for large Security Management Systems. These basic versions can be expanded with Modules for further applications and/or licenses. Such expansion typically involves increased numbers of readers, maps/tags, system users, floor-plans, etc. The basic versions have a maximised range. The system can be expanded by simply upgrading it to a higher version, while maintaining all existing settings in iProtect. In addition, several expansion modules are available, providing the user with even more functionality. 1.2Server iProtect is a fully integrated Security Management System for the management, surveillance and operation of Access Control, Camera Surveillance, Intrusion Detection, Intercom, Time Registration and Parking Management. The system hub consists of a server with an Ubuntu (Linux) operating system and iProtect Security Management software. Linux (Unix) remains the most reliable operating system for this type of system/application. The server is a standard type, but can also be supplied as a redundant version (Raid1) with a second hard disk and second power supply. The system can also be equipped with a cold standby server for additional redundancy. The cold standby solution sends a backup from the main server to the cold standby server on a nightly basis and automatically restored. In the event of problems with the main server the cold standby server can be activated to take over the entire system. 1.3Security Policy 1.3.1 The iProtect security policy The security policy requires that only those components and network services that are strictly essential for the correct functioning of iProtect are installed and started. Network traffic between the server and the decentralised intelligence of iProtect is encrypted using AES256 and is provided with replay attack security. 1.3.2 Explanation of the measures taken iProtect makes use of the Ubuntu TLS operating system, making iProtect practically invulnerable to viruses and worms. Furthermore, all network ports not essential for the iProtect application are closed. All daemens not being used by iProtect are switched off. In addition, only those components of the OS that are required for the correct functioning of iProtect are installed. An FTP server, SMTP and suchlike are not installed due to security considerations. SSL is used for communication between server and Client. iProtect uses SSH instead of Telnet. These measures significantly reduce the frequency of necessary updates which, in turn, means less system downtime and fewer restarts. The practical advantage of this is the significant reduction of cost of ownership in addition to the fact that iProtect is fully web based. www.tkhsecurity.com Security Security Management Management Intrusion Intrusion Detection Detection TKH Security TKH Security Solution Solution Video Video Surveillance Surveillance Access Access Control Control 1.4Web-based solution iProtect is based on the latest ICT technology and fully web based, presenting all screens as (HTML) web pages via Internet Explorer, Firefox and other browsers. This obviates the need for local installation of user software on PCs and the need for plug-ins such as Active X drivers. One can therefore connect to the system from any PC. As it is a web-based system it is also not dependent on the type of operating system in use on the PC (for example, one of the various Windows versions). PCs running different Windows versions may even be used interchangeably. All data traffic between the iProtect system hub and the workstations is encrypted through SSL (Secure Socket Layer, as used in internet banking). iProtect is a modular and scalable system and thanks to the application of web technologies fully location independent. The system can be managed from any location, worldwide. 1.5Multi-site iProtect is also ideal for multi-site applications, in which a number of branches can be managed from a single, central iProtect system. The use of TCP/IP communication enables practically any connection between various locations. A variety of hardware components can be installed at these locations to communicate with the central system via the network. Using Horizontal database security a system administrator (who can only manage hardware and employees at his/her own location) can be set up for each location, while a (super) administrator at the head office manages the entire system. 1.6System administrators The software can be divided (virtually) into 3 layers: • Technical implementation of the system • Customer-specific database (name and address data) and implementation • User software, such as interactive floor plans, visitor registration, etc. These are also the most commonly-used layers in building a system with different authorisation levels. The system management authorisation level of security or reception employees will differ from that of a Security Manager or ICT Administrator. The system can be configured to ensure that defined tasks and activities are performed by the appropriate employees, with the option of selecting different languages for different employees. iProtect supports simultaneous use of three languages. 1.7Energy & Cost savings Local hardware like Polyx network controllers and Sirius readers have been developed for low power consumption, delivering reduced energy costs. Because iProtect allows automatic performance of tasks based on the system status, various energy-saving measures can be programmed. Examples are automatically switching off lighting and reducing central heating temperature as soon as the last person leaves the premises, or when an intrusion group is switched on. Customers can effect cost savings on their investment by making smart choices in the structuring and application of the various system components and applications. This is, of course, highly dependent on the building or object to be secured, as well as on the nature and degree of Security required. The Smart Card provides a typical example. The correct choices could result in a card not only for Access Control use but also, for example, in coffee and soda vending machines, canteen checkouts, photocopiers, etc. 1.8Event driven system iProtect is an “Event driven system”, which means that everything that happens is registered in the system as an event (transaction). Whether it’s the input of a card in an Access Control reader, the push of an Intercom button, detection of a car registration plate or an Intrusion alarm – it's registered in the system as an event. With iProtect all these events can be viewed and used to start up special alarm procedures. www.tkhsecurity.com Security Security Management Management Intrusion Intrusion Detection Detection TKH Security TKH Security Solution Solution Video Video Surveillance Surveillance Access Access Control Control 1.9Alarm Procedure Alarm procedures in iProtect are in fact a mask, applied over all new events. If this mask is a 'real alarm', a standard option enables one of 27 priority levels and an urgency level to be assigned. A further option links one or more events, so that manual or fully automatic, predefined actions can be executed. The alarm procedure can be supported by floor plans and camera images, showing where the event takes place and enabling the relevant live or recorded video images to be viewed. An alarm procedure can appear automatically on the PC of the administrator(s) by means of a pop-up. 1.9.1 Alarm distribution Alarm procedures can be divided into different types: security alarms, technical alarms, generic alarms, etc. There is a choice as to which alarm is shown to which system administrator(s). If an administrator is not logged in or hasn’t reacted to the alarm after x amount of time, the alarm can be automatically forwarded to a different administrator. 1.9.2 Alarm actions An alarm action is an extremely powerful tool, used to determine procedure in advance. A number of the basic actions available are set out below: Automatic and/or manual actions ensure that an action in one system generates an action and reaction in another system. Some examples are: • When the intrusion system is switched on all access control readers are deactivated to prevent unnecessary alarms. • When the intrusion alarm is triggered, cameras are aimed and recording starts, lights are switched on and selected doors are locked or opened. • When an invalid access control card is tendered the intercom is engaged and camera images displayed. • In the event of a calamity or company emergency authorisation levels of the cards of the emergency response team are upgraded, providing unlimited access without the obstruction of locked doors. The system can also force a short administrator report of the steps taken in relation to every completed action. The alarm action report provides a complete overview of the alarm event, listing each action and the time at which it took place. 1.10 Buffering transactions As mentioned above, everything that happens within iProtect is considered an event. These events are stored in the event (transaction) memory, collected into event groups. The number of days these events must be saved can be set for each event group. The way in which an event is described and presented in the report of a procedure can be selected by the user. 1.11 Interfaces with applications/systems iProtect can be integrated with third party systems and applications. iProtect is based on open standards such as TCP/IP, JDBC and XML. The use of open standards enables quick and easy database connection with the databases of other applications, such as systems for personnel information, building management, logistical processes, etc. Exchange of name and address data is achieved easily using, for example, XML or LDAP. www.tkhsecurity.com 2.0 What is Access Control? Access Authorisation is basically the opening and/or unlocking of an entrance using credentials in the form of a card, pass or other identification medium, such as a license plate number or biometric identifier. Access Control goes further; it allows individual rights to be linked to credentials in the form of classified rights such as combinations of card readers and time zones. Besides these rights, additional authentication is available where the credentials are linked to a PIN code or biometric identifier. Access Control also provides advanced features such as real-time presence registration in various areas and reports regarding, for example, available assistance personnel at that moment and their location in a building or part of a building. iProtect Access Control supports many types of entrances: • Doors, safety doors, revolving doors, high-speed doors • Boom gates, speed gates, etc. • Rolling gates, sliding gates • Tourniquets, turnstiles • Pedestrian security lanes 2.1How does Access Control work in iProtect? Access Control readers are connected to the iProtect system through network controllers. These controllers are connected to the network and communicate with the iProtect server via Ethernet TCP/IP. This can be done on the network in the building (LAN), but also via WAN connections to other locations. The controllers use a subset of the database of the iProtect server. This makes all card numbers and authorisation structures available locally. The big advantage is that the controller can decide whether a card is granted access or not, even when there is no communication with the central server. This improves the reliability of the system as each controller stays in operation, even when there is no communication with the database. This is defined as local redundancy. The controllers make use of a transaction buffer. When communication is interrupted, the transactions are stored locally in the controller. After communication is restored these transactions are forwarded to the server, providing the system with the correct information and the status of the overall system. The controllers are maintenance free and the electronics are cast in resin so they can be used in the most adverse conditions. Two network controllers are available: the iPU8 and the Polyx. A battery may be connected to these controllers for emergency power supply. The tamper switches of the enclosures can be connected directly to the controllers. The power and battery supply are monitored and a message will appear as soon as they no longer meet the required standards. The IPU8 works with a standard mains supply, while the Polyx has the options of mains supply, PoE or PoE+. Using PoE or PoE+ eliminates the need for an additional power adaptor. Via PoE(+), the Polyx can power two, connected card readers and control door locks. 2.1.1 iPU-8 The iPU8 is used for the connection of 8 Orbit interfaces. These are reader interface units for the connection of one or two Access Control readers with standard communication such as Wiegand or Clock/data. On each reader, four inputs and two outputs are available for signalling and control. A maximum of 16 Access Control readers may be connected to an iPU8. The I/O Orbit is another type of Orbit. This is an interface for a maximum of 12 inputs or outputs, allowing connection to an iPU8 of up to 8 I/O Orbits for 96 I/Os. Three different types of Orbits can be used interchangeably on an iPU8 and connected according to choice. 2.1.2 The Polyx The Polyx network controller has multiple applications. The Polyx can be configured identically to an iPU8 with Orbits. (maximum 2 Orbits). One can also directly connect two Access Control readers to the Polyx. As the Polyx is provided with 12, self-definable inputs and outputs, no Orbits are needed in this case. www.tkhsecurity.com A system can be set up with End to End Security by using directly connectable DESfire AES (EV1) readers. In this case, the card reader acts solely as a wireless-to-wired converter. A card reader used in this way has no intelligence. All intelligence and requirements for reading the card are contained in the Polyx. (This Polyx should be installed in a safe environment). Bi-directional communication between the card and the Polyx, the database of iProtect and the workstation (GUI) uses AES256 encryption. This makes copying and/or restoring previously sent messages impossible (RAP - Replay Attack Proof). Securing the applications from the source (card/tag) to the destination (PC/laptop) of the system is called End to End Security. 2.1.3 Sirius Access Control readers Sirius card readers are the standard readers used on the Orbits and the Polyx. These are available in a variety of versions: • Door Frame (Mullion) reader • Semi-flushmounted reader (mounted on electricity enclosure) • PIN code reader (mounted on electricity enclosure) The readers are supplied in Mifare and DESfire versions with Wiegand, Clock/Data or RS422 output. The combination of Polyx with the Sirius card reader offers a wide range of possibilities and functionalities, as customer-specific configurations are provided by Polyx and not the reader itself. The integration of third-party products (readers) is usually possible in combination with the most commonly-used outputs such as Wiegand or Clock/Data. 2.1.4 Wireless Access Control in iProtect Sallis fittings are electronic door fittings with integrated Access Control readers (such as door locks in hotels). There is no need for any wiring as the door fittings directly control the lock in the door, are integrated with an Access Control reader and work on batteries. These door fittings are, like Access Control readers, available in Mifare and DESfire so they can be used with the same cards/tags as the online Sirius readers. The Sallis door fittings are equipped with a wireless transponder which puts the door fitting in direct communication with a Polyx. Because of this continuous communication, the Sallis fitting works almost identically to an online reader. When a card/tag is introduced to the reader the Polyx will decide whether to open the door or to keep it locked. Thanks to the use of two-way communication, the iProtect software can also open or lock the Sallis fitting. In addition, it can be used to monitor presence, etc. Authorisations for these Sallis door fittings are granted in iProtect, in the same way as for the online Sirius readers. 2.1.5 Salto Offline readers Like Sallis fittings, these are electronic door fittings with an integrated reader and batteries, eliminating the need for any wiring. Salto door fittings do not have wireless communication with iProtect. Authorisation is determined by the information written in the access control card/tag. This is also known as “data on card”. Authorisations are determined in iProtect, as is the case for all other readers. Once made, the authorisations are written to the Access Control card by holding it to a read/write reader. These authorisations determine whether the card is granted access at a Salto door fitting. As there is no communication with iProtect, these door fittings/locks cannot be controlled or monitored by iProtect. This system also operates with an update reader. This is a read/write reader with which one can update the card with new data once per day or every x number of days. In this way, the identity of invalid cards is distributed over the entire system via other cards. The Salto door fitting not only reads whether a card is authorised for access, but at the same time also reads other information from the cards, such as 'card number yyyy is no longer valid'. This is a convenient way to make invalid cards known to all door fittings, thereby restricting their access. In the event of low battery capacity, the Salto door fitting reader will write this information onto the card. When the card is updated at the update reader, this battery condition information is read and sent to iProtect. iProtect will then inform the administrator that a specific door fitting battery is running low on power. www.tkhsecurity.com The date and time on which the card was introduced to a Salto door fitting are also written onto the card and read by the update reader. This provides the administrator, albeit with some delay, with this information via iProtect. 2.2The unique features of Access Control Many additional functionalities are available in Access Control, enabling professional counting and entrance control: Global time anti-passback This feature allows you to refuse access to a person/s with right of Access for a predetermined time period and for a specific group of card readers. This is useful, for example, at swimming pools, amusement parks and theme parks, but other applications are also conceivable. Anti-passback This refuses access to someone who wants to enter an area but is registered in the system as already present in that area. It can, for example, be used at car parks to prevent a person who has already parked from giving the card to a colleague wishing to use the same car park. Walk-in restriction Once a person granted access to an entrance has entered, the entrance is again locked (i.e. before the time allocated for entrance has expired). This prevents somebody from walking in as the door is immediately re-locked. Entrance control When a person obtains access to an area (e.g. a building or car park) but doesn’t actually enter, this person is not registered as being inside the area. Area nesting Access is only granted to persons who have already been registered in another area. For example, access to the storeroom is only granted when the person has already been registered at the office area. Temporary rights Temporary access rights to one or several reader groups (with related time zones) can be assigned to a credential. With this feature the start and end dates can be set separately, also in relation to future access. This may apply, for instance, when assigning or temporarily denying the rights of a person on vacation. Automatic prolongation of rights Prolongation of specific rights can take place upon entering or leaving an area, e.g. a building or department. This feature is mainly useful when a card has not been used for a period and no longer works. Quarantine function This feature is based on automatic tempory denial of access rights. This is used in, for example, hospitals in relation to highly contagious viruses and in the pharmaceutical industry to minimise the risk of spreading particles between medicines being produced in different departments. Visitor registration This covers the registration of current or future visitors and their host, management of visitor passes, assigning and registering specific visitor rights and the printing of visitor passes with logos, name, validity period, host and visitor type, etc. Additional entrance time This can be set per credential, for example for storeroom employees, VIPs, or handicapped people - who are individually alocated additional time during which a particular door remains unlocked. Lift control A reader installed in a lift can determine which person has access to which floors. Examples are buildings with multiple tenants or management floors, where access from the lift to all floors is undesirable. www.tkhsecurity.com Security lane control Standard within iProtect: pedestrian security lanes are supported with a maximum of 16 doors, where only one door may be opened at one time. Remote access In this case, an entrance is not opened when a valid credential is introduced. Instead, an access request is sent. This displays the person’s name and additional personal information including passport photo and/or live video image on a PC screen enabling, for example, a receptionist to open the entrance. Risk status A variety of functions can be changed according to risk status. Examples are whether or not a PIN code must be used at an entrance, or when normal access is to be switched to remote access, etc. Automatic functions Various automated functions are available within iProtect, such as: • Instructing a door or group of doors to open according to time zones • Locking doors as a result of information received from the intrusion alarm system • Showing counter displays • Showing area status signs. Examples are buildings with multiple companies sharing a single car park Door open too long signalling If a door is kept open longer than the predetermined time, a signal will be given locally, at that door, and an alarm will be generated within iProtect. Examples are fire separation doors, which must normally be closed, or storeroom doors which should not be left open continuously. Door forced feature An alarm can be generated when a door opens without the introduction of a credential or when the door is opened from the inside. Historical presence Besides real-time presence, iProtect also offers the option of historical presence reports. This shows who was present in an area (e.g. a building or part of a building) during a given time period. Note: this function is a part of the Audit module. Trace function Trace generates notifications in the management system when credentials for which this function has been activated are introduced. This enables a person's movements to be tracked; or notification of a VIP's arrival where special attention is required. Presence statistics Presence statistics for a predetermined period can be generated using historical information. This type of information is mainly used for creating management analyses. For example, on the efficient use of parking spaces. Extended alarm features iProtect can generate alarms in response to many different types of event, for example when a stolen or lost card is introduced, or when a card known to be valid is introduced at a card reader for which the card has no rights. Reports Many different types of reports can be created in iProtect. This enables checks on exactly what happened on any given date or during a certain period. The data can then be viewed, printed (pfd report) or exported. www.tkhsecurity.com 2.3Real-time presence Recording presence is one of the most import tasks of iProtect. Presence is recorded in access or parking areas. iProtect supports 255 different areas in which people could be present. Area changes can take place automatically on the basis of a person's credentials, such as a pass, tag, biometric identifier or the license plate of a vehicle. Area changes can also be performed manually by an employee or by the semi-automatic visitor module from iProtect. Presence is tracked in real-time and is also available in real-time to all iProtect system users via one of the dialogues in iProtect or via reports. The information is accesible in several ways, by individual or by area. In addition to the standard search methods, there are a number of different presence browsers that show real-time presence in one or more areas. Applications are found in clean rooms, meeting room information, emergency response information at reception desks, etc. 2.4LDAP Lightweight Directory Access Protocol (LDAP) is a network protocol that describes how data from directory services must be approached using, for example, TCP/IP. LDAP is an open standard, as described in RFC 3377 LDAPv3. What are the LDAP functions in iProtect? LDAP allows iProtect to synchronise personal data with an existing directory. A commonly used personal data directory is the Active Directory (AD) from Microsoft. Once this link is established (it is selectable), it will be periodically checked to see whether new persons, modifications or deletions have occurred in the linked Directory. As soon as there are any modifications, these will be directly transferred into the iProtect database. iProtect maintains its own database to guarantee that all data will remain available in iProtect in the event of an interrupted connection or a network fault. 2.5Special functionalities of the iProtect System 2.5.1 Keymap Keymap (floor plans) is one of the most used tools in the iProtect platform. In addition to display of and navigation between different floor plans, Keymap offers the option of placing interactive objects and/or widgets in the plans of all buildings available within iProtect. This applies not only to Access, Burglary, Video and Parking, but also to all other modules. Examples of such interactive objects are: cameras, card readers, burglary points, cash registers, boom gates, intercom stations, live video images, menu buttons and inputs/outputs (I/O). An expansive symbol library is available that covers many objects and new symbols may also be created. Using the available buttons one can place any menu item in a floor plan as an object. This means that a group's access to a floor plan is sufficient to make all necessary information and functions available to that group. Widgets within Keymap provide an easy-to-maintain platform to quickly, simply and effectively show the status of similar objects. For example: technical notifications, or the status of hand-held reporters. Widgets can also retrieve information from the internet. Examples are weather radar, traffic information and Tweets. Camera images can be viewed individually, or in matrix form with related options such as image-only in relation to an event, etc. All objects in Keymap are interactive and always offer various directly-available options in relation to the chosen object, such as: • Latest events • Direct video images of these events • Examples of available controls • Activating/deactivating alarm system • Bypass detector • Adjusting card reader status, e.g: open/closed/automatic • Exit control on/off toggle www.tkhsecurity.com Keymap is also ideally suited to showing all disciplines in a single display and can be adjusted for each user group. In this way, only those objects are shown that are relevant to the user or for which the user is authorised. 2.5.2 Traka Traka is a key management system for mechanical keys where the keys are kept in a locked cabinet. Depending on the rights of a person, he or she can take out one or several keys, while the system registers which key is taken or replaced. Access to the key cabinet can take place through a card reader connected to iProtect. Linking one or several Traka cabinets provides efficient management through automatic synchronisation of name and address data and the number of the credential card. Only persons authorised to open the Traka cabinet are synchronised. The Traka system manages who is allowed to take out which key/s and provides related reports. iProtect is a leader in the management of name and address data. 2.5.3 Cold Standby When a second iProtect server is used as a back-up server, a nightly back-up is created and forwarded to this server. The Cold standby server comes with a (free) copy of the original iProtect software licences, enabling the server to perform automatic software recovery whenever required. If the primary server fails one simply logs in to the Cold Stand-by server, marks this server as the main server and work can continue. 2.5.4 Email support This feature can ensure that events or alarms are communicated to a person or group of people via email. This can only be performed on the email server of the client and not with a commercial email provider. 2.5.5 Control In addition to events from locally connected hardware there are also user database events. These are events such as changing a name or a setting in the database. The control feature allows you to create reports of these changes and to see who made the changes. 2.5.6 Logical switching Logical switching is a tool that acts as a PLC. One can determine within iProtect what must be done automatically in relation to the various statuses of an item (inputs, outputs, readers, intrusion alarm, etc.) This can be something simple, like the status of a power supply, or it could be switching off the burglary alarm, or selecting video camera images, etc. 2.5.7 Horizontal database separation One can manage and control several buildings/locations using the iProtect Multi-site solution. A group of authorisations can be created for each building. The names of the people and the local hardware must be added to each Verification control group. Changes and additions can only be made by persons (iProtect users) in a particular authorisation group in relation to their own group. They cannot view, modify or add the data of other groups. 2.5.8 Reports Many different types of reports can be created in iProtect. This enables full insight into the events of any day or period. The data can then be viewed, printed (pdf report) or exported. www.tkhsecurity.com 3.0 What is Camera Surveillance? Generally a video system is made up of one or more cameras, monitors and, possibly, recorders. Nowadays more and more camera systems are in fact fitted with network cameras, servers and client PCs. These IP video systems are often more convenient to set up and allow for easy integration with the iProtect Security Management system. A camera system enables monitoring of live video images. Recorded images can be used as evidence. The demand for this efficient monitoring method is steadily growing. Integration with iProtect is essential for user-friendly operation of this type of system. 3.1How does Camera Surveillance work in iProtect? iProtect is not a Video Management System (VMS), though a limited number of IP cameras can be directly connected to the system. iProtect is integrated with a VMS when larger numbers of cameras or special features are required. The way iProtect is used is not affected by whether cameras are connected directly or via a VMS system. iProtect helps video camera users to view the right camera images at the right moment and finds images related to a particular event quickly and simply. Image support information facilitates easy event analysis. This display information can, of course, be archived or exported for extended storage and/or sharing. 3.2VMS integration in iProtect iProtect can be integrated, in standard configuration, with two of the most popular Video Management Systems: DIVA (Digital Intelligent Video Architecture) The DIVA platform is an IP-based solution developed by VDG Security BV. DIVA is a scalable video solution with built-in modules such as face and license plate recognition and intelligent Video Analytics. DIVA can be used on any number of cameras – from one to thousands. 3.2.1 DIVA Features Extensive integration with iProtect. Integration is possible on both the DIVA server side and the DIVA client side. For example, if there is an event within iProtect the display of the DIVA client can automatically be adjusted to this. • Many camera brands are supported • Single server solutions for client server, scalable and modular architecture Support for graphic cards, own single and multiple screen layouts • Centralised user management, centralised or decentralised storage of all settings • Automatic switching to fail over server(s), RAID support • HD video quality in various compression standards, smart transcoding offering bandwidth control • Automatic Event - Reaction macro • Multiple time schedules and profiles • Adaptable, built-in, video-wall management • Face Recognition Video Analytics • Automatic Number Plate Recognition • Scene detection 3.2.2 Xprotect* XProtect is a powerful, easy-to-use Video Management System, designed with open architecture. This means that all XProtect systems are compatible with many IP cameras and encoders. The logically suitable version can be chosen in relation to the relevant application. *depending on the version www.tkhsecurity.com 3.3Unique iProtect Camera Surveillance functionalities Live or recorded video images can be used in the web-based iProtect client. 3.3.1 Video verification Both smaller and very large systems can automatically display event-related images. The desired images can be displayed in various ways in the interactive graphic display (Keymap). To increase the attention value of video images and to prevent wearying the user with irrelevant video information, camera images can be presented only when required. Camera images are therefore displayed live on full screen or in multi-view (e.g. mosaic 2x2 or 1x3 or 4x1, etc.). As soon as an event occurs, the screen layout can be automatically adapted to ensure that only the most important images are displayed, enabling quick evaluation of the event. If desired, special menus can be used, for example to enable an alarm or intercom call to be quickly dealt with according to a particular protocol. In such a case, image information from one or more event-related cameras is also presented on the screen. For example, when an intercom call is received, the caller's face, vehicle number plate and surroundings are displayed and recorded by several cameras. 3.3.2 Video on transaction Regardless of the iProtect module(s) being used, transactions are stored in the iProtect system when an event occurs. iProtect Camera Security allows recall, with a single mouse click, of any video image recorded at the time of the transaction. This eliminates the need for using a separate video system to find the images on the correct camera in relation to an access control event or alarm. 3.3.3 “Intelligent” cameras Depending on the type of camera or the Video Management System, iProtect provides an option to use intelligent features such as Automatic License Plate Recognition (ALPR) or Video Content Analysis. This allows the camera to be used as an Access Control reader or alarm detector, including tamper notification. In the case of ALPR, personnel and visitors no longer need to present a pass. The boom gate opens directly as soon as the car license plate of an employee or registered visitor is recognised. 3.4Why Camera Surveillance with iProtect? • It is an efficient Security Management System, resulting from integration. • It offers high-level supervision and security, using fewer personnel. • The use of network cameras allows for high quality video images through standard network cables (or, optionally, through existing coaxial or glass fibre cable). • The high graphics quality of Full HD or megapixel cameras makes it possible to display much more detail, using fewer cameras. This creates savings on the number and cost of cameras. • Existing high quality camera systems can, in many cases, be integrated with iProtect, preventing waste of capital investment. www.tkhsecurity.com 4.0 What is Intercom? Intercom provides spoken communication between 2 or more persons. iProtect Intercom offers a wide range of additional options allowing efficient, manageable Intercom communication via integration of Video and Access Control. The Keyprocessor intercom programme provides a wide range of solutions for various market segments, such as: • Parking: For example, the intercom posts at drive-through terminals and cash machines. • Medical: Solutions for operation rooms and clean rooms, hands-free communication, group conversations - anti-bacterial and conforming to EN 60601-1. • Industrial: Industrial stations in factories, where volume and clarity are affected by ambient noise. • Receptions and Security lodges: A wide range of main stations and operating consoles for locations receiving all incoming calls. • Office buildings and businesses: For example, built-in and surface-mounted wall and desk designs, as well as modules suitable for public locations such as train or metro stations and government buildings, where intercom installations must be protected against vandalism. These units can be installed both indoors and outdoors. 4.1How does iProtect Intercom work? Intercom in cooperation with iProtect provides the user with a unique solution, in combination with other applications such as Access and Camera Surveillance. This solution immediately gives the user a better understanding of the situation, allowing for quicker, informed decisions on whether to grant Access or not. • The right camera, or group of cameras, can be viewed immediately on receiving an intercom call, using the camera at the intercom station or any of the cameras available in iProtect. When viewing a group, both the person placing the call and the surroundings of that person are displayed. • Access Control managed via iProtect ensures that the area and block counts remain valid. • Choice of different entrances, such as pedestrian or vehicle. • User-friendly operation. • Fault notifications centralised in iProtect with, if required, the relevant procedural instructions. • Immediate display of video recordings on retrieval of calls. • Visualisation of the location (interactive floor-plans) from which the call was placed – particularly useful for larger installations. • Complete integration with the unique iProtect alarm handler, which is integrated with other disciplines like control of alarm installations and lighting. • Special intercom handler optimised for fast operation with a minimum of mouse clicks, enabling immediate display of the correct video images and a floor-plan overview. 4.2Unique Intercom functionalities • Scaleable from 2 to more than 1,000 stations. • Intercom over IP. • Multi-site solutions for both local and central main stations. • Automatic call divert in the event of absence. • Calls diverted to land lines and mobile phones. • Call holding functions. • Combined installations for all applications, such as heavy industry, offices and parking. • PA announcement installation for large complexes, parking facilities or factories. • Music is supported. • Excellent sound quality with 16Khz bandwidth. • Cell intercom with specific functions such as lighting control and various music channels. • Hands-free solutions for medical and industrial environments. www.tkhsecurity.com 5.0 What is Intrusion Detection? Third-party intrusion alarm centres can be connected to iProtect. These are autonomous intrusion centres which can be linked to iProtect. This document provides a general description of all variables and functional options in relation to linking to third-party intrusion systems. The purpose of the intrusion link is to take over the daily operations of an iProtect user so that the alarms can be dealt with in iProtect in a way that is familiar to the user, with the support of floor plans and video images. In addition to the basic functions above, many options are available for integration with iProtect - such as video-on-event, switching card readers on and off, automatic blocking of card readers when alarm is switched on and simultaneous remote control of multiple intrusion alarms. 5.1How does Intrusion Detection work in iProtect? 5.1.1 Alarm point Various alarm point statuses are supported in iProtect. Whether they are used or not depends on the linked installation. The following statuses are available: • Tampering • Low resistance • High resistance • Loop opened (alarm/active) • Tampering opened A camera can be directly linked to the alarm points to establish a relationship between the alarm point and available camera images. It is possible to assign authorisations to these alarm points to determine which iProtect users can view and/or modify this group. 5.1.2 Alarm group An alarm group is a collection of alarm points functioning as a group, also called a block. An individual name can be assigned to this group in iProtect, usually the name used in the intrusion centre. It is possible to assign an authorisation and/or time zone to these alarm groups. Time zones: this allows setting of the times at which events are sent to the database. Authorisation: this allows determination of which iProtect users can view and/or modify this group. An alarm group can be of the following statuses: • Activated • Deactivated • Cancel setting • Partially activated • System reset www.tkhsecurity.com 5.1.3Alarm group selection An alarm group selection consists of various alarm groups, that are linked together. This allows the status of a number of alarm groups to be changed by means of a single instruction. It is possible to assign an authorisation to this alarm group collection. This enables selection of iProtect users who can view and/or modify the alarm groups. The following changes can be collectively performed for alarm groups via an alarm group collection: -- Activated -- Deactivated -- Cancel setting -- Partially activated -- System reset 5.1.4 Alarm output An alarm output is an output on the intrusion centre. iProtect enables viewing and modification of the status of various outputs. No further direct relationships are established with outputs. 5.2Unique functionalities of Intrusion Detection 5.2.1 Visualisation of Detectors and Alarm Groups on floor plans It is possible to visualise the alarm points in iProtect. An alarm point can appear a number of times in one or more floor-plans. The status of the alarm points is refreshed fully automatically, allowing for a real-time overview. An alarm point has a standard symbol in iProtect and can display statuses. iProtect provides the option to create individual icons for alarm points, so that the symbols used can correspond to the wishes of the customer. The CD supplied with iProtect includes various examples of symbols. Various functions are available via an alarm point icon in a floor plan: Left mouse button: request details of the alarm point. This provides the following information: • Full name of the alarm point. • Information as to which authorisation group it belongs. • Actual status of the alarm point (stand-by, active, by-passed, etc.). • The actual status of the alarm group to which the alarm point is linked. • There is an option to directly by-pass the detector from this screen or to cancel the by-pass. • Information as to which camera is linked to the alarm point. • The opening of a separate live video image of the camera linked to this alarm point. Right mouse button: requests events from the alarm point: By default, this dialogue shows the events over the last 10 minutes at this alarm point. This dialogue enables the time of retrieval of historical events to be set at intervals of 15, 30 or 60 minutes, 3, 6, 12 or 24 hours, 2, 4 or 8 days, etc. In the event of a linked camera, the video recording of the selected event can be called up via this dialogue. While viewing the video clip, options are available to zoom in and simultaneously open a window displaying the live image. While viewing there are options to pause the image and to download images and save them to a user-defined destination. www.tkhsecurity.com 5.2.2 Visualising alarm outputs The alarm output can be visualised in iProtect. An alarm output can appear a number of times in one or more floor-plans. The status of the alarm outputs is automatically fully refreshed in the floor plans, allowing for real-time overview. (One must take into account that there is a delay in refreshing the status). An Alarm output has a standard symbol within iProtect. 5.2.3 Events Third-party intrusion centres forward many events to iProtect, which are then translated within iProtect into so-called SIA events. This allows for a procedure to be started for every SIA event, which can then initiate actions via the alarm handler, such as: -- Locking doors when system is activated. -- Controlling lighting in a block that is switched off. -- Visual alarm via the standard alarm handler in the event of an intrusion alarm. -- Providing instructions on whom to contact in the event of fault notifications. -- Resetting the presence counter to 0 when activated. -- Switching anti-pass back functionality on or off depending on Group status. -- etc. 5.2.4 Linking access area to Intrusion alarm groups It is possible to link an area to an alarm group in iProtect. This quickly and simply ensures that when an alarm group is activated the readers for that area are automatically blocked, except for the reader(s) belonging to the entry route. Only those persons with the right to switch off the alarm can obtain access via these readers. In addition to the above-mentioned function there is an option to, if authorised, switch an alarm group on or off via an access control card reader. 5.2.5 Importing data For certain types of intrusion installations, the alarm point information can be imported from the intrusion centre. This restricts double input of data to a minimum. With a link to the ATS or Alphavision XL, most of the data can be imported into iProtect. Free zone texts are a point of interest. The actual programming is performed via the ATS or Alphavision XL. 5.3Intrusion centres iProtect supports the following third-party intrusion centres: -- Galaxy 500 series (via RS232) -- Galaxy G3 (via RS232) -- Galaxy GD (via TCP/IP) -- ATS (via TCP/UDP) -- Alphavision XL (via TCP/UDP) -- IBC-128 (via TCP/IP) Note: Aritech CD panels are no longer supported, as of iProtect version 7.1. 5.3.1 Galaxy 500 series, G3 and GD (Dimension) via RS232 The following conditions apply to linking the Galaxy 500 series. Linking is performed on the basis of RS232 through the (printer) module of the Galaxy central station which is set to 2-way communication. The RS232 port must be put in serial connection with an iPU-8. The number of Orbits or directly controllable card readers is a maximum of 2. www.tkhsecurity.com 5.3.2 ATS The following conditions apply for linking the GE ATS panels. Linking is performed via Ethernet using the UDP protocol. On the ATS side a universal interface (GE) is used. This interface acts as a gateway between the ATS panel and iProtect. The standard UDP port number used is 3001, but this can be changed. An ATS installation always communicates with iProtect on IP Basis via an iPU-8 or Polyx. The number of Orbits or directly controllable card readers is a maximum of 2. 5.3.3 Alphavision XL The following conditions apply to linking the Alphavision XL panels. Linking is performed via Ethernet using the UDP protocol. The standard UDP port number used is 6900, but this can be changed. An Alphavision XL installation always communicates with iProtect on IP Basis via an iPU-8 or Polyx. The number of Orbits or directly controllable card readers is a maximum of 2. 5.3.4 IBC-128 The following conditions apply to linking the IBC-128 panels. Linking is performed via Ethernet using the TCP protocol. The TCP port numbers used are 20,000 or 30,000. An IBC-128 installation always communicates with iProtect on IP Basis via an iPU-8 or Polyx. The number of Orbits or directly controllable card readers is a maximum of 2. 5.3.5 Restrictions Maximum number of third-party intrusion stations: 80 Maximum number of alarm points: 2500 Maximum number of alarm groups: 256 Maximum number of alarm outputs: 80 www.tkhsecurity.com 6.0 What is Time Registration? Variable work times, reduced work hours, part-time jobs, min./max. contracts, shifts, overtime, vacations and sick days. iProtect helps you with a clear overview of this complex information. iProtect Time Registration is an effective and flexible solution for keeping track of the accountable hours of your employees. What makes it so special is the unique system configuration for scheduling and setting information from the collective (trade union) agreements and company regulations that apply to the employer's business. The definable aspects of Time Registration, such as time-tables, scheduled days, and booking categories are basically unlimited. Criteria must be set in the time registration system for correct calculation of the booked data. For this, the user has various calculation methods at his or her disposal. iProtect itself will indicate which aspects of the calculation method must be entered. The iProtect concept is transaction oriented. This makes it possible to determine the impact of roster changes and (collective agreement) regulations on the (personnel) cost structure in your organisation. It also provides the possibility of applying and recalculating certain retrospective changes. iProtect provides the manager with the following reports: standard time registration reports (e.g. booking overviews and norm deviation), matrix reports and trace reports. The emphasis here lies on free definition of the reports. With matrix reports the user can easily generate any desired time registration report. These can be saved as 'query'. The trace report is a unique concept within Time Registration systems. It allows the manager to perform a check on the set calculations. iProtect Time Registration shows the user exactly how it produced the calculated results in a trace report. This report is an important resource during implementation of the Time Registration system. Time registration bookings can be made in iProtect via Time Registration booking terminals, access readers or software-operated via manual mutations of the MutaBox, InfoBox and/or My iProtect. InfoBox and My iProtect allow employees to apply or request time registration data from their workstation (or from a central place in the organisation) via a PC and user-friendly menu. The MutaBox was developed for the daily management of work time registration data. Every (departmental) manager can use an individual MutaBox for keeping track of the employees working in his department. Here one can view, correct or invalidate the data of each, individual employee using the various tabs. The planning feature enables entry of a timing schedule for a number of employees simultaneously - which can be repeated if so desired. For example, input of the number of absent workers on a public holiday. A change may be required in the existing Time Registration bookings of a group, or of all employees. As long as a period has not been closed, work time data over that period can be corrected. The system will then recalculate the results. www.tkhsecurity.com