Learning to Leverage Biometrics in Access Control Environments

The biometrics ecosystem is evolving at a rapid pace and providing incredible benefits to enterprises that adopt the technology, especially when these now-commonplace features are applied for cybersecurity.

Although people are already familiar with using a thumbprint or facial recognition to unlock their mobile device or complete an online purchase with it, the real power of biometrics extends far beyond these simple features and experiences.

As massive data breaches spilling millions of user passwords and shared secrets become a familiar part of our everyday lives, so does the reality of malicious hackers leveraging these credentials to cause widespread damage. Due to the sheer number of compromised user credentials available from these spills identity theft is at an all-time high, potential GDPR fines loom over many organizations, and there is an atmosphere of distrust.

This is where biometrics can provide an answer because these features we rely on for convenience can also have a groundbreaking impact on security and privacy. Providing that we follow a hard and fast rule — that biometrics are combined with public-key cryptography.

In order to properly leverage biometrics, however, IT and security teams should first understand the key elements that make it such a powerful tool to combat today’s ever-evolving threat landscape and, how to begin implementing it without requiring a complete overhaul of security infrastructure.

The Biometrics Ecosystem

One of the most powerful aspects of the biometrics ecosystem as it relates to cybersecurity is that it replaces the shared “something you know” factor of user authentication with the difficult to reproduce “something you are” factor. Whereas passwords and shared secrets can be stolen and duplicated, every person’s biometrics are completely unique.

In turn the devices that match biometrics to their enrolled templates have grown in sophistication and are already in our hands. The vast majority of sensors on modern mobile devices have a 1/50,000 minimum false acceptance rate (FAR) which makes it extremely difficult to mimic a biometric template.

Using these sensors paired with standards-based authentication such as Fast IDentity Online (FIDO) protocols that eliminates shared secrets creates significant friction for the bad actors who weaponize credentials for fraud through account takeover. It also disrupts a hacker’s attack vector (and thus their economic model) as they can no longer focus on huge server stockpiles of user credentials and must instead go to individual devices to attempt to obtain a single user’s credentials.

This shift makes it virtually impossible to have the mass credential breaches like the ones we are experiencing on an almost daily basis today.

Select a Use Case and a Secure Model

When launching a biometrics strategy, IT and security teams should look for areas where biometrics can have the greatest effect while creating the least amount of friction, and begin deploying the capabilities there. Oftentimes this is with internal facing applications that don’t directly impact customers. Or, they can take the route of securing consumer-facing apps since biometrics are so popular with their users and consumer devices with advanced capabilities are readily available.

Even the most forward-thinking organizations can balk at biometrics when they think it requires an unmanageable set of changes, such as the addition of special hardware, gutting of associated solutions or the taking on of unacceptable kinds of risk such as custodianship of biometrics.

However, the best way to implement biometrics into the security framework is through a deliberate and gradual process using a solution that is built upon mobile-centric FIDO standards. FIDO-based solutions are built to play nicely with security products already in place, and the strength of the standard ensures that users — not the enterprise — are the stewards of biometrics.

Make User Experience A Top Priority

Finally, despite all of the security benefits the biometrics ecosystem provides, if the user experience is clunky it will be difficult for users to adopt. The good news is that providing an easy-to-use, uniform experience for biometrics is rather simple due to the sophistication of today’s mobile devices. Every employee already has a company or personal smartphone and experience using biometrics to unlock the phone make a payment.

The biometrics ecosystem provides incredible opportunity to create a more secure online world while building upon the experience smartphones have proven to deliver their users. Enterprises that want to roll out biometrics-based services today are poised to fully capitalize on it.

Thanks to the sophistication and ubiquity of the devices, and to the availability of solutions built upon open standards-based decentralized architectures, migrating to a true password-less state is within reach. Once it’s deployed — even on a limited basis — my guess is that the enterprise will begin to see other areas for implementation across the enterprise.

 

Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality. Biometrics is particularly useful in enterprise scale operations, various campuses, as well as car dealerships or any other large property where tight security is necessary.

Please contact us at  admin@gostst.com on our website
or via phone at  210-446-4863   24/7

Intelligent Video Solutions: Why Not Go DIY For Your Security

In the same way that in order to keep our health, most recognize the value of seeing a medical practitioner regularly for checkups and necessary tests. Perhaps somewhat surprisingly, many enterprises do not carry this philosophy with them and into their security environments. They might budget for product yet not budget for professional services and assess performance of those products to determine the risk of a breach.

Taking a “set and forget” attitude to security systems can cause a system of sub-optimally configured and deployed security tools. Not properly integrating, testing, and re-integrating is a part of why some of today’s enterprises find “themselves with massively complex, disparate and expensive-to-manage security infrastructures that, when all is said and done, are largely ineffective against modern adversaries.”

Some organizations assume that original equipment manufacturers (OEM) should be the best resource and point of contact for deploying, optimizing, and fine-tuning their security services and platforms. But OEMs are simply the manufacturers and not security systems integrators (SSIs).

This tends to limit their knowledge to only their particular suite of technology, and because it is typical for a mid-range and larger commercial project to require integration between the equipment of multiple manufacturers. This is the kind of work that we do here at STST and through our professional integrations services, we can “provide strategic guidance on infrastructure rationalization and optimization.”

Adopting a DIY approach or trying to have a tech-savvy employee handle it all internally is one of the quickest ways to fall prey to a data breach. Using existing, internal staff to deploy and integrate new tech can lead to problems from configuration issues, sub-optimal overall performance, to of course all out system failure. Some studies from OEMs suggest that as many as 95% of clients who experience a data breach set up and integrated their systems themselves.

Aside from all this, using an SSI to plan-out, source, design, implement, and test your access control and/or surveillance project is much more likely to save you money in the long or even short run.

Having a company of specialists such as STST always in your contacts gives you the peace of mind that the people who built your system, and therefore have a much more intimate knowledge of it, will be around to service your project moving into the future.

A poorly installed “DIY” system may not only waste money in that it may simply be of poor quality or poor design implementation, but also keeps your company at risk to the attacks and break ins you were trying to prevent in the first place.

From schools, offices, clinical facilities, HOA pools and much more, STST has the knowledge and experience to install or effectively upgrade existing infrastructure in a meaningful way that will hold together and ultimately, get results.

Even though huge volumes of video data are collected every day, most statistics indicate that only 10 percent of this data is ever used. The majority of data collected loses its value very quickly after being generated. The reason for this? Our primary focus tends to be delivering the correct information in a crisis or providing it as evidence after criminal activity has taken place. This causes much data to be “wasted” in the sense that we lose our on the opportunity to perform useful analytics.

Video analytics is an increasingly powerful tool. It helps to improve usability of these vast amounts of video information. Analytics software acts as the “brain” of a surveillance system and is built into IP cameras themselves or processed in separate computing infrastructure. This creates a smarter system that “knows” what it sees and alerts guards to potential threats as soon as an alarm rule or condition is met. Analytics gives operators the chance to act faster and more efficiently with better intel.

Video analytics is like an ever-vigilant system operator within the security system itself. It captures data like a panopticon, seeing all in every monitored scene around the clock. Content analysis information, a form of video metadata, is stored as well. As they reduce operating costs and increase efficiency, intelligent cameras deliver a solid return on investment which can be measured in tangible results to the business or other setting in which it operates.

Let’s take a look at what exactly is possible using intelligent video:

Smart IP cameras are able to classify the objects they see on their own. Objects entering or leaving the scene can be identified as a person, car, bike, truck, or other object. Because the camera can differentiate objects, it can be told to only alert in the case of a break-in, ignoring things like leaves in the wind or animals wondering through. New low-light cameras allow color-filtering even in scenes with very little ambient light. Even at night, color detection is possible in this way.

Alarm detection can be set to be even more specialized. Rules can be configured to look for specialized behavior patterns such as fighting, running, loitering, path following, abandoned luggage, entering an area, and more. The alarm engine in each camera coordinates with the others in a logical way to interpret this information and determine threat status. All this allows for a very robust alarm condition solution and prevents false and missed alarms.

What’s more, stored metadata enables forensic analysis at a later time. This means that retroactive searches for a specific car or person is possible even if it was not a determined item of interest until well after the event was recorded. Metadata is compact and only barely adds to the size of recordings. It is quick and easy to search through to find a specific event.

The logical next step is to continue to improve analytics for video metadata until we approach 100 percent practical use. Predictive analysis of human traffic patterns can predict shoplifting and identify potential events before they take place, and the more data that can be made useful the more accurate these types of predictions will be.

The same technology can monitor customer dwell time at different displays in a store and determine the effectiveness of in-store advertising and product locations. Analyzing customer engagement with these displays can help increase customer engagement with products and lead to increased sales and revenue. As the IoT expands, this type of technology will be more and more critical as there will be many more points of data to analyze. There is no way to fully anticipate the eventual effects this will have on our industry or the world at large.

 

Please contact us through email at admin@gostst.com

Through our website form

Or via phone at  210-446-4863   24/7

Avigilon and Video Analytics

 

Avigilon is a Vancouver based security equipment designer and manufacturer, perhaps most well known for the software they have developed to analyze raw video data, with no input other than the pixels streamed through an HD camera setup. “Open Video Management” using what they term “Self-Learning” video analytics is the cornerstone of any modern video analytics solution. The company also manufactures several lines of high quality HD cameras and access control gear, but it is not a requirement that all equipment be from Avigilon. Avigilon analytics is performed on-site with a proprietary set of hardware and software, and is effectively limited only by the quality of the video input.

What does this all mean for the consumer? For the residential market, there is not much application, and most home owners would see the cost as extraordinary, considering the increasingly cheap residential offerings from mainstream security integrators. It is also generally not necessary to run such extensive analytics in a residential setting. What Avigilon’s video analytics are particularly useful for are larger, enterprise-scale security operations, such as car lots, schools, and highly trafficked gates. This is something our company has considerable experience with, both in installing and integrating with other cameras and access control systems, as well as servicing and maintaining this type of equipment.

For example, let’s look at our most popular security solution featuring Avigilon; car dealerships. Avigilon’s analytics recognize a car versus some other object and distinguishes between a person and an animal or some other moving object which is not a security threat. The degree to which any software is actually “self-learning” is certainly up for debate, though the type of software underpinning these analytics systems is similar in structure to the kind of predictive software used by Google, Amazon, or Facebook to predict future purchases and analyze behaviors. The idea is that the software is able to self-code within the limited scope of object detection and threat discernment. This implies that each individual system that is integrated with Avigilon analytics will be slightly different over time for each installation in order to better perform in that particular setting.

Security Technology of South Texas is well versed in customizing analytics solutions to each customer based on their concerns and security needs. As we move into the future, analytics will become a de facto component of any competent access control and video surveillance installation, as it is able to reduce or eliminate false alarms, the traditional bane of functional, digital security.

Avigilon has recently announced what they call a “next generation” AI capable camera system. Called the “H5 Smart Camera”, this technology makes use of Deep Neural Networks built into the devices themselves to provide the ability to learn, detect, and notify for events requiring investigation. So called “deep learning” or “deep neural networks” are the same type of AI tech used in the AI operations of companies like Google and Amazon. Deep learning AI works by sorting through massive amounts of data, the more the better, and modifying its own code based on what the program sees. Google’s “Watson” is a famous example of this kind of software, and gained public exposure when it defeated the world’s top player of “Jeopardy”. Deep learning was also used in the software that established computer’s as the top “players” of Go, a chess-like strategy game which is well known for its highly technical play and difficulty.

Avigilon is working with Intel, a leader in the emerging AI marketplace. Intel’s “Movidius” VPUs allow for power-efficient acceleration of hardware in deep neural networks. These networks are inspired by and in some ways modeled from the way that biological systems (brains and central nervous systems) process and interpret information. Intel believes this technology will “usher in a new generation of video analytics capabilities with deep learning approaches” (avigilon.com). The H5 camera line uses these AI facilities to develop more sophisticated event detection and automatic notifications. The cameras are to be displayed at the Global Security Exchange conference of 2018 in Las Vegas, and are expected to be launched into the market in 2019.

This is the focus that Avigilon has had in the industry for a while already and they have analytics systems available now. Yet as technology marches up an accelerating curve in processing power, we can expect more and more functionality in all AI systems to come. AI itself is a fascinating technology that we have looked at in more detail in previous articles, and is expected to radically change the markets in almost every industry and the global economy as a whole.
Even though huge volumes of video data are collected every day, most statistics indicate that only 10 percent of this data is ever used. The majority of data collected loses its value very quickly after being generated. The reason for this? Our primary focus tends to be delivering the correct information in a crisis or providing it as evidence after criminal activity has taken place. This causes much data to be “wasted” in the sense that we lose our on the opportunity to perform useful analytics.

Video analytics is an increasingly powerful tool. It helps to improve usability of these vast amounts of video information. Analytics software acts as the “brain” of a surveillance system and is built into IP cameras themselves or processed in separate computing infrastructure. This creates a smarter system that “knows” what it sees and alerts guards to potential threats as soon as an alarm rule or condition is met. Analytics gives operators the chance to act faster and more efficiently with better intel.

Video analytics is like an ever-vigilant system operator within the security system itself. It captures data like a panopticon, seeing all in every monitored scene around the clock. Content analysis information, a form of video metadata, is stored as well. As they reduce operating costs and increase efficiency, intelligent cameras deliver a solid return on investment which can be measured in tangible results to the business or other setting in which it operates.

Let’s take a look at what exactly is possible using intelligent video. Smart IP cameras are able to classify the objects they see on their own. Objects entering or leaving the scene can be identified as a person, car, bike, truck, or other object. Because the camera can differentiate objects, it can be told to only alert in the case of a break-in, ignoring things like leaves in the wind or animals wondering through. New low-light cameras allow color-filtering even in scenes with very little ambient light. Even at night, color detection is possible in this way.

Alarm detection can be set to be even more specialized. Rules can be configured to look for specialized behavior patterns such as fighting, running, loitering, path following, abandoned luggage, entering an area, and more. The alarm engine in each camera coordinates with the others in a logical way to interpret this information and determine threat status. All this allows for a very robust alarm condition solution and prevents false and missed alarms.
What’s more, stored metadata enables forensic analysis at a later time. This means that retroactive searches for a specific car or person is possible even if it was not a determined item of interest until well after the event was recorded. Metadata is compact and only barely adds to the size of recordings. It is quick and easy to search through to find a specific event.

The logical next step is to continue to improve analytics for video metadata until we approach 100 percent practical use. Predictive analysis of human traffic patterns can predict shoplifting and identify potential events before they take place, and the more data that can be made useful the more accurate these types of predictions will be. The same technology can monitor customer dwell time at different displays in a store and determine the effectiveness of in-store advertising and product locations. Analyzing customer engagement with these displays can help increase customer engagement with products and lead to increased sales and revenue. As the IoT expands, this type of technology will be more and more critical as there will be many more points of data to analyze. There is no way to fully anticipate the eventual effects this will have on our industry or the world at large.

Sources: Avigilon.com

—————————————————————————————————————————————–

Part 2: Facial Analytics

The American Civil Liberties Union recently tested Amazon’s facial recognition tech — and the results were less than favorable. To test the system’s accuracy, the faces of all 535 members of congress were scanned against 25,000 public mugshots, through Amazon’s open Rekognition API. Although none of the members of Congress were in any of these mugshot lineup, Amazon’s system nevertheless generated 28 false matches. The ACLU claims this raises some particularly serious concerns about Rekognition’s use by law enforcement and in the legal and medical world.

“An identification — whether accurate or not — could cost people their freedom or even their lives,” the group said in an accompanying statement. “Congress must take these threats seriously, hit the brakes, and enact a moratorium on law enforcement use of face recognition.” (ACLU)

According to The Verge, an “Amazon spokesperson attributed the results to poor calibration.” However this does not necessarily account for the results. Amazon’s system currently operates with the default confidence threshold of just 80 percent. Yet Amazon claims it recommends at the very least a 95 percent threshold for situations such as medicine and law enforcement where relying on a machine to ID someone could cost them their freedom, life, or worse.

“While 80% confidence is an acceptable threshold for photos of hot dogs, chairs, animals, or other social media use cases,” the representative said, “it wouldn’t be appropriate for identifying individuals with a reasonable level of certainty.” (ACLU) Even still, the Rekognition suite does nothing to affect that recommendation during the process of setting it up, and there is of course little to nothing to prevent law enforcement agencies from using the default setting of 80 percent.

In May of this year, this tech came into the limelight when the ACLU report was able to show the system being in use by a number of LEO agencies including the police of Orlando, Florida. It is sold as a part of Amazon’s Web Services cloud, and is quite inexpensive with a costs as low as less than just 12 dollars a month for the entire department.

Furthermore, this test demonstrated a continuing problem of many facial recognition systems, which have  historically had considerably difficulty    in accurately identifying both women and non-white minorities. Of the 28 false matches, 11 involved black members of congress, although they make up just around 20  percent of the whole of congress itself. Some other systems fair even worse. With the system used by the London Metro Police force producing as many as 49 false matches for every legitimate hit, which then necessitates a manual and time and resource consuming search though these false-positives.

Ostensibly, facial recognition IDs would be confirmed through multiple human sources before an arrest would be made, though many say that even checking faces violates privacy rights. Worse still, it is not hard to imagine a situation where an officer sees a false match that leads him to believe the potential arrestee could be armed and dangerous, and also plant ideas about the person before even really investigating, changing the outcome of a routine stop from routine, to possibly violent, even deadly.

Security Technology of South Texas works with analytics and facial recognition video surveillance in its projects, and are experts in integrating, understanding, and sourcing only the best tech to get your job done, at a price you can feel good about. Let us show you the difference between a local, responsive, company that strives for only excellence and client satisfaction versus the kind of experience we have all come to expect from the detached, hard to reach, and inferior service and installations inherent to the juggernauts of the security industry.

Security Technology of South Texas is an authorized integrator for Avigilon systems and has designed systems with this kind of functionality. Avigilon analytics is particularly useful in enterprise scale operations, school and college campuses, as well as car dealerships or any other large property where tight security is necessary.

Please contact us at  admin@gostst.com on our website

or via phone at  210-446-4863   24/7.

Sources: ACLcomU, Verge.com,  Amazon.

Fully Integrated Security and Access  Control with Alarm.com


Alarm.com is an all-inclusive business security and access control service that we offer our clients for easy access and constant updates from their work sites and businesses. The technology is specifically engineered for small and medium size business owners, and combines intelligent intrusion detection, video surveillance, access control and energy management into one cost-effective solution which is accessible from any computer, phone or other smart device.

———————————————————————————————————————————–

Their all-encompassing “Smarter Business Security” solution allows the site manager to know if someone accessed a room after hours, determine false from real alarms, and provides real-time notifications. It also features remote control and auto arming, allowing you to know what is happening at your business or work site and that it is secure regardless of your location. The integrated smart thermostat eliminates waste from heating and cooling when nobody is present and helps save automatically if management forgets to turn off the AC or heating during closing hours.
———————————————————————————————————————————–
Not only will Alarm.com integrate with your on-site cameras, it is also a fully fledged access management solution as well. From a small team of just 5 to up to hundreds of employees, this technology allows management of multiple access plans centrally, with the ability to remotely lock or unlock doors and monitor activity at multiple sites if necessary. This solution integrates with industry leading hardware manufacturers, making it easy to step up access control measures without the need to replace locks and card readers already installed. This helps keep costs down as much of the price of new access control solutions is driven by the installation of new on-site hardware, costing many thousands.
———————————————————————————————————————————–
The Alarm.com solution for businesses is fully supported from their professional local Service Providers to ensure dependable and up-to-date service. This seamlessly integrated suite of business solutions will include intrusion, video, and energy management all through a single app, consolidating power into your hands and eliminating the need for a monitoring service.
———————————————————————————————————————————–
Furthermore, using data generated from the app, business owners can garner valuable insights into activity trends, allowing them to make smarter decision with respect to staffing, promotions, and energy use. The app generates simple and easy to understand reports which show activity patterns across entire work sites and business operations, helping to point out any unexpected changes.
———————————————————————————————————————————–
For example, visualized trends include open/close trends for each location and allow you to identify peak periods of activity and customer traffic. Previously unknown activity can be uncovered such as unexpected after hours entry by employees or intruders. Any doors left propped open can also be detected, eliminating energy waste and helping to mitigate security concerns. An historic timestamp of which users armed and disarmed the system is also kept for later review if necessary. Both single-site and multi-site reports can be generated on either a daily, weekly, or monthly schedule.
———————————————————————————————————————————–
Security Technology of South Texas is happy to offer custom access control and surveillance solutions to the business security market, designed either turn-key and from the ground up, or integrated into an already existing series of cameras and access control structures.

Please contact us through email at admin@gostst.com

or by phone at 210-446-4863 24/7 to schedule a consultation.