SPG Controls’ S1000 achieves FCC Certification

/0 Comments/in /by

What is an FCC certification?

FCC certification is a form of product certification for electronic and electrical goods manufactured or marketed within the United States. It certifies that the radio frequency radiated from a product is within measured thresholds accredited by the Federal Communications Commission (FCC).

The Federal Communications Commission has produced technical requirements for testing electronic and electrical equipment based on the type of radiofrequency emitted. The FCC regulations and policies are codified in Title 47 of the Code of Federal Regulations (CFR).

Testing is categorised by device name and device type:

• FCC Part 11 CFR “Emergency Alert System”
• FCC Part 15 CFR “Radio Frequency Devices”
• FCC Part 18 CFR “Industrial, Scientific and Medical Equipment”
• FCC Part 22 CFR “Public Mobile Services”
• FCC Part 24 CFR “Personal Communications Services”
• FCC Part 90 CFR “Private Land Mobile Radio Services”
• FCC Part 95 CFR “Personal Radio Services”

FCC certification is generally required for any electronic device that can oscillate above 9 kHz. In addition, manufacturers must ensure that their products will neither interfere with other products nor cause risk and harm to the public. Therefore, all electrical devices must fulfil the emission requirements and be tested to receive an FCC Certification. There are monetary fines, and product recalls If manufacturers sell products without the appropriate approval.

Where is FCC certification required?

Any radio frequency equipment produced, sold or distributed in the United States must have FCC certification. The seal is often found on products sold outside the United States because those products were either manufactured in the United States and then exported or sold in the United States. This makes the FCC certification seal recognisable in the United States and worldwide.

Which products should have FCC certification?

The Federal Communications Commission requires electronic goods with radiofrequency to undergo testing to comply with the EMC directive. The following types of products often need FCC certification:

• Electronic products,
• Electromagnetic compatibility products,
• Power adapters,
• IT equipment,
• Radio and telecommunications terminal equipment,
• Bluetooth devices,
• Wireless local area networking equipment,
• Wireless medical telemetry transmitters,
• Garage doors and openers,
• Remote control transmitters,
• Land mobile radio transmitters,
• Equipment and protective systems are meant for use in potentially explosive environments.

In summary, products that require FCC certification are divided into two groups:

• Intentional radiators of radiofrequency energy (e.g. smartphones) – such products require to broadcast radiofrequency energy as part of their function or operation.
• Unintentional radiators of radiofrequency energy (e.g. cameras) – such products can unintentionally create and broadcast radio signals due to their operation.

FCC testing requirements for electronic products

The FCC has three options for product approval under the EMC directive: verification, certification and Declaration of Conformity. Each procedure presents its challenges. The available options for approval depending on product type and intensity of radiofrequency emission.

Verification Testing

Verification Testing is used for Part 15 electronic products or devices like a Class B external power supply and Class A and/or B digital devices that are not computer-related. Class A devices are used primarily in commercial, industrial, and engineering settings. Class B products are for general consumer purposes. Manufacturers can carry out the testing at a non-accredited test centre. The procedure helps determine how much radiofrequency energy is emitted by a device. If a product complies with the FCC technical specification requirements, the device can be released for sale without FCC approval. Manufacturing companies must maintain a record that contains their products’ test reports and documentation.

Declaration of Conformity

This procedure is stricter than verification testing. It is typically required for Part 18 electronic devices or products like personal computers or PC peripherals. Manufacturing companies have to perform the tests at an ISO Guide 17025-accredited testing centre. The testing will determine the radiofrequency energy expelled from a product and ensure that the product fulfils all relevant FCC technical specification requirements. Any compliant product must have the FCC seal affixed to itself. Manufacturers must maintain a record that contains their products’ test reports and documentation and create a Declaration of Conformity. The Declaration of Conformity must be verified and confirm that all information in the documentation record is accurate and up to date.

Product Certification

FCC product certification is the most detailed, stringent, and formal procedure. It is typically required for electrical devices that are most likely to interfere with other devices, signals and emergency information: E.g. Bluetooth devices, WLAN, intentional radiators, and more. Manufacturing companies are obliged to test their products in an accredited testing institute. If a product is determined to be compliant with all relevant FCC technical requirements, it must feature an FCC ID on its label.

Procedures in FCC certification

The FCC certification procedure consists of the following steps:

Step 1 Selection of the radiofrequency

Manufacturing companies of electrical devices must make sure that the radio frequency is within the range of the legal limits. They can use the FCC guidelines on the radio spectrum allocation as a reference. Factors to consider are: power consumption, radio range, propagation of radio waves and optimisation.

Step 2 Pre-compliance testing during the development

Manufacturing companies of electrical devices must perform as many pre-compliance testing in-house as much as feasible to ensure that their devices are developed in accordance with the legal guidelines. The performance of pre-compliance testing will ensure the avoidance of any expensive mistakes later on.

Step 3 Registration with FCC

The electrical devices using the radio spectrum must have an FCC Registration number (FRN) to obtain certification authorisations. Manufacturing companies can obtain FRN at FCC CORES. Manufacturing companies will need to provide their contact information and business address to obtain the FCC number.

Step 4 Testing in an accredited test facility

Manufacturing companies will need to contact an FCC-registered testing facility to perform all necessary external testing. A product sample is sent to the test centre. Testing can run from a number of days to several weeks depending on product complexity

Step 5 Certification & Filing

When device testing has been successful, a TCB (Telecommunication Certification Body) will review the product’s test results and issue the FCC approval.

Step 6 Grant of Equipment Authorization

The TCB will release the product’s information to the FCC database and send the Manufacturing companies a Grant of Equipment Authorization (GEA). The GEA will allow a device to be legally advertised, marketed and sold in the United States.

SPG Controls FCC certification

SPG Controls’ S1000 Smart Controller and Peripherals are FCC certified under 47 CFR PART 15, SUBPART B/ICES-003 issued by the independent testing company EMC Technologies Pty. Ltd.

 

For a copy of the FCC certificate or the comprehensive testing report, feel free to contact us at info@spgcontrols.com

Video Monitoring Systems for Advanced Surveillance Requirements

/0 Comments/in /by

One of the most challenging elements of video surveillance is the daily monitoring of several devices over a multi-site system. Large and distributed Video Monitoring Systems can have numerous security cameras, network video recorders and encoders spread over geographically dispersed locations.

Video Monitoring Systems can undoubtedly assist and utilize devices with event status alerts to bring important incident footage to light. However, sometimes there isn’t time to monitor those notifications, and devices may still be vulnerable to connection problems, hard drive failures or different issues that could affect recording.

What is a proper Video Monitoring System?

Video Monitoring Systems involve far more than just streaming from cameras and recording videos with NVRs and DVRs; it’s about both storage and the maintenance and management of the entire Video Monitoring System. In addition, a proper Video Monitoring System solution increases efficiency by ensuring all monitoring devices are running at peak condition, around the clock, to prevent lost data.

If you are evaluating Video Monitoring Systems solutions for a large, geographically dispersed organization, there are some important features that can ease the workload and save money for the long term. Understanding these features can help make an informed choice.

What are the essential features of Video Monitoring Systems?

Centralized Management

Centralized system management is a standard feature of an enterprise Video Monitoring System. If your organization has locations across the world, there’s a need to be able to monitor videos from any site location and manage all of their respective cameras and recorders.
With Centralized management, it’s easy to push device settings and configuration to all cameras and video recorders. This can dramatically increase the speed of system administration, especially during the initial configuration phase. Fast application of firmware updates on multiple devices simultaneously will save a lot of downtime for maintenance.

Smooth Scalability

A critical Video Monitoring System must run efficiently no matter the size of your organization. Fast start-up times and lag-free workflows are essential. In addition, a trustworthy enterprise Video Monitoring System should be able to support large numbers of recording devices. When opening new building sections or new site locations or adding several more IP cameras and recorders, the system should scale to support this.

Event Monitoring and Alerts

During an investigation of an incident, there is nothing worse than finding out that the camera needed wasn’t recording!. A high-quality enterprise Video Monitoring System will offer a robust health-checking feature that can ensure all recorders and cameras are in proper working condition. This immediately alerts issues like failing hard drives or camera disconnections, giving early notification to correct a problem.
Some enterprise Video Monitoring System solutions will also allow control when alerts are triggered and customized health thresholds. For example, the system enables the receipt of alerts about the length or frequency of connection issues.

User Management

The ability to control system access is important. Managers and Administrators of large video systems are responsible for a lot of sensitive information. A good enterprise Video Monitoring System solution enables system managers and administrators to control access to the system, what those users can see and how frequently.
A good enterprise Video Monitoring System solution allows administrators to create custom access based on user permission level, so a security officer can only view video feeds from his station. At the same time, a more senior investigator can have access to all video footage in his assigned territory.
Managers and Administrators can also track user activity with detailed reports on each user’s operations, the resources they accessed and any updates they performed.

Third-party Support

Video Monitoring System will need to evolve over time. This means they might include a mix of IP cameras and analogue cameras from several different manufacturers and control equipment from several companies.

A good enterprise Video Monitoring System solution must be able to support all of these devices and provide a path forward by supporting and integrating the third-party products—this provides flexibility to choose the systems and devices with the best fit.

Bandwidth Management

The use of high-definition IP cameras on a large scale can consume significant bandwidth, and this may slow down systems or incur costly fees. Instead, look for an enterprise Video Monitoring System solution that enables control of the amount of bandwidth used to upload to and from your recorders or servers. This allows you to minimize bandwidth congestion and regulate network traffic.
Additionally, it may help to consider a Video Monitoring System solution that enables flexibility around recording, set maximum retention periods, selectively record on motion, or only record high-definition video on specific alarms to save on storage and bandwidth.

ARCO Video Proxy Server

Controls like these and the other features mentioned can dramatically simplify system administration in an enterprise video deployment. A proper enterprise Video Monitoring System solution will do the heavy lifting for the end-user.

The ARCO Platform features a built-in Video Service API enabling integration to third-party video cameras.

For advanced video surveillance requirements, ARCO Video Proxy Server is a stand-alone software solution designed to install within a closed network. The Video Proxy Server enables the integration with any third-party video system which are ONVIF compliant or support RTSP streaming.
Configurable Dashboard enables the full control of video displays within the ARCO Platform.

AXIS Camera Integration

SPG S1000 Smart Controllers enable integration to all models of Axis cameras that support TCP event notification and VAPIX API. Any Axis Camera can be mapped to an SPG Smart Controller Virtual Input to trigger S1000 events. In addition, the S1000 can send output activations to the Axis camera mapped to the Axis virtual input to trigger local camera actions such as a move to a preset position.


The S1000 Axis integration also supports the Vaxtor ALPR and the Axis People Counter application. These can be purchased and loaded into the Axis cameras supporting these apps and configured to work with the S1000 Smart Controller.

To know more about how SPG’s ARCO Platform and how it can help secure your assets, click here.

What is a Mobile Access Control Credential and Management System?

/6 Comments/in /by

Mobile access control credentials and systems provide a secure, flexible and convenient way to regulate entry to your buildings or properties. This latest technology permits building groups and management to control entry, guard operations, manage guests and remain secure without inconveniencing staff or tenants with different physical access credentials.

A mobile access credential is a token that is loaded into an Application on a smartphone to provide a digital access key. It replaces the traditional physical access control card or fob. However, it may be presented to an access control reader and used in the same way as a card.
In this blog, we’ll show you mobile access solutions and highlight their value for building and property managers.

Mobile Access Control: What Are the Advantages?

Cost-effective and time-saving

Cloud-based mobile access management systems simply work with smartphones, saving everyone time and money. Often, the installation of mobile access control credentials results in savings of up to 50% over traditional physical cards. In addition, since adding and removing users happens digitally, over the air, you may save additional time not manually distributing keys to your tenants or employees.

Enhanced security

Mobile access control systems permit you to simplify entry into your building. By integrating digital access into people’s mobile devices, you largely avoid the headaches of lost and stolen physical access cards.
Physical credentials such as key fobs or key cards are far more susceptible to theft, damage, and/or getting lost. A lost key card may be a vulnerability to your facility.
Mobile access credentials, conversely, provide higher security and flexibility for each user. People are also much less likely to lose track of their high-priced personal smartphones, so there’s less worry regarding keys falling into the wrong hands or becoming lost. If a phone is lost, they are still protected with authentication passcodes or face recognition software. In the worst case, the credential can be deactivated remotely.

Unparalleled convenience

Security and convenience are two of the most significant benefits of cloud-based mobile access credentials and management systems. Mobile devices are easily integrated into the latest access control systems, and many tenants already carry a mobile phone.

Mobile access control systems are also convenient for property owners and building teams. Seamlessly, they give access to the premises with the push of a button. In addition, any updates or changes to a system can be made with ease, digitally and over the air.

Simple auditing and record-keeping

Cloud-based mobile access control systems provide organized auditing and record-keeping capabilities. This technology allows you to keep track of people’s activities in real-time. In case of an emergency, you have immediate access to records for specific locations in your building.

How Do Mobile Credentials for Access Control Work?

The defining characteristic of mobile access control systems is the use of smartphones, smartwatches, and tablets as entry credentials. Since many of us carry a smartphone today, these systems offer unparalleled connectivity and convenience. Furthermore, almost all mobile access systems are compatible with Android and iOS.

Simply put, mobile devices interact with access readers to give end-users access through doors, locks, gates, turnstiles, and more. There are several ways you can implement access control integrations within a mobile device.

ARCO Access Mobile App

ARCO Access App enables real-time scanning of all nearby doors available for the User, based on their GPS location. Access is granted through system generated QR codes that will automatically expire after a given time frame.

  • Displays Sites and Doors 50 meters from the User’s location.
  • Generated QR codes are valid for 30 minutes.
  • ARCO Platform mapping of location on the Dashboard.
  • GPS location of the User activating the panic alarm.
  • ARCO Platform processing of Access events from the phone.
  • English, Chinese, Spanish and French language support.

Sensor Detection as a part of IoT and IIoT

/0 Comments/in /by

Sensors are everywhere. They’re in our homes and workplaces, our shopping centres and hospitals. They’re embedded in smart telephones and a vital part of the Internet of Things (IoT). Sensors have been around for a long time. The first thermostat was introduced in the late Eighties, and infrared sensors have been around since the late 1940s. However, the IoT and its counterpart, the Industrial Internet of Things (IIoT), bring sensor utilisation to a brand new level.
Broadly speaking, sensors are devices that detect and respond to changes in an environment. Inputs can come from numerous assets, which include light, temperature, movement and pressure. Sensor outputs provide valuable statistics, and if sensors are linked to a network, they are able to share information with other devices and control systems.
Sensors are critical to the operation of many of today’s organisations. They can alert potential troubles before they grow to be massive problems, for instance, allowing organisations to carry out predictive maintenance and avoid expensive downtime. The information from sensors can also be analysed for trends, allowing business proprietors to gain insight into critical trends and make informed evidence-based decisions.
Sensors come in many shapes and sizes. Some are purpose-built containing many integrated individual sensors, permitting monitoring and measurement of many assets.
There are many varieties of IoT sensors and an even greater range of packages and use cases.

SPG Sensor Remote Device

The SPG Sensor Remote Device (SD1-2ADI-PCB) provides an easy expansion for an S1000 Smart Controller to provide analogue sensing information. It may be linked through the S1000 rules engine and then used to enable automated local decisions and provide an audit trail that can also be passed to ARCO Platform for logging.
The Sensor device runs on an OSDP communication, and up to 16 devices can be connected to an S1000. In addition, each sensor device supports onboard temperature and humidity, light detection and an accelerometer for movement detection.
There are also 2 additional digital/analogue inputs, with the analogue inputs supporting both voltage and current monitoring of third-party sensor devices. In addition, there is also 1 analogue/digital output.

Light Sensor

The Sensor Device enables you to measure the intensity of visible light. The sensor’s spectral response tightly matches the human eye’s photopic response and includes significant infrared rejection.

Features

  • Precision Optical Filtering to Match Human Eye
  • Rejects > 99% (typ) of IR
  • 23-bit effective dynamic range with automatic gain ranging
  • Binary-Weighted Full-Scale Range Settings
  •  0.2% (typ) Matching Between Ranges
  • Flexible Interrupt System

Temperature and Humidity Sensor

The Sensor Device enables the measurement of the surrounding air’s absolute temperature and relative humidity.

Features

  • Fully calibrated, linearised, and temperature compensated data output
  • Parallel measurement of temperature and humidity on separate pins
  • Typical accuracy of 1.5 %RH and 0.2 °C

 

Motion Sensor

The Sensor Device enables inertial measurement using a 6-axis MotionTracking that combines a 3-axis gyroscope and a 3-axis accelerometer.

Features

  • Digital-output X-, Y-, and Z-axis angular rate sensors (gyroscopes) with a full-scale range of ±250, ±500, ±1000, and ±2000°/sec and integrated 16-bit ADCs
  • Digital-output X-, Y-, and Z-axis accelerometer with a full-scale range of ±2g, ±4g, ±8g and ±16g and integrated 16-bit ADCs
  • Factory calibrated sensitivity scale factor
  • Wake-on-motion interrupt for low power operation of applications processor
  • Minimal cross-axis sensitivity between the accelerometer and gyroscope axes

Hazardous Gas Detection

The Sensor Device enables measurement of gas leakage by detecting LPG, isobutane, propane, methane, alcohol, Hydrogen or smoke gasses.

Features

  • Wide detecting scope
  • Fast response and High sensitivity
  • Stable and long life
  • Simple drive circuit

Pressure Sensor

The Sensor Device enables measurement of barometric pressure based on piezo-resistive technology featuring high accuracy and linearity as well as long-term stability and high EMC robustness.

Features

  • Detects pressure from 300 to 1100 hPa
  • Relative Accuracy at ±0.12 hPa, equiv. to ±1 m (950 to 1050hPa @25°C)
  • Absolute Accuracy at typ. ±1 hPa (950 to 1050 hPa, 0 to +40°C)

Indoor Air Quality Sensor

The Sensor Device enables measurement of contaminating gases present in real-world applications enabling a unique long-term stability and low drift.

Features

  • Multi-pixel gas sensor for indoor air quality applications
  • Outstanding long-term stability
  • Two pre-processed indoor air quality signals

 

 

 

 

 

 

New SPG Product in Focus – OSDP Mini Camera

/0 Comments/in /by

Not all work environments are the same; some require additional surveillance to maintain and complete the security work needed to protect and safeguard valuable assets. Additionally, remote sites may be subject to significant variations in temperature, humidity, power availability, and other services and variables. SPG’s latest hardware is ideally suited to these types of challenging requirements.
Ideal for mounting inside enclosures, racks, ATM’s, vaults, Telco cabinets, Utility facilities or any location where non-continuous monitoring is more economical.

Connected via the encrypted OSDP bus of the S1000 Smart Controller, the Mini Camera captures images at high speed and then stores them locally on the S1000 SD card.

Images can be uploaded to the ARCO Platform using Ethernet or via a 4G expansion card in the S1000 Smart Controller or directly connecting to a WIFI router.
Up to eight (8) Mini Cameras are supported on an S1000 Smart Controller. Minimal battery backup to an S1000 would ensure continuous availability of images from remote sites for alarm management or activity verification. All communications are encrypted end to end.

Some typical use cases are listed below:

Vehicle Fleet and Driver Security & Tracking Management

SPG’s fleet and driver monitoring solutions puts management within the passenger seat of each vehicle in the fleet with GPS, truck, trailer and driver monitoring
Add video, two-way audio and environmental monitoring and controls to your fleet and secure your driver’s and cargo’s safety end to end.

Cabinet Monitoring and Management

Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our remote cabinet solutions. In addition, sophisticated monitoring provides the real-time condition of the cabinet and its key components.
This also helps control preventative maintenance, make informed decisions, and cut personnel and operational expenses costs. SPG’s sensor logs also provide for root cause evaluation to help mitigate future problems.

ATM Monitoring and Management

Persistent physical attacks continue on ATM’s resulting in theft, disruption, damage and poor customer service. Increasingly, explosive gases are used to destroy the integrity of ATM vaults, and the use of mechanical excavators and machinery still results in ATM’s being pulled from their building surrounds or free-standing locations.

SPG Controls offers a smart security system, which has been designed to protect ATM’s from theft or unauthorized access. Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our ATM monitoring solutions. Standard battery backup and 4G connectivity provide ongoing operation in the event of a power or communications loss.

 

Remote Vault Monitoring & Management

Where physical security vaults protect cash, documents and assets, SPG Controls offers a smart security system designed to protect the vault and the personnel opening and closing vault and bookroom doors from theft, unauthorized access or duress. Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our vault monitoring solutions. SPG enables both efficiency and security, our sophisticated monitoring devices providing the real-time condition of the vault and key components. This additionally helps to manage preventative maintenance, make informed decisions, and cut operational expenses. SPG’s sensor logs also provide for root cause evaluation to help mitigate future problems.

Data Centres – Monitoring & Management

Data Centers are among the most important components in modern IT infrastructures, hosting websites, web services, and web applications that we use on a daily basis. Social networking, media streaming, software as a service (SaaS), and other activities wouldn’t be possible without the use of these web servers. With cloud computing growing fast and moving more services online, web server monitoring is only becoming more important.

SPG Controls offers the perfect management system for Data Center temperature monitoring. Our ARCO Solution can easily be configured to send you and your team alerts when Data Center temperature and humidity values rise or fall with video verification using our OSDP Mini Camera.

What is GDPR and how does it affect you?

/1 Comment/in /by

The General Data Protection Regulation (GDPR) is often considered the strictest regulation in the world for securing users’ private data. It applies to all organizations that process the personal data of European Union citizens and residents, and the fines for non-compliance can reach up to €20 million.

This article explores the nature of this regulation, lists its fundamental principles, and offers a checklist for meeting GDPR compliance requirements. This article will be helpful for companies that already follow the GDPR and for those who are going to enter the European Union market.

What is the GDPR?

The GDPR is a data privacy and security regulation adopted by the European Union (EU). It imposes obligations on all organizations that collect and process the personal data of EU residents, even if these organizations operate outside the EU.

The GDPR provides EU residents with control over their personal data and obliges organizations to:

  • Gather, collect, and manage personal data legally and according to strict rules
  • Protect data from misuse and exploitation
  • Respect the rights of data owners

What is personal data?
Under GDPR, this means any information relating to an identified or identifiable natural person (Data Subject), an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as:

It’s also important to be familiar with specific terms the GDPR introduces to define roles associated with data handling: data controllers, data subjects, and data processors.

Who must comply with the GDPR?

Any organization that stores or processes personal information about EU residents is obliged to comply with the GDPR, even if the organization is located outside the EU.

Yet, there are some nuances. For instance, organizations that have fewer than 250 employees are free from the majority of record-keeping obligations (see Article 30.5), though they still have to meet other GDPR requirements.

However, even if your organization employs fewer than 250 people, you might be obliged to keep records according to strict GDPR rules in case of your processing of personal data:

  • is likely to result in a risk to the rights and freedoms of data subjects
  • is not occasional
  • includes special categories of data as referred to in Article 9
  • includes personal data relating to criminal convictions and offences described in Article 10

Why should you comply with the GDPR?

Meeting GDPR compliance regulations isn’t only about complying with mandatory requirements. It can also help your organization do the following:

Protect personal data

GDPR articles implement high standards for personal data security, obliging data controllers and processors to secure “any information relating to an identified or identifiable natural person.”

Maintain your reputation

Neglecting data privacy regulations may affect your reputation. It could be that a data breach will lead to investigations, fines, and potential lawsuits. Staying compliant with GDPR requirements helps you maintain a reputation as a trustworthy and professional organization. And ensuring secure data processing is a reliable way to minimize the risk of security incidents.

Increase customer loyalty

People want to know that their data is safe and control it, mainly since the GDPR has ensured their rights. Therefore, customers and businesses are more likely to choose a trustworthy and GDPR compliant service provider or subcontractor than a non-compliant one.

Avoid fines and penalties

Article 83 of the GDPR states that the maximum fine for non-compliance is up to 4% of annual global turnover or €20 million (whichever is greater). Fines for GDPR non-compliance depend on multiple factors, including:

  • the duration and severity of the violation
  • the degree of cooperation with the supervisory authority
  • the categories of personal data affected

Ensuring GDPR compliance requires a deep understanding of the regulation. So before proceeding to the checklist on GDPR compliance, let’s take a quick look at the key principles behind the GDPR.

Key principles of the GDPR

GDPR requirements are based on the seven principles laid out in Chapter 2. They embody the main ideas of the regulation and explain the key reasons for implementing all requirements.
Compliance with these principles is essential for good data protection in general and compliance with the detailed provisions of the GDPR in particular.

Contact us to learn more about how SPG Controls can help your business in GDPR compliance.

Facing Up to Contactless Biometric Access Control

/0 Comments/in /by

Thermal imaging and contact tracing technologies have garnered increased attention in recent days with the gradual reopening of some countries’ economy. These solutions are but one part of what portends to be a fundamental shift in how companies consider and use security systems. Access control, which has always been the first and foremost consideration in any security environment, will also be significantly impacted by the lasting effects of the pandemic. The adoption of biometric entry devices could be simultaneously improved and impeded over coronavirus concerns.

SPG Controls is pleased to announce the completion of its latest integration to biometric facial recognition technology. Growing customer demands to help verify the safe return to work for employees, contractors and visitors have accelerated SPG’s plans to include facial recognition, mask-wearing and thermal detection. The keys to the new integrations are high-speed performance, a flexible rules engine and an entirely contactless user experience.

For instance, an employee approaching their building’s main entrance access control doors will present themselves to the camera, the recognition algorithms verify the person, thermal sensors check the temperature, and AI verifies mask-wearing.

Any exceptional readings outside of the parameters implemented are notified to the user, and access may be denied depending on rules agreed by the employer. Recognition may take place either with or without a mask, but building entry may only be possible wearing a mask. In the case of an individual having a high temperature, physical access may be denied, and the employee will be directed to contact their manager or Human Resources department or follow other agreed protocols.

The underlying principle of no physical contact ensures a safe return to the workplace. Access may also be linked to digital health applications or “passports,” used to manage the status of vaccinations, COVID test results, whether through the uploading of results via an API or by uploading copies of documents for third party verification. Employees retain their health credential on their own device and log in on building entry using a dynamic QR code. An audit trail is held in all cases should track and trace for any incident be required.

SPG Thermal Biometric Reader uses next-generation AI facial recognition and body temperature detection technology. This ensures absolutely no surface contact access using high-precision temperature detection on mask-wearing users.

It integrates high-speed image acquisition, face detection, face tracking and face contrast, and human body temperature detection.

Contact us to learn more about how SPG Controls applies the science of biometric access control to help your business.

Sound Intelligence from SPG Controls resonates with our European partners

/0 Comments/in /by

Digital Audio Verification to manage Alarm Events

Another addition to SPG Control’s product line provides encrypted two-way VOIP data for alarm verification, intercom and public address. Our latest Audio Listen-In Module provides connectivity to our S1000 Smart Controller through an encrypted OSDP bus. Digital audio is then delivered from the S1000 over wifi, ethernet or 4G to our central ARCO software platform or via Industry standard protocols to commercial security monitoring stations.

Two leading French monitoring companies have just successfully completed testing of our digital audio products in anticipation of several new projects. ESI and Azuresoft have been working alongside our European distributor, JMP Controls, based in Paris. Pascal Creff, CEO, said, “I’m delighted with the new capability and industry-leading audio quality available from SPG Controls Audio Listen-In Module. I expect to be able to offer improved alarm management and risk reduction to my growing portfolio of customers.”

 

 

 

 

Up to 8 microphones and 8 speakers can be attached to an S1000. Audio playback is possible using SIP (IP telephony), RTP streams or can be sent direct-to-browser. Our technology remains compatible with any central station monitoring provider, with audio control possible via DTMF commands or through Industry-standard contact ID reverse commands. Audio feeds may be triggered by alarm events governed by our “rules engine,” pre-alarm audio is also available. Pre-recorded messages may be stored within the S1000 Smart Controller and can be enunciated when triggered by specific circumstances.

Contact us to learn more about how SPG Controls applies the science of sound to help your business.

How to Improve Mobile App Security

/1 Comment/in /by

Mobile Application Security Improvement

Mobile App security issue

With the increasing popularity of Mobile Devices, almost everybody uses mobile applications, but hardly anyone thinks of their data security while using them! At the same time, when developing system applications, there’s a tendency to focus on Site security rather than on the Application. Security is taken for granted, relying on the backend, where there may also be vulnerabilities.
A poorly protected mobile application can be a serious threat to an entire system. Mobile devices are where we store and work on critical data such as in payments, access, for medical and banking information, almost certainly for personal data, etc.

The problem of mobile application security is, especially concerning in various Android systems. Mainly because as it’s an open system, it is more vulnerable to data breaches at the operational level than Apple iOS (which is a closed system). Android is very fragmented, new versions of the system are deployed to customers’ devices very slowly, which directly impacts the improvement of the entire system’s security. It does not mean your Apple iOS system is completely safe – there are threats related to storing data or web server communication (a Man in the Middle attack) which may make your application vulnerable.

To add perspective to the problem, let’s consider the following examples;

Data and device interception

A Mobile App security breach can be related to several issues, from storing users’ data without encryption in the localised database (which was the case of a popular communication app in 2011) to session token change (a problem for a well-known marketplace application in 2016). The mobile app switched sessions to a different user’s token, most probably collected from deep links. This, through a fake marketplace site, made way for the potential theft of other users’ account data, such as user ID, profile photo, phone numbers, date of birth, access logs, and much other private information.

There are also several examples where an entire device has been compromised through a system vulnerability. Back in 2017, there was a significant security loophole discovered in a Bluetooth driver called BlueBorn; this allowed attackers to obtain complete control of a mobile phone by remotely executing code. In 2018, another issue was discovered; in order to control device modems, an Android firmware used AT commands (dating back to the 1980s). Manipulating these commands allowed hackers to gain control of the entire mobile device. Luckily, you don’t have to worry about BlueBorn issues anymore – it is already fixed on the majority of Android devices running 6.0 or greater and in iOS 10 and greater.

Such vulnerabilities can be used for a variety of reasons, for example, to create false certificates to obtain the data streaming out of your mobile app or install malware to obtain user data. These issues were rather quickly fixed at the operational level, but the question remains as to the extent of the breach. Normally, system loopholes unfortunately result in users waiting for an upgrade and ensuring app security personally.

Ensuring Mobile Application Protection

Ensuring mobile protection is an ongoing process, A most common methodology is to follow a standard security practice; more are now being adapted;.

Standard security practices may include:

  • The encryption of sensitive personal data, including encryption of the local database, cache, or API communication
  • The correct cryptographic key management and user session authorisation (tokens)
  • Token validations – the assigning of one to each consecutive device separately and with different session expiration times
  • Implementation of safe communication standards, e.g. certificate pinning in the case of HTTPs

Mobile-specific security methodology may include:

  • The protection against malicious apps
    • blocking screenshots or masking
    • Masking the mobile app view in the app switcher – preventing any preview of the mobile app’s content when switching to a different app
    • securing the clipboard – so a copied password is not visible in other mobile apps
    • IPC protection (Inter-Process Communication) – a security measure applied to system components to enable communication between mobile apps and the system, such as Activities, Services, Broadcast Receivers, Content Providers
  • UI security analysis, specifically in terms of data leaks (e.g. password masking or data validation)
  • Anti-tampering
  • Android-specific:
    • Code Obfuscation – these limit reverse engineering
    • Proper handling of mobile app signatures
    • Blocking access to overlapping active mobile apps – protection against content scraping done through different apps layered on top of the active mobile app
    • managing permissions in Android apps
  • iOS-specific
    • Using App Transport Security (ATS) for all internet connections
    • Enable the File Data Protection
      All the stated methods cover just some of the risks but be aware of them! Secondly, implementation or verification may require particular expertise.

How does SPG Controls ensure the security of Mobile Applications?

Mobile security is our priority. SPG Controls will ensure our Mobile Applications adhere to industry standards and are robust and resilient to attack.

Security Review

The security review can be done in five steps:
1. SPG Controls review the project to better understand the source code, structure, and purpose of the application.
2. SPG Controls make a list of the application’s various elements responsible for introducing risk to the project.
3. SPG Controls prepare a list of the application security features that should be implemented for all elements, and then verify if all the required security features are in place.
4. After a thorough analysis, if needed, a rescue plan will be created – SPG Controls prepares the list of security protocols which should be implemented.
5. Finally, SPG Controls will maintain the security level of the Mobile Application and ensure it is in the future updates.

Secure Authorisation

Specific permissions dictate the features available to the end user. Permissions are based on asset of assigned roles (or access groups). There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard, will be able to select a role and this will define which objects can be viewed with what permissions.

API Integration

The ARCO Platform provides the ability to interface to many 3rd party systems using an Open API. The API is based on the latest Web-based Restful Architecture. All data contained within the ARCO Platform is securely exposed to the 3rd party systems. All commands, events and configuration changes are logged by ARCO including the property changes made, so there is a full Audit trail.

To know more about how SPG’s ARCO Platform and how it can help secure your assets, click here.