ELATEC GmbH - Experts & Thought Leaders

The Physical Security Interoperability Alliance (PSIA) announced its Public Key Open Credential PKOC Bluetooth 3.0 specification at GSX 2024. This is the culmination of a significant amount of work from some of the pioneering access control companies in order to achieve this milestone.  The 3.0 spec features enhanced cryptography, which supports all Bluetooth hardware. In addition, the spec has been optimised to reduce the time it takes to authenticate. Simplicity of PKOC Advantages of asymmetric encryption were some of the drivers that are riveting to counsels “The PKOC technical committee represents all facets of the access control industry, with considerable experience and perspective,” said David Bunzel, Executive Director of the PSIA, “Collaborating to achieve a truly open specification has benefitted from this impressive base of knowledge.” The simplicity of PKOC, ease of integration, and the significant advantage of asymmetric encryption were some of the drivers that are most interesting to consultants, Integrators, and customers.  PKOC EMSi vision “PKOC 3.0 maintains security from the credential to the ACS using industry standards,” said Jon Torre, Sr Director of Applications Engineering for ELATEC. “This is the next logical step in interoperability and security.” Vendors and customers appreciate the platform flexibility and interoperability that PKOC offers. "We are excited to support PKOC from PSIA as it provides a path for Access Control vendors to deliver interoperable products for mobile credentials over Bluetooth. PKOC enables EMS Integrators’ (EMSi) vision to deliver mobile apps on iOS and Android and readers for mobile credentials, logical access, mapping and location-based services on a flexible and interoperable platform," said John Tepley, CEO at EMSi. Concept of PKI Public key-based keys cannot be minimized in their value over formal credential keys PKOC creates truly secure and interoperable credentials. The commercial and security advantages of the asymmetric key based credential over traditional symmetric keys which have been used for decades is finally attainable with the PKOC standard. A public key-based solution cannot be underestimated in its value over traditional credential solutions.  The PKOC specification leverages the concept of PKI without the need for the typical complex, expensive identity infrastructure necessary for PKI. PKOC uses the device itself to generate the private and public key pair (known as Keygen) enabling the private-public key handshake to authenticate the credential. Beauty of PKOC The beauty of PKOC is that the private key never leaves the device, and the public key becomes the “badge #” which can be easily shared with any system or device used to control access.  With PKOC the USER literally “owns” the encryption keys and does not require any complicated process for managing or sharing keys. Furthermore, PKOC enables you to “Bring Your Own Credential” (BYOC).

At GSX 2024, the Physical Security Interoperability Alliance (PSIA) will show an expanded roster of devices supporting its Public Key Open Credential (PKOC) specification. PSIA will be showcasing the latest information and demonstrations for PKOC at the JCI Security Products demo room S230 A&B.  They will be able to see interoperability following open specifications between mobile and physical credentials from multiple manufacturers with multiple manufacturer readers leveraging Bluetooth, NFC and UWB. Products supporting PKOC from JCI Security Products, Elatec, EMSi, Last Lock, INID, ID Machines, Sentry Enterprise, Secure Element Solutions, Taglio, RF Ideas, SAFR Scan, and Kastle Systems will be demonstrated. PKOC over OSDP devices David Bunzel, PSIA Executive Director, noted, “The PSIA held an interoperability event at the JCI offices in Westford, Massachusetts last month, where some of the new PKOC over OSDP devices were successfully tested. These devices will be part of the GSX demonstrations, showing continued progress with the PKOC specification.” PKOC creates truly secure and interoperable credentials. “PKOC solves a 30-year industry challenge which has plagued our industry with complexity, cost, and security issues,” says Jason Ouellette, Chairman of the Board, Physical Security Interoperability Alliance and Director of Engineering and Technology for Johnson Controls Security Products. PKOC-compliant reader Security industry experts attending GSX will be able to find out more about PKOC at the JCI demo room “Interest in PKOC has accelerated and we are excited as PSIA members to demonstrate this in the context of interoperability where any PKOC-compliant credential can work with any PKOC-compliant reader over a secure communication without complexity." Security industry professionals attending GSX will be able to find out more about PKOC at the JCI Security Products demo room S230 A&B. The PSIA has been active in developing and promoting open specifications that support interoperability in the physical and logical security industries.  Realm of physical security Industry publication, Security Technology Executive, declares interoperability “The Next Great Phase of Physical Access Control.” SecurityInfoWatch.com expounds on the predicted demand for PACS interoperability by saying, “Open protocols, standards and industry-accepted conformant products that focus on unbridled interoperability between manufacturers and vendors will be critical as advanced technology, such as analytics and ancillary devices, enter the realm of physical security and access control.”

Doordeck, a cloud-based access control software company, has joined the Board of the PSIA. The company has an innovative product that enables smartphone NFC keyless entry for buildings, regardless of which access control system is installed. The company, based in London, England, was established in 2015, and its products and services have been integrated into buildings throughout the world. It is a subsidiary of Sentry Interactive of Austin, Texas. “Our company is very excited to be joining the PSIA, considering its objective to put interoperability first,” said Marwan Kathayer, Head of Product & Co-Founder of Doordeck. “This aligns perfectly with our mission to provide mobile access software that is easy to integrate into disparate security ecosystems.” PSIA’s PKOC specification Doordeck’s SDK and open APIs allow for interoperability with major access control system works Doordeck’s SDK and open APIs allow for interoperability with major access control system manufacturers, third-party building management and tenant experience applications. The Doordeck software also has the capability to bridge disparate systems within a building or across a portfolio under the one centralised platform. David Bunzel, PSIA Executive Director, shared, “Doordeck is part of a growing number of companies looking to disrupt the access control industry. They recognise that the PSIA’s PKOC specification, with its asymmetric encryption, is superior to many legacy products which continue to rely on symmetric encryption technology. PKOC also offers an NFC card option to support applications where this technology continues to be utilised.”  Understanding of PKOC Smart cards, featuring this specification are already available in commercial products The Physical Security Interoperability Alliance (PSIA) and a number of its partner companies will be present at the GSX show in September of 2024. For a better understanding of PKOC, the PSIA has added an Explainer Video to its site. This video is less than a minute and demonstrates how the PSIA’s PKOC specification works and will disrupt the access control market. The PSIA approved its PKOC NFC Card Specification in December of 2023. Smart cards, featuring this specification are already available in commercial products. PKOC is featured in products from ELATEC, Kastle Systems, INID, JCI, Last Lock, rf IDEAS, SAFR Scan (RealNetworks), Sentry Enterprises, and Taglio Demand for PACS interoperability The PSIA has been active in developing and promoting open specifications that support interoperability in the physical and logical security industries. Industry publication, Security Technology Executive, declares interoperability “The Next Great Phase of Physical Access Control.” SecurityInfoWatch.com expounds on the predicted demand for PACS interoperability by saying, “Open protocols, standards and industry-accepted conformant products that focus on unbridled interoperability between manufacturers and vendors will be critical as advanced technology, such as analytics and ancillary devices, enter the realm of physical security and access control.”

Collaboration among manufacturers in the physical security industry can result in systems that are easier to install for integrators and that provide a better customer experience for end users. Illustrating the point is the recent collaboration among a turnstile technology company, a supplier of short-range wireless readers/writers, and a biometric business focused on ‘frictionless’ access control.  “The more manufacturers collaborate with each other, the more benefits for end users,” says Steve Caroselli, the Chief Executive Officer (CEO) of Orion Entrance Control. Better collaboration means a better user experience We look for opportunities to collaborate and make sure the experience is above and beyond" Steve Caroselli adds, “Better collaboration means a better user experience. We look for opportunities to collaborate and make sure the experience is above and beyond.” Orion’s collaboration with ELATEC RFID Systems and SAFR touchless biometrics by RealNetworks Inc. highlights the advantages of manufacturers working together to ensure technologies operate smoothly in the real world. Taking ownership of the customer experience When Orion Entrance Control provides a SpeedGate swing-glass optical turnstile, they take full ownership of the customer’s experience. That means ensuring the turnstile application operates as it should, regardless of which component of the broader system might be at fault. To the customer experience, a card reader that doesn’t work is the equivalent of a turnstile that doesn’t work. Which component is at fault is irrelevant, and in fact, invisible, to the overall customer experience. Importance of dependable operation of turnstiles As the most visible element in many access control systems, dependable operation of turnstiles reflects positively on the manufacturer and on the entire system. Orion tests various third-party components with their turnstiles To ensure an optimum customer experience, Orion tests various third-party components with their turnstiles, in order to ensure flawless operation before a turnstile is delivered to a customer. Customers buying an Orion turnstile send the card readers they want to use to Orion’s corporate headquarters in Laconia, New Hampshire, USA, where Orion engineers ensure seamless operation. Ensuring optimum customer experience All readers are designed to be bolted to the wall rather than installed inside a turnstile In addition to scenario-based testing, readers are placed inside the turnstile for a streamline appearance, which can be a challenge given the variety of sizes and types of readers a customer might choose. All readers are designed to be bolted to the wall rather than installed inside a turnstile, which complicates adaptation efforts. In short, historically for Orion, ensuring the optimum customer experience involved extra time and effort, although obviously it was worth it. Providing flexibility for any environment Seeking to simplify the process, Orion has found an alternative to using many different types and models of card readers for its turnstiles. Deploying an RFID reader/writer from ELATEC provides flexibility to operate in a variety of card and reader environments, including almost all 125 kHz and 13.56 MHz contactless technologies. The product is compatible with low-frequency (LF), high-frequency (HF), near field communication (NFC) or Bluetooth Low Energy (BLE) signals. An integrated BLE module supports mobile ID and authentication solutions. There is an integrated antenna for LF and HF to ensure excellent contactless performance. ‘Universal’ configuration of the ELATEC reader hardware Using applicable firmware, the ‘universal’ configuration of the ELATEC reader hardware is compatible with any card system. It works with all the access control protocols, including SEOS, OSDP and other open protocols. “We can stock an open SKU and flash the firmware as per the customer requirement,” says Steve Caroselli. The small form factor (around 1 1/2 inches square) of the ELATEC module lends itself to easy installation inside the turnstile housing. Easy availability of the ELATEC readers helps Orion continue to serve customers, despite recent disruptions in the supply chain. And, ELATEC’s reader hardware has earned global certifications that enable Orion to use their products for customers around the world. Testing to ensure smooth operation ELATEC was responsive at every stage as the relationship evolved, providing sample equipment for testing Before embracing the ELATEC reader module, Orion tested it for several months to ensure compatibility with its turnstiles. ELATEC was responsive at every stage as the relationship evolved, providing sample equipment for testing and working closely with the Orion team. Everyone in the ELATEC sales and engineering team, right up the company’s C-suite, worked to support Orion during the testing phase. In the end, in addition to other advantages, ELATEC’s detection speed and read range compares favorably to competing technologies. “We move really fast as an organisation, so we are looking for other organisations that move very fast,” says Steve Caroselli, adding “We met with ELATEC one week and had the equipment for testing the next week. We like to work with companies that move fast, and they are culturally aligned with how we do business.” Orion turnstiles with ELATEC TWN4 Palon Compact panel The Orion turnstiles incorporate an ELATEC TWN4 Palon Compact panel, a versatile panel-mount reader designed for integration into third-party products and devices. It supports enhanced interfaces, especially RS-485, and reflects the advantages and integrated tool support of the ELATEC TWN4 family. Orion is implementing SAFR SCAN biometric technology using hardware and software from RealNetworks Inc. “The selection of ELATEC products allows Orion to provide their customers and partners with a flexible RFID reader solution that supports numerous credential options and virtually all transponder technologies,” said Paul Massey, the Chief Executive Officer (CEO) of ELATEC, Inc., adding “This is especially valuable in multi-tenet, multi-credential environments.” Orion works with all the various stakeholders – architects, consultants, integrators, and end users – to ensure total satisfaction with an installation. Biometric technology for ‘frictionless’ access control Orion is also implementing SAFR SCAN biometric technology into their turnstiles using hardware and software from RealNetworks Inc. The facial recognition reader technology, designed for mainstream commercial access control, provides a ‘frictionless’ experience, and allows users to pass through turnstiles at a walk. The system can authenticate up to 30 individuals per minute with 99.9% accuracy, despite varied lighting conditions. SAFR’s system provides a good user experience Orion designed a mounting system to incorporate the biometric reader into their turnstile design Orion designed a mounting system to incorporate the biometric reader into their turnstile design. SAFR’s system provides a good user experience, when it comes to enrollment. On each turnstile, the SAFR technology can operate separate from the ELATEC reader or in conjunction with it for multi-factor authentication in higher-security applications. Innovation for new applications A broad approach to the customer experience reflects Orion’s positioning as a technology company, in addition to being a manufacturer of turnstiles. Their Infinity software is the ecosystem ‘nerve centre’ platform to ensure operation and connected through a single ‘pane of glass.’ The need to protect more entrances beyond the lobby led Orion to develop its recently patented DoorGuard, a LIDAR-based solution that detects each person who passes through a doorway and prevents tailgating (like a turnstile) for applications, such as stairway doors, perimeter doors, data centres, IDF closets, etc. The software mimics the advantages of a turnstile to monitor access control and occupancy. Removing friction during installation and beyond Orion’s Constellation is a presence detection system that uses UWB (ultra-wideband) radar to sense where people are in a building for emergency response and building utilisation applications.  “One of our core values is to remove friction and make customers’ lives easier,” says Steve Caroselli, adding “Our people-first philosophy is: What can we do to make your life better? We want to be systematic, and everything must be repeatable in terms of how we react and interact with customers.”

The smartphone is an integral part of our daily routines. The communication and entertainment device of yesteryear has become a serious player with which we increasingly handle sensitive processes, such as payment transactions. BLE or NFC authentication At the supermarket checkout, more and more customers are pulling out their smartphones instead of their wallets. Apple Pay, Google Pay, or specific banking apps make it possible: to hold the smartphone in front of the reader of the checkout system, and the transaction is completed without contact. In technological terms, either Bluetooth® Low Energy (BLE) or Near Field Communication (NFC) is used to complete the authentication and authorise the payment process. Benefits of smartphone authentication Issuing cards, taking them back, blocking and replacing lost cards all is no longer necessary Smartphone authorisations are also becoming increasingly popular for access solutions. The advantages are obvious. Users do not need an additional medium to gain access to the building or data. For the IT department, the switch is just as convenient. Issuing cards, taking them back, and blocking and replacing lost cards are no longer necessary, saving time and money. Card systems  However, card systems are still irreplaceable in some cases. For example, in manufacturing environments where smartphones are often prohibited. Country-specific regulations also play a role: not everywhere is the professional use of private cell phones permitted. In Germany, for example, data protection is an obstacle; on the other hand, not every employee automatically has a company cell phone. Card or smartphone? The question "card or smartphone?" is not necessarily a matter of choice. There is much to be said for hybrid use, especially since the card and smartphone share numerous strengths: both are suitable for building access and for secure data access, and both can be used for applications such as secure printing and for time and attendance systems, to name just a few examples. This is also the reason that a hybrid system using both media is an excellent solution for many companies. Technological transition The transition from card to smartphone often raises concerns in companies at the beginning As with any technological transition, the transition from card to smartphone often raises concerns in companies at the beginning. After all, seamless security must be maintained at all times, and productivity should not suffer due to technological innovations for example, because users suddenly have difficulty accessing the data and programs they need for their daily work. In addition, deployment scenarios are very individual from industry to industry and organisation to organisation, and a wealth of questions must be clarified in advance. Flexible universal readers ELATEC is at the user's side as an experienced partner and with the appropriate systems, including software. With its universal readers, for example, users remain flexible and can handle cards and smartphones in parallel operation. This "soft migration" is often the best way: take a relaxed approach and see how mobile access authorisations are accepted in an organisation and how they work for user-specific purposes.

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security. There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage. What is identity management? Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation. Each user is assigned a unique identity within the system with specific user rights and restrictions These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions. Specific business system For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key. Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential. Meeting the security challenge Ultimately, the ID management system is only as secure as the access system it connects to In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to. Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure. User administration system When evaluating security for an IdM and access system, there are two important aspects to consider. Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between? Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used? Security starts with the creation of the user ID and identification medium Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced. Industry best practices For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting. With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.