RealNetworks Inc. - Experts & Thought Leaders

SAFR from RealNetworks, the world’s foremost AI computer vision platform for access control and security announced the appointment of Charisse Jacques as its new President. Jacques brings a wealth of experience in AI and associated technology to the security industry. Her leadership will drive SAFR’s mission of advancing security and operational efficiency in live video applications, security, authentication, and touchless access control. Access control solutions Rob Glaser, Founder and CEO of RealNetworks, expressed his enthusiasm for Jacques’ appointment, “Charisse is a proven leader with an impeccable track record of achievement and excellence in applying AI to address important customer needs." "We’re delighted to have Charisse lead SAFR in the next phase of its growth delivering compelling solutions for access control and security customers.” Enhancing security SAFR’s computer vision platform includes cost-effective solutions aimed at making AI-powered security Jacques is excited to lead the next chapter of SAFR’s global growth. “I’m thrilled to take on this leadership role at SAFR and drive its innovation forward." "My goal is to build on the platform’s unique strengths and deepen how SAFR enhances security and delivers even greater value for both end-users and our partners,” she said. SAFR’s computer vision platform includes cost-effective solutions aimed at making AI-powered security more accessible.  AI computer vision-based access control SAFR Scan, the first family of AI computer vision-based access control and security devices built for broad commercial market adoption, offers intelligent access control and workforce management.  SAFR Video, a real-time automated surveillance and video analytics platform, empowers businesses through improved video security and intelligence with a lower total cost of ownership.

The PSIA had another impressive and compelling demonstration of its PKOC spec at GSX 2024. Some of the major lock and physical access control (PACS) vendors were able to see PKOC in action, with commercially available readers, cards, and apps all relying on the open specification, showing seamless interoperability.  PKOC product lines “It was gratifying to see all of the hard work of the PKOC technical committee come together at the demonstration at GSX 2024,” said David Bunzel, Executive Director of the PSIA. “Many new manufacturers and customers of the security industry were not only impressed, but discussing ways to include PKOC into their product lines and deployments.” Secure and interoperable credentials The simplicity of PKOC, ease of integration, and the significant advantage of asymmetric encryption The simplicity of PKOC, ease of integration, and the significant advantage of asymmetric encryption were some of the drivers that were most interesting to the companies and customers who were able to see the demonstration. PKOC creates truly secure and interoperable credentials. “The commercial and security advantages of the asymmetric key-based credential over traditional symmetric keys which we have been using for decades are finally attainable with the PKOC specification." Public key-based solution "A public key-based solution can not be underestimated in its value over traditional credential solutions. You now get security, availability, interoperability, and purchasing options all in one,” says John Cassise, Chairman of the PSIA’s PKOC Work Group, and Chief Product Officer, of SAFR at RealNetworks. “While changing from traditional access control products is never easy, the vulnerabilities they have, make more robust solutions, like PKOC, an obvious choice for security, and a more flexible choice for the future.” PKOC specification PKOC uses the device itself to generate the private & public key pair enabling the private-public key handshake The PKOC specification leverages the concept of PKI without the need for the typical complex, expensive identity Infrastructure necessary for PKI. PKOC uses the device itself to generate the private & public key pair, (known as Keygen) enabling the private-public key handshake to authenticate the credential.  Bring Your Credential The beauty of PKOC is that the private key never leaves the device, and the public key becomes the “badge #” which can be easily shared with any system or device used to control access.  With PKOC the USER literally “owns” the encryption keys and does not require any complicated process for managing or sharing keys. Furthermore, PKOC enables you to “Bring Your Own Credential” (BYOC).

Doordeck, a cloud-based access control software company, has joined the Board of the PSIA. The company has an innovative product that enables smartphone NFC keyless entry for buildings, regardless of which access control system is installed. The company, based in London, England, was established in 2015, and its products and services have been integrated into buildings throughout the world. It is a subsidiary of Sentry Interactive of Austin, Texas. “Our company is very excited to be joining the PSIA, considering its objective to put interoperability first,” said Marwan Kathayer, Head of Product & Co-Founder of Doordeck. “This aligns perfectly with our mission to provide mobile access software that is easy to integrate into disparate security ecosystems.” PSIA’s PKOC specification Doordeck’s SDK and open APIs allow for interoperability with major access control system works Doordeck’s SDK and open APIs allow for interoperability with major access control system manufacturers, third-party building management and tenant experience applications. The Doordeck software also has the capability to bridge disparate systems within a building or across a portfolio under the one centralised platform. David Bunzel, PSIA Executive Director, shared, “Doordeck is part of a growing number of companies looking to disrupt the access control industry. They recognise that the PSIA’s PKOC specification, with its asymmetric encryption, is superior to many legacy products which continue to rely on symmetric encryption technology. PKOC also offers an NFC card option to support applications where this technology continues to be utilised.”  Understanding of PKOC Smart cards, featuring this specification are already available in commercial products The Physical Security Interoperability Alliance (PSIA) and a number of its partner companies will be present at the GSX show in September of 2024. For a better understanding of PKOC, the PSIA has added an Explainer Video to its site. This video is less than a minute and demonstrates how the PSIA’s PKOC specification works and will disrupt the access control market. The PSIA approved its PKOC NFC Card Specification in December of 2023. Smart cards, featuring this specification are already available in commercial products. PKOC is featured in products from ELATEC, Kastle Systems, INID, JCI, Last Lock, rf IDEAS, SAFR Scan (RealNetworks), Sentry Enterprises, and Taglio Demand for PACS interoperability The PSIA has been active in developing and promoting open specifications that support interoperability in the physical and logical security industries. Industry publication, Security Technology Executive, declares interoperability “The Next Great Phase of Physical Access Control.” SecurityInfoWatch.com expounds on the predicted demand for PACS interoperability by saying, “Open protocols, standards and industry-accepted conformant products that focus on unbridled interoperability between manufacturers and vendors will be critical as advanced technology, such as analytics and ancillary devices, enter the realm of physical security and access control.”

According to a report by the U.S. Government Accountability Office (GAO), artificial intelligence (AI) is expected to transform all sectors of society, including national security. The physical security marketplace is certainly feeling the impact of the new technology, which has quickly gained prominence as one of the industry’s most popular buzzwords. To assess the more practical aspects of the situation, we asked this week’s Expert Panel Roundtable: How is artificial intelligence (AI) changing the course of the security marketplace?

PKOC stands for Public Key Open Credential. It is a new standard that will meet a 30-year industry challenge and strip away much of the complexity and cost involved in protecting and administering credentials for access control. It could also accelerate the transition from cards to mobile access control. PKOC is a standards-based mobile credential that is essentially free, vendor-agnostic, and interoperable across multiple devices and systems. It is a highly secure access credential that can live on a mobile phone, in a plastic access card, or in any device capable of generating a public-private key pair. Access control systems PKOC is the newest standard of the Physical Security Interoperability Alliance (PSIA), a tax-exempt organisation created to define, recommend, and promote standards for IP-enabled security devices and systems. PSIA introduced the Physical Logical Access Interoperability (PLAI) specification in 2013 to normalise identity data across disparate physical access control systems. The PKOC specification was introduced in 2021. We’re convinced this is the future A challenge for PSIA in promoting the PKOC mobile credential is to explain it quickly and in layman’s terms “We see the benefit of implementing the PKOC technology and doing it well,” says Sam Siegel, Senior Field Applications Engineer for ELATEC, a manufacturer of credential-agnostic readers/writers. “We wanted to get involved and join the discussion.” ELATEC has been participating in PSIA for more than a year. “This is a better way to do things,” says Siegel. “The PSIA, myself included, are convinced this is the future. The challenge is to get enough people to understand that it is a seismic shift away from what has been in place for so long.” A challenge for PSIA in promoting the PKOC mobile credential is to explain it quickly and in layman’s terms. The explanation spans the concept of public key infrastructure (PKI) and the difference between symmetrical and asymmetrical digital keys. Protecting symmetrical keys A symmetrical key system, which has been used historically in the access control market, involves the use of a single proprietary digital key to both encrypt and decrypt information. This means that digital public keys must be incorporated into each access control reader in the form of a module or a license, which the reader uses to read any compatible cards. Protecting symmetrical keys has been an expensive technology challenge the access control world The need to share these digital keys (in effect, the ability to read every compatible card) securely among access control manufacturers, integrators and end users involves extra administration and costs to ensure the security of the system. Protecting symmetrical keys has been an expensive technology challenge the access control world has borne for decades. The use of proprietary keys also promotes dependence on a single manufacturer or vendor to expand the ecosystem. The use of asymmetrical keys takes away these challenges. Advantages of using asymmetrical key pairs PKOC embraces the principle of PKI (public key infrastructure), a two-key asymmetrical system used to ensure confidentiality and encryption. In effect, there are two digital "keys," one public and one private, that are used to encrypt and decrypt information, in this case, a credential for an access control system. The secure credential standard is generated independently of a third-party credential issuer. It is generated within the device. In the access control scenario, the smartphone generates a key pair in the secure element of the phone, including a private key, which is stored on the smartphone, and a public key, which serves as the user’s ID number in the access control system. Sharing the public key is not a security risk because it is worthless without the private key that is locked away on the smartphone. PKOC-enabled smartphone The smartphone must contain the private key in order to interface with the access control system When a PKOC-enabled smartphone approaches a PKOC-enabled reader, the reader sends a one-time random number (a ‘nonce’) to the smartphone, which then encrypts it using the private key, and sends it along with the public key back to the reader. The reader uses the public key to decrypt the random number, which confirms the authorised access associated with the smartphone. The signals are sent via Bluetooth Low Energy (BLE).  Importantly, the private key never leaves the smartphone and is never shared with any other elements of the access control system. Therefore, there are no administrative or technical costs associated with protecting it. The smartphone must contain the private key in order to interface with the access control system using the public key. Mobile credentialing system For ELATEC, embracing PKOC provides a new way to highlight the company’s value proposition and promote it to a new group of companies; i.e., those who adopt the PKOC approach to mobile credentialing. The ‘universal’ configuration of the ELATEC reader hardware is credential-agnostic “PKOC serves as a great way to show off our value and what we do best,” says Siegel. ELATEC provides credential readers/writers that operate in a variety of card and reader environments, incorporating an integrated BLE module to support mobile ID and authentication solutions, including PKOC. Using applicable firmware, the ‘universal’ configuration of the ELATEC reader hardware is credential-agnostic and so compatible with any RFID card or mobile credentialing system, all in a small form factor (around 1 1/2 inches square). How readers and smartphones interact The PKOC standard addresses the variables of how the reader and the smartphone share information. Currently, the PKOC standard addresses communication via BLE, but the principle is the same for systems using near-field communication (NFC), ultra-wideband (UWB), or any future protocols. PKOC also defines how device manufacturers can enable devices (readers, locks, control panels, biometric devices, etc.) to securely consume the credential for authentication and access. PKOC can be used with smart cards as well as with smartphones. In the case of a smart card, the public and private keys are contained on the smart card, which communicates via NFC with the reader. The encryption/decryption scenario is exactly the same. PKOC enables users to ‘bring your own credential’ (BYOC). Public key number ELATEC is proud to have played an instrumental role with the PSIA in the implementation of PKOC" BLE offers a broader read range than NFC; the read range can be managed using software and/or by signalling intent or two-factor authentication. Because private keys remain secure inside a smartphone, they do not have to be incorporated into a digital wallet for security purposes, although they could be incorporated for matters of convenience.  To simplify administration, the public key number can be used as a badge number. If badge numbers have already been assigned, a column could be added to the database to associate badge numbers with public key numbers. “ELATEC is proud to have played an instrumental role with the PSIA in the implementation of PKOC,” said Paul Massey, CEO of ELATEC, Inc. “End-users should not be limited in their solution mix to one or two vendors due to their proprietary technology. PKOC now provides the ideal combination of security, convenience, interoperability, and cost for industry participants, by industry participants.” ‘Experience PSIA’ will promote PKOC at ISC West ISC West participants include PSIM manufacturer Advancis Software and Services The flexibility of PKOC will be on display at ISC West 2023, where ‘Experience PSIA’ will register attendees and provide them with a PKOC credential that can be used with a variety of readers throughout the show. Also showcasing the PLAI standard, PSIA’s presence at ISC West will include ELATEC along with several other vendors/manufacturers. A special PSIA event will be held from 5:30 to 7:30 p.m. on March 29 at the Venetian Ball Room B&C in Las Vegas. ISC West participants include PSIM manufacturer Advancis Software and Services, which acquired Cruatech software in 2012; and Idemia, specialising in identity-related security services including facial recognition and other biometrics. Integrated security systems Also involved are Johnson Controls (JCI), an integrated security systems provider that offers a range of security products and services; and Siemens, which offers its own range of security solutions and systems. Other participants include Last Lock, which has a unique spin on internet-enabled locks; while SAFR from Real Networks offers accurate, fast, unbiased face recognition and additional computer vision features, and Sentry Enterprises provides the SentryCard biometric platform for a privacy-centric, proof-of-identity solution. Finally, rfIDEAS manufactures credential readers.

Collaboration among manufacturers in the physical security industry can result in systems that are easier to install for integrators and that provide a better customer experience for end users. Illustrating the point is the recent collaboration among a turnstile technology company, a supplier of short-range wireless readers/writers, and a biometric business focused on ‘frictionless’ access control.  “The more manufacturers collaborate with each other, the more benefits for end users,” says Steve Caroselli, the Chief Executive Officer (CEO) of Orion Entrance Control. Better collaboration means a better user experience We look for opportunities to collaborate and make sure the experience is above and beyond" Steve Caroselli adds, “Better collaboration means a better user experience. We look for opportunities to collaborate and make sure the experience is above and beyond.” Orion’s collaboration with ELATEC RFID Systems and SAFR touchless biometrics by RealNetworks Inc. highlights the advantages of manufacturers working together to ensure technologies operate smoothly in the real world. Taking ownership of the customer experience When Orion Entrance Control provides a SpeedGate swing-glass optical turnstile, they take full ownership of the customer’s experience. That means ensuring the turnstile application operates as it should, regardless of which component of the broader system might be at fault. To the customer experience, a card reader that doesn’t work is the equivalent of a turnstile that doesn’t work. Which component is at fault is irrelevant, and in fact, invisible, to the overall customer experience. Importance of dependable operation of turnstiles As the most visible element in many access control systems, dependable operation of turnstiles reflects positively on the manufacturer and on the entire system. Orion tests various third-party components with their turnstiles To ensure an optimum customer experience, Orion tests various third-party components with their turnstiles, in order to ensure flawless operation before a turnstile is delivered to a customer. Customers buying an Orion turnstile send the card readers they want to use to Orion’s corporate headquarters in Laconia, New Hampshire, USA, where Orion engineers ensure seamless operation. Ensuring optimum customer experience All readers are designed to be bolted to the wall rather than installed inside a turnstile In addition to scenario-based testing, readers are placed inside the turnstile for a streamline appearance, which can be a challenge given the variety of sizes and types of readers a customer might choose. All readers are designed to be bolted to the wall rather than installed inside a turnstile, which complicates adaptation efforts. In short, historically for Orion, ensuring the optimum customer experience involved extra time and effort, although obviously it was worth it. Providing flexibility for any environment Seeking to simplify the process, Orion has found an alternative to using many different types and models of card readers for its turnstiles. Deploying an RFID reader/writer from ELATEC provides flexibility to operate in a variety of card and reader environments, including almost all 125 kHz and 13.56 MHz contactless technologies. The product is compatible with low-frequency (LF), high-frequency (HF), near field communication (NFC) or Bluetooth Low Energy (BLE) signals. An integrated BLE module supports mobile ID and authentication solutions. There is an integrated antenna for LF and HF to ensure excellent contactless performance. ‘Universal’ configuration of the ELATEC reader hardware Using applicable firmware, the ‘universal’ configuration of the ELATEC reader hardware is compatible with any card system. It works with all the access control protocols, including SEOS, OSDP and other open protocols. “We can stock an open SKU and flash the firmware as per the customer requirement,” says Steve Caroselli. The small form factor (around 1 1/2 inches square) of the ELATEC module lends itself to easy installation inside the turnstile housing. Easy availability of the ELATEC readers helps Orion continue to serve customers, despite recent disruptions in the supply chain. And, ELATEC’s reader hardware has earned global certifications that enable Orion to use their products for customers around the world. Testing to ensure smooth operation ELATEC was responsive at every stage as the relationship evolved, providing sample equipment for testing Before embracing the ELATEC reader module, Orion tested it for several months to ensure compatibility with its turnstiles. ELATEC was responsive at every stage as the relationship evolved, providing sample equipment for testing and working closely with the Orion team. Everyone in the ELATEC sales and engineering team, right up the company’s C-suite, worked to support Orion during the testing phase. In the end, in addition to other advantages, ELATEC’s detection speed and read range compares favorably to competing technologies. “We move really fast as an organisation, so we are looking for other organisations that move very fast,” says Steve Caroselli, adding “We met with ELATEC one week and had the equipment for testing the next week. We like to work with companies that move fast, and they are culturally aligned with how we do business.” Orion turnstiles with ELATEC TWN4 Palon Compact panel The Orion turnstiles incorporate an ELATEC TWN4 Palon Compact panel, a versatile panel-mount reader designed for integration into third-party products and devices. It supports enhanced interfaces, especially RS-485, and reflects the advantages and integrated tool support of the ELATEC TWN4 family. Orion is implementing SAFR SCAN biometric technology using hardware and software from RealNetworks Inc. “The selection of ELATEC products allows Orion to provide their customers and partners with a flexible RFID reader solution that supports numerous credential options and virtually all transponder technologies,” said Paul Massey, the Chief Executive Officer (CEO) of ELATEC, Inc., adding “This is especially valuable in multi-tenet, multi-credential environments.” Orion works with all the various stakeholders – architects, consultants, integrators, and end users – to ensure total satisfaction with an installation. Biometric technology for ‘frictionless’ access control Orion is also implementing SAFR SCAN biometric technology into their turnstiles using hardware and software from RealNetworks Inc. The facial recognition reader technology, designed for mainstream commercial access control, provides a ‘frictionless’ experience, and allows users to pass through turnstiles at a walk. The system can authenticate up to 30 individuals per minute with 99.9% accuracy, despite varied lighting conditions. SAFR’s system provides a good user experience Orion designed a mounting system to incorporate the biometric reader into their turnstile design Orion designed a mounting system to incorporate the biometric reader into their turnstile design. SAFR’s system provides a good user experience, when it comes to enrollment. On each turnstile, the SAFR technology can operate separate from the ELATEC reader or in conjunction with it for multi-factor authentication in higher-security applications. Innovation for new applications A broad approach to the customer experience reflects Orion’s positioning as a technology company, in addition to being a manufacturer of turnstiles. Their Infinity software is the ecosystem ‘nerve centre’ platform to ensure operation and connected through a single ‘pane of glass.’ The need to protect more entrances beyond the lobby led Orion to develop its recently patented DoorGuard, a LIDAR-based solution that detects each person who passes through a doorway and prevents tailgating (like a turnstile) for applications, such as stairway doors, perimeter doors, data centres, IDF closets, etc. The software mimics the advantages of a turnstile to monitor access control and occupancy. Removing friction during installation and beyond Orion’s Constellation is a presence detection system that uses UWB (ultra-wideband) radar to sense where people are in a building for emergency response and building utilisation applications.  “One of our core values is to remove friction and make customers’ lives easier,” says Steve Caroselli, adding “Our people-first philosophy is: What can we do to make your life better? We want to be systematic, and everything must be repeatable in terms of how we react and interact with customers.”