Friday, January 1, 2016

ONVIF and PSIA Standards in Video Surveillance

ONVIF and PSIA Standards in Video Surveillance 

We talk to two of the biggest interface standards organizations in surveillance – ONVIF and PSIA.
ONVIF is a global and open industry forum with the goal to facilitate the development and use of a global open standard for the interface of physical IP-based security products. Or in other words, to create a standard for how IP products within video surveillance and other physical security areas can communicate with each other.

It was officially incorporated as a non-profit, 501(c)6 Delaware corporation on November 25, 2008. ONVIF membership is open to manufacturers, software developers, consultants, system integrators, end-users and other interest groups that wish to participate in the activities of ONVIF. The ONVIF specification aims to achieve interoperability between network video products regardless of manufacturer.

It’s all very well running your security across an IP network, but if your recording device won’t talk to your PTZ camera, you are not going to get very far. Over the last decade, the security industry has spent a lot of time talking up the benefits of IP-based surveillance systems, and end-users have been bombarded with literature and sales pitches on the subject.

It soon become clear in an industry that was raving about the endless opportunities for security on the network that manufactures would have to become a little less proprietary in their dealings with their customers. In short, it was no longer fair to deny end-users the ability to choose whatever camera they wanted and whatever DVR they wanted on their network. They were, after all, used to IT systems that interfaced. It was time for the security industry to realise it had to be more open as well.

Two organizations that have been at the forefront of the drive towards open standards in the industry are ONVIF and PSIA.

ONVIF: Open Network Video Interface Forum

The cornerstones of ONVIF are:
Standardization of communication between network video devices
Interoperability between network video products regardless of manufacturer
Open to all companies and organizations Members

ONVIF was set up in 2008 by Axis, Bosch, and Sony. A non-profit organization, its aims are to create standardization in the industry to aid communication between various vendors’ video devices and then interoperability between those devices and others on the network, regardless of manufacturer. 300 member companies since its founding in 2008. The list of participating members includes major manufacturers like Vivotek, Arecont Vision, and Milestone Systems.

In December 2009 ONVIF’s member base had grown to 127 members. This comprised 14 full members, 15 contributing members and 98 user members. In December 2010, the forum had more than 250 members and more than 600 conformant products on the market.

ONVIF now has 480 members and as of mid-October 2014 has nearly 2040 products that conform to its Profile S specification, which handles video and audio streaming. The total number of products that meet the ONVIF core specification has reached well over 4,000.

In order to be ONVIF conformant, manufacturers use the test tools developed by ONVIF to meet the requirements of its core specification. Only manufacturers whose products have met the requirements of the test tools can submit a test report and a Declaration of Conformity signed by the manufacturer.

The core ONVIF specification, which was launched in November 2008, aimed to define a common protocol for the exchange of data between network video devices. Since then it has extended its scope to include access control products and also has developed specialist profiles for specific categories. The idea behind the profile was to help end-users identify which version of the ONVIF specification the products they were interested in conformed to, making it easier to determine compatibilities between conformant products and specific interoperability features.

There are now three ONVIF profiles, S, G, and C. Profile S looks at the common functionalities of IP video systems, Profile G addresses storage and recording functionalities and Profile C, the integration of IP-based security and safety devices, including access control units. Profile C is expected to be released in early 2014.

Per Bjorkdahl, chair of ONVIF’s steering committee, told us:

The profile concept is a way for end users and systems designers to identify more easily what products will work together without needing an in depth technical knowledge of the specification or having to keep current on each new release.

Profiles group together common sets of features and functionalities, so when two products — for example an IP camera and NVR — both bear the Profile S mark for video and audio streaming, they will work together.

The organisation has been making a concerted effort to broaden its security scope after some criticism that it was too focused on video. Bjorkdahl continues:

From the beginning, ONVIF’s focus was video because we knew we could get the proper feedback from the marketplace and because the need for standards and interoperability on the network video side was so acute. But ONVIF recognized from the start the need for specifications in other industry segments.

Its next area of concentration he says could be new additions in the physical access control area or a new profile for intruder alarms.

The benefits of an open standard for network video should include:
Interoperability – products from various manufacturers can be used in the same systems and “speak the same language”.
Flexibility – end-users and integrators are not locked within proprietary solutions based on technology choices of individual manufacturers.
Future-proof – standards ensure that there are interoperable products on the market, no matter what happens to individual companies.
Quality – when a product conforms to a standard, the market knows what to expect from that product.

ONVIF Specification: 
The ONVIF Core Specification aims to standardize the network interface (on the network layer) of network video products. It defines a network video communication framework based on relevant IETF and Web Services standards including security and IP configuration requirements. The following areas are covered by the Core Specification version 1.0:

IP configuration
Device discovery
Device management
Media configuration
Real time viewing
Event handling
PTZ camera control
Video analytics
Security

ONVIF utilizes IT industry technologies including SOAP, RTP, and Motion JPEG, MPEG-4, and H.264 video codecs. Later releases of the ONVIF specification (version 2.0) also covers storage and additional aspects of analytics.

Drawbacks of ONVIF:
Onvif is a new standard and as such has issues. From our experience there are 2 combining factors contribute to the reliability of an Onvif based CCTV system and they are.
How good a camera manufactures implementation of the Onvif protocol is.
How well VMS manufacturer ensure the quality of the marriage between their implementation of Onvif protocol and each camera manfacturers.
Some IP camera features and enhancements may not be available when using a VMS that exclusively supports the ONVIF standard. To take advantage of some of these features you may need to use the manufacturers own proprietary VMS (Video Management System) application or choose a VMS that supports these enhancements.

The profiles tested were:
Profile S, for IP-based video systems;
Profile C for IP-based access control;
Profile G for edge storage and retrieval as well as the upcoming
Profile Q for improved connectivity.

ONVIF Specification can be downloaded here - http://www.onvif.org/imwp/download.asp?ContentID=18006

ONVIF looks like its mostly a verbose SOAP/ XML based service.
Devices supporting ONVIF advertise this by providing services on a DEVICENAME/onvif url.

Spec details for device management:

Application programmers guide:

Support Documents (onsite)

Complete ONVIF documentation here -

A very good page describing pluses and minuses of ONVIF here -


Saturday, December 19, 2015

Arguments Against Video Surveillance

Arguments Against Video Surveillance

As the use of CCTV cameras increases across the globe, so does the debate over their numbers and motives. In a previous post, Arguments for Video Surveillance, we looked at four arguments for video surveillance. These arguments included peace of mind, loss prevention, crime deterrent, and crime solving.
But what about the other side of the fence? The ACLU has an entire Web site, You Are Being Watched, devoted to the “high costs of camera surveillance systems, both in terms of money and civil liberties,” and there are a large number of individuals and other groups out there that oppose “big brother” watching our every move.
So, what are some of the arguments against the use of CCTV surveillance systems?
  1. Invasion of Privacy – This is the most common argument against surveillance systems. While video surveillance is more commonly accepted in public areas, this sentiment comes into play with the use of covert and hidden cameras in almost every case.
  2. Mistrust – The use of security cameras in your home or business can make its occupants feel mistrusted. If your family members or employees are under constant surveillance, there is likely to be hostility and animosity in the air.
  3. Not Proven Effective – Studies done in California and London have found that security cameras had little to no effect on reducing the crime rate. With an increase in the sheer number of cameras in many large cities, many replacing human security guards, this is a strong argument that will be the main target of many opposing groups.
  4. Misuse and Abuse – The footage captured by CCTV cameras becomes susceptible to abuse and misuse by those who have access to it. For instance, the footage can be used to discriminate against people and for voyeurism. In the age of the internet, this is another huge deal, as can be seen by all of the “hilarious” YouTube videos out there. I doubt the subjects would find most of them as funny.
All of these reasons are valid arguments against CCTV surveillance. There are many cities and countries that have massive surveillance systems, and we will likely see a large increase in public monitoring in the near future, so the more the public knows about the industry and their rights, etc, the more everyone can prepare for when it happens in your little corner of the globe.
Do you have any additional arguments against the use of security camera systems? What are your thoughts? Will you fight them, or open your “public” life up willingly to being observed? Let us know – we’d love to hear from you.

Thursday, December 17, 2015

Differences H.265 and H.264

Differences between H.265 and H.264



A codec is an encoder and a decoder. An encoder compresses audio or video so it takes up less disk space. A decoder extracts audio or video information from the compressed file. Video and audio compression is a complex technical process, but the basic aim of a codec is quite straightforward:

(a) Reduce the size of the compressed media file as much as possible, but...(b) Keep the quality of the decoded audio and video as good as possible.

What is H.264?
H264 (aka MPEG-4 AVC) is currently a mainstream video compression format. It is widely used in Blu-ray discs, internet sources like videos in YouTube and iTunes Store, web software, and also HDTV broadcasts over terrestrial, cable and satellite.

What is H.265?
H.265 (also known as HEVC, short for High Efficiency Video Coding, developed by the Joint Collaborative Team on Video Coding (JCT-VC)) is a video compression standard whose predecessor is H.264/MPEG-4 AVC. H.265 HEVC ensures to deliver video quality identical to H.264 AVC at only half the bit rate, including better compression, delicate image and bandwidth saving. It Support up to 8K, Support up to 300 fps. It is likely to implement Ultra HD, 2K, 4K for Broadcast and Online (OTT).

H.265 vs H.264: Differences between H.265 and H.264

In general, H.265 has several big advantages over H.264, including better compression, delicate image and bandwidth saving. For more detailed differences, please read H.265 vs H.264 comparison table.

4 pcs 2MP IP cameras for 1 month, stream: 4096Kbps. 
H.264 IP camera need 42G×4×30=5T=1×3T+1×2T, so need 1 pc 3T and 1pc 2T HDD. 
H.265 IP camera need 21G×4×30=2.5T, so need 1 pc 3T HDD only, save at least 1 pc 2T HDD cost. 

Saturday, December 5, 2015

Configuring an Access Point as a Wireless Bridge

Configuring an Access Point as a Wireless Bridge

Linksys Wireless-G Access Points can be configured as an Access Point, Access Point Client, Wireless Repeater, and Wireless Bridge. The Wireless Bridge mode will turn the access point into a wireless bridge. Wireless clients will not be able to connect to the access point in this mode. 

NOTE: When an access point is configured as a wireless bridge, it will link a wireless network to a wired network allowing you to bridge two networks with different infrastructure.

NOTE: When the WAP54G access point is set to wireless bridge mode, it will only communicate with another Linksys Wireless-G Access Point (WAP54G).  

To configure an access point as a wireless bridge, you need to perform three steps:
1.       Checking the Wireless MAC Address of an Access Point
2.       Setting-Up Wireless Bridge Mode on the WAP54G
3.       Changing the LAN IP Address of the Wireless Bridge 

Checking the Wireless MAC Address of an Access Point 

NOTE: The following steps will be performed on the main access point using a wired computer. 

Step 1:
Connect a computer to the access point.
Step 2:
Assign a static IP address on the computer. For instructions, click here.
NOTE: To assign a static IP address on a wired Mac, click here.

Step 3:
Open the access point’s web-based setup page. For instructions, click here.
NOTE: If you are using Mac to access the access point’s web-based setup page, click here.

Step 4:
When the access point’s web-based setup page opens, take note of the Wireless MAC Address
NOTE: The Wireless MAC Address you took note of will be entered on the WAP54G set as wireless repeater.

Step 5:
After obtaining the wireless MAC address of the access point, configure the other WAP54G as a wireless bridge. For instructions, follow the steps below.
Setting-Up Wireless Bridge Mode on the WAP54G

Step 1:
Connect a computer to the access point you want to configure as a wireless bridge.
Step 2:
Assign a static IP address on the computer. For instructions, click here.
NOTE: To assign a static IP address on a wired Mac, click here.

Step 3:
Open the access point’s web-based setup page. For instructions, click here.
NOTE: If you are using Mac to access the access point’s web-based setup page, click here.

Step 4:
When the access point’s web-based setup page opens, click AP Mode.
NOTE: The access point’s web-based setup page may differ depending on the access point’s version number.
Step 5:
Select Wireless Bridge and type the remote access point’s MAC address that you took note of earlier.
NOTE: Remove the colons (:) when typing the MAC address on the Remote Access Point’s LAN MAC Address field.
Step 6:
Click on SAVE Settings.

Changing the LAN IP Address of the Wireless Bridge
After configuring the access point as a wireless bridge, change its LAN IP address to avoid IP address conflict.

Saturday, November 21, 2015

You need an Access Control Systems

Do you need an Access Control Systems?


Access control security systems are designed to restrict physical entry to only users with authorization. Many organizations, governmental and private, have started adopting access control security systems for physical entry into their facilities. Whether it is a simple non intelligent access control system like a punching in a password, or advanced biometric systems that scan and permit entry very specifically, there are many advantages to employing these security systems.
It is important for businesses of every size to keep important data and remove threats. All businesses acknowledge this basic security concern by placing locks on the door and giving keys to employees that need to access these locks. If you answer yes to any of the following questions, you may need access control systems:
    • Is a lost or stolen key a security threat to your business?
    • Time Based Control for Security Systems
    • Do you need different access for different employees and clients?
    • Would it be really beneficial to restrict access based on time or day?
    • Do you need a record of people’s “comings and goings?
    • Could your employees/clients be more secure?
    • Reduced Requirement for Manpower
    • Biometric Systems
Benefits of access control systems
The benefits of access control systems are thus many:
  • Audit trail – With access control systems, you will have a record of every opening and attempted opening of each door or specific area. The audit trail can be valuable in resolving employee issues.
  • Time/day restrictions – Do you have certain employees that should only be there at certain times and days. An access control system make more sense to control their access than to give them a key that allows access at any time or day.
  • Lost or stolen keys – When keys are lost or stolen, it is an expensive process for a business to completely rekey each door. Access control systems allow you to remove access by deactivating the I.D. badges or other security credentials.
  • Remote access control – Many access control systems allow you to control of all of the business’ locks from one main system. With access control systems, you can easily and quickly lock down your businesses in an emergency as well as add and remove credentials.
Design 1:
Design 2: Single Door
Design 3: 4-Door single controller.
Design 4: New Concept, PoE Based
Design 5: SYRiS Product with SQL Database, Multi-location. One SY230NT Controller can controll 4nos of Door. Practically i do many projects with this.
How the Access Control System WorksØ  The typical access control system consists of a card/ pin reader, electromagnetic lock or door strike, power supply system and a push button.
Ø  The valid and authorized card user must present the card to the security system.
Ø  Upon verification by the reader, the locking system will be de-energized and the door can be pushed open.
Ø  To exit the premises, the person will have to press a door lock release switch and the system will release the lock.
Ø  A power back up is also installed while fitting in the access control system.
Ø 
A break glass is also incorporated in case of emergency.

Monday, November 16, 2015

Biometrics Systems usage and Advantages

Biometrics Systems usage and Advantages

Biometrics Systems are spreading its limbs in almost every sector, as it ensures security to the top most level. Looking at its multidimensional features, biometric systems are used for various applications. 

In today's technologically modern era, the biometric systems are replacing other conventional methods for different purposes. Biometrics Systems can be used to-- Manage Attendance, Access Control, Leave Management, Payroll Processing and many more. This really helps to optimize the solutions according to one's requirement. These solutions help to reduce the chaos of work and also reduces administrative costs.
How secure Biometric Systems are?
Biometric features of each individual are unique in itself, which cannot be tampered or manipulated. Though there are few possibilities to break the security, so to manage optimum security level, biometric systems can be secured with passwords and PIN codes.

How Biometrics Systems are beneficial?

Biometrics systems are useful in many ways, and its benefits depend on the application. Following are the most important benefits of biometrics systems which can help any firm to streamline the work force:-

Reduces Time and other paper works
Biometric solutions can easily reduce the time consumed in hectic calculations and paperwork required in salary processing or other processes. Now these solutions generate reports easily. The reports can be generated monthly or weekly or daily; depending on the requirements.

Accurate Identification
While traditional security systems are reliant on passwords, personal identification numbers (PINs) or smart cards, you can achieve a high level of accuracy with biometrics systems. If you have set up the system correctly, you can use biological characteristics like fingerprints and iris scans, which offer you unique and accurate identification methods. These features cannot be easily duplicated, which means only the authorized person gets access and you get high level of security.

Reduces Human efforts and administrative costs
Since each report is easily generated, so there is no requirement of involvement of more than one employee. Also, each and every detail of each employee is managed easily, thus there is no chance of any kind of manipulation. This reduces the administrative costs.

Restricts unauthorized access
The Access Control Solutions are generally used to restrict the unauthorized movements of any person. It basically works on biometrics of an employee. It also allows to limit the access of employees to a certain range of the office premises. 

Accountability
Biometric log-ins mean a person can be directly connected to a particular action or an event. In other words, biometrics creates a clear, definable audit trail of transactions or activities. This is especially handy in case of security breaches because you know exactly who is responsible for it. As a result you get true and complete accountability, which cannot be duplicated.

Helps to maintain attendance and other records
The Biometric Systems can be used to maintain the attendance of each employee and also manages other records, including OTs, Leaves, etc. A report of records can be generated according to the requirements.

Different solutions based on biometrics for different purposes
Biometric systems can be linked with different solutions like leave management system, canteen management system, payroll software and time office software to solve different purposes.

Security
Another advantage these systems have is that they can’t be guessed or stolen; hence they will be a long term security solution for your company. The problem with efficient password systems is that there is often a sequence of numbers, letters, and symbols, which makes them difficult to remember on a regular basis. The problem with tokens is that they can be easily stolen or lost – both these traditional methods involve the risk of things being shared. As a result you can’t ever be really sure as to who the real user is. However that won’t be the case with biometric characteristics, and you won’t have to deal with the problem of sharing, duplication, or fraud.

Scalability
Biometrics systems can be quite flexible and easily scalable. You can use higher versions of sensors and security systems based on your requirements. At the lowest level you can use characteristics that are not very discriminative; however if you are looking for a higher level of security for large scale databases then you can use systems with more discriminable features, or multi-modal applications to increase identification accuracy.

Convenience
It’s considered to be a convenient security solution because you don’t have to remember passwords, or carry extra badges, documents, or ID cards. You are definitely saved the hassle of having to remember passwords frequently or changing cards and badges. People forget passwords and ID cards are lost, which can be a huge nuisance with traditional security methods.

Versatility
There are different types of biometrics scanners available today and they can be used for various applications. They can be used by companies at security checkpoints including entrances, exits, doorways, and more.
Moreover you can make the most out of the biometric solutions to decide who can access certain systems and networks. Companies can also use them to monitor employee time and attendance, which raises accountability.

Sunday, November 1, 2015

Anti-Passback in Access Control Systems

Anti-Passback in Access Control Systems

The anti-passback (APB) feature is designed to prevent misuse of the access control system. The anti-passback feature establishes a specific sequence in which access cards must be used in order for the system to grant access.

The anti-passback (APB) feature is most commonly used at parking gates, where there is both an “in” reader at the entry gate and an “out” reader at the exit gate. The anti-passback feature requires that for every use of a card at the “in” reader, there be a corresponding use at the “out” reader before the card can be used at the “in” reader again. For the typical user of the parking lot, this works fine, because the user would normally swipe their card at the “in” reader to get into the lot in the morning, and swipe it at the “out” reader to get out of the lot in the evening. So long as the sequence is “in – out – in – out – in – out”, everything works fine. However, if a user swipes his card at the “in” reader to get in, and then passes his card back to a friend, the card would not work the second time when it was swiped by the friend. The attempt to use the card a second time would create an “in – in” sequence that is a violation of the anti-passback rules, and this is why access would be denied.

Picture Left: (1.) First the cardholder enters into the area and then the system will allow them to (*2.) exit.

Picture Right: If a cardholder has already (1.) entered and then before they exit they try (or someone else with their card tries) to enter again, the will be (3.) denied because there is an anti-passback violation because it is impossible to Enter and area when the system thinks you are already Inside.


Anti-passback can also be used at employee entrance doors. This requires that a card reader be installed on both the inside and the outside of the door. Employees are required to both "card-in" when they enter the building and "card-out" when they leave the building. The anti-passback feature is also commonly used with turnstiles.

There is an expanded version of the anti-passback feature called “regional anti-passback”. This establishes an additional set of rules for card readers inside of the building itself. Basically, this rule says that unless a card is first used at an “in” reader at the building exterior, it cannot be used at any reader within the interior of the building. The theory is that, if a person did not enter through an approved building entrance, he or she should not be permitted to use any of the readers within the building.

Depending on the access control system manufacturer, there may be additional anti-passback features in the system. Some of these features could include "timed anti-passback", which requires that a designated amount time pass before an access card can be used at the same reader again, and "nested anti-passback" which requires that readers be used in only designated sequence to enter or leave a highly-secured area.

Denying access when a user attempts to use a card out of sequence is sometimes called "hard" anti-passback. Hard anti-passback means that when a violation of the anti-passback rules occurs, the user will be denied access. Some access control systems also offer a feature known as "soft" anti-passback. When a system is using this option, users who violate anti-passback rules are permitted access, but the incident is reported to the person managing the access control system so that corrective action can be taken - most often notifying the offending employee that the access card should be used in the proper sequence in the future.

The anti-passback feature can also be integrated with the corporate computer system, preventing users from logging on to the network at their desktop computer unless they have properly entered the building using their access card. This feature can also temporarily disable the users remote log-on privileges while the user is in the building - the theory being that if the user is at work, there is no reason for someone from off-site to be logging on to the network using his or her user name and password. When the user leaves the building at the end of the day, his or her remote log-on privileges are turned back on.

Some Typical Situations

A. When someone enters the entry gate following others without his own authentication, he or she cannot get through the exit gate through his own authentication even his authentication is a valid one. It’s the same when someone gets through the entry gatefollowing others without his own authentication, he or she cannot get through the entry gate through his own authentication.

B. When someone gets through the gate, and then he or she “passes back” that card, say through a window or another door, to an unauthorized user, who then uses the same card to access the building, he or she cannot get through. The password authentication is the same.
C. When someone get through the Fingerprint/Card/Password authentication, he or she doesn't access, then he or she cannot get through the gate even the authentication is a valid one.

Set up an Anti-passback SYRiS Controller Exp:-


Set up an Anti-passback Suprema BioStar V1.62 Software Exp:-


Anti-passbackis a security mechanism that prevents a person from passing back her access card to the next person. It is designed to prevent the next person from verifying herself with another person's access card. When using BioStar, you can set up an Anti-pass back zone, which requires users who've already entered an area to leave the zone first before entering the area again. For instance, if the zone consists of two devices (let's call them Device A and Device B here), the user who's been already verified on Device A must verify herself on Device B before verifying herself on Device A again.
You can set up an anti-passback zone by performing the following steps:
1. On the Doors page, click Add New Zone.

2. Enter a name for the Anti-passback zone and choose Anti-passback Zone from the Type drop-down list.
3. Configure the settings of the Anti-passback zone and add devices to the zone by clicking Add Device.
·  APB Type
§  Soft - A user who has broken the Anti-passback rule can enter the area without the administrator explicitly releasing the alarm.
§  Hard– A user who has broken the Anti-passback rule can't enter the area without the administrator explicitly releasing the alarm.
·  In case of Disconnected
§  Door Open– Doors in the zone will get opened when the communication between the master and member devices is disconnected.
§  Door Close – Doors in the zone will get closed when the communication between the master and member devices is disconnected.
4. Choose the devices you want to add to the zone as In Device and click the right arrow button. Perform the same for Out Device.
5. Click Apply to transfer the settings to the devices.