Open

Release Notes Article | RNA-20220914-TP-41 iProtect | Release Notes |

Open

1. Introduction

These release notes provide information concerning the latest iProtect version 10 - 10.01 features, including required software versions and hardware installation and operating manuals.

2. System requirements

This chapter lists the required hardware and software for iProtect, version 10.01, including the licensing scheme of iProtect upgrades.

2.1 Hardware

The following servers can be updated to iProtect, version 10.01:

• TKH KP10

• DELL KP13

• DELL KP21

• DELL KP22

• DELL KP23

• DELL KP24

• DELL KP41

• DELL KP42

• DELL KP43

• DELL KP44

• IPT-S24

2.2 Software

The minimum required operating system version for iProtect 10.00 is iPuntu build ≥ 2.0.8

All files are delivered on a USB installation disk or can be downloaded as an .iso image, using the TKH customer portal.

2.3 License

From iProtect version 10.01 onwards, the licensing mechanisms have changed. The iProtect licensing has been brought in line with the Sense licensing scheme. A license is now defined by a Product ID. By activating this license (Product ID) on a specific server, a valid license for that server is generated. The license can also be deactivated and transferred to another server via this Product ID. The activation and deactivation can be done both online and off-line.

It will always be necessary to create a new license for an iProtect 10.01 system. It is not possible to transfer a license for iProtect 10.00, or earlier to, 10.01.

2.4 Browser support

The following browsers are supported in iProtect version 10.01:

• Google Chrome version >= 74

• Mozilla Firefox version 60 ESR release

• Mozilla Firefox version >= 66

• Microsoft Edge >=79

3. Highlights of iProtect 10.00

The following key features have been introduced in iProtect version 10.00. More details on the various aspects will be given in the next paragraphs.

Key features 10.00:

• ApolloN support

• TANlock support

• Traka web integration

• Mitsubishi elevator integration

• Charon / SAM support

4. Version 10.00

4.1 New features 10.00

This chapter provides information concerning features introduced in iProtect version 10.00.

4.1.1 Merge persons It may occure that a user has been added multiple times to the database. This might happen with small differences in the name spelling, or with different credentials or access rights. Now, there is an option available to merge those different instances of a user in one account.

Location: General | Person

Procedure:

• Select with multiselect (ctrl and left mouse button) for the records to merge

• Select with right mouse button the context menu and choose for “Merge”

The first selected record will be the leading record and all the underlying data (access keys, contact info etc.) will be added to the user’s account.

4.1.2 System user option: installer rights

An additional option has been created for users called Installer rights. This option is available in the system user settings.

Location: Installation | Authorization | System user

Setting checkbox: Installer rights

Data wiping option:

With this option it is possible to create an administrator account that can create, maintain, and delete hardware without access to personal data. In this way privacy sensitive information is shielded from an (external) installer.

Differences in authorizations between the root user, a user with administrative rights and a user with installer rights are listed in the following table.

4.1.3 TrakaWEB integration

TrakaWEB is a web-based administration suite for managing Traka Touch key and locker systems on almost any browser running device, including phones, tablets, and PCs. TrakaWEB can support unlimited keys or assets.

Support of TrakaWEB 2.10 in iProtect means that the user and card administrator is managed by iProtect.

Available functionalities:

• Administration of users and access keys in TrakaWEB

• Naming of keys

• Automatic linking and unlinking of keys to users

• Key cabinet area blocking

• Key cabinet area blocking overrule function

• Key possession overdue

A user is added and synchronized with the Traka system in case they have a valid card and the right card group credentials, mentioned in the ‘Traka Webservice link details’. Only username and card number will be synchronised. Specific access rights to the keys within TrakaWEB should be programmed in the TrakaWEB application.

Specific events:

• Item removed =>

• Item returned =>

• Item overdue alarm =>

• Item overdue alarm resolved =>

• Leaving control status change => Blocking active: No

• Leaving control status change => Blocking active: Yes

For more information on the TrakaWEB link in iProtect, please refer to the iProtect TrakaWEB technical manual: TM_010221_iProtect_TrakaWeb_en

4.1.4 TANlock rack handle

A new type of reader is available: the TANlock rack handle.

The TANlock is a mechanical server cabinet lock, which is available in various versions for many different cabinets. All TANlocks are provided with a network connection and are exclusively powered by POE. iProtect has a deep integration with TANlock locks. The TANlock cabinet locks are provided with a card reader (suitable for DESFire cards), and a keypad is optional.

Once a TANlock node has been added and communication is established, the lock will be provided with firmware by the provisioner.

• TANlock firmware

• TANlock keystore

• TANlock system settings

The following items are automatically created in the iProtect database.

• Card reader

• Door position input

• Site panel input

• Handle locked input

Beside the automatic creation of the reader and the input, a guarded area is added, so the cabinet is directly provided with an alarm system. More information about guarded areas is included in the manual.

4.1.5 Milestone XProtect Professional+ support

iProtect can be linked to several versions of the Milestone Xprotect NVR systems. As for iProtect 10.0, the support for Professional+ has been added. Depending on the Xprotect version, a different authentication method should be used. For Xprotect Enterprise and Xprotect Professional basic authentication is used, for Xprotect Expert and Xprotect Professional+ Windows authentication is used. Basic authentication means that iProtect uses a username / password combination from the Xprotect system to authenticate itself. Windows authentication means that Xprotect uses user accounts from the Windows operating system it is running on for authentication and iProtect should use these credentials for the connection with the Xprotect system.

Cameras that are connected to a Xprotect NVR can be added to the iProtect system by adding a camera to the iNVR and selecting the correct Xprotect camera type.

For Xprotect cameras some special settings are required:

• Number: This number links a camera in the Xprotect system to a camera definition in iProtect. The number that is chosen here should be defined as the short name of the camera in the Xprotect system. Note: this must be a number

• IP address: This is the IP address of the Milestone Xprotect Image server (not the camera)

• Port: This is the port that is used by the Xprotect Image server. By default, this is port 7563

When Windows authentication is used (Expert / Professional+):

• Domain: The Windows domain name of the account that has rights to view the camera images in the Xprotect server

• Name: The name of this account

• Password: Corresponding password of that user

4.1.6 ApolloN support

ApolloN is the next generation Apollo controller and is fully supported in iProtect. This controller is based on the latest processors and is therefore ten times faster and more powerful than its predecessor. The ApolloN controller provides a lot of flexibility, and the modular structure and application of SNMP3 allows the perfect configuration to be made for any situation.

The ApolloN controllers are available as of now and will replace the first generation. This means the first generation will no longer be available. Of course, these new controllers function seamlessly with the first generation Apollo.

More information about the ApolloN controller, please contact your Sales Representative and see the ApolloN Installation Manual

4.1.7 Encryption for QR codes

In iProtect (V10.00.x) there is the option to use symmetric-key encryption in combination with validity of the QR code processed in the QR code. This means that QR codes issued are no longer valid after the expiry date.

The expiry date in the QR code is the same as the “End date” of the card.

Set up

Create a new Card number presentation.

• Format: Decimal

• Calculated length: 6

Create a new “Card data interpretation”.

Select from “Default card data interpretation” QR code and press set (default settings are now set).

Client specific settings

Tab Format

• Select the desired Encryption type (AES128 or AES256)

• Fill in the encryption key ·

  • For AES128 (32 hex numbers) ·

  • Fore AES256 (64 hex numbers)

Tab System code

• Code (default 005135) change if desired

Tab Facility

• Code (default 00000000000) change if desired

Use:

QR codes are especially useful for giving visitors access, especially for the first barriers and the way to the reception. The use of QR codes relieves the reception of intercom calls

4.1.8 Charon / SAM support

The Charon is a new module that can be added to Pluto. The Charon has space for 4 SAM cards. Integrating a SAM into the reader system makes the system more secure. The SAM handles all key management and cryptography in a secure way

The Charon is connected via USB connection with a cable that is supplied with the Charon, so 4 Orions can still be used. The Charon is placed immediately to the right of Pluto. All SAMs will be automatically reported in iProtect under the reader manager and shows the basic information about the SAM. Detailed information about the SAMs is visible in a specific menu.

Installation | Hardware | Security access module

Use:

The Charon module is particularly suitable for objects with a higher risk, and for those users who want to handle key material in the safest way

4.1.9 OSDP QUIACCESS support

A new vendor is added to our OSDP driver, named QUIACCESS QUIACCESS is a manufacturer of barcode readers. The QUI surface mounted barcode reader is the perfect indoor and outdoor reader to read QR-codes from smartphone displays, tickets or print at home tickets. The reader reads every 1D and 2D barcode including Code39, Datamix, Aztec, interleaved 2 of 5. TKH article number: 500-8570 More information can be found in the manual: IM_10032020_QUI barcode reader.

4.1.10 Invitation mail for visitors

A new option is added to the visitor dialog that can send an invitation mail to the guest. The layout of this mail is created by an XSLT stylesheet and can be edited to personalize it for the end-user. as attachment it will send a badge layout (keybadge™) with the QR code to let the guest obtain access for example to the parking facility.

For setup the invitation mail there are two locations to setup the system:

1. Location for uploading header and footers text

2. Location for setup the mail itself

The full setup can be done for three languages:

1. = English

2. = Dutch or other

3. = German or other

Set up header and footer text

Location: General | Settings | Media element.

Default present for all three languages:

• Visitormailfooterlanguage

• Visitormailheaderlanguage

Filetype is XSLT

If desired it is possible to create extra headers and footers with your personalized text

Setup mail

Setup of the mail is done per user group, so every user group can have its own setup with own header and footers text etc.

Location: Installation | Authorization | User group

Select the desired user group and open “system settings” | “Visitor QR code” in the tree view.

The following settings are available for all three languages:

• QR code invitation mail header image

  • Selection of footer image

    • Source: media elements of type

• QR code invitation mail header

  • Selection of mail header

    • Source: media elements of type

• QR code invitation file name

  • Text field

    • Name of attachment (key badge layout)

    • Example: QR-code.pdf

• QR code invitation subject name

  • Text field

    • Subject of the mail that is sent as an invitation

    • Example: Invitation visit TKH security

• QR code invitation mail footer

  • Selection of mail footer

    • Source: media elements of type

• QR code invitation mail footer image

  • Selection of footer image

    • Source: media elements of type

• QR code invitation mail use style sheet

  • Selection box

    • Yes

    • No

• QR code invitation mail use style sheet

  • Selection of the style sheet

    • Source: media elements of type

Use:

Invitation mails in combination with QR codes are especially useful for the adding of new users and gaining access, especially for the first barriers and the way to the reception. The use of QR codes relieves the reception of intercom calls.

4.1.11 Guarded area overview, option open list

A new very powerful option is added for managing guarded areas.

When a widget is created for multiple guarded areas within a Keymap, where the widget column definition table source is “GUARDINGAREAGROUP”, the function “Popup: guarding area” will be available.

At this moment, when this is selected a popup will open with several information with three parts

1. At the top the events belonging to the chosen column like set/unset, alarms, too long unset etc.

2. At the bottom left side: where depending on the chosen column the deviations are shown for: ALARMCOUNT shows the guarded areas where the alarmcounter is not 0

PARTLYARMEDCOUNT shows the guarded areas where the partlyarmedcounter is not 0 LONGDISARMEDCOUNT shows the guarded areas where the longdisarmedcounter is not 0 DISARMEDCOUNT shows the guarded areas where the disarmedcounter is not 0

TAMPERINPUTCOUNT shows the guarded areas where the tamperinputcounter is not 0

3. At the bottom right side: where depending on the chosen guarded area in the bottom left side all inputs are shown who are not idle or omitted.

Use:

All users of guarded area groups, which provide a quick overview of the status of the installations.

4.1.12 Continues read function

The ‘continues card function’ checks if a card is still in the area of the reader. As long as the card is in the area, the output stays active. Mostly used with a card holder in front of the card reader. The continues read function is now easier to set. It is not necessary anymore to create a specific reader configuration.

Location: installation | Hardware | Reader

Tab: Door security

Item: Continues read

Versions:

• iProtect >= 10.00.31

• Readermanager >= 5.03.12

• Sirius I series >= 1.6.39

• Sirius IX series >= 2.07.16

4.1.13 Commend learn function

For Commend intercom systems, an option is added to import the configuration. This import function saves a lot of time, creating the intercom stations and their inputs.

Requirements:

No special requirements

Location: Installation | Hardware | Line

Steps:

1. First create a configuration export file from the CCT software

2. Press the upload button and upload the configuration file

3. Press the import button

4. Ready

Use:

Use the function by first time connection to the intercom server to learn the intercom configuration

4.1.14 iProtect elevator service (Mitsubishi)

The TKH Security iProtect integration with elevator control systems adds higher security and destination control. The integration means that you can restrict access to elevators and floors for cardholders, via time schedules and access rights.

The operation is such that cardholders swipe their card on the elevator reader that is presented in the elevator call unit. The elevator call unit shows the available floors. The user can also enter the floor numbers, to which they are authorised (depending on the type of call unit).

In this integration, the iProtect software sends a command directly from the server to the controller, via the IP network. This replaces the conventional method of using relays for connection.

The purpose of the elevator link is to send a command to the elevator controller when:

• A. Access is granted (based on the normal access rights)

• B. The person has rights to travel with the elevator

• C. The reader has a call location and a known ID for the elevator controller

If all of the above conditions are true, a message is sent to the elevator controller.

Supported brands:

Currently, this integration is available for the Mitsubishi with ELSGW controller and DOAS terminals

Example:

A user can be assigned access to only the ground floor and 12th floor from 07:30 till 19:00 hour.

4.1.15 SimonsVoss VCN (virtual card network)

• SimonsVoss double sided cylinders for wireless online solutions are now also supported in iProtect.

• SimonsVoss AX handles are supported for VCN · Only for projects with only AX handles. Combined handle types are not supported in iProtect 10.00.xx

• General improvements for update readers

4.1.16 Change behavior deadbolt input

Now the maximum unlock time also depends on the door status input.

Location: installation | Hardware | Reader

Now, the deadbolt timer (door unlocked too long) is only counting when the door is closed and unlocked. At the moment that the door is unlocked and the door opens, the deadbolt max unlock timer will reset and start counting again when the door is closed.

This new function ensures that only one alarm is given: door open for too long or door unlocked for too long.

4.1.17 LDAP improvements

In the iProtect LDAP functionality, a change has been implemented. When a user is removed from the LDAP (or Active Directory) database, the personal information in iProtect is unlinked and the access key linked to this user is now invalidated.

4.1.18 Maintenance ATS connector

Due some field issues we have improved the ATS connector.

Location: installation | Hardware | Node

New setting: poll delay (milliseconds)

• The default is now 500ms (poll delay empty) (recommended by Aritech)

• You can add an addition extra delay up to 1000 ms

Behavior change:

Within the connector there is an automatic synchronisation mechanism. Until now, if there where communication failures detected, iProtect automatically starts the full synchronisation cycle. From now on, we start only the full synchronisation cycle when:

1. Reboot of the controller (Pluto/Polyx)

2. Reboot of the server

3. Connection lost for more than 10 min

4.1.19 OSS DOM support

iProtect Aurora supports the OSS, standard offline access application by means that it can enrol or update cards, which are confirmed to the standard data on card solution. The OSS offline standard is data on a card standard in which the access profiles are distributed via the access cards instead of online card readers. This is also called: “native” or “offline”, because the access rights are defined in the iProtect database itself and are distributed to the Sirius I Serie update readers.

A new brand has been added for OSS in iProtect, namely DOM.

4.1.20 SimonsVoss WO (wireless online)

Improvements are done for SimonsVoss online

• Speedup for normal access

• Connection stability improvements

• Changed Calamity card support

  • For each lock the update interval between adding one calamity card is now 60 seconds to avoid wireless network overload.

• Online network timings improved

• Improvements for missing devices

• Removed check for device every 30 seconds, now we wait for reader activity

• SimonsVoss double sided cylinders for wireless online solutions are now also supported in iProtect. Be aware that the lock has limitations and not all functions are supported.

4.1.21 Preview option Keybadge

For the visitor dialogue the access card print option is changed in function and in name. Now it is called “preview / create”, when clicked the selected card layout will open in a PDF file and if desired it can be printed. If the direct print function is still desired, it can be activated in at the workstation settings in the workstation dialogue.

Setting

Menu: Installation | Settings | Workstation Select your workstation and open item “Printer” option:

4.1.22 Alphavision driver improvements and support UNII

Some improvements are made for Alphavision intrusion panels ML, XL

• UNII intrusion panel is now supported

• Start-up sequence. No reboot after time synchronization anymore

• Ready to set status, adjusted to latest API option.

4.2 Maintenance

• Tomcat update to version 9

• The number of time zones has been increased from 256 to 512

• The number of Authorization elements has been increased from 512 to 8196

• Changes copyrights text

• INVR start up improvements in synchronize parameters

• Added default led settings as media element

4.3 End of life

• Polyx support only with UBFS file system, JFFS2 will not be continued anymore.

• MyiProtect functionality

• Infobox functionality

• Mart functionality

• Ucam devices

4.4 Update attention points

As we support now provisioning of reader configurations for each reader, all existing reader configurations that were added manually are deleted automatically by the running the update to version 10 (media element).

We do not support provisioner element type reader config anymore, any provisioner groups that consist of those elements will be deleted during the update. Before the update, it is recommended to check those groups.

If special reader configs are used, you should add them manually

Update from version 9.xx to 10.xx requires an new licence.

5 Version 10.01

5.1 New features 10.01

This chapter provides information concerning features introduced in iProtect version 10.01.

5.1.1 Sallis

The implementation of Sallis is changed from version 10.01. Sallis is now running in the node manger. This change has several advantages, including Pluto support for both direct bus lines for the Sallis router and nodes, but also the POE router.The functions have been expanded according to the new specifications of the Sallis interface.

Sallis node:

• Connection: When a Sallis node is connected/ disconnected a transaction will be created in iProtect.

• Tamper: When the tamper switch of the Sallis POE router is activated/ deactivated a “node tamper” transaction will be generated in iProtect

Sallis lock:

• Connection: When a Sallis lock is connected/ disconnected a transaction will be created in iProtect.

• Battery level: The battery level based on an analogue input (Lock Sensor), when the battery state changes there is an transaction according in iProtect. Based on the status of the analogue input, the following battery statuses are available:

  • Battery status: low

  • Battery: replace

  • Battery: good

  • Battery: very good

• Door state: iProtect monitors the door state of the Sallis lock (when connected). When the door status changes, a transaction will be generated and the door state. The following door statuses are available:

  • Door closed

  • Door open

  • Door open too long

  • Door unexpected open

5.1.2 Commend intercom action, allow spaces in ICX string

Location: General | Settings | Action

The action for commend intercom centrals is expanded. now it is allowed to have spaces in the command for < ICX long /variable format (hex) >

This was done to get a better overview of the command and make it similar to the commend tooling. The labels have also been adjusted to provide a better overview.

5.1.3 New license system

From iProtect version 10.01 onwards, the licensing mechanisms have changed. The iProtect licensing has been brought in line with the Sense licensing scheme.

A license is now defined by a Product ID. By activating this license (Product ID) on a specific server, a valid license for that server is generated. The license can also be deactivated and transferred to another server via this Product ID. The activation and deactivation can be done both online and off-line.

You will always have to create a new license for an iProtect 10.01 system. It is not possible to transfer a license for iProtect 10.00, or earlier to, 10.01.

First, a license file must be installed. Then, you will need to activate the license. This can be done online or offline. For online activation, a gateway with internet access, a DNS server and a valid e-mail address are required. If it is not possible to reach the Internet from the iProtect server, offline activation is required.

5.1.4 Sam module improvements

Location: Installation | Hardware | Security access module

The ModuleID number is added to dialog “Secure Access Module”

5.1.5 Action open person/card dialog

Location: General | Settings | Action

A new action has been added; open person/card dialog. With this action (triggered by an procedure) it is possible to open a limited card dialog as a manual action. In this dialog, several information about the card is shown, the parking area and access area can be changed here.

Use:

In the situation, for example, if an alarm has to be displayed with "APB" errors, one can directly adjust the area by means of this action.

5.1.6 TrakaWEB

The following improvements are made for the TrakaWeb connection:

• Default port setting is now 10700 instead of 443 according to the documentation

• Pincode information about cards is no longer sent to the TrakaWEB application. Pincode support on the cabinets is no longer supported

• Some improvements have been made to memory management to prevent leaks

• Some improvements for more stable connection

5.1.7 OSDP driver moved

The OSDP driver for card readers is moved from the reader manager to the node manager, this is done for better controll of the inputs and outputs. The new OSDP driver supports:

• Full compliant OSDP readers and devices

• IDESCO cardreaders, (non compliant to the OSDP standard IDESCO specific)

Also available is the option reader buzzer time. With this, you can set the time of the reader buzzer how long it should buzz when a card is detected (this doesn't say anything about whether the card has sufficient permissions to grant access). If this option is left empty or 0 there will be no buzz when a card is presented.

Setup:

1. Select the line to which the osdp reader should be added

2. Select the Orion port to which the osdp reader should be added

3. Add a node of type OSDP

4. Fill in the standard things like, name, etc.

5. Select OSDP compatibility

• a. Fully compliant

• b. Idesco (as non compliant)

6. Select the desired baud rate

• a. Most used speed is: 9600 or 19200 baud

• b. Mark as active

• c. Now the Orion port can be used as OSDP communication port.

7. Select the created node in the tree view. Click on the right mouse button and select

8. Set up the reader as usual

OSDP inputs and outputs

Under the OSDP node it is possible to create OSDP inputs and outputs, if supported by the reader they can be used.

iProtect supports a maximum of 16 inputs and 16 outputs under 1 OSDP node

5.1.8 SNMP for ApolloN

For ApolloN the SNMP instance and settings are now a part of the provisioner and automitacally distributed to the ApolloN controllers.

5.1.9 Mobile access

Access via a mobile phone is possible from iProtect version 10.01. To realize this, we use a so-called token authority, which ensures a secure solution and the connection between the mobile phone and iProtect. In addition, the same token authority is responsible for assigning and de- assigning of the card readers involved. The entire management takes place in iProtect. You, as a user, do not have any management tasks in the token authority.

5.1.10 New reader output < No access >

Location: installation | Hardware | Reader tab I/O

A new reader engine output is available, if no access is granted this output is activated

Use:

This option can be used on turnstiles where the reader itself is built in and there is no view of the reader led. An external signaller can now be used for this to give good feedback to the user.

5.1.11 data import CSV/XML

There are two ways to import data; namely manually and via the HTA tool.

Below the settings about the encoding options.

HTA tool

Location: installation | Settings | Client tools | import/export

As well for inmport as export an setting is added

<encoding>

• Type: Drop down list

  • 1. CP-1252 (Windows)

  • 2. UTF-8

Manual import or export of employee data

Location: General | import/export | Export

Location: General | import/export | Import

In this location you can export or import the files manually

Setting the encoding option is done here at the sytem parameter settings

Location: installation | Settings | System parameters tab <Other>

CSV encoding:

• Type: Drop down list

  • 1. CP-1252 (Windows)

  • 2. UTF-8

5.1.12 Card data interpretation group

Location: Access | Settings | Card coding | Card data interpretation group

With this function you are able to use multiple card formats on one reader even if they have a different length of data.

This function is activated when the data of the presented card cannot match with the data interpretations linked to the reader. The data will then be tested against the other data interpretations belonging to the group.

Use:

This function can be used to combine DESFire cards with Mifare UID cards on one reader or DESFire cards with Mobile access tokens.

5.1.13 SimonsVoss VCN

There has been significant maintenance for SimonsVoss Virtual Card Network

• Off line transactions improvement

• When card validity end date is changed, now it creates automatically an update

• Improvements for calamity cards, if the card data interpretation is changed now also the calamity cards for SV VCN are change

• Changing the card valid option, now it creates automatically an update

• Import of transactions by xml file from the smart Integro software is now the same as the normal events distributed by the card.

• After a restart of the server it could take a long time before rights are available on a update reader

• No led response on reader when card is removed from database

• Smart Integro V3.0 is supported

• Improvement of deleting offline rights on the Pluto after the rights are distributed to the card

• Date en time handling improved for summer and winter time, now the time handling is as expected

• Alternate door open time is now supported by SV VCN

• Added functions to avoid that cards can be corrupted

• Added time zone function in office mode

• Load balancing of the virtual network

It is strongly recommended by use of iProtect 10.01 that also the update to Smart Integro version 3 is done.

5.1.14 Calamity cards improvement

Until now, emergency cards were reserved for cards coded by TKH. As of 10.01, most card data interpretations are supported as calamity card. This was done by only checking the site code, facility code and card number as an emergency card and no longer on all available data.

5.1.15 Reader communication status

Location: installation | Hardware | Reader

New in the reader dialog is the communication status, this item is shown if we can determine a communication status between the cardreader and the controller (readermanger / nodemanger). In basic this is only possible for cardreaders with 2 way communication like RS485 or TCP/IP.

The following statusses are available:

• Not defined

• Connected

• Reader is connected

  • Disconnected

• There was a reader discovered in the past, but not connected anymore

  • No reader, not discovered

• An attempt was made to discover a reader, but nothing found

5.1.16 Four eyes principle / two-man rule

The four eyes principle means that granting access must be approved by at least two people. Within iProtect this can be done by offering two cards, which belong to different people.

Location: Installation | Hardware | Reader

Until now, the four eyes principle has always been set up by using restricted areas. From version 10.01 you can also set this function directly at the card reader. if activated, access is granted if 2 different cards with access rights on "this" reader are presented within a short time.

The option can also be used in conjunction with:

• Card and pin

• Card and card on other reader (other credential from the same person, for example palm vein)

Use:

This control mechanism is used to facilitate the delegation of powers and increase transparency

5.1.17 Firefighter card

Location: Access | Card

The functionality of the firefighter card has been extended with the following:

• No restriction for restricted areas

• For OSS type locks: the so-called intervention media option is now linked to the firefighter option in iProtect.

5.1.18 20face integration

20face provides a contactless solution for office buildings using GDPR-proof facial recognition.

Functionality of the 20face application in iProtect

The integration between iProtect and the 20face system offers the following functionalities:

• Full integration with 20face cloud solution

  • Synchronize users

  • Add / delete face credentials

  • Send enrollment invitations (20face)

• Management, completely by iProtect

  • The user only uses the iProtect interface

• Advanced functions available, like:

  • Anti passback (hard and timed)

  • Anti passback support for face and card for the same person

  • Alternate unlock time

  • Trace card (Face)

  • Dual authentication with other credential (Card & Face)

  • High speed access for speed lanes (que card function)

  • Remote confirm by operator before access

  • Area changes, people counting

5.1.19 Default card data interpretation shown in reader dialog

Extra information about the card data interpretation.

Location: Installation | Hardware | Reader

If a <provisioner group> is selected in the card data interpretation, it is automatically assigned to the reader configuration. This was previously not visible in the reader dialog, now it is.

If no provisioner group is selected in the reader dialog, then it shows the provisioner group name at <Default for card data:> which is selected in the card data interpretation. This field is only visible if no provisioner group is selected.

5.1.20 UNII intrusion panels now also TCP/IP

Location: Installation | Hardware | Node

• Line type: Virtual

• Node type: General intrusion

• Driver name: Alphavision API driver

Previously, the Alphatronics panels communicated over UDP with iProtect. From 10.01 it is also possible to communicate over TCP/IP with the panels of Alphatronics. Communication over TCP/IP is recommended for new installations.

Setting in node dialog: <communication> select TCP/IP or UDP

5.1.21 Information about Host operating system (Pluto OS)

Location: Installation | Hardware | Line

In the line dialog, an information field has been added which shows the version of the Pluto's root filesystem.

Use:

This function has been added to show system information about the controllers from the management system. This is to determine whether an update is required for a controller.

5.1.22 New option in reader dialog office mode status

Location: Installation | Hardware | Reader

A new option is available to reader dialog named .

This setting follows the reader's Office mode and can be used to force the reader in or out of Office mode.

Use:

This function can be used to force readers out office mode by an action example: At 5 p.m., all readers must be out of office mode.

Table name: Reader | Office mode requested

5.1.23 New OSDP decoding option ascii to hex

Location: Installation | Hardware |

For OSDP protocols handled by the Nodemanager a new decoding option is available ASCII to hex.

Data what is sent as ASCII chars by the reader over OSDP can be converted to hexadecimal numbers.

5.1.24 License plate recognition without country code

Normally, we have always used license plates with country codes in iProtect. This was done because license plates without country codes can appear multiple times. To simplify the management of license plates and because sometimes the country code is not known during pre-registration, we have added the option license plate without country code.

The setup is done for LPR without country code is done in the menu about: card data interpretation

To create the interpretation, use the default card data interpretation “Number plate no country code”.

5.1.25 Support of URL based QR codes

For support of URL based QR codes or other barcodes where a part of the string must be used for access, iProtect can check for a start string or end string. In the Card data interpretation setup there are two options added for this in tab <Filter>

• Start tag ·

  • Could be a string of max 12 characters ·

  • The card data will start after the string ·

  • If empty the start will be the first character of the string

• End tag ·

  • Could be a string of max 12 characters ·

  • If found the carddata will stop at the begin of this string

Max. length of barcode data: 256 bytes

Max length of cardnumber: 64 bits

5.1.26 Unlock behavior <Follow unlock time, falls off at opening> add on

Location: Installation | Hardware | Reader tab <Door behavior>

For the case when the door stays open, and a card is presented normaly we don’t “open” the door again by pulsing the <Door control> output (because it is still not closed).

In some cases it its still wanted that the <Door control> output is pulsed for this case the option is added <Minimal door open time> this time wll be used to pulse the <Door control> output when the door is open and a valid card is presented.

Use:

In those cases where the operation of the door position contact is not certain or if it is defective, this may result in the door being closed and unable to be opened with a valid card.

5.1.27 Back up improvement

Location: Serverbox iProtect | Back up | Configuration setting Maximum backups

Now the daily backups can be expanded to 31 instead of 7.

The number of backups can be set in the server box.

5.1.28 INVR now also over HTTPS

We continuously improve the security of iProtect and its components, the following items have been adjusted, among other things.

• INVR now also over HTTPS ·

  • Checkbox “HTTPS port images” added in the INVR Node detail dialog ·

  • If selected also the port number can be set

5.1.29 Password expired

Location: Installation | Settings | Server parameters

If from version 10.01 the option "password expires in x days" is activated, a message will appear when you log in to iProtect:

• Password is about to expire

• Password has expired

The moment the message about the password is visible, you can immediately change the password.

5.1.30 VDG Sense support Herta face recognition

With version 10.01 also the VDG Sense Herta face recognition is supported in iProtect

The following options are available for the Herta coupling:

Location: Installation | Hardware | reader <Tab Other>

Type: Drop down list <access by camera>

• Automatic by camera key ·

  • Access is granted based on card or face only

• Verify card & camera key ·

  • Access is granted if a valid face & card is presented o

    • Time frame for the face detection is 10 seconds before or after presenting the card.

• Card required ·

  • Access is granted only by card, face recognition disabled

• Card required + wait for camera key ·

  • Access is granted when a valid card is presented and a face detection occurs within a configurable time. If the face is not detected within the set time, access will still be granted. ·

  • The waiting time can be set with the setting <maximum waiting time (sec)> (max 50 seconds)

5.1.31 Alphatronics XL support

Due to changes in the Alphatronics API, it is necessary to update the Alphatronics XL firmware for iProtect version 10.01 and higher. For those XL installations we have different firmware available in the following languages:

• English ALPHAVISION_XL_EN_TKH_311_19052021

• Dutch ALPHAVISION_XL_NL_TKH_311_19052021

• Danish ALPHAVISION_XL_DK_TKH_311_19052021

• Italian ALPHAVISION_XL_IT_TKH_311_19052021

• Polish ALPHAVISION_XL_PL_TKH_311_19052021

The firmware is available on request, please contact the TKH service desk

5.2 Maintenance

• Change of labels, in the service dialog Speed up of loading tree view items by large systems

• Added multithreading line manager

• Media elements change, some elements had wrong extension XSLT instead of XML

• Removed from iProtect

  • Obix Protocoll

  • GWT framework

  • Unused user interface dialogs

  • Paid parking related database tables

  • Time and attendance related database table

  • Intrada license plate recognition

  • Free switch SIP intercom

  • Special visitor registration forms (self-registration)

  • RFAPP reader drivers

  • Remote access service

  • Unused licenses:

    • 5100

    • 1540 Retail

    • 1512 Digit to park

• In several status overviews, the status was not shown for virtual lines

• Several network security improvements

• Calculation of amount of nodes in the database, is changed

  • Minimal 512

  • or the highest of the following calculation

  • 1: reader licenses (for TANlock concepts)

  • 2: Line’s x 3 (for the Apollon concepts)

• Several dialogs resized

  • Card data interpretation details

  • Database link details

5.3 End of life

• OSDP on reader manager ·

  • OSDP is moved to the Node manager

• Obix building protocol is no longer supported

5.4 Update attention points

In case of an older version than 10.00, please also check the update points of attention from version 10.00.