iProtect - 20Face

Owned by MB
Last updated: Dec 18, 2023
5 min read

Installation Manual | TM-20221227

iProtect Access / Security | Functionalities |

 

This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.

 

1. Introduction

20face provides a contactless solution for office buildings using GDPR-proof facial recognition. The entire daily use (person management) is done by iProtect.

This document provides an overview of the functionalities and also the steps required to connect 20face and iProtect.

2. Support and license

Below is an overview of support for both the hardware and the software, including the necessary license:

Support

Version

Maximum

License number

Support

Version

Maximum

License number

iProtect

>= 10.1.xx

 

IPS-ON online card reader license

 

External services

Pluto

 

 

20face IDbox

 

Max. 4 per Pluto

 

Virtual card readers

 

Max. 8 per Pluto

 

 

When using 20face, the 'calamity card' function cannot be used.

3. How does it work

In iProtect, the 20face facial recognition is handled like a card reader. As a result, most of the functions available for a physical card reader are also available for the 20face solution.

The connection between the Pluto and the 20face IDbox is based on the OSDP protocol via TCP/IP. The IDbox is created within iProtect as Node. Several card readers can be linked to the 20face node, where the card reader is the camera that sends an ID when it recognizes a face.

4. Functionalities 20face application in iProtect

The integration between iProtect and the 20face system offers the following functionalities:

Description

Details

Description

Details

Full integration with 20face cloud solution

  • Synchronize users

  • Add / delete face credentials

  • Send enrollment invitations (20face)

Management, completely by iProtect

  • The user only uses the iProtect interface

Advanced functions available like

  • Anti passback (hard and timed)

  • Anti passback support for face and card for the same person

  • Alternate unlock time

  • Trace card (Face)

  • Dual authentication with other credential (Card & Face)

  • High speed access for speed lanes (que card function)

  • Remote confirm by operator before access

  • Area changes, people counting

5. Setup

20face is a cloud-based solution, which means that an internet connection is necessary. Before proceeding with the following chapters, check if iProtect can connect to the internet.

Browse to the Maintenance page or cockpit from iProtect and check:

  • if gateway address is set

  • if dns server ip address is set

5.1 Node

Determine to which Pluto(line) the 20face IDbox should be connected.

  • In iProtect, browse to menu: Installation | Hardware | Line.

  • Select the Pluto where the identity box should be connected

  • Right click on the Pluto and add a Node

Only the used fields are described in the table below.

Field

Content

Field

Content

Name

Logical name e.g. 20face

Features

Node

OSDP

OSP compatibility

Fully compliant

General

Name

Logical name is mandatory

Login 20face

Username

Fill in username

Password

Fill in Password

SSL

Use SSL

Default on

Aloow self signed

Default on

Allow expired

Default on

No Hostname check

Default on

Client communication type

Less secure client communication

Status

Node online

Selection option to activate

Address

HTTP port

8888

IP address

IP address 20face IDbox

URL

Reserved future use (default “/”)

 

When using iProtect <=10.2 SSL settings are in de Node dialog. These settings can be determined depending on the situation.

5.2 Card data

5.2.1 Card number presentation

Card Number Presentation is needed to determine how to enter- or display the card number.

  • In iProtect, browse to menu: Access | Settings | Card coding | Card number presentation.

  • Right click in the search field and choose “add Card number presentation”:

Field

Content

Name

Logical name, e.g 20face

Format

Personid as cardnumber

5.2.2 Card data interpretation

Card data interpretation is needed to determine how to interpret the data from the mobile devices.

  • In iProtect, browse to menu: Access | Settings | Card coding | Card data interpretation.

  • Right click on the “Card number presentation” that was just created and choose “add Card data interpretation”.

Field

Content

Name

Logical name, e.g 20face

Default card data interpretation

cardnumber is personid (press set)

Format

Reader communication protocol

ABA

Card type

Decimal to data lenght

5.3 Configure the Service / database link

In iProtect, browse to menu: Installation | Settings | Services | Database link:

  • Right click in the search field and choose “add database link”

  • Select typ: 20face Face Recognition

Field

Content

Description

Name

Logical name. e.g 20face service

 

Status

Active

“Checked”

 

Remote server

Login name

Enter the login name

Supplied by installer

Password

Enter the password

Supplied by installer

Time out (sec.)

45

 

Parameters

Project id

 

Supplied by installer

Card data interpretation

Select the 20face card data interpretation

 

Main Domain

The Connection URL

Default: https://backend.20face.nl/api/access-management

Authorization

Read

Everything

 

6. Quick setup

6.1 Add person

In iProtect, browse to menu: General | Person:

  • Right click in the search field and choose “add person”.

  • Enter the Name, prefix and first name.

6.2 Add email address

In iProtect, browse to menu: General | Person:

  • Right click in the search field on the created person (see: 5.1), choose “add contact” .

  • Select at Contact type “email address”.

  • Add a description.

  • Add an unique email address.

6.3 Add card

In iProtect, browse to menu: General | Person:

  • Right click in the search field on the created person (see: 5.1), choose “add card”.

  • Select at Card number presentation “20face”.

  • Select option “Valid”.

  • Select option “Unlimited”.

  • Press “Save”.

  • An additional field is displayed “Email”.

  • Select the “Email address” and press “Send”.

The invitation has send (default valid for 7 days before it expires and a new invitation ha to be send). It can take a couple of minutes before the email arrives. Please follow the instruction in the email to finalize the registration of the face recognition.

Once The face is registered, it will take less than 10 minutes before the complete system is operational.

6.3.1 Adding access rights

In iProtect, browse to menu: Access | Card:

  • Search for the created card (See 6.3)

  • Select the card in treeview and open in the treeview the “card group list” and enable the card group(s).

7. Events

Type

Description

Type

Description

System offline

If the network connection is lost between the Pluto and the IDbox, face recognition shall not be functional

Date / Time

If an event has a * before the date/time stamp, it means that the correct time of the event does not have the expected timestamp. For example, this can be dated 1 Jan. 1970. iProtect will change the time to the current time marked with *. not to lose these events

User logs in/out events

User log- in and out are the internal connection messages of iProtect with the service that is connected:

  • User logs in (21) => Connection: 4, Process: 38, WEBSERVICES:20face

  • User logs out (22) => Connection: 4, Process: 38, WEBSERVICES:20face

Webservice

Web server messages are messages about communication with the 20face cloud application:

  • Webservice finished (372) => Connection: 4, Process: 38, WEBSERVICES:20face

  • Webservice started (371) => Connection: 4, Process: 38, WEBSERVICES:20face

  • Webserver connected (320) => Connection: 4, Process: 38, WEBSERVICES:20face

Node events

Node events are messages about the connection between IDbox and Pluto:

  • Node disconnected(11) +> Node:20face

  • Node connected (11) +> Node:20face