ONVIF Access Control Profile D Examined
ONVIF has released Profile D, adding to its access control specifications covering peripheral devices, including readers, biometrics, intercoms, and even LPR.
ONVIF has historically been a non-factor in access control, the irrelevance starkly contrasted with its success in video surveillance, including over 22,000+ devices supported.
Inside this report, based on conversations with ONVIF, we examine:
- What the Profile Scope Includes
- Versus OSDP and Wiegand
- Data Encryption Is Optional
- No Profile D Clients/Devices Available
- Poor Adoption For ONVIF Profiles A & C
- Potential Impact
Profile * ** *** ****** ***********
******* * **** ** *****'* ****** support ** ********** ********** ***** ******* like **** *******, ********* *******, *** cameras, *** *********.
******** ***** ****** ******** ** *** address ***** *******, ** **** *********** ********* *** *********** *********** *** ***** ******** *******.
******* * **** *** ******* **** controller/access ********* ** *******, *** ** focuses ** *** ***** '*******' *********** data ** *** **** '*******'. *** communication ** ************* ******* ******* *** management *******/***********. ***** ****:
[***** ******* *] *** ****** ***** the ********** *********** ** *** ******* D ******, ***** ** **** ***** a ******* **** ** *** ****** to ***** ** **** ****** ** request **** ***********, **** ** * pin ** **** *** ********.
Includes *** *** ***** *********
*** ******* ****** **** ***** ** devices **** ****, **** ***** * also ******** ******* ***** ****** ****** and *********. ******* * ************ ********* how ***** ******* *********** **** ****** control *******.
***** ********* *** *** ***** ***** profile *********** ***** **** ******** *** these *******:
**** ******* *, ***** *** *** such ***** ** *** *******, **** stations / ********* ***** ***** ***** profiles *** ***** ***********. **** *** intercom/door ******* *******, *** ****** *** use ******* */* ** * ** send *** ***** ** *** ****** requesting ****** ** **** ** *** camera ******* **** ******** ******** ***** Profile * ** *** ******* ***** to *** ****** ******* ****** *** the ****** ********.
******* *********** *** *** ** ********* into ****** ** **** *** ******* or ***** ********* *********, ********* ***.
Wiegand **********
*** ***** *, ********** **** ******* include ************* *** ********** **************, *** ability ** ****** ******* **** * software ******, *** ***** * ******** TCP/IP ***** ******* ** ****** ****.
OSDP **********
***** ******* * *** **** *** similar ** *** ********* ****:
- ************* ************* ******* *********** *** *******, allowing '***********' ** ******* **** ******* does ***.
- *** ******* ** ******* **** **** reader ** ********* **** ****, ****** Weigand **** **** ***** **** ** raw, *********** ******.
- ***** * *** **** **** ***** daisy-chaining ****** **** *:* ********** ******* peripherals ** *********** **** *******.
***** ******* * *** *** ********* advantages **** ****:
- ****** ***** *********** *** ************** **** other ******** ****** ********, ********* *****, Storage, *** *********, ***** **** (***** access ****) **** *** ***.
- ******** ******* *** **** ***** *** video, ***** **** **** ***.
- ******* ** '*********' ******** *********** ** the ****** ** ******* ***** **** entry, ******** **** **** **** ** a ******** ******/******** ******* **********.
- ****** ****, ******* * **** *** describe ******* ****** ** ******* ************ distance, *** ********** ******* *** ** added ** ** ****** ****** ***** Profile * ********* ******* ****** **** OSDP's ****** ********/********** ***** *** ** an ********* ** **** ***** *******.
**** *** *** ********* ********** **** ONVIF ******* *:
- *********** ******** *******. **** *** **+ members ****** ******* *** ******* **** support **, ***** ***** * ********* has *.
- ******* *** ******** ******** ******** ******* like **********, **********, *** ***** *********** like ****** **** ********.
- ******/****** ************* *** ****** ** ******* specific **** ********, ***** ***** * requires *** ********* ******** ** ** supported **** ** *** **** ** the *******.
*******, ***** **** ** *** ****** functionality ********, **** *** ******* * compete **** **** *****. *** ********* case *** ***** * ** **** in * ****** ***** ***** ******** are ******* *********, ** ** * compatible *** ***** ***** ********* ** not.
** ***** ***** '**** **** ******* D ** **** **** **** ***?' They *********:
******* * *** **** ** **** some ******* ** ***** *************.
*******, ******* * ** ******** ** extend *** ************ ** * ****** already ***** **** ***** ******* ********** products. **** ******* *, ***** *** add **** ***** ** *** *******, door ********/********* ***** ***** ***** ******** for ***** ***********. **** *** ********/**** station *******, *** ****** *** *** Profile */* ** * ** **** the ***** ** *** ****** ********** access ** **** ** *** ****** provide **** ******** ******** ***** ******* M ** *** ******* ***** ** the ****** ******* ****** *** *** access ********.
******* * ********* **** ** *** BACNet ************* *** *** ********** **** is *********. * ******* * ****** may ********** ******* *****/***** ******* ** credentials *** ***** ** ******* **** feedback ** * ****** ***** ******** to ****.
Encryption *** ******** *** ******* *
***** * **** *** ******* **********, instead, ***** ********** ***** *** *.* or ***** ** ******* ****. ***** TLS *.* ** ****** *********, *********, given *** **** ** ****** ***** D **************, ** ****** ********* *** widely ** *** ****** ** *** 1.2 ** ***** **** **.
No ******* * *******/******* *********
** ** ***********, ** ******** ********** system ** ****** ** ******* * conformant. ***** ********* **** ** *** Conformance **** *** ** ****** ** select ******* *:
***** *** *** *** *** ******* D ********** ********.
** ******** ****** ********** ** *** when ******* *** ********, *** *** majority **** *** ***** **** ******* D *** *********.
** *******, **** **** ** **** if/when *** ****** ****** *** ********* request *********** **** **** ******* **, but ******** ** *** ********.
HID/Mercury ******* * ******* *** ****** ********
******* ******** ** ******* ** *** record. *******, ***** ** *** ********* of ***** ********** *******, ** ***** be ****** ********* ** **** ******** Profile * ****** ******* * ****** significant ******* **** ** ***** ** signs ** *********.
Feeble ******** *** ***** ******** * & * *** *********
*** ******** ** *****'* ******** ****** profiles ** **** *** ******* ******. Only **** *** ******** ********* *******, with **** ******* *********** *** **** having ******* ******* * *** ******* C ******* ***** ****'******* ******* **** *** **** *****.
****** * **** *******'* *********** *********** ***** **** **** ** ********** the ********:
** ***** ***** ** ********** ******* profile ** ******* ** * **** when ****** ******** ** ******** ******** is ** ****.
***** ***** ** **** ******* ** the ********** ****** ** *** ****** market, *************** ** * ********* *** that ** ****** ******* *** *** and *** ********, **** *** ********** ONVIF ****** ****** *********:
**** *** ****** ******* ********, ***** is ****** ** ***** *** ****** as **** ** *** *** ****** control ******* * **** ********** *** proprietary ******. ** ***** **** **** will ****** ** **** ** ***** legacy ******* *** *** **** ** be ******** *** ************* ******* **** the ************* ** **** ******* **** the **** **** **** ******** ****** in * ***** **** ** ********* and **** ****** ****** ** *********** and *************.
***** ***** **** **** *********** ******* and ********** ********** *****, **************** ***** make *********** ****** *** **** *********:
*** ********, ********* ****** ** **** to ********* ***** *** ****** ******* systems, *** ***** ******** ******* **** possibility. *** *******, ** *** **** a ******* * ****** **** * relay ******, **** *** ******** ** Profile *, *** *** *** **** device ** ******** **** *****. **** support *** ******* * *** ***** facial ** ******* ***** ***********, *** can **** * ****** **** ******* access ******* **** ****** ****** *** cost.
Potential ******
**** ******** * *** *, ***** did *** ******* *** ** *** biggest ***** ***** **************** ** * practical ***** - ******* ******* *** controllers.
******* * *** ****** **** *** increases *** ***** ** *********** **** intercoms **** *** ***** ********** **** access. **** ** * *********** ******** for ***** * ** ******** ******** choices **** ****.
*******, *****'* ********** *** *********** ** the ****** ****** ******* *** *** does *** ****** ** ** *********. Regardless ** *** *******'* *****, ** vendors *** ***-***** ********* *** *****, ONVIF's ******* ** ****** **** ******** to ********.
Poll / ****
**** **** ***, *** **** ***** change ** ****** *****. * **** audit ***** * ******** ** ****** quarters *** ****** ** ********/ ** coadoption ** *********.
*** *********** ** ******* * ** very *********** *** *** ***** ********** as **** *** **** ******* ***** to *** *****. ****** ******* *** other ***** ******* **** *** ** powered *** ********** ************* **** * single ******** ***** **** ***** (** the ****) *********** *** ** * game *******. *** *** **** **** will ** * ******* **** ****** on *** ************ *********** *** ***** in **** * *************.
***** ***** ** ******* ******* **** and ***** ******* *, * ******* that ** ** ************* ******** *** access ******* ******* ** ******* **** standards ** * ******** ******. **** any ******* ********* ***** *** **** support *** **** ********* ** **** way?