Documentation for ACFA PSIM 1.3.

Previous page General information about two-step verification  Face temperature monitoring and control Next page

Two-step verification includes configuration on the ACFA PSIM side and on the Face PSIM side.

Configuring two-step verification on the ACFA side

To configure two-step verification, do the following:

  1. Create the Virtual access server object on the basis of the Computer object on the Hardware tab of the System settings dialog window.
  2. Create the FACE verificator object on the basis of the Virtual access server object.
  3. Go to the settings panel of the FACE verificator object.
  4. From the Camera drop-down list, select the camera that captures faces. The camera must work as a part of the Face recognition server (see Configuring the Face recognition server object).
  5. From the Server drop-down list, select the Face recognition server.
  6. From the Control drop-down list, select the access granting mode:
    • Server decides—depending on the result of the access rights check or face verification, access is granted or denied.
    • Redirect always—regardless of the result of the second stage, the verifier redirects its solution to the external verifier (Event Manager/Script). Depending on the result, access is granted or denied.
    • Redirect if decline—if the first stage is successful, then this mode is similar to the Server decides mode. If the first stage is failed, then the solution is delegated to the external verifier.
    • Redirect if success—if the first stage is failed, then this mode is similar to the Server decides mode. If the first stage is successful, then the solution is delegated to the external verifier.
  7. In the Timeout field, enter the time in seconds after which the connection with the Face recognition server is terminated.

  8. If necessary, in the fields of the Cache parameters group, set the parameters that are specific for each ACS integration module.

    Note

    For example, in the PERCo-S-20 v.2 integration module, each request to the operator is accompanied by the request_id parameter. This parameter must be returned when confirming access, otherwise, the command is ignored. For the Hikvision ACS, such parameter is param1.

  9. Set the Generate custom Access granted / Access denied event checkbox if it is necessary that the FACE verificator object generates an additional event about granting/denying access, and specifies the reason for the denial. These events can be used to work with scripts or the Event manager interface module.
  10. From the Object type drop-down list, select the type of object that initiates the face check. Typically, this is an access point, a reader, and so on.
  11. From the Object drop-down list, select the object of the type specified above.
  12. From the Event drop-down list, select the event on which the face check is started. The list of available events depends on the selected object type.

  13. From the Reaction for access drop-down list, select the command that is sent to the initiating object upon the successful face verification. The list of available commands depends on the selected object type.

  14. From the Reaction for denial drop-down list, select the command that is sent to the initiating object upon the unsuccessful check/face verification. The list of available commands depends on the selected object type.

  15. On the Rights tab, from the Mode drop-down list, select the access rights check mode:
    1. Recognition onlyserver makes the decision to grant access based only on face verification.
    2. Rights checking—server makes the decision to grant access after successful verification of user access rights (access level, time schedules, blocking, antipassback) and, then, successful face verification. If at the stage of checking access rights, a discrepancy in rights is found, then the device is prompted to deny access, and face verification isn't started. The access denial event from the FACE verificator object isn't displayed in the Event Viewer. If you select this mode, the following settings become available:

      1. Check date of begin and Check expiration—sets the mode of checking the access card validity:

        • Do not check—do not check the start or expiration date of the card.
        • Do not include—do not include the start or expiration date of the card in the check.
        • Include—include the start or expiration date of the card in the check.
      2. AntiPassBack—select the antipassback control mode from the drop-down list:
        • Do not check—antipassback control is disabled.
        • Strict—antipassback control is enabled, that is, when a person accesses through one access point more that once, an access event isn't generated and access is denied.
        • Timed—antipassback control is enabled for the time period specified in the APB Timeout field.

          • APB Timeout—sets the time interval in HH:MM:SS format, during which the antipassback control is enabled.
        • Soft—a person can access, but a note is made in the access event that a person accessed with a violation (repeated access).
      3. Check liveness—set the checkbox to control if a photo is presented instead of a live person. By default, the checkbox is clear.

  16. Go to the Mask tab and set the Restrict access if checkboxes to deny access in cases marked by the checkboxes. If you don't set any checkbox in this block of settings, the mask recognition is ignored.

  17. Go to the Temperature tab and from the Mode drop-down list, select one of the options:

    • Do not check—regardless of the temperature, the recognized person is allowed access.
    • Threshold exceeding—access denied if the temperature threshold set in the Face recognition server on the Analytics tab is exceeded (for details, see Face recognition server settings panel).
    • Range—in the Lower threshold and Upper threshold fields, specify the minimum and maximum allowable temperatures, respectively. Access is allowed if the recognized person's temperature is within the specified range.

  18. Click the Apply button to save the settings.

Example of two-step verification configured for the Hikvision ACS integration module is presented below.

Two-step verification on the ACFA PSIM side is configured.

Configuring two-step verification on the Face PSIM side

Two-step verification doesn't require the face database.

On the Face PSIM side, do the following:

  1. Create the Face recognition server object on the basis of the Computer object on the Hardware tab of the System settings dialog window.
  2. On the basis of the Face recognition server object, create the Recognition channel and Recognition module VA objects.

Two-step verification on the Face PSIM side is configured.

  • No labels