C |
|
Calendar |
A calendar defines a set of holidays. The holidays within the calendars are then used in conjunction with access policies to control access during holiday periods. |
Camera |
Cameras record digital video files to be stored on the DVR. See also: Closed Circuit Television |
CAN (Controller Area Network) bus |
A 3 wire parallel communication bus that runs between the Gateway and up to a total of 15 additional modules. These additional modules can be any combination of Reader, Input, or Output modules. The distance limit on the CAN bus is 1320 feet. The last module on the CAN bus must be set to terminate the Can bus. |
Card |
See Badge. |
Card format |
The bit structure of a particular card. The average card format includes the card number, facility code, and parity bits. The two types of card formats supported by ICPAM are Wiegand and magstripe. |
Card format type |
The type of a card format, which may be Wiegand or magstripe. See also: Wiegand See also: Magnetic Stripe |
Card number |
The card number encoded within the badge, often on the magnetic stripe or internally for proximity cards. See also: Badge |
CCTV |
Closed Circuit Television |
CHUID/CUID |
Card Holder Unique Identity Model. |
Closed Circuit Television |
A collection of surveillance cameras conducting video surveillance. Each camera is viewable on a monitor. |
Controller |
A device that can accept one 10-wire Wiegand reader, or two 5-wire Wiegand readers, three inputs, three outputs, power fail, and tamper sensor inputs. The gateway communicates with the CPAM server over TCP/IP via Ethernet. It also communicates up to 15 additional reader, input, or output modules over a 3-wire CAN bus. The gateway can be powered using either PoE or 12V or 24V DC. The controller can download badge access credentials and store them locally permitting access control even without network connectivity to the ICPAM server. Events that occur while the connection to the server is down are stored locally and uploaded to the ICPAM server once the network connection resumes. Two types of controllers are offered by Identiv: Cisco Gateway and EM-100 Edge Controller. |
CCOTZ |
Card- or Code-only during time zone. This indicates that the reader or door so marked can only be opened by card or code during the specified time zone. Outside of that time zone, other rules apply. |
Credential |
A general category that includes login, badge, and biometric; something that is used to gain access to a physical or logical resource. See also: Login See also: Badge See also: Biometric |
D |
|
Dashboard |
A module with real-time graphs, charts, and diagrams that is used for monitoring details and statistics for the system. |
Debounce is a parameter representing the number of consecutive scans that must be in agreement before changing the state of the input point. Debounce is used to prevent incorrect reads. Each scan period is 16.7 milliseconds. The recommended setting for a REX is 2 and 4-6 for standard inputs. See also: Input point |
|
A dedicated micros driver is a software device that manages the sending and receiving of data between the CCTV cameras and the DVR. See also: Driver |
|
Default Gateway |
In a network using subnets, the router that forwards traffic to a destination outside of the subnet of the transmitting device. See also: Subnet |
A sub-division of an organization, and used to organize personnel. See also: Organization |
|
A hardware (and in some cases software) component in the system. Events are generally associated with a Device. Devices also can have different states with varying color and severity. |
|
Device Status |
The real-time status of a device. Examples include: Online, Offline, Unknown, Secure, and Alarm. Each state has an associated color and severity. Not to be confused with top alarm state, which depends on operator actions in the application. For example, if a door is forced open, and then shut again, the status will go from forced open to secure, but the top alarm state will reflect the forced open state until an operator clears it. See also: Top Alarm State |
Allows operators to monitor the real-time status of all devices connected within the access-control. Operators can view the device properties, as well as status and the top alarm at any given device. |
|
DHPC |
Dynamic Host Configuration Protocol (DHCP). A network application that automatically assigns IP addresses to devices in the network. The Cisco Physical Access Gateway can obtain an IP address via DHCP. DHCP options 150 and 151 can also be passed with the DHCP lease. These options point the controller to the ICPAM server and TCP port to use for the Gateway to ICPAM server TCP/IP session. The Gateway can also have a static IP address. The ICPAM server should have a static IP address. The Reader, Input and Output modules do not require an IP address. |
A set of small on-off switches mounted on hardware. The dip switches are used to configure settings on the hardware. |
|
Door contact |
A door contact is a device that monitors whether a door is open or closed. A door contact is part of an access point. See also: Access point |
Door strike |
A door strike is a device that physically locks or unlocks the door. A door strike is part of an access point. See also: Access point |
A process on a host computer used to communicate between the host computer and hardware devices. Different types of supported hardware generally have different drivers. |
|
A driver manager is a software device that manages all drivers in the system. See also: Driver |
|
Duress Request |
This is a feature used by a badge holder under duress on a reader/keypad configured to accept PIN and Duress entries. If the badge holder enters their assigned PIN plus the configured duress key or keys, this will send a duress signal to the access-control system. For example: Duress code is configured as 1 digit, and that is 5. An individual has a personal identification number of 1111. If that individual enters 11110 or 1111, no duress indication is sent to the access-control system. If the individual enters 11115 a duress indication will be sent to the access-control system. In this example, any PIN entry of 1111x, where x is 0 through 4 or 6 though 9 will result in grant access with no duress signal. Only a PIN entry of 11115 will grant access with a duress signal. If the user enters 1111 only, the PIN entry time-out will have to expire and the individual will be granted access with no duress signal. |
DVR |
DVR is an abbreviation for digital video recorder. A DVR records video from CCTV cameras to disk. Allows for viewing of live or past video. See also: CCTV |
E |
|
EDI |
The acronym for Electronic Data Interchange which is the transfer of data from one computer system to another by standardized message formatting without the need for human intervention. EDI permits multiple companies -- possibly in different countries -- to exchange documents electronically. Data can be exchanged through serial links and peer-to-peer networks, though most exchanges currently rely on the Internet for connectivity. |
Encryption |
A method of securing data so it cannot be read by unauthorized users or applications. ICPAM's configuration file and card database located on the controller are encrypted. ICPAM backup files created by the back up process are encrypted with a password. The password used when creating the backup file must be entered when using the file for a restore operation. |
An activity within the system, recorded to the database, and available for monitoring or reporting. |
|
A module used to configure the way events are processed and displayed. This following attributes can be configured: • Is alarm: This determines whether the event is an event or alarm. • Is recorded: This determines whether the event is recorded. If the event is not recorded, it can not be an alarm. • Priority: This determines the priority of the event or alarm. • Alert sound: The sound to be played when the event occurs. See also: Event |
F |
|
Facility code |
A segment of bits encoded on a card which represent a number in association with a facility. Often all cards issued for a single facility will have the same facility code. |
Fail-Safe lock |
A lock that requires voltage to remain in the locked state. If voltage is removed, the lock will move to the unlocked state. |
Fail Secure lock |
A lock that does not require voltage to remain in the locked state. If voltage is removed, the lock remains in the locked state. |
FASC-N |
Acronym for Federal Agency Smart Card Number. |
Filter |
A tool allowing operators to select which objects should be displayed. |
Foreign Identification Number. Used as an alternative to the Social Security Number (SSN) issued to American citizens. |
G |
|
GND pins |
Ground for the DC voltage input. |
Graphic maps editor |
A module which allows graphic maps to be imported and configured. A graphic map can have links to other maps and or links to other devices. The map links can be used to navigate between maps in the Graphic Maps Viewer. The device links show the real-time status of the device in the graphic maps. |
Graphic maps viewer |
A module allowing facility maps to be viewed. The Graphic Maps Viewer displays the location and status of devices within the facility. The maps can also contain links used to navigate to other maps. |
H |
|
HA |
Acronym for High Availability. In the event of physical server failure, affected virtual machines are automatically restarted on other production servers with spare capacity. In the case of operating system failure, VMware HA restarts the affected virtual machine on the same physical server. |
See Device |
|
A module allowing operators to add, edit, and disable the hardware. See also: Device |
|
The hardware tree is a hierarchical display of all devices in the system, seen in the Hardware - Tree module and the graphics. Each device in the hardware tree can be expanded or collapsed to show or hide its sub-devices by clicking the + or - to its left. See also: Device See also: Hardware tree See also: Hardware module |
|
Hexadecimal |
A base-16 numbering system written using the symbols 0–9 and A–F (or a–f). |
A company manufacturing the industry standard proximity access-control cards. See also: Proximity |
|
The amount of time in seconds that the system will ignore an active state of a monitor point. The system will hold a higher priority status before a lower priority status is reported. As an example, motion detectors can sometimes trigger multiple times per second which could cause the Event logs to quickly fill with unnecessary data. |
|
Hot stamp |
The number physically printed or embossed on a badge. This number is generally independent of the Card Number. Not all badges have a hot stamp number. See also: Badge |
HSPD-12 |
The acronym for Homeland Security Presidential Directive-12 which is a policy for a common identification standard for federal employees and contractors. |
Hypertext Transfer Protocol Secure. A combination of the Hypertext Transfer Protocol and a network security protocol. Gateway and ICPAM HTTP access is via HTTPS. See also SSL. |
I |
|
ICPAM client |
A Java applet running on a Windows client PC or workstation that is used to manage the ICPAM server and associated Gateways. It can be used to monitor the physical access system of sensors and locks. It can be used to configure the operation of the ICPAM server and the access modules. |
ICPAM server |
An appliance used to manager and monitor a physical access infrastructure comprised of door, reader, input, and output modules. It can interact with corporate directories like LDAP or MS Active Directory to validate access credentials for user access badges. It also interacts with Cisco VSM to provide video for configured devices and events. |
A sensor that has 2 states, open or closed. The steady state can either be normally open (NO) or normally closed (NC). When moved to the non-steady state, the input is used to make a decision. Typical input is a door sensor. It is used to determine if the door is in the opened or closed position. An input has 2 pins marked + and -. Gateway, Reader, and Input module inputs can be supervised or un-supervised. See also Supervised input. Inputs do not require separate power because it is supplied from the module. |
|
A device that can accept 10 inputs. It communicates with the ICPAM server via the CAN bus and the controller. The module requires an external 12V to 24V DC source and cannot be powered via POE. |
|
IP address |
The Internet Protocol address. The gateway can obtain an IP address via DHCP. DHCP options 150 and 151 can also be passed with the DHCP lease. These options point the controller to the ICPAM server and TCP port to use for the gateway to ICPAM server TCP/IP session. The Gateway can also have a static IP address. The ICPAM server should have a static IP address. The reader, input, and output modules do not require an IP address. |
L |
|
The acronym for Lightweight Data Access Protocol that is a networking protocol for querying and modifying directory services running over TCP/IP. |
|
Light-emitting diode. A semiconductor diode that converts applied voltage to light. LEDs are used to display status, communication, and other information on various devices. |
|
The default hostname describing the local computer's address. |
|
A credential used to obtain access to the application as an operator. A login has a username and password, along with a set of profiles which determine what the operator has access to within the application. See also: Profile |
|
A module used to manage operator logins in the application. See also: Login |
M |
|
MAC address is an abbreviation for Media Access Control address that uniquely identifies each node of a network. Each type of network medium requires a different MAC address. |
|
A strip of magnetic recording material on which a certain data is stored. See also: Card Format Type, Wiegand |
|
A hardware state for inputs and access points where one or more active conditions will be reported to the software as masked. |
|
An independent section of ICPAM with some distinct function. |
|
A type of hardware which can combine multiple communication channels into a single communications channel. |
O |
|
output |
A device that requires a trigger to change state. The steady state is either normally open (NO) or normally closed (NC). After a decision is made for the device to change state, the module output interface will open or close a relay to trigger the device. A typical output device is an electric-mechanical door lock. For example, when not triggered, the lock is in the ‘locked’ position. When triggered by the output module, the lock moves to the ‘unlocked’ position. Outputs generally require power, and the output module will either close or open a relay to trigger the device. The power to drive the device should be inline with the relay on the output module. The output relay on the module has 3 pins marked NC, C, and NO. NC is normally closed, C is common or ground, and NO is normally open. An exception might be made for a POE-capable lock, where the power for the lock is obtained from the reader attachment of a Gateway or reader module. |
Output module |
A device that can drive 8 outputs. It communicates with the ICPAM server via the CAN bus and the controller. The module requires an external 12V to 24V DC source and cannot be powered via POE. |
An organization with which a personnel record can be associated. |
P |
|
The acronym for Adobe's Portable Document Format which represents a printable/viewable document in a manner that is independent of the original system used to create it. Viewing PDF documents requires the Adobe Reader that is freely available at www.adobe.com. |
|
A module used to manage personnel information. |
|
PF input |
This input is used to detect a power failure. If activated, an alarm is posted notifying the administrators that a device has lost power. The PF input has 2 pins marked + and -. This input can be re-allocated to act as an unsupervised input. |
Personal Identification Number. A badge has a PIN associated with it, which, depending on the configuration of an access point, is entered into the keypad on the access point's reader. |
|
The acronym for Power Over Ethernet which provides up to 15.4 watts to power devices attached via a CAT5 cable to a POE-capable switch. |
|
Power Over Ethernet |
See POE. |
Privileges define what a credential has access to. Examples of privileges include access policies and profiles. See also: Credential, Profile, Access policy |
|
Profile |
A profile determines the software modules and the commands that an operator has access to upon logging in. |
A module for managing profiles. See also: Profile |
|
A technology where the presence of a certain object can be sensed by a device without having direct contact. See also: HID |
R |
|
A reader is a device for receiving a card number and/or PIN from a badge holder. |
|
Reader module |
A device that can accept one 10-wire Wiegand reader, or two 5-wire Wiegand readers, three inputs, three outputs, power fail, and tamper sensor inputs. It requires a controller to facilitate communication with an ICPAM server. The module requires an external 12V to 24V DC source and cannot be powered via POE. |
A device that responds to a small current or voltage change by activating switches or other devices in an electric circuit. |
|
REX is an abbreviation for “request to exit”. A REX is a type of door hardware, typically a button that allows people to exit through an access point without using a badge. When a door state changes from closed to open, it means someone has unlocked the door from the secure side. If the door state moves from closed to open, with no valid reader swipe or REX activation, it can indicate that the door was forced open. A REX is part of an access point. See also: Access point |
|
A method of hardware flow control used in serial communications. |
S |
|
Scroll lock |
A tool button in some modules that allows the operator to stop the scrolling of items in the window. New items will continue to be added to the window, but the window will not automatically scroll to show the most recently added item. |
A method of communicating over a dedicated line. |
|
A site is a single instance of an ICPAM database. It generally, but does not necessarily, correspond with a single geographical location, such as a building complex, building, or part of a building. Most installations of ICPAM only have a single database, and hence a single site. Multiple sites are used in larger configurations, for example a company with offices around the world, with an ICPAM database at each office. |
|
The acronym for Social Security Number which is a nine-digit number issued to individuals by the U.S. government for tax purposes, and is often used as an identification number. |
|
Acronym for Secure Sockets Layer. A security protocol for secure connections using over the Internet. Gateway to ICPAM server can utilize SSL for the connection. All gateways and ICPAM server must be configured similarly either for SSL, or for no SSL. A mix of SSL and non-SSL is not supported. Gateway and ICPAM HTTP access is via HTTPS. See also: HTTPS |
|
See Device Status |
|
A portion of a network, which shares a common network address with other portions of the network and is distinguished by a subnet number. On TCP/IP networks, subnets are defined as all devices whose IP addresses have the same prefix. For example, all devices with IP addresses that start with 100.100.100 would be part of the same subnet. |
|
A supervised input has 4 states. (1) Short (2) Open (3) Non-Alarm or (4) Alarm. An unsupervised input has 2 states. (1) Normal or (2) Alarm. Unsupervised inputs have limited functionality. If a wire is cut or shorted between the input module and a normally open device, the server cannot determine the change and the device would remain in inactive state even when the switch is closed. To make the input device supervised, use two 1K resistors in the circuit. •In the inactive state, the circuit measures 2000 ohms. •In the active state, the circuit measures 1000 ohms. •In the short state the circuit measures 0 ohms •In the open state the circuit measures infinite ohms. After the input device is supervised, ICPAM can determine if a wire is cut or shorted. See also: input, Input module, Device Configuration Properties |
T |
|
A protocol for communication between computers, used as a standard for transmitting data over networks and as the basis for standard Internet protocols. |
|
An Internet communications protocol that enables a computer to function as a terminal working from a remote computer. |
|
A period of time defined using a start time and time. Each period has a list of days of the week (Sunday through Saturday) and holidays of when it can be active. |
|
The time an event or alarm was actually received by the access-control system and stored in the database. |
|
A defined set of time intervals used to make access-control, triggering, and other decisions. See also: Time interval |
|
24 longitudinal divisions of the globe, nominally 15 degrees wide, in which clocks show the same time. |
|
TM input |
This input is used to detect if a component box is being tampered with. It acts like a normal input and would be in the normally closed position indicating that the component box access door is closed. Once opened, this input would alert and administrator that the component access door is, or was, opened. The TM input has 2 pins marked + and -. This input can be re-allocated to act as an unsupervised input. |
The most important alarm present at a given device based on alarm state, time, and priority. See also: Alarm and Alarm state |
|
The state of the top alarm at a given device. Possible states include active, acknowledged, and cleared. Each state has an associated color, possible blinking, and severity. Not to be confused with device status, which is independent of operator actions in the application. For example, if a door is forced open, and then shut again, the status will go from forced open to secure, but the top alarm state will reflect the forced open state until an operator clears it. See also: Device Status, Alarm state |
|
A trigger waits for an operator-defined combination of events, addresses, properties, and time schedules to occur, then executes a procedure. See also: Procedure |
|
Triple Technology Reader. A reader which combines three devices in one: a magnetic card reader, HID proximity card reader, and piezoelectric keypad. |
U |
|
An option which can restrict a badge to a certain number of uses. The default is 0 (off). See also: Badge |
|
A sequence of characters used as identification when logging onto an application. |
V |
|
An option within the filter tools, giving operators the capability to view the actual filter definition as an SQL-like expression string. See also: Filter |
|
VIN pins |
Voltage input. This is where you can use +12 to +24 volts DC to power the module. |
W |
|
A Wiegand card format stores card data using binary values. The information includes parity error detection, facility code, and the card ID. Each card has a particular format that must be configured in the access-control panel to permit the panel to correctly interpret the card data. A very common Wiegand card format is the 26-bit format, with the first and last bit for parity, 8 bits for the facility code, and 16 bits for the card number. When configuring the Credential Template on the ICPAM server you must configure it to match the card format for the reader. |
|
Wiegand Interface |
This is a 10-pin interface on the gateway or reader module used to attach a card reader. The 10-pin interface can be logically configured to operate as two 5-wire Wiegand interfaces to support two readers. When run in 5-pin mode, the LED function on the reader is not used. The minimum leads needed for the Wiegand reader to work are: • PWR = Power • GND = Ground • D0 = Data bit 0 • D1/clock = Data bit 1 and the clock • GRN = LED power • DRTN = Data return (1 end only) |
An interactive utility that guides an operator through potentially complex tasks, including adding and configuring a new sub-controller. |