alcatraz Rock User manual
Rock
User Guide
Ver. 1.01
2Ver. 1.01
Contents
Rock Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Learn About the Rock 5
How does it work? 5
Explore the Rock’s Features 5
– 1 Access Control 5
– 2 Tailgating Intelligence 5
– 3 Mask Intelligence 5
– 4 Video Streaming (ONVIF) 6
What is The Rock Compatible with? 6
Pre-Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Cloud-Hosted Pre-installation Requirements 8
On-Premise Pre-installation Requirements 9
Generate QR Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Overview 11
QR Code Generator 11
Hardware Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
End-to-End Installation Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
OLED Display 18
How is a successful install confirmed? 18
Out of the Box Settings 18
Pre-Requisite 18
Step 1A – Auto-Enrollment (Badge-in #1) 19
Step 1B – Auto-Enrollment (Badge-in #2) 20
Step 2 – Authentication (No Badge-in) 21
Rock Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configure Network Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Onboard a Rock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Login to the Alcatraz Admin Portal 27
Verify Existing Site or Create a New Site 27
Enter the Device ID 28
Select the Device to be Configured 28
Authenticate the Device 29
Name the Device 30
Configure Rock Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Configuring Mode via Admin Portal 34
Add a Parameter - device.role 35
Select the Operational Mode for the Rock 37
Device Mode Setting – Demo 38
Device Mode Setting – 1FA 39
Device Mode Setting – 1FAF 40
Device Mode Setting – 2FA 40
Device Mode Setting – Mask 41
Device Mode Setting – Enrollment 42
Configure Badge Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configure Badge Format 44
Configure Pre-defined Card Format 45
Configure Custom Card Type 46
Hold, Tamper, Factory Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Hold 48
Tamper 48
Factory Reset 48
3Ver. 1.01
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Warranty 50
Documentation 50
Help Center 50
Support Phone Line 50
Troubleshooting 51
Table of Icon Names 52
Contents Glossary
1FA Single Factor Authentication allows a user to access an area with either a badge
credential or facial authentication.
1FAF Single Factor Authentication Face-Only allows a user to access an area with facial
authentication only.
2FA Two Factor Authentication requires a user to swipe a badge with facial authentication to
access an area.
ACS (Access
Control System) A system that controls who has access to a space, determines who can enter or exit.
Badge Format Physical definition of the access badge.
Card Format Digital representation of the badge ID programmed onto a physical badge.
Crossing A person enters a space when the user exits.
Enrollment
The process to bind a badge with a user to create a profile that is unique to the user for
authentication purposes. The Rock can perform auto-enrollment where it will learn over
time and associate a badge with a user. The Rock can perform manual enrollment where
the user profile is created in one shot.
Mask
Enforcement
Mask enforcement can be set in the Rock to ensure that a user must always wear a
mask when entering a space.
Non-Authorized
Entry A user cannot be identified when entering a space.
Onboarding Steps to associated the Rock with the Alcatraz Admin Portal once physical
installation is complete and confirmed to be wired correctly.
ONVIF (Open
Network Video
Interface Forum)
Forum to standardize IP-based video security products.
ONVIF Profile S Supports basic streaming and configurations.
ONVIF Profile T Expands on Profile S to widen features covered such as imaging configurations,
compression formats, HTTPS for secure video streaming.
Spoofing A user is followed by another person when entering a space.
Tailgating A user is followed by another person when entering a space.
5Ver. 1.01
Two Factor Authentication (2FA)
In 2FA, the Rock ensures an extra level of security while still providing a frictionless experience to
gain access to more sensitive areas. A user must present both their face to the Rock and their badge
to the tethered badge reader before gaining entry to an area. Rocks operating in 2FA require users
to enroll at a designated enrollment station where they are guided through the enrollment process.
User profiles will be synced with all Rock’s across the organization. Once the user is enrolled, the user
may request access to an area by approaching the Rock. The Rock’s 3D imaging technology identifies
the user as they move close to the door. The user will be asked to present their badge to the tethered
reader before the Rock will use their credentials to match the user to the on-board database and
successfully authenticate.
– 2 Tailgating Intelligence
Tailgating
The Rock’s Tailgating Intelligence is powered by AI and machine learning. Tailgating occurs when an
authenticated user is followed by a non-authenticated person. The Rock detects all the faces within a
space, uses AI and machine learning to keep track of authenticated each user. If an un-authenticated
user follows an authenticated user through the door, the Rock will label the un-authenticated user as
a tailgater, log this as a Tailgating event along with a still picture of this person.
Crossing
Unauthorized Entry
When a user opens the door from the inside is exiting, a security breach may occur if un-
authenticated user gains entry before the door closes. In this case, the Rock will keep track of users
approaching the door and whether they are authenticated. If an un-authenticated person enters
before the door is closed, the Rock will label the un-authenticated user as a Crosser. The system will
log this as a Crossing event along with a still picture of this person.
Any time the Rock cannot authenticate a person who is able to gain entry through a door, the Rock
will label the un-authenticated user as an Unauthorized Entry. This event is rare if the door is locked
but will happen in situations where someone may prop the door open or is holding the door open to
allow a person to enter. It is also triggered in 2FA when a known person enters without badging in. The
system will log this as an Unauthorized event along with a still picture of this person.
– 3 Mask Intelligence
The Rock’s Mask intelligence provides the ability to authenticate and restrict access to users if a user
is not wearing a mask. When a user approaches the Rock to gain entry, if the user is not wearing a
mask, the Rock will authenticate then prompt the user to put on a face covering before allowing entry.
If the user is wearing a mask when they approach the Rock, the user is required to lower their mask
briefly for the Rock to authenticate than place their covering back in place. Only if a user has a face
covering on before entering will the Rock complete the authentication process.
Learn About the Rock
How does it work?
Explore the Rock’s Features
– 1 Access Control
Single Factor Authentication (1FA)
The Alcatraz Rock provides 3D facial recognition in single factor (1FA) or dual-factor (2FA) mode with
features that include detection for tailgating, crossing, and unauthorized entry. The Rock is continuously
learning each user through AI and machine learning to significantly increase physical security and provide
detection based on security need.
The Rock provides a frictionless and touchless experience for users to gain access to an area. Once a
user completes an enrollment process with the Rock, the user will be authenticated by simply approaching
the Rock. The camera on the Rock will capture facial biometrics using 3D imaging technology. The Rock
performs a series of liveness test in real time to ensure that the user is a real person and not a picture or
video. Once the liveness is verified, the Rock will match the user to its database. If a match occurs, the
Rock will provide the Access Control Panel (ACS) with the badge number of the user for authorization. The
entire process takes a fraction of a second by utilizing edge processing.
The Rock supports single factor authentication (1FA) and single factor authentication face only
(1FAF). Both offer a complete frictionless experience to authenticate user. In 1FA, the Rock is
tethered to a badge reader and can be configured to allow auto-enrollment or manual enrollment.
Auto-enrollment is an innovative biometric enrollment process which involves the Rock capturing
biometrics data when the user presents their credential. The Rock performs two tasks for auto-
enrollment simultaneously. The Rock will pass the badge number to the ACS and at the same time
associate the user’s credential with their profile. After several transactions, usually four or more
separated by a minimum of 5 minutes, the Rock will determine that acceptable data has been
collected to fuse the credential to the user’s profile.
Manual enrollment provides a traditional enrollment experience where the user is enrolled in a single
transaction. The Rock is able to capture the biometric data to fuse to their profile by requesting the
user to present their badge and following icons on the Rock’s display. The icons will guide the user
through the process with a series of actions that include looking right, left, up, down.
Once a user has enrolled with the rock, there is no need to present a badge to gain access to an area.
Subsequent request for entry only requires that the user approach the Rock for authentication. The
user optionally can present their badge to the reader but is not required since enrollment has been
completed.
In 1FAF, the Rock offers a frictionless and credential-less experience with face-only authentication.
The Rock is generally placed in locations where there are no tethered badge readers. Users may not
auto-enroll but are guided through the enrollment process at a designated enrollment station.
In both 1FA or 1FAF, once enrolled, the user’s profile will be synced with all Rock’s across the
organization.
6Ver. 1.01
What is The Rock Compatible with?
– 4 Video Streaming (ONVIF)
The Rock supports communication and interoperability of products from different Video Management
System (VMS) manufactures through ONVIF (Open Network Video Interface Forum). Profile S, sending
video data over IP networks, and Profile T, for advanced video streaming, are both supported. The
Rock supports sending events to the VMS to trigger camera call-up or recording via Profile T. These
events include Authentication, Tailgating and Tamper. The Rock includes a 2-megapixel HDR color
camera that can be connected to a VMS that is ONVIF compliant.
The Rock is designed for enterprises with scalability in mind. Designed and assembled in the
USA, it works with any badge credential or badge reader and connects with any access control
infrastructure. There is no integration required with any ACS – it is ACS agnostic. The Rock
supports both Wiegand and OSDP (Open Supervised Device Protocol) communication.
8Ver. 1.01
■If you have Captive Port Login it must be disbled
■These ports are open outbound:
tcp 443, 3310, 8080
udp 1094, 123
■These URLs are whitelisted:
htt
htt
htt
htt
htt
htt
– 4 Network Requirements
■Admin Portal: Username and Password (URL: https://login.alcatraz.ai/)
■Request Asset Panda login credentials from Alcatraz if uploading images
■Request a badge with access granted so you can test the Rock and tethered reader after
installation
■Review info for:
End User Account Name - the customer the Rock is intended for.
Site Name - number of sites and how many to install at each site.
Record the Rock Operational Mode to configure on-site (ex. 1FA, 1FAF, 2FA, mask).
Important: The Rock must not be left in Demo mode and will need to be configured for
the intended operational mode. For On-Premise, the Rock must be unpowered if the
appliance has not been installed.
– 5 Credentials
– 6 Additional
■2-gang switch box (refer to Rock Install Guide for orientation)
■22/6 cable, 5-9 conductor, Genesis 12061109 or equivalent (Wiegand)
■4 conductor shielded twisted pair, Belden 3107A or equivalent (OSDP)
■Shielded cat5e or higher cable
■Level
■Measuring tape
■Wire stripper
■Cutter
■#2 head Phillips screwdriver
■Gel filled B connectors or equivalent
– 1 Required for Installation and not provided in box. Installer must provide:
– 2 Tools
Cloud-Hosted Pre-installation Requirements
Before arriving at the installation site, review the following checklist to ensure installation, network, and
tool requirements are met.
■The network port and associated policy is configured for PoE+ (802.3at Type 2)
■If the network port is not PoE+ then a PoE+ injector must be provided (802.3at Type 2)
■The Ethernet cable from the PoE+ network port to the Rock is cat5e or higher, must be in good
condition, and shorter than 100m.
■A PoE+ tester to confirm that at least 30W can be provided over the ethernet cable. (Confirms
that PoE+ (802.3at Type 2) is properly configured on the network port and that the ethernet cable
is good quality.)
■Note that for UL294B installations, a UL294B certified injector is required
– 3 PoE+ (802.3at Type 2) 30W Requirements
■Generate QR code for configuring the Rock’s network settings and note which Rock the QR
Code is associated with if multiple Rocks are being installed that day.
ps://login.alcatraz.ai:443
ps://platform.alcatraz.ai:443
ps://logs.alcatraz.ai:443
ps://storage.alcatraz.ai:443
ps://sync.alcatraz.ai:3310
ps://mender.alcatraz.ai:8080
9Ver. 1.01
■Review info for:
End User Account Name - the customer the Rock is intended for.
Site Name - number of sites and how many to install at each site.
Record the Rock Operational Mode to configure on-site (ex. 1FA, 1FAF, 2FA, mask).
– 6 Additional
■2-gang switch box (refer to Rock Install Guide for orientation)
■22/6 cable, 5-9 conductor, Genesis 12061109 or equivalent (Wiegand)
■4 conductor shielded twisted pair, Belden 3107A or equivalent (OSDP)
■Shielded cat5e or higher cable
– 1 Required for Installation and not provided in box. Installer must provide:
■Level
■Measuring tape
■Wire stripper / cutter
■Phillips screwdriver
■Gel filled connectors or wire nuts
– 2 Tools – additional tools may be needed
■The network port and associated policy is configured for PoE+ (802.3at Type 2)
■If the network port is not PoE+ then a PoE+ injector must be provided (802.3at Type 2)
■The Ethernet cable from the PoE+ network port to the Rock is cat5e or higher, must be in
good condition, and shorter than 100m.
■A PoE+ tester to confirm that at least 30W can be provided over the ethernet cable. (Confirms
that PoE+ (802.3at Type 2) is properly configured on the network port and that the ethernet
cable is good quality.)
■Note that for UL294B installations, a UL294B certified injector is required.
– 3 PoE+ (802.3at Type 2) 30W Requirements
■Customers have a wide range of network configuration requirements within their organization.
The on-prem installation is currently a white glove process.
■Generate QR code for use to config Rock network settings using on-prem server
– 4 Network Requirements
■Admin Portal: Username and Password (URL: https://login.alcatraz.ai/)
■Request Asset Panda login credentials from Alcatraz if uploading images
■Request a badge with access granted so you can test the Rock and tethered reader after
installation
– 5 CredentialsOn-Premise Pre-installation Requirements
The Alcatraz On-Premise solution includes a server appliance in addition to Rock quantity.
Pre-installation requirements for on-premise differ only in Network Requirements.
The On-Premise solution is currently a white glove process. Please contact Sales for more information.
11Ver. 1.01
Overview
The Rock can accept an IP address dynamically via DHCP, or be assigned a static IP address.
To configure the network settings of a Rock, we use the Rock like a QR code scanner.
The Admin Portal has a QR Code Generator feature that encodes network settings;
■First enter the network settings
■Next generate the QR code which encodes those settings
■Third print the QR code on a piece of paper
■Finally present that printed code to the Rock’s image sensor
After the Rock detects and reads that QR code, the encoded network settings will take affect.
To edit or update those settings, generate a new QR code.
When the Rock displays in the status bar, the Rock is “QR Code Receptive”.
QR Code Generator
Go to Device Management -> QR Code
Select IPv4 Network and click Next. (IPv6 Network is a future release)
12Ver. 1.01
For DHCP - Select Automatically if the Rock will acquire an IP address by DHCP, than click Next.
For Static IP - select Manually and enter the required information, than click Next to continue.
1 2
13Ver. 1.01
For On-Premise Rocks, a
Server Hostname /
IP Address will be required
For Cloud
Hosted
Select a Server Location and click Next.
1. For Cloud Hosted – select Hosted by Alcatraz
2. For On-Premise – select Local Server and enter the Server IP
Server Location
14Ver. 1.01
Review your settings and then hit ‘Generate’.
Click download QR Code to save to your computer, email or text.
Generate and Download QR Code
Download the QR Code and present to the Rock’s image sensor on a printout, on a laptop screen or on a mobile device.
Note: The recommended method is to print out on a piece of paper (image minimum size 2x2 inches or 5 cm).
The glare off screens of laptops and mobile devices may prevent the Rock from scanning the code reliably.
Hardware Installation
WHITEIdle / Standby
BLUE Badge ID sent
GREENAccess Granted
Info Bar
Status Bar
Main
Display
SN: G2CD200800001
ID: XXXXXX COO: US
QTY: 1
16Ver. 1.01
Step 3 – Perform end-to-end test once the Rock has successfully powered up
The Rock is designed to ensure installation is successful. It can authenticate regardless of Network
connections. There will be some icons in the status bar related to network and onboarding. These are
resolved in the section for Configuring the Network Settings. Ignore for now and carry out the installation
end-to-end test to verify that wiring is correct and the Rock is functional.
Booting up
LED ring is off
Booting Complete
LED ring is white
Demo mode
LED ring is white
* Must be resolved before completing install
There are status icons that may appear. Certain icons are not required to be resolved at this step.
Those with a red star must be resolved before the next step.
Cloud-hosted and on-premise Rock installation follow the same steps.
Before beginning, write down the Device ID found on the box the Rock was packaged in
or alternatively, on the back of the Rock. You will need this to onboard the Rock.
The Device ID is the 6 digits after ID:
Step 2 – Powering up the Rock
The Rock OLED Display contains 3 sections:
■Status bar: displays icons that require attention
■Main: authentication guidance icons
■Info: informational such as the Rock’s IP and Network settings will scroll across
Step 1 – Installation of Rock to wall, includes mounting and wiring
Refer to Rock Installation Guide provided in package or access it here.
The Rock begins booting up once the PoE+ cable is attached and completes in Demo mode.
Display Zones & LED ring colors
icon name icon name
*PoE Power Fault Not On-boarded
*Panel Power Fault No Server Connection
*Tamper No Network Connection
*Internal Comms Down QR Code Receptive
WHITEIdle / Standby
BLUE Badge ID sent
GREENAccess Granted
Info Bar
Status Bar
Main
Display
18Ver. 1.01
OLED Display
How is a successful install confirmed?
Out of the Box Settings
Pre-Requisites
The Rock OLED Display contains 3 sections:
■Status bar: displays icons that require attention
■Main: authentication guidance icons
■Info: informational such as the Rock’s IP and Network settings will scroll across
A successful installation of the Rock on the wall is confirmed by carrying out this quick test.
A test pass confirms:
■Reader and ACS are correctly wired to the Rock
■Auto-enrollment is successful
■1FA authentication is successful
The Rock is not required to be connected to the network to perform the test.
Out of the box, the Rock
■Is in Demo Mode and will authenticate in Single Factor (1FA)
■Auto-Enrollment is enabled requiring two badge-ins separated in time by just a few seconds
■Enrollments are deleted by a power cycle
1. Before proceeding with the test
■ensure that you have a valid badge that is enrolled in the ACS to be granted access through the door
■or have someone on site with a valid badge and will be granted access through the door
2. Remove the Protective film protecting the Rock’s screen and sensors
19Ver. 1.01
Step 1А – Auto-Enrollment (Badge-in #1)
Auto-Enrollment requires two badge-ins separated in time by a few seconds
Badge-in #1:
1. Approach the Rock
2. The Rock will display a white dot for person in range and a grey badge icon
3. Present a badge to the tethered reader
Test Pass:
■Reader illuminates green,
■Rock badge icon illuminates green,
■Rock LED illuminates blue then green,
■and door unlocks
User
approaches
the door
User must present
their badge
*LED is white *LED turns blue then green
User swipes
a valid badge User is
granted entry
20Ver. 1.01
Step 1B – Auto-Enrollment (Badge-in #2)
Auto-Enrollment requires two badge-ins separated in time by a few seconds
Badge-in #2:
1. Approach the Rock
2. The Rock will display a white dot for person in range and a grey badge icon
3. Present a badge to the tethered reader
Test Pass:
■Reader illuminates green,
■Rock badge icon illuminates green,
■Rock LED illuminates blue then green,
■and door unlocks
User
approaches
the door
User must present
their badge
*LED is white *LED turns blue then green
User swipes
a valid badge User is
granted entry
Other manuals for Rock
2
Table of contents
Other alcatraz IP Access Controllers manuals
