How is my company data kept secure when using contactless visitor sign in?
As part of our suite of contactless features, we offer visitor sign-in using QR codes. These can be dynamically generated on the iPad home screen or a static QR code can be printed and placed at an entry point to your business. These QR codes can be scanned by visitors using their own smartphones to quickly sign themselves in without touching the iPad.
While this provides a convenient and safe way for your visitors to sign in, it’s also important that your company data is kept securely and safely. The QR code contains a unique URL, including a token that can be only be deciphered by the SwipedOn platform.
There are multiple layers of security:
The token is encrypted using an AES256-key, and base-64 encoded for use in the QR code.
The token itself, once decrypted, contains no sensitive information – just a timestamp, a unique identifier for the location or device where the code is used, and a random key that can be used to invalidate codes.
The URL specifies an HTTPS location, and all browser traffic is encrypted.
Codes displayed on the iPad expire in a short period of time.
The SwipedOn API shares the bare minimum of data with visitors. Browsers using a URL from a static code cannot request information about employees or any other personally identifiable data.
The codes displayed on the SwipedOn iPad home screen are generated dynamically and updated frequently. These codes are only valid for a short period of time. Visitors that sign in with these codes can include host selection, but this option can also be disabled by a company administrator.