The reliability of mobile credentials

The use of a pin or personal access code (PAC) to provide visitors with access to residential estates and business complexes has increased in the past few years. A number of reasons can be cited for this growth in popularity including the elimination of the infamous and highly unreliable visitor log book, the accurate capturing of a visitor’s details, and on some premises, the assurance that only pre-authorised visitors are on the estate.
John Powell, managing director of Powell Tronics, says that the primary challenges encountered in providing a user-friendly PAC-driven access control system in a modern world using mobile technology are ensuring that the system is both secure and resilient to external unauthorised infiltration and that it is adaptable to meeting the varying needs of individual estates or business parks. The crux here is to select a service provider with a documented and reliable track record. Experience is the keyword and estate and property managers are advised to visit similar installations deployed by the supplier to verify the veracity of their claims.
Powell points to the company’s own PT-GUEST visitor management software, originally developed to enhance the recognised Impro access control solution IXP 400i and the recently implemented Access Portal integration – PT-GUEST Portal. PT-GUEST has evolved into a substantial system that hands over management of access control to property and estate managers, as well as homeowners and tenants. Adoption of cloud-based solutions for hosting databases can be slow due to security and connectivity concerns voiced by various faculties investigating visitor management solutions. Powell explains that the company took cognisance of this and the PT-GUEST solution and locally hosted database is managed via a secure web portal rather than residing in the cloud. However this will be reviewed once total and improved cloud access is available within South Africa.
According to Powell, with the eminent introduction of the PoPI Act, secure access to the system and the data which it encompasses is PT-GUEST’s strongest attribute. The software, database and relevant processes are password protected and site administrators are carefully selected by management to ensure that their site’s information is kept secure in-house.
During the registration process onsite, certain authenticated personal information is assigned to the homeowner or tenant, which acts as the verification criteria when a PAC is requested for a visitor. Once it is verified that the request has been issued by a registered tagholder of that particular site, the PAC and expiry information is expedited via either the registered person’s cell phone number or email address through a secure online service.
A necessary tool for pre-authorisation of visitors, using a cellular messaging service incurs continuous costs – monthly subscriptions to the WASP short code system provider, cost of sms text messages sent to and from the short code system to the requesting resident/tenant/employee, as well as notifications of the visitor’s arrival and departure.
In an attempt to assist clients to alleviate these expenditures, Powell Tronics will soon be releasing its Android app for PT-GUEST IXP on the Google Playstore as an alternative for requesting PT-GUEST pre-authorised PACs for visitors and notifications. While this mobile app uses the cheaper alternative of data rather than airtime, it also alleviates issues with cellular numbers being blocked on the WASP provider’s cellular marketing systems, something that has been on rise with the increased amount of unsolicited marketing smses received daily from banks, retailers and insurance providers, amongst others.
In order to ensure that the new PT-GUEST mobile Android app delivers the same high-level security currently enjoyed by estates and businesses, mandatory site information and authenticated personal
information will form part of the app registration process and mobile device information will be added to the access control system for future verification. Once enabled, the app allows the homeowner or employee to enter their visitor’s information and request a PAC which they can share with their visitor using the standard Android messaging options. All data sent to and from the mobile app is encrypted and password protected to ensure that it is not easily infiltrated through the already secure web portal used on site.
Estates quite often require more of the visitor’s details than what is captured in the pre-authorisation process and enforce that all pre-authorised visitors and their vehicle details be scanned when arriving at the estate’s entrance. While the pre-authorised visitor’s destination is predefined by the system, based on who their host is, guards at the entrances using portable devices scan and decrypt the visitor’s driver’s licence or ID and vehicle’s registration disc and on completion update the access control system’s database with all the accurately captured information.
An audit trail is available which allows estate management to view who requested a PAC, which method was used to obtain the PAC, when it was requested and if and when it was successfully created. This also provides for data mining to establish trends, especially where estates have a number of venues or host various events, such as wine tasting, conferences and golf tournaments as well as for levy applications.
The four- or five-digit PAC is randomly generated by the PT-GUEST system and allows for a single entry and exit through the perimeter entrances. PACs are valid for a customisable time period but expire 24 hours from first use at the entry point and visitors exceeding this time allocation will have to visit the administration office to request a manual exit. PT-GUEST does however also cater for long-term visitors that can be pre-authorised and have multiple accesses to the estate or business park over an extended period time.
Powell says that in instances where sites have perimeter and internal access points, the PAC will be allocated to allow single entry and exit access to the main gate but multiple access to the access control points en route to the destination. It will deny access into any other area within the estate not allocated to the visitor. This prevents visitors from driving haphazardly around estates, thereby adding a further security element to the access control process
PT-GUEST, IXP and Portal, have grown to accommodate combinations of over 50 configurable settings which cover a large variety of site preferences and security requirements. This includes the use of in-lane biometric enrolment or proximity cards, Bluetooth printing for PAC information slips with disclaimers, on-scanner acceptance of terms and conditions and so forth. With each new implementation, new requirements are discussed and inevitably added to the feature list of the next bi-monthly release.
The success of any PAC-driven pre-authorisation access visitor management system is dependent on a collaborative relationship between the system supplier, the contractor, consulting engineer and the estate manager/homeowners association. The system should furthermore do what it claims to do and should both have verifiable reference sites and be fully supported by the supply chain.

Leave a Reply

Your email address will not be published. Required fields are marked *