As part of our suite of contactless features, we offer visitor sign-in using QR codes. These can be dynamically generated on the iPad home screen or a static QR code can be printed and placed at an entry point to your business. These QR codes can be scanned by visitors using their own smartphones to quickly sign themselves in without touching the iPad.
While this provides a convenient and safe way for your visitors to sign in, it’s also important that your company data is kept securely and safely. The QR code contains a unique URL, including a token that can be only be deciphered by the SwipedOn platform.
There are multiple layers of security:
• The token is encrypted using an AES256-key, and base-64 encoded for use in the QR code.
• The token itself, once decrypted, contains no sensitive information – just a timestamp, a unique identifier for the location or device where the code is used, and a random key that can be used to invalidate codes.
• The URL specifies an HTTPS location, and all browser traffic is encrypted.
• Codes displayed on the iPad expire in a short period of time.
The SwipedOn API shares the bare minimum of data with visitors. Browsers using a URL from a static code cannot request information about employees or any other personally-identifiable data.
The codes displayed on the SwipedOn iPad home screen are generated dynamically and updated frequently. These codes are only valid for a short period of time. Visitor that sign-in with these codes can include host selection, but this option can also be disabled by a company administrator.
__________________________________________________________________Related support articles:
- Enabling contactless visitor sign-in
- Contactless visitor sign-in vs iPad app
- Data protection and security
*Our support team is available 24x5 via the live chat bubble or email@example.com for any questions or support you may require.
If you have any further data security questions, please feel free to get in contact with our Data Protection Officer, Chris Lawry