|
|
|
|
|
|
|
|
|
Background: I wanted a system where at the push of a button, I know who is in the building, who is coming within the next week and for what purpose. I want to know every detail of meetings between my staff and these visitors without having to call them and ask for a specific report. I do not want my staff to waste time if the specifics can be solved by email or a phone call. I can't find one in the market so I designed " VisitorSafe" which I hope will be useful to you as well. Introduction: Visitorsafe is not just a high end electronic guest book that prints a barcode pass. It is a security tool to manage your visitors. In particular, it provides provisions for approving visits, verifying visitors, meetings' minutes and authenticate the visitors by requiring them to provide a password. Visitorsafe is a web-based software where your visitors are registered first and issued with a temporary pass online. This pass will not be activated unless you have confirmed the visit. From a software development point of view, we can identify your visitor with an unique random and independent number coupled with a password that only the invited visitor will know. Visitorsafe has met the minimum requirements of "randomness" as per diehard test and in particular the Runs Tests and Kurt. Some snap shots of performance tests can be seen here. The complexity here is in designing the super random generator, ensuring that it is unique on demand and meeting the requirements for a barcode to be printed. Why is this important ? Because security means no two visitors can be the same, particularly for unwelcome visitors, not even one chance in 100 million. To further this and unlike most random generators, we do not use the computer clock as 'seed'. Our research shows that one way to defeat randomness is to have many users logging in concurrently and if the computer time is the seed, then at that exact moment in time the random number created by the same seed will be the same. We also have to ensure that unwelcome visitors could not formulate the numbers to cheat the system. Our system is further enhanced with a password (in case the unthinkable should happen, i.e. someone able to 'guess' the number and have forged IDs to pretend who they are not). The odds against someone able to forge a pass with the unique random number and knowing the real visitor's password for the pass is ZERO. Our core technology incorporating a password in any bearer instrument is patent pending. Other possible usage under consideration includes protecting your ID and passport with a password. Clients have used our system to organizing top secret meetings where identity is based on the pass only, special auctions to sell art work and parties by invitation only. Some have also requested for our system to be deployed as employee's pass incorporating the random number which double up as their logins (login_name) for their corporate network. Since these passes are active for only 1 week, theoretically there are less chances for breakins. The previous standard of using login_name is not secure since in most cases the login_name is the same as the email. Furthermore, it is more difficult to guess a string of numbers and employees are happy to keep their old passwords, although we still recommend that passwords be changed at least every 3 months. By no means, our research stops here and we are constantly aiming to improve on our random generator and a quicker way to check records. We have also consider using finger prints (biometrics) as an alternative to password. Who can remember all these passwords right. However a recent paper here discouraged us from pursuing this further. A update of the paper in pdf by the same author with pics (1.2 M). If you have other brilliant ideas let me know. I understand Microsoft is using some kind of image passwords instead of text/numbers. We have three versions to suit your budget and needs, click here to check the difference. For a real life demo click here as a visitor, to enter as Super administrator click here (Login: Demo and Password: demo), to enter as the User click here (Login: Bush and Password: Bush), to enter as Client administrator click here (Login: chris and Password: Chris) Click here for a quick system tour (i.e. without logging in and so on) Special Community Project: Making our school safe.
Updated 28 May 2002
|
|
|||||||||||||
|
|
|
||||||||||||||
If
you know of any public schools interested in this project do let
us know. Our VisitorSafe program (personal version) will be made
available free for their use. Our aim is to encourage students to
be proactive in securing their premises.