Qr Code Security
Overview
EvTrack supports using Qr Codes as Access Control Credentials as Contactless Modern Security Credentials for Temporary Visitors or Permanent Employee Access.
QR Codes are randomly generated (32bit value with billions of unique values) and are persisted to a database used for lookups to ensure that only unique QR Codes are assigned and in use.
To further enhance security the QR Code is only valid for a maximum configurable duration and will be refreshed once 10% of the duration has been reached.
While QR Codes can be shared and printed, the duration of its validity is configurable within the system and all usage/events are logged.
| Qr Code Type | Credential Reader Type | Description | Security | Notes |
|---|---|---|---|---|
| Email/SMS Qr Code | Qr Code | Temporary Credentials that can be assigned to Visitor Entities and are distributed only via Email and SMS | Medium | Qr Codes are generated and valid for the duration of the TTL (Time To Live Expiry) or until a new request is made after 90 seconds to the Qr Code LINK/Button in the Email or SMS. When a new Qr Code is generated the old Qr Code will be removed from the database. When enabling “Send Qr Code as Attachment” the Qr Code is less secure because it is static and will not be refreshed. |
| Visitor/Personal/User Badge Qr Code | ID | Temporary Credentials can be assigned to any Entity. The Badges can be printed or emailed. | Low | Qr Code is static and will never be refreshed. |
| Mobile App Qr Code | Mobile App Qr Code | Mobile App Qr Code Credential can be assigned to any valid user. The user must be logged into the EvTrack Visitor App on their mobile device and have a working data connection. | High | The EvTrack App automatically manages the refreshing and cycling of QR codes based on the TTL (Time To Live) setting. When the Qr Code reaches its 10% TTL (Time To Live) the App will request a new code and flush the old Qr Codes once it has confirmed receipt. In high-security applications, the TTL can be decreased to minimise potential issues with Qr Code sharing. |
Instructions
- Navigate to Configuration > System Settings then select General and click on the Security Tab
- Increase/Decrease the Qr Code Expiry (Secs) - This specifies the Time To Live (TTL) for the Qr Code when the Qr Code expires the system will generate a new Qr Code -
- Enable/Disable Send Qr Code as Attachment - When enabled Visitor Invitation will be emailed with an embedded Qr Code. Enable this only if u have a specific usage case such as printing of emails or issues with firewalls and networks. Please note when this is Enabled the Qr Codes will not refresh/cycled and will remain static for the duration of the Qr Code TTL
When enabling "Send Qr Code as Attachment" consider increasing the TTL to 31536000 Seconds (356 Days)
