RFIDENTIKIT - ACCREDITATION & PASS MANGEMENT SYSTEM

Transcription

1 RFIDENTIKIT - ACCREDITATION & PASS MANGEMENT SYSTEM BACKGROUND In 2014 RFIDentikit launched its Accreditation & Pass Management system, ALLOWME, to run seamlessly alongside its RFID Pass Scanning, sister product, SCANME. The software was produced and developed in house to provide event organisers with a sophisticated and robust system to use both pre event and on site. ALLOWME was built with large events in mind, but has the ability to be scaled up and down dependent on the client s particular requirements. The primary function of the software is to deliver a user friendly and secure system to manage individuals, organisations, vehicles and other attributes linked to a specific event.

2 SYSTEM ARCHITECTURE ALLOWME was written in PHP and runs on PHP 5.4, under Apache and against a My SQL database. The following diagram depicts a typical setup for deployment of the system; Administrative (Accreditation / Security Staff) and Public (Delegates / Attendees / Event Crew) users can access the ALLOWME interfaces, either Portal or Admin, via the Internet. The system is compatible with all major browsers and device formats. Each client specific instance of ALLOWME is hosted on the Amazon Web Services Cloud and dependent on the client s location we would choose the relevant hosting location. For standard EU based event deployments we use AWS EU West, based in Ireland. For international events we would use the most regionally available AWS location US (Virginia / Oregon) Asia Pacific (Singapore / Sydney). Once onsite, during event operations, our standard setup would be to install a physical server at the venue, which uses event driven replication to remain sync d with the cloud/web servers. The onsite server would also handle the RFID Scanning hardware, if this were part of the chosen package. The make up and mechanics of the onsite server have all been built and developed in house to provide you with the most robust system possible. Using a transactional queuing system to process new and updated information, the server is built to withstand network and connection downtime.

3 ALLOWME FEATURE OVERVIEW The two main views of ALLOWME are the front/public facing online Portal and the back-end Administrative Interface. The Portal is created to gather specific/required data from customers, suppliers, contractors, guests, VIPs, talent, competitors etc when applying for accreditation for a particular event. The Portal itself is fully customisable and can only be accessed by those invited by the client through a HTTPS encrypted URL. Invited users will be sent a unique set of login credentials and would be asked to provide the required data needed for the client to process an accreditation request for their event. The information gathered from the request is fed directly into the back-end Admin Interface. The Admin Interface is only for the client s use and their authorised agents. This system is used to collate all the data and requests handled by the Portal and display them in a methodical manner, for processing, management, approval and issue. This software is designed to be used both pre event and during live, operational periods, as well as integrating seamlessly to control bolt on RFID hardware if required. Alongside, and linked to, the ability to create and manage pass/accreditation request, the ALLOWME Admin Interface offers the user a plethora of features. In relation to creating passes, the admin user has the ability to capture photos through their web browser, using the built in webcam or an external USB camera. This is also true of smart phones and tablets, with ALLOWME built to offer the front end and back end user the option to capture and upload a selfie through their device. ALLOWME also carries a built in printing service, to print passes/accreditation within the system itself. The pass print out design is fully customisable, batch job friendly and requires no additional program to run the function. There is also the ability to setup unlimited print rules and definitions to ensure passes are printed exactly how you wish, with no added workload. If the client/event has chosen to use SCANME (RFIDentikit RFID System), ALLOWME really comes into it s own with many linked features, not only to control the hardware, but to collect and process relative data. In addition to the enhanced security benefits of using RFID tagged passes, the custom built system can offer invaluable information to the event organiser. With one click RFID tag assignment, live messaging and real time tracking all housed within the same ALLOWME software package, it really becomes the one stop shop for event management.

4 ALLOWME SECURITY OVERVIEW ALLOWME was built & developed with security as a priority and this continues to be one of the main focuses of projects carried out by RFIDentikit. With systems in place to protect sensitive personal data, as well as event specific data, ALLOWME is a trusted piece of software for use across the events industry. Here are the key security features of ALLOWME: - ALLOWME is hosted & controlled by RFIDentikit and is continual monitored, with client permission, to ensure security of each instance in operation. RFIDentikit value the security of its system and its client s data with the upmost importance. - The system runs on a Debian Linux Platform, which is proven to be more sophisticated and less vulnerable than Microsoft Windows. - RFIDentikit use Amazon AWS servers to host all of its Internet based cloud servers. Alongside the built in security features of ALLOWME, using AWS not only gives us flexibility, but we also benefit from Amazon s own security systems to further enhance the safety of our customer data. - Each instance of ALLOWME is setup on its own specific server(s), to allow for complete control, security and customisation. - An event specific system can be configured over two separate servers for increased security. With the front end Portal hosted on a public server, the backend Admin Interface can be hosted on a separate private server. As well as the standard, compulsory, unique logon credentials into both the front-end and back-end, this private server access can be restricted further with IP Address specific access. - User access of the Admin Interface can be restricted over multiple layers, both data specific as well as functional limits. Permissions for individual Admin Users are all configurable & scalable within ALLOWME and can be set to restrict; approval rights, functionality access, individual/organisational data protection and group only views. - Likewise, Portal access and the data available to the end user can also be controlled through configuration of ALLOWME, from Organisation or Group specific views, all the way down to a restricted view for an individual. - Access to the ALLOWME Compliance Module is also configurable to be user specific, giving individual rights to vet and filter user access to the system and ultimately the event itself. - Access and operation of both the Admin Interface and the front facing Portal is via a HTTPS encrypted connection to protect processes and data over the Internet. - Access to both the Admin Interface and the front facing Portal is password protected, with separate credentials required to access each area of the system. - All customer and event specific data is stored within a protected Amazon AWS server, which can be accessed (with the correct permissions) via ALLOWME and several secure, in house, administrative systems. All aspects of the pass request process are logged and audited to ensure that permitted users can track each step from submission, compliance and approval, through to zone/date changes, pass printing and issuing.

5 RFIDENTIKIT DATA PROTECTION COMPLIANCE The Data Protection Act stipulates that anyone processing personal data must comply with Eight Principles of good practice. RFIDentikit enforces these principles with ALLOWME as well as its other products and data passed between. Data Protection Principle Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met; Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes; Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; Shall be accurate and where necessary, kept up to date; Shall not be kept for longer than is necessary for that purpose or those purposes; Shall be processed in accordance with the rights of data subjects under the Act; Shall be kept secure i.e. protected by an appropriate degree of security; Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection. ALLOWME All pass/accreditation requests that are collected by ALLOWME, at the request of the client/event organiser, will follow the Data Protection Principles. The data collected will only be used for the purpose of a specific event or series of events. The data will not be used outside the scope of the original collection agreement. The data collected through ALLOWME would only ever be event specific. Collected on request of the client, as a condition of accrediting an individual, organisation or vehicle. The data is collected for the one off purpose but may be updated by the owner or, with their permission, by the client if necessary. Data is accessible at all times for amendment until its specified expiry date. The data collected will only be used for the specific event, series of events, or for the time schedule specified upon collection. Once the data reaches its expiry it will be completely destroyed from ALLOWME and any related RFIDentikit systems. The data collected through ALLOWME is done so in compliance with the Act. This compliance will be displayed to the user(s) on relevant Portal pages during the collection process. The data stored within RFIDentikit systems will only ever be accessible to the data owner, the contracted client and RFIDentikit permitted administrators. Data collected under the principles of the Data Protection Act will be hosted within the EU. RFIDentikit data holding hardware will not be permitted to travel outside the EU without explicit permission.

6 RFIDentikit will never own or withhold any data that is collected through any of its systems. All data used within ALLOWME and any related admin systems will be completely destroyed on completion of the specific project, including any backups and duplicates. RFIDentikit employees will only ever access personal data when permission is granted from the client for the purpose of event & system support. Personal data held can be made available upon written request from the individual. RFIDentikit Limited is registered with the Information Commissioner's Office under registration reference: ZA097570