Paired Visitor/Escort Proximity Badges

How confident are you that visitors within your organization are constantly supervised by an employee? How often does an employee fail to properly hand off their escort duties to another employee?

This is a solution we came up in response to a recent physical Social Engineering Assessment we preformed for a client. It is an all too common mistake in need of a solution. Our hope is this article will help us locate a provider of this (or similar) solution or spur a provider to create this solution.

Background

When a visitor is allowed into a sensitive environment, a secure organization will mandate there be an escort – an employee constantly supervising said visitor. Although this sounds easy, escorts frequently fail at their duties by “stepping away for just a second” or ineffectively transferring the duty to another employee.

Risks

When a visitor is unsupervised for a period of time, it creates a number of risks for the organization. If that visitor is a less-than-fully-trustworthy individual (ex. an unverified service tech), it could lead to a violation of Confidentiality, Integrity, or Availability of your organization’s data or systems.

A Solution

One proposed solution to help solve this problem could be the use of paired visitor/escort proximity badges. This is how the solution might work:

1. Visitor checks in and is vetted to the extent possible/practical.
2. Escort is assigned to supervise the visitor.
3. The visitor is given an “Visitor” badge, and the escort is given an “Escort” badge – both are to be worn at all times. These badges are pre-paired together using a near-field wireless communication protocol (details in the next section).
4. If the distance between the two badges becomes greater than X (ex. >20’) the escort’s badge will warn the escort through audible and/or visual alerting. This helps ensure the escort remains in proximity of the visitor…a core requirement for supervision.
5. If the employee needs to transfer escort duties, there would be a physical transfer of the “Escort” badge, ensuring no miscommunication/understanding.
6. When the visitor checks out, the badges would be returned (ex. to a charging station) and the employee could go on about their day.

Technical details

At minimum, the “Visitor” badge would need to be a wireless transmitter, while the Escort badge would need to be a wireless receiver. The Visitor badge would transmit on a pre-defined interval (ex. every 5 seconds), while the receiver would ensure it received that transmission without fail. If it failed to receive one of these transmissions, it would generate audible and/or visual warnings to the escort.

Obviously this technology would end up being slightly bulkier than a typical employee badge. The largest component, the battery, could end up being as much as 0.5 mm thick…the thickness of a typical RFID enabled badge. And, that doesn’t include the transmitter/receiver and housing/casing.

The next largest component would be the transmitter/receiver. There are a number of wireless technologies that could be used for this. It’s likely Bluetooth would be one of the preferred choices, but other options might include: ANT+, NFC, RFID, Wi-Fi, ZigBee, Z-Wave. Most of these wireless technologies have compact transmitters/receivers that are smaller and thinner than a US Quarter.

Conclusion

Once these two components are combined and wrapped in a nice, durable housing, it’s likely to be 2-3 times the thickness and 4-5 times the weight of a typical RFID enabled badge (ex. HID card). Even though it would be bulkier, it seems that it would be a reasonable size, given the features they come with.

Request For Information

If you know of a similar solution that already exists, please let us know. If you are a manufacturer in this industry, and are interested in creating this, please reach out to us, as we would be interested to provide additional input to the process.

Test your organization

If you are interested to know how your employees would perform against this type of physical social engineering, contact PEN Consultants today!

Featured image is a derivative work from the following images: Settergren @ https://pixabay.com/vectors/name-nameplate-badges-trailers-441078/