1 Introduction
1.1 About QR Codes
SAFR SCAN supports using QR codes as an alternate means of authentication. QR codes behave much like an access card. They can be used as a single factor or as one factor of a multi-factor authentication process. Data encoded in the QR code is used to authenticate against data in the person record; either the access card id or access card UID may be used.
QR code creation is not a function of SAFR. The expectation is that QR Codes would be generated by your visitor management system or other system that is performing credential enrollment. SAFR SCAN is interoperable with QR codes generated by external systems. Version 1 through 4 QR codes are supported though typically there is little need for a QR code with higher resolution than 40 alphanumeric characters (or 128 bit).
QR codes offer a cost effective and efficient method to manage visitors and staff. QR codes can be used to issue temporary access to visitors and contractors w/o the inherent problem of re-using from a pool of physical access cards. Each visitor or contractor can be issued a temporary badge either in printed form or transmitted to user’s mobile phones.
1.2 Video Tutorial
https://docs.real.com/videos/QRCode.mp4
1.3 How it Works
SAFR SCAN facilitates integration into various physical access control systems (PACS) to support QR codes. Following diagram depicts a typical deployment.
QR codes can be generated in an external system such as Visitor Management. The Visitor Management system sends credentials to the PACS software. Credentials can simply be a QR code or a set of authentication factors such as face and QR code. SAFR Server then pulls the credentials and distributes them to one or more readers.
SAFR SCAN reader is configured for either single factor or multi factor authentication. SCAN will authenticate each of the factors. QR codes are read by any of the Access Modes in SAFR SCAN that include Access Card as a factor. This includes:
- Face or Card
- Face or Card or Keypad
- Access Card or Keypad
- Face And Card
The visitor presents the QR code to the camera on SAFR SCAN. This can be printed on a temporary badge or displayed on a mobile phone. When read, the data encoded into the QR code is converted to a Access Card ID or a Card Serial Number (CSN) and compared against the database of persons. If a match is found, credentials are sent to the panel to determine if access should be granted or denied.
When performing 2 factor authentication (Face + Card), the QR code may be presented first or the face first. Whichever is presented first, SCAN will prompt for the second factor to complete authentication.
2 Reader Configuration
2.1 QR Code Formats
SAFR SCAN supports following QR code formats
- Card ID as Numeric Text
- Card ID as Hexadecimal Text
- Card UID as Text Mapped to Card ID
These are explained below
2.1.1 Card ID as Numeric Text
The Access Card ID is encoded into the QR code as an integer but represented as a string. The Facility ID (aka. Customer Code) is not encoded into the QR Code. The match is performed on the Access Card ID only, but when transmitting credentials to the panel, the Facility ID, if present, is included with the Access Card ID. For example:
|
Access Card ID in Decimal |
Alphanumeric value |
QR Code |
|
12345 |
“12345” |
|
When SCAN reads that QR code, it will find the matching record (by Access Card ID only), get the Facility ID and combine the Facility ID and Access Card ID using the configured card format and transmit credentials to the panel.
2.1.2 Card ID as Hexadecimal Text
This option is similar to Card ID as Numeric Text, except the Access Card ID number encoded into the QR code should be converted to Hexidecimal and represented as a string. For example:
|
Access Card ID in Decimal |
Access Card ID in Hexidecimal |
Alphanumeric value |
QR Code |
|
123456789 |
075bcd15 |
“075bcd15” |
|
For example: an Access Card Id of 123456789 is converted to a hex value 075bcd15 and a value of “075bcd15” is encoded into the string.
2.1.3 Card UID as Text Mapped to Card ID
This option stores the Card Serial Number (CSN) into the QR code. The CSN is more often referred to in SAFR as the Card UID. When working with physical access cards, UID can be either 32 bit or 56 bit value. But with QR codes, this can be any alphanumeric value (letters or numbers). The value is interpreted as a string and encoded into the QR code.
|
Example |
UID |
UID as string |
QR Code |
|
UID Example 1 (UID 56) |
72057594037927936 |
“72057594037927936” |
|
|
UID Example 2 (alpha numeric string) |
234AMLT |
“234AMLT” |
|
When reading a QR Code, UID is not actually sent to the panel. The value specified is used to search for matching person records. The Access Card ID and Facility code in the person record is then transmitted to the panel.
If more than one person record is matched, no data is sent to the panel unless using
How SAFR Matches
3 QR Code Specification
3.1 Error Correction
All QR Code error corrections levels will be supported as listed below.
- Level L (Low) - 7% of data bytes can be restored.
- Level M (Medium) - 15% of data bytes can be restored.
- Level Q (Quartile) - 25% of data bytes can be restored.
- Level H (High) - 30% of data bytes can be restored.
3.2 Versions
QR codes of version 1, 2, 3, 4 will be supported. The following table provides QR Code versions 1 through 4, the number of modules (blocks), and the maximum number of characters that can be represented in the QR Code value for each error correction level.
3.2.1 Size vs. Error Correction
|
Version |
Modules |
Max # Characters by Error Correction Level |
|||
|
L1 |
L2 |
L3 |
L4 |
||
|
1 |
21x21 |
25 |
20 |
16 |
10 |
|
2 |
25x25 |
47 |
38 |
29 |
20 |
|
3 |
29x29 |
77 |
61 |
47 |
35 |
|
4 |
33x33 |
114 |
90 |
67 |
50 |
Modules are the number of blocks that are used to create the QR code. For example, Level 1 QR codes contain 25 wide by 25 blocks tall.
Max # of characters define the maximum value that can be stored in a given type of QR code. For example, if the data to be stored on a QR code is 32 bits, the smallest level (least dense) would be level 2.
4 QR Code Reading Behavior
SAFR SCAN will read all QR codes in view starting with the largest. The first QR code to be successfully read is processed for access (matched to person records or transmitted to panel). Once processed, that QR code is not read again until it leaves view. SCAN will then proceed to read the next largest QR code in view.
Normally one QR code should be presented at a time. SAFR will being to read that QR code once it reaches the minimum size. The QR code must be stable enough to allow for sufficient number of consecutive reads. SAFR is configured with optimal settings for size, motion and the number of consecutive reads, but advanced configuration is available as described below.
4.1 Advanced Configuration Properties
|
access.qr-code.min-size |
Smallest size of QR code that will be read. QR codes smaller than this value are ignored. |
|
access.qr-code.min-detections |
Number of detections needed to read a QR code. A QR code must reach this number of detections before read is considered complete. |
|
access.qr-code.max-motion |
Maximum amount of motion between successive frames of video that will be allowed to be considered same. SAFR tracks each QR code from frame to frame. If motion is detected greater than this threshold, the number of detections counter is reset. |
4.2 Read Size vs. Distance
The distance at which SAFR SCAN can read a QR code is dependent upon the size of the QR code, distance from SCAN and the amount of data encoded into the QR code.
- The amount of data encoded into a QR code determines the resolution (number of pixels) in the QR code as described in Size vs. Error Correction table above.
- The size of the QR code will then determine the pixel density or size of each pixel. Smaller pixels must be closer to SCAN to be read.
- The distance from the reader has an effect on the number of pixels within the video allocated overall to the QR code. SAFR SCAN’s camera is a wide angle camera and thus size diminishes rapidly with distance.
The table below provides information on various QR codes and the distance at which they can be read.
|
Data Size |
Print Size |
Max Read Distance |
|
UID-32 |
1.5” |
14” |
|
¾” |
6” |
|
|
UID-56 |
1.5” |
14” |
|
¾” |
6” |
|
|
128 Characters |
1.5” |
14” |
|
¾” |
Not readable at any distance |
5 Troubleshooting
A normal QR Code read will appear in SAFR SCAN Web Console Live tab or SAFR Desktop Events Window.
Following actions can be taken to investigate issues with reading a QR code
From SAFR SCAN event, click “Add card serial number” or “Enroll as new…” 
You will be presented with a screen like below where you can read the value that was sent: 
Open SAFR SCAN Web Console Logging and view output as QR Code is presented
- Go to SAFR SCAN Web Console and log in
- Add “&debug=1” to the URL and reload
- Click on the “Logs” tab and view the logs in “SAFR Feed”
Log output will look like this:
2024-Jun-03 22:43:11.703680: INFO/accessCredential(547674322592): Construct cardDataOut for format RFID-ISO14443-A-32-Bit, accessCardId=12345, accessFacilityId=123
CardDataOut[4]:00 00 30 39
Padding_bits: 0
2024-Jun-03 22:43:11.704393: INFO/accessCredential(547674322592): sendCardDataOut(): Sending out 32 bits of RFID-ISO14443-A-32-Bit card data to wiegand-out...OK
2024-Jun-03 22:43:11.704573: INFO/accessCredential(547674322592): sendCardDataOut(): Sending out 32 bits of RFID-ISO14443-A-32-Bit card data to OSDP-PD-out...OK
Notice that this is similar to log output for reading a card. That is because SAFR SCAN treats reading QR code just like reading an access card.
Questions or comments about the documentation? Email us at safr-doc-feedback@realnetworks.com .
1