Physical Access Visitor Management

Every visitor verified.
Every visit logged.

Identity-verified check-in at reception or an unattended self-service kiosk. Cryptographic verification, face matching with zero biometric retention, and credential provisioning — one tap.

Book a Demo ← Physical Access Overview
5 sec Tap-to-credential
0 Biometric retention
100% Identity-verified visits

Visitor logs are broken. Everyone knows it.

Paper sign-in sheets, unverified names, temporary badges with no identity binding. Compliance auditors find gaps. Security teams find risk. KeyShare fixes both.

Paper Sign-In
  • Names are self-reported, unverified
  • No identity validation
  • Illegible handwriting → useless logs
  • No compliance audit trail
iPad / Tablet VMS
  • Self-reported identity — not verified
  • Photo capture but no biometric match
  • Badge has no PACS integration
  • No real credential provisioning
KeyShare Visitor Management
  • Cryptographic identity verification
  • NIST-evaluated face matching
  • Zero biometric retention
  • Real credential provisioning
How It Works

Arrive. Verify. Credential.

Five steps from invitation to access. The Puck handles identity verification, compliance, and credential provisioning at reception or a self-service kiosk.

1
Pre-register

Host pre-registers visitor, or calendar integration detects the visit automatically.

2
Arrive

Visitor arrives at reception or self-service kiosk. Puck shows "Ready."

3
Verify

Cryptographic ID verification. NIST-evaluated face matching with liveness detection. Zero retention.

4
Comply

Electronic NDA signing on the Puck. Signatures linked to verified identity.

5
Credential

Visitor receives a credential: mobile wallet pass, encoded badge, or direct access. Host notified. Visit logged.

Why This Is Different

Verified identity vs. self-reported name.

Paper / Tablet VMS KeyShare Visitor Mgmt
Identity verification Self-reported name Cryptographic mDL/ePassport
Face matching None or photo-only NIST-evaluated with liveness
Biometric retention Often stored indefinitely Zero — processed in memory only
Credential output Sticker badge with name Wallet pass, encoded badge, or direct access
NDA / compliance Paper form or separate system Signed on Puck, linked to verified identity
Audit trail Incomplete, often illegible Complete, identity-verified log
Benefits

What verified visitor management unlocks.

Cryptographic Identity

Every visitor's identity is cryptographically verified — not self-reported. You know exactly who is in your building at all times.

Zero Biometric Retention

Face matching data is processed in memory and immediately discarded. Designed for BIPA, GDPR, and biometric privacy compliance from day one.

Real Credential Provisioning

Visitors receive a real credential — mobile wallet pass, encoded badge, or direct access authorization. Not a sticker badge with a name.

Integrated NDA Signing

NDAs and compliance docs signed electronically on the Puck touchscreen. Every signature linked to a verified identity — not a scribbled name.

Self-Service Kiosk Mode

The Puck runs as an unattended self-service kiosk in lobbies. Visitors check themselves in, verify identity, and collect their credential — no receptionist needed.

Complete Audit Trail

Every visit logged with verified identity, timestamp, host, areas accessed, and NDA status. Compliance-ready reporting for ITAR, HIPAA, SOX, and more.

Technical Details

Verified. Matched. Credentialed.

  • Visitor taps phone (mDL) or scans physical ID on the Puck
  • Cryptographic verification per ISO 18013-5
  • Issuing authority signature validated — not just OCR
  • Selective disclosure — only configured PII fields requested

  • NIST FRVT-evaluated face matching algorithm
  • Passive liveness detection — no user action needed
  • Confirms person presenting matches the document photo
  • All biometric data processed in memory, immediately discarded

  • Mobile wallet pass (Apple Wallet / Google Wallet)
  • Encoded physical badge via badge printer
  • Direct access authorization to PACS
  • Time-limited credentials with automatic expiry

  • BIPA-compliant — zero biometric retention
  • GDPR-compliant — data minimization by architecture
  • ITAR / HIPAA / SOX — full identity audit trail
  • Electronic NDA signing with verified identity binding
Use Cases

Every lobby. Every visitor type.

Defense · ITAR

The Defense Contractor

ITAR-controlled facility. Every visitor must be identity-verified and have citizenship confirmed before entering controlled areas. Paper sign-in doesn't cut it.

Impact

Cryptographic identity + citizenship verification. NDA signed on Puck. Complete audit trail for ITAR compliance.

Corporate · Multi-visitor

The Corporate Headquarters

100+ visitors per day across multiple lobbies. Candidates, vendors, board members — each with different access levels and compliance requirements.

Impact

Self-service kiosks handle check-in. Visitor type determines access level, NDA requirements, and credential type — automatically.

Healthcare · HIPAA

The Healthcare Facility

Vendors accessing server rooms. Families visiting patients. Each requires different verification levels and access zones. HIPAA requires audit trails.

Impact

Zone-based access with identity verification. Vendor credentials auto-expire. Full audit trail for HIPAA compliance.

Explore More

One platform. Employees & visitors.

Building access and visitor management share the same KeyShare platform, the same Puck, and the same identity verification engine.

Building Access Control

Eliminate per-user credential costs. Authorize people, not tokens. Runs on your existing Mercury panels.

Learn more
Physical Access Overview

See the complete platform. ROI calculator, integration matrix, system integrator program, and FAQ.

Learn more

Ready to verify every visitor?

See how KeyShare replaces paper sign-in with cryptographic identity verification, face matching, and real credential provisioning — all with zero biometric retention.

Book a Demo Request the Solution Brief