Time Clocks Overview
Worker punching is handled by mobile, web or time clocks, including both biometric and badge. This overview covers the following topics:
Time Clock Hardware
Hardware time clocks provide a few benefits over mobile and PC/Web based punching:
| Benefit | Description |
|---|---|
| Always on | Clocks are generally powered via Power-over-Ethernet (PoE+) and backed-up via battery backup at the switch, therefore will always be ready to use |
| Offline | Our applications are designed to provide offline punching for both badge and biometric users, meaning workers can continue to punch when network connectivity in your facilities falters |
| Dedicated | The applications within the clock are dedicated to being a time clock, so there are no app stores, browsing or other distractions |
| Secure | The underlying OS is hardened do-as to provide a secure and safe experience; the optional use of biometrics ensures accurate identity and no false punching |
| Location | Since (generally) the clock can't move, the location of the worker is known, and that location is stamped into each punch record |
| Curated apps | You can expose any of the platform apps on the clock when it make sense for your environment: leave, time approve, schedule and other worker facing use-cases, while preventing access to apps which should be handled elsewhere |
Power
All time clocks are equipped with Power-over-Ethernet (PoE+) and a DC power pack. It is recommended to use the PoE+ where possible for a clean installation and to provide clean continuous power to the device. PoE+ requires 30W per channel as the clock will routinely draw more than the 15 watts provided by standard PoE.
PoE+ installations should also provide backup power at the switch so-as to keep clocks powered at all times and isolated from local circuits.
Card Reader
Optional card readers are available to allow authentication via a card swipe. The most popular card type is HID Proximity, though other formats are supported. When using cards, we will request samples in order to confirm encoding.
Relay / Access Control
An optional DIDO relay can be connected to any external self-powered switch circuit in order to:
- Open a relay to a door for access
- Sound a bell on punch or using a schedule
- Turn on a light (red/green) on authentication success/fail
- Connect to a panel to allow access
The device, bell, light, relay or door which is connected to the other side of the DIDO relay must have its own power source. The clock provides a 5V switch which can operate in NO or NC modes, but cannot provide downstream power to the connected devices.
Cellular
Optional internal cellular module allows the clock to communicate via cellular where signal is available. In these cases the clock would use the provided DC power pack for system power.
Additional hardware information is available here (PDF): Workclock Facial Overview
Biometrics
Biometrics is the use of someone's face, finger, hand or other attribute to verify their identity. Facial biometric has become the most common due to the ease of use and simplicity. The facial biometric in our hardware time clock uses presence detection to further insure the worker is physically present.
Organizations utilize biometrics in time clock punch capture for a number of reasons:
- Convenience: for many populations, there is no need to enter a number or badge, as the clock can identify you by your biometric
- Security: the biometric provides a higher guarantee that the person authenticating at the clock is allowed
- Privacy: when viewing worker information, such as time, balances or other employment data, provides greater control over that information and that only the intended recipient (the worker) can view it
- Cost: biometric identification ensures workers are punching accurately and on-location
Identity Types
Biometric identity management is offered in several forms:
- Identification: clock identifies you with no further input
- Identification with pin: clock identifies you and matches a 4 digit self-assigned security pin
- Verification: you announce identity with employee number or badge, clock verifies using biometric
In the above verification model, the badge input can be captured using an on-screen keyboard or card reader, of which Proximity is most common.
The chosen methodology depends more on population size and card availability. The following guidelines assist with which method applies best to your workforce:
| Biometric Methodology | Workers carry cards | Population size |
|---|---|---|
Identification | No | < 1000 |
Identification with pin | No | < 2500 |
Verification | Yes or No | Unlimited |
In the above table, Population Size is population per time clock device, which can be managed using Clock Groups, such that not all workers are in all clocks. This allows larger organizations to utilize Identification when clocks are grouped by geographic region, department or other demographic element.
Biometric Template
Biometrics works by capturing a picture, such as a face, and converting the measurements and attributes of the face into mathematical points, called minutiae points. The collection of minutiae points is then packaged into a biometric template which is stored both in the clock and in the system database.
The biometric template is encrypted and represents a one-directional conversion of the face impression to a mathematical set which cannot be reversed engineered back into the picture from which it was created.
When a user subsequently attempts to authenticate at a time clock, a new picture is taken, and the same mathematical process performed. If the resultant set of minutiae points closely matches the stored set, then the identity is confirmed.
Enrollment
Enrollment occurs at the time clock and can be manager led or self enrolled, depending on each organizations preference. The enrollment process takes about a minute; first verifying the worker's employment details, then captures biometric attestation, provides guidelines on successful enrollment, then captures the template.
The following considerations should be followed during enrollment:
| Tip | Notes |
|---|---|
| Height | Insure all clocks are mounted at the same height. The recommended height is 57” from the floor to the top of the clock, however, you can alter the height based on your population. Whatever the final height that is chosen, try to keep all clocks at the same mounting height. |
| Lighting | Ambient lighting such as from a window or large light source can cause washout of the images. Try to position clocks where the field of view does not contain any external windows or other sources of excess light. |
| Masks | Masks or other objects covering the face must be removed |
| Hair/hats | Hair and hats are generally not a problem so long as they are not covering the face |
| Glasses | Glasses may work, but the results will depend on a number of factors. You might try enrollment with glasses on, however, the safe alternative is to simply remove the glasses during enrollment and all subsequent verifications. Its possible that you could enroll with the glasses off and successfully verify with them on, or the other way around. If a person is successfully enrolled but struggles verifying when using the clock, try re-enrolling. |
Additional enrollment information can be found here (PDF): Biometric Enrollment
Privacy
Biometric privacy is of significant importance and strict guidelines are in-place to insure that all biometric data is protected and destroyed per our Biometric Privacy Policy. The policy includes the following attributes:
- Worker Attestation: each worker who is enrolled biometrically at the time clock must attest to the capture and use of their biometric data for the exclusive use of identification at the clock and related clocks in the group
- Encryption: all biometric data, including photos, biometric templates and related performance metrics are encrypted both in-transit and at rest
- Use: that the Organization (employer) and vendor will only use the biometric data for this stated purpose, and the data will not be shared, sold, distributed or provided to any 3rd party
- Destruction: that the biometric data will be destroyed, including all copies, following the worker's termination of employment at the Organization
Our privacy policy complies with the requirements of those locale's where biometric privacy legislation (BIPA) exists.
Additional biometric privacy information is available here (PDF): Biometric Privacy Statement
Clock Profiles
Clock Profiles are used to manage the configuration and personality of a time clock. Profiles can be shared across groups of clocks, or individually when a clock requires a unique configuration. Each time clock selects a profile as part of its setup.
Some of the items that are managed in a Clock Profile include:
| Setting | Description |
|---|---|
Security | Manage how admin users can access the setup within the clock. Most clock configuration is performed remotely, but some items such as network, diagnostic or enrollment can be performed locally |
Identification | Determine how users will authenticate at the clock |
Options/BIPA | Device options and BIPA parameters |
Card Processing | Scripts to decode card swipes and script testing |
Relay | Hardware relays and audio |
Identity Configuration
The Identification card within a Clock Profile manages the style of authentication (card, biometric) and how the credentials are captured (keypad, card reader).
Hardware
Card reader script processing taps into the platform's Functions processor to provide deep support to decoding raw card input. For example, a given environment might have workers carrying a variety of card types, such as Prox, Barcode and Mifare. In addition, the badge length and encoding may vary across the card types.
The Hardware card allows multiple badge patterns to be recorded by card type and or badge length.
Card Testing
Testing cards is facilitated by having a user swipe at a clock using the Card Reader Test application. Those sample punches are then processed using the Test Badge Patterns button. During this test the sample card swipes are compared with the registered badge patterns, and if a match is found, the pattern executed and final badge output.
The above testing process is performed in real-time, so you can ask a user to re-swipe a card using the Card Reader Test application at a clock, then immediately re-run the above Test Badge Patterns process.
Clock Groups
Groups allow combining clocks into logical collections to which workers are assigned. In addition, a group can be declared the Default group such that in the absence of a worker group designation, the Default group is chosen.
Clocks are then assigned to a group so-as to allow access to the clocks in the group membership.
For any worker, the selected group then controls which clocks the worker can use. This logic occurs before any other policies such as schedule restriction, geo or other policies.
Some of the settings within the clock group setup:
| Setting | Description |
|---|---|
Default group | When selected, the current group becomes the default group for any user who is not assigned to a group |
Include all clocks | Provides super-user access to all clocks for any worker assigned to the group |
Clocks | When not Include all clocks, specifies the list of clocks which make-up the group membership |
Assignments | In the absence of a worker Clock Group designation, the system first searches the Assignments list to attempt a match based on the Assignment filters; these filters could include Department, Location, Position or other demographic elements of the worker record. If a match is found, the current group is chosen; if not the Default group will be chosen. |
In the absene of any Clock Groups, then all clocks are by default available to all workers. Generally a Default group with Include all clocks would be created to infer the same result. In this way, group enforcement is only applied when the groups actually exist.
Clock Apps
The benefit of the platform is the ability to create applications, in this case time clock punch apps, which can accomodate the many needs of workforce management. Allocations, assignments, leave requests, review time and schedules are just a few examples.
The tools included on the platform allow creating time clock apps with connected workflows for creating custom business logic, enforcing unique pay policies, or collecting survey responses.
Anatomy of a Form
The anatomy of an app is a form which contains a series of cards. Cards act as sections which are visually different areas or pages within the form. Actions within a card can provide ad-hoc navigation to different cards based on the input of the user.
The final card then submits the form contents to a workflow which decides a) if the submission is valid, and b) what to do with the data.
Here is a hypothetical clock app showing the cards and submit workflow:
Forms are then published using the Application Builder in order to expose them as an application.
App Design
For a real time clock app, the desired workflow might be as follows:
- Show today's
Assignmentsand prompt to select anAction(IN, Start Lunch, OUT, etc); this is Card1 in our above example - If
INis chosen, jump to theAssignmentscard (Card2) and pick from that worker's known assignments - If any other action is chosen, jump to the
Resultscard (Card3) andSubmitthe punch
The Form Designer provides a collection of components from which a visual form is created. The design canvas is fully drag-and-drop so you can move components around, manage alignment, sizing and colors.
Within the action button properties, Actions are defined based on user input; here we show how selection of IN jumps to the Assignment card, while actions other than IN jump to the Result card:
The Assignment card is connected to the Scheduler app where today's work schedule and instructions are fetched and displayed in the Assignment Grid. The Select button has an Action which navigates to the Result card.
Finally the results card displays the collected data (workers Firstname, Lastname, PunchTime) along with a Receipt for proof of punch collection. The order, number and handling of cards can be varied to create any process to match pay policies or business workflows.
Completed App
Here is the completed app running on a time clock: worker has authenticated with badge or biometric and is presented with the selection of punch buttons. Pressing IN will prompt for a job assignment, any other button will proceed to the result.
For more information on creating forms, see Form Design