PACS for a major telecom operator: developed software that can replace regular access control systems

How can you help the security service to work even more efficiently and prevent “strangers” from accessing a protected facility? Our client decided to create an app that turns an employee’s or guest’s mobile devices into an access pass, allowing real-time tracking of all movements. They turned to Purrweb for development.

In this case study, we’ll share how we developed a prototype with key flows, implemented location tracking, and integrated complex functionality with the client’s services in just one month.

Since the project is under an NDA, we can’t reveal the product’s name or client details. All we can say is that the client is a major telecom operator in Eastern Europe, and the project is an innovative security system. Together with the client, we decided to share our collaboration story, which resulted in this case study.

The pass that’s always with you

With a traditional physical access control system (PACS), employees need a separate physical pass. They must scan it at a turnstile to enter a building. While this system has its benefits, it also has drawbacks — most importantly, anything can happen to the pass. It can be forgotten, lost, or even given to an unauthorized person. Additionally, traditional PACS technologies don’t allow for real-time movement tracking within the building or an accurate count of people inside — both of which can be critical for security.

Our client’s product solves these problems. The key idea is simple: an employee’s mobile device becomes their access pass. The smartphone also acts as a beacon, tracking movement inside the building.

The system uses multi-factor authentication to verify a person’s status — whether they are authorized or not. Based on this information, it classifies them as either “authorized” or “unauthorized.”

In the table below, we compared regular systems with our client’s product 👇

The product consists of two parts — a mobile app for employees and a web interface for security staff.

The mobile app includes the following features:

• • Multi-factor authentication with phone number verification and native smartphone security features (Face ID, Touch ID);
  • Bluetooth-based geolocation tracking;
  • Integration with a building’s external security systems for real-time video streaming to security monitors.

The web interface for security teams displays the following data: access logs of authorized employees, guests, and “suspicious” unauthorized individuals — those who haven’t been authenticated with the app. We understand this might sound like a dystopia, but in practice, the system helps prevent incidents and ensures safety in high-traffic areas.

The product was developed from scratch. In corporations, new products are often launched by dedicated teams. And to test ideas quickly, it’s easier to bring in outsourced developers than to reallocate resources or hire new people.

Our clients chose us because we came highly recommended by others in the industry. Plus, we already had experience developing IoT projects, such as the EnerGO app for power bank rental. Our deep commitment and willingness to take on urgent tasks also worked in our favor 🙂

Is your in-house team overloaded, and deadlines are tight?

At Purrweb, we're ready to help. We’ll quickly dive into your project, offer effective solutions, and meet all deadlines. Contact us for a free project estimate.

Get an estimate

Delivered the prototype in one and a half months

The task was straightforward: develop a working prototype of the app with core functionality within a month and a half. The prototype was to be presented at the company’s head office, and whether the product would be developed further depended on the success of the demo.

At Purrweb, we have extensive experience working with startups, so tight deadlines and urgent tasks don’t intimidate us 💪 We quickly immersed ourselves in the project context, created a step-by-step plan, and worked with the client to identify the essential features for the mobile app prototype:

• • authorization;
  • multi-factor authentication;
  • сreation of an access pass.

They also asked us to develop a web interface for the security team to demonstrate how everything would work.

The client already had design and main user flow drafts, as well as a finished web interface mockup for the security team. This saved us significant development time. Due to NDA restrictions, we can’t share the details, but the interface looked something like this:

Security dashboard

To maintain speed, our team, consisting of a systems analyst, designer, backend and frontend developers, and a tester, began working in parallel. We also established clear communication with the client’s specialists, defined responsibilities, and identified potential risks and mitigation strategies.

Since the project was new, the client had to select the technology to work with BLE beacons. To avoid delays, we decided to temporarily use a Chinese alternative and its documentation until a final decision was made.

For the app, we chose the React Native stack. It was faster and easier to integrate the necessary libraries and create components using the client’s existing design system. Another advantage of React Native is its cross-platform development capabilities, which allow us to reuse code for both Android and iOS.

In the end, we met the deadline, the demo was successful, and the project was approved for further development. The prototype served as the basis for further work, and we agreed with the client on a minor redesign of the app.

You shall (not) pass!

Let’s take a look at the main flows. As a brief disclaimer for this case, we slightly modified the app’s interface design to protect commercial confidentiality. However, all user scenarios are real.

In the mobile app, there are two user roles: employee and guest. These roles are interconnected — a guest is linked to a specific employee. This connection is recorded in the system and video stream, which helps to analyze interactions and track guest movements.

Location is determined via Bluetooth, so it must be turned on for the app to work properly.

Upon first login, the employee authenticates using their phone number, and the system checks to see if they are in the database

The next step is multi-factor authentication using the device’s built-in features. This verification protects against unauthorized access, for example, if the phone ends up in someone else’s hands.

Only after successful verification does the screen with the employee’s access passes become available

Access is provided through two options:

• • Hands-free – automatic entry to the area and building without taking out the smartphone
  • QR code – entry by scanning the QR code within the app

In both cases, the app must be running on the smartphone.

Active employee passes

Meanwhile, what’s happening on the security officer’s dashboard? It’s all very clear. Here, all suspicious entries are displayed: date, time, phone number, and name of those who turned off Bluetooth, didn’t authenticate, or didn’t use the QR code.

Further actions depend on the security policy of the facility. However, the dashboard distinguishes between violators and those who didn’t complete the required actions for objective reasons (for example, due to poor Internet connection).

For convenience, we’ve sorted entries into categories: all entries, suspicious entries, and guests.

We implement IoT products in startups and corporations

helping automate processes with IoT technology. Contact us for a free project estimate: we’ll calculate the budget, estimate timelines, and create a roadmap.

Get an estimate

How to explain to the camera who is authorized and who isn’t

In order for the app to effectively perform its task and track people’s movements in real time, we implemented several key features:

• • Interactive office map
  • Graphical overlay on the video stream (Canvas)
  • Support for HLS streaming
  • Custom video player with additional features

How does this work in the access control and security system?

Delivered the final app to the client

We deployed the app on the client’s infrastructure, which was a key project requirement. Also handed over the finished app, which the client continued to develop with their in-house team.

The clients were satisfied with our collaboration and expressed interest in future projects with us. And we’re all for that 🙂

➡️ Looking for an experienced design and development team that can handle complex technical tasks? At Purrweb, we’re ready to help. We’ll dive into your business context, establish communication with your team, analyze the details of your processes, and offer the optimal technical solution.

Tell us about your task — we’ll estimate timelines, create a roadmap, and define the budget.

Why Purrweb

Full-cycle mobile development. We take care of the entire process: design, development, testing, and support of app releases in stores.

10+ years of experience. We’ve been creating IT products for businesses and startups for over a decade. We’ve completed 550+ projects in various fields: IoT, EdTech, marketplaces, dating apps, and more.

Modern technologies. We work with the latest tech stack to implement the most complex and advanced features. Our products are easily scalable, upgradable, and maintainable.