Inscape Access Control System

From JR
Jump to: navigation, search
Access Control
Inscape Access Control
Next meeting: Thursday, 1 pm - done
Project lead: Alan Widmer
Skills needed: Electronic design, Electronic build skills, Membership software skills, Security analysis and threat modelling, Mechanical packaging, Proposal writing
Parent projects: Inscape Buildout
Child projects: Does it have sub-projects

Contents

Participants/Interested Parties

  • Michael Park
  • Roy Hardman
  • Lawrence Leung
  • Trevor F. Smith
  • Jacob Sayles

Synopsis

The IACS will allow Jigsaw keyed members to unlock the door to the room from the corridor within the Inscape Building. The current plan is not to allow access to Inscape from outside the building. The IACS is based on a system developed by shop.23b.org The current state of the project is that the RFID reader is working and can trigger the output that would be connected to the door release hardware but the hardware has not been selected. The system is design to be able to use a variety of RFID cards that a lot of people are already carrying. So far the cards tested are:

* ORCA bus and ferry pass
* Credit cards that have the PayPass system
* Some commercial building entry systems
* Cheap cards that can be bought in many physical configurations [1]

Hardware

The hardware consists of an Arduino Uno, an Ethernet shield, and the 23b.org interface board. The Ethernet shield will need to connect to either a hardwired network cable or a wireless router setup as a client. The interface board from 23b.org provides the signal conditioning for 2 Wiegand interface RFID readers and the relays that drive the alarms and door stikes.

Software

The code is available on Github. It is based on 23b.org's but with the NFC reader and Ethernet requests to update the access list.

Connect

  • If you are able to commit time to help us designing or building, please post to:Inscape Access Control System
    • If you are interested in the project, please go to the group and sign up.
    • You can then control whether to get each email separately or receive a digest once a day.

Design Requirements

  • 4 Doors (3 at the first floor & 1 at the basement)
  • 2 Car gates (+ 1 inductive loop)
  • Battery backup
  • Membership system

Hardware

  • We will discuss potential door strikes/strike systems to use
  • Should be able to poll an external system
    • potentially for later features development such as a Passport System with other hackerspaces, makerspaces, co-working spaces and other creative/community environments
  • Should enable default users (eg. directors, staff, managers, etc) and they must be stored internally
  • Should be comprised of commonly available parts
  • Should be priced reasonably
  • Should be Open Source
  • Should have ability to control multiple doors in same space

Software

  • Must interface with hardware to provide access to non-internal users
  • Ideally it would run on any OS
  • Ideally easy to have smartphone/web portal front ends
  • Manages access for users based on paid dues, hour restrictions, etc.
  • Users are stored in a database that *can be* shared between spaces
  • Either a centralized database, or a seed system like diaspora*
  • Must be Open Source
  • Must be reasonably easy for the average person to use

System Features

  • Software for access control (reads from memory stored users and network user databases)
    • Create a functional specification for how authentication can be done securely.
  • Software that manages membership rights (grants rights/features to users based on conditions specified by managers
    • Standardize an interface specification for how custom software can talk to the access control software interface.
      • example: 3rd party space has a member visiting, presents auth token.
      • example: someone wants to create a custom trusted UI (web, phone, etc.) for talking to the auth daemon
  • Web, phone, etc UI for membership management and access control software
    • Involve user interface management. See what tools people are using today to manage membership and build hooks in the software to manage access control, or build your own.
  • Hardware for reading identity (RFID reader, USB stick, etc.)
    • Build plug-ins to support common hardware (don't get stuck on any given vendor).

(From OpenDoor Hackathon)

Design Ideas

Idea #1:

    • A central PIC based control board in communication with a 50 dollar linux plug pc.
    • The plug PC would handle adding new users removing users, changing permissions etc
    • the plug pc interface would be on the web.
    • the PIC board would maintain the user list and control the doors
    • The door units would use parallax rfid reader modules
    • The door units would communicate with the central board over RS485
    • The door units would be custom all-throughhole boards made on standard protoboard
    • If the power goes out, the PIC board would be able to open and close doors on its own

Idea #2:

    • Use the hardware designed by 23b.org. Wiki at google code
    • Add an Ethernet shield to the Arduino board.
    • Add a wireless router will be connected to each Ethershield to minimize wiring costs
    • There will be one set of hardware for each door. Possibly the garage gate could be combined with one of the doors. The tradeoff depends on where the wiring runs are.
    • The door units would use and Wiegand compatible rfid reader modules.
    • Intergrate membership software on a PC with the Wifi network to send and changes to the key file.
    • If the power fails, each door has its own battery backup. The membership software won't work but each door will still have the list of valid cards and will still open the door using its battery backup power.
    • Each door controller will have a log off who enters and this can be polled by a twitch client to reproduce the functionality of the original twitch. Membership software will keep track of which members want their status reported to twitter.

Parts List

  • Readers/Door units. My suggestions:
  • Use leaded solder for something this important.
    • For reliability and time concerns, Lets do all through hole parts.
    • Lets not do any little hacks to save money.
    • Danny and Alan both have experience with Microchip's PIC line.
    • I am thinking the easiest/best way to do this is with an RS485 bus. one 4 wire power/data bus for everything.
    • We will be needing to switch 24vdc possibly as it is a common solenoid voltage. Main power may be in the range of 36v.
    • The door units and readers must be completely weatherproof. They make weatherproof handy boxes, but make sure it's plastic for the rfid.
    • The fewer parts the fewer places to mess up.
    • But some extra parts are good, like input protection and overvoltage protection. there might be spikes.
    • Perhaps we should try to make this fit in a standard US decora outlet box size because that's likely where it will wind up.
  • I am sure you all already knew this, just putting it up here.

Resources to Acquire

Potential Finds

RFID reader

  • RDM630
    • It's 11$, And VERY easy to use it looks like. it just sends the data and a checksum when you scan a card.
    • It does, however, only have a working temp of -10C to +70C and a storage temp of -20C to +70C
    • uses EM4100 tags.
  • This RFID Transponder Tools ยป 28440:
    • has a working temp down to -40 and might have better build quality.
    • not as easy to use and only works with EM Microelectronics EM4x50 1kbit R/W tags
  • This 28140
    • Everything good about RDM630 but better build quality.
    • 40 bucks
    • is this what was used for the last JigDoor? it looks perfect!
  • This Proxpoint plus 6005
    • 125 khz mini mullion proximity reader (weigand designer and pigtail)
    • $77 at Amazon.com

Progress

Next Steps

  • Sending out questionnaire to existing tenants asking what they want and what kind of features they need.
  • Check out off the shelf systems
  • Questions for sam:
    • How long of cabling to the control center will there be?
    • Which room is the main panel to be installed in? I assume his office?
    • Which of the doors have 120vac close by and which need the power to come in over our cable?

Guidance

  • Open Door Hackathon
  • Open Access Control
    • Mailing list for the Open Source Access Control hardware/software project. The Open Access Control is a full hardware and software system offering access control, alarm system, remote control and auding. Based on the Arduino microcontroller.

See Also

  • Hacker Dojo Maglock
    • There will be a fishbowl of RFID tags in the Electronics Lab at Hacker Dojo. All members will be encouraged to grab an RFID tag and self-serve pair them with their user account on the hackerdojo.com domain. There will be a sign on the bowl saying something along the lines of "RFID tags are of no value until activated".
  • London Hackspace uses Oyster RFID card as membership keys
    • New members get their existing underground RFID chips registered with the door lock and use them for access.
  • SSH secured door lock by Chaos Computer Club Muenchen (Munich, German)
  • AnonAccess or AnonAccess (English version) by The LABOR (german word for laboratory) (Bochum)
  • USB Authenticated Door Lock by Makers Local 256
  • OpenDuino presence notification, (un-)locking and alarm control system. (pluggable) by syn2cat - an open space in Luxembourg
  • Shibboleth
    • The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
  • SAML
    • Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.
  • OpenID
    • OpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1]
    • The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics).
  • Proximity card
  • Contactless smartcard
  • Wiegand protocol
  • A Universal RFID Key

Other ways to participate

It takes $137 a day to run Jigsaw Renaissance

More Info

Direction

We're located at:
815 Airport Way S. STE 112, Seattle WA 98134

OpenStreetMap
Google Map
Bing Maps


In International District inside old INS building called Inscape
Personal tools
Namespaces

Variants
Actions
Puzzle Pieces
Wiki tools
Operations plan
For staff
Toolbox