OpenDoor Project Page
This page contains info in regards to the Opendoor hack-a-thon project. This project is on Dec, 11th 2010. Blurb below:
The OpenDoor Hackathon is a hackathon to benefit the members of hacker/maker/artist/co-working spaces by creating a standardized, Open Source access and membership management system that can be used by everyone. At the end of the hackathon, the systems (or subsystems) created by each space will be voted upon, and the best system (or combination of systems) will be chosen. Implementing the system afterward is, of course, optional.
Why are we doing this? I know, the word “standardized” sends chills down my spine too, but I assure you that this is a good thing! Deciding upon a common system would enable the following things:
- The ability to share membership between spaces
- Crowd-sourced security enhancements and feature additions
- Easier membership management
- A warm fuzzy feeling of being connected with other spaces
What we’re envisioning (and what many of you already have) is a sort of Reciprocikey or Space Passport system. We believe that the only way to create such an awesome system is to work together on it!
Our proposed solution
Use rfid MIFARE buttons to provide both an identity as well as an authentication source. The buttons we are using support 1k of storage and are often used as secure payment systems. An additional benefit to this method allows for the button to be "stamped" by the space. A user can have a history of spaces they have visited stored right on their button!
The way this works is a reader is attached to a door system. This can be added to an existing security system or could be the only security on the door. When a user approaches with an rfid badge the system scans it and checks to see if it is a passport button. If so it then reads the authentication URL off of the button.
This URL is then checked against a policy list. This is a simple list of known hackerspaces and how to treat the request. For instance if you have a sewing club down the street and you have an agreement with them to share space, then their members can use your space and your members can use theirs anytime they want. That is the easiest of access rules and is a simple accept policy (white list). A more common rule would be to have an allowed hackerspace access but ONLY if a member is already in the space (grey list). More details on how that is accomplished later. And finally if the hackerspace URL is not in the list or if it is not a valid passport button or if it a rival hackerspace that you do not trust (tsk tsk) then reject it (black list).
The system then uses the URL and passes in your ID from the button. The URL either returns a 1 or a 0. 1 means the user is still an active member and 0 means the user is no longer a member. If the user is still an active member of that hackerspace they will get a "stamp". A stamp is just a small unique ID given to each hackerspace. The user can later bring his badge to a reader to view all of their stamps. Note: A stamp does not actually mean you went inside, it simply means you are a member of a hackerspace and you physically visited another hackerspace (or at least their door ;)
If all is good the door unlocks for a brief period of time.
Here are the basic parts we used:
- RFID Module - SM130 Mifare - Complete Read/Write Module (~$30)
- RFID Tags - We got one of each of the 1k transponders from sparkfun (~$3)
- Computer to handle the door access controls
- Public Webserver for authentication (PHP Script)
Mifare Classic is a secure memory (1Kbyte, 4KByte) chip/card often called contactless smart card. The reason it is called smartcard is because it has increment and decrement functions designed for especially payment systems. Mifare Classic family of tags is being used in RFID applications where very high security and fast data collection systems are required. This family of tags has contactless communication speed up to 106 KHz and uses very strong encryption techniques.
These offer encryption to prevent cloning but for a generic passport system I'm not sure that can be deployed.
The plan is to have a simple PHP script that can check MySQL, LDAP or a text file for a list of valid button IDs.
Space Open Switch
(To be filled in by Paul)