[Design] An NFC-based access control system

With the development of NFC technology and the popularity of smart phones, existing access control systems have been unable to meet people's needs. This article has designed an access control system controlled by a smart phone. The system uses NFC (Near Field Communication) technology to realize the unlock function. It can be used anytime, anywhere, without cumbersome operation and continuous power supply. It only requires NFC function module and battery. The small amount of power supplied can support system functions. The background management function of this system can effectively manage users, and can give authority or reclaim authority, so that the access control system is always in a controllable range. Finally, dynamic verification code is added and encrypted transmission is added in all communication processes, thereby effectively improving system security.

NFC is a short-range high-frequency wireless communication technology that operates at a frequency of 13.56 MHz within a distance of 20 cm. Its transmission speed is 106Kb/s, 212Kb/s, 424Kb/s three kinds. Currently, near field communication has passed ISO/IEC IS18092 international standard, EMCA-340 standard and ETSITS102190 standard. NFC uses active and passive read modes. Compared to Bluetooth, NFC is compatible with existing passive RFID (13.56 MHz ISO/IEC 18000-3) devices. NFC has lower power consumption, similar to the Bluetooth V4.0 low-energy protocol. When NFC is working on a non-powered device (such as a shut-down mobile phone, contactless smart credit card, or smart poster), the energy consumption of NFC is much lower than that of low-power Bluetooth V4.0.

1, the overall program design This program is mainly composed of three sides of the client, server, NFC module and Arduino development board. The server is implemented by C#, and the background management is supported by PHP. The entire program flow is divided into the following steps:

(1) New user opens App registration;

(2) The administrator uses the background management system to register and assign unlocking lists and permissions through the user;

(3) The user logs in the mobile phone key to obtain the unlocking list and related permissions;

(4) The user uses an NFC mobile phone near the NFC module to use the unlock function;

(5) The door lock is opened and the number of user-allowable unlocks is reduced. Wherein, if the user A has privileged authority, the user A can authorize the unlocking authority to the user B through the NFC direct communication between the two mobile phones. User B does not need to ask the server administrator to assign permissions to obtain permissions authorized by user A. The unlocking process is shown in Figure 1.


2, data transmission design Data transmission design is divided into the following steps:

(1) The user requests registration information to the server through the NFC mobile phone App;

(2) The administrator enters the background management system to return the unlocked list and permissions to the NFC mobile phone after the user requests and assigns the permission;

(3) When the user unlocks, request the server to obtain the unlock command;

(4) Use an NFC mobile phone near the NFC module to transfer the unlock command to the Arduino development board for verification and determine whether to unlock it.

The entire program's data transmission process uses AES encryption [9] to ensure data security while protecting the user's personal privacy information. When judging whether the unlocking instruction is valid, the value is compared with the Hashkey value, which increases the security of the system and prevents the malicious user from stealing other people's information and illegally unlocking the lock.

3. Database design The data relationships (including entity types, contact types, attributes, and identifiers) of this scenario are as follows:

(1) Administrator (aid user id, logname user name, pass password, grade authority, lastdateline last login time, salt random number);

(2) User information (authid authorization entry id, lid lock id, autheduid authorized person id, number of allowed unlocking times, starttime_d start date, endtime_d end date, starttime_h start time, endtime_h end time, authuid authorizer id, allow reauthorization , fromauthid which item is authorized by the second authorized project);

(3) unlock record (hid history id, lid lock id, date unlock time, uid user id);

(4) Door lock information (lid lock id, lname lock name, isgprs whether to allow gprs traffic to unlock, pass and lock communication data encryption password, keyword unlock key);

(5) encryption log (auto_num auto-increment sequence, uid_num user id, md5_nummd5 value, lid_num lock id);

(6) User (uid user id, ucode user mobile phone code, commpass communication data encryption password, uname user name, check if passed, date date of application, del user void, upk).

The ER diagram of the program database is shown in Figure 2:


NFC-based access control system analysis 1, security analysis 1.1 Service Security Analysis When a user accesses the authentication service, it needs to submit a dynamic communication password and the individual's signature of the entire message, in which the communication password changes to ensure that the attacker cannot replay. Attacks, and the communication password is encrypted using AES when the authentication service returns the latest communication password, and the plaintext is not observed by the attacker. If the attacker replaces the returned communication password, the user cannot complete the communication normally, so the attacker cannot achieve the communication. The purpose of unlocking. The signature ensures that the data will not be tampered with and that the attacker cannot forge messages.

1.2 Background Management Security Analysis (1) The website adopts the session mechanism in addition to the login page. If the user wants to browse and operate other pages, he must first log in. This effectively prevents non-administrators from viewing and managing websites. Unlike session, cookies store user information on the client and are limited by browser settings. They cannot prevent cookies from being spoofed. Sessions save user information on the server and have nothing to do with browser settings. They can effectively prevent others from obtaining cookies to perform fraudulent login. , greatly improving the security of the site.

(2) The website login page filters the content of the submitted form to prevent SQL injection and the password of the management user is stored in the MD5+salt mode. The degree of security is much higher than MD5 encryption. Even if the database is compromised, it is difficult to crack the user password.

1.3 Unlocking Instruction Security Analysis System Setting Each lock has a unique Hashkey value. Different motor locks have different unlocking instructions. This value is the initial unlocking instruction. Each time the user performs an unlock operation, the server and the Arduino development board use the same algorithm to process the initial values, but the corresponding Hashkey is not the same for each unlock. If an unlock key used by a traditional access control system is accidentally lost or copied, an unauthorized user can successfully complete unlocking. The system encrypts and rotates the unlocking instruction. Even if an unlocking instruction is stolen by an illegal user, an illegal user cannot open the motor lock, which greatly improves the security of the system.

2. Efficiency/economic analysis Compared with traditional access control systems, NFC-based access control systems have greatly improved the production cost, access security, and expansion capabilities. The traditional access control system uses IC cards as the unlocking key, and the IC cards have problems such as being easily damaged and easily lost, which increases the related costs of user maintenance and replacement. Compared with traditional solutions,

The system only needs to use a smart phone with NFC function to complete the unlocking, giving more functions and permissions to the smart phone that the user mainly uses for communication, and the additional cost is low and it is convenient to carry. NFC access control systems and traditional access control systems are simply listed in Table 1.

Concluding Remarks This project is based on solving the inconvenience in life at the beginning of the topic. This is also the core of the project - innovation. With the popularization of smart phones, mobile phones have been given more functions in our lives. The use of mobile phones as the key to the access control system is more competitive. This system uses a smart phone with NFC function instead of a traditional key to meet the user's need for a safe, convenient, and low cost access control system. This is also the innovation of this program. However, there are still some shortcomings in this program that need to be improved.