Bridging the gap between IT security and physical security

Bridging the gap between IT and Physical Security

Frank Staut
Frank Staut

chairman of board at nextAuth and electronics engineer in a past life

With the API based architecture of nextAuth, one can do interesting things. I developed a Proof-of-Concept whereby the nextAuth mobile user authentication is used to open a lock. The lock is opened (i.e. the green led lights up) by pushing a button, if at that point a user is logged in. This Proof-of-Concept is fairly basic and only uses a limited subset of the nextAuth API. Even so, it shows the ability to integrate the nexAuth solution in IoT projects.

I used a NODEMCU ESP32 microcontroller development board for interacting with the nextAuth API. The ESP32 microprocessor is very flexible and has onboard WiFi and Bluetooth. Many examples can be found online on how to program it. I used the Arduino IDE as it is simplest way to get started with microprocessors.

Before logging in, you need the nextAuth app (Android, iOS) and register it with the server. Through the nextAuth dashboard you can set up your own virtual nextAuth server. To log in, you scan a QR code with the app, and input your PIN or biometric (fingerprint or FaceID). The QR code contains the server identifier and a session identifier. With this session identifer the lock can check through the API if a user has logged in. This is done after the user pushes the button. If a user is logged in, the lock opens (i.e. the green led lights up). As soon as the lock opens, it triggers a logout for the user, resetting it for the next user. Here the session identifier is just used as a way to identify the lock the user is logging in for. The QR code is thus fixed and can be printed on a piece of paper or even a sticker to hang next to the lock.

What happens on a technical level is:

Overview

A sample of the generated log output:

				
					Monday, May 11 2020 11:25:07
Button pressed at Monday, May 11 2020 11:25:10, No user logged in!
Button pressed at Monday, May 11 2020 11:25:17, No user logged in!
Button pressed at Monday, May 11 2020 11:25:23, No user logged in!
Button pressed at Monday, May 11 2020 11:25:46, User Frank logged in!
User logged out!
Button pressed at Monday, May 11 2020 11:25:57, No user logged in!
Button pressed at Monday, May 11 2020 11:26:04, No user logged in!
Button pressed at Monday, May 11 2020 14:16:34, User Frank logged in!
User logged out
				
			

I am not a developer, so it is probably not the best code. But as a Proof-of-Concept, it is definitely useful.

Frank Staut
Source code

Don't miss our next update

Book your personal demo
February 2023
Mon
Tue
Wed
Thu
Fri
Sat
Sun
30
31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1
2
3
4
5