[hackpgh-discuss] Re: RFID timeclock
- From: Anthony Cascone <ajc317@xxxxxxxxx>
- To: "hackpgh-discuss@xxxxxxxxxxxxx" <hackpgh-discuss@xxxxxxxxxxxxx>
- Date: Tue, 3 Mar 2015 18:47:17 -0500
Sure, wasn't worried about the inheirent issues with RF. It's
clearly getting adopted and relatively safe. I was more referring the that
handling of that information in the app. If Someone got a hold of the
tablet, would they be able to spoof my phone since I clocked in to the
tablet using my phone? Would, say, the author of that app have the ability
take that information and use it for some other purpose?
At this point, I should just start reading up on it, but I have other
things to do. It was a concern. As long as the information isn't linked to
other account information, then it seems safe enough.
On Tuesday, March 3, 2015, Joseph Ates <joey@xxxxxxxxxxxxxx> wrote:
> Security would largely depend on how the apps were set up. NFC comms are
> usually less than 2", so I envision the employee application would need to
> actively approve before sending their identification number. Also, there's
> some nice security measures in android as to which apps handle particular
> NFC scans.
>
> In other words, I don't see this being a background service that can
> somehow be tripped or exploited without the user's knowledge.
>
> On Tue, Mar 3, 2015 at 5:17 PM, Anthony Cascone <ajc317@xxxxxxxxx
> <javascript:_e(%7B%7D,'cvml','ajc317@xxxxxxxxx');>> wrote:
>
>> I know they make NFC shields. We have an NFC reader shield at the shop
>> somewhere. I think Parallax makes that too.
>>
>> I do like the idea of only using a tablet for the time clock. It's got
>> the hardware you need. If all you have to do is keep it plugged in, which
>> you would need to do anyway, that could be a viable option.
>>
>> Still playing devils advocate, since I can't help myself. If you are
>> using the NFC from someone's phone, is there a security issue with storing
>> that information in a database? I wouldn't want to have someone scan my
>> phone and be able to spoof it. I'm not all that familiar with the protocol,
>> but it may be important to use it properly. Not sure I would trust waving
>> my phone over that. That is, if it even had NFC. Stupid iPhone...
>>
>> On Tue, Mar 3, 2015 at 5:04 PM, Joseph Ates <joey@xxxxxxxxxxxxxx
>> <javascript:_e(%7B%7D,'cvml','joey@xxxxxxxxxxxxxx');>> wrote:
>>
>>> Hi Anthony!
>>>
>>> Yeah. I think scanning NFC from android apps is a no go situation under
>>> lock screen conditions. That being said, there's a developer option to keep
>>> the screen awake when connected to usb (or usb power sources) which would
>>> be ideal for the "clock" tablet.
>>>
>>> USB would of course be cool as well. As an aside, I also think it would
>>> be cool if one could leverage the android accessory USB protocol/interface
>>> as a NFC reader to a tablet as the accessory in the standard can double as
>>> a 500mA power source. [1] I think there's even an arduino mega[2] designed
>>> for use as an android accessory, so all it'd need is an NFC reader shield.
>>>
>>>
>>> [1] https://source.android.com/accessories/protocol.html
>>>
>>> [2] http://developer.android.com/tools/adk/adk.html
>>>
>>>
>>> On Tue, Mar 3, 2015 at 4:00 PM, Anthony Cascone <ajc317@xxxxxxxxx
>>> <javascript:_e(%7B%7D,'cvml','ajc317@xxxxxxxxx');>> wrote:
>>>
>>>> Dude, you're alive.
>>>>
>>>> NFC makes sense for the reasons you pointed out.
>>>>
>>>> Personally, I'm not an app developer and would rather avoid it, but
>>>> could make sense. At tablet would be cool because of the built in display,
>>>> but there would be details like would the app have to be active to receive
>>>> the NFC. If you had to wakeup the tablet every time to wanted to punch
>>>> in/out you might as well drop the NFC aspect. All that said, there may be
>>>> an app for that... again, I'd look before you build something.
>>>>
>>>> There are USB NFC interfaces too. Just saying.
>>>>
>>>> On Tue, Mar 3, 2015 at 3:49 PM, Joseph Ates <joey@xxxxxxxxxxxxxx
>>>> <javascript:_e(%7B%7D,'cvml','joey@xxxxxxxxxxxxxx');>> wrote:
>>>>
>>>>> To be honest, I think NFC is a bit more accessible to do this kind of
>>>>> application considering it's in the back of most android/windows smart
>>>>> phones. You could use a Nexus tablet as the "clock" and have employees use
>>>>> their smartphones to scan past it. You could also issue small cards with
>>>>> embedded NFC tags for those employees who don't have smartphones.
>>>>>
>>>>> On Tue, Mar 3, 2015 at 2:03 PM, Anthony Cascone <ajc317@xxxxxxxxx
>>>>> <javascript:_e(%7B%7D,'cvml','ajc317@xxxxxxxxx');>> wrote:
>>>>>
>>>>>> I'm not aware of any projects that currently exist that you could
>>>>>> just copy and past, but I'll be honest, I didn't bother searching at all.
>>>>>> I'll leave that to you.
>>>>>>
>>>>>> In its most basic form, you'll need an RFID reader, tags, and some
>>>>>> sort of computer. Depending on how you want it set up, you could use your
>>>>>> own computer, or get a dedicated system. A RaspberryPi would be more than
>>>>>> sufficient if you want a dedicated, low power, portable system.
>>>>>> Regardless,
>>>>>> of the computer, for ease of integration, I would recommend a USB enabled
>>>>>> RFID reader. That can be fairly cheap if only need it to operate indoors.
>>>>>> Parallax has one I think. If you needed it our doors, you'll have to pay
>>>>>> more or you a mixture of parts to get it to play nice with a computer.
>>>>>>
>>>>>> Once you have the reader, you'll need something to listen to the
>>>>>> reader on the computer, and then log the time/date that the tag was read.
>>>>>> From there, it's up to you on how the data is displayed.
>>>>>>
>>>>>> I have a feeling that such a project might already exist, but it
>>>>>> shouldn't be too hard to whip something up.
>>>>>>
>>>>>> On Fri, Feb 27, 2015 at 5:37 PM, Chris Williams <cwilliams2@xxxxxxxxx
>>>>>> <javascript:_e(%7B%7D,'cvml','cwilliams2@xxxxxxxxx');>> wrote:
>>>>>>
>>>>>>> Please forgive my lack of clarity.
>>>>>>>
>>>>>>> Anthony's explanation most accurately described the goal. The RFID
>>>>>>> tag will be the timecard for the timeclock. The tag will initiate when a
>>>>>>> person has clocked in and out. In addition, I want to create a log with
>>>>>>> timestamps.
>>>>>>>
>>>>>>> -Chris
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Friday, February 27, 2015, Anthony Cascone <ajc317@xxxxxxxxx
>>>>>>> <javascript:_e(%7B%7D,'cvml','ajc317@xxxxxxxxx');>> wrote:
>>>>>>>
>>>>>>>> While we are playing the guessing game. I suspect he means a time
>>>>>>>> tracking system using RFID tags to "punch in" and out.
>>>>>>>>
>>>>>>>> A device that generated tag IDs that corresponded to the current
>>>>>>>> time would be an interesting project though.
>>>>>>>>
>>>>>>>> Regardless, additional details would help to understand the scope.
>>>>>>>>
>>>>>>>> On Fri, Feb 27, 2015 at 10:07 AM, Yevgeniy Soroka <
>>>>>>>> ukranians2@xxxxxxxxx> wrote:
>>>>>>>>
>>>>>>>>> I suspect he means an RFID chip which transmits the time when you
>>>>>>>>> scan it?
>>>>>>>>> -Geno
>>>>>>>>>
>>>>>>>>> On Fri, Feb 27, 2015 at 10:00 AM, Tim Cannon <
>>>>>>>>> timmycninja@xxxxxxxxx> wrote:
>>>>>>>>>
>>>>>>>>>> start by explaining what you mean, RFID is usually passive and
>>>>>>>>>> simply transmits an ID over low frequency radio.
>>>>>>>>>>
>>>>>>>>>> On Fri, Feb 27, 2015 at 9:33 AM Chris Williams <
>>>>>>>>>> cwilliams2@xxxxxxxxx> wrote:
>>>>>>>>>>
>>>>>>>>>>> Dear Hack Pittsburgh,
>>>>>>>>>>>
>>>>>>>>>>> I am interested in learning how to develop an RFID timeclock.
>>>>>>>>>>> Chad suggested that I ask the group.
>>>>>>>>>>>
>>>>>>>>>>> Where is a good place to start?
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>>
>>>>>>>>>>> -Chris
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Other related posts:
