Currently, Access control systems are mainly based on user identification using Smart cards (with chip) or Contactless cards (RFID). In other cases are also used biometric systems such as fingerprints or PIN codes. But these identification systems have privacy and security issues: user authentication in an access control system, such as loss of the card, data breaches, cloning of cards, disclosure of access PIN to another person, etc. In this context, DIAC aims to solve most of the problems that current access control systems have, using innovative solutions and avoiding direct user interaction with access control through the Disposable Identity Framework.
Core Components
The are 3 core components in the DIAC project.
DID Mobile App
The mobile application is the first interface point for users. They will have to create an account in order to use it. The application will interact with the DID platform and the Access Control Terminal over HTTPs and BLE respectively. It will developed as web application using Angular framework. Moreover, ionic SDK will be utilized for web component development for Android and iOS to provide native app user experience. The application will provide following functionalities.
- User registration
- User login
- Get DID from DID platform
- Send DID over BLE to nearby access terminal
- User access permission management
Access Control Terminal
The Access Control Terminal is designed to support BLE annd RFID communication technologies. In the DIAC project, we will develop and test BLE. The terminal will include ESP32-C3 WROOM-02 for BLE and WiFi, NXP MFRC522 for RFID and NFC and PIC32MX as main processing unit. The terminal will be responsible for the following tasks:
- Communications to the Internet through an Ethernet interface.
- Manages communication with the BLE controller, which, in addition to handling BLE communications, oversees computing encryption operations.
- Includes the electronics systems to carry out the operations of opening doors, barriers, sound warnings, etc.
DID Platform
The DID platform consist of the Backend Server, Blockchain Server and Database. The Backend Server will be developed in Node.js Express framework. It will support REST APIs to the mobile app and the access terminal. The Blochchain Server will support distributed ledger and will be implemented using Hyperledger Besu. Finally, user and terminal data will be stored on SQL Database. It will facilitate following functions.
- Generate DID
- Validate DID
- User Authorization and Authentication
Control flow
- User installs the DIAC Mobile App and register itself
- User request to DIAC Backend Server to generate disposable id
- The Backend server generates an ID, register in ledger and return to the Mobile App
- User shares the id using the App to the Access Terminal using BLE
- The Access terminal verifies the id with help of the Backend Server and open door