Team 6:Faisal Moiz

Raymond NnodimMichael Woodruff

Instructor:Dr. Bun Yue

Mentor:Craig Russell – Tietronix Software

1

Capstone – Spring 2012Android Smart Card ID Checker

Presentation Overview

• Background• Requirements• Design• Demo• Results

Presentation Overview

• Background• Requirements• Design• Demo• Results

PIV Cards• Background• Requirements• Design

• Demo• Results

• HSPD-12 (Aug. 2004)– Presidential Directive to

create a government-wide standard ID

• FIPS 201 (Feb. 2005)– NIST standard to fufill

HSPD-12– Defines PIV card

http://openidtrustbearer.files.wordpress.com/2009/12/generic-piv.png

PIV Smart Card

• Microprocessor and Storage• Contact or NFC Contactless

• NFC is – Standardized – ISO/IEC 14443 – High Frequency – 13.56 MHz– Short Range – 10cm or less

http://www.idwholesaler.com/images/learning-center/combi-card.gif

• Background• Requirements• Design

• Demo• Results

Presentation Overview

• Background• Requirements• Design• Demo• Results

Purpose of Project

• Johnson Space Center (JSC) personnel are all assigned PIV cards

• The PIV cards are visually inspected by security at entrances

• Using portable PIV scanners would help to increase security

• Background• Requirements• Design

• Demo• Results

Why Use Android?

• Purpose-built scanners– Expensive– Too big or small screen

• Android– Many new models support NFC– Inexpensive– Lightweight with big screen– Lots of features

http://ww1.prweb.com/prfiles/2010/09/06/4467994/gI_0_0_DSC00111.jpg

$4,700

http://www.kestronics.com/catalog/images/IT-800.jpg

$1,431

$200 - $450

MaxID IDL500 CASIO IT-800

Samsung Galaxy Nexus

• Background• Requirements• Design

• Demo• Results

http://1.androidauthority.com/wp-content/uploads/2012/01/Samsung-Galaxy-Nexus-vs-droid-razr-maxx-600x378.jpg

Requirements

• Use Android smart phone to read NFC cards • Use ID number read to query remote database

and display digital replica of ID card• Display additional personnel details • Display warnings such as revoked or expired

cards• Log time and location of scans• Log and photograph Guests• Should work offline

• Background• Requirements• Design

• Demo• Results

Presentation Overview

• Background• Requirements• Design• Demo• Results

Architecture

Local Database

Remote Database

Web Server

• Background• Requirements• Design

• Demo• Results

RemotelyGenerated

PhoneGenerated

Card

Guest LogScan Log

PersonBelongs To

Updates

1 1

1

M

• Background• Requirements• Design

• Demo• Results Data Model

Pull Personnel Records

Remote Database

Local Database

Request records

Send records

Save records to local database

Web Server

• Background• Requirements• Design

• Demo• Results

QueryRemoteDatabase

Scan Card

Local Database

Save Scan/Guest Logs

Remote Database

Request records

Send records

Web Server

• Background• Requirements• Design

• Demo• Results

QueryRemoteDatabase

Retrieve Personnel Data Locally

Local Database

Use Local Database

Web Server

• Background• Requirements• Design

• Demo• Results

Push Logs

Local database

Push Scan/Guest Logs

Logs Received

Confirmation

Delete Logs from Local Database

Retrieve Logs to send from localdatabase

Remote Database

Web Server

• Background• Requirements• Design

• Demo• Results

Store LogsIn RemoteDatabase

Presentation Overview

• Background• Requirements• Design• Demo• Results

http://dcm.uhcl.edu/caps12g6/api/webforms/recentscanlogs/

http://dcm.uhcl.edu/caps12g6/api/webforms/recentguestlogs/

Presentation Overview

• Background• Requirements• Design• Demo• Results

Challenges

• Getting Equipment– Hard to find suitable cards– No local sellers

• Writing to PIV cards– Complicated specification and limited software

• Integrating Client and Server– Network communications– Translating data too and from XML

• Working with Different Android Phones• Using Different Vendors’ Cards

• Background• Requirements• Design

• Demo• Results

Future Work

• Security Enhancement– Use encrypted portion of card– Require authentication for app– Use secure connection– Encrypt local data

• Performance Enhancement– Custom made server application– Compress XML or use binary data format

• Background• Requirements• Design

• Demo• Results

Conclusion

• Android is a good platform for reading PIV cards– The phones are cheap and fast– Android has a native API for NFC– However, there are difficulties running the app on

different hardware/Android version• Reading cards can be difficult

– The NFC reader on the phone can sometimes be underpowered

– Some models of card read better than others• There would be extra steps for security

personnel, but enhanced security

• Background• Requirements• Design

• Demo• Results