The Internet of Things is mostly about bringing Things to The Internet, but it’s also about bringing The Internet to Things. Two-Factor Authentication (2FA) has been offered by mission critical services websites like bank accounts or Bitcoin wallets for some time now, providing an additional layer of security beyond just a password. Since resin.io is all about crossing the gap between the internet and the real world we decided to put this concept into action by building a safe-deposit box that requires 2FA to open.
By combining resin.io with Twilio’s Authy, we got to do this with a very simple deployment system —git push resin master— and a very easy way to add the 2FA mechanism.
Safes and lockers are usually opened by a key or by tapping in a code on a numeric keypad. We’ve come up with an alternative approach that combines a numeric code with an SMS sent via Authy to the user’s phone, which means that opening the safe involves having both the code and the mobile phone.
We used a Raspberry Pi 2 and a little circuit on a protoboard. The lock itself is a 5V solenoid.
The Pi runs a node.js server which performs authentication via a simple web interface. We use Authy to provide the 2nd factor authentication and resin.io to allow ultra-simple code deployment.
The procedure to lock and unlock the safe is as follows:-
- The user inputs their email.
- If it’s a new user, they’re asked for a phone number.
- The UI asks for the user’s code to lock the safe.
- When the code is inputted by the user, the lock is engaged.
Once this is done, to open the safe:-
- First, the user has to input the correct code.
- After inputting the code, Authy sends an SMS to the user.
- The user inputs the SMS code, and the lock opens.
- The lock only opens for a few seconds, but it can be opened again by pressing the ‘Open’ button on the UI.
When you use the UI on your phone, you’ll usually be able to input the SMS code when it arrives as it will appear in your phone’s notification area.
And this is what the unique experience of opening our safe looks like:-
The circuit schematic for the solenoid driver looks like this:-
(You can also find it on Upverter)
And this is how we assembled the solenoid driver on the protoboard:-
the Raspberry Pi runs a node.js server which implements a multi-step authentication mechanism, in order to achieve this we designed a state-machine using machina.js served up over HTTP via express.js. Most of the interaction operates over socket.io, to provide real time feedback to the user.
For more detail: Safe Deposit Box with two-factor authentication