Design and implementation of smart access control system based on DM365 platform

Abstract

In order to solve the security problems of the University Teachers’ scientific research experiments and the students’ experiment in the fixed time period, a new design scheme of the smart access control system based on the DM365 platform is proposed. This design adopts TMS320DM365 as platform, and is embedded with ARM926EJ-S as kernel, and uses chip FM1702 and its peripheral circuit as a whole to manage the door and its access control card, and thus it can support Zigbee communication. In addition, the system adopts Linux internal kernel and .NET Framework4.0 development environment, C# development tool and video control named CMTechVideo. The system test results show that the system can monitor and control the different user accesses and collect the date in real time correctly, and realize the function of taking photos and raising the alarm while the data is beyond the normal range, and possess good extensibility.

Keywords

DM365 FM1702 Zigbee smart access control system

1. Introduction

The management control system of sensing access control card access is referred to as access control system and has door access control, real-time monitoring, security and anti-theft alarm and other functions. Currently, the access control systems has been generally recognized and applied as a precautionary measure in university experiment centers. The current access control management system can not only realize unified one-to-one management of doors and nodes, record the persons who have swiped the card, the swiping time and node attendance information, but also temporarily authorize the access of external personnel. However, in the management of university laboratories, the system should meet the students’ relatively concentrated experimental time requirements and take into account the needs of scientific research teachers. Therefore, for management time, the door opening function can be set up at multiple time points, and the door can be opened under remote commands. Therefore, in terms of user access, ordinary cards held by students need to be authorized during non-experimental period, and privilege cards held by laboratory managers and teachers can obtain the function of opening the door for all time periods. As this technology integrates smart card, automatic control, computer communication and network technology, the access control system also has attendance management and camera functions.

2. Overall design of access control system

Wireless single card-swiping access control system is equipped with the cathode lock, uses Zigbee with a transmission distance of 100 m, and supports CMRTP protocol. It possesses mechanical open, remote control, card swiping, signal feedback, call and other functions. The whole system is mainly composed of 5 parts: sensor node, wireless video gateway NVS, access control node controller, cloud server and client. The overall system structure shown in Fig. 1.

Figure 1.

Overall structure of access control management system.

The access control node on the sensing layer collects data and communicate with the server on the system layer through the network layer transmission. Then, on the client side on the application layer, the users use software to login to the server, and then can control and view the information of sensing node in the left column of the software. The client side can see the information collected by the sensing node through the software and send the control command to control the corresponding access card reader.

3. Hardware system for access control system

The server manages the door and the card uniformly, records the information of opening the door, swiping the card and checking the attendance information. It can open the door in multiple time periods, and open the door by the remote command. The ordinary cards can obtain the authorization to open the door during non-working time while the privilege cards can open the doors at all the time periods. The access controller uses Zigbee wireless intelligent network to transmit access control data without the need for wiring, and it can operate independently. The access control nodes include control box, press switch, swipe card reader and door lock.

3.1 Design of non-contact access control card

The electrical part of the card consists of only one antenna and ASIC. Card antenna includes only a few sets of winding coils, which makes it suitable for packaging into the card. The card ASIC consists of a RF interface with 106 KB baud-rate, a control unit and an 8 K-bit EEPROM. The working principle is that when the reader sends a fixed frequency electromagnetic wave to the card, there is an LC series resonant circuit in the card whose frequency is the same as that of the transmitter. Under the excitation of the electromagnetic wave, the LC resonant circuit resonates, and thus charges the capacitor. At the other end of this capacitor, there is a unidirectionally-connected electronic pump to deliver the charge in the capacitor to another capacitor for storage. When the accumulated charge reaches 2 V, this capacitor can be used as a power supply to supply the working voltage to other circuits and transmit the data out or access to the reader data.

Figure 2.

Sector figure of access card.

The access card is divided into 16 sectors, and each sector consists of 4 blocks (block 0, block 1, block 2, block 3). The 64 blocks in the 16 sectors are denoted by absolute address number 0 to 63 as shown in Fig. 2. Data blocks can be used to store data, not only for data read and write operations, but also for data initialization, value addition and deduction operations. Block 3 of each sector is a control block, including password A, access control, and password B. The specific structure is shown in Fig. 3.

Figure 3.

Composition of sector control block data.

The confidentiality performance of the RF card is very good due to the three confirmations before reading and writing and the unique card serial number. Transmission, data encryption, transmission password and access password protection are equipped. The password in the card is unreadable, and only the user who knows the password can modify it. Each sector has its own access password, and the user can set different passwords for different applications of the sector (one card for multiple purposes). Sector access password is divided into two groups of different passwords, including KEY A and KEY B. According to the access conditions, the memory can be accessed after the KEY A and KEY B are checked. Three mutual confirmation processes are shown in Fig. 4.

Figure 4.

Three handshakes between access card and reader-writer.

Figure 5.

Digital circuit of access control node.

The symbols shown in Fig. 4 include:

$\displaystyle\text{Token AB}=\text{ek}_{\text{AB}}(\text{R}_{\text{A}}\text{R}% _{\text{B}}\text{B Text2})$ (1) $\displaystyle\text{Token BA}=\text{ek}_{\text{AB}}(\text{R}_{\text{B}}\text{R}% _{\text{A}}\text{Text4})$ (2)

(A)

B sends a random number R ${}_{\text{B}}$ ;

(B)

A returns Token AB to B;

(C)

After receiving Token AB, B decodes and verifies whether the random number R ${}_{\text{B}}$ contained in the symbol AB is consistent with that sent in (A);

(D)

B sends a number BA to A;

(E)

After receiving Token BA, A decodes and verifies the correctness of R ${}_{\text{B}}$ , and verifies whether the random number R ${}_{\text{A}}$ contained in the symbol BA is consistent with that sent in (B).

3.2 Wireless access controller

Non-contact IC card module consists of non-contact IC card reader chip FM1702 and its peripheral circuits. A master node can be equipped with a variety of readers, including single card reader, dual card reader and password reader. Reader chips based on ISO14443 standard, use 0.6 mm CMOS EEPROM technology, and can respectively support the three non-contact communication protocols under a frequency of 13.56 MHz to support MIFARE and SH standard encryption algorithm. In addition, it highly integrates an analog modem circuit with an operating distance up to 10 cm. Furthermore, it can support 6 kinds of microprocessor interfaces, and the digital circuit has two voltage work patterns, including TTL and CMOS. In the meanwhile, it adopts Zigbee wireless communication technology to collect the information of the card which opens the door and the lock state, and upload to the server in real time. Relying on wireless Zigbee communication, the client side can remotely open the door to this node as shown in Fig. 5.

Figure 6.

Work flow chart of card reading of wireless access control node.

After power-on, the program is firstly used to initialize the register of the card reader chip PCD. Then, the system enters into the card-seeking state, and sends the card-seeking signal through the antenna. When PICC of ICC card enters into the effective operating area of the antenna and the energy is obtained, the PCD card type value is returned. Next, the PCD performs anti-collision operation on the card. After the PICC obtains the anti-collision operation signal, it returns the serial number of the PCD card. After the PCD receives the serial number, the program determines the validity of the serial number. After confirming that the PICC serial number is valid, the PCD sends a pick-up command that contains the unique serial number of the selected card. This ensures that the card for the next step is unique. The PCD loads the key, which is consistent with the PICC sector key to be operated. Work flow chart is shown in Fig. 6.

3.3 NVS coordinator gateway

NVS (Network Video System) gateway uses TI’s DaVinciTM HD processor TMS320DM365 which is referred to as DM36, as shown in Fig. 7. The platform integrates the ARM926EJ-S kernel with a main frequency of 600 MHz, and is embedded into the Linux operating system. An H.264 HD codec coprocessor HDVICP and an MPEG-4/JPEG HD codec coprocessor MJCP can support the encoding and decoding of H.264/MPEG-4 HD video.

Table 1
Functional description of library functions

File name	Description of file function
libiotsdk.h	Header file includes the declaration of all the structures, constants and interface functions
libiot.lib	Static library file which conforms to Windows standard
libiot.dll	Dynamic library file which conforms to Windows standard

Figure 7.

Structure of DM365.

Analog video input interface and video output interface are supported with a video frame rate: 12.5 frames/second. Each device has a unique ID number for convenience of verification and identification as shown in Fig. 8. TMS320DM365 communicates with the network through the EN C28J60 Ethernet controller to support WIFI and 3G network card, and arms and authorizes to input 2.4 GHz wireless mode. Besides, CMRTP network protocol is supported, and can sense image information, sound information, sensor information, control information and node information within the same network.

WEB SERVER is built in with simple network parameters setting; it can be configured to server work; support multi-client simultaneous access to Zigbee NVS gateways and remote PC smart phones, IPAD and so on.

4. System design and development

The development and implementation of the system software is based on Microsoft. NET4.0, the background database adopts MySQL, the program development language is C#, and the data service middleware NvsServer is used to realize the communication between the server and the wireless gateway server NVS. Module development contains a total of the following three files, and the required modules can selected in the development as shown in Table 1.

Table 2
Functional description of library functions

Library function name	Description of functions
CM_Init	Module initialization
CM_Free	Close connection and release resources
CM_SetNVSXmlPath	Set the path for xml storage
CM_Login	Login to the server
CM_SetNotifyUDPPort	Notify the event and receive the UDP portal number

Figure 8.

Coding interface of configuration of protection equipment in NVD video gateway.

The system can authorize the user to open the corresponding access control function by selecting the authorized access point, and then selecting the authorized user and issuing the user card number comparison information. These authorized users can press fingerprints to open access control, and control the door and alarm capture in the management system.

4.1 Design of library function

The basic interface functions are the premise that the client program can run normally. Before the corresponding operations are performed, it is necessary to call such functions for the initial initialization. The following functions are designed in the development as shown in Table 2.

CM_SetNotifyUDPPor function must select at least one message destination among CM_SetNotify Window, CM_SetNotifyUDPPort and CM_SetNotifyThreadID.

4.2 Process design of access control function

There are 14 main namespaces declared in the system, including Collections, Generic, Data, Linq, IO, Xml, Threading, and .Net.Sockets. In the initialization phase, the system sets handle to mark whether the server has been connected, while a new thread is opened up to loop monitor UDP information. The XML file that stores the node information and node list is read into the system. The administrator can login to the server to operate the access control node. Access control system interface consists of three major functional components, respectively card reader area, access control function area, server connection are and feedback display area as shown in Fig. 9.

Figure 9.

Access control management interface.

Access control system can mainly carry out 5 major operations, respectively for the setting of working hours, the management of ordinary card and privilege card, the acquisition of access control status, the temporary authorization, and the capture and setting of the working parameters. Firstly, in the time management of the access control system, the access time information can be set according to the working hours of different university experiments. The default system time management includes 23:00–5:00 for the rest hours, 5:00–7:00 for the health hours, 7:00–17:00 for working hours and 17:00–23:00 for overtime hours. Secondly, the system can issue, freeze or thaw the ordinary card, and compare with the issued user card number to determine whether it is authorized users by selecting the serial port card reading and writing in order to achieve automatic or remote door opening and show the access card status in the system. For temporary guests, the user can apply for temporary authorization function through the access control node. After the system receives the notice of authorization request, the card addition business can be handled temporarily for the guests. Under special circumstances, when the door is opened by swiping card, it can send a request to take pictures and raise the alarm. Temporary cards used for guests may be temporarily authorized or saved in access control.

5. System security test

To verify the feasibility and effectiveness of methods and systems described here, experimental study was conducted on the NVS as the server that based on the background of the university laboratory. The study project checks the security of the system by means of fingerprint entry. Firstly, the tester’s fingerprint is recorded in the database and later the NVS server was started. Serial assistant was initiated on the terminal PC for remote connection. The address of NVS server was set as 192.168.1.143, while the ports were 5000. Figure 10 shows the tester entered the 3304 laboratory by means of a fingerprint test. If the fingerprint is authorized, the door lock is opened. The tester can enter the room. The terminal shows “Authorized”. Otherwise, the system shows “Access was denied”. The tester will not be authorized to enter the room, as shown in Fig. 11.

Figure 10.

Entering the 3304 laboratory with the way of fingerprint.

Figure 11.

Access was denied.

Figure 12.

TCP sequence number analysis by Wireshark.

Wireshark was used to filter and monitor the data packet of the system in the experiment and an analytical statement was produced (as shown in Fig. 12). Basically Wireshark IO graph will show the overall flow of capture file, in a unit of a second (packets or bytes) generally. The default X axis time interval is 1 second, and the Y axis is the number of messages at each time interval.It is clear in Fig. 12 that the statement was a statistical statement created according to the grouping No. and the serial No. of the data packet and based on the arrival time, delay, joggling, and packet size, etc. At that time, the test results show the TCP sequence number of the packet dropout and the delay.The packet loss probability was 0 without error and thus resulted in no influence on the monitoring system. A lot of tests were conducted, during which no re-application for server due to impossible synchronization appeared. Figure 12 show that the TCP sequence number increases fairly steadily, indicating that the transmission is smooth, and there is no multiple transmission or packet loss.

6. Conclusion

Zigbee-based non-contact access control system can realize the main functions of the access control system on the market, and effectively solve the remote management and capture function within the operating hours on the access control nodes. The continuous debugging of the system solves and realizes the addition and close of the serial port, the input maximum problem of extended NVS, Net and Nod, the modification of the too long server disconnection time and the port occupation problem. The software can be opened in a computer for many times. System operates stably and effectively solves the identification of personnel from the university laboratory, providing strong security measures.

Footnotes

Acknowledgments

Design and realization of WiFi based ad hoc smart power plug, the Science and Technology Research Project of Department of Science and Technology of Henan (Code: 172102210554); Development of ARM based embedded industrial smart real-time monitoring system, the Key University Scientific Research Project of Henan (Code: 15A520110).

References

Wei

Deng

et al., Design and implementation of embedded video acquisition system based on ARM, Modern Electronics Technique 39(3) (2016), 30–34.

Liu

and Yang

, Design and implementation of intelligent security system based on ARM platform, Modern Electronics Technique 39(24) (2016), 75–78.

Papadopoulos

A.V.

and Maggio

, Hard real-time guarantees in feedback-based resource reservations, Real-Time Systems 51(3) (2015), 221–246.

Shi

, Design and Implementation of Smart Housing Control Platform Based on MK60 Micro-Controller and MQX-RTOS, Suzhou University, 2015, pp. 16–22.

Yang

and Cui

D.-X.

, Real-time image fusion system based on net transmission, Journal of Applied Optics 34(5) (2013), 784–790.

and Dong

, Performance analysis of two high rate routing protocols for wireless sensor networks based on the Linux platform, in: International Conference on Information Networking 13(2) 2016, pp. 120–123.

Luo

and Ping

, Design and implementation of automatic data acquisition system based on ARM, Computer Measurement and Control 24(4) (2016), 159–162.

Xiao

Wang

Liu

et al., High-speed optical network meter reading system based on ARM and Linux, Electrical Measurement and Instrumentation 53(s1) (2016), 53–55.

Zhang

Mao

et al., Design of lidar data acquisition and remote monitoring system based on B/S architecture, Chinese Journal of Quantum Electronics (5) (2016), 590–597.