Hi Nathan,
There is a Build-It, Buy-It or don't bother choice here.
There are about one hundred gazillion door control and security systems out there, and many integrators that will sell you one. Of course, they cost money. In addition to that, many maker spaces have... well... makers.... and makers want to make things. Makers often believe that they can build a system for less than they can buy one. Sometimes this is true and sometimes it is not.
In broad terms, our system consists of identical systems on two doors:
- A Parallax RFID reader (The link is digikey, but you can get them lots of places) $60-$80
- A Raspberry Pi (originally a Pi 1, just upgraded the back door so both are Pi 3B) - About $55-80
- A Relay. Best results, surprisingly, from a Grove Relay. - About $4. (Interestingly, trying to save $2 on this isn't worth the time. Make sure the relay triggers on 3.3V)
- An Electric Door Strike. Make sure that you get one that can take DC (one of ours is at 12V, the other at 24V, most new ones can use 12 or 24 or AC. The AC makes the "buzz").
This will cost you between $250 and $800, depending on model and installation. Get your landlord's approval if you're cutting into a door jamb that you don't own.
The pi runs a Python daemon that was originally written by some members, only one of whom is still peripherally involved. I don't own the code but I've done the latest tweaks to it. It's on our GitHub.
The daemon references a local copy of a SQLite3 database. The data is kept local so that there is no dependency on the LAN or DB/Web servers to unlock the door.
Each member is issued an
EM4100 RFID Card. Members who ask nicely can be issued a Key Fob as well. The card is also our member ID card and can be used for discounts at some vendors. We cheap out here. We get the cheapest card we can from AliExpress and pay 10 to 20 cents per card. I have had one or two out of hundreds fail the RFID read, but about 1 in 5 just won't print nicely. A "name brand" card from the likes of DataCard will run closer to $2. We can live with throwing some out. I happen to have an old
SP35 Datacard printer. This is long discontinued, but a similar card printer is at least a grand new. The alternative (used by many big businesses) is to print a label (even a B/W Dymo shipping label) and stick the label onto a card.
The card has a 10-digit hex number that is read by the reader and handed to the pi. The pi looks it up in SqlLite and if it matches an active member, fires the relay to unlock the strike. It then also makes a web call to log it to the member portal database, as well as logging it locally. As an added bonus, a welcome message appears on digital signage with the members' name.
IMPORTANT NOTE: No security person will tell you this is adequate. It can be brute-forced. It could be hijacked (although we don't use the Weigand protocol, so we aren't subject to that hack). In our case, the burglar alarm and alarm code, plus the fact that over 250 people go in and out and all have eyes, are our "second factor".
In the early days (like the first 6.5 years) the sqlite database was maintained by ssh-ing into the pi. This does not scale.
On the other side, we have a fairly complete member portal. The member portal receives automatic IPN notifications from PayPal and is the repository for who is paid, and all the information we need to know about a member, Now, when we "issue" an ID card, we use the web-based member portal to assign that card to a member. The back-end database (MS SQL) calculates who's card should be active, given their payment status and whether or not they are a "vetted" member (what most people call a "keyholder"). Once a day (more frequently on Tuesdays, our open house night) the database recalculates the local table and a server-side job pushes a file via SAMBA to each Pi and then runs a remote SSH to update the Pi's local table. (We can also trigger this update manually, if we have to push a change.)
One tremendous advantage to this is that there are no favorites being played. I don't have to decide to block Billy-Jane but since I like Mary-Jack I will let her be overdue. If you don't pay, your card times out.
The second point is that now the back end is all in place for access control for individual equipment.
Since this door setup costs a couple of hundred bucks, we want to keep the per-tool costs lower, using $10 RFID readers and ESP-Based chips. This has proven time consuming and political, plus has the (slightly) more complicated need of correctly interfacing the relay in the "controller" with a contactor or other mechanism. (We don't want to power a mill or lathe directly off 22 ga wire on a 3-dollar relay.) Danger, Will Robinson: if your maker space is subject to electrical codes and city/province inspections, get someone qualified to sign off on how you connect this! (You need, for example, to have a "latching e-stop". My amateur recommendation is to do this in between wall wiring and tool wiring).
Now, we have skilled people and advanced tools like screwdrivers. So, sure, a member at 2:00 am can defeat this. So we have cameras, and a written policy that states doing so is grounds for membership cancellation.
The member portal database tracks training and qualifications so that each reader can make a decision (using a rule-based engine) on what is needed for that particular tool/function/door to activate. For example, saying "the lathe can only be unlocked by members over 18 years of age" or "the supply room door only opens for directors and members who restock the pop fridge" requires no new code changes.
Some parts of this could be replaced by off-the-shelf components, but I would absolutely only use a door controller that we could push valid data too. An
Elk M1-G would likely do most or all of what we need for both security panel and door control, but we want to maintain card compatibility with the other uses.
Enhancements to come:
- Scan your card on a bill reader to pay something in cash (kind of stalled)
- Scan your card to print a name tag (halfway done)
- Scan to unlock the pop fridge (not started)
- Require a PIN as well as a card if you are the first one in or it is after, say, 9 pm (idea, not started)
Now that we have all of this, it would be really brutal to not have it.
Byron
Byron Hynes
Protospace is Calgary's original, community-based, member-driven maker space, offering access to work shop space and shared tools for your projects, in a community of passionate, knowledgeable individuals. More contact info for Protospace is here.
Join and make something!