All I Want for Christmas is a 4-Factor Biometric Lock Box

It’s the most wonderful time of the year! No, we’re not talking about the holiday season, although that certainly has its merits. What we mean is that it’s time for the final projects from [Bruce Land]’s ECE4760 class. With the giving spirit and their mothers in mind, [Adarsh], [Timon], and [Cameron] made a programmable lock box with four-factor authentication. That’s three factors more secure than your average Las Vegas hotel room safe, and with a display to boot.

Getting into this box starts with a four-digit code on a number pad. If it’s incorrect, the display will say so. Put in the right code and the system will wait four seconds for the next step, which involves three potentiometers. These are tuned to the correct value with a leeway of +/- 30. After another four-second wait, it’s on to the piezo-based knock detector, which listens for the right pattern. Finally, a fingerprint scanner makes sure that anyone who wants into this box had better plan ahead.

This project is based on Microchip’s PIC32-based Microstick II, which [Professor Land] starting teaching in 2015. It also uses an Arduino Uno to handle the fingerprint scanner. The team has marketability in mind for this project, and in the video after the break, they walk through the factory settings and user customization.

We have seen many ways to secure a lock box. How about a laser-cut combination safe or a box with a matching NFC ring?

23 thoughts on “All I Want for Christmas is a 4-Factor Biometric Lock Box

  1. It would be more secure to not tell the user which step is wrong. Even if the passcode is wrong, it should still make the user go through the other three steps before saying “access denied”, with no specifics about why.

    1. That was my first thought. I once worked in an office containing equipment and documents classified “Secret” and above. At night it was secured only by a cipher lock with ten buttons, of which you had to press four in the correct order. But you could HEAR a relay click as soon as you hit a wrong button, and it only took a few seconds for it to reset, which you could ALSO hear. The first time I got locked out because somebody changed the code and I hadn’t read the memo, it took mw about two minutes to get in.

  2. If we want to be pedantic here (and this is HaD, so that’s almost a requirement) this is still a two factor system. The fingerprint is something you have. Everything else falls under something you know. Its not any more or less secure than a fingerprint + password setup. An additional factor could be an externally generated key of some kind (like a ubikey), which, while TECHNICALLY is something you have, falls outside of the biometric “have” for me to count it differently. THAT BEING SAID… awesome project, and great demo of the skills for this class!

      1. No, that’s how the counting is meant to happen; this is a two-factor box. It could be 3-factor if it required a physical key, which could include things like an NFC card or U2F dongle.

        It is a 4-credential box; it is not 4-factor.

        1. That’s how I counted it. When I clicked on the article the only thing I had to stop and think of what the 4 factors could be. The only thing I could think of was Something you know, Something you have, Something you are, and some place you are. It looks like multi credential, 2 factor authenticated to me. Still cool, but not quite the

      2. Knock pattern = something you know
        Code = something you know
        Pot settings = something you know
        Biometric = something you are

        Count the number of *distinct* classes of factor. There are only two. By definition, that’s how the counting works. Knyghtryda is correct.

    1. ideally one would add a one time password, we use that for all online financials here combined with a static password and or sms authentication, makes it practically impossible for anyone to get access to your bank account without extensive physical access.

  3. I’ve got patent ideas for timed lock boxes. Does anyone know of some being marketed. I’m frustrated that patent searches aren’t easier; especially having pictures. Say, where is Gravatar based? . . . (Oh, axe gets boom) . . . Thanks

    1. Ask your local bank. ;)
      Some business have boxes that only unlock at a set time as well. If you try to open it up, even with the correct key/code, an alarm can be set to go off.

  4. This is cool, However I wonder how it would fair against an EMP device, Perhaps having one of the steps being purely analog as in mechanical would help prevent this hypothetical defeat.

    1. The electronics could easily constructed, that it shorts out in a case of any overload and does not activate the lock.

      But I also wondered, why the electronics and the stuff are located mostly outside the box – probably because the wood would not provide any added protection.
      If only there were a material which would protect against electric and magnetic fields and provide some mechanical resistance. It should be ferromagnetic and conductive and hard/tough. Does anybody know a possible material? :-)
      .
      .
      .
      .
      .
      .
      .
      .
      Perhaps you could use steel?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s