Work Station Includes A Smartcard Lock For USB Ports

The USB ports on this work station are locked. In order to use a USB device you’ll need to insert a Smartcard into the reader seen above. The interesting thing here is that this shouldn’t affect your ability to charge a USB device. When you visit the link above make sure to check out the worklog tab as it contains nine pages worth of build information.

The device is conceived of in two parts. There is one board which does the USB switching, and another that takes care of the Smartcard reader. That reader is based on a PIC 16F1939. It readers the Smartcard, verifies the data, then controls the USB switching board via SPI. An ADG714 chip completes the circuit on eight data lines making up the four USB ports. There is also a mechanical relay on the board which can cut USB power. Since this is separate from the data switching, the power could be left on for charging or toggled separately by a card that has permission to charge but not to use the data ports. You can see a demonstration of the system embedded after the break.

9 thoughts on “Work Station Includes A Smartcard Lock For USB Ports

    1. Somebody set up us the ports! For great smartcards!

      This is a neat security setup. Once unlocked it’s completely out of the way.

      However all one needs to do to bypass it is get physical access to the hardware innards and disconnect the wires to and from the security hardware then connect the ports directly to the computer.

  1. I love this guy, I’ve watched a ton of his videos and find him to be very informative and pretty funny.

    If you want a good laugh look for his video on youtube by clicking the youtube button in the above player and going back in his timeline to “How cheap is a cheap power supply?” I love his description of the internal soldering of the power supply. :D

    Good stuff!

  2. The answer to “should the ADG714 be used for USB?” is “no.” The 3 dB bandwidth of the switch is only 155 MHz. It’ll work… kindof. It depends on how much margin you already have, because now you’re probably adding ~9-10 dB of attenuation. Add a long USB cable and I’d bet that high-speed USB gets really flaky.

    It’s the bandwidth that matters, not the on-resistance. For full-speed USB, you need more than 480 MHz bandwidth. (This is typically limited by on-capacitance: USB is around ~40-50 ohms single ended. The ADG714 has 22 pF of input capacitance: 22 pF on 50 ohms has a critical frequency of ~144 MHz).

    An example of a single-port USB switch that can handle full-speed USB is a Fairchild Semi FSUSB46. Sadly it’s only a 1-port, but you could also use a MAX4999 and leave half the ports unconnected.

    1. Would it be appropriate to simply use a relay on the data and power lines? There are a few 4PDT relays in my parts bin that seem like they’d be handy in a situation like this.

      1. Almost certainly a relay would be fine, but you want to check the bandwidth. Electromechanical relays are used all the time when you need to switch RF signals (like in an oscilloscope, for instance). They can be made to have plenty of bandwidth.

  3. We do something similar in Windows with a group policy. Can be done via command-line/script for *nix. +5 is still on.

    True it’s not at the hardware level, but might be more accessible to someone wanting a quick way to get close. You’d probably want to disable USB as a boot device if going the software-only route.

    1. An inline charge adapter for Apple and other devices that expect things like the data lines shorted or grounded before they’ll charge is a pretty simple thing to make.

      Plug it into a power only USB port then the device into the adapter and it’ll charge.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.