RFID Login to Ignition

Anyone out there implemented or playing around with RFID login in Ignition? I just started my adventure in it but would be interested in sound boarding with someone.

It wouldn’t be too difficult. First thing, you would have to bypass our login screen and make your own. That would be the first window set to open on startup. From there, you can just listen for a tag value to change and based on the number you call:system.security.switchUser(username, password)Of course this means you need to have empty passwords or know the passwords ahead of time. Hope that helps you get started.

Hi Travis,

What do you mean by "Empty passwords"?

Thank you.

In order to switch the user you must know their username and password. You probably don’t want to hard code passwords into the system, so it would be best for the password to be blank/empty when you create the user.

We don’t have great support built-in for RFID logins. This is something we are looking at. While it is possible right now, it doesn’t provide the highest level of security since the credentials are known.

Thank you for the response Travis.

That's the concern. The security. We certainly don't want to hard code the credentials or have blank passwords either.
I was wondering if there is away we could just read the rfid tag or a unique passcode and compare with the AD account credentials and auto login or something like that.

Having this feature would really be great, easy and faster logins with security. Great to hear that you guys are working on that.

Thank you Travis.

RFID tags are not going to be secure until they have embedded public/private crypto implementing a challenge-response algorithm. Something like that used in modern "chipped" credit and debit cards. Anything less and the RFID can be spoofed at multiple points in the communications chain.

The big hurdle, as I understand it, is the power requirements for the computation. It seems to be out of the reach of passive RF power at more than contact distance. The debit/credit cards that support tap-to-pay are an example.

Yes. You are right @pturmel. Thanks.

There are safe RFID cards and readers (like the upper Mifare class). The problem is that, to pass it into Ignition, you need to go over text, so you need to handle all cryptography checks on the client, which defeats the purpose of the cryptography.

The disadvantage of those readers is that you need a driver to communicate, and that driver should run on a securable machine (like a server), or should use further cryptography to communicate with the server. It doesn’t work with readers just acting like USB keyboards.

On the places where I use RFID logins, I provided a separate database user source. The RFID tag is considered the password (with some known modifications), and on reading the tag, I search the username in the database, and log the user in. However, due to how easy it is to read the card with an external reader, apply the modifications, and type in the result. I don’t consider it safe, so I limit that user source to the operator level.