The above video — put together by Noah, Ali & Greg, and featuring star turns by Daniel and Luigi’s phone — shows the current state of the door project I wrote about on Tuesday. It’s working pretty well! I think I still need to add a bypass capacitor to improve the circuit’s stability, but it’s certainly good enough for our uses.
But the electronics are just one part of the system. As I mentioned at the end of that last post, my colleagues did an impressive job of springing into action and building out the systems necessary to turn an SSH-accessible script into a useful interface. Here’s how they did it.
Kevin: Once Tom attached the door to our local network I took on the task of making it operable from outside of Sunlight’s office via an public-facing API. The API enables any mobile device to become a door “key” by using a native client app or, for the non-smartphone users among us, a Twilio based voice response interface.
We choose to authenticate users based on the device’s hardware ID or the Caller ID provided phone number for the voice interface, combined with a PIN number. Once the identity is verified the API triggers the latch code running on the Linksys router, opening the door. I used Django to build the API along with a small administrative interface for our HR staff to create and revoke “keys”. For sake of simplicity (and security) our API and admin interface runs on a separate server and connects with the router over our local network. However, for the minimalists out there, it’s possible to make this entire system run within the Linksys router.
In addition to offering an endpoint for the native client apps I also provided an interface for Twilio, an impressively easy to use service for integrating telephone access into web applications. Twilio’s servers receive the phone call and then request a simple XML “script” from our API describing the response. Our server verifies the Caller ID information provided by Twilio and sends back a greeting message followed by a request for the user’s PIN. Twilio then captures the key presses from the phone and submits another request with the PIN data. Assuming the credentials match, our sever unlocks the door and sends Twilio a response welcoming the user. The amazing thing about Twilio is that you can do all that with 30 lines of code. I had a prototype up and running in 15 minutes!
We’re open sourcing all our code, including the APIs and administrative interface. The Django application is available here. Keep in mind this code is for demonstration purposes only — please carefully consider the security implications of offering a web service to your door lock and understand that Sunlight Labs can’t assume any responsibility for the use of this code.
Eric: I wanted to make opening the door the simplest experience possible for Sunlight’s Android users (and we have many), so I created a native Android app that our G1, myTouch, and Nexus One owners could use. The Android app talks to the same web interface that the Twilio endpoint does, so we can keep our authentication and analytics logic centralized. The permissions are locked to a “Device ID” for the phone, which I get from the CDMA or GSM device inside the phone. In this way we tie access to individual devices, like actual physical keys.
It’s a native, Java-based application, that consists of one main screen, and one widget. The first time you want to open the door, you need to open up the main screen from the application tray, select a PIN, try to open the door with it, and fail at it. Then an administrator will see the failed opening attempt, and can enable that device and that PIN for access from then onwards. The PIN gets stored on the phone so the user doesn’t have to type it again, though the PIN can be cleared from memory if the user chooses.
For maximum door-opening convenience, a demure widget is included that will open the door in one tap, if the PIN is in memory. This takes advantage of Android’s unique desktop and widget interface, one of the best parts of the Android platform.
I’ve published the source code for the app on Github, if you want to see how it all works. There honestly isn’t a whole lot of crazy stuff going on, but finding good Android code examples is surprisingly hard, so if you want to see a basic widget or service in action, there you go.
Josh: It was very simple to create the iPhone application. Using the Titanium Mobile SDK, I was able to quickly throw together an application that would authenticate via the web service. It took about two total hours to write with the majority of that spent playing with the user interface to see what worked best and creating an icon and graphics. The application was passed out to Sunlight employees with iPhones using the ad-hoc distribution model.