Windows Logon, your input welcome!



  • @GeronP said:

    Love the idea, unfortunately there doesn't seem to be an NFC reader that I can practically use with my Surface Pro. If suitable hardware turns up, I would happily back this.

    Yeah it really annoyed me that Microsoft didn't include NFC, there is even a Damn NFC receiver built into the wireless chip-set but they intentionally disabled it.

    I hope that they do better next time round :(

    The only option is a very small USB nfc dongle, however I have yet to see one small enough that you could leave it plugged in permanently, Alternatively maybe one could be added if it were small enough to fit inside a micro SD card.

    like this http://www.rfid-blog.com/?p=649



  • Hi,
    I'd pledge for that, but to be honest if you let me know what usb nfc dongles you'd like to try out, I can have a go at writing the software myself (happily give it away / open source it under any license). I'll buy a few dongles to try out and I also have some nfc arduino bits already.
    I've been a .Net dev for like 12 years now? and just getting back into cross-platform C++ (if you wanted to try for OSX / linux support).
    Also $60 an hour is a good contract rate for your dev. That is the cost of having someone do it as a job instead of a hobby I guess.
    Maz


  • Community Helper

    arc122 is one of the common ones that are readily available, and works well with all the rings.



  • @Lokki
    Cheers. Do you know if any retail stores here in australia stock it? I'm moving countries soon and don't have time to wait for it to ship internationally. Otherwise i'll pick up this project again in a few weeks.


  • Community Helper

    I got my current one off ebay, shipped express and received in 2 working days - haven't seen them in stores though.



  • @Lokki
    Done and done. Hopefully they actually ship it when they say they'll ship it. heh.


  • Community Helper

    Hopefully yeah! Ordered mine just before NYE and received it yesterday. Pretty impressive really, for AusPost.



  • @Lokki
    does their software attempt to hook into windows login stuff at all? Worst case the ACS API looks okay and we can make a credential provider and register that in windows.


  • Community Helper

    The software I'm testing at the moment is an enterprise product that hooks into the existing windows login.
    It's a little clunky, difficult to set up and is definitely not aimed at the casual consumer. I'm also having a few other issues that I might talk about later.



  • I just got home and found my arc122 waiting for me. i'm basically bedridden for a week so it'll give me a chance to start tinkering away with it. got any advice or suggestions where to get started with it? Might just save me a bit of time. Otherwise i'll see how i get on with making it lock / unlock windows.
    Maz



  • Okay. So I've just spent some time to create a custom credential provider for windows 7, 8, 10 etc and I have code that talks to my ARC122U reader (all in C++).
    Security... If i do it based on the ID, copying the NFC ring would allow someone else to access the machine.
    If i store a certificate on the ring (I should be able to fit one), then I'd need to create a C# UI that streamlines the registration / certificate creation process (if possible, i havent actually tried this yet).
    My question is, how secure is this expected to be?

    my vm's lockscreen...
    Lockscreen.jpg


  • NFC Ring Team

    @maz_net_au oh wow that is amazing!!

    If you peep the campaign preview we kinda talk about security. Basically storing anything on the NDEF record should be an optional step that if people want to do, they can.. Source: https://www.kickstarter.com/projects/mclear/526261309?token=201aa2e8

    It sounds like you are developing this thing for real.. Did you want to do this, like, for real? We had a dev lined up but if you are up for it we'd be happy to chat with you if you are doing this as an itch to scratch anyway :)

    Can't hurt to be paid to make what you want right?



  • @johnyma22
    I was hoping to get a proof of concept going today but given that its 11pm i might not finish it tonight.
    If I can get it working then I'm happy to turn over all the code for free with whatever license you like. I have a good job with Fove Inc already and don't need any extra pressure right now. I'm actually at home sick this week (recovering from some minor surgery) but it's so dull I thought I'd do a bit of code (even though the painkillers add an extra challenge).
    I'll keep updating with my progress here and you can decide if you'd like your dev to start from scratch or if they can use my code to help a bit.

    So far I have the credential provider showing, and when the user selects the NFC Ring option it connects to the first card reader and pulls the UID off the card there. Now I'm trying to find a good way to compare that with a registered ring's value and then pass a credential across to windows. The C++ documentation around ICredentialProvider is pretty frustrating. AFAIK there isn't a good way for .Net to access these API's without wrapping a C++ dll.
    Maz



  • On the upside the older gina api is even more frustrating...



  • @Engarde
    Haha. Yeah. I'm not even going near that. If you're still using XP then too bad :P



  • For my sins I've had to work with different generations of a number of their APIs, and the one thing they appear to never learn is to improve the docs.
    I blame the summer interns that get tasked to write them...



  • @Engarde
    I just found a useful set of examples for vista. If I merge that with the code I've already got I should be able to actually get this working tonight.
    https://www.microsoft.com/en-us/download/details.aspx?id=4057#Overview



  • A ten year old example might confuse you more than aid you, but good luck.



  • BAM!
    Hard-coded proof of concept working...

    So,
    I can potentially store the CredProtectW protected credentials on the NFC ring itself so that way I dont have to store the users details on the filesystem of the machine they're logging into. Or do we want both options?

    I'm learning all about NFC as I go so forgive me if I don't know what I'm doing on that side of things.



  • Just in case anyone wanted to see I made a terrible video.
    This is just a proof of concept!

    I think I'm the only person in the world who can easily log on to my home desktop PC with an nfc ring right now.