As a college student in a dorm, I usually lock my computer when I leave it. This can become inconvenient if I am leaving for short periods of time and so I looked for a more convenient solution. I wanted some token that would:

  • Unlock my computer when it was presented
  • Lock my computer when it was removed

I had already heard about RFID and so I started exploring this as a solution. I found that tags could be various different items such as cards, key chains, rings, etc... I liked this versatility and also the fact that they don't require any power source apart from the reader. I looked on Amazon and found a cheap reader (MFRC522) for about $8 (included a card and key chain). I already had an arduino lying around and so I decided to start experimenting with authentication of the two tokens I had. That wasn't very difficult due to the large amount of examples and documentation present on the internet.

Next I had to look into a way to actually use this to unlock my computer. After some research, I found that Windows implemented a feature referred to as a credential provider. This allowed any third party software to register their own credential token for the logon screen. I couldn't find much documentation on how to do this but I did find some examples provided by Windows. I experimented with these for a while and eventually got to a point where I had a separate thread running and I could call a specific function from this thread to unlock the computer.

From here, all I had to do was add my own authentication that determined whether or not to unlock the computer. I communicated with the arduino over usb serial. It was a simple matter to pass the UID of any present tag to the thread running in the credential provider and check it against previously registered UID's. If the UID had a user association, that user was logged in.

This addressed unlocking my computer, but I still had to lock it. Windows API includes a function to do this. The only requirement for this function is that it is called by a program which is running on the interactive desktop. This means that services were out and so was starting a monitoring program from the credential provider as it ended. My solution was to use Windows Task Scheduler. I wrote a simple program that monitors present tags in the background and locks the computer if the authorized tag is removed. Task Scheduler opens this program anytime the computer is unlocked by a registered user or a registered user logs in.

I then designed and printed a simple enclosure that holds the Arduino and the RFID reader. It also has a card slot next to the reader so that whenever the card is entered, the reader can read it. My enclosure was 3D printed (red-orange in the picture)

GITHUB: https://github.com/enragedflamingo/RFID-Secure-For-Windows