This week I have finished writing the NFC reader code and the host card emulation code. Both work well, and the reader can retrieve a simple token from the phone, which I designated as “1234321” (registering a phone ID is not implemented yet). The reader code basically does 3 things: (1) set up the connection with the pn532 chip using the i2c ports, (2) send and receive information between the pn532 and an Android phone, and (3) send this information to an AWS server using a web socket connection. The sending and receiving of information on the pn532 works by sending a packet called APDU to the phone, which the phone will the use to find what type of request it is, and send back a response APDU to acknowledge or respond with data. Because we only have one type of data (just the phone ID), we decided to just have one exchange (select application->phone ID), but this will be changed later. The response is therefore just the phone ID. A typical smart card reader execution will send a first APDU to select the application (phone responds with success), then another APDU to retrieve any type of data from the phone (phone responds with data). This will be fully implemented today or tomorrow.
To clarify, for our MVP, we simply request a phone ID from the raspberry pi, and send this ID to the server for authentication. The raspberry pi will request the server to authenticate this ID. If the server has this ID in the database, then it will respond with yes, otherwise no. This is a simple implementation, but obviously more layers of security will be added in the coming weeks.
The web socket is done in C. Originally, Michael had code written in Python, but that would mean I would need to start 2 processes and have some sort of inter process communication using a file or stdout. This is not ideal, so I decided to rewrite the client side program in C, which does a simple socket connection and send and receive commands with the APDU response from the phone. The client server code is not completely finished yet, but it should be done by today or tomorrow.
This week is mainly on schedule if I can finish the client server code by today or tomorrow. The only missing work is to implement more security, but I expect to combine that work with the work I had planned for next week (UI development, which should not take long).