Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Hardware Hacking Security

Unattended Equipment Loan System? 63

Posted by Cliff
from the break-free-from-the-checkout-desk dept.
captnitro asks: "I run a small media lab for a department at a large public university. We have about 120 faculty and and equal number of graduate students who from time to time need things like digital cameras, video equipment, projectors, EyeOne units, and so on. (While there is a central location on campus for students, faculty and staff to get some of this equipment, we stock a few specialized pieces that our faculty need.) Since I'm out of the office a lot, I'm looking for a clever way of loaning out equipment that doesn't involve me being there and is secure enough that our administrators deem it "theft resistant" enough to implement. I've looked into small safes with PINs, or card readers (all faculty have IDs with magstripes), blah blah blah, but most of these are prohibitively expensive, so I'm thinking of hacking something together myself.. though I have no idea how I'd do that. Any thoughts?" Solutions could range from the clever and mixed tech (cheap locked boxes with combinations sent through encrypted e-mail), through high tech (use of the existing ID cards system) to unlock delivery boxes. If you were going to set up a system like this, how would you do it?
This discussion has been archived. No new comments can be posted.

Unattended Equipment Loan System?

Comments Filter:
  • leave the keys with security, who are there 24x7. get them to authenticate (i.e. look at their ID card) and unlock the kit.
    get them to sign an agreement that their department gets billed if they bring it back late, as well.
  • RTFS! (Score:4, Interesting)

    by biglig2 (89374) on Friday February 25, 2005 @06:12AM (#11775552) Homepage Journal
    Did you read what he was asking at all?

    He wants to have the equipment available to people who have authenticated themselves.

    If the people abuse it after that, it's a seperate problem.

    By your theory, we should secure our boxes by delting all the accounts, since if you have an account a bad person might log in and do something bad to our box!

    • Re:RTFS! (Score:3, Insightful)

      by gstoddart (321705)

      He wants to have the equipment available to people who have authenticated themselves.

      If the people abuse it after that, it's a seperate problem.

      Well, I seriously doubt you're going to get a long-term viable solution that leaves it up to the honour of the people if there is no-one in attendance.

      I know that even in corporate offices where you need a swipe-card to get into the cube farm, things will disappear from peoples desks. When your co-workers might steal your laptop, an honour-system for borrowing t

    • who are you replying to? you should quote - apparently slashdot deleted the comment you're replying to
  • Pay Someone (Score:5, Insightful)

    by miyako (632510) <miyako&gmail,com> on Friday February 25, 2005 @06:29AM (#11775603) Homepage Journal
    Seems to me that the easiest solution would be to higher someone, say a student, to work checking stuff out. Any sort of authentication system that's based on the id cards is suseptible to theft if someone steals someone else's id card. Having a system where someone can email a request for equipment might be workable, but I suspect that it would end up costing quite a bit of money just for that many safes, plus the hassle of resetting the combination every time someone checks something out. One thing you might consider is just putting a card reader on the door that's tied to the lock, and then putting a security camera in the room. Even if you don't have the time to actually go through all the tapes, being on camera can be somewhat of a deturrent.
    Also remember that any system you implement to check out equipment also has to make it easy to return equipment. This means that automated solutions need to not rest combinations or whatever until the equipment is returned.
    Also, if you choose to go with a technology solution, remember that even if it seems expensive, think of the cost of the equipment that could be stolen, or the cost of paying someone to man the desk.
    • Re:Pay Someone (Score:3, Insightful)

      by bbrack (842686)
      The school I attended had a 3-4 people that could check out projectors/laptops/etc.

      The first was sys admin for the department's computers. The others were the 2-3 students that ran the stockroom (EE, so all the students needed to check out scopes/supplies for their labs).

      Even if your department doesn't already have students working in this capacity, if the department you work in has >120 faculty, it should not be difficult to justify a $5/hour student assistant.

      For checking things out, it was a simp
    • higher someone ... to work checking stuff out.

      I dunno if it's possible; that job sounds pretty low on the totem pole, so to speak.
  • I guess they could be used to track the movement of your equipment.
    • they could be used to track the movement of your equipment.Yes, if you can get a reader within a few feet of wherever a would-be theif has stashed it. RFID tags work well to tell when they move from a secure location through a sensor equipped door. Once you get out into an open area, like a college campus, they disappear for all practical purposes.
  • Q-cat. (Score:4, Insightful)

    by Neck_of_the_Woods (305788) on Friday February 25, 2005 @06:33AM (#11775613) Journal
    You guy remember those? I have seen many ways people have used them to do inventory.

    http://cuecatastrophe.com/mirrors/Default.asp?pg =3

    I would do a 3 step process here. I will assume you have mag strip access to rooms on these cards. Should not be to much of a strech to have one set up on a storage door for access. Here you have a access control list for that door and limit your pool of people with access.

    Then barcode all the equipment, set up a little web site that allows people to "request" to check out a piece of equipment online. Use the qcat, after getting past the access list for room access at the door, they scan the piece they are checking out. This time stamps the equipment for you as a check out and return. When they return the equipement they scan it again, and this removes it from the webpage as a "checked out" iteam. Thus giving a running list on the website of things that are "in".

    Finally, set up a cheap webcam (thinkgeek has for 200 that is ip based with webserver) to write to disk on a computer in anouther room. This is your safty net for "nothing was scanned, but we have billy bob on tape slinking out with the digital camera. Here are the door scan logs from 12:03 am, and here are the logs where he did not scan it out. Also, he did not request this iteam via the web page. Get a ROPE!"

    I think this pretty much covers your ass, gives them access to the equipment, and allows for an automated check in, check out, and what is "in stock".

    Best of luck.
  • RFID the equipment, sensor at the door to log in/out, card reader to get into the room.
  • Low-tech solution (Score:3, Insightful)

    by Tux2000 (523259) <<alexander> <at> <slashdot.foken.de>> on Friday February 25, 2005 @06:45AM (#11775660) Homepage Journal
    Get an assistant (some first-year student), and pay him a few bucks for doing your job.

    Tux2000
    • Re:Low-tech solution (Score:2, Informative)

      by biryokumaru (822262) *
      dude, as a college freshman, i can whole heartedly say that that job would kick ass, and i'd do it fer just about minimum wage!
    • This is precisely the sort of thing that the phrase "student employee" was coined for. You don't need to pay them much, because for the most part they'd be doing their homework, surfing porn, or whatever else they'd be doing during that time. So you get a cheap but intelligent "authentication and monitoring system", they get a few extra bucks for beer and pizza, the folks checking stuff out get more personal service than some goldbergian encrypted-keys-and-biometrics system... everybody wins.
  • it can be done (Score:3, Informative)

    by jjshoe (410772) on Friday February 25, 2005 @07:02AM (#11775715) Homepage
    Yes, find the problems with what he's asking and completely ignore the question.

    Parts
    1) Magstrip reader (no link) -- used to read the id of someone at the door
    2) Computer (no link) -- used to tell who is at the door.
    3) Electronic door strike (http://www.audioimpact.net/EDS300_EDS300_ELECTRON IC_DOOR_STRIKE.asp [audioimpact.net] -- When validated by the pc current is sent to the door strike to unlock the room
    4) Webcam (no link) -- takes pictures of whoever is entering using motion sensing software

    Issues -- power outage -- room remains locked. Entrance can be aqquired by using a key.

    Issues -- Damanged equipment -- look at who has checked it out last by checking the mag stripe log and the webcam.

    Issues -- Damaged equipment -- "Someone before me broke it", make it well aware that they should test it BEFORE they leave the room with it.
    • Re:it can be done (Score:3, Insightful)

      by jim_redwagon (845837)
      Exactly, let's call someone lazy or some other cynical comment instead of actually coming up with something cool and fun to talk about.

      It's not like he mentioned Microsoft. ;-)

      I personally like the home built approach. Why not have a locked room that can be entered by swiping University ID (these must be in place already in the school). Lockers containing the items to be loaned with magnetic locks line the walls. (Maybe include RFID tags as backup?) Someone out there I am certain can write a simp
      • RFID still uses electricity. Passive tags need to get power from the reader.

        benefits) Each individual item is checked out
        drawback) AV equipment and the medium it uses probably shouldn't have exposure to the electromagnet that would keep it locked into place.

        admittly i don't know much about the electromagents that are used in door locking situations. wouldn't a power outage cause them to let go?
        • Depends on the type of door and they type of lock. Most doors with true magnetic locks (Electromagnet on metal plate) are entry/exit doors. They use a 120v relay coupled electromagnet to pull on a metal plate on the door frame. This design works well for entry/exit doors, because when depowered, it leaves the door open, for people fleeing from a fire, going home, etc.

          Most other "magnetic locks" are mixed electromechanical. They use a permanent magnet to hold the door plate, and a 12v solenoid to move the m
      • Hit a Submit button and VIOLA! (that's waaaa-laaaaaaa to you) the magnetic lock opens and hey! i can pick up my piece of equipment 24/7.

        That sounds like you're picking up a small stringed instrument in the Music Department (not the French Dept.)

  • by Kris_J (10111) * on Friday February 25, 2005 @07:06AM (#11775726) Journal
    The books have a magnetic security strip and a barcode. You have a swipe-card (I think with a barcode too). You swipe your card, scan the book and the machine then demagnitizes the book. If you don't check it out, the alarm goes off at the door.
  • Solution (Score:4, Funny)

    by Stargoat (658863) <stargoat@gmail.com> on Friday February 25, 2005 @07:24AM (#11775773) Journal
    A .45 and a reputation.
  • by unitron (5733) on Friday February 25, 2005 @08:15AM (#11775964) Homepage Journal
    Yes, I know you asked for an "unattended" solution, but I'm sure that your university is already paying lots of money to run a library where people can go to check out other stuff, so make your stuff part of what people can check out at the library, provided, of course, that they can prove to the library staff that they are authorized to check out these items. Transfer a small amount of your department's budget to the library to cover their extra expense and it'll probably be by far the cheapest way to go and you get to take credit for saving them a lot of money.
  • Student Workers (Score:4, Insightful)

    by Wog (58146) on Friday February 25, 2005 @09:43AM (#11776846)
    I'm one of the two staffers for my University's Instructional Technology and Campus Media Office (Whew!) and all I can say is: student workers. We keep 10 or so around for 6-10 hours per week. They take requests, make equipment deliveries, and generally follow our every nefarious whim as far as checking out equipment. The university pays them tax-free $5.25/hour. They love it because %90 of the time they can sit and do homework, surf the web, etc.

    It's great for us because we're free to work on more involved projects without worrying that Dr. Smith isn't going to get her LaserDisc player on time. Student workers are also neat to have around.. We maintain a very casual, but very efficient, atmosphere in the office.

    While what you're doing MAY be possible without human help, I get the feeling that any automated solution will cause you to spend more time babysitting it than doing your job.

    Good luck, and don't forget to change the air filters on those projectors!
  • I saw a presentation by Gabriele Wienhausen [ucsd.edu] (provost of Sixth College at UCSD) about their "digital playroom". I couldn't find a page for it, but did find a press release [calit2.net] about Sony donating a bunch of stuff.

    Basically it's a room that students need to swipe their ids to enter. Once inside, they've got free access to camcorders, digital cameras, lots of computers, etc. I think it's unattended, and open very long hours (24/7 during finals).

    The key is making the students feel like the equipment is their

  • While this may sound like a neat project, there's one fundamental problem: You can't assign responsibility for damage. Suppose 3 people check out an item over a week. When the manager/IT guy/whoever checks it and notices damage, how do you know who did it? Obviously, if someone does something apparent, the next user will notice. But even then, the person who broke it can simply say, "Yeah, I noticed that when I checked it out. I forgot to report it."

    You still need a human to check stuff in and out and veri
    • What I and a lot of others are missing from the original post. He's not looking for fool-proof. He said 'theft-resistant' for when he's not in his office.

      I think you can do a lot here. I posted ealier about the lockers and the software package. After an item is returned, the poster (or to make you happy a work-study student) would go in and inspect the item, make sure it is in working condition, or track down the last user. He could then update it's status so the next person who takes it out knows t
  • RFID tags are now pretty cheap, and available in stick-on rolls. RFID readers ditto. Your people have swipe cards. Now:

    Person with swipe card operates the door to the hitech store room with their swipe card. PC records their entry. Person takes piece of gear with an RFID tag in it and swipes card to exit. PC records their exit, and RFID reader records the RFID of whatever gear they just took out.

    Yes it's still possible for a second person to get in when someone else opens the door, or someone could
  • by Linuxathome (242573) on Friday February 25, 2005 @11:15AM (#11777925) Homepage Journal
    Sounds like you could use an internal website with a calendar to schedule [google.com] loan times. In fact, I was looking into such a system for my department. Unfortunately, google is inundated with non-open source (read: non-free) software. But if you find one that suits you (or develop a site yourself) you could advertise the "office hours" when you will be there for equipment pickup and allow people to login and sign up for equipment in available time slots. That way, you have a digital record of who has what AND it's automatically logged and blocked off so others can work their schedule around it without involving you (that's the most important part). Make it a policy that if they haven't logged their loan request in the system, then they can't take the equipment. If you have the site developed well enough, then with this policy you minimize ID fraud since the criminal not only has to have the right personal ID card, but the would have to know the login and password for the appointment system.

    I realize that I haven't given a suggestion on how to NOT be there in person when lending the equipment out, but I'm in line with the other suggestions that you should hire an underling to do it if you can't do it--that's most cost effective.

    In my university, the IDs are now smartcards. Assuming that you also have this system, you could possibly use a smartcard reader for access to a secure room (ask the facility staff to do this). A smartcard reader [google.com] on a PC with a barcode reader (to scan a barcode on the equipment, you do use barcodes for inventory management don't you?) could possibly be used to log the actually equipment transaction without you being there, but that's still insecure and takes staff training, yuck.
  • I've looked into small safes with PINs, or card readers (all faculty have IDs with magstripes), blah blah blah, but most of these are prohibitively expensive, so I'm thinking of hacking something together myself.

    I have no idea what the cost situation is, but have you looked at the sorts of lockers that are (or were, at least before 11 Sept 2001) common in airports and train stations? Not the "drop a quarter in and take away the key" type, they've been around for 50 years or more. Rather, the ones that

  • I don't think there's a good solution for equipment of the value of the equipment you're talking about.

    If you were loaning out stuff that was all worth less than a hundred dollars, I'd have something like this: card swipe on the door, camera watching the whole room and another camera for closeups (both record 24/7 to disk), and electronically closeable rings on shelves. To loan the equipment, just swipe yourself in and pick it up. Your card swipe will unlock the equipment you've booked. Show it to the cl
  • I'd set up a Linux koisk with a phisically secured connection to lock boxes. Mirror trusted users' data from your university's existing authentication server for authentication. Just make sure to set up your firewall to not accept any external connections.
  • I don't know whether your job description would allow this, but you could have a system of "office hours" for checking out and returning equipment. Say something like you'll be in the office from 8-9 in the morning and then again from 4-5 in the afternoon (and maybe during lunchtime too). People can submit their requests by E-Mail or other means ahead of time and you'll have it prepared the next morning, or they can come in during the appointed office hours to make a request in person. Professors do this
    • Our cinema department has something similar to this set up for checkout of cameras, editing equipment, etc. There's an 'edit cage' which is open during set hours (9-11, 12-2, 4-6) and staffed by student workers (not sure if they actually get paid or just get credits). Professors & Grad students (who are apparently more trustworthy) have the keypad code to the door, so they can get/put back stuff whenever (I'm sure there's a camera as well). Everyone else fills out a form of what they're checking out
  • But, my off the wall idea is similar to the chains on shopping carts.. around here, you insert a quarter, or some places, a #'d tag into a slot, and the lock pops open, they are mainly used to keep carts from flying all over the lot..
    --you don't get your quarter back until you put the cart into another cart or other spot with available chains... they don't have to be quarters.

    Do these devices have kensington slots? run the cable on the kensington slot (or weld some cables on) and issue unique tokens/ke
    1. Find a student employee that you trust, better yet, find a couple.
    2. Lock the equipment in a cabinet with the only people having keys being you and those whom you trust.
    3. Set up a system whereby everyone who wants to borrow the equipment has to sign it out with either you or one of those individuals whom you trust.
    4. Make sure that you get a copy of some photo ID of them and make them sign a document stating that they take full responsibility for any damages/thefts of the equipment (kind of scares them into tak
  • I realize I'm a little late here but I did implement a system a while ago, that you may find interesting.

    Basically, we needed a way keep track of what employee used what vehicle out of the company car pool at what times (some trusted employees are supposed to have access to the company cars for official business).

    I had a safe installed in a dedicated room, inside the office. All employees have RFID and/or swipe cards for access control to the building. There's a seperate card reader that controls access t

Excessive login or logout messages are a sure sign of senility.

Working...