Development of Intelligent Door Lock System for Room Management Using Multi Factor Authentication

Abstract is a synopsis of the work containing the problems studied, the purpose of research, information and methods used to solve problems, and conclusions. Articles must be submitted in print-ready format and are limited to a minimum of ten (10) pages and a maximum of twelve (12) pages. Abstract is a synopsis of the work that contains the issues studied, the research purpose, the information and methods used to solve the problem, and the research conclusion. Abstracts are limited to 200 words and should not contain references, mathematic equations, figures, and tables. The font size for abstracts, keywords, and body of article is 11pt.


INTRODUCTION
Room management encompasses various practices to ensure room security and restrict access to authorized individuals [1]. Its primary objective is to safeguard valuable assets and deter unauthorized entry into the room. Managing a large number of rooms can present significant challenges for room management. As the number of rooms being managed increases, the complexity of tasks such as limiting who can access the room also increases.
Room management with conventional locks has limitations such as each room has one key, and the key cannot be used in other rooms. The number of keys to access each room will increase the risk of lost keys so that the room cannot be accessed [2]. Another problem arises when finding the right key for a room, the key search can take a long time. Conventional room management also requires someone to keep watch and provide the keys needed, humans have limits to stay awake and active, this will impact the limited time that can be used to use the room. Research [3] highlights the inadequacy of conventional door locks in effectively identifying unauthorized access. Furthermore, it reveals that such lock systems are prone to reliability issues, which can compromise the overall security of the managed room. In addition, research [1] [4] further emphasizes a significant weakness of conventional door systems: the vulnerability of keys to unauthorized duplication by unscrupulous individuals. This susceptibility raises concerns about the reliability and integrity of the room management system, potentially compromising the security measures in place. Problems with conventional doors can be overcome with an automated smart door lock system. Smart door lock systems have higher security, are adaptive, flexible, and reliable in various conditions of use (can be used in homes, offices, campuses, health facilities, etc.) [5]. Several studies have been carried out to make this smart door lock system. Devices Description [4] PIR motion sensor, MG995 Metal Gear Servo, ESP32 Camera, NodeMCU ESP8266, Blynk application Doors can be opened using virtual keys in the Blynk app. If the motion sensor detects movement, the video streaming process begins. [6] Raspberry Pi, Webcam, Solenoid Lock, 5volt buzzer, Relay Module, power supply 5 V dan 12 V, Open CV, Python The camera takes a face image, the Raspberry Pi will validate and then take action, namely opening or closing the door [7] RFID (RDM6300), Arduino, Ethernet Shield, Arduino reads RFID data, sends data via ethernet cable, and then stores the card ID in the database. [8] Raspberry Pi, RFID reader, keypad, LCD, electromagnet, solenoid EM, power supply 12v, relay, DC power jack RFID-based door lock system with OTP-based technology to provide high-security solutions for households. In this device, OTP is generated for door access, and this OTP will expire after the given expiration time. problems if the number of users continues to grow. In this study the testing process was carried out on 14 samples of user faces, of course this cannot represent the number of real users in the field which can reach thousands of users. Problems that occur can be in the form of lengthy authentication processes or authentication process errors. An accuracy rate of 94% can also be a threat if the user gives access to the wrong person.
Research [7] [8] uses RFID technology to authenticate. The card validation process works relatively quickly and precisely compared to the face recognition process. Research [8] added the OTP code as an option to access the room. Research [7] has not implemented a room management process, the system only keeps logs of card use without special access settings into the room. Based on the things that have been stated above, the formulation of the problem that is used as the focus of the irrigation system being built: a) How to come up with a smart door lock system that can do room management b) How to present a smart door lock system that can work quickly.

Research Phases
To realize a smart door lock system that can solve conventional lock problems, a smart door system must have characteristics such as reliability, capable to verify and limit visitor access, and have interactive user interface and easy to operate. To achieve these objectives, this research will be carried out in several stages as shown in the Figure 1.

2.2.
Problem Statement An in-depth literature study showed that conventional door lock systems suffer from significant limitations, including compromised security and the inability to authenticate users effectively. Thus, this research endeavors to address these shortcomings by prioritizing the development of smart door systems capable of proficient room management. The primary objectives encompass restricting access to room visitors and ensuring the systems operate swiftly and efficiently. By doing so, the research aims to provide enhanced security and seamless functionality for optimal room management.

2.3.
System Design The smart door lock system will have the ability to perform room management. Room management will be carried out based on access cards. The access card will be read using the Radio Frequency Identifier (RFID) module. ID card data will be stored in the database. Administrators can grant access to cards to access certain rooms. Figure 2 shows the architecture of the smart door lock system. The smart door lock system consists of 3 main modules. The first module is a sensor module. This module has the ability to read RFID cards and receive input from the keypad, besides that, this module provides information about the validation status through the display. The second module is the power supply module, this module functions to lower the voltage and regulate the current flowing to the magnetic door lock, this module has a touch button, which functions to send a signal to the microcontroller to cut off the power to the magnetic door lock. The last module is the actuator module which contains a magnetic door lock, which holds the door so that it cannot be opened. The list of all components is shown inTable 2. The smart door lock system has two modes. The first mode is the check-in mode, and the second mode is the registration mode. Check-in mode is the default mode when a new device is turned on. This mode serves to authenticate users who want to enter the room. While the registration mode is a mode for registering a user card into the system. To change mode, the administrator needs to change mode and enter the device pin. When the pin entered is correct, the device will change mode.  Figure 3 shows the card registration process. Cards that can be registered are cards with a radio chip at a frequency of 13.56Mhz, the user needs to see the administrator to register the card. The administrator must turn the device into registration mode by entering the pin. After the device mode changes, the user is asked to enter six pins, and then the administrator attaches the user's card to the device. The device will provide information on whether the card was registered successfully or not. The card failed to be registered if the card has been successfully registered before.  Figure 4 shows the process of setting access to the room. Users can see a list of available rooms and then send a request to access the room. Admin can see a list of users who request access to the room. Admin can reject or approve user requests. If the admin approves the user's request, the user can access the previously requested room.
The user's card has a few security features. This feature is available to ensure the security of the user's card. This feature is multi-factor authentication (MFA). MFA is a system that uses two or more different factors to authenticate a user, MFA provides two ways of verification, one of which uses a physical token, such as a card, and the other is usually memorized, such as a security code [9]. MFA aims to protect the system from unauthorized users, MFA also increases the level of security and allows the implementation of identification, verification, and authentication to ensure user authority, indirectly reducing the risk of malicious attacks [10]. In this research, MFA is a feature that makes access to a room require a pin and an access card. Figure 5 shows the process of entering into a room. If the user activates MFA, the user must enter the pin and tap the access card. If the user doesn't activate MFA, they only need to tap the access card.  and other. This study will use a device-to-cloud (D2C) communication strategy. D2C is an architecture that provides a two-way connection between IoT devices and cloud services to send information or send instructions [17]. The smart lock system will send data using HTTPS technology This display has a 128x64 dot matrix panel resolution, on-chip for COG and COF, row remapping and column remapping. This OLED display also has an operating temperature range of -40°C to 85°C, programmable frame rates and multiplexing ratios. The display matrix has a maximum OLED drive voltage of 15, a maximum segment source current of 100µA, a maximum sink current of 15mA, and 256 steps of current control brightness contrast [21].

TTP223
Touch sensor that will send information to the microcontroller to cut off the current to the actuator.
This touch sensor has an operating voltage of 2.0V-5.5V, provides low power mode, direct mode switch mode with pad option (TOG pin), and lifetime auto-calibration. In low power mode, the recalibration period is normally about 4s and about 16s from key release. The TTP223 has a maximum response time of 220ms in low power mode and its sensitivity can be adjusted according to the capacitance (0-50pF) outside [22].

TIP41C
Transistor that functions as a relay to disconnect or flow current to the actuator.
The specifications of the TIP41C transistor include the TO-220 package type with the NPN transistor type which has a maximum collector current of 6A or 6000mA. This transistor has a maximum collector-emitter voltage of 100V, a maximum collector-base voltage of 100V, and a maximum transmitter base voltage of 5V [23].

MP2307
Module to reduce the power of the electric current.
The MP2307 device integrates a 100mΩ MOSFET that provides 3A of continuous load current at a wide operating input voltage of 4.75V to 23V. Current mode control provides fast transient response and cycle-by-cycle current limit. Adjustable soft-start to prevent inrush current when power on and in off mode, supply current drops below 1µA. This device, available in an 8-pin SOIC package, provides a very compact system solution with minimal dependence on external components [24].

MAGNET IC DOOR LOCK
Holding the door from opening The 600 Lbs magnetic door lock has specifications: the supply voltage is 12Vdc, 24Vdc and has a current draw of 500mA at 12Vdc and 250mA at 24Vdc at 20°C. The depth of power of this magnetic door lock is 600 lbs or 280 kg with a size of 250 x 42 mm with a weight of 2kg and humidity 0 to 95% without condensation. The ambient working temperature is 10 to 55°C and the lock surface temperature is 20% when the power is on [25]. Figure 6 shows a schematic circuit of the electronic devices in the smart door lock system. The module works using an AC to DC 12v 3A adapter. Great power is required to activate the magnetic door lock. ESP 32 requires 5v of power to operate. The MP2307 dc to dc step-down module is used to reduce the 12v voltage to 5v. Other devices use the 3.3v pin on the ESP 32 to work. The TTP 223 touch sensor module gets power directly from the MP2307, the incoming power is regulated again by the AMS1117 3.3v module, which will reduce the 5v power provided by the MP2307. To protect electronic circuits from dust, water splashes or other debris, the smart door lock system has a hard case. The hard case is designed using fusion360 and adjusts the size of the electronic module used. All hard cases are printed with PLA plastic using a 3D printer.  of 100mm × 160mm with a thickness of 26mm to 40mm. Whereas Figure 8 shows the hard case for the power supply having a size of 106mm × 55mm with a thickness of 38mm. The backend service is made with JavaScript and the help of the Expressjs web library. Several studies have proven that JavaScript and Express are fast services and can run with limited resources. Research [26], shows JavaScript to be the programming language of choice for small-scale projects to master Java and Python. JavaScript can also execute tasks faster than these two languages, even though it can execute tasks quickly, the Java programming language is more stable to use in various conditions. Research [27] shows that Expressjs can execute tasks and provide a better response time compared to ASP.NET, JavaScript is also far more optimal in utilizing available hardware. In the same study, Expressjs uses 3 times less memory and uses two times more CPU low. Figure 9 shows the activity diagram of the backend service. Users will be divided into four roles with different tasks. Role Users can only perform basic functions such as requesting room access and viewing a list of rooms that can be accessed. The Operator role is responsible for performing basic administration tasks, such as linking users and cards and granting or removing user access to rooms. The Technical Admin role ensures that the hardware is connected perfectly to the cloud service. This role creates room data and links it with available hardware data. The Super Admin role can perform tasks performed by operators and technical admins; the super admin can change each user's role.

b. Firmware Design
The firmware is written in C language. The C programming language was chosen because of its efficiency and speed making it suitable for use in embedded devices [28]. ESP 32 allows firmware updates wirelessly, this allows the device to be implemented in a native environment, when there are errors or bugs, updates or patches can be done easily using wireless technology. Firmware is designed to read RFID input along with input from keypads or touch sensors. The firmware will also control the OLED display and the relay, which is responsible for flowing or muting the electric current to the actuator. When the device is turned on, the microcontroller will check the EEPROM, whether the device already has an ID. If not, the device will make a request to the server to request a device ID. If the device already has an ID, the device will make a request to the server to ensure the device ID is still active, if the device ID is no longer active, the device will again request a new ID. The device ID will later be used to link hardware with room data. Each room has only one device.
After initializing the smart door lock system, it will display a welcome screen. When the device is idle, the user can enter a pin or tap an access card. The device will send a request containing the room ID, card ID, along with the pin. If the user activates two step authentications, the device will send the data to the cloud service, if the response given is code 200, then the user can enter the room and the display gives information that the room opened successfully. Code 500 is given if the user does not have access to the room, the display will provide information that the room has failed to open, while code 401 indicates the user's pin is incorrect, the display will ask the user to enter the correct pin. When the back end service give code 200, ESP32 will send a trigger signal to TIP41C to cut off current to the actuator.

c. Database Design
The database used is PostgreSQL. PostgreSQL is the best choice for small to medium sized projects. Tests conducted [29] showed that PostgreSQL had the best performance for processes involving 100-500 insert queries, requiring only an average of 383.22ms, outperforming MySQL (470.25ms) and MongoDB (612.56ms) [29].  Figure 10 shows the design of the database structure, the databases will be related to one another. The API KEY table is responsible for storing API data, this data will be used to validate connections from the hardware, if the API ID and API KEY sent are not recorded, requests made by the device will not be responded to.
The user table has bindings to other tables such as roles and profiles. The user table is connected one to many with the card table, each user can have several cards. These cards will have a relationship to the rooms that can be accessed, this structure is represented by a many to many relationships, which allows one card to be used to access several rooms at once. Before the user card can access the room, the user must send a request to the administrator and the data will be temporarily stored in the REQUEST ROOM, after the administrator takes action the request data will be deleted from the table. The ROOM (room) table will have a one-to-one relationship with DOOR LOCK HARDWARE (hardware). This is done for the purpose, if the hardware is damaged then the room can be linked with replacement hardware, so that card data that has access to the room does not need to be re-registered. When the user taps the access card, the process will be recorded and entered into the ROOM RECORDS table.

Testing and Evaluation a. Testing
The testing phase is crucial to ensure the system functions optimally and achieves its intended goals. Multiple tests are conducted to evaluate different aspects of the system's performance. The initial test focuses on assessing the hardware capabilities, while the subsequent test aims to evaluate the software's functionality.
Hardware testing comprises two sections. Firstly, the durability of the hardware is examined in its intended environment to verify its reliability. Secondly, a stress test is conducted to evaluate the long-term performance of the microcontroller, particularly its ability to handle repetitive tasks. These tests collectively ascertain that the system can effectively execute room management operations.
Software testing is conducted through four distinct schemes. These schemes encompass testing user registration, card registration, room access requests, and the check-in process. The objective is to evaluate the system's speed and responsiveness in performing these essential functions. The system's efficiency and responsiveness can be validated by conducting comprehensive software testing, ensuring seamless operation throughout the room management process.

b. Evaluation
During the hardware testing process in its original environment, one of the test parameters collected is the device's operational duration without encountering any issues. This parameter provides valuable insights into the hardware's reliability and stability over an extended period of usage.
On the other hand, the stress test performed on the hardware focuses on evaluating its performance in terms of the time required to complete a specific process. In this case, the process under scrutiny is the request process sent to the server. The hardware's efficiency and responsiveness can be determined by assessing the time taken to execute this process under stress conditions, providing crucial information for optimizing its performance.
All tests conducted on the cloud service software aim to evaluate its performance, specifically determining the system's responsiveness. The primary data collected during these tests is the response time, which provides valuable insights into the system's speed. By analyzing the response time data, it becomes possible to assess whether the system functions quickly and responsively. A lower response time indicates efficient performance, demonstrating that the system can promptly handle user requests and deliver timely responses. This data plays a crucial role in gauging the effectiveness of the cloud service software and ensuring optimal user experience in terms of speed and responsiveness.

2.7.
Testing Environment The hardware testing was conducted in the real-world environment of the embedded lab room at the Jakarta State Polytechnic. This setting allowed for a comprehensive evaluation of the hardware's performance and durability under conditions similar to its intended use.
In contrast, the cloud service was tested by simulating high user traffic using Python scripts. This approach enabled the assessment of the cloud service's performance and scalability when subjected to a heavy workload. By simulating high user traffic, the system's response time, stability, and ability to handle concurrent requests can be effectively measured and evaluated.
The server that will be used in the test is a computer with an operating system Windows 10 platform build 19044, with CPU i5-8265U CPU @ 3.80GHz (4 cores, 8 threads) with 4GB RAM.

RESULTS AND DISCUSSION
There are several test schemes performed on hardware. The first scheme is carried out to test the capability and reliability of the hardware. This test is carried out by installing a prototype for one month in a real environment. The second scheme is to test performance and reliability, testing is done by conducting a stress test by sending a number of data in several batches.

Hardware Testing
The first test scheme takes place from October 1, 2022 to November 10, 2022. Figure  11 is an implementation of the device in a real environment. During the testing period the device could work well. All functionality works well without any problems. A 12v 3a power supply powers the device. The power is divided into the magnetic door lock, and some of the power is reduced to 7v and is channeled to the ESP 32 using a UTP cable. With 7v power, the ESP 32 can still work normally without experiencing a drastic increase in temperature.

Figure 13. Comparison of response times
The second testing scheme is to do a stress test. Each test batch contains 2500, 5000, 7500, and 10000 data stored in json format. The data is stored on the computer and sent via a serial cable to the ESP 32. The ESP 32 will make a request to the server. The request is sent in the form of a validation request whether the card has access to the room, the response time for program execution will be sent back to the computer and recorded in a *.xlsx format file. Figure 12 shows that the minimum response time continues to increase with the amount of data sent. Meanwhile, the maximum response time has increased from 5000 to 10000 data. The average response time also increases with the amount of data that must be sent. Figure 13 shows that the response time for each batch is quite stable. In a batch of 2500 data, there are several requests that have response times above 3000ms. Batch 10000 Data is batch with the most data fluctuations. Overall, ESP 32 has stable performance. Although sometimes there are fluctuations, ESP 32 can return to stability on subsequent requests.

Backend Service Testing
The backend service in the intelligent door lock system is one of the vital systems. The backend service will save the card data and validate if the card can open the room. Therefore, backend service testing is needed to determine performance, capability, and reliability. Testing is done by sending many requests to the server. Requests will be sent via scripts written in python and utilizing threading technology. The more threads that are used will simulate the number of users who send requests to the server. The testing process will be carried out with 2500, 5000, and 7500 data and using a schema of 50, 250, 500 threads. The testing process will be carried out on the user registration process, card registration, request for access to the room, as well as the check-in process into the room.

User registration process
The user registration process is the earliest process in using the system. This process requires username, email and password data. Data is generated randomly. Data with the same email or username, the registration process will fail. The test results can be seen in the Table 3.  Table 3 is the result of testing the registration process. The average response time results, on each of the same thread with different amounts of data, are relatively the same and have not experienced a significant increase. A significant increase occurs when the number of threads is increased. At the same amount of data, the increase in average time experienced a very high spike, in batch 2500 data, the response time of 250 threads increased 6 times compared to 50 threads.

Card registration process
The card registration process is carried out via an ESP 32 device. This test will simulate the registration process will be simulated using a python script. The number of registered cards depends on the number of users that can be registered.  Table 4 test results show that the test results are more or less the same as the user registration test. Adding the amount of data tested does not really affect the minimum response time. Meanwhile, the more threads used, the higher the minimum response time. In a batch of 5000 data, the minimum response time on 50 threads is 685ms increasing to 6723ms on 250 threads and increasing 2 times again to 12145ms on 500 threads.
3. The process of obtaining access to the room Users can request access to certain rooms. Users can perform these actions through the website. The simulation that will be carried out will represent the number of users requesting a room at one time. Testing the room access request process is shown in Table 5. The results obtained are almost similar to the tests carried out before. The maximum response time does not increase dramatically when the amount of data increases but increases dramatically when the number of threads increases. This can be seen in the 7500 data batch, the maximum time continues to increase from 1776 on 50 threads to 5487ms when 250 threads. The maximum time then decreases at 500 threads to 3891ms. This decrease occurred because the server could not respond to all incoming requests, only a few requests were made by the server.

Check-in process
The check-in process is a process when the user wants to enter the room. The device will read the RFID card and send the data via wifi to the server. The server will respond whether the user is allowed to enter the room or not. The testing process will be simulated using a Python script.  Table 6 is the result of the check-in process test. The test results still show similarities with the previous test. The number of threads will increase the response time. In addition, the large number of threads will reduce the success of the request process. The decrease in request success is caused by the inability of the server to respond to every request sent. The server is unable to respond to all requests because the server is running on one script on the computer. The load is not distributed to other servers. To overcome this the load of requests received by the server must be distributed. This technology is known as load balancing.

CONCLUSION
Based on the results of the tests, it can be concluded that the smart door lock system was successfully built and tested. The findings demonstrate that: 1. A room management system with MFA can be implemented using a backend service built with expressjs and an ESP32 microcontroller. Data stored in the cloud allows multiple clients to access the data from anywhere. 2. A fast smart door lock system can be created using a combination of nodejs, expressjs, PostgreSQL, and ESP32 client technologies. The validation process at check-in can be completed within 207ms, and the server can handle up to 500 requests simultaneously.
Overall, the study shows that the system can effectively manage rooms and provide reliable security for users. Further research can focus on improving the system's scalability and expanding its features for broader applications.