Smart Locker

1. Story

The Genesis of the Project

This project was born as part of a 50-hour IoT (Internet of Things) module in our engineering studies within the RIOC (Computer Networks and IoT) program at Unilasalle Amiens. Working as a pair, we were challenged by our professor to develop an innovative solution using LoRa technology. Our goal was not just to fulfill a requirement, but to create a tool that could be genuinely useful for our university’s lab, especially for events like Open House days (JPO).

The Problem

University laboratories often face a logistical challenge: the secure sharing of expensive hardware (Arduinos, sensors, specialized tools) among students. Standard "Stationary" IoT projects like weather stations are common, but they don't solve a physical security problem. We wanted to build something interactive: a Smart Locker.

Our Solution: The Smart 2FA Locker

We designed an intelligent locker system that provides secure, remote-access management without relying on Wi-Fi networks.

Our innovation lies in the Double Authentication (2FA) via LoRa WAN:

• First Layer: The user identifies themselves at the locker using an RFID badge.
• LoRa Transmission: The unique ID is sent over long distances via LoRa to a central server.
• Second Layer: If the badge is recognized, the server generates a unique 4-digit code and displays it on a web application.
• Final Access: The user retrieves the code from the app, enters it on the locker's keypad, and the electromagnetic lock opens.

By choosing LoRaWAN, we ensured that the locker could be placed anywhere on campus—even in areas with no Wi-Fi or cellular coverage—while maintaining a secure link to our database.

2. How does it work?

System Architecture

The system is built around a distributed architecture that connects physical hardware to a cloud-based logic center. At the heart of the locker is an Arduino MKR WAN 1310, which acts as the main controller. This board is connected to several peripherals: an RFID reader for identification, a 4x4 matrix keypad for security code entry, an I2C LCD screen for user feedback, and an electromagnetic lock controlled by a relay. The communication between the locker and the management server is handled entirely through the LoRa WAN protocol via The Things Network infrastructure.

The Authentication Flow

The security process starts when a user scans their RFID badge at the locker. The Arduino reads the unique identifier of the card and encapsulates it into a LoRa packet sent to a gateway. This message is then routed to a Python-based server hosting a Flask web application and an MQTT client. The server compares the received ID against a database. If the user is recognized, the server generates a random four-digit security code. This code is simultaneously updated on the web dashboard for the user to see and sent back to the Arduino as a downlink message.

Physical Access and Monitoring

Once the Arduino receives the secret code via LoRa, it switches to a waiting mode, prompting the user through the LCD screen to enter the digits. The user consults the web application on their phone to retrieve the temporary code and types it on the physical keypad. If the entered code matches the one stored in the Arduino's memory, the relay is triggered to release the electromagnetic lock, allowing the door to open. A magnetic reed switch is used to monitor the door's position, ensuring the system only returns to its secure standby state once the door is physically closed again.

3. Code logic

Arduino State Machine

To ensure a smooth user experience and avoid blocking the system during network communications or keypad entry, the Arduino MKR WAN 1310 runs a finite state machine. This architecture allows the controller to switch between different operational modes: Standby, Waiting for Server, and Code Entry. In the Standby mode, the system continuously polls the RFID reader. Once a badge is detected, the system transitions to a waiting state, sending the ID via LoRa and displaying a status message on the LCD. This non-blocking approach is essential because it allows the device to listen for incoming LoRa messages while simultaneously checking if a user has started typing on the keypad.

Overcoming LoRa Class A Latency

A significant technical challenge was managing the reception of the 2FA code from the server. Since LoRa WAN Class A devices can only receive data immediately after sending an uplink, we implemented a specific "Ping" mechanism. After sending the initial RFID identifier, the Arduino sends short periodic "pings" to the server. These empty messages open frequent reception windows, allowing the server to push the generated security code back to the locker with minimal delay. Without this logic, the user might have had to wait several minutes for the network to deliver the code, which would be impractical for a physical locker.

Server-Side Intelligence and MQTT

The backend logic is hosted on a Linux virtual machine and is written in Python using the Flask framework and an MQTT client. Instead of a traditional web hook, the server maintains a persistent connection to The Things Network (TTN) via the MQTT protocol. When a badge ID is received, the Python script queries a MariaDB database to verify the user's identity. If authorized, the server's logic handles two simultaneous tasks: it generates a random four-digit code that is stored in the session for the web dashboard, and it encodes this same code into a Base64 payload to be sent back to the Arduino.

Administrative Management via RFID

We also integrated administrative logic directly into the backend. By defining a specific Master Badge UID in the Python configuration, the server can toggle between a normal access mode and an administrative enrollment mode. When the admin badge is scanned, the server enters a "listening" state where the next RFID card scanned will either be added to the database (if new) or removed (if already present). This allows for easy management of user access directly at the locker site without needing to manually edit database tables or restart the server.