The idea is quite simple, at work I often leave my computer for meetings ... and don't want to have to xlock / unlock my session.
On login, I start ssh-agent with all my different keys (Work & Personnal), so leaving a terminal open with them loaded looks dangerous to me. Medor checks every 5 seconds if my keys with my RFID tag are present, if they aren't the screen is locked to prevent somebody to use my session. When my keys are back, the session is unlocked.
There's another protection, if Medor detects that the RFID reader is no longer available (somebody tried to unplug it), the screen is locked, all keys in my ssh-agent are removed and a XMPP message is sent to my cell phone.

Medor use the RFIDIOT library to access the RFID reader, have a look at my previous article to know how to use it on Debian GNU/Linux.

Here are the 2 main scripts (up-to-date release will be available on my github under dotfiles/openbox/bin/Medor)

Medor.sh

#!/bin/bash
#
# Medor v0.1
# Alex "laotseu" DE DOMMELIN - http://blog.tuxz.net
#
# This program is free software. It comes without any warranty, to
# the extent permitted by applicable law. You can redistribute it
# and/or modify it under the terms of the Do What The Fuck You Want
# To Public License, Version 2, as published by Sam Hocevar. See
# http://sam.zoy.org/wtfpl/COPYING for more details.
#

RFID_ID="MYTAGID"
CHECK_TAG_SCRIPT="/home/laotseu/.config/openbox/bin/Medor/python-rfid/checkTag.py"
SCREENLOCK="xlock"
SCREENLOCK_OPTS="-mode blank"
XMPP_ALERT="/home/laotseu/.config/openbox/bin/Medor/xmpp_alert.py"



function protect() {
  (ssh-agent -k > /dev/null 2>&1)
  ($XMPP_ALERT "$(date) Security Alert : RFID reader unplugged" > /dev/null 2>&1)
  lock;
}

function lock() {
  ($SCREENLOCK $SCREENLOCK_OPTS &)
}

function unlock() {
  (/usr/bin/killall -9 $SCREENLOCK)
}



## Main Loop ##

ALERT_SENT=0
while [ 42 ];
do
  TAG=`$CHECK_TAG_SCRIPT 2>/dev/null`

  case $? in
    ############################
    ## Reader not present :-( ##
    ############################
    1 )
      if [ $ALERT_SENT -eq 0 ];
      then
        protect;
        ALERT_SENT=1
      fi;
    ;;


    #################################
    ## No tag present, lock screen ##
    #################################
    255 )
      (/bin/pidof $SCREENLOCK > /dev/null 2>&1)
      if [ $? -eq 1 ];
      then
        lock;
      fi;
    ;;


    #############################################
    ## Tag present, check if allowed to unlock ##
    #############################################
    0 )
      if [ "$TAG" == "$RFID_ID" ];
      then
        (/bin/pidof $SCREENLOCK > /dev/null 2>&1)
        if [ $? -eq 0 ];
        then
          unlock;
          ALERT_SENT=0
        fi;
      else
        (/bin/pidof $SCREENLOCK > /dev/null 2>&1)
        if [ $? -eq 1 ];
        then
          lock;
        fi;
      fi;
      ;;
  esac

  sleep 3
done;

checkTag.py

#!/usr/bin/python

import RFIDIOtconfig
import os

try:
  card = RFIDIOtconfig.card
except:
  os._exit(1)

if card.select():
  print "%s" % card.uid
else:
  os._exit(-1)

You need to install some packages :
apt-get install python-pyscard pcscd pcsc-tools python-pycryptopp python-serial python-crypto

Then download the latest release of RFIDIOT (RFID IO Tools) here and simply extract it.

Plug-in the reader and start pcsc_scan, you should see something like that :

found one
Scanning present readers
0: ACS ACR 38U-CCID 00 00 

The "0:" is the reader id, so ctrl+c out of pcsc_scan, edit RFIDIOtconfig.py, jump down to the readernum= directive, and change that to the correct id given by pcsc_scan.

You should now be able to test your reader using one of the contributed script such as multiselect.py.

#!/usr/bin/python
import xmpp

user = 'your_login'
pwd = 'your_password'

cnx = xmpp.Client('gmail.com')
cnx.connect( server=('talk.google.com',5223) )
cnx.auth( user,pwd,'python xmpp bot' )

cnx.send( xmpp.Message( "contact@domain.tld" ,"message" ) )