Some time ago I was reading news and met a very interesting topic - password-less authentication. The idea is great: instead of remembering multiple passwords for the different websites one could use a special device called Authenticator which will cover all registration and authentication processes using modern cryptography and biometric technologies.
Last weekend I could play with the ESP32 board to implement BLE transport for FIDO2 WebAuthN protocol. The great BLE library for Arduino [https://github.com/nkolban/ESP32_BLE_Arduino] and tutorials [https://circuitdigest.com/microcontroller-projects/esp32-ble-server-how-to-use-gatt-services-for-battery-level-indication] helped me a lot. Now my developer board advertises itself as FIDO2 Authenticator and provides four required endpoints to communicate. Google Chrome is able to detect the device and tries to connect to it which I consider as a great success for the weekend project. However, the endpoints just do nothing at the moment and authentication fails with an error.
Last (and previous) weekends I've spent on the real implementation of FIDO2 WebAuthN protocol. In reality, the problem is more deep and difficult than I was thinking before, so I have re-implemented the GATT server on Android to have higher-level language and libraries and better debugging capabilities.
While working on FIDO2 Authenticator [/category/fido2/] device I came into an interesting problem - User Verification. At the moment it is implemented really simple - just a button connected to the IO0 port. However, anybody is able to push this button and therefore authenticate with the device. Then I came to the idea of adding some biometric authentication for the user.
It is sad, but not everything went smooth during my experiments with fingerprint scanners. I have desoldered fingerprint scanner from the GROW R300 device wanting to find a way to connect it to the MCU directly.
After a few weeks of waiting the postal service delivered the PCBs for the device prototype [/2019/10/14/esp32-authenticator-development-board/]. Usually, I order my boards from the JLCPCB manufacturer and the quality is very good, as always.
The next FIDO2 Authenticator project [/category/fido2/] update is dedicated to the ATECC508A cryptographic chip. I have taken some time and started to write a component library for operating the IC from ESP32 microcontroller.
And, now the project has reached the next important milestone. So far I have the following building blocks:
Previously [/2020/02/02/uru-key-esp32-fido2-authenticator/] I have built the single board device featuring all the main hardware components to implement FIDO2 Authenticator but without an autonomous power source. Today with the addition of a power board my project becomes a completed device.
I am happy to say that I'm finally done with the hardware design of the URU Key device.
I was some time since the last update on my URU Key project. However, the project did not stop, no.
After publishing the URU Key project people keep asking me to make it open source. I have tried to organize sources in a more readable way but I still think that plain C and ESP IDF are too difficult for the broad audience. And, unfortunately, the biometrics part is covered by NDA and can not be published.
While working on the side project URU Card [/tag/uru-card/] - the open-source authenticator device in the form-factor of a regular credit card - I have noticed that it is way more suitable for daily use. The device like this can be carried around simply in the wallet together with other credit cards. So, I have redesigned the URU Key in this format.
The last update on my FIDO2 project was more than a year ago. I was quite busy with work and other problems. However, the project did not stop.