Some time ago I was reading news and met a very interesting topic - password-less authentication. The idea is great: instead of remembering multiple passwords for the different websites one could use a special device called Authenticator which will cover all registration and authentication processes using modern cryptography and biometric technologies.
Last weekend I could play with the ESP32 board to implement BLE transport for FIDO2 WebAuthN protocol. The great BLE library for Arduino [https://github.com/nkolban/ESP32_BLE_Arduino] and tutorials [https://circuitdigest.com/microcontroller-projects/esp32-ble-server-how-to-use-gatt-services-for-battery-level-indication] helped me a lot. Now my developer board advertises itself as FIDO2 Authenticator and provides four required endpoints to communicate. Google Chrome is able to detect the device and tries to connect to it which I consider as a great success for the weekend project. However, the endpoints just do nothing at the moment and authentication fails with an error.
Last (and previous) weekends I've spent on the real implementation of FIDO2 WebAuthN protocol. In reality, the problem is more deep and difficult than I was thinking before, so I have re-implemented the GATT server on Android to have higher-level language and libraries and better debugging capabilities.
After implementing the Android app for FIDO2 authentication [/2019/08/05/some-progress-with-webauthn/] I started to implement the same functionality on the ESP32 development board.
While working on FIDO2 Authenticator [/category/fido2/] device I came into an interesting problem - User Verification. At the moment it is implemented really simple - just a button connected to the IO0 port. However, anybody is able to push this button and therefore authenticate with the device. Then I came to the idea of adding some biometric authentication for the user.
It is sad, but not everything went smooth during my experiments with fingerprint scanners. I have desoldered fingerprint scanner from the GROW R300 device wanting to find a way to connect it to the MCU directly.
After a few weeks of waiting the postal service delivered the PCBs for the device prototype [/2019/10/14/esp32-authenticator-development-board/]. Usually, I order my boards from the JLCPCB manufacturer and the quality is very good, as always.
And, now the project has reached the next important milestone. So far I have the following building blocks:
The next important step of making autonomous FIDO2 Authenticator [/category/fido2] device is the power source. In general, I have two options - replaceable or rechargeable batteries.
The last update on my FIDO2 project was more than a year ago. I was quite busy with work and other problems. However, the project did not stop.