Already have an account? Log in.
To make the experience fit your profile, pick a username and tell us what interests you.
URU Card is a spin-off project of the URU Key.
It's a small, credit-card size FIDO2 Authenticator device. It's open-source, both hardware and software. It's wireless. It's built using simple and affordable components. It's programmed with Arduino.
Excited? Feel free to join.
Recently I have received the new batch of PCBs for my URU Card device. Since I do not have a 3D printer and appropriate skills I am going to construct a hard shell using the stack of PCBs. This time I have chosen black colour for the boards as it comes in a nice matt finish.
In addition to the mainboard, I have simply designed two more PCBs. One with fancy cut-outs for the components and one to use as a cover. These boards will be glued together as a sandwich to create a simple hard shell for the device.
To further simplify the device I have replaced ceramic antenna with PCB one following the popular design from Texas Instruments. It takes slightly more space on the board but comes with zero cost and during the test of the device I did not notice any performance penalty.
The unpopulated place on the board is reserved for the FT260 chip. This IC is a USB HID device and can be used in future to implement USB transport supported by FIDO2 protocol.
The cut out for the display is much smaller now and opens visible part of the display only.
Holes in the corners of the boards are used to align the URU Card in the programmer for ESP32/ESP8266 devices I have designed before. As well they are used to align all three boards during glueing together. The spring-loaded pins provide reliable connection during programming and require almost zero space on the device.
The assembled device works exactly as before. The display is clearly visible through the cut out hole. One nice addition - the backboard completely prevents from accidental touch detection from the backside of the device while front touch keyboard works without any problems.
The size of the device remains the same and despite the thickness of around 3 millimetres, it fits my wallet exactly like any other credit or discount card.
I think this time I have achieved one important milestone in the development of the device. Now it has a very simple and affordable case without losing any functionality or size requirements. As well the design was simplified with the replacement of the ceramic antenna with PCB one.
For those who want to reproduce the device, the dedicated GitHub repository contains the design files for Eagle CAD and set of Gerber files to order the board from the manufacturing services.
This update was delayed due to summer holidays but it brings achievement of the very important milestone. Now we have a very minimal implementation of the FIDO2 authentication protocol on the Arduino framework. The simplicity of the Arduino platform and the availability of the hardware opens the door to secure authentication to everyone interested.
Andrey Ovcharov
GetInfo command so the server recognises the authenticator and starts the authentication processMakeCredential receives the data from the server and returns signed credentialGetAssertion receives the credential and responds with confirmation of authentication.The words “very basic” mean that many many features of the authentication flow are missing. For example, the private key is a simple hardcoded value and there are no real checks for user presence or user verification.
However, the project can be compiled, uploaded to the ESP32 development board and get “green” results in a simple test.
So, what do you need to run the URU Card at home?
You can use simple and affordable Wroom 32 development board. At the moment advanced features like secure element ATECC508a are not used so there is no need in more sophisticated boards.
Connect the board to your computer using USB cable and make sure the UART port is available to your system. Make sure the selected port provides enough current as the ESP32 chips are quite hungry and sensitive to stability of the power source.
I am using a combination of Visual Studio Code and PlatformIO for the development. This combo gives ease of configuration, building and uploading the firmware to the board. Just follow installation instructions for your platform.
Despite the fact, the FIDO2 protocol supports BLE transport, at the moment is it available only under Windows. So, you will need either a Windows machine or a virtual environment. I am using Oracle Virtual Box and the trial version of Windows 10.
First of all, get a copy of the source code using either git command or downloading a zip file from the project’s GitHub page.
Then, build the project and upload it to the development board using the following command in terminal (Mac OS/Linux):
pio run -t upload -monitor
The program will start immediately and the serial console will start output of the debug information.
Open the Bluetooth settings in your Windows. Click the button “Add Bluetooth or other devices” and proceed with the pairing of the “URU Card”.
After a few seconds, the device should be paired and appear in the list of available devices.
Open the browser in your Windows. Chrome, Firefox and Edge browsers work equally well as they are using the system layer to communicate with the authenticator device. Visit the page webauthn.bin.coffee and click the button “Create Credential”.
Just follow the key setup procedure and after a few seconds, a new credential will be generated by the device and sent to the browser.
The “Get Assertion” button will use a similar procedure to confirm the credential produced on the previous step.
The same procedure can be executed on page webauthn.me.
The current state of the project provides a solid base to work on the fully-featured wireless FIDO2 authenticator device implemented with the Arduino framework. While the many crucial features are still missing, the existing ones provide a solid base to start playing with the technology.
If you have any questions regarding running the project on your development...
Read more »
RemoteMCU
Marek Więcek
dariocose
Vladimir Savchenko