Here is the overview of the project plan. The minimum viable solution will have to have a processor that and a real time clock to calculate the correct keys, and a way of emulating a USB keyboard. I am keen to keep the hardware simple and use the V-USB library on the same processor that will calculate the keys.
Another element to this project will be configuration as the computer needs to be able to securely deliver a key from the web site, and the real time clock will need setting at least once. For this I am going to try and transfer data at a low speed from the PC screen to the device using optical sensors. This has been done in the past but will need refining.
Although not essential to it's initial operation I suspect I will probably add some kind on user input (a button) and device feedback (some LEDs) to help with development and debugging.
So the headline development tasks are...
- The RTC needs reading
- The authenticator checksum needs calculating
- V-USB needs implementing.
- The optical input needs developing
- The client side app for configuration needs developing.
I have already done the RTC and V-USB parts in other projects and this code can be used here. Some work has already been done by others on porting the checksum calculation code but this needs finishing. My intention is to put this together as a prototype in a weekend or at a hack day.
Although there have been projects that use optical sensors to read data from the computer screen they have not worked very well. I have the advantage on not needing to move much data, and that it does not happen often, so I can do it slowly. My hope is this will solve the issues others have had. Again my intention is to put this together as a prototype in a weekend or at a hack day.
The client software will need some thinking about to make it secure. It is easy to hack together, but for the final version we do not want the secret keys being passed back and fourth across the internet. I believe it should be possible to make this as an HTML5 web app that runs completely on the client machine.