Since the internet remains quite vulnerable to security breaches, new measures have been taken to ensure that users are able to safely interact and navigate it in no time. Earlier last year, a new security model called the FIDO2 WebAuthn (Web Authentication) that helps to eliminate all forms of password theft and replay attacks was developed by the big tech companies and accepted for recommendation by the W3C Consortium. The FIDO2 WebAuthNtechnology which has much higher security than passwords was built to help users log in to their online accounts with their mobile phone, biometrics or FIDO security keys instead of having to always remember the many passwords that they have used for different sites.
Taking it further, Electrical Engineer Andrew Ovcharov, last summer started working on developing his own FIDO2 Authenticator, the “URU Auth” derived from the abbreviation “You Are You”.
The URU key, about the size of a small flash drive, is a custom standalone wireless biometric FIDO2 WebAuthN Authenticator which uses a fingerprint scanner for authentication on WebAuthN-enabled websites. Instead of having to use mobile devices, users can power their URU key, scan a registered fingerprint and interact easily with WebAuthN web applications.
Ovcharov has been working on the URU key for about six months now and the project has successfully gone through the major developmental stages.
”…I have built a prototype board for the authenticator device, the fingerprint scanner was connected and the fingerprint image was acquired. The security chip was connected and communicated. Now all the small pieces work together as one device and the device starts to get a shape. I can hold it in my hand, I can confirm the authentication request and it makes me absolutely happy how it goes”, says the engineer.
The URU key, for now, features an ESP32 Pico D4 microcontroller for the wireless transfer of data, the GROW R300 fingerprint scanner for registering fingerprints, a few LEDs, connectors for programming and user feedback, and the ATECC508a security chip which implements the FIDO2 WebAuthN.
Ovcharov is putting more work into the project as he is currently experimenting on power options to make the device really autonomous while keeping it lightweight and pretty small.
The project’s progress is being documented beautifully on Ocharov’s website. You can follow the page to learn more about the device.