Signet High-capacity

by Nth Dimension

An all-in-one encrypted USB flash drive, two-factor authentication token, and password manager

View all updates Sep 20, 2019

2FA and Enclosure

We’ve done it! Signet HC is now officialy funded. Thank you to everyone who has pledged so far.

Manufacturing Progress

Everything is going very smoothly so far. Our board layout has been approved by PCBWay, fabrication has begun, and we are sourcing components for the assembly phase. The latest injection molding samples arrived from Sea Sky Tooling and all issues with the silkscreen and mold were significantly improved. We have placed an order for the minimum order quantity of 550 pieces.

In-depth Look: Two Factor Authentication

Two-factor authentication (2FA) is a way to enhance the security of a site by requiring the presence of a device, such as Signet HC, to complete a login or other transaction. Signet HC supports FIDO U2F, FIDO2, HOTP one-time passwords, and TOTP one-time passwords.

Signet HC is different in many ways from 2FA devices on the market today. It is not small enough to leave plugged into a laptop like the Tomu and it’s relative the Somu. Signet HC needs to be larger to support its more powerful microcontroller, robust keyring loop, and eMMC memory. As a consequence, when not in use, Signet HC is more likely to be kept with the user than the user’s computer. This decreases the likelihood it could be taken from a lost or stolen computer. Furthermore, private 2FA data can be encrypted as part of Signet HC’s password database, making a lost or stolen device unlikely to be exploited.

Most two-factor authentication devices use a capacitive touch pad to indicate the presense of a user. Based on our experiences with various touch interfaces being occasionally unreliable, we decided to go with a tactile switch. It’s always clear when you’ve activated the device, we find it more satisfying, and we’ve never had a problem with presses not being registered. It’s true that all tactile switches eventually wear out but we have chosen a very light-touch switch that is rated for 500,000 presses. This is in line with the lifespan of the typical USB port which is about 5,000 insertions, allowing for 100 button presses per insertion.

FIDO U2F and FIDO2

To use Signet HC, or any U2F device, with a website, the device must first be registered with the site. The site sends a unique code to the device via the browser to allow it to identify the site in the future. In response, the device sends the public component of its public/private key pair to the website. Secure authentication is later accomplished through the properties of public and private keys:

  • The public key can be used to decrypt messages
  • The private key can be used to encrypt messages
  • The private key is very difficult to derive from the public key

During an authentication attempt, the site will transmit a randomized challenge message, which the device will sign with its private key and send back to the website. By using the device’s public key, the website can then verify the message signature. Since the private key is never transmitted and cannot be easily derived from the public key, this procedure effectively ensures that the user possesses the same key that was originally registered with the site.

FIDO2 uses a similar authentication mechanism as FIDO U2F but uses a different interface designed to support passwordless login instead of only second factor authentication.

One-time Passwords

One-time passwords are an alternate form of two-factor authentication that does not rely on public key cryptography. Instead they work on the basis of a single shared secret between the site and the device. The password changes over time either through a shared usage counter in the case of HOTP, or the wall clock time with TOTP. In both cases, the changing value is combined with the shared secret and passed through a cryptographic hash function. Signet HC can enter these passwords when needed using its USB keyboard interface, just as if you had typed them yourself. The one-time password feature is integrated into Signet HC’s existing password manager.

Enclosure Demo


$13,286 raised

of $6,000 goal

221% Funded! Order Below

Product Choices

$90

Signet HC

An all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go.


$170

Two Signet HC's

Two Signet-HC's, an all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go. You can give one Signet to a friend or keep one as a backup device.


$800

Ten Signet HC's

Ten Signet-HC's, an all-in-one physically secured USB flash drive, authentication tool, and personal information manager you can take with you wherever you go. You can give one Signet to a friend or keep one as a backup device.


$3

USB Extension Cable

Helps keep your Signet HC close to your keyboard when the closest USB port is too far away. Can also reduce strain on the device's connector to increase its lifespan. 3'

USB Extension Cable

$3

Micro-USB Host Adapter Cable

Connects your Signet HC to a USB-micro Android device. 6"


$3

USB-C host Adapter Cable

Connects your Signet HC to a USB-C Android device. 6"

USB-C host Adapter Cable

Credits

Nth Dimension

Producer of privacy and security focused open source electronics.


Neils Nesse

Creator

Mingjane Wu

Technical writer / UX designer


PCBWay

PCBA Manufacturer

Sea Sky Tooling

injection molding

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: