Building and Selling Solo, an Open Source Secure Hardware Token

Presented at ShmooCon XV (2019), Jan. 20, 2019, 10 a.m. (60 minutes).

Solo is a low-cost security key that implements U2F and FIDO2–FIDO Alliance protocols that are part of the new W3C standard WebAuthn that allow you to securely authenticate on the web and potentially have a passwordless experience. My team and I created Solo in 2018 and are bootstrapping a business to produce and sell security keys full time. We just crowdfunded $123k to kickstart our first production run.

Most security keys use smart cards or EAL certified chips, which are very proprietary and relatively expensive. Solo is open source software and hardware and uses no components that require an NDA, which is quite a rarity. Because of this Solo can be regularly updated and extended without having to go through costly product revisions and re-certifications.


Presenters:

  • Conor Patrick
    Conor (@_conorpp) is a hardware designer and hacker. In grad school he focused on secure hardware design and how to crack chips using power analysis or fault injection. Conor created U2F Zero, an open source U2F security key, and produced and sold around 5k units. He loves to talk about hardware design and physical security.

Links: