Security coprocessor marks a new approach to provisioning for IoT edge devices

---

It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID.

---

The advent of security coprocessor that offloads the provisioning task from the main MCU or MPU is bringing new possibilities for the Internet of Things product developers to secure the edge device at lower cost and power points regardless of the scale.

Hardware engineers often like to say that there is now such thing as software security, and quote Apple that has all the money in the world and an army of software developers. The maker of the iPhone chose a secure element (SE)-based hardware solution while cobbling the Apple Pay mobile commerce service. Apparently, with a hardware solution, engineers have the ecosystem fully in control.

Security is the basic building block of the IoT bandwagon, and there is a lot of talk about securing the access points. So far, the security stack has largely been integrated into the MCUs and MPUs serving the IoT products. However, tasks like encryption and authentication take a lot of battery power — a precious commodity in the IoT world.

Atmel’s solution: a coprocessor that offloads security tasks from main MCU or MPU. The ATECC508A uses elliptic curve cryptography (ECC) capabilities to create secure hardware-based key storage for IoT markets such as home automation, industrial networking and medical. This CryptoAuthentication chip comes at a manageable cost — 50 cents for low volumes — and consumers very low power. Plus, it makes provisioning — the process of generating a security key — a viable option for small and mid-sized IoT product developers.

A New Approach to Provisioning

It’s worth noting that security breaches rarely involve breaking the encryption code; hackers mostly use techniques like spoofing to steal the ID. So, the focus of the ATECC508A crypto engine is the tasks such as key generation and authentication. The chip employs ECC math to ensure sign-verify authentication and subsequently the verification of the key agreement.

The IoT security — which includes the exchange of certificates and other trusted objects — is implemented at the edge node in two steps: provisioning and commissioning. Provisioning is the process of loading a unique private key and other certificates to provide identity to a device while commissioning allows the pre-provisioned device to join a network. Moreover, provisioning is carried out during the manufacturing or testing of a device and commissioning is performed later by the network service provider and end-user.

Presently, snooping threats are mostly countered through hardware security module (HSM), a mechanism to store, protect and manage keys, which requires a centralized database approach and entails significant upfront costs in infrastructure and logistics. On the other hand, the ATECC508A security coprocessor simplifies the deployment of secure IoT nodes through pre-provisioning with internally generated unique keys, associated certificates and certification-ready authentication.

It’s a new approach toward provisioning that not only prevents over-building, as done by the HSM-centric techniques, but also prevents cloning for the gray market. The key is controlled by a separate chip, like the ATECC508A coprocessor. Meaning, if there are 1,000 IoT systems to be built, there will be exactly 1,000 security coprocessors for them.

Certified-ID Security Platform

Back at ARM TechCon 2015, Atmel went one step ahead when it announced the availability of Certified-ID security platform for the IoT entry points like edge devices to acquire certified and trusted identities. This platform leverages internal key generation capabilities of the ATECC508A security coprocessor to deliver distributed key provisioning for any device joining the IoT network. That way it enables a decentralized secure key generation and eliminates the upfront cost of building the provisioning infrastructure for IoT setups being deployed at smaller scales.

Atmel, a pioneer in Trusted Platform Module (TPM)-based secure microcontrollers, is now working with cloud service providers like Proximetry and Exosite to turn its ATECC508A coprocessor-based Certified-ID platform into an IoT edge node-to-cloud turnkey security solution. TPM chips, which have roots in the computer industry, aren’t well-positioned to meet the cost demands of low-price IoT edge devices.

Additionally, the company has announced the availability of two provisioning toolkits for low volume IoT systems. The AT88CKECCROOT toolkit is a ‘master template’ that creates and manages certificate root of trust in any IoT ecosystem. On the other hand, AT88CKECCSIGNER is a production kit that allows designers and manufacturers to generate tamper-resistant keys and security certifications in their IoT applications.

Helium will make sense of your “things”

---

Helium is an integrated platform that monitors, learns and captures insights from the physical things in your environment. 

---

With aspirations of becoming the “Android for the IoT,” Helium has designed an integrated platform that brings the power of the cloud to the edge of the network, enabling users to observe, learn and capture actionable insights from existing physical ‘things’ in their environment. And the timing couldn’t be better. As a growing number of companies enter the IoT market, many find themselves challenged by the complexity of implementing new systems.

Rather than having to build them from scratch, Helium is offering an end-to-end service that connects businesses to the IoT using 802.15.4 networks. The platform itself consists of reprogrammable smart sensors, the cloud and a real-time analytics dashboard.

Unlike traditional sensor providers that are focused primarily on connectivity, Helium’s approach adds intelligence and new functionality that help “things” learn over time, allowing users to evolve their system by asking sensors to behave differently. Ideally, the two-year-old startup is hoping to target companies that serve as integrators, but has selected the medical, food service and grocery industries to first showcase its capabilities by surveilling smart refrigerators. Looking ahead, Helium can be used for a wide variety of enterprise applications, ranging from tracking the location of goods in a warehouse to avoid lost inventory to keeping tabs on the status of industrial machines to predict failures before they occur.

“We are trying to solve the problems of making highly configurable distributed systems that move as fast on the edge as you do these days in the cloud. If you can reach end nodes with software easily and quickly it’s a competitive advantage,” Helium president and COO Rob Chandhok recently told EE Times.

Helium begins with its nodes, which include a RF module, a sensor and an ARM Cortex-M4 main board. The network is based on an Atmel 802.15.4 physical-layer chip, and employs its own media-access control and software stack rather than 6LoWPAN or ZigBee. This gives it the ability to avoid Wi-Fi and Bluetooth congestion by dynamically switching between 900 MHz and 2.4 GHz frequency bands. Helium’s radio does not rely on mesh, but can run for year on a pair of AA batteries.

What’s more, the optimized sensors can be unboxed and deployed within minutes, and feature multiple sensing inputs, a secure wireless network and local computing power, all in a compact form factor. For instance, one Helium sensor can measure temperature and door status in a single unit and be enabled on a refrigerator with just the pull of a battery tab. Once installed, Helium’s smart sensors use combined data intelligently to make monitoring both sophisticated and simple.

The sensors are only one spoke of the wheel, however. Helium will also take care of all the backend software, collecting information from the nodes, sifting through the data in the cloud and then analyzing it on an easy-to-use app. Every sensor reading is stored in Helium’s cloud infrastructure, allowing for historical and real-time access.

From wireless connected sensors to complex event processing, Helium provides users with the power of perception by sensing temperature, motion, sound, pressure and moisture for intelligent solutions that can increase efficiency, avoid loss from equipment failure and reduce downtime. It goes without saying that the consequences of getting embedded systems wrong can be pretty significant. Take the Stanford Children’s Health Center, for example, which had to repeat the vaccinations of more than 1,500 people after discovering that the medication had routinely fallen below freezing point. In a situation like this, Helium could monitor the refrigeration conditions and connect to the Internet to offer real-time notifications should should the temperature drop below its predefined range. Problem solved!

“The rest of the competition is either piecing together open source software or using old techniques to get embedded-node software into the cloud, but not providing a compelling IoT platform. I can’t walk down Market Street without hearing about 100 IoT companies, but not ones broadly targeting the enterprise,” Chandhok shares.

Intrigued? Head over to its official page to learn more, or read this detailed writeup on the platform from EE Times.

Video Diary: A look back at Embedded World 2015

---

Weren’t able to join us in Nuremberg? 

---

With another Embedded World in the books, here’s a look back at some of Atmel’s latest smart and securely connected solutions that are ready to power next-generation Internet of Things (IoT) applications.

Andreas von Hofen shows off the new automotive grade ARM Cortex-M0+-based SAM DA1. The recently-revealed family of MCUs feature an integrated peripheral touch controller (PTC) for capacitive touch applications.

Geir Kjosavik demonstrates a QTouch-based water level sensing application that highlights its advanced HMI and sensing capabilities. Notable uses for this solution include automotive liquid containers and coffee machines.

Dr. Atta Römer explores the latest advancements in phase measurement by exhibiting various localization applications based on 802.15.4 transceivers. Among those examples is Agilion, who showed off its latest e-ink display ID badge based on an Atmel transceiver that is capable of tracking employees in emergency situations, transmitting data and managing access.

Ingolf Leidert addresses Atmel’s newest development kit for ZigBee Light Link solutions using a pair of SAMR21ZLL-EK boards. In this particular demonstration, one board served as a ZigBee LightLink remote, while the other acted as a light.

Controllino is an open-source programmable logic controller (PLC) built around ATmega328 and ATmega2560 microcontrollers. The startup’s CEO Marco Riedesser went 1:1 with Artie Beavis to delve deeper into the Arduino-compatible PLC that enables Makers and designers to produce and control a wide-range of IoT projects, ranging from industrial to home automation applications.

Lionel Perdigon introduces the newest series in the Atmel | SMART ARM Cortex-M portfolio, the SAM E70 and the SAM S70. These Cortex-M7-based MCUs are ideal for connectivity and general purpose industrial applications, while the auto-grade SAM V70 and SAM V71 are perfectly suited for in-vehicle infotainment, audio amplifiers, telematics and head unit control.

The Internet of Things requires a system-level solution encompassing the whole system, from the smallest edge/sensing node devices to the cloud. That is why Atmel has partnered with best-in-class cloud partners — including PubNub, Proximetry and Arrayent — that can support a variety of applications for both Tier-1 OEMs and smaller companies. As Ramzi Al-Harayeri explains Atmel has integrated the partners’ technologies into Atmel’s cloud solutions framework adding the cloud platform functionality seamlessly to all of the company’s wireless MCU offerings.

Thomas Wenzel showcases the latest version of Atmel’s connected car solution, AvantCar 2.0. Focusing on user requirements for next-generation vehicles, this futuristic center console concept delivers an advanced human machine interface (HMI). Beyond that, the new centerstack includes curved touchscreens highlighting HMI in upcoming automobiles using Atmel technologies including XSense, maXTouch, AVR MCUs and local interconnect network.

Bosch Sensortec’s Fabio Governale and Divya Thukkaram unveil the latest extension board for the incredibly-popular Xplained platform. Featuring a BNO055 intelligent 9-axis absolute orientation sensor, the next-gen device connects directly to Atmel’s Xplained board making it ideal for prototyping projects for the Internet of Things, wearables and gaming markets, as well as for applications like personal health and fitness, indoor navigation, and others requiring context awareness and augmented reality for a more immersive experience.

David Lindstrom of Percepio takes us through some of the innovative features of Atmel Studio 6.2, including the MTB support available on the new SAM D21 board. As the demo reveals, it’s super easy to get started, enable Trace View and run the system using the all-in-one collaborative environment for embedded design.

Sankaranarayanan Kitchiah delves deeper into Atmel’s BLDC motor control development platform using a SAM D21 MCU and the Atmel Data Visualizer (ADV) application.

Video: Thread Stack mbed OS on an ARM Cortex-M using Atmel 802.15.4 radios

---

Watch an Embedded World 2015 demo of a Thread Stack mbed OS on an ARM Cortex-M using an Atmel 802.15.4 radio.

---

Seppo Takalo, ARM Senior Software Engineer, shares some the latest updates from Thread Stack, the native support for thread development built into ARM mbed OS. In the video below, Takalo shows off the integrated stack on an ARM Cortex-M using an Atmel 802.15.4 radio.

Set it and forget it! Sprinkl is a smart irrigation system

Let’s face it, not only can watering your lawn can be a hassle, it can often times be a waste of resources as well. Luckily, Dallas-based startup Sprinkl has developed a smarter way to automate lawn sprinklers capable of reducing water usage by up to 50%. Not only is it great for your water bill, but is surely good news for drought-ridden homeowners throughout the country.

The innovative system is comprised of a patent-pending controller and multiple sensor units. Each weatherproof wireless sensor unit relays soil measurements back to the controller using a power-efficient 802.15.4 mesh network — driven by an ATmega256RFR2 — where additional information, such as local watering restrictions, is used to determine per-zone watering schedules.

Sprinkl is built on the Android OS, runs on a 1GHz processor and can even last seven years on a single lithium battery. Equipped with a capacitive touchscreen, the team stuck on some valve controls, enabling the system to command separate zones. Currently, Sprinkl comes in both 8- and 16-zone packages.

Furthermore, the smart irrigation system is also Wi-Fi enabled, meaning that it can pull weather forecasts and water conservation schedules directly from the cloud. Once watering and soil measurements are uploaded, homeowners can easily plot the data in their web browsers. Think of it of as a Nest thermostat for your lawn. Based on the sensors’ readings, the controller determines just the right amount of water to distribute.

According to our friends at PubNub, Sprinkl needed a real-time infrastructure to power their mobile API integration layers with their cloud system to ensure that its cloud and mobile apps were up-to-date based on any changes happening on a user’s controller. In order to achieve just that, Sprinkl seamlessly implemented the PubNub Data Stream Network, significantly reducing development time, as well as development complexity for their real-time backend.

“The Internet is at turning point in the home. Lighting and HVAC controllers have really evolved over the past four years, but irrigation and lawn care technology have been lagging behind,” explained Noel Geren, Managing Member of Sprinkl. “With Sprinkl we wanted to bring an evolutionary product to market; a gorgeous and extensible Android touch based controller that can automatically determine how much water to use per-zone, saving up to 50% on monthly watering bills and preserving earth’s precious resources.

Sprinkl is an ideal alternative for those looking for a smarter, more intuitive watering system for their lawns and landscapes. Interested in learning more? Head over to its official website here.

 

Swift01 is an open-source mesh networking module

Developed by Flint, Michigan-based startup Swiftlet Technology, Swift01 — which recently made its Kickstarter debut — is an open-source, wireless hardware module that enables Makers and hobbyists to build fully-functional systems for the Internet of Things.

“Have you ever wished that you could simply hook things together wirelessly? Have you ever wanted to automate everything in your house, but didn’t want to spend $35+ on a wireless module for each node in the network? This is exactly what drove me to envision the Swift01,” writes Dan Kurin, Swiftlet Founder and CEO.

The team notes that the preliminary hardware design, including an 802.15.4-based Atmel System-on-Chip (SoC) equipped with an Atmel | SMART SAM D ARM Cortex-M0+ MCU, has been finalized.

Additional key specs include:

• Board size: 0.7″ x 1.4″
• Power input: 3.4-5.5V
• On-board 2.4GHz trace antenna
• 3.3V serial UART interface
• 10 I/Os including expandable serial interface and analog I/Os
• On-board serial memory for future features

Since Swift01 is based around the concept of mesh networking, the module boasts several software components such as a full IEEE 802.15.5 network stack to court the network traffic, a serial bootloader to allow for updates, an AT Command interface to enable configuration of the network stack and to send messages, as well as an AES message signing add-on to ensure authenticity.

In an effort to seamlessly create and join networks designed particularly for sensing and control functions, Swift01 offers Makers a wide-range of applications, ranging from monitoring in-house temperature and reconfiguring lighting to remotely collection weather information and controlling home theaters.

“Given that we’re developing open source technology, crowdfunding the development of the tech made perfect sense,” explained Kurin. “This is true democratic development: technology by the people and for the people.” Backers of the campaign can contribute at a number of different dollar levels and, in return for their contribution, receive a finished good in the spring of next year.

As for how the software on the module will be structured, the Swiftlet Technology team has shared an update on its architecture here.

In terms of its RF driver, the team says that it features all of the lowest-level software for handling the behavior of the PHY (transceiver). “Much of this has already been written by Atmel and is included in the Atmel Software Framework (ASF).”

If all goes to plan, production for beta-level hardware is expected to kick off in early January with shipments to initial backers slated for Feburary. Interested in learning more or backing this open-source, open protocol project? Click on over Swiftlet Technology’s Kickstarter campaign!

Zigbee Smart Energy Profile

The much anticipated Zigbee Smart Energy Profile 2.0 was recently released. Representing an effort spanning more than three years, this milestone includes contributions from NIST, IETF and the Zigbee Alliance. Various companies also participated in the initiative, including utility, meter, silicon and software stack vendors.

Smart Energy – the application profile that drove the Zigbee Alliance development of the Zigbee IP (ZIP) –  is the first public profile requiring ZIP instead of the current Zigbee and Zigbee PRO underlying stacks. Zigbee IP (ZIP) and SEP 2.0 offer TCP/IP based interoperability for smart energy networks, thereby facilitating participation in the Internet of Things (IoT) without the need for special gateways. In fact, ZIP is designed to be physical layer (phy) agnostic and is capable of running across various platforms including 802.15.4 Wireless, WiFi, Power Line Carrier Ethernet and more.

SEP 2.0 is built using numerous mainstream protocols such as TLS/HTTPS, XML, EXI, mDNX  and REST. Each SEP 2.0 device boasts an optimized HTTP server serving up and responding to data objects defined by an XML schema. Security is ensured by familiar HTTPS with strong authentication, while an RFC compliant IPv6 stack provides the network with specific routing and translation layers for the wireless PHY.  The SEP 2.0 presentation from the Zigbee Alliance is available here [PDF].

Two recommended implementation strategies for SEP 2.0 in devices are Single Chip and Multi-Phy. Single Chip implementations use a dedicated microcontroller and RF transceiver (or a combined SoC) running a dedicated stack. This strategy works particularly well when adding Zigbee SEP 2.0 support where there is no other network or TCP/IP stack in low to mid range devices. A good example might be a thermostat or load control device, both of which require communications with other smart energy devices – even if they are equipped with a small processor dedicated to the control and UI functions of the device.

The Multi-Phy implementation –  a new way of looking at Zigbee – offers advantages in devices equipped with multiple network interfaces and/or a capable processor such as an Atmel SAM4, SAM9, or SAMA5 MPU or MCU. In such cases, the 802.15.4 transceiver (like the AT86RF233) becomes the network interface PHY layer underneath the IPv6 stack and SEP 2.0 layers running on the processor. Since the IPv6 stack is a compliant implementation, other network PHYs are also supported by the stack. Running two or more physical interfaces with a single processor is certainly not an issue, as devices that communicate via Zigbee, WiFi, PLC, and Ethernet can be designed. Because a single processor and IPv6 stack are used, the cost will ultimately be lower than duplicating these functions in a separate chip dedicated to Zigbee SEP 2.0.

Single Chip and Multi-Phy implementation

The multi-phy implementation is also ideal for gateway devices bridging different physical layers. And since SEP 2.0 is built using standard web protocols, once you bridge the smart energy network to the Internet, managing your home energy devices from a tablet or smartphone is no stretch at all and brings us closer to the reality of the Internet of Things (IoT).

Atmel, along with software stack partner Exegin Technologies, offers robust and compliant solutions for Zigbee IP and SEP 2.0. There is already interest from leading networking and utility companies, with deployment of certified devices expected before the end of 2013. The critical design decision most of us have to consider? Whether to dedicate the cost and complexity of a single chip Zigbee solution – or optimize it and lower cost with a software stack and radio transceiver solution that offers shared resources and the possibility of multiple networks.

Electronics User Experience with Sally Carson, co-founder of Pinoccio

By Eric Weddington, Marketing Manager, Open Source & Community

Sally Carson, co-founder of Pinoccio

Sally Carson, co-founder of Pinoccio

In February I did an interview with Eric Jennings, co-founder of Pinoccio. Pinoccio is a new Open Source Hardware business, building “a complete ecosystem for the Internet of Things”. The Pinoccio is a pocket-sized microcontroller board, with wireless networking, rechargeable LiPo battery, sensors, and the ability to expand its capabilities through shields, much like an Arduino board. It features the new Atmel ATmega256RFR2, a single-chip AVR 8-bit processor with low power 2.4GHz transceiver for IEEE 802.15.4 communications.

Pinoccio featuring new Atmel ATmega256RFR2

Eric Jennings, along with his partner Sally Carson, co-founded Pinoccio. In my interview with Eric Jennings he said:

Eric Jennings: Sally Carson, Pinoccio’s other co-founder, is an expert in the intersection between humans and technology.  What I mean by that is that she thinks very deeply and carefully about the psychology of humans interacting with computers.  Human-computer interaction, user experience, and usability all fall under her umbrella.  I consider her contribution a secret weapon in what we’re trying to achieve with Pinoccio.

A Secret Weapon?!… I had to find out more what Eric meant, and just what exactly is Pinoccio’s Secret Weapon. I contacted Sally Carson and asked her about the intersection of User Experience (UX) with electronics and the design of the Pinoccio. Along the way, I learned some good lessons on why Design is important, even to just a set of electronics.

Eric Weddington (EW): What intrigued you about the Pinoccio to co-found a hardware startup company?

Sally Carson (SC): Well, I was always a creative kid, always drawing or making something. And, I always loved fiddling around with gadgets and electronics. In high school, I became an audio/video nerd. I got into skateboarding and playing in bands with friends. But, a huge part of both of these hobbies was the A/V part. So, for example, I filmed tons of footage of my friends and I skating. I would make these skate videos, editing the footage down using two VCRs. I’d use a 4-track to mix in audio, or I’d splice in the audio from an old Nintendo, like from Teenage Mutant Ninja Turtles. Every time we ollied or did a trick, there would be the “bloop” sound of a turtle jumping. So, I wasn’t like, busting out the soldering iron, but I was trying to find all of the different ways I could combine the electronics that I had access to.

Later on, I became a Web Designer and suddenly all of my creative output was virtual and done on a computer. I missed the physicality of using my hands to make things. Tim O’Reilly was a big influence on me, and I tried to keep up with whatever O’Reilly Media was putting out. I cut my teeth on the Web Design In a Nutshell book. I listened to podcasts of ETech and the Web 2.0 Conference.

Around 2004, I started to specialize in Interaction Design, and I was really interested in the Interaction Design Institute of Ivrea — where Massimo Banzi was teaching, and where Arduino was being developed. They were teaching Interaction Designers to prototype and test their product ideas by quickly building a physical prototype. This was fascinating to me — you could still be a Tech nerd but also build things with your hands. That blending of physical and virtual was super compelling; I always thought I had to choose one or the other.

Then, I got the first issue of Make when it came out, and I was totally enchanted. Make had found this incredible group of people who were tech geeks like me, but who knew how to build real things with their hands. I filled sketchbooks with ideas for DIY projects that I personally wanted to build. But, I still felt this barrier to entry and I hadn’t yet found a community of Makers who could help me. Every project I wanted to build needed to be wireless and Web-enabled, but that seemed totally out of reach for someone like me who wasn’t deeply technical.

I think there are a lot of people out there like me, who are somewhat geeky, but not super “deep geeks.” They want to build wireless, web-enabled projects but they don’t know how and they’re not sure it’s even possible. With Pinoccio, we’re providing all of that scaffolding for you. Your board is talking to the Web wirelessly within minutes of taking it out of the box. It already has a rechargeable battery that can last for weeks or months. From there, it’s up to you to start imagining possibilities for this platform. We want you to focus on the specifics of your project, instead of losing momentum trying to figure out all that other stuff.

So, with Pinoccio, I got really excited about enabling other people to build cool projects like the ones I had been dreaming about for years. There’s something really magical about creating a tool that enables other creative, talented folks — there’s this amazing multiplier effect.

EW: The Pinoccio could be looked at just the electronic guts of a larger system, as just a set of functions to be implemented. You and Eric Jennings see a need to approach the problem differently with Pinoccio. What led you to do this differently?

SC: The two most basic questions that I ask when I’m designing a product are: “Is it useful?” and “Is it desirable?” I want the answer to both questions to be yes.

If we had approached Pinoccio as “just a set of functions to be implemented,” we would have been building something useful, but not desirable. And that’s when you run the risk of commoditization. Your customers won’t have any particular loyalty to you, they’ll simply comparison shop between functionally similar products and choose whatever’s cheapest. Even if you’re first to market, this makes you vulnerable to cheaper knock-offs in the future.

So we want to be both useful *and* desirable. What does that look like? Let’s take Sugru as an example. Sugru is this magic, self-curing rubber that you can use to fix or modify practically anything — tools, electronics, everyday objects around the house. I had a sample packet laying around for a few months. I understood what it was, I understood the usefulness of it, but it wasn’t yet desirable in my mind.

Once Fall rolled around, I was commuting by bike at night, and I was frustrated with my new headlight. It had this recessed on/off button that was nearly impossible to press with thick gloves on. I used Sugru to fatten up the button and make it taller. The next day, once the Sugru had cured, I tried turning my light on and off with gloves and it was way, way better. I FELT SO SMART AND AWESOME! That was the moment that I fell in love with Sugru, because of how it made me feel about myself. I felt clever, capable, and industrious.

Now Sugru is both useful and desirable to me. I want to use it again, because I want to feel smart and awesome again. I want to show off what I “made” to my friends. It’s less about the Sugru, it’s more about how it made me feel. That “a-ha!” moment is what we’re shooting for with Pinoccio. We want to build a useful tool that makes people feel smart and awesome. We want to reduce those frustrating barriers to entry so you maintain your motivation to see a project through to completion. Then we want you to share what you built, show it off online, and collaborate with others who are working on similar projects.

EW: How is the process of designing the User Experience for the Pinoccio different than for other products?

SC: When I’m designing for the Web, I try to put together a functional prototype as quickly as possible, even if it’s just a clickable simulation comprised of sketches. Then I test it with real users. But, this is harder to do with hardware, it takes a lot longer to get to the functional prototype phase.

So, we used conferences like the Open Source Hardware Summit as an opportunity to interview potential customers and ask them about what they have actually done in the past. Have they tried to build a web-enabled project? How were they powering their projects? What tools did they use? What was frustrating? What worked well? This is a lot different than asking them if they think they would use Pinoccio, or asking them what features they’d like to see. We tried to identify existing pain points, based on the actual previous experiences of our target audience, then shape features around those insights.

EW: What part of the design process of the Pinoccio surprised you?

SC: I wouldn’t say I was surprised by this exactly, but I am constantly amazed by how awesome our community is. They’re brilliant, creative, and determined. They’re also incredibly generous and it’s super fun to see them sharing ideas and helping each other. I guess it surprised me how much idea exchange is already happening between members of the Community. It’s really rewarding to see that happening, and being an open source hardware company made it possible.

EW: What was the biggest challenge of the design process of the Pinoccio, and how did you overcome it?

SC: Well, for Web-based products, we try to build a Minimal Viable Product, get something into the hands of users as quickly as possible, see how they respond, then iterate and evolve the product organically from there. That’s a lot easier to do with software, because it’s relatively fast and cheap to put together an MVP.

Hardware is slower, it’s more expensive, and it’s inherently a “Waterfall” process — meaning there are a series of linear dependencies and the project can’t advance until each phase is complete. For each iteration, you have to make design changes to the board, order components, order PCBs, get the boards assembled, test them, rinse and repeat. It’s a weeks-to-months iteration cycle, instead of the hours-to-days cycles that we enjoy in Web Development.

I think the way that we address this is to bring assembly in-house. That will really allow us to take advantage of these Agile methodologies that we’re used to — rapid iterations of testing and refining. It will let us tighten up those cycles of iteration.

EW: What are some common mistakes that you see in hardware product design, that don’t take into account User Experience?

SC: Well, I think for any tech product, be it hardware or software, it’s tempting to think about features first, and to create a list of technical requirements as a starting point.

What we try to do instead is to think deeply about who our customer is. We think about what Peter Merholz calls their “emotional requirements.” What are their needs, motivations, and goals? What excites them? What frustrates them? How does Pinoccio fit into their lives, and how does it fit into a typical day? We answer these questions via different methods of qualitative research, including ethnography and interviews. It’s not enough to ask your target audience if they think they would like a particular product or feature. People are famously bad about self-reporting, it’s better to observe what they actually do, as opposed to asking them what they think they might do or might like.

Let’s go back to my bicycle light again. I’m going to hypothesize around what happened. The designers knew they were designing a light. They decided on some features — it’s possible they even asked customers what features they’d like — and they decided the light should have three modes: blink (for visibility and longer battery life), steady/low beam, and steady/high beam. They explored the interface — how do you use a single button to turn it on/off and to cycle through the three modes? The single button may come from a cost constraint. The flat, rubber button may have been an attempt to waterproof the light for riding in the rain. But did they observe real customers actually using the product? Not just in a lab setting, but in the real-world, during a typical day? Here in the States, in the late Fall, daylight saving ends and suddenly we’re all biking home in the dark. This is the time of the year that I start using my bike light. And because of the colder weather, I’m usually wearing gloves. If they had observed customers like me, in everyday conditions, they would have seen how hard it is to press that button with gloves on. And they would have seen me cursing under my breath, vowing to never buy a light from them again.

I think the best products make their customers feel smart. When you’re building complex technology products, if you do a bad job with the User Experience, the customer will blame themselves, “I suck at computers.” But it’s not their fault, it’s yours. And no one wants to keep using a product that makes them feel dumb. Frustration, hacks, and work-arounds are all super valuable insights. These are signals that a need that’s not being met. When I used Sugru to make the button easier to push, this was a work-around that signaled a need was not being met.

The key is to learn who your customer is, and to build empathy for them. Let that shape your product.

EW: How do you extend User Experience to the Pinoccio shields that are being developed?

SC: We talk to customers, we try to identify pain points that they’ve experienced with existing tools out there. We also talk to them about what they’re planning on building with Pinoccio. So, we just sent out a survey to our IndieGogo campaign funders asking them what their first Pinoccio project would be. Their answers will inform which shields we produce first. Then, once we have some shields produced, we’ll conduct qualitative research — observe actual customers using them during a typical day, in a typical setting. For example, we might go to a Makerspace where we know someone is building a project with Pinoccio, and just be a fly on the wall while they’re working on their project. Where do they get stuck? Where do they feel frustrated, or need help? That will help us refine the experience for the next iteration.

EW: There are many different solutions in the Wireless field, and the networking of objects that communicate wirelessly. What are some of the challenges of the user experience in this area, and what is Pinoccio doing to help users in this area?

SC: I think to-date, most solutions out there are either (1) so technical that only deep geeks can make use of them, or (2) they’re user-friendly but they’re constrained to a very specific use case, like home automation.

Our challenge is to build an extensible enough system that can support a variety of use cases, a robust enough system that we don’t lose the interest of those deep geeks, and yet still offer something that is easy for less technical folks to understand and use. For that final piece, we’ll be building a series of web-based tools that will help get those less technical folks up and running quickly and easily.

EW: You and Eric Jennings are located in different parts of the country, yet you have a start-up company together. What are the tools that you use to work together?

SC: Yep, Eric’s in Reno, and I’m in Ann Arbor. Eric and I use a number of tools, and have found a set up that works really well for us. We usually have IM running in the background, and ping each other throughout the day. We also do a daily Google Hangout — basically our “Stand Up” meeting in the Scrum parlance. Because we’re a young company, we’re happy to let these calls go long, and meander from detailed product decisions, all the way to long-term roadmap stuff.

We use Git for collaborating on code. We also have an internal documentation site that we use for asynchronous communication. It’s just a WordPress install running the P2 theme — it’s well-suited for short updates that can grow organically into longer discussions. We can archive pages that have evergreen info, and can easily search for and reference them later:

http://wordpress.org/extend/themes/p2

EW: What are your future goals with Pinoccio?

SC: I want Pinoccio to become just another tool in the average person’s workshop, makerspace, or art studio, sitting there right next to the duct tape. When they have an idea, they’ll grab a couple of Pinoccios and quickly throw together a prototype. I want this to feel totally unremarkable. Pinoccio is just another tool at their disposal that expands their capabilities. The object — the board itself — is less important. What’s important is that it enables them to build what they want to build, and it makes them feel smart, industrious, and clever (which they are!).