Awards of Freemindtronic

Posted on May 24, 2021September 20, 2023 by FMTAD

24
May

Awards of Freemindtronic: a showcase of excellence and innovation in data security

Freemindtronic is a company that has been recognized worldwide for its outstanding achievements in developing and providing data security solutions. Since its creation in 2009, Freemindtronic has received numerous awards and distinctions from prestigious organizations and events that celebrate the best in technology and innovation. In this page, you will find a comprehensive list of all the awards and distinctions that Freemindtronic has won over the years, as well as the details of each recognition and the products or services that were honored.

Awards and distinctions from 2010 to 2014

Some of the most notable awards and distinctions that Freemindtronic received in this period are:

The Silver Medal at the International Exhibition of Inventions of Geneva in 2010. It was for FullProtect, a system that protects electronic devices from electromagnetic attacks.
The Electron d’Or Award in 2013 for EviKey, the first NFC USB stick. It can be unlocked with a smartphone or a tablet.
The European Mechatronics Award in 2013 for EviKey, which was praised for its innovative design and functionality.
The RFID Award in 2014 for EviKey, which was presented by Jacques Gascuel. He is a renowned expert in RFID technology
The Embedded Trophy in 2014 for EviKey, which was selected as the best embedded system of the year.

Awards and distinctions from 2015 to 2017

Some of the most notable awards and distinctions that Freemindtronic received in this period are:

The Finalist Award at the International Cybersecurity Forum (FIC) in 2015 for EviKey. It was among the top 10 cybersecurity solutions of the year.
The Finalist Award at the Contactless Services Challenge in 2015 for EviKey. It was among the best contactless solutions of the year.
The Top 10 Cybersecurity Award at the FIC in 2017 for EviDisk, the first NFC hardened disk drive. It can be unlocked with a smartphone or a tablet.
The RCO Award in 2017 for EviToken, a hardware wallet and password manager. It is secured by contactless technology.
The MtoM & Embedded Systems Award in 2017 for EviDisk, which was chosen as the best IoT solution of the year.

Awards and distinctions from 2021 to present

Some of the most notable awards and distinctions that Freemindtronic received in this period are:

The Silver Medal at the International Exhibition of Inventions of Geneva in 2010. It was for FullProtect, a system that protects electronic devices from electromagnetic attacks.
The Electron d’Or Award in 2013 for EviKey, the first NFC USB stick. It can be unlocked with a smartphone or a tablet
The European Mechatronics Award in 2013 for EviKey, which was praised for its innovative design and functionality
The RFID Award in 2014 for EviKey, which was presented by Jacques Gascuel. He is a renowned expert in RFID technology
The Embedded Trophy in 2014 for EviKey, which was selected as the best embedded system of the year

These awards and distinctions demonstrate the high quality and reliability of Freemindtronic products and services. They also show the creativity and innovation of Freemindtronic team. They reflect the vision and mission of Freemindtronic, which is to offer data security solutions that are easy to use, accessible to everyone and respectful of privacy. By visiting this page, you will learn more about Freemindtronic achievements and why Freemindtronic is a trusted leader in data protection.

2023 Articles Communications Cybersecurity Digital Security News Technical News

5Ghoul: 5G NR Attacks on Mobile Devices

December 29, 2023

Predator Files How a Spyware Consortium Targeted Civil Society Politicians and Officials

Articles Cybersecurity Digital Security Spying

Predator Files: The Spyware Scandal That Shook the World

October 19, 2023

Fullsecure DataShielder HSM Fortress Award Jacques Gascuel inventor CEO de Freemindtronic Andorra el premi fortress 2023 de Business Intelligence Group

Awards Fortress Cyber Security Award

DataShielder HSM, la solució andorrana de FullSecure amb tecnologies de Freemindtronic, guanya el Premi Fortress 2023

September 22, 2023

DataShielder HSM, FullSecure's Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

2023 Awards Fortress Cyber Security Award

DataShielder HSM Fortress Award 2023 from FullSecure: the Andorran serverless and databaseless encryption solution

September 20, 2023

BITB attacks Browser-In-The-Browser remove delete destroy by IRDR Ifram Redirect Detection Removal since EviCypher freeware web extension open-source from Freemindtronic in Andorra

Articles Cryptocurrency Cybersecurity Digital Security Phishing

BITB Attacks: How to Avoid Phishing by iFrame

May 10, 2023

Gold Globee Winner 2022 at the Cyber Security Global Excellence Awards Cyber Computer NFC Freemindtronic Andorra

2022 Awards Cybersecurity EviCypher Technology

Gold Globee Winner 2022 Cyber Computer NFC

February 24, 2022

Awards CES Awards Distinction Excellence

Keepser Group Award CES 2022

January 9, 2022

Secure Card de Bleujour CES 2022 by Freemindtronic Andorra contactless data encryption from an NFC HSM security hardware module

2022 Events EviCypher NFC HSM Exhibitions Licences Freemindtronic NFC Contactless

Secure Card CES 2022

January 5, 2022

2021 Cybersecurity Distinction Excellence EviCypher Technology finalists

E&T Innovation Awards Cybersecurity

November 30, 2021

2021 E&T Innovation Awards Freemindtronic Andorra EviCypher Technology finalist Communications & IT

2021 Awards Communications Distinction Excellence EviCypher Technology finalists IT

E&T Innovation Awards Communications & IT

November 30, 2021

2021 Distinction Excellence finalists

Finalists The National Cyber Awards 2021

September 14, 2021

Articles EviCore NFC HSM Technology EviCypher Technology International Inventions Geneva multi-factor authentication News NFC HSM technology

Geneva International Exhibition of Inventions 2021

May 30, 2021

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

May 19, 2021

2021 Awards Distinction Excellence

Freemindtronic Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2021

May 18, 2021

EviCypher Gold Medal 2021 best invention worldwide gold medal Geneva International Inventions computer sciences software electronics electricity method communication Contactless Hardware Secrets Keeper

2021 Awards International Inventions Geneva

EviCypher Gold Medal 2021 of the Geneva International Inventions

March 16, 2021

2017 Awards Embedded System Awards IoT

Award 2017 MtoM & Embedded System & IoT

September 25, 2017

2017 Awards

Award RCO 2017 hardware wallet password manager secured contactless

March 17, 2017

2017 Cybersecurity finalists

Award FIC 2017 10th Most innovative international startup

January 14, 2017

2015 finalists NFC Contactless

Finalist Contactless Services Challenge

March 12, 2015

FIC 2015 Distinction Excellence 19th most innovative international cybersecurity startup with Freemindtronic EviKey USB stick unlock contactless by nfc phone invented by Jacques Gascuel

2015 Awards Distinction Excellence EviKey & EviDisk

FIC 2015 Distinction Excellence 19th Most innovative international startup

February 12, 2015

Award 2014 NFC EviKey® the story of the first hardened USB stick and NFC EviDisk® SSD Sata 3 unlockable contactless by Freemindtronic Andorra

2014 Awards Embedded System Awards EviKey & EviDisk News

The story of the first NFC hardened USB stick EviKey

December 13, 2014

2014 Awards Electronics Embedded System Awards EviKey & EviDisk

Embedded Trophy 2014 Freemindtronic

December 13, 2014

RFID Award 2014 Interview Jacques Gascuel presents EviKey NFC Rugged USB stick secured unlocked contactless

2014 Distinction Excellence EviKey & EviDisk NFC Contactless

RFID Award 2014 🎙️ Jacques gascuel presents NFC USB Stick EviKey

October 8, 2014

Award 2013 Freemindtronic TOP10 European mechatronic companies for Argos One NFC device emm2013

2013 Awards Distinction Excellence Electronics Embedded System Awards Mechatronics

European Mechatronics Award 2013 Freemindtronic

September 25, 2013

2013 Distinction Excellence Electronics Embedded System Awards finalists

Freemindtronic Electrons d’Or 2013

May 15, 2013

2010 Awards International Inventions Geneva

Award 2010 Silver Medal International Inventions Geneva FullProtect

April 25, 2010

Cyber Defense Magazine TV, News, Press

Interview of Christine Bernard by Gary Miliefsky of cyber defense magazine

Posted on May 24, 2021May 24, 2021 by FMTAD

24
May

Interview of Christine Bernard by Gary Miliefsky of cyber defense magazine

Freemindtronic – Delivering Privacy Solutions by Uniquely Leveraging Hardware, Software, NFC and Multiple Trust Criteria.

Interview of Christine Bernard CFO Freemindtronic andorra by Gary Miliefsky publisher of Cyber Defense Magazine TV CDTV during RSA conference Cyber Defense Hotseat.

Discover the Freemindtronic awards here

Articles

Mobility & Telecommuting: How to create a contactless cybersecure computer workstation?

Posted on May 24, 2021June 20, 2021 by FMTAD

24
May

How to create a contactless cybersecure computer workstation with Freemindtronic Andorra’s NFC devices.

The risk of contamination from Coronavirus COVID-19 has led to increased use of telework. The pandemic quickly imposed global containment of people. Independents, businesses, associations, administrations and communities have had to do everything possible to create jobs in a mobility environment. Unfortunately, this has not always been possible. It has become vital to preserve at least essential professional activities.

For some, the use of telework may seem temporary. However, the use of this mode of operation could well take hold in the long term, and surely become a norm in the future, beyond the duration of this health crisis.

Businesses will have reorganized around this new mode of operation and the new constraints associated with the limitation of travel.

More than a trend, it is a finding according to the survey conducted by Gartner which indicates that 88% of organizations have encouraged, or obliged, the use of telework. (https://www.gartner.com/en/newsroom/press-releases/2020-03-19-gartner-hr-survey-reveals-88–of-organizations-have-e)

According to the French Ministry of Labour, more than 4 out of 10 jobs in the private sector are now compatible with telework. According to a survey conducted by Deskeo among 2,915 professionals spread throughout France 62% of respondents will want to do more telework after confinement. (https://www.ledauphine.com/magazine-lifestyle/2020/04/24/les-francais-voudront-faire-plus-de-teletravail-apres-le-confinement).

A lot of organizations that have had to telework are done urgently. Some were put in place “remotely” with confined employees and without control of the security measures to be implemented. They have an obligation to find solutions to adequately protect information systems.

More worryingly, in an emergency, it was not possible for companies to deploy the necessary means and equipment to implement this new mode of operation. In fact, telework is often carried out with the personal equipment of employees with a level of safety not in accordance with professional use. This increases the area of exposure to vulnerability to data security and integrity.

Cyber criminals take advantage of telework vulnerability

Cyber criminals, on the other hand, have properly assessed this situation. They have seen exceptional potential and are taking advantage of this windfall to increase and target their cyberattacks.

A very worrying, dual-effect situation related to the containment and return of people to the company with their data exposed to risks.

@INTERPOL states that “Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defences could be reduced as a result of refocusing attention on the health crisis at COVID-19.” (https://www.interpol.int/Crimes/Cybercrime/COVID-19-cyberthreats)

Recommendations from Interpol and ANSSI

Interpol’s first recommendation is to back up all important files and store them independently of your computer system (e.g. in the cloud or on an external disk). Their second recommendation is to always check that you are on a company’s legitimate website before entering login information or sensitive information. When it comes to prevention, Interpol advises updating your passwords and making sure they are strong enough with a mix of capital letters, lower cases, numbers and special characters.

@ANSSI published its Computer Security Recommendations for Telework in Crisis on 23 March 2020. ( (https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/recommandations-securite-informatique-teletravail))

Their first recommendation “Separate professional and personal practices well at the risk of confusing them and generating security errors that could be detrimental to his business.” Second, “Strictly apply the safety instructions of your business.” Other common recommendations follow, such as “Strengthen password security” and “Save your work regularly,” including on media outside your equipment (key or USB drive) that you unplug once you’ve backed up.”

In France, Prime Minister Édouard Philippe called “emphatically” on all French companies to maintain telework as much as possible for their employees.
Minister of Labour @MurielPénicaud recommends the use of telework until the summer

“… 5 million French people are now teleworking, and in the context of progressive deconfining, it is important that they continue to telework…”

Innovative backup solutions on fixed and removable media that self-disconnect

There are two secure contactless products that originally have a physical self-disconnection system from computer systems when backup is made. These are the NFC hardened USB stick EviKey and the Sata III EviDisk SSD disc available in the USB 3.0 external case and the internal 7mm 2.5″ format. Products developed by Andorran Freemindtronic SL.

Check out the demo in the video below the contactless unlocking of an EviDisk built into a company’s KUBB computer Bleujour.

During the Occitanie CyberMatines on LMI TV @lemondeinformatique april 22, 2020, Fullsecure conducted offline protection and physical use demonstrations of sensitive data such as passwords and encryption keys. The backup media in credit card or Tag formats operate without contact with a phone serving as an NFC terminal.

This demo shows an electronic self-connection system to a computer, a motherboard Bios, a Windows session and a VPN.

Retrocompatible solutions for offline encryption of any type of data on computer and phone

Another demo shows how to encrypt any data on computer and smartphone, an operation compatible with all computer systems and messaging services, including SMS.

We are talking about compatible retro solutions that offer the advantage of securing the use of any type of computer hardware, computer, smartphone, software, application while maintaining maximum security of the use of sensitive data, whether personal or professional.

Finally, Fullsecure gives a tip to make a desktop “smart”: Secure the sensitive data of any computer discreetly, discreetly, thanks to its mini devices hardened in Pin’s format.

In addition, data sharing is contactless, reducing the risk of contagion during this period of pandemic due to Covid19. Indeed, it is enough to approach your smartphone to the Fullsecure device to manage and use the data contained in pin’s.

Fullsecure offers a wide range of products to meet data security needs in mobility and/or in the workplace.

Learn more about Fullsecure products https://fullsecure.link

2021, Articles, Contactless passwordless, EviCypher NFC HSM

Contactless Passwordless Auto Login

Posted on May 19, 2021January 10, 2024 by FMTAD

19
May

Contactless passwordless auto login with the most innovative NFC hardware password manager which received the Global Infosec Awards 2021

by Jacques GASCUEL, CEO of Freemindtronic

On a daily basis, every company, regardless of its size, is faced with providing occasional access to some of its digital services to outsiders. Who, during a business meeting at their premises, has never received a request from a service provider or a customer during a debriefing to gain access to the Internet? In practice, we can observe diametrically opposed behaviors depending on the cybersecurity maturity of the company, ranging from the provision of the company’s WiFi code (the worst) to the guest captive portal (the preferred). Temporary profiles such as interns and other temporary workers will also have more specific needs for a period that may be longer, but while remaining occasional to access your ERP, CRM or even a VPN for teleworking. Here again, in practice, the rights granted to these “Outside Persons” depend on the information system security policies implemented in the company;

For all these reasons, an authorized person of the company, “The Boss”, must physically give the computer identifiers to provide the right of access to the requested service. Consequently, Outside persons will thus be aware of the identifiers.

When the missions are finished, the procedure wants the Boss to modify the passwords communicated, in an obvious concern of security. In the worst-case scenario, company personnel have to accommodate this change of passwords, resulting in wasted time and obvious annoyance, again related to the use of passwords.

Freemindtronic offers a solution to this recurring problem

It’s an hardware password manager, with multi-criteria of trust operating with contactless technology, the “Freemindtronic card”. It is an NFC device designed to secure the end-to-end transport of confidential data. This card thus makes it possible to carry out many often very complex use cases with confidence.

This device can store up to 200 “secrets” (ID, encryption keys, banking information, etc.) individually secured with cumulative trust criteria defined at the discretion of the user and / or the administrator. Freemindtronic cards all have RSA 4096 asymmetric key management. The user can thus very easily, without taking any risk, share his secrets by all usual means of communication, via a QR code encrypted with the public key of his correspondent also having a Freemindtronic card. This sharing can also be done by SMS or MMS, by NFC Beam or printed on paper, even in the sight of malicious people.

An advanced “Passwordless” autologin system allows passwordless and contactless authentication with the secrets stored in the Freemindtronic card. Indeed, the secrets are stored encrypted in the non-volatile physical memory of the Freemindtronic card. Authentication is all the stronger as it has an MFA (multi-factor authentication) system that can be configured up to 12 physical trust criteria. These criteria can individually enslave each secret to block access attempts and illicit uses. Effective protection against theft, loss and brute force attacks on the Freemindtronic Card.

Thus, humans are put back at the heart of their safety and cybersecurity. Everything is done so that he very simply regains absolute control of his digital life with a tool that fits in a pocket. This tool, which physically decentralizes the secrets of information systems, makes it possible to fight effectively against a large number of risks such as failures and corruption of information systems, espionage, phishing, identity theft but also risks associated with human error.

Working principle contactless passwordless auto login

So how do you ensure that the outside Person can connect without sharing the secrets?

The Boss pairs his Freemindtronic card with his NFC phone. The latter itself is paired with an extension for web browsers installed on ALL workstations. The local network where the NFC phone and workstations are connected will be end-to-end encrypted for each transaction. The Outside Person sends a connection request to the Boss. He receives it on his phone. He places his Freemindtronic Card under the NFC antenna of his phone and the connection is made automatically in a fraction of a second. At no time did the Boss communicate the secrets, they will be transmitted over a secure channel between the card and the access service. The Boss can thus with a single Freemindtronic Card, manage via his phone up to 200 secrets on all the computers of his company.

This solution may seem restrictive in centralized use if the connection requests are numerous, the workload becomes unacceptable for “The Boss”. Freemindtronic Cards also have a PKI management mode allowing administration of card holders. It will therefore be possible to provide a card to “Outside Persons” who can connect with it. The Freemindtronic card is set to read-only so that access to stored secrets is limited to specifically intended uses. This limitation prevents the copying, sharing, or modification of secrets. In addition, use of the Freemindtronic card can be restricted to company premises using the associated trust criteria.

About the author

Jacques Gascuel, inventor and CEO Freemindtronic Andorra. Jacques has been an entrepreneur for 30 years. He followed an electrical engineering training and university law studies in Toulouse (France). An inventor at heart, he has won several trophies and enjoys taking on challenges. “Every problem has its solution” according to him, which pushes him today, as the leader of an Andorran startup specializing in Cybersecurity, to create innovations in the field of the digital freedom of people and the security of their data.

Freemindtronic is an Andorran start-up which designs and manufactures tailor-made solutions for its customers in the field of safety and cyber security of information systems and computer systems.

Jacques can be reached online on Linkedin : https://ad.linkedin.com/in/jacques-gascuel-fullsecure

For more information, visit the company website at www.freemindtronic.com

Freemindtronic Win Awards 2021 Next-Gen in Crypto Security with EviCypher & EviToken Technologies

Freemindtronic win awards 2021 Most Innovative in Hardware Password Manager with EviCypher & EviToken Technologies

Freemindtronic win awards 2021 Next-Gen in Secrets Management with EviCypher & EviToken Technologies

NEWS PROVIDED BY

Cyber Defense RSA Edition for 2021
May 18, 2021
Related Link:
https://www.cyberdefensemagazine.com
Source Link:
https://www.cyberdefensemagazine.com/annual-editions/RSA-2021/Cyber-Defense-Magazine-RSA-Edition-for-2021.pdf

SHARE THIS ARTICLE

Awards, Global Infosec Awards, News, Press

List of Winners Global Infosec Awards 2021

Posted on May 19, 2021April 17, 2024 by FMTAD

19
May

List of Winners Global Infosec 2021 publié sur le site web de CYBER DEFENSE MAGAZINE

Access Control Hot Company Safe-T
Access Control Market Leader SailPoint
Access Control Cutting Edge Sphere
Access Control Next-Gen vArmour
Account Takeover Protection Most Innovative NuData Security, a Mastercard company
Active Directory Security Hot Company Attivo Networks
Active Directory Security Next-Gen CionSystems Inc.
Advanced Persistent Threat (APT) Detection and Response Editor’s Choice BedRock Systems Inc.
Advanced Persistent Threat (APT) Detection and Response Best Product SECUINFRA GmbH
Advanced Persistent Threat (APT) Detection and Response Market Leader Group-IB
Advanced Persistent Threat (APT) Detection and Response Cutting Edge ARIA Cybersecurity
Anti-Malware Best Product Ericom Software
Anti-Phishing Most Innovative Ericom Software
Anti-Phishing Cutting Edge Inspired eLearning, LLC.
Anti-Phishing Hot Company IRONSCALES
Anti-Phishing Market Leader KnowBe4
Anti-Phishing Next-Gen OnDMARC by Red Sift
Anti-Phishing Editor’s Choice SlashNext
API Security Most Innovative Salt Security
Application Digital Resiliency Solution Most Innovative A10 Networks
Application Security Market Leader Checkmarx
Application Security Hot Company Contrast Security
Application Security Cutting Edge Data Theorem
Application Security Editor’s Choice Denim Group
Application Security Hot Company Digital.ai
Application Security Publisher’s Choice ForAllSecure
Application Security Most Promising HUMAN
Application Security Next-Gen Imvision
Application Security Cutting Edge Invicti Security
Application Security Most Innovative Security Compass
Application Security Editor’s Choice vArmour
Application Security Next-Gen Verimatrix
Application Security Best Product WhiteHat Security
Application Security Cutting Edge ZeroNorth
Application-aware Workload Protection Hot Company Virsec Systems
Artificial Intelligence Market Leader BlackBerry
Artificial Intelligence and Machine Learning Best Product Darktrace Holdings Limited
Artificial Intelligence and Machine Learning Editor’s Choice Egress
Artificial Intelligence and Machine Learning Next-Gen IDology
Artificial Intelligence and Machine Learning Cutting Edge LexisNexis Risk Solutions
Artificial Intelligence and Machine Learning Hot Company Onfido
Artificial Intelligence and Machine Learning Publisher’s Choice Persona
Artificial Intelligence and Machine Learning Cutting Edge Silobreaker
Attack Surface Management Publisher’s Choice Censys
Attack Surface Management Cutting Edge Cyberpion
Attack Surface Management Cutting Edge Data Theorem
Attack Surface Management Next-Gen Intelligent Waves
Attack Surface Management Editor’s Choice Randori
Attack Surface Management Most Innovative Sweepatic
Attack Surface Management Hot Company Zentera Systems, Inc.
Attack Surface Management Next-Gen Zscaler
Attack Surface Protection Market Leader CyCognito
Authentication (Multi, Single or Two-Factor) Most Innovative LexisNexis Risk Solutions
Automated Detection Engineering Most Innovative Anvilogic
Automated Forensic Malware Analysis and Hunt Tool Cutting Edge Cythereal
Biometrics Next-Gen iProov
Biometrics Most Innovative Nuance Communications, Inc.
Blockchain Security Next-Gen 1Kosmos
Breach & Attack Simulation Cutting Edge Cymulate
Breach & Attack Simulation Hot Company Keysight Technologies
Breach & Attack Simulation Most Innovative Pcysys
Breach & Attack Simulation Editor’s Choice Picus Security
Breach & Attack Simulation Next-Gen SafeBreach Inc
Browser Isolation Most Innovative Proofpoint
BYOD Cutting Edge Hypori Inc.
Central Log Management Market Leader Fluency Security
CEO of the Year Kevin Gosschalk Arkose Labs
CEO of the Year Klaus Oestermann BedRock Systems Inc.
CEO of the Year Mr. Cesar Pie CSIOS Corporation
CEO of the Year Tony Velleca CyberProof
CEO of the Year Dr. Aleksandr Yampolskiy SecurityScorecard
CEO of the Year Jay Chaudhry Zscaler
CEO of the Year Prakash Panjwani WatchGuard Technologies
CIEM Hot Company Attivo Networks
CISO of the Year Mike Hamilton Critical Insight, Inc
CISO of the Year Ryan Weeks Datto
Classification and Risk Mapping Cutting Edge Ground Labs
Cloud Access Security Broker (CASB) Next-Gen Netskope
Cloud Backup Most Innovative Arcserve
Cloud Infrastructure Entitlement Management (CIEM) Hot Company Attivo Networks
Cloud Infrastructure Entitlement Management (CIEM) Best Product CloudKnox Security
Cloud Infrastructure Entitlement Management (CIEM) Hot Company Ermetic
Cloud Security Editor’s Choice Anitian
Cloud Security Publisher’s Choice ARMO
Cloud Security Cutting Edge Censys
Cloud Security Most Innovative Data Theorem
Cloud Security Most Innovative Lookout
Cloud Security Best Product Netskope
Cloud Security Most Promising Orca Security
Cloud Security Market Leader RedSeal
Cloud Security Next-Gen Sonrai Security
Cloud Security Most Innovative ThreatModeler Software Inc.
Cloud Security Next-Gen Valtix
Cloud Security Hot Company vArmour
Cloud Security Cutting Edge Volterra
Cloud Security Market Leader Zscaler
Cloud Security Automation Hot Company Anitian
Cloud Workload Protection Hot Company ARMO
Cloud Workload Protection Next-Gen ColorTokens
Cloud Workload Protection Editor’s Choice Confluera
Cloud Workload Protection Cutting Edge TrueFort
Cloud Workload Protection Most Innovative Virsec Systems
Cloud Workload Protection Best Product Zscaler
Compliance Market Leader A-LIGN
Compliance Next-Gen Anitian
Compliance Most Innovative Armor
Compliance Cutting Edge Atlantic.Net
Compliance Best Product BigID
Compliance Most Promising Delphix
Compliance Publisher’s Choice Reciprocity
Compliance Most Innovative SberBank
Compliance Editor’s Choice Spirion
Compliance Hot Company Strike Graph
Compliance Cutting Edge Tugboat Logic
Compliance Automation Cutting Edge Anitian
Consent & Preference Management Market Leader OneTrust PreferenceChoice
Container Security Most Innovative NeuVector
Container Security Hot Company Virsec Systems
Continuous Controls Monitoring Platform Best Product Panaseer
Continuous Improvement and Optimization Services Hot Company CSIOS Corporation
Converged IAM Most Innovative ILANTUS TECHNOLOGIES
Critical Infrastructure Protection Cutting Edge BedRock Systems Inc.
Critical Infrastructure Protection Next-Gen QOMPLX
Critical Infrastructure Protection Most Innovative TXOne Networks, Inc.
Crypto Security Next-Gen FREEMINDTRONIC
Crypto Security Cutting Edge SpyCloud
CTO of the Year Charles Eagan Blackberry
CTO of the Year Satya Gupta Virsec Systems
Cyber Analytics Most Innovative Cyberlumeneer
Cyber Insurance Editor’s Choice Cowbell Cyber
Cyber Threat Intelligence Most Innovative CYFIRMA
Cyber Threat Intelligence Best Product Nucleon Cyber
Cybersecurity – Healthcare Practices Market Leader Alexio Corporation
Cybersecurity Analytics Most Innovative Awake Security
Cybersecurity Analytics Cutting Edge ChaosSearch
Cybersecurity Analytics Next-Gen LexisNexis Risk Solutions
Cybersecurity Analytics Hot Company Spirion
Cybersecurity Artificial Intelligence Editor’s Choice Axiado Corporation
Cybersecurity Artificial Intelligence Next-Gen Traceable
Cybersecurity Artificial Intelligence Market Leader Darktrace Holdings Limited
Cybersecurity Conference Cutting Edge Semperis
Cybersecurity Discovery Most Innovative Suridata.ai
Cybersecurity Education – for Enterprises Hot Company Inspired eLearning, LLC.
Cybersecurity Education – for Enterprises Editor’s Choice AwareGO
Cybersecurity Education – for Small Business Next-Gen Alexio Corporation
Cybersecurity Education – for Small Business Most Innovative Inspired eLearning, LLC.
Cybersecurity Innovation Market Leader ANY.RUN
Cybersecurity Internet of Things (IoT) Hot Company Onward Security Corp.
Cybersecurity Internet of Things (IoT) Best Product Armis
Cybersecurity Internet of Things (IoT) Cutting Edge Cujo AI
Cybersecurity Product Engineeering Services Hot Company Sacumen
Cybersecurity Research Most Innovative BlackBerry
Cybersecurity Startup of the Year Editor’s Choice Anvilogic
Cybersecurity Startup of the Year Publisher’s Choice BedRock Systems Inc.
Cybersecurity Startup of the Year Cutting Edge Cydome Security
Cybersecurity Startup of the Year Best Product Cymptom
Cybersecurity Startup of the Year Most Promising Cyolo
Cybersecurity Startup of the Year Most Innovative DoControl, Inc.
Cybersecurity Startup of the Year Next-Gen Keyavi Data Corp.
Cybersecurity Startup of the Year Hot Company Salt Security
Cybersecurity Startup of the Year Cutting Edge SecurityScorecard
Cybersecurity Startup of the Year Next-Gen Stellar Cyber
Cybersecurity Strategist of the Year Mr. Clinton Hackney CSIOS Corporation
Cybersecurity Training Best Product Checkmarx
Cybersecurity Training Cutting Edge Circadence Corporation
Cybersecurity Training Next-Gen Fortinet
Cybersecurity Training Editor’s Choice Inspired eLearning, LLC.
Cybersecurity Training Market Leader KnowBe4
Cybersecurity Training Most Innovative MITRE Engenuity
Cybersecurity Training Most Promising PECB
Cybersecurity Training Market Leader RangeForce
Cybersecurity Training for Infosec Professionals Best Product Infosec Inc.
Cybersecurity-as-a-Service (CaaS) Next-Gen Allot
Cybersecurity-as-a-Service (CaaS) Cutting Edge Cyvatar
Data Center Security Market Leader HillStone Networks
Data Governance Most Innovative Egnyte
Data Leakage Protection Most Innovative Dasera
Data Loss Prevention (DLP) Next-Gen Altaro Software
Data Loss Prevention (DLP) Cutting Edge CoSoSys
Data Loss Prevention (DLP) Editor’s Choice DTEX Systems
Data Loss Prevention (DLP) Best Product GTB Technologies, Inc.
Data Loss Prevention (DLP) Market Leader Kingston Technology
Data Protection Next-Gen ICSDI – ATAGUC SAFE
Data Recovery Publisher’s Choice Rubrik
Data Recovery Market Leader SecureData
Data Security Best Product BigID
Data Security Cutting Edge Cloudrise
Data Security Next-Gen Concentric.ai
Data Security Next-Gen Egnyte
Data Security Market Leader Imperva
Data Security Hot Company Keyavi Data Corp.
Data Security Most Promising PKWARE
Data Security Market Leader Protegrity
Data Security Most Innovative RackTop Systems
Data Security Publisher’s Choice Suridata.ai
Database Data Breach Prevention Cutting Edge Don’t Be Breached
DDoS Protection Scrubbing Center Solution Next-Gen A10 Networks
Deception Based Security Market Leader Attivo Networks
Deception Based Security Most Innovative Illusive Networks
Deep Sea Phishing Next-Gen Ericom Software
Deep Sea Phishing Cutting Edge IRONSCALES
Deep Sea Phishing Editor’s Choice Tessian
Defensive Cyberspace Operations Team of the Year Publisher’s Choice CSIOS Corporation
DevSecOps Cutting Edge Apiiro
DevSecOps Editor’s Choice Data Theorem
DevSecOps Most Innovative Denim Group
DevSecOps Next-Gen Security Compass
DevSecOps Hot Company ZeroNorth
Digital Executive Protection Editor’s Choice BlackCloak, Inc.
Digital Footprint Security Next-Gen Reflectiz
Digital Footprint Security Cutting Edge Resecurity, Inc.
Digital Footprint Security Editor’s Choice Spirion
Digital Footprint Security Publisher’s Choice Sweepatic
Digital Rights Management Next-Gen Fasoo Co., Ltd.
Digital Rights Management Most Innovative i2Chain, Inc.
Email Fraud Defense Market Leader Proofpoint
Email Security Cutting Edge Microsoft
Email Security Most Innovative RevBits LLC
Email Security and Management Editor’s Choice Cryptoloc Technology
Email Security and Management Best Product Darktrace Holdings Limited
Email Security and Management Next-Gen Datto
Email Security and Management Cutting Edge IRONSCALES
Email Security and Management Market Leader OnDMARC by Red Sift
Email Security and Management Publisher’s Choice Perception Point
Email Security and Management Market Leader Proofpoint
Email Security and Management Hot Company Zix
Embedded Security Editor’s Choice Enea
Embedded Security Next-Gen Intrinsic ID
Embedded Security Cutting Edge Lattice Semiconductor
Encrypted Hardware Next-Gen DataLocker
Encrypted Hardware Best Product iStorage
Encrypted Hardware Most Innovative SecureData
Encryption Next-Gen Cryptoloc Technology
Encryption Market Leader Kingston Technology
Encryption Best Product Quantum Xchange
Encryption Cutting Edge RackTop Systems
Encryption Editor’s Choice SafeLogic
Encryption Hot Company Zoom Video Communications, Inc.
Endpoint Detection and Response (EDR) Most Innovative RevBits LLC
Endpoint Security Next-Gen Adaptiva
Endpoint Security Best Product BlackBerry
Endpoint Security Market Leader DriveLock SE
Endpoint Security Most Innovative Keeper Security
Endpoint Security Cutting Edge McAfee
Endpoint Security Market Leader Microsoft
Endpoint Security Editor’s Choice RevBits LLC
Endpoint Security Cutting Edge SecPod
Endpoint Security Most Innovative VMware Carbon Black
Endpoint Security Market Leader Zscaler
Enterprise Security Publisher’s Choice Anitian
Enterprise Security Cutting Edge Anvilogic
Enterprise Security Hot Company Darktrace Holdings Limited
Enterprise Security Editor’s Choice ThreatQuotient
Enterprise Security Next-Gen vArmour
ERP Data Security Next-Gen Appsian
ERP Risk Mitigation Cutting Edge Appsian
ERP Security Most Innovative Onapsis
Extended Detection and Response (XDR) Most Innovative Beijing ThreatBook Technology Co. Ltd.
Extended Detection and Response (XDR) Market Leader McAfee
Extended Detection and Response (XDR) Editor’s Choice Microsoft
Extended Detection and Response (XDR) Cutting Edge SANGFOR TECHNOLOGIES INC.
Extended Detection and Response (XDR) Next-Gen Zentera Systems, Inc.
Firewall Market Leader VMware
Firewall Best Product Untangle Inc
Forensics Most Innovative QuoLab Technologies
Fraud Prevention Hot Company Arkose Labs
Fraud Prevention Editor’s Choice Bolster
Fraud Prevention Publisher’s Choice Deduce
Fraud Prevention Cutting Edge Group-IB
Fraud Prevention Next-Gen Kount, An Equifax Company
Fraud Prevention Hot Company LexisNexis Risk Solutions
Fraud Prevention Most Innovative Pindrop
Fraud Prevention Editor’s Choice SberBank
Fraud Prevention Hot Company Sumsub
Fraud Prevention Next-Gen Veriff
Fraud Prevention Best Product XTN Cognitive Security
Global Managed Threat Detection and Response Market Leader Trustwave
Go-to-market Agency for Cyber Security Startups Most Innovative Punch
Governance, Risk and Compliance (GRC) Best Product Difenda
Hardware Password Manager Most Innovative FREEMINDTRONIC
Hardware Security Best Product Microsoft
Healthcare IoT Security Cutting Edge CyberMDX
Healthcare IoT Security Most Innovative Medigate
IAM Hot Company Keeper Security
IAM Service Market Leader Herjavec Group
ICS/SCADA Security Next-Gen Armis
ICS/SCADA Security Hot Company Mission Secure
ICS/SCADA Security Editor’s Choice TXOne Networks, Inc.
ICS/SCADA Security Market Leader SCADAfence
Identity & Access Management Hot Company Axiad
Identity & Access Management Editor’s Choice Centrify
Identity & Access Management Market Leader CloudKnox Security
Identity & Access Management Next-Gen Devolutions
Identity & Access Management Cutting Edge HID Global
Identity & Access Management Publisher’s Choice Omada
Identity & Access Management Cutting Edge One Identity
Identity & Access Management Most Innovative OneLogin, Inc.
Identity & Access Management Best Product Optimal IdM
Identity & Access Management Most Promising Ping Identity
Identity & Access Management Most Innovative QOMPLX
Identity & Access Management Next-Gen Saviynt
Identity & Access Management Cutting Edge Semperis
Identity & Access Management Editor’s Choice SpyCloud
Identity Management Cutting Edge Clear Skye
Identity Management Best Product SailPoint
Identity Management Next-Gen Sonrai Security
Identity Management Cutting Edge vArmour
Identity Management Market Leader Venafi
Identity Verification Cutting Edge Persona
Identity Verification Editor’s Choice Veratad Technologies LLC
Identity Verification Most Innovative IDology
Identity Verification Next-Gen Regula
Incident Response Editor’s Choice Canopy Software
Incident Response Most Innovative Endace
Incident Response Next-Gen Group-IB
Incident Response Cutting Edge Logsign
Incident Response Publisher’s Choice OTRS Group
Incident Response Hot Company QuoLab Technologies
Incident Response Most Promising SIRP Labs Limited
InfoSec Startup of the Year Next-Gen Clayton
InfoSec Startup of the Year Cutting Edge Hysolate
InfoSec Startup of the Year Most Innovative King & Union
Infosec Startup of the Year Editor’s Choice ShardSecure
Insider Threat Detection Market Leader Code42
Insider Threat Detection Best Product LinkShadow
Insider Threat Prevention Next-Gen DTEX Systems
Insider Threat Prevention Cutting Edge Egress
Insider Threat Prevention Best Product Gurucul
Insider Threat Prevention Most Innovative RackTop Systems
Integrated Risk Management Editor’s Choice CyberSaint Security
Internet Filtering Market Leader SafeDNS, Inc.
Internet of Things (IoT) Hot Company SCADAfence
Intrusion Detection System Most Innovative INTRUSION
IT Automation and Cybersecurity Next-Gen Coviant Software
IT Vendor Risk Management (ITVRM) Cutting Edge LogicGate
IT Vendor Risk Management (ITVRM) Editor’s Choice ProcessUnity
IT Vendor Risk Management (ITVRM) Most Innovative Reciprocity
Malware Analysis Next-Gen ANY.RUN
Malware Analysis Best Product ReversingLabs
Malware Detection Most Innovative Microsoft
Managed Detection and Response (MDR) Best Solution Alert Logic
Managed Detection and Response (MDR) Market Leader AT&T Cybersecurity
Managed Detection and Response (MDR) Editor’s Choice Critical Insight, Inc
Managed Detection and Response (MDR) Cutting Edge CyberProof
Managed Detection and Response (MDR) Market Leader deepwatch
Managed Detection and Response (MDR) Next-Gen Difenda
Managed Detection and Response (MDR) Most Innovative eSentire
Managed Detection and Response (MDR) Hot Company Field Effect Software, Inc
Managed Detection and Response (MDR) Market Leader Herjavec Group
Managed Detection and Response (MDR) Most Innovative Netsurion
Managed Detection and Response (MDR) Publisher’s Choice Orange Cyberdefense
Managed Security Service Provider (MSSP) Next-Gen Avertium
Managed Security Service Provider (MSSP) Cutting Edge CyberProof
Managed Security Service Provider (MSSP) Best Product deepwatch
Managed Security Service Provider (MSSP) Market Leader Herjavec Group
Managed Security Service Provider (MSSP) Market Leader Neustar Inc.
Managed Security Service Provider (MSSP) Editor’s Choice Orange Cyberdefense
Managed Security Service Provider (MSSP) Most Innovative Thrive
MDR Service Provider Most Innovative Proficio
Micro-segmentation Next-Gen ColorTokens
Micro-segmentation Cutting Edge Ericom Software
Micro-segmentation Most Innovative Illumio
Micro-segmentation Best Product Safe-T
Micro-segmentation Editor’s Choice Zentera Systems, Inc.
Mobile Application Security Most Innovative Guardsquare
Mobile Endpoint Security Next-Gen Guardsquare
Mobile Endpoint Security Market Leader Lookout
MSSP Best Product AT&T Cybersecurity
MSSP Cutting Edge Netsurion
MSSP Most Innovative QI-ANXIN Technology Group Inc
Multi-factor Authentication Hot Company Axiad
Multi-factor Authentication Most Innovative LastPass
Multi-factor Authentication Market Leader WatchGuard Technologies
Network & Security Management Next-Gen Untangle Inc
Network Access Control (NAC) Cutting Edge Portnox
Network Detection and Response Most Innovative Plixer
Network Security and Management Cutting Edge AlgoSec
Network Security and Management Most Innovative ARIA Cybersecurity
Network Security and Management Next-Gen Endace
Network Security and Management Market Leader Gigamon
Network Security and Management Best Product LogRhythm
Network Security and Management Publisher’s Choice Lookout
Network Security and Management Hot Company WatchGuard Technologies
Network Security and Management Editor’s Choice Zero Networks
Next Generation Firewall Most Innovative HillStone Networks
Open-Source Security Next-Gen Onward Security Corp.
Open-Source Security Cutting Edge Patchstack
Open-Source Security Next-Gen Xmirror Security
Operational Technology (OT) & Internet of Things (IoT) Cybersecurity Market Leader Nozomi Networks
Packet Capture Platform Market Leader Endace
PAM for Cloud Infrastructure Best Product CloudKnox Security
Passwordless Authentication Best Product Aware, Inc.
Passwordless Authentication Most Innovative Axiad
Passwordless Authentication Cutting Edge TruU
Passwordless Authentication Next-Gen Veridium
Pentesting-as-a-service (PtaaS) Next-Gen Cobalt
PR Firm for InfoSec Companies Publisher’s Choice ARPR
PR Firm for InfoSec Companies Hot Company LaunchTech Communications
PR Firm for InfoSec Companies Market Leader Lumina Communications
Privacy Management Software Editor’s Choice IDX
Privacy Management Software Next-Gen Spirion
Privacy Management Software Cutting Edge TrustArc
Privacy Research Solution Most Innovative OneTrust DataGuidance
Privileged Access Management (PAM) Next-Gen Fudo Security
Privileged Access Management (PAM) Best Product RevBits LLC
Privileged Account Security Most Innovative Devolutions
Privileged Account Security Market Leader Remediant
Railway Cybersecurity Cutting Edge Cervello
Ransomless Ransomware Solution Most Innovative Stash Global Inc.
Ransomware Protection of SaaS Data Next-Gen Spin Technology, Inc.
Ransomware Recovery Solution Cutting Edge Semperis
Risk Management Editor’s Choice CyberSaint Security
Risk Management Cutting Edge Reciprocity
Risk Management Best Product RiskIQ
Risk Management Next-Gen RiskLens
Runtime Memory Protection Best Product Virsec Systems
SaaS Security Publisher’s Choice DoControl, Inc.
SaaS/Cloud Security Publisher’s Choice ANY.RUN
SaaS/Cloud Security Editor’s Choice Axis Security
SaaS/Cloud Security Cutting Edge Beijing ThreatBook Technology Co. Ltd.
SaaS/Cloud Security Most Promising Clayton
SaaS/Cloud Security Publisher’s Choice ColorTokens
SaaS/Cloud Security Next-Gen ExtraHop
SaaS/Cloud Security Market Leader iboss
SaaS/Cloud Security Hot Company Lightspin
SaaS/Cloud Security Cutting Edge ManagedMethods
SaaS/Cloud Security Next-Gen Spin Technology, Inc.
SaaS/Cloud Security Editor’s Choice Webscale
SaaS/Cloud Security Best Product Zscaler
SaaS/Cloud Security Most Innovative Anitian
SD-WAN Cutting Edge HillStone Networks
SecOps-as-a-service Most Innovative Cyvatar
Secrets Management Next-Gen FREEMINDTRONIC
Secure Coding: Developer Upskilling Most Innovative Secure Code Warrior
Secure Communications Best Product BlackBerry
Secure Remote Access Next-Gen Fudo Security
Secure SaaS Backups Most Innovative Spin Technology, Inc.
Security Awareness Training Market Leader Infosec
Security Awareness Training Editor’s Choice Proofpoint
Security Company of the Year Publisher’s Choice Anitian
Security Company of the Year Market Leader BlackBerry
Security Company of the Year Hot Company ColorTokens
Security Company of the Year Market Leader Darktrace Holdings Limited
Security Company of the Year Editor’s Choice Egress
Security Company of the Year Editor’s Choice eSentire
Security Company of the Year Most Innovative Herjavec Group
Security Company of the Year Cutting Edge Keeper Security
Security Company of the Year Next-Gen Lookout
Security Company of the Year Cutting Edge Raytheon Intelligence & Space
Security Company of the Year Next-Gen ReversingLabs
Security Company of the Year Most Promising SANGFOR TECHNOLOGIES INC.
Security Company of the Year Most Innovative Zscaler
Security Expert of the Year Caroline Wong Cobalt
Security Expert of the Year Stuart Reed Orange Cyberdefense
Security Governance, Risk and Compliance (GRC) Market Leader SCADAfence
Security Information Event Management (SIEM) Cutting Edge Devo
Security Information Event Management (SIEM) Editor’s Choice Graylog
Security Information Event Management (SIEM) Best Product LogRhythm
Security Information Event Management (SIEM) Publisher’s Choice SECUINFRA GmbH
Security Information Event Management (SIEM) Most Innovative Securonix
Security Information Event Management (SIEM) Next-Gen Sumo Logic
Security Information Event Management (SIEM) Hot Company Thrive
Security Investigation Platform Next-Gen Endace
Security Investigation Platform Cutting Edge King & Union
Security Investigation Platform Most Innovative Swimlane
Security Investigation Platform Best Product ThreatQuotient
Security Project of the Year Most Innovative BedRock Systems Inc.
Security Project of the Year Cutting Edge SberBank
Security Project of the Year Editor’s Choice Zscaler
Security Ratings Cutting Edge Panorays
Security Ratings Next-Gen RiskRecon, A Mastercard Company
Security Software Most Innovative Versa Networks
Security Team of the Year Most Innovative Bank of America
Security Team of the Year Most Innovative SecurityMetrics
Security Training Best Product Field Effect Software, Inc
Self-protecting Data Security Cutting Edge Cryptoloc Technology
Self-protecting Data Security Next-Gen Keyavi Data Corp.
SIEM Most Innovative Logsign
Single Sign-on Best Product CionSystems Inc
SMB Cybersecurity Editor’s Choice A-LIGN
SMB Cybersecurity Best Product Defendify
SMB Cybersecurity Next-Gen Devolutions
SMB Cybersecurity Most Innovative Field Effect Software, Inc
SMB Cybersecurity Cutting Edge JumpCloud
SMB Cybersecurity Publisher’s Choice Orange Business Service
SMB Cybersecurity Most Innovative Sectigo
SMB Cybersecurity Most Promising TPx
SMB Cybersecurity Market Leader WatchGuard Technologies
SMB Cybersecurity Cutting Edge Zix
SOAR Best Product QI-ANXIN Technology Group Inc
SOAR Next-Gen Siemplify
SOC-as-a-Service Next-Gen Comtact
SOC-as-a-Service Most Innovative Netsurion
SOC-as-a-Service Cutting Edge Performanta
SOC-as-a-Service Best Product Proficio
Software Composition Analysis Cutting Edge Checkmarx
Software Composition Analysis Next-Gen GrammaTech
Software Development Lifecycle Security Cutting Edge Clayton
Telecoms Fraud Prevention Next-Gen SpyCloud
Telecoms Fraud Protection Best Product LexisNexis Risk Solutions
Third Party Risk Management (TPRM) Best Product CyberGRX
Third Party Risk Management (TPRM) Cutting Edge ProcessUnity
Third Party Risk Management (TPRM) Most Innovative Reciprocity
Third Party Risk Management (TPRM) Next-Gen Resecurity, Inc.
Threat Intelligence Market Leader Alert Logic
Threat Intelligence Cutting Edge Cobwebs Technologies
Threat Intelligence Editor’s Choice Cyware
Threat Intelligence Publisher’s Choice Flashpoint
Threat Intelligence Most Promising King & Union
Threat Intelligence Editor’s Choice LexisNexis Risk Solutions
Threat Intelligence Next-Gen QuoLab Technologies
Threat Intelligence Cutting Edge Resecurity, Inc.
Threat Intelligence Most Innovative ReversingLabs
Threat Intelligence Next-Gen Silobreaker
Threat Intelligence Hot Company ThreatQuotient
Threat Intelligence Best Product Beijing ThreatBook Technology Co. Ltd.
Threat Modeling Most Innovative ThreatModeler Software Inc.
Token Based IAM Hot Company uQontrol
Top Women in Cybersecurity Alex Kobray Flashpoint
Top Women in Cybersecurity Kimberly Sutherland LexisNexis Risk Solutions
Top Women in Cybersecurity Nicola Jakeman Orange Cyberdefense
Top Women in Cybersecurity Aimei Wei Stellar Cyber
Top Women in Cybersecurity Michel Huffaker ThreatQuotient
Top Women in Cybersecurity Vanita Pandey Arkose Labs
Top Women in Cybersecurity Carolyn Crandall Attivo Networks
Top Women in Cybersecurity Ingrid Gliottone BlackCloak, Inc.
Top Women in Cybersecurity Christina Luttrell IDology
Top Women in Cybersecurity Leah Freiman ItCon Inc.
Top Women in Cybersecurity Anna Collard KnowBe4
Top Women in Cybersecurity Stephanie Fohn NeuVector
Top Women in Cybersecurity Teresa Shea Raytheon Intelligence & Space
Top Women in Cybersecurity Susanne Gurman SecurityScorecard
Top Women in Cybersecurity Lee Kappon Suridata.ai
Top Women in Cybersecurity Alex Kobray TalaTek, a Cerberus Sentinel company
Top Women in Cybersecurity Dr. Nicole Fern Tortuga Logic, Inc.
Unified Cloud Edge (UCE) Security Market Leader McAfee
Unified Threat Management (UTM) Cutting Edge WatchGuard Technologies
User Behavior Analytics Cutting Edge NuData Security, a Mastercard company
Vulnerability Assessment, Remediation and Management Next-Gen Adaptive Shield
Vulnerability Assessment, Remediation and Management Cutting Edge Pcysys
Vulnerability Assessment, Remediation and Management Hot Company SecPod
Vulnerability Assessment, Remediation and Management Hot Company SecureWorks
Vulnerability Assessment, Remediation and Management Most Innovative SecurityMetrics
Vulnerability Assessment, Remediation and Management Best Product XM Cyber
Vulnerability Intelligence Cutting Edge Risk Based Security
Vulnerability Intelligence Most Innovative RiskSense
Vulnerability Intelligence Editor’s Choice Silobreaker
Vulnerability Management Publisher’s Choice Denim Group
Vulnerability Management Most Promising Difenda
Vulnerability Management Next-Gen Intel
Vulnerability Management Cutting Edge Kenna Security
Vulnerability Management Most Innovative Pcysys
Vulnerability Management Next-Gen RiskSense
Vulnerability Management Next-Gen Skybox Security
Vulnerability Management (Operational Technology) Hot Company Industrial Defender
Web Application Security Publisher’s Choice Fastly (Signal Sciences)
Web Application Security Next-Gen HUMAN
Web Application Security Next-Gen Invicti Security
Web Application Security Editor’s Choice Kasada
Web Application Security Market Leader Neustar Inc.
Web Application Security Cutting Edge Patchstack
Web Application Security Most Innovative Penta Security Systems Inc.
Web Application Security Hot Company Reblaze
Web Application Security Most Promising Reflectiz
Web Application Security Best Product ThreatX
Wireless, Mobile, or Portable Device Security Next-Gen WatchGuard Technologies
Wireless, Mobile, or Portable Device Security Most Innovative Kingston Technology
XDR – Extended Detection and Response Cutting Edge Confluera
XDR – Extended Detection and Response Best Product Fidelis Cybersecurity
XDR – Extended Detection and Response Next-Gen Red Piranha Limited
XDR – Extended Detection and Response Most Innovative Stellar Cyber
Zero Trust Hot Company Fudo Security

Three Awards 2021

NEWS PROVIDED BY
https://cyberdefenseawards.com
May 18, 2021 , 2020, 09:00 ET
Related Links
https://cyberdefenseawards.com/global-infosec-awards-for-2021-winners

SHARE THIS ARTICLE

2021, Articles, EviCypher NFC HSM, EviCypher Technology, Technical News

EviCypher A New Way to Keep Secrets and Pass Them On

Posted on May 18, 2021April 11, 2022 by FMTAD

18
May

EviToken & EviCypher Technology a new way to keep secrets and pass them on.

EviToken & EviCypher technology to control information privacy is an absolute necessity today, as there are so many cyber malicious acts. We can cite among others acts such as phishing, stalking or ransomware. These so-called “cyber” threats alone represent approximately 75% of the infiltration techniques giving access to your confidential or personal data. All of these techniques have the same approach, which is identity theft. This mechanism allows an individual, or a machine, to impersonate someone or something else. The recipient thus deceived, lifts his natural mistrust to trust this ill-intentioned sender.

Protection techniques for transmitting confidential or personal data have been around for a very long time, as have signature mechanisms. They are most often based on asymmetric key algorithms, with strong encryption (RSA of 2048 or 4096 bits or even ECDSA). Unfortunately, if the model on which these encryption techniques are based is proven and ensures flawless security, its IT implementation is, for its part, often undermined by man-in-the-middle attacks, or by elevations of law on information systems. These attacks, when identification or decryption relies only on one-factor authentication, allow the theft of encryption keys, and directly compromise the security of your data. To mitigate these threats, two-factor authentication (or 2FA) adds a layer of protection by either obtaining a unique code sent by SMS to your phone number, or by validating a request for it authentication (Google / Facebook), or through the use of authenticators which is increasingly recommended by security specialists.

Why use the EviToken & EviCypher Technology?

The purpose of EviToken & EviCypher technology is to secure secrets of different kinds, such as asymmetric keys (RSA), symmetric keys (AES) but also login information, PIN codes, account or bank card identifiers, cryptocurrency private keys, cryptocurrency wallet passphrases, cryptocurrency recovery phrases (SEED), etc. The EviToken & EviCypher secure safe is contained in a simple NFC card, not connected to a computer system. It communicates with the latter, on demand, via a near-field transmission protocol (NFC) which transmits data over an encrypted channel, built by EviToken & EviCypher. Secrets stored in the card are segmented and encrypted to make them physically inaccessible to cybercriminals. The EviToken & EviCypher secure safe is a real natural Air Gap component. Thus, apart from the case of data transmission, the architecture used has: no power supply; no security breach due to an increase in temperature (which makes it immune to malware such as “BitWhisper and Fansmitter”); no emission of sound signals, even those inaudible to the human ear and no emission of light or waves. Finally, to avoid a conflation with smart card-based systems, the support of EviToken & EviCypher technology does not require dedicated physical connection hardware with the digital system, nor does it have an operating system, which makes it insensitive to the introduction of malicious code as on a Java architecture. Like any electronic component, the EviToken & EviCypher secure safe can undergo invasive attacks which consist in using acids to expose the electronic circuit that will then have to be analyzed to try to understand the implementation of the secure secrets in multiple scrambled segments.

If EviToken & EviCypher technology provides security in a secure vault, what about the use of encryption keys to transport secrets over a secure channel?

In the context of two-factor authentication, we consider that you are the only one who can hold the second criterion of trust. This security measure traditionally allows, in case of failure, not to trigger the secure transport of your data. However, this function is not intended to secure the transport, it is the role of the encryption protocol to perform this operation. Thus, if the encryption keys are compromised, the data could be compromised during a listen. Faced with this problem, EviToken & EviCypher directly integrates metadata trust criteria into its encryption keys, in order to secure the encrypted messages during their transport. Thus, even in the event of a compromise of the keys, decryption remains blocked by the trust criteria. With this in mind, why stop at two criteria of trust? In its basic version, EviToken & EviCypher offers nine trust criteria based on the possession of a third-party object, technical components (phone ID, barcode, password, geolocation or BSSID) but also environmental and specific components to the sender, or recipient, to make data compromise even more difficult.

A simple example, you want to send a confidential message containing your latest invention to a colleague in a hostile environment, with a high probability of compromise. You will therefore add non-digital trust criteria to your encryption key, to ensure its protection in the event of a compromise. The decryption of the message by the AES 256 symmetric key will only be accessible, by the digital tool, once the conditions related to the trust criteria have been met. If we base one of the trust criteria on a geolocation for example, the recipient must not only be in possession of an EviToken & EviCypher card, but also be physically located at the location of geolocation defined in the trust criteria to decrypt the message. This location may be known to the recipient like a convention, but may also not be known. The trust criterion will then be transmitted to him as one of the authentication multi-factors, by SMS / QR Code / Photo or any other means.

If EviToken & EviCypher technology provides security in a secure safe, encryption of messages with trust criteria based on environmental components, technical or not, what about the transmission of keys for use in a space digital connected?

To secure end-to-end transmissions, several tools, used as gateways, such as smartphones or virtual keyboards, will be crossed. EviToken & EviCypher then builds encrypted channels, from the first communications between the EviToken & EviCypher card and the first NFC communication gateway, using an AES 128 symmetric pairing key. The latter will be replaced by a 256-bit AES symmetric key, with different trust criteria depending on the user’s choice, when recording a secret. Communication with web browsers is achieved using 256-bit ECC ephemeral keys (X25519), to negotiate exchanges between the smartphone and the browser plugin, to insert website authentication, text decryption, etc. As for the transmission, from the smartphone, of texts, images or encrypted files, the encryption is carried out with a symmetric key AES 256 bits with trust criteria.

Why choose the EviToken & EviCypher technology?

Our goal is to better understand the feasibility of digital malicious acts through a human approach to attacks. Thus, if you do not physically have the EviToken & EviCypher card, or if you do not have access to it with a connection duration long enough to carry out an attack, it will be very difficult to compromise the safe, but it is quite obvious that «to the impossible no one is bound “. “However, this attack requires physical contact, it is no longer possible to hide behind anonymizers. Assuming that the encrypted message is sufficiently protected, with algorithms such as 2048- or 4096-bit RSA or even ECDSA, then it is necessary to look into the protection of the key. Indeed, this protection will remain true as long as the encryption and decryption keys remain secret. History of computer attacks shows certain difficulties in maintaining this assertion. It is therefore necessary to strengthen the protection of the keys, by accepting the compromise of the latter, while protecting the message during its transport. at best for this requirement, non-digital trust criteria, that is to say criteria known, held, observable or understandable by the recipient, are required for the decryption of the message and no longer of the key.

EviToken & EviCypher technology, by adding these trust criteria, changes the current paradigm of access to secrets. Thus, even if a secret, and more particularly a decryption key, were stolen, it could only be used if the trust criteria are met.

Based on the EviToken & EviCypher principle, the new EviCypher technology, which won the 2021 gold medal for international inventions from Geneva, brings new innovations in the creation, management, integration and augmented intelligence linked to the use of trust criteria. A new chapter on this internationally patented invention on segmented key authentication is opening.

About the author

fabrice crasnier cybersecurity university professor in france forensic expert of the court of appeal of toulouse in france and former forensic police officer Fabrice Crasnier is the director of Research & Development departement of FREEMINDTRONIC. Freemindtronic, Andorran start-up designs and manufactures tailor-made solutions for its customers in the field of safety and cyber security of information systems and computer systems.

Fabrice is Associate Professor at Paul Sabatier University in Toulouse where he teaches cybercrime phenomena. He is at the origin of the creation of 3 forensic laboratories as head of forensic activities within the french police in Toulouse and within the SCASSI company. He has worked for 27 years in the judicial police, including 17 years following national and international cybercrime investigations. As a judicial expert since 2004 at the Court of Appeal of Toulouse, he has witnessed the delinquent transformation of cyberspace between 2000 and 2017. As a computer engineer, he has understood that the origin of cyberthreats is not always due to a defect in computer tools but more often to a misuse of these tools.

Fabrice can be reached online on LinkedIn: https://www.linkedin.com/in/fabricecrasnier/

For more information, visit the company website at www.freemindtronic.com

NEWS PROVIDED BY

SHARE THIS ARTICLE

2021, Awards, Distinction Excellence

Freemindtronic Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2021

Posted on May 18, 2021April 17, 2024 by FMTAD

18
May

Named Winner of the Coveted Global InfoSec Awards FREEMINDTRONIC wins 3 AWARDS in 9^th Annual Global InfoSec Awards at #RSAC 2021

SAN FRANCISCO (BUSINESSWIRE) MAY 17, 2021 – Freemindtronic is proud to announce we have won the following awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine:

Next-Gen in Crypto Security
Most Innovative Hardware Password Manager
Next-Gen in Secrets Management

“We’re thrilled to receive not just one, but three of the most prestigious and coveted cybersecurity awards in the world from Cyber Defense Magazine. We knew the competition would be tough and with top judges who are leading infosec experts from around the globe, we couldn’t be more pleased,” said Jacques GASCUEL of Freemindtronic.

“We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cybercrime. Freemindtronic is absolutely worthy of these coveted awards and consideration for deployment in your environment,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

We’re thrilled to be a member on this coveted group of winners, located here: http://www.cyberdefenseawards.com/

Trophy Global Infosec Awards Winner Cyber Defense Magazine the Best Crypto Security and Most Innovative in Hardware Password Manager and best Secrets Management Freemindtronic Andorra

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

May 19, 2021

Download

Press release

En – 📥
Fr – 📥

Freemindtronic named winner of the coveted Global Infosec Awards during RSA conference red carpet Cybersecurity Safety Andorra three Awards 2021

Please join us virtually at the #RSAC RSA Conference 2021, https://www.rsaconference.com/usa today, as we share our red-carpet experience and proudly display our trophy online at our website, our blog and our social media channels.

About Freemindtronic

Freemindtronic is a Andorran Deeptech which designs and manufactures Greentech products and services in the field of cybersecurity and safety of information systems and computer systems. It develops tailor-made solutions for manufacturers, companies, public services and governments.

About CDM InfoSec Awards

This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at www.cyberdefenseawards.com

About the Judging

The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine

With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

Continue reading →

ACTINN Andorra, Media coverage of Freemindtronic, Press

Freemindtronic Guanya La Medalla D’or

Posted on May 17, 2021April 23, 2024 by FMTAD

17
May

Freemindtronic Guanya La Medalla D’or En El Saló Internacional De Les Invencions De Ginebra

L’empresa andorrana Freemindtronic, ha estat guardonada el passat dimarts dia 22 de març, amb el primer premi, la medalla d’or en el saló internacional de les invencions de Ginebra. Una fita ja que es van presentar més de 1.000 invencions de tot el món. Andorra està per uns dies al centre de la recerca en temes de ciberseguretat.

Inventor guardonat guanya per fi la medalla d’or com empresa andorrana

Freemindtronic , guanyador de la medalla d'or del saló d'invencions de ginebra 2021

Freemindtronic és l’empresa dirigida pel senyor Jacques Gascuel, inventor, expert en xifratge i propietari de varis patents en els camps de la protecció i seguretat de dades. El Sr. Gascuel és un inventor en sèrie que ja va estar guardonat en altres ocasions.

Aquest cop, el seu invent “EviCypher” ha rebut el màxim guardó, i situa al Principat d’Andorra a l’avantguarda tecnològica en sistemes de seguretat informàtica.

Entre els altres avenços tecnològics recents, estan un sistema de codificació de pantalla segura en el 2017, i un sistema d’autentificació de claus segmentades en el 2019.

Alta tecnologia, made in Andorra

Aquest cop després de 3 anys d’investigació i desenvolupament, El Sr. Gascuel ha creat el primer dispositiu de xifratge contactless. Per tant, és una petita meravella de la tecnologia, una targeta sense bateria, impermeable, altament resistent, inclús a temperatures extremes, i que és capaç de salvaguardar dades secretes durant més de 40 anys.

Per tant, La targeta és una caixa forta de claus, independent dels sistemes lectors i que permet preservar l’anonimat, és a dir que no deixa rastre del seu ús. En definitiva, estem parlant de tecnologia punta amb aplicacions a nivell militar i de seguretat governamental, amb la qual es podrien preservar els secrets de màxima importància estratègica.

EviCypher, aquesta targeta d’“hyperseguretat” estarà disponible al mercat a principis de maig, i es fabricarà des d’Andorra. Es tracta d’un producte de tecnologia verda que no utilitza plàstics en la seva producció i on està previst el reciclatge de les targetes fabricades. Així mateix està prevista l’evolució de la targeta per garantir la seguretat en els serveis de coreu electrònic i missatgeria instantània.

En definitiva, una excel·lent notícia per l’ecosistema digital i en especial de la ciberseguretat. Un premi que potencia l’arribada de talent i la recerca en el nostre petit gran país. Des d’ACTINN, volíem felicitar la fita de Freemindtronic de guanyar la medalla d’or del saló internacional d’invencions de Ginebra i desitjar-li molts més éxits.

NEWS PROVIDED BY
ACTINN Andorra
March 24, 2021 , 2020, 09:00 ET
Related Links
https://www.actinn.ad

SHARE THIS ARTICLE

ACTINN Andorra Media coverage of Freemindtronic Press

Freemindtronic Guanya La Medalla D’or

May 17, 2021

2021, Cyberculture, Digital Security, Phishing

Phishing Cyber victims caught between the hammer and the anvil

Posted on May 17, 2021February 22, 2024 by FMTAD

17
May

Phishing Cyber Victims by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Phishing: how cyber-victims are caught between scam and blackmail

Have you ever received an email or a message that looked like an official communication from a trusted organization, such as your bank, your phone operator or your social network? Did it ask you to confirm your personal or financial information, to pay a fine or to update your software? If so, you may have been targeted by a phishing attack.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

February 8, 2024

Discover our other articles on digital security

Phishing is a fraudulent technique that aims to deceive internet users and to steal their information, money or identity. Phishing is a major threat for the security of individuals and organizations, as it can lead to financial losses, identity theft, extortion or malware infections. In this article, I will explain to you what phishing is, how to protect yourself from it, what to do if you fall victim to it and what are the current trends of this phenomenon.

What is phishing?

Phishing is a form of social engineering that exploits the human factor rather than the technical factor. In other words, phishing relies on manipulating people’s emotions, such as fear, curiosity or greed, rather than hacking their devices or systems.

Phishing usually involves sending emails or messages that mimic the appearance and content of official communications from legitimate organizations. These messages often contain a link or an attachment that directs the recipients to a fake website or a malicious file. The goal of phishing is to trick the recipients into revealing their personal, financial or confidential information, such as their passwords, their bank account numbers or their credit card details. Alternatively, phishing can also persuade the recipients to make fraudulent payments or to download malware on their devices.

Phishing can target anyone who uses the internet, whether they are individuals or organizations. However, some groups are more vulnerable than others, such as seniors, students or employees. According to a report by Verizon (https://enterprise.verizon.com/resources/reports/dbir/), phishing was involved in 36% of data breaches in 2020.

How to protect yourself from phishing?

To protect yourself from phishing, you need to be able to recognize the signs that can indicate that a message is fraudulent. Here are some examples of signs to watch out for:

Spelling or grammar mistakes in the message.
Suspicious addresses or links that do not match the supposed organization behind the message.
Urgent or unusual requests, such as confirming your bank details, paying a fine or updating your software.
Attachments or links that invite you to download or open a file.

If you receive a suspicious message, do not click on the links, do not open the attachments and do not reply to the message. Instead, check the source of the message by looking at the sender’s address, hovering over the links with your mouse to see their real destination or contacting directly the organization supposed to be behind the message by another means (phone, official website, etc.).

You can also use some tools and practices to enhance your security online, such as:

Installing an antivirus software and keeping it updated.
Using strong and unique passwords for each site and service you use.
Enabling two-factor authentication whenever possible.
Avoiding public Wi-Fi networks or using a VPN (Virtual Private Network) when accessing sensitive sites.
Educating yourself and others about cyber threats and how to prevent them.

What to do if you are a victim of phishing?

If you have clicked on a link, opened an attachment or disclosed personal or financial information following a fraudulent message, you may be a victim of phishing. In this case, it is important to act quickly to limit the consequences. Here are some tips to follow:

Change your passwords on all sites and services you use, especially those related to your bank accounts, your social networks or your email accounts.
Contact your bank or your phone operator to report the incident and block your cards or lines if necessary.
File a complaint with the competent authorities, such as the police, the FTC (Federal Trade Commission) or the IC3 (Internet Crime Complaint Center).
Report the fraudulent message to the concerned organizations, such as https://www.antiphishing.org/ or https://www.us-cert.gov/report-phishing. These sites also offer you information and services to help you cope with the consequences of phishing.

What is the new bill on justice and why is it raising concerns about privacy?

The bill on justice is a legislative project. It aims to modernize and simplify justice in France. It covers civil, criminal, administrative and digital justice. It also strengthens the investigation and prosecution of serious offenses, such as terrorism and organized crime.

One measure authorizes remote activation of phones by the police for some investigations. Article 3 “An unfailing commitment to better prevent radicalization and fight against terrorism” of the bill includes this measure. It modifies article 706-102-1 of the code of criminal procedure. This article defines how to activate remotely any electronic device that can emit, transmit, receive or store data.

This measure raises privacy concerns because it lets the police access personal or professional data in phones without the owners’ or possessors’ consent or knowledge. It also lets the police locate, record or capture sounds and images from phones without notification or justification. This measure may violate fundamental rights and freedoms, such as privacy, confidentiality, dignity, presumption of innocence and right to a fair trial.

What is remote activation of phones and how does it work?

Remote activation of phones by the police is an intelligence technique that allows law enforcement agencies to access data or record sounds and images from phones without the consent or knowledge of the phone users. This technique can be used for criminal investigations or national security purposes.

To remotely activate phones, law enforcement agencies need three factors: compatibility, connectivity, and security of the phones. They need to be compatible with the software or hardware that enables remote activation. They need to be connected to a network or a device that allows remote access. They need to have security flaws or vulnerabilities that can be exploited or bypassed.

Law enforcement agencies can remotely activate phones by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones. Exploiting vulnerabilities means taking advantage of security flaws or weaknesses in the phone’s operating system, applications, or protocols. Installing malware means putting malicious software on the phone that can perform unauthorized actions or functions. Using spyware means employing software or hardware that can monitor or control the phone’s activity or data.

By remotely activating phones, law enforcement agencies can access data such as contacts, messages, photos, videos, location, browsing history, or passwords. They can also record sounds and images such as conversations, ambient noises, or camera shots. They can do this in real time or later by retrieving the data from the phone’s memory or storage.

What is the French bill on remote activation of phones by the police and what are its implications?

The French bill on remote activation of phones by the police is a legislative text that was promulgated on 25 May 2021. It is part of the justice orientation and programming bill for 2023-2027, which aims to modernize the justice system and reinforce its efficiency and independence.

The bill introduces a new article in the code of criminal procedure, which allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the sole purpose of locating it in real time. This measure can be applied for crimes or misdemeanors punishable by at least five years’ imprisonment, a fairly broad criterion.

The bill also allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the purpose of recording sounds and images from it. This measure can be applied only for crimes relating to organized crime and terrorism.

These measures cannot concern parliamentarians, journalists, lawyers, magistrates and doctors, nor the defendants when they are in the judge’s office or with their lawyer.

The bill also specifies that the remote activation of an electronic device must be done in a way that does not alter its functioning or data, and that the data collected must be destroyed within six months after their use.

The bill aims to provide law enforcement agencies with more tools and information to prevent, investigate and prosecute crimes, especially in cases where phones are encrypted, hidden or destroyed. It also aims to harmonize the French legislation with other countries that have used or considered this technique, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom.

However, the bill also raises ethical and social challenges, as it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It may undermine the right to respect for private life and the right to a fair trial, which are guaranteed by the European Convention on Human Rights and the French Constitution. It may also expose law enforcement agencies to legal or technical challenges or dangers, such as encryption technologies that can prevent or hinder remote activation. It may also create distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The bill has been criticized by several actors, such as lawyers, human rights defenders, digital rights activists, journalists and academics. They have denounced its lack of proportionality, necessity and oversight. They have also questioned its effectiveness and legitimacy. They have called for its withdrawal or amendment.

The bill is still subject to constitutional review by the Constitutional Council before its final promulgation.

How did the Senate vote on the bill and where to find the official sources?

The Senate adopted this measure on October 20, 2021, with some amendments. The Senate voted in favor of this measure by 214 votes against 121. The Senate also added some safeguards to this measure, such as limiting its duration to four months renewable once and requiring prior authorization from an independent judge.

The National Assembly still has to examine the bill before adopting it definitively. The National Assembly may approve, reject or modify this measure. The final text may differ from the one that the Senate voted.

The examination of the bill by the National Assembly will start on December 6, 2021. You can follow the progress of the bill on the website of the National Assembly. You can also find the official text of the bill and the report of the Senate on their respective websites. You can also consult the website of the Ministry of Justice for more information on the bill and its objectives.

What are the benefits and risks of remote activation of phones?

This technique can affect citizens’ and suspects’ behavior in different ways.

On one hand, it can deter people from serious offenses. It exposes them to a higher risk of detection and identification. It reduces their incentives for criminal activities.

On the other hand, it can also make people more cautious or paranoid. It increases their uncertainty and fear. It leads them to avoid electronic devices, encrypt their communications, or use countermeasures such as jamming devices.

This technique can also impact public safety and security positively and negatively.

On one hand, it can improve the efficiency and effectiveness of law enforcement agencies. It provides them with more information and evidence. It helps them prevent, investigate and prosecute crimes.

On the other hand, it can also pose risks for human rights and civil liberties. It allows intrusive and covert surveillance. It violates privacy, confidentiality and dignity. It can also be subject to abuse, misuse or error by law enforcement agents or hackers.

Finally, it can create a feeling of insecurity and mistrust towards institutions, which can access personal or professional data in phones. It can also harm respect for presumption of innocence by placing permanent suspicion on people targeted by this technique. It can also infringe on protection of journalistic sources or right to information by discouraging whistleblowers or witnesses from speaking freely. It can finally encourage people concerned to adopt avoidance or circumvention strategies, such as changing phones regularly, using encrypted applications or switching to airplane mode.

These strategies can reduce the actual effectiveness of this technique for preventing terrorism and organized crime.

What are the arguments in favor of remote activation of phones?

Some people support this technique because they think it has several advantages for law enforcement and public security.

How can remote activation of phones violate privacy and data protection?

One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.

Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.

For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.

How can remote activation of phones improve access to justice and evidence?

Another argument in favor of this technique is that it can improve access to justice and evidence for law enforcement agencies and victims of crimes. Justice and evidence ensure the rule of law and the protection of rights.

Remote activation of phones improves access to justice and evidence by letting law enforcement agencies obtain information that is otherwise inaccessible or difficult to obtain. It also lets law enforcement agencies obtain information that is more reliable and accurate than other sources. It also lets law enforcement agencies obtain information that is timelier and more relevant than other sources.

For example, remote activation of phones could help the police access data that is encrypted or password-protected on a device or a communication. It could also help the police access data that is authentic and verifiable on a device or a communication. It could also help the police access data that is up-to-date and pertinent on a device or a communication.

What are the arguments against remote activation of phones?

Some people oppose this technique because they think it has several disadvantages for human rights and civil liberties.

How can remote activation of phones violate privacy and data protection?

How can remote activation of phones undermine the presumption of innocence and the right to a fair trial?

Another argument against this technique is that it can undermine the presumption of innocence and the right to a fair trial for individuals and groups. The presumption of innocence and the right to a fair trial are fundamental rights recognized by international standards and laws. They ensure justice and accountability.

Remote activation of phones undermines the presumption of innocence and the right to a fair trial by letting law enforcement agencies access data that they can use against individuals or groups without any legal basis or due process. It also lets law enforcement agencies access data that they can manipulate or falsify by law enforcement agents or hackers. It also lets law enforcement agencies access data that individuals or groups can challenge or contest.

For example, remote activation of phones could let the police access data that they can incriminate individuals or groups without any warrant or authorization from a judge. It could also let the police access data that they can alter or corrupt by law enforcement agents or hackers. It could also let the police access data that individuals or groups can dispute or refute.

How can remote activation of phones create a risk of abuse and misuse by the authorities?

Another argument against this technique is that it can create a risk of abuse and misuse by the authorities for individuals and groups. Abuse and misuse are illegal or unethical actions that violate rights and obligations. They damage trust and legitimacy.

Remote activation of phones creates a risk of abuse and misuse by the authorities by letting law enforcement agencies access data that they can use for purposes other than those authorized or intended. It also lets law enforcement agencies access data that they can share or disclose to third parties without any oversight or control. It also lets law enforcement agencies access data that they can retain or store for longer than necessary or permitted.

For example, remote activation of phones could let the police access data that they can use for political, personal, commercial, or other interests on a device or a communication. It could also let the police access data that they can transfer or leak to other agencies, organizations, media, or individuals on a device or a communication. It could also let the police access data that they can keep or archive for indefinite periods on a device or a communication.

What are the alternatives and safeguards for remote activation of phones?

Some people suggest that there are alternatives and safeguards for remote activation of phones that can balance security and privacy.

What are the existing legal tools to access phone data with judicial authorization?

One of the alternatives for remote activation of phones is to use existing legal tools to access phone data with judicial authorization. Judicial authorization is a legal requirement that ensures respect for rights and obligations. An independent and impartial judge grants it after evaluating the necessity and proportionality of the request.

Existing legal tools to access phone data with judicial authorization include search warrants, wiretaps, geolocation orders, data requisitions, and international cooperation agreements. These tools let law enforcement agencies obtain information from phones in a lawful and transparent manner. They also provide legal protection and recourse for individuals and groups.

For example, search warrants let law enforcement agencies physically seize phones and extract data from them with judicial authorization. Wiretaps let law enforcement agencies intercept calls and messages from phones with judicial authorization. Geolocation orders let law enforcement agencies track the location of phones with judicial authorization. Data requisitions let law enforcement agencies request data from phone operators or service providers with judicial authorization. International cooperation agreements let law enforcement agencies exchange data with foreign authorities with judicial authorization.

What are the principles and conditions for remote activation of phones according to the bill?

One of the safeguards for remote activation of phones is to follow the principles and conditions for remote activation of phones according to the bill. The bill on justice sets some rules and limits for this technique to prevent abuse and misuse.

The principles and conditions for remote activation of phones according to the bill include:

The technique can only be used for terrorism and organized crime investigations.
An independent judge who authorizes it must supervise the technique. The technique can only last for four months renewable once.
The technique must respect necessity, proportionality, subsidiarity, and legality.
Parliament and independent authorities must oversee and control the technique.
Experts and stakeholders must evaluate and review the technique.

These principles and conditions aim to ensure a reasonable and accountable use of this technique. They also aim to protect the rights and interests of individuals and groups.

What are the possible ways to limit or challenge remote activation of phones?

Another safeguard for remote activation of phones is to use possible ways to limit or challenge remote activation of phones by individuals or groups. These ways can help protect rights and interests, as well as ensure accountability and transparency.

Some of the possible ways to limit or challenge remote activation of phones are:

Using encryption technologies:
Encryption technologies can make data on phones unreadable or inaccessible to law enforcement agencies, even if they remotely activate them. Encryption technologies can also protect communications from law enforcement agencies’ interception or recording. For example, using end-to-end encryption apps, such as Signal or WhatsApp, can prevent law enforcement agencies from accessing messages or calls on phones.
Using security features:
Security features can prevent law enforcement agencies from installing or activating software or applications on phones that enable remote activation. Security features can also detect or remove software or applications that enable remote activation. For example, using antivirus software, firewalls, passwords, biometrics, or VPNs can prevent law enforcement agencies from accessing phones.
Using legal remedies:
Legal remedies can let individuals or groups contest or oppose remote activation of phones by law enforcement agencies. Legal remedies can also let individuals or groups seek compensation or redress for damages caused by remote activation of phones. For example, using judicial review, administrative appeals, complaints, lawsuits, or human rights mechanisms can challenge law enforcement agencies’ actions or decisions regarding remote activation of phones.

How does this technique compare with other countries?

Law enforcement agencies in other countries, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom, have used or considered remote activation of phones by the police. This technique is not new or unique. However, the legal framework, the technical methods, and the ethical and social implications of this technique vary from country to country..

How does remote activation of phones by the police work in different countries?

Remote activation of phones by the police is an intelligence technique that varies from country to country. It depends on the legal framework, the technical methods and the ethical issues of each country. Here are some examples of how it works in different countries.

In the United States, this technique is known as “roving bugs” or “mobile device tracking”. The Foreign Intelligence Surveillance Act (FISA) authorizes it for national security purposes and Title III of the Omnibus Crime Control and Safe Streets Act for criminal investigations. It requires a court order based on probable cause and limited in scope and duration. It can locate or record sounds and images from phones. It can be done by installing malware or exploiting vulnerabilities on phones.
In Germany, this technique is known as “Quellen-TKÜ” or “source telecommunications surveillance”. The Code of Criminal Procedure and the Telecommunications Act regulate it for criminal investigations and the Federal Intelligence Service Act for national security purposes. It requires a court order based on reasonable suspicion and proportionality. It can intercept communications from phones. To do so, it installs software or uses spyware on phones.
In Italy, this technique is known as “Trojan horse” or “spyware”. The Code of Criminal Procedure and the Data Protection Code regulate it for criminal investigations. It requires a court order based on serious indications of guilt and necessity. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
In Israel, this technique is known as “IMSI catchers” or “stingrays”. The Wiretapping Law and the Privacy Protection Law regulate it for criminal investigations and the Security Service Law for national security purposes. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
In Canada, this technique is known as “cell site simulators” or “IMSI catchers”. The Criminal Code and the Charter of Rights and Freedoms regulate it for criminal investigations. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
In China, this technique is known as “network interception” or “remote control”. The Criminal Procedure Law and the Cybersecurity Law regulate it for criminal investigations and national security purposes. It does not require a court order but only an approval from a higher authority. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
In France, real-time geolocation is regulated by the Criminal Procedure Code and the Intelligence Law for criminal and national security investigations. Article 706-102-1 of the Criminal Procedure Code allows police officers and agents to use a technical device to access, record, store and transmit computer data without the consent of the persons concerned. This requires a court order based on serious reasons and proportionality. Article 230-32 of the Criminal Procedure Code states that “Any technical means for real-time location, throughout the national territory, of a person, without his consent, a vehicle or any other object, without the consent of its owner or possessor, may be used if this operation is required by necessity: “. This also requires a court order based on serious reasons and proportionality.
In the United Kingdom, this technique is known as “equipment interference” or “hacking”. The Investigatory Powers Act regulates it for criminal investigations and national security purposes. It requires a warrant based on necessity and proportionality. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.

How does remote activation of phones by the police raise ethical and social challenges?

Remote activation of phones by the police raises ethical and social challenges in different contexts and situations because it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy.

Security versus privacy

On one hand, remote activation of phones by the police can enhance security by providing law enforcement agencies with more information and evidence to prevent, investigate, and prosecute crimes. It can also deter criminals from using phones to plan or commit crimes.

On the other hand, remote activation of phones by the police can undermine privacy by letting law enforcement agencies access personal or professional data without consent or knowledge. It can also violate human rights and civil liberties by letting law enforcement agencies monitor or record sounds and images without notification or justification.

Effectiveness versus legitimacy

On one hand, remote activation of phones by the police can be effective by increasing the chances of finding relevant information or evidence on phones that may be encrypted, hidden, or destroyed. It can also be efficient by reducing the costs and risks of physical surveillance or interception.

On the other hand, remote activation of phones by the police can be illegitimate by violating the legal framework, the technical methods, or the oversight and control mechanisms that regulate this technique in each country. It can also be counterproductive by creating distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.

The ethical and social challenges of remote activation of phones by the police depend on the legal framework, the technical methods, and the oversight and control mechanisms that regulate this technique in each country. They also depend on the cultural and political values, the public opinion, and the media coverage that shape the perception and acceptance of this technique in each country.

Some of the ethical and social challenges of remote activation of phones by the police are how to :

balance security and privacy in the use of this technique?
ensure compliance with fundamental rights and freedoms in the use of this technique?
prevent abuse, misuse, or error in the use of this technique?
provide legal protection and recourse for individuals or groups affected by this technique?
ensure accountability and transparency in the use of this technique?
evaluate the effectiveness and legitimacy of this technique?
foster trust and cooperation between law enforcement agencies and phone users in the use of this technique?

What is the impact of encryption technologies on this technique?

Encryption technologies are methods or systems that make data unreadable or inaccessible to unauthorized parties. Encryption technologies can have a significant impact on remote activation of phones by the police, as they can make this technique more difficult, risky, or controversial.

How can encryption technologies make remote activation of phones by the police more difficult or impossible?

Encryption technologies can make remote activation of phones by the police more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them. Encryption technologies can also protect phones from malware or spyware that enable remote activation.

For example, end-to-end encryption, which some apps such as Signal or WhatsApp use, can prevent law enforcement agencies from intercepting or reading messages or calls on phones, as only the sender and the receiver have the keys to decrypt them. Device encryption, which some operating systems such as iOS or Android use, can prevent law enforcement agencies from extracting or viewing data on phones, as they require a password or a biometric authentication to unlock them.

How can encryption technologies make remote activation of phones by the police more risky or harmful?

Encryption technologies can make remote activation of phones by the police more risky or harmful by exposing law enforcement agencies to legal or technical challenges or dangers. Encryption technologies can also harm phone users by compromising their security or privacy.

For example, breaking encryption, which law enforcement agencies sometimes do to access data or communications on phones, can expose them to legal challenges, as it may violate laws or regulations that protect encryption or privacy. It can also expose them to technical dangers, as it may weaken the security of phones or networks and create vulnerabilities for hackers or criminals. Hacking encryption, which law enforcement agencies sometimes do to install malware or spyware on phones, can harm phone users by compromising their security or privacy, as it may allow unauthorized access to their data or functions.

How can encryption technologies make remote activation of phones by the police more controversial or unacceptable?

Encryption technologies can make remote activation of phones by the police more controversial or unacceptable by raising ethical and social issues or debates. Encryption technologies can also create conflicts or tensions between law enforcement agencies and phone users or providers.

For example, undermining encryption, which law enforcement agencies sometimes request to facilitate remote activation of phones, can raise ethical and social issues or debates, as it may affect human rights and civil liberties, such as privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers. They may have different interests or values regarding encryption and security.

How does EviCore NFC HSM technology developed by Freemindtronic offer a high level of protection for phone users?

Remote activation of phones by the police can be facilitated by exploiting security flaws, installing malware, or requesting backdoors in encryption technologies. However, some encryption technologies may be resistant to these measures and offer a higher level of protection for phone users. One of them is the EviCore NFC HSM technology developed by Freemindtronic.

This technology lets users create their own encryption keys in a random way and store them in a physical device that communicates with the phone via NFC (Near Field Communication). The device also lets users define their own trust criteria that must be met to use the keys or their segments. The encryption is done in post-quantum AES-256 mode from either a device compatible with the EviCore NFC HSM technology or from an encrypted enclave in the phone created in the Key chain (Apple) or the Key store (Android) via the EviCore HSM OpenPGP technology. The encryption keys are segmented and superior to 256 bits. Moreover, they are physically externalized from computer systems. Everything is designed by Freemindtronic to effectively fight against espionage and corruption of telephone, computer, communication and information systems. Finally, without a server, without a database, even in air gap and airplane mode works EviCore NFC HSM or EviCore HSM OpenPGP technology. Everything is designed to work in volatile memory to leave no trace in telephone and computer systems.

This technology offers a high level of security and privacy for phone users who want to protect their data from unauthorized access, including by the police. It also offers a high level of performance and usability for phone users who want to encrypt or over-encrypt all types of messaging in the world, including SMS and MMS. It also works with other applications that use encryption, such as email, cloud storage or blockchain.

Furthermore, this technology is designed to be totally anonymous, autonomous, unconnected, without a database, without collecting any information of any kind on the identity of the user, nor on the hardware, nor on the terminals used. The technology is designed to be totally isolated and totally independent of the security of the terminal used whether it is connected or not. Freemindtronic does not keep the unique pairing keys for each NFC HSM device. And even if it did, the user at installation will automatically generate segmented complementary keys for encryption with administrator and user passwords. Each NFC device has a unique 128-bit signature dedicated to fighting against counterfeiting of NFC devices. It is also used as a key segment. The secret stored in eprom memories or in enclaves of the phone and/or computer can be individually secured by other segmented keys characterized by additional trust criteria such as a geozone, a random hexadecimal code via an existing or generated QR code or Bar Code via EviCore HSM. It is therefore physically impossible for Freemindtronic but under judicial assignment to decrypt data encrypted via EviCore HSM technologies even with a quantum computer.

In conclusion, remote activation of phones by the police is an intelligence technique. It aims to fight terrorism and crime by accessing data or sounds and images from phones without consent or knowledge. Law enforcement agencies in various countries have used or considered this technique. For example, France, the United States, Germany, Italy, Israel, Canada, China, and the United Kingdom. However, this technique raises technical, legal, ethical, and social challenges. They need to be addressed.

On the technical side, remote activation of phones by the police depends on three factors: compatibility, connectivity, and security of the phones. It can be done by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones.For example, EviCore NFC HSM technology developed by Freemindtronic protects data and communications on phones from remote activation by the police. Encryption technologies can make this technique more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them.

On the legal side, remote activation of phones by the police requires a legal framework that regulates its use and scope. Laws or regulations can authorize it and specify the conditions and criteria for its application. Legal remedies can also challenge it and contest or oppose its validity or legality.

On the ethical side, remote activation of phones by the police involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It can enhance security by providing more information and evidence to law enforcement agencies to prevent, investigate, and prosecute crimes. It can also undermine privacy by letting law enforcement agencies access personal or professional data without notification or justification.

On the social side, remote activation of phones by the police raises issues or debates that affect human rights and civil liberties. For example, privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers, as they may have different interests or values regarding encryption and security.

Therefore, remote activation of phones by the police is a complex and controversial technique that requires a careful and balanced approach that respects the rights and interests of all parties involved. The French bill on remote activation of phones by the police and the EviCore NFC HSM Open PGP technology developed by Freemindtronic illustrate the complex and evolving relationship between intelligence and encryption in the digital age. They raise questions about finding a balance. It is between security and privacy, between public interest and individual rights, between innovation and regulation.

: According to Okta, privacy is the right to control how your information is viewed and used, while security is protection from threats or dangers (https://www.okta.com/identity-101/privacy-vs-security/).

: According to Carnegie Endowment for International Peace, finding a balance between security and privacy requires addressing technical, legal, and social questions (https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573).

: According to Springboard, finding a balance between innovation and regulation requires cooperation among stakeholders and respect for human rights (https://www.springboard.com/blog/cybersecurity/privacy-vs-security-how-to-balance-both/).

Phishing: Cyber victims caught between the hammer and the anvil

Responsibility for Phishing, SMiShing, typosquatting, ransomhack, spear phishing, sim swapping, vishing, email and web Spoofing cybervictims is engaged.

There can no longer be any doubt, the responsibility of the Internet user is legally engaged with almost no recourse for the victims to obtain any refund!

Note that we most often find the English term “phishing” which translates “phishing” into French, as well as for the typosquatting that comes from the English “typosquatting” or spear phishing targeted phishing via social engineering techniques or Spoofing technique of spotting.

Following the 2015/2366 directive of the European Parliament and the Council of 25 November 2015, Order No. 2017-1252 of 9 August 2017 makes amendments to Articles L133-16 and L.133-19 of the Monetary and Financial Code for victims of bank card phishing.

Article L133-16 of the Monetary and Financial Code (below) states: “As soon as he receives a payment instrument, the user of payment services takes all reasonable measures to preserve the security of his custom security devices. It uses the payment instrument in accordance with the conditions governing its issuance and use. »

https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT000006072026&idArticle=LEGIARTI000020860774&dateTexte=&categorieLien=cid

Article L.133-19 of the Monetary and Financial Code (below) states in paragraph IV: “The payer bears all losses caused by unauthorized payment transactions if these losses result from fraudulent conduct on his part or if he did not intentionally or grossly negligently satisfy the obligations referred to in Articles L.133-16 and L.133-17 of the Monetary and Financial Code.”

https://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI000020861589&cidTexte=LEGITEXT000006072026

The judgment of the Court of Cassation of 25 October 2017 and that of 28 March 2018 form a case law on the liability of the Internet user victim of phishing by telephone via identity theft and/or via a fake website and/or a fake email.

The judgment of October 25, 2017, (cases of 25.10.17, No. 16-11 644)

https://www.legifrance.gouv.fr/affichJuriJudi.do?idTexte=JURITEXT000035925298&fastReqId=1348908414&fastPos=5&oldAction=rechJuriJudi

Monde.fr press article: http://sosconso.blog.lemonde.fr/2017/10/26/elle-avoue-a-sa-banque-avoir-ete-victime-de-phishing

The judgment of March 28, 2018, (cases. of 28.3.18, No. 16-20 018)

https://www.legifrance.gouv.fr/affichJuriJudi.do?oldAction=rechJuriJudi&idTexte=JURITEXT000036780076&fastReqId=1780826332&fastPos=1

The cassation courts reinforce the obligation of caution of Internet users in the face of phishing attacks that can be telephone, via SMS or e-mail, relating to the use of its bank cards or confidential codes.

The March 28, 2018 ruling deepens the liability framework for the Internet user by stating that the failure, by gross negligence, to take any reasonable measures to preserve the safety of its personalised security devices.
The user of a payment service who discloses the personal data of this security device in response to an email that contains clues allowing a normally attentive user to doubt its provenance is held solely responsible
The bank is not required to inform its customers of the risks of phishing.

How do cybercriminals circumvent 3D Secure code authentication?

Step ^1: The cybercriminal must obtain from his next victim the identifiers and passwords of his phone operator.

What for? To enable the cybercriminal to set up telephone referrals of messages received in particular from his bank. It’s easier than stealing the phone. Hence the importance of regularly changing your passwords from your operator’s account. This point becomes more and more crucial since the smartphone is a mobile payment and/or access control terminal.

Step^2: The cybercriminal must now obtain all the information from the bank card. Several possibilities; or phishing by email, SMS, blackmail, phone by impersonation by an agent of the operator. The victim overconfidence gives him his information. She is not aware that the 3D Secure will also be sent to cybercriminals.

The cybercriminal only has to make the payment that he can validate himself instead of the victim.

The victim informed at the same time as the cybercriminal that there is a request to validate a purchase via his bank card thinks, since she has not validated the payment, that she is safe. She can object to her credit card. Only it’s already too late. The payment is irrevocable and the bank’s liability is cleared. This is the judgment of October 25, 2017.

In another case, the theft of the smartphone with the bank card may have the same result. In the same way when you pay physically with your bank card where you can see in clear the CCV or CVC composed of 3 to 4 digits used for payments on the internet.

It is advisable to use Freemindtronic Andorra EviAlpha technologies for personal use and EviToken or EviCypher for professional use that allow, after you have physically removed the CCV or CVC code, to make payments on the internet safely. In case of bank card theft, the cybercriminal does not physically have access to the CCV or CVC, the protection with Fullsecure solutions is immediate. This solution is not dependent on the time factor associated with reporting loss or theft for use on the internet. In addition, this solution is capable of managing multiple bank cards and is compatible with any type of bank card internationally, at no additional cost or financial commitment.

There are CCVs or CVCs that change dynamically several times a day. A new security that has an additional annual cost. Used for physical payments, the CCV or CVC is visible. The cybercriminal has only a very short interval of time to rob his victims before the automatic change of the CCV or CVC. In case of theft of this type of bank card, the time depends on the time and date of the declaration of the theft as for other bank cards.

Sim swapping: What does the Monetary and Financial Code say about Secure?sim swapping 3D codes

According to Article L133-23 of the Monetary and Financial Code, it is up to the bank to provide proof of the registration of this type of authentication which makes it possible to presume that the payment has been validated by the rightful holder. Failing that, according to Article L133-18, the transaction is deemed “unauthorized”, the bank is obliged to repay.

The 3D Secure code was developed by Visa and MasterCard to combat the risks of Internet fraud. This code is therefore sent by visa or Master Card’s digital services and is not known to the user until it is received. In fact, it cannot communicate it to a cybercriminal unless the latter has stolen the smartphone, managed to make a copy of the SIM and the most common access to the customer’s accounts of the telephone operator to make a call return to obtain the 3D Secure Code.

What is vishing?

Vishing is a form of phishing that uses the phone as a means of deceiving victims. The term comes from the combination of “voice” and “phishing”. Vishing involves calling victims and pretending to be a trusted person or organization, such as a bank, a public service or a phone operator, and asking them for personal, financial or confidential information. For example, a scammer may claim that the victim’s bank card has been compromised and ask them to confirm their card number and PIN. Vishing can also be used to persuade victims to make fraudulent payments or to download malicious software on their phone.

Vishing is a growing threat, as it exploits the trust that people have in the phone and their lack of vigilance against unsolicited calls. Moreover, scammers use sophisticated techniques to make their calls more credible, such as spoofing, which consists of falsifying the phone number displayed on the recipient’s screen. To protect themselves from vishing, it is important to never disclose personal or financial information over the phone, to verify the identity of the caller by calling back the official number of the organization they claim to represent, and to report any suspicious call to the relevant authorities.

How phishing detection ?

The Internet user must become an expert in phishing detection and typosquatting in the face of the ingenuity of cybercriminals.

According to the case law, the Internet user must carry out a “watchful examination of the correspondent’s changing internet addresses or certain clues, such as misspellings… which should provide clues “of a sufficient nature to appeal to the Internetuser.”

However, the criteria adopted by the case law since 2015 are already obsolete because of the quality of counterfeiting of websites in perpetual increase, but not only.

Indeed, the only test to detect a“changing address”has become complex for #cybervictimes. These ingenious cyber criminals find many solutions to deceive their vigilance, especially by the use of special characters in the domain name.

Jurisprudential obsolescence in the face of the evolution of phishing by Unicode

Cyber criminals use special characters similar to the Latin alphabet, theunicode E100. They have more than 26 characters at their disposal (Ḁ ḁ Ḃ ḃ Ḅ Ḇ ḇ Ḉ ḉ Ḋ ḋ ‘Ḏ ḏ Ḑ ḑ Ḓ ḓ Ḕ’, ‘Ḏ ḏ Ḑ ḑ Ḓ ḓ Ḕ’, ‘Ṟ’, ṟ, ‘, ‘ Ṯ’, ṯ, Ṱ, ṱ’. All they have to do is buy a domain name similar to the original, and replace one of the characters with a unicode character, as similar as possible, with for example a dot below the character.

For example, we will use the websites of telephone operators and banks, just by replacing the letter “r” with“O”it can give this “f-ee.fr”orby replacing “b” with “ḅ” “ḅouyguestelecom.fr” or “ḅanquepopulaire.fr”.

A perverse new game that would be imposed by the jurisprudence that involves the Cyber-Victim to detect the hidden difference in the URL (address).

Are cyber criminals responding to my request? Indeed I had suggested to them in order to help the #cybervictimes to change their modus operandi to help them in the face of jurisprudence. “Please don’t make any more spelling mistakes, and if it’s not grammatically correct, make sure that the simple review of the changing address is not obvious on the exam alone.”

With the fake URL and once the counterfeit site is identical to the original, the trap is activated to capture future #cybervictimes.

Smishing (SMS Phishing)

A cybercriminal sends you an SMS (i.e. a text message) asking you to click on a link. If you click on the link in the message, you will be redirected to a fake website asking you to provide your information in a phishing form.

The cybercriminal attempts to obtain your sensitive information through a text message (i.e. SMS). They will ask you to provide personal information such as a social security number, credit card or health insurance information. He claims that you must give this information or something bad will happen to you (e.g. your electricity is cut off, your credit card is blocked or your online account is terminated). To learn more about Smishing, click HERE.

Typosquatting another form of phishing

Almost identical to phishing, fake site, fake URL, with the big difference that the cybercriminal bets on the typos of #cybervictimes when the user informs the internet address. Examples include “fri.fr” without (ee) or “bouyguetelecom.fr” without (s) or “banque-populaire.fr” with the addition of a hyphen or “free.com” by changing the extension (.fr).

A new playground for cyber criminals, a fake address bar on Android phones that use the Chrome browser.

Google Chrome on Android smartphone only shows the title of the site visited rather than displaying the full address bar with the URL. A new feature for user comfort to make more room for content to be played. This allows the cybercriminal to pass a phishing page as a legitimate web page.

Spoofing over domain name extension makes many cyber victims, especially for domains in .com. The cybercriminal buys a .co domain name with a name identical to that of a known site, an example “www.amazon.co”. The cyber victim receives an email that appears to be from the original site. She is invited to log in via a link to the “www.amazon.co” mirror site. She’s not going to be careful that she’s not on the original site with a .co extension instead of .com. It is therefore with confidence that the cyber victim will enter personal information, especially his login ID and password.

How will the case law evolve to determine the threshold that will qualify the Cyber victim as “negligent”?

Natural protection against phishing and typosquatting

There is a barrier to phishing when the domain name extension is proprietary. This is the case, for example, of the extension of the BNP Paribas bank with its own extension “.bnpparibas” of the website “www.mabanque.bnpparibas”. In this case, it is a cost of around $185,000 and a binding procedure to obtain fromICANN its custom domain name extension that establishes a natural barrier against this type of attack. However, users of these sites still need to be informed of this distinction. Otherwise, the case law is unequivocal and will be imposed on cyber-victims. Indeed, it is difficult to explain that they did not see the different extension.

Learn more about custom extension

https://www.prodomaines.com/extension-personnalisee

Is the overall level of computing so linear among Internet users that they are all able to carry out such a review?

I doubt it very much.

In the same way, to think that only insiders are safe from phishing seems to me a very risky shortcut.

It is becoming more and more difficult for the Internet user to differentiate between the true and the false.

Shouldn’t case law or a revision of the law take into account the quality of the forger as for the currency, to exonerate the responsibility of the victim?

Instant transfer payment, a new eldorado of cybercriminals?!

What will cybercriminals imagine to create new victims following the new implementation initiated by the ECB with the instant transfer payment system, in less than 10 seconds, irrevocably, achievable with a simple telephone number?

How does it work? (Source the tribune)

It is a transfer in euros that is initiated from the website of his bank or his mobile banking application by choosing the instant mode. Simply enter the IBAN or, less tedious, its mobile phone number (converted to IBAN by the bank), or even scan a QR code to send the money. The account is credited in less than 10 seconds and payment confirmation is sent by SMS within 20 seconds. The transfer is irrevocable. The service is usable 24 hours a day, 365 days a year. A ceiling of 15,000 euros has been decided at European level (the Netherlands has abolished it).

I predict an increase in cybercrime on this new SEPA Express system, if the security system is not equal to or greater than that of bank cards!

Innovation goes further and further to allow the machine to gradually substitute for human physical consent since currents of thought believe that man is more failing than the machine.

To this day, we cannot assign a machine to court. In fact, no one is safe from being between the hammer and the anvil.

‘Ransomhack’: blackmail to non-compliance RGPD

Cyber criminals also use phishing to steal private data, known asransomhack. Taken hostage, this data is being blackmailed by using the new European regulations (RGPD) to put pressure on victims. The goal is to get the ransom faster. It is enough to threaten the victim to make public the data if the ransom is not paid, weighing the risk of strong criminal and civil penalties incurred in the event of non-reporting to the CNIL of the theft of data.

Once again the technique of hammer and anvil becomes a formidable weapon in the face of the fear of double punishment, victim and criminally and civilly litigant.

The phishing technique is no longer the preserve of cyber criminals: it may be more or less legal!

It is difficult to establish statistics, as victims do not file complaints. It is very likely that many of you will recognize yourself in this situation.

What for?

Despite the new provisions imposed by the RGDP, online sites selling goods and/or services have found a way to obtain their customers’ bank card information. However, there is no reason for the client to provide this type of information.

Only here, it takes on a legal appearance, to get this valuable information from bank cards. In principle, legally you have the right to request their removal.

Now that we’re done with the theory, let’s move on to practice

As we have seen before, giving the information of bank cards is under the full responsibility of the Internet user.

Similarly, it is common knowledge that cyber criminals regularly steal private data, including bank cards from the databases of merchant sites.

According to the principle of prudence established by the Court of Cassation, could it not be taken up against the victim? Could the Court not consider that there is no need to inform the Internet user that there is a risk that his credit card information will be derogating? That he is in fact the only one responsible for the information he transmits!

Why do online sales sites need this credit card information? What do they really do with it?

I believe that in terms of the RGPD, you would be entitled to ask the question.

There are many good reasons that will be invoked, but these are not for the customer but for the service provider, especially when the service provider has a recurring payment system in place.

This credit card information becomes valuable for the quality of the outstanding accountable or EENE. If you want to know more(https://comptabilite.ooreka.fr/astuce/voir/609429/effet-escompte-non-echu).

What to remember: The expected effect is passed on to another creditor or bank. The higher the quality of the debt, the less expensive the cost of the discount. Even if rates are low, it is a gain.

Another interest is the forgetting and withdrawal of small sums that often go under the radar of customers. Agreements are established that provide for automatic renewal and anniversary dates with a minimum period of time to report the contract.

New: drown the fish under the guise of updates to the terms and conditions of sale! The service contract for which you consented is unilaterally amended. The trick is the criterion of trust. You are made to accept new conditions that cancel the previous ones.

Let us go even further in the violation of the rules of law.

If you cannot be accepted for a new document, a principle of law that does not exist in contractual matters is used. Just as a contract cannot be changed unilaterally, either by adhesion or synallagmatically, without the consent of the co-contractor.

Silence is not worth acceptance!

However, many service companies send you emails informing you that if you do not respond within a certain period of time, the contract will be considered accepted. If you refuse, you lose the service for which the provider had committed. However, the commitment may also include back-doors such as the subject of an update of general terms of sale.

The hammer and anvil method is activated!

This is a form of blackmail that is illegal, done digitally but does not rank in cyber crimes.

What for?

A beginning of response trail, because they act overdrawn and they are legally registered in corporate registers but not cyber criminals in principle.

The deterrent force of a recourse by the Internet user!

They also have a master asset, the cost of a civil or criminal action procedure in relation to the small amounts involved. The cost of obtaining a court order, such as legal fees, legal fees, time spent and the uncertainty of obtaining redress, is enough to make any desire for prosecution give up.

Even if the civil and/or criminal dol can be qualified, no one will ever know that you are also the victim of phishing by deception of the co-contractor to obtain the information of bank cards or private data.

However, when you show the teeth against cybercriminals, they trade without resisting too much. It will also depend on who you are in the fuse position. Ane against measure of the Internet user. This will also depend on the caller in the fuse position.

The balance of power through blackmail can be balanced. The risk of bad publicity on social networks, the CNIL Pro or Private,can have morecostly consequences than the sums incurred. In the same way if the Internet user has insurance that pays for legal and procedural costs. In this hypothesis the blackmail is reversed by the Internet user. The latter is no longer between the hammer and the anvil.

In the end, the amicable arrangement is better than a long trial. As a result, the risk of bad publicity on social networkscan have more costly consequences than the sums incurred. In this case, this form of threat may allow the Internet user to no longer be between the hammer and the anvil.

What are the current trends of phishing?

Phishing is a constantly evolving phenomenon, which adapts to new technologies and new behaviors of internet users. According to the statistics provided by https://www.phishing.org/phishing-statistics/ or https://www.kaspersky.com/resource-center/threats/phishing-statistics-report, phishing increased significantly in 2020 and 2021, especially because of the Covid-19 pandemic that favored remote work and online shopping. Phishing accounts for about 80% of cyberattacks and affects both individuals and businesses.

Moreover, phishing diversifies and takes new forms, such as vishing, smishing or spear phishing. Vishing is a form of phishing that uses phone calls to trick victims. Smishing is a form of phishing that uses SMS or instant messages. Spear phishing is a form of phishing that targets specific individuals or organizations using personalized information. These new forms of phishing are harder to detect and prevent, as they exploit the trust and emotion of victims.

To conclude, phishing is a major risk for the security of internet users and organizations, which requires vigilance and prevention. By following the tips that I gave you in this article, you can protect yourself from phishing and reduce the chances of being a victim.

You want to know more about the deception of the co-contractor from a legal point of view.

https://www.superprof.fr/ressources/droit/droit-general/droit-des-obligations/faute-et-nullite-du-contrat.html

Having the freedom not to give credit card information outside of a single transaction and under the exclusive control and consent of the payer, should not be a right to defend. Freemindtronic technologies such as EviToken or EviCypher with web browser extensions protect bank card information and counter phishing attacks. It is above all a tool to exercise this right to no longer give his credit card information on the internet to be saved.

To learn more about our credit card protection solutions, you can read the following articles on Linkedin:

Why are Freemindtronic’s #NFC Offline electronic safes already in compliance with the decree that will come into effect on 01/01/19?

https://www.linkedin.com/pulse/pourquoi-les-coffres-forts-%C3%A9lectroniques-nfc-offline-de-gascuel/

A new cloud-free individual security service with anti-phishing to protect all types of bank cards from start to finish

https://www.linkedin.com/pulse/un-nouveau-service-de-s%C3%A9curit%C3%A9-individual-without-cloud-with-gascuel/

https://www.linkedin.com/pulse/victimes-dhame%C3%A7onnage-impunity%C3%A9-of-cybercriminals-jacques-gascuel/

2021, Articles, Cyberculture, Digital Security, EviPass, EviPass NFC HSM technology, EviPass Technology, Technical News

766 trillion years to find 20-character code like a randomly generated password

Posted on May 16, 2021February 20, 2024 by FMTAD

16
May

766 trillion years to find randomly generated 20-character code like randomly generated password

766 trillion years to find randomly generated 20-character code is the result of a simulator to find a 20-character generated by technology EviPass.

The age of the universe is estimated at only 14 billion years, this gives you an idea of comparison.

How did I find this result that you can control on your own?

We used the Password Strength Calculator developed by Bob Beeman [1] which was last updated on January 4, 2013.

This simulator is freely available on the www.bee-man.us website as well as the source code used.

Why We Chose Bob Beeman’s Simulator

In our quest to estimate the time it would take to crack a random 20-character code, we had several simulation tools at our disposal, including lastbit.com [2], password-checker.online-domain-tools.com [3], and ANSSI’s [4] simulator from ssi.gouv.fr. However, we ultimately opted for Mr. Bob BEEMAN’s simulator due to its transparent calculation method and its technical approach to brute force attacks.

Acknowledging Mr. Bob BEEMAN

Before delving into the details of our simulation, we must extend our gratitude to Mr. Bob BEEMAN for making his code freely accessible and copyable while upholding his copyrights, as explained on his website. We hope our research can contribute to his already impressive achievements, including a record-breaking 15-millisecond feat.

Reference to Ultra-Powerful Computers

To provide you with a comprehensive understanding of the state-of-the-art technology for brute force attacks in 2013, we examined Bob Beeman’s simulator’s reference to an ultra-powerful computer designed in 2012 specifically for password cracking.

Considering Computational Capacity

Bob Beeman’s simulator takes into account the computational capabilities of computers, including the 2012 design, for executing brute force attacks on passwords. It allows for adjustments in the “Values of Hacker: Axes/Second,” providing a valuable point of reference and comparison.

Staying with Default Parameters

For the sake of consistency, we maintained the default example provided by Bob Beeman, which assumed a rate of 60-109 (billion) attempts per second.

Radeon City: Revolutionizing Password Security

In this section, we’ll delve into the incredible story of Radeon City, a game-changing password-cracking cluster boasting 25 AMD Radeon graphics cards. Discover how it was built, what it can achieve, and why it’s reshaping the world of password security.

Building Radeon City

Jeremi Gosney, the visionary behind Radeon City and the CEO of Stricture Consulting Group, sought to create a powerhouse capable of cracking passwords with unprecedented speed and efficiency. His solution? Virtual OpenCL (VCL), a groundbreaking virtualization software.

Gosney assembled five servers, each armed with five AMD Radeon HD7970 graphics cards, interconnected through VCL. The cluster, aptly named Radeon City, was born at a cost of approximately $30,000 in 2012.

Unleashing Radeon City’s Power

Radeon City is a juggernaut, capable of generating an astounding 350 billion guesses per second when cracking NTLM cryptographic algorithm hashes. In just 5.5 hours, it can test every combination of eight-character passwords, including uppercase and lowercase letters, digits, and symbols.

But it doesn’t stop there. Radeon City can crack a range of cryptographic algorithms, from MD5 and SHA1 to SHA2 and even SHA3, at unprecedented speeds. It employs various attack types, including brute force, dictionary, rule-based, combinator, and hybrid attacks, using extensive wordlists and intricate rules.

Radeon City isn’t confined to offline attacks. It can also perform online attacks through distributed cracking, where passwords are guessed on live systems.

Why Radeon City is a Game-Changer

Radeon City marks a seismic shift in password security. It reveals the vulnerability of passwords protected by fast algorithms like NTLM and challenges the belief that longer, complex passwords equate to greater security. The key takeaway? Truly secure passwords are random strings absent from dictionaries.

Moreover, Radeon City advocates for slow and salted algorithms like Bcrypt, PBKDF2, or SHA512crypt, and underscores the importance of password management tools like EviPass.

Radeon City Specifications

Jeremi Gosney, a data security researcher, engineered a groundbreaking desktop rig that can swiftly dismantle older protocols. Leveraging the Open Computing Language (OpenCL) framework and Virtual OpenCL Open Cluster (VCL), Gosney deployed HashCat—a dedicated password-cracking program. The system comprises five quad-core servers, each housing 25 AMD Radeon GPUs, providing the immense computational power required for the task. These servers are interconnected with a 10 to 20 Gbps transfer rate facilitated by an Infiniband switch.

server filled with 25 AMD Radeon HD 7970 GPUs

Here’s a snapshot of Radeon City’s technical specifications:

Servers: 5
Graphics Cards: 25 AMD Radeon GPUs
Model: AMD Radeon HD7970
Memory: 3 GB GDDR5
Clock Speed: 925 MHz
Compute Units: 32
Stream Processors: 2048
Peak Performance: 3.79 TFLOPS
Virtualization Software: Virtual OpenCL (VCL)
Password-Cracking Software: ocl-Hashcat Plus
Cost: $30,000 (2012)

This powerhouse enables Radeon City to achieve unprecedented speeds in password cracking, making it a game-changer in the realm of data security.

Advantages and Disadvantages of Radeon City

Advantages:

Power: Radeon City cracks passwords using both fast and slow algorithms.
Flexibility: It executes a variety of attacks with extensive wordlists and complex rules.
Innovation: Using virtualization technology, it overcomes hardware limitations.

Disadvantages:

Cost: Building and operating Radeon City can be expensive, including high electricity costs.
Noise: It generates significant noise, requiring specialized cooling and soundproofing.
Ethical Considerations: While powerful, its capabilities raise ethical and legal questions about its potential misuse.

Simulation Parameters and Results

To calculate the estimated time required to find a 20-character code with 94 symbols, we used the formula:

a^b / (c * 2)

Where:

“a” represents the number of possible characters,
“b” denotes the number of characters in the password,
“c” indicates the number of hash calculations achievable per second.

By selecting 94 symbols, a password length of 20 characters, and a 50% probability of success compared to the theoretical result, our simulation yielded an astonishing result: 766.076,000,000,000,000 years or 766 trillion [5] years.

Understanding the Financial Implications

This simulation approach not only provides insights into the time required but also sheds light on the financial investments necessary to establish a computer system capable of cracking such a password.

Consider this: The reference computer, as configured by Gosney, relies on a pool of 25 virtual AMD GPUs to crack even robust passwords. Yet, a single unit of this type, priced at approximately $30,000 in 2012, can generate just 348 billion hashes of NTLM passwords per second. To achieve results within the realm of 766 trillion years, one would need to acquire multiple such machines.

Hence, to decipher only a 20-character password generated with EviPass technology, residing within an EviTag NFC HSM or EviCard NFC HSM device, an investment of nearly $25 billion would be required. A remarkable comparison, given that global military expenses were estimated at 1.7 billion dollars [6].

Beyond Brute Force

It’s important to note that this test focused solely on brute force attacks without taking into account the activation and utilization of additional countermeasures, such as physical blockchain and jamming, which will be explored in future articles.

A Point of Reference: ANSSI’s Simulator

To provide further context, we examined the ANSSI website [7], whose simulator is limited to 20 characters and 90 symbols. This simulator yielded a score of 130, the maximum attainable. This score places passwords of this nature on par with the smallest key size of the standard AES (128-bit) encryption algorithm. Notably, our password generators exceed this maximum, boasting 20 characters with 94 symbols [8].

Forming Your Own Opinion

The aim of this article is to empower you to form your own assessment of the resilience of our password generators against brute force attacks. While we are not the sole providers of powerful password generators, our test stands as a benchmark against other comparable implementations.

Ensuring Ongoing Security

Our embedded password generator undergoes regular updates to maintain its complexity and withstand the evolving landscape of brute force attacks. Our commitment is to enhance security without compromising user convenience—a complex yet vital undertaking.

Diverse Password Generation Options

Our password creation options offer versatility. Users can either select passwords from the pool of 95 available characters, opt for a semi-automatic generation followed by modification, or automate the process entirely according to default criteria, allowing passwords of up to 20 characters.

Adaptability to Website Constraints

For websites that impose restrictions on symbols or character limits, users can customize their password generation preferences, choosing between identifiers, letters, and/or numbers, with or without symbols.

Hexadecimal Generator for Added Utility

We’ve also introduced a hexadecimal generator to facilitate programming of digital codes. This feature proves invaluable in various domains, including electronics, electromechanics, and maintenance services, enabling the creation and modification of digital access codes with ease. Furthermore, codes can be securely shared with building residents through functions like “scrambling” or encryption via a QR Code, all made possible by EviCore technologies from Freemindtronic.

To learn more about our solutions, please visit:

[1] https://www.bee-man.us/computer/password_strength.html
[2] http://lastbit.com/pswcalc.asp
[3] http://password-checker.online-domain-tools.com
[4] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe
[5] https://www.btb.termiumplus.gc.ca/tpv2guides/guides/clefsfp/index-fra.html?lang=fra&lettr=indx_catlog_m&page=9-nI6-pQZOTM.html
[6] https://www.lesechos.fr/24/04/2017/lesechos.fr/0212007699237_les-depenses-militaires-atteignent-2-2–du-pib-mondial.htm
[7] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/
[8] EviPass uses all the symbols of the printable ASCII table, i.e., 95 symbols. The NFC EviPass device can store contactless up to 51 randomly generated characters with the Freemindtronic app.
[9] https://fr.wikipedia.org/wiki/American_Standard_Code_for_Information_Interchange

Sign up for Newsletter

Awards of Freemindtronic: a showcase of excellence and innovation in data security

Awards and distinctions from 2010 to 2014

Awards and distinctions from 2015 to 2017

Awards and distinctions from 2021 to present

Freemindtronic – Delivering Privacy Solutions by Uniquely Leveraging Hardware, Software, NFC and Multiple Trust Criteria.

Freemindtronic offers a solution to this recurring problem

Working principle contactless passwordless auto login

So how do you ensure that the outside Person can connect without sharing the secrets?

NEWS PROVIDED BY

EviToken & EviCypher Technology a new way to keep secrets and pass them on.

Why use the EviToken & EviCypher Technology?

If EviToken & EviCypher technology provides security in a secure vault, what about the use of encryption keys to transport secrets over a secure channel?

If EviToken & EviCypher technology provides security in a secure safe, encryption of messages with trust criteria based on environmental components, technical or not, what about the transmission of keys for use in a space digital connected?

Why choose the EviToken & EviCypher technology?

NEWS PROVIDED BY

Download

Press release

About Freemindtronic

About CDM InfoSec Awards

About the Judging

About Cyber Defense Magazine

Freemindtronic Guanya La Medalla D’or En El Saló Internacional De Les Invencions De Ginebra

Inventor guardonat guanya per fi la medalla d’or com empresa andorrana

Alta tecnologia, made in Andorra

Phishing: how cyber-victims are caught between scam and blackmail

What is phishing?

How to protect yourself from phishing?

What to do if you are a victim of phishing?

What is the new bill on justice and why is it raising concerns about privacy?

What is remote activation of phones and how does it work?

How did the Senate vote on the bill and where to find the official sources?

What are the benefits and risks of remote activation of phones?

What are the arguments in favor of remote activation of phones?

How can remote activation of phones violate privacy and data protection?

How can remote activation of phones improve access to justice and evidence?

What are the arguments against remote activation of phones?

How can remote activation of phones undermine the presumption of innocence and the right to a fair trial?

How can remote activation of phones create a risk of abuse and misuse by the authorities?

What are the alternatives and safeguards for remote activation of phones?

What are the existing legal tools to access phone data with judicial authorization?

What are the principles and conditions for remote activation of phones according to the bill?

What are the possible ways to limit or challenge remote activation of phones?

Using encryption technologies:

Using security features:

Using legal remedies:

How does this technique compare with other countries?

How does remote activation of phones by the police work in different countries?

How does remote activation of phones by the police raise ethical and social challenges?

Security versus privacy

Effectiveness versus legitimacy

What is the impact of encryption technologies on this technique?

How can encryption technologies make remote activation of phones by the police more difficult or impossible?

How can encryption technologies make remote activation of phones by the police more risky or harmful?

How can encryption technologies make remote activation of phones by the police more controversial or unacceptable?

How does EviCore NFC HSM technology developed by Freemindtronic offer a high level of protection for phone users?

What is vishing?

How phishing detection ?

What are the current trends of phishing?

766 trillion years to find randomly generated 20-character code like randomly generated password

How did I find this result that you can control on your own?

Why We Chose Bob Beeman’s Simulator

Acknowledging Mr. Bob BEEMAN

Reference to Ultra-Powerful Computers

Considering Computational Capacity

Staying with Default Parameters

Radeon City: Revolutionizing Password Security

Building Radeon City

Unleashing Radeon City’s Power

Why Radeon City is a Game-Changer

Radeon City Specifications

Advantages and Disadvantages of Radeon City

Advantages:

Disadvantages:

Simulation Parameters and Results

Understanding the Financial Implications

Beyond Brute Force

A Point of Reference: ANSSI’s Simulator

Forming Your Own Opinion

Ensuring Ongoing Security