Category Archives: 2018

image_pdfimage_print

Why does the Freemindtronic hardware wallet comply with the law?

Why the Freemindtronic Hardwares Wallet complies with directives, regulations and decrees

Freemindtronic hardwares wallet is having regard to Decree No. 2018-418 of 30 May 2018  resulting from Law No. 2016-1321 of 7 October 2016  for a Digital French Republic, relating to the modalities of implementation of the digital safe service. Unless we are mistaken, it appears that the innovative patented solutions of 100% electronic safes for offline use have not yet been regulated.

The electronic safe solutions that may be affected by the decree are non-exhaustively, EviCypher, EviTag, EviCard,  EviKey, EviDisk,  FullKey NFC,  EviKey & EviDisk

art. R. 55-1The decree provides a framework for the operation of digital safes. Thus, the provider of digital safes is required to inform the user in a clear, fair and transparent way about its service, prior to the conclusion of a contract. In particular, he must communicate

  • The type of space made available to it and the associated conditions of use;
  • The technical mechanisms used;
  • The Privacy Policy;
  • The existence and implementation of the guarantees of proper functioning.

Since Freemindtronic SL clearly tells users:

  • the pre-defined space available before the acquisition of the devices, as well as the possibility of checking for themselves the amount of memory used,
  • the terms of use are available invideos, at any time on the internet, via YouTube as well as through various publications written on the website,
  • that no material and/or digital information is collected in any way whatsoever, which consequently generates the total anonymity of the user,
  • the complete technical data sheets of the devices are available on the Freemindtronic SL website.
  • the implementation of the guarantee is published on the website. A large part of Freemindtronic SL solutions are guaranteed lifetime devices.

art. R. 55-3 – The said decree specifies that the integrity, availability and accuracy of the origin of the data and documents stored in the digital safe are guaranteed by appropriate security measures and in accordance with the state of the art.

Since Freemindtronic SL can guarantee users:

Data integrity, which is guaranteed by the manufacturer of STMicroelectronics components for at least 1 million error-free write cycles, and 40 years of data retention in non-volatile memory.

Their availability since Freemindtronic SL devices work without maintenance, without battery, by recovering electrical energy via the NFC signal of a smartphone. Thus, such a device allows users to access at any time, for at least 40 years, the data contained in the vault.

The accuracy of the origin of the data: it is the user himself who stores the data in the electronic memory of The Vaults of Freemindtronic SL

Memory access is physically locked by multiple hardware devices, such as a unique peering key with at least one user-defined administrator password. These security measures  implemented imply the material and/or digital impossibility of corrupting the backed up data. It will also be impossible for the manufacturer to be able to access the automatically encrypted contents of said memory of the device. It is specified that the user has additional functions that allow him to harden himself the level of security according to the use of Freemindtronic’s electronic safes.

art. R. 55-4 The said decree specifies that the traceability of the operations carried out on the data and documents stored in the digital safe require at least the implementation of the following measures:

  • The recording and timestamp of accesses and access attempts;
  • Recording operations affecting the content or organization of the user’s data and documents;
  • Recording maintenance operations affecting data and documents stored in digital vaults.
  • The retention periods of this traceability data constitute a mandatory mention of the contract for the provision of electronic safe services.

Since Freemindtronic’s electronic safes,

  • have a tamper-proof and non-modifiable black box. That this black box traces in particular the number of attempts to enter the administrator password and that this information is automatically saved in the black box.
  • manage the recording of data dynamically, machine to machine (M2M) between the NFC terminal and the NFC device. That the backup system is carried out in real time with the physical electronic memory of the device, on the volatile memory of the terminal, without preservation of this data.
  • have non-volatile memories, capable of retaining the data backed up by the user for at least 40 years, without the need for an electrical power source.
  • has certified documents from the manufacturer of the electronic components used by Freemindtronic SL in these devices which establish without a doubt that the average time between failures is estimated after a 1 million cycles of writes per memory block, no maintenance operation is necessary.

art. R. 55-5.- The said decree indicates that the identification of the user when accessing the digital safe service must be ensured by an electronic means of identification adapted to the security issues of the service.

Since Freemindtronic’s solutions have several identification parameters that can be predetermined by the user himself, namely: administrator password, user password, pairing of NFC terminals, enslavement to a geolocation point, encryption key, physical blockchain segments, password encryption keys, and a code for displaying and sharing data called jamming.

art. R. 55-6. The said decree, according to the guarantee, as provided for in 4 ° of Article L. 103, of the exclusivity of access to the documents and data of the user or to the data associated with the operation of the service requires at least the implementation of the following measures:

“1° An access control mechanism limiting the opening of the digital safe to only persons authorized by the user;

“2° Security measures to guarantee the confidentiality of stored documents and data as well as the corresponding metadata;

“(3) Encryption by the digital safe service of all documents and data stored by or transferred to or from the digital safe. This encryption must be carried out using cryptographic mechanisms in accordance with the state of the art and allow an evolution of the size of the keys and algorithms used.

Since Freemindtronic SL,

  • has implemented several security systems to protect the opening of the electronic safe:  physical, digital and human identification. The first check requires to know the physical pairing key of the device to authorize the connection with a computer terminal with NFC technology. The second control requires the user to know the administrator code that he himself has previously saved in the device to access the services. Other security systems can be added, forming a symmetric and/or asymmetric encryption key that, segmented into a physical blockchain in physical memory, makes access to encrypted data saved in physical memory totally inaccessible.
  • has implemented a multi-factor authentication method to simultaneously identify the terminal authorized to use the device and the user. This makes it possible to guarantee exclusive access to the backed-up data to the user and/or his/her rights holders.
  • has implemented a backup process by which all attached data and metadata are encrypted in the unconnected device that guarantees the confidentiality of the data stored in the electronic safe.
  • uses dynamically scalable encryption key sizes and uses qualified standardized standards, such as AES256-bit and/or RSA4096-bit keys. Said keys can themselves be encrypted in AES256 bits and segmented in a physical blockchain, in one or more separate devices. Such an implementation makes it impossible, at the known state of the art, to access the said keys or the possibility of guessing them via a brute force attack.

Decision of the Jaroch Technology Committee meeting on 12 June 2018,

Having regard to Decree No. 2018-418 of 30 May 2018 which will enter into force on 1 January 2019;

Where as Freemindtronic SL clearly indicates to users the conditions of use, the technical mechanisms used and the implementation of the guarantees associated with its electronic safe solutions;

Whereas appropriate security measures are implemented to guarantee the integrity, availability and accuracy of the origin of the data stored in the electronic safe;

Whereas the traceability of the operations carried out on the data stored in the electronic safe is effective;

During the Occitanie CyberMatines on LMI TV @lemondeinformatique april 22, 2020, Fullsecure conducted offline protection and physical use demonstrations of sensitive data such as passwords and encryption keys. The backup media in credit card or Tag formats operate without contact with a phone serving as an NFC terminal.

This demo shows an electronic self-connection system to a computer, a motherboard Bios, a Windows session and a VPN with the devices from Freemindtronic hardwares wallet & contactless virtual keyboard

Retrocompatible solutions for offline encryption of any type of data on computer and phone

Another demo shows how to encrypt any data on computer and smartphone, an operation compatible with all computer systems and messaging services, including SMS.

We are talking about compatible retro solutions that offer the advantage of securing the use of any type of computer hardware, computer, smartphone, software, application while maintaining maximum security of the use of sensitive data, whether personal or professional.

Finally, Fullsecure gives a tip to make a desktop “smart”: Secure the sensitive data of any computer discreetly, discreetly, thanks to its mini devices hardened in Pin’s format.

In addition, data sharing is contactless, reducing the risk of contagion during this period of pandemic due to Covid19. Indeed, it is enough to approach your smartphone to the Fullsecure device to manage and use the data contained in pin’s.

Fullsecure offers a wide range of products to meet data security needs in mobility and/or in the workplace.

EviTag NFC HSM at CONAND 2018: a Bug Bounty Express organized by Fullsecure

Evitag NFC HSM at CONAND 2018, a contactless password manager service.





Freemindtronic contactless technology NFC EviTag rugged ip6k9k Android NFC Phone hands Made in Andorra


Evitag NFC HSM at CONAND 2018: Fullsecure, partner of the cybersecurity congress in Andorra, organizes a Bug Bounty Express on its product. It is a security challenge that consists of detecting vulnerabilities on this innovative product that allows to secure your secrets via an NFC electronic module. The Bug Bounty Express takes place on the Fullsecure booth during the second edition of CONAND 2018, on February 7 and 8.






Bug Bounty Show Events


What is CONAND 2018?





CONAND 2018 is an event organized by Andorra Telecom, the telecommunications operator of the country, in collaboration with the government of Andorra, the Cybersecurity Research Center of the University of Andorra and the Chamber of Commerce, Industry and Services of Andorra. It aims to promote cybersecurity as a key element of digital transformation and to strengthen Andorra’s position as a technological and innovative hub. The second edition of this congress took place from February 7 to 8, 2018 at the Congress Center of Andorra la Vella and brought together national and international experts, companies, institutions and researchers around conferences, workshops,








Demo show in booth


How to use Evitag NFC HSM?



To use Evitag NFC HSM, you just need to have an Android NFC smartphone and the Android application developed by Freemindtronic Andorra. By passing the NFC HSM module under the phone, you can display your secret, share it in RSA 4096 (a very robust asymmetric encryption algorithm) or use it directly on your phone or on a computer via a web extension coupled to the phone serving as a terminal.














Cyber Safety & Security


What are the advantages of Evitag NFC HSM?



Evitag NFC HSM has several advantages over traditional solutions for storing your secrets:

  • It works without server or database, which reduces costs and risks of hacking.
  • It works only without contact, which avoids compatibility or connectivity issues.
  • It is lifetime without battery, without maintenance and tamperproof and waterproof, which ensures its reliability and durability.
  • It uses an AES 256 encryption algorithm, recognized as one of the safest in the world, to encrypt your secrets stored in the EPROM memory of the NFC.








Use case


Who is Evitag NFC HSM for?






Evitag NFC HSM is for anyone who needs to secure their secrets in a convenient and reliable way. It is especially useful for private users who want to protect their online accounts, digital wallets, social media profiles and other sensitive information. Indeed, with Evitag NFC HSM, you can:

  • Manage and access your secrets easily without having to memorize or write them down.
  • Log in to your online accounts using the NFC HSM to display your password in volatile memory on your phone without leaving any trace of it.
  • Share your secrets with your friends or family in a secure and controlled way.
  • No risk in case of loss, theft or attempted compromise of the NFC HSM module locked to access with more than 9 trust criteria serving as a multifactor authentication system. Knowing that your secrets contained in the NFC HSM can be cloned, backed up in an encrypted way for later restoration in a new NFC HSM.
  • Benefit from a high level of security thanks to the physical and logical protection of the NFC HSM module encrypted in AES 256 with segmented key.








Buy


How to get Evitag NFC HSM?

Evitag NFC HSM is a product marketed in white label by Fullsecure, a company specialized in the distribution of IT security solutions. To learn more about Evitag NFC HSM or to place an order, you can contact Fullsecure at the following coordinates:








Send us a message









    Buy


    Visit our exhibition and demonstration space at CONAND 2018

    If you are curious to discover Evitag NFC HSM in action, we invite you to visit our exhibition and demonstration space at CONAND 2018. You will be able to test our product, ask your questions and exchange with our team. We will be happy to welcome you and show you our contactless security solution.

    Join the Bug Bounty Express on Evitag NFC HSM

    If you are interested in participating in the Bug Bounty Express on Evitag NFC HSM, you can find more information about the challenge, the rules, the rewards and the registration process on the following link: Bug Bounty Express on Evitag NFC HSM. This is a great opportunity to test your skills, learn new techniques and earn incentives for finding vulnerabilities on this innovative product. Don’t miss this chance to join the cybersecurity community and contribute to making the digital world safer.