Digital Security, EviToken Technology, Technical News
EviCore NFC HSM Credit Cards Manager | Secure Your Standard and Contactless Credit Cards
Jun
EviCore NFC HSM Credit Cards Manager by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Discover EviCore NFC HSM: the revolutionary technology to secure your financial secrets
EviCore NFC HSM is a patented technology that allows you to store and manage your financial secrets in a secure electronic safe. With EviCore NFC HSM, you benefit from wireless access control, segmented key authentication and protection against cyberattacks. Find out how EviCore NFC HSM can enhance your financial security in this article.
2024 Digital Security
Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
2024 Cyberculture Digital Security News Training
Andorra National Cyberattack Simulation: A Global First in Cyber Defense
2024 Digital Security
Apple M chip vulnerability: A Breach in Data Security
2024 Digital Security
Cybersecurity Breach at IMF: A Detailed Investigation
2024 DataShielder Digital Security PassCypher Phishing
Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
2024 Digital Security
PrintListener: How to Betray Fingerprints
2024 Articles Digital Security News
BitLocker Security: Safeguarding Against Cyberattacks
2024 Articles Digital Security News
How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
Discover our other articles on digital security
EviCore NFC HSM Credit Cards Manager is a powerful solution designed to secure and manage both standard and contactless credit cards. In this article, we will explore the features, benefits, and compliance of EviCore NFC HSM Credit Cards Manager in protecting your valuable payment cards
Standard and contactless credit cards are convenient and fast ways to pay for goods and services. They use NFC (Near Field Communication) technology to communicate with a compatible contactless card reader. You just have to tap or bring your card close to the reader, and the transaction is done in seconds.
However, standard and contactless credit cards also pose security risks. For example, someone could use an NFC scanner to read your card information remotely or use a fake reader to capture your card data. Moreover, if you lose your card or if it is stolen, someone could use it to make unauthorized purchases without your PIN or signature.
Fortunately, there is a solution that can help you protect your standard and contactless credit cards from these threats. It is called Credit Cards Manager. It is a function of EviCore NFC HSM or EviCore HSM OpenPGP technology that allows you to manage your standard and contactless credit cards securely. It uses NFC technology to communicate with your computer or mobile device. You can store up to 200 credit cards in the memory of Freemindtronic’s NFC HSM device or in the secure keystore of phones encrypted via EviCore. The number of records depends on the types of products developed with these technologies and the amount of information to be stored encrypted. You can also select the card you want to use for each transaction. The Credit Cards Manager function relies on EviBank technology, dedicated to securing payment systems including bank cards.
Exploring EviCore NFC HSM Credit Cards Manager
Credit Cards Manager is a function of EviCore NFC HSM or EviCore HSM OpenPGP technology that allows you to manage your standard and contactless credit cards securely. It uses NFC technology to communicate with your computer or mobile device.
You can store up to 200 credit cards in the memory of Freemindtronic’s NFC HSM device or in the secure keystore of phones encrypted via EviCore. The number of records depends on the types of products developed with these technologies and the amount of information to be stored encrypted.
You can also select the card you want to use for each transaction. The Credit Cards Manager function relies on EviBank technology, dedicated to securing payment systems including bank cards.
These technologies are available under patent license from Freemindtronic. They are compatible with various formats of Freemindtronic’s NFC HSM device (link). These technologies can be embedded in products designed and developed on demand in white label for Freemindtronic’s partners such as Fullsecure and Keepser.
In this article, we will focus on using Credit Cards Manager with an NFC HSM device in the form of a secure electronic card (NFC HSM Card). It is a hardware security module (HSM) that uses a highly secure and encrypted AES-256 post-quantum NFC eprom memory to protect and manage secrets (including digital keys such as an RSA-4096 key, AES-256 key, and ECC key), perform encryption and decryption functions, strong authentication, and other cryptographic functions.
What are the Benefits of using Credit Cards Manager?
Credit Cards Manager offers several benefits for managing standard and contactless credit cards, such as:
- Authenticator Sandbox function for anti-phishing protection and smart login: The Authenticator Sandbox function offers advanced protection against phishing attempts by securely filling in credit card information on websites. It verifies the authenticity of websites and ensures that sensitive data is only automatically filled in on reliable and verified platforms. It also intelligently automates the process of filling in credit card information and logging into original websites.
- Secure manager for credit cards: The Credit Cards Manager function uses the NFC HSM Card device to physically protect bank cards and verify their validity before authorizing their encrypted storage in the device’s memory. It also allows users to customize access levels for each stored card and define geographic access limitations.
- Battery-free operation and longevity: The NFC HSM Card device operates without a battery, using the NFC signal from smartphones for power. This energy-efficient design ensures that the device retains stored data for up to 40 years without maintenance or external power sources. The device also has an intelligent OCR scanner for credit cards that is compatible with all bank cards in the world. It helps the user fill in the information fields of the card to be stored encrypted in AES-256 post-quantum in the device. It also prevents keyloggers and spyware from accessing card information on the phone.
- COVID contactless security and compliance: Credit Cards Manager helps you avoid physical contact with your bank cards and payment terminals, reducing the risk of COVID-19 transmission. You can make secure contactless payments online, without needing your bank cards with or without NFC technology. You can also use auto-filling remotely via the local network or by sharing a connection via your phone. This feature improves convenience and protects your health.
- NFC contactless security and compliance: Credit Cards Manager protects your bank cards from being scanned or read by malicious NFC devices. The NFC HSM Card device shields other credit cards from being detected by an NFC scanner when they are juxtaposed to the device. The device uses an anti-collision system that prevents other cards from being read by the NFC reader of the bank card. It also has a copper ground plane that short-circuits the NFC signals of credit cards when they are juxtaposed on or under the NFC HSM CARD. This is an effective physical protection of cards against all risks of attempted remote non-invasive attack.
- Air gap security: Credit Cards Manager uses air gap security, physically isolating itself from computer networks. This ensures that the encrypted data of the NFC HSM Card device is stored exclusively in its non-volatile memory, preventing unauthorized access. By protecting itself from remote attacks, Credit Cards Manager strengthens protection against cyber threats. The use of information is encrypted end-to-end from the NFC HSM Card. All communication protocols are automatically encrypted from the NFC device. The sharing of bank card information contained encrypted in the device’s memory can be shared in air gap via a QR Code encrypted in RSA-4096 generated and managed from the NFC HSM CARD device. This sharing can also be shared encrypted in NFC Beam or in proximity between NFC Android phones.
- Protection against fraudulent use: Credit Cards Manager ensures that your bank card information is not stored on computer systems, phones, or online shopping sites. This protects your privacy and anonymity. The encrypted data is transmitted securely to the computer system, protecting it from potential threats and unauthorized access. You can also erase sensitive data such as the CCV of bank cards since saved in the NFC HSM Card devices. Advantageously, the CVV physically erased from the bank card secures it from the risk of illicit use, especially online.
The Benefits of Using Credit Cards Manager
| Benefits | Features |
|---|---|
| Authenticator Sandbox function for anti-phishing protection and smart login |
|
| Secure manager for credit cards |
|
| Battery-free operation and longevity |
|
| COVID contactless security and compliance |
|
| NFC contactless security and compliance |
|
| Air gap security |
|
| Protection against fraudulent use |
|
Managing Standard and Contactless Credit Cards with EviCore NFC HSM Credit Cards Manager
To use Credit Cards Manager, follow these steps:
- Download the Freemindtronic app compatible with EviCore NFC HSM technology on your NFC phone and the extension if you want to use it on your computer as well.
- Connect the NFC HSM Card device to your computer or mobile device via NFC technology.
- Register your credit cards in the application using the intelligent OCR scanner or by manually entering the card information.
- Select the credit card you want to use for each transaction and confirm the various trust criteria that you have added, such as a password, PIN code, geozone, or fingerprint.
- Enjoy secure contactless payments and online shopping with the NFC HSM Card device and the Authenticator Sandbox.
Section Break: Why is Credit Cards Manager Compliant with PCI DSS?
Credit Cards Manager is compliant with PCI DSS because it meets the requirements of the Payment Card Industry Data Security Standard (PCI DSS). This cybersecurity standard applies to any entity that stores, processes, or transmits cardholder data, such as credit card numbers. The PCI DSS aims to protect cardholder data from unauthorized access, fraud, and theft.
The PCI DSS includes 12 requirements for compliance, organized into six related groups called control objectives:
- Build and maintain a secure network and systems.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement strong access control measures.
- Regularly monitor and test networks.
- Maintain an information security policy.
Credit Cards Manager complies with these requirements by implementing various features and security measures, such as the secure manager for credit cards, battery-free operation and longevity, COVID contactless security and compliance, air gap security, and protection against fraudulent use. By following PCI DSS, Credit Cards Manager demonstrates adherence to best practices for data security and the protection of cardholder data.
In conclusion, Credit Cards Manager is a secure and compliant solution for managing your standard and contactless credit cards. With its advanced features, robust security measures, and powerful Authenticator Sandbox function, it offers enhanced data protection and convenience. Secure your credit cards with Credit Cards Manager today.
References
2023, Articles, Digital Security, Technical News
Remote activation of phones by the police: an analysis of its technical, legal and social aspects
Jun
Remote activation of phones by the police by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
How does remote activation of phones by the police work?
An article of the bill on justice 2023-2027 raises controversy. It allows remote activation of mobile phones and capture of images or sound without the owner’s consent, for cases of organized crime or terrorism. How does this intelligence technique work? What are the conditions to use it? What are its advantages and disadvantages? What is the situation in other countries? We explain everything in this article.
2024 Digital Security
Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
2024 Cyberculture Digital Security News Training
Andorra National Cyberattack Simulation: A Global First in Cyber Defense
2024 Digital Security
Apple M chip vulnerability: A Breach in Data Security
2024 Digital Security
Cybersecurity Breach at IMF: A Detailed Investigation
2024 DataShielder Digital Security PassCypher Phishing
Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
2024 Digital Security
PrintListener: How to Betray Fingerprints
2024 Articles Digital Security News
BitLocker Security: Safeguarding Against Cyberattacks
2024 Articles Digital Security News
How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
Discover our other articles on digital security
What is the new bill on justice and why is it raising concerns about privacy?
The bill on justice is a legislative project. It aims to modernize and simplify justice in France. It covers civil, criminal, administrative and digital justice. It also strengthens the investigation and prosecution of serious offenses, such as terrorism and organized crime.
One measure authorizes remote activation of phones by the police for some investigations. Article 3 “An unfailing commitment to better prevent radicalization and fight against terrorism” of the bill includes this measure. It modifies article 706-102-1 of the code of criminal procedure. This article defines how to activate remotely any electronic device that can emit, transmit, receive or store data.
This measure raises privacy concerns because it lets the police access personal or professional data in phones without the owners’ or possessors’ consent or knowledge. It also lets the police locate, record or capture sounds and images from phones without notification or justification. This measure may violate fundamental rights and freedoms, such as privacy, confidentiality, dignity, presumption of innocence and right to a fair trial.
What is remote activation of phones and how does it work?
Remote activation of phones by the police is an intelligence technique that allows law enforcement agencies to access data or record sounds and images from phones without the consent or knowledge of the phone users. This technique can be used for criminal investigations or national security purposes.
To remotely activate phones, law enforcement agencies need three factors: compatibility, connectivity, and security of the phones. They need to be compatible with the software or hardware that enables remote activation. They need to be connected to a network or a device that allows remote access. They need to have security flaws or vulnerabilities that can be exploited or bypassed.
Law enforcement agencies can remotely activate phones by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones. Exploiting vulnerabilities means taking advantage of security flaws or weaknesses in the phone’s operating system, applications, or protocols. Installing malware means putting malicious software on the phone that can perform unauthorized actions or functions. Using spyware means employing software or hardware that can monitor or control the phone’s activity or data.
By remotely activating phones, law enforcement agencies can access data such as contacts, messages, photos, videos, location, browsing history, or passwords. They can also record sounds and images such as conversations, ambient noises, or camera shots. They can do this in real time or later by retrieving the data from the phone’s memory or storage.
What is the French bill on remote activation of phones by the police and what are its implications?
The French bill on remote activation of phones by the police is a legislative text that was promulgated on 25 May 2021. It is part of the justice orientation and programming bill for 2023-2027, which aims to modernize the justice system and reinforce its efficiency and independence.
The bill introduces a new article in the code of criminal procedure, which allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the sole purpose of locating it in real time. This measure can be applied for crimes or misdemeanors punishable by at least five years’ imprisonment, a fairly broad criterion.
The bill also allows the judge of liberties and detention (at the request of the prosecutor) or the examining magistrate to order the remote activation of an electronic device without the knowledge or consent of its owner or possessor for the purpose of recording sounds and images from it. This measure can be applied only for crimes relating to organized crime and terrorism.
These measures cannot concern parliamentarians, journalists, lawyers, magistrates and doctors, nor the defendants when they are in the judge’s office or with their lawyer.
The bill also specifies that the remote activation of an electronic device must be done in a way that does not alter its functioning or data, and that the data collected must be destroyed within six months after their use.
The bill aims to provide law enforcement agencies with more tools and information to prevent, investigate and prosecute crimes, especially in cases where phones are encrypted, hidden or destroyed. It also aims to harmonize the French legislation with other countries that have used or considered this technique, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom.
However, the bill also raises ethical and social challenges, as it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It may undermine the right to respect for private life and the right to a fair trial, which are guaranteed by the European Convention on Human Rights and the French Constitution. It may also expose law enforcement agencies to legal or technical challenges or dangers, such as encryption technologies that can prevent or hinder remote activation. It may also create distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.
The bill has been criticized by several actors, such as lawyers, human rights defenders, digital rights activists, journalists and academics. They have denounced its lack of proportionality, necessity and oversight. They have also questioned its effectiveness and legitimacy. They have called for its withdrawal or amendment.
The bill is still subject to constitutional review by the Constitutional Council before its final promulgation.
How did the Senate vote on the bill and where to find the official sources?
The Senate adopted this measure on October 20, 2021, with some amendments. The Senate voted in favor of this measure by 214 votes against 121. The Senate also added some safeguards to this measure, such as limiting its duration to four months renewable once and requiring prior authorization from an independent judge.
The National Assembly still has to examine the bill before adopting it definitively. The National Assembly may approve, reject or modify this measure. The final text may differ from the one that the Senate voted.
The examination of the bill by the National Assembly will start on December 6, 2021. You can follow the progress of the bill on the website of the National Assembly. You can also find the official text of the bill and the report of the Senate on their respective websites. You can also consult the website of the Ministry of Justice for more information on the bill and its objectives.
What are the benefits and risks of remote activation of phones?
This technique can affect citizens’ and suspects’ behavior in different ways.
On one hand, it can deter people from serious offenses. It exposes them to a higher risk of detection and identification. It reduces their incentives for criminal activities.
On the other hand, it can also make people more cautious or paranoid. It increases their uncertainty and fear. It leads them to avoid electronic devices, encrypt their communications, or use countermeasures such as jamming devices.
This technique can also impact public safety and security positively and negatively.
On one hand, it can improve the efficiency and effectiveness of law enforcement agencies. It provides them with more information and evidence. It helps them prevent, investigate and prosecute crimes.
On the other hand, it can also pose risks for human rights and civil liberties. It allows intrusive and covert surveillance. It violates privacy, confidentiality and dignity. It can also be subject to abuse, misuse or error by law enforcement agents or hackers.
Finally, it can create a feeling of insecurity and mistrust towards institutions, which can access personal or professional data in phones. It can also harm respect for presumption of innocence by placing permanent suspicion on people targeted by this technique. It can also infringe on protection of journalistic sources or right to information by discouraging whistleblowers or witnesses from speaking freely. It can finally encourage people concerned to adopt avoidance or circumvention strategies, such as changing phones regularly, using encrypted applications or switching to airplane mode.
These strategies can reduce the actual effectiveness of this technique for preventing terrorism and organized crime.
What are the arguments in favor of remote activation of phones?
Some people support this technique because they think it has several advantages for law enforcement and public security.
How can remote activation of phones violate privacy and data protection?
One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.
Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.
For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.
How can remote activation of phones improve access to justice and evidence?
Another argument in favor of this technique is that it can improve access to justice and evidence for law enforcement agencies and victims of crimes. Justice and evidence ensure the rule of law and the protection of rights.
Remote activation of phones improves access to justice and evidence by letting law enforcement agencies obtain information that is otherwise inaccessible or difficult to obtain. It also lets law enforcement agencies obtain information that is more reliable and accurate than other sources. It also lets law enforcement agencies obtain information that is timelier and more relevant than other sources.
For example, remote activation of phones could help the police access data that is encrypted or password-protected on a device or a communication. It could also help the police access data that is authentic and verifiable on a device or a communication. It could also help the police access data that is up-to-date and pertinent on a device or a communication.
What are the arguments against remote activation of phones?
Some people oppose this technique because they think it has several disadvantages for human rights and civil liberties.
How can remote activation of phones violate privacy and data protection?
One of the main arguments against this technique is that it can violate privacy and data protection for individuals and groups. Privacy and data protection are fundamental rights recognized by international standards and laws. They ensure human dignity and autonomy.
Remote activation of phones violates privacy and data protection by letting law enforcement agencies access personal or professional data without the owners’ or possessors’ consent or knowledge. It also lets law enforcement agencies access sensitive or confidential data without notification or justification. It also lets law enforcement agencies access excessive or irrelevant data without limitation or proportionality.
For example, remote activation of phones could let the police access medical records, financial transactions, political opinions, religious beliefs, sexual preferences, or other intimate information on a device or a communication. It could also let the police access information that is not related to the investigation or that is out of scope on a device or a communication. It could also let the police access information that is not necessary or appropriate for the investigation or that is disproportionate to the seriousness of the offense on a device or a communication.
How can remote activation of phones undermine the presumption of innocence and the right to a fair trial?
Another argument against this technique is that it can undermine the presumption of innocence and the right to a fair trial for individuals and groups. The presumption of innocence and the right to a fair trial are fundamental rights recognized by international standards and laws. They ensure justice and accountability.
Remote activation of phones undermines the presumption of innocence and the right to a fair trial by letting law enforcement agencies access data that they can use against individuals or groups without any legal basis or due process. It also lets law enforcement agencies access data that they can manipulate or falsify by law enforcement agents or hackers. It also lets law enforcement agencies access data that individuals or groups can challenge or contest.
For example, remote activation of phones could let the police access data that they can incriminate individuals or groups without any warrant or authorization from a judge. It could also let the police access data that they can alter or corrupt by law enforcement agents or hackers. It could also let the police access data that individuals or groups can dispute or refute.
How can remote activation of phones create a risk of abuse and misuse by the authorities?
Another argument against this technique is that it can create a risk of abuse and misuse by the authorities for individuals and groups. Abuse and misuse are illegal or unethical actions that violate rights and obligations. They damage trust and legitimacy.
Remote activation of phones creates a risk of abuse and misuse by the authorities by letting law enforcement agencies access data that they can use for purposes other than those authorized or intended. It also lets law enforcement agencies access data that they can share or disclose to third parties without any oversight or control. It also lets law enforcement agencies access data that they can retain or store for longer than necessary or permitted.
For example, remote activation of phones could let the police access data that they can use for political, personal, commercial, or other interests on a device or a communication. It could also let the police access data that they can transfer or leak to other agencies, organizations, media, or individuals on a device or a communication. It could also let the police access data that they can keep or archive for indefinite periods on a device or a communication.
What are the alternatives and safeguards for remote activation of phones?
Some people suggest that there are alternatives and safeguards for remote activation of phones that can balance security and privacy.
What are the existing legal tools to access phone data with judicial authorization?
One of the alternatives for remote activation of phones is to use existing legal tools to access phone data with judicial authorization. Judicial authorization is a legal requirement that ensures respect for rights and obligations. An independent and impartial judge grants it after evaluating the necessity and proportionality of the request.
Existing legal tools to access phone data with judicial authorization include search warrants, wiretaps, geolocation orders, data requisitions, and international cooperation agreements. These tools let law enforcement agencies obtain information from phones in a lawful and transparent manner. They also provide legal protection and recourse for individuals and groups.
For example, search warrants let law enforcement agencies physically seize phones and extract data from them with judicial authorization. Wiretaps let law enforcement agencies intercept calls and messages from phones with judicial authorization. Geolocation orders let law enforcement agencies track the location of phones with judicial authorization. Data requisitions let law enforcement agencies request data from phone operators or service providers with judicial authorization. International cooperation agreements let law enforcement agencies exchange data with foreign authorities with judicial authorization.
What are the principles and conditions for remote activation of phones according to the bill?
One of the safeguards for remote activation of phones is to follow the principles and conditions for remote activation of phones according to the bill. The bill on justice sets some rules and limits for this technique to prevent abuse and misuse.
The principles and conditions for remote activation of phones according to the bill include:
- The technique can only be used for terrorism and organized crime investigations.
- An independent judge who authorizes it must supervise the technique. The technique can only last for four months renewable once.
- The technique must respect necessity, proportionality, subsidiarity, and legality.
- Parliament and independent authorities must oversee and control the technique.
- Experts and stakeholders must evaluate and review the technique.
These principles and conditions aim to ensure a reasonable and accountable use of this technique. They also aim to protect the rights and interests of individuals and groups.
What are the possible ways to limit or challenge remote activation of phones?
Another safeguard for remote activation of phones is to use possible ways to limit or challenge remote activation of phones by individuals or groups. These ways can help protect rights and interests, as well as ensure accountability and transparency.
Some of the possible ways to limit or challenge remote activation of phones are:
-
Using encryption technologies:
Encryption technologies can make data on phones unreadable or inaccessible to law enforcement agencies, even if they remotely activate them. Encryption technologies can also protect communications from law enforcement agencies’ interception or recording. For example, using end-to-end encryption apps, such as Signal or WhatsApp, can prevent law enforcement agencies from accessing messages or calls on phones.
-
Using security features:
Security features can prevent law enforcement agencies from installing or activating software or applications on phones that enable remote activation. Security features can also detect or remove software or applications that enable remote activation. For example, using antivirus software, firewalls, passwords, biometrics, or VPNs can prevent law enforcement agencies from accessing phones.
-
Using legal remedies:
Legal remedies can let individuals or groups contest or oppose remote activation of phones by law enforcement agencies. Legal remedies can also let individuals or groups seek compensation or redress for damages caused by remote activation of phones. For example, using judicial review, administrative appeals, complaints, lawsuits, or human rights mechanisms can challenge law enforcement agencies’ actions or decisions regarding remote activation of phones.
How does this technique compare with other countries?
Law enforcement agencies in other countries, such as the United States, Germany, Italy, Israel, Canada, China, France, and the United Kingdom, have used or considered remote activation of phones by the police. This technique is not new or unique. However, the legal framework, the technical methods, and the ethical and social implications of this technique vary from country to country..
How does remote activation of phones by the police work in different countries?
Remote activation of phones by the police is an intelligence technique that varies from country to country. It depends on the legal framework, the technical methods and the ethical issues of each country. Here are some examples of how it works in different countries.
- In the United States, this technique is known as “roving bugs” or “mobile device tracking”. The Foreign Intelligence Surveillance Act (FISA) authorizes it for national security purposes and Title III of the Omnibus Crime Control and Safe Streets Act for criminal investigations. It requires a court order based on probable cause and limited in scope and duration. It can locate or record sounds and images from phones. It can be done by installing malware or exploiting vulnerabilities on phones.
- In Germany, this technique is known as “Quellen-TKÜ” or “source telecommunications surveillance”. The Code of Criminal Procedure and the Telecommunications Act regulate it for criminal investigations and the Federal Intelligence Service Act for national security purposes. It requires a court order based on reasonable suspicion and proportionality. It can intercept communications from phones. To do so, it installs software or uses spyware on phones.
- In Italy, this technique is known as “Trojan horse” or “spyware”. The Code of Criminal Procedure and the Data Protection Code regulate it for criminal investigations. It requires a court order based on serious indications of guilt and necessity. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
- In Israel, this technique is known as “IMSI catchers” or “stingrays”. The Wiretapping Law and the Privacy Protection Law regulate it for criminal investigations and the Security Service Law for national security purposes. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
- In Canada, this technique is known as “cell site simulators” or “IMSI catchers”. The Criminal Code and the Charter of Rights and Freedoms regulate it for criminal investigations. It requires a court order based on reasonable grounds and proportionality. It can locate or intercept communications from phones. To do so, it uses devices that mimic cell towers and trick phones into connecting to them.
- In China, this technique is known as “network interception” or “remote control”. The Criminal Procedure Law and the Cybersecurity Law regulate it for criminal investigations and national security purposes. It does not require a court order but only an approval from a higher authority. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
- In France, real-time geolocation is regulated by the Criminal Procedure Code and the Intelligence Law for criminal and national security investigations. Article 706-102-1 of the Criminal Procedure Code allows police officers and agents to use a technical device to access, record, store and transmit computer data without the consent of the persons concerned. This requires a court order based on serious reasons and proportionality. Article 230-32 of the Criminal Procedure Code states that “Any technical means for real-time location, throughout the national territory, of a person, without his consent, a vehicle or any other object, without the consent of its owner or possessor, may be used if this operation is required by necessity: “. This also requires a court order based on serious reasons and proportionality.
- In the United Kingdom, this technique is known as “equipment interference” or “hacking”. The Investigatory Powers Act regulates it for criminal investigations and national security purposes. It requires a warrant based on necessity and proportionality. It can access data or record sounds and images from phones. To do so, it installs software or uses spyware on phones.
How does remote activation of phones by the police raise ethical and social challenges?
Remote activation of phones by the police raises ethical and social challenges in different contexts and situations because it involves a trade-off between security and privacy, as well as between effectiveness and legitimacy.
Security versus privacy
On one hand, remote activation of phones by the police can enhance security by providing law enforcement agencies with more information and evidence to prevent, investigate, and prosecute crimes. It can also deter criminals from using phones to plan or commit crimes.
On the other hand, remote activation of phones by the police can undermine privacy by letting law enforcement agencies access personal or professional data without consent or knowledge. It can also violate human rights and civil liberties by letting law enforcement agencies monitor or record sounds and images without notification or justification.
Effectiveness versus legitimacy
On one hand, remote activation of phones by the police can be effective by increasing the chances of finding relevant information or evidence on phones that may be encrypted, hidden, or destroyed. It can also be efficient by reducing the costs and risks of physical surveillance or interception.
On the other hand, remote activation of phones by the police can be illegitimate by violating the legal framework, the technical methods, or the oversight and control mechanisms that regulate this technique in each country. It can also be counterproductive by creating distrust or resistance among phone users or providers, who may use encryption technologies or legal remedies to protect their data or communications.
The ethical and social challenges of remote activation of phones by the police depend on the legal framework, the technical methods, and the oversight and control mechanisms that regulate this technique in each country. They also depend on the cultural and political values, the public opinion, and the media coverage that shape the perception and acceptance of this technique in each country.
Some of the ethical and social challenges of remote activation of phones by the police are how to :
- balance security and privacy in the use of this technique?
- ensure compliance with fundamental rights and freedoms in the use of this technique?
- prevent abuse, misuse, or error in the use of this technique?
- provide legal protection and recourse for individuals or groups affected by this technique?
- ensure accountability and transparency in the use of this technique?
- evaluate the effectiveness and legitimacy of this technique?
- foster trust and cooperation between law enforcement agencies and phone users in the use of this technique?
What is the impact of encryption technologies on this technique?
Encryption technologies are methods or systems that make data unreadable or inaccessible to unauthorized parties. Encryption technologies can have a significant impact on remote activation of phones by the police, as they can make this technique more difficult, risky, or controversial.
How can encryption technologies make remote activation of phones by the police more difficult or impossible?
Encryption technologies can make remote activation of phones by the police more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them. Encryption technologies can also protect phones from malware or spyware that enable remote activation.
For example, end-to-end encryption, which some apps such as Signal or WhatsApp use, can prevent law enforcement agencies from intercepting or reading messages or calls on phones, as only the sender and the receiver have the keys to decrypt them. Device encryption, which some operating systems such as iOS or Android use, can prevent law enforcement agencies from extracting or viewing data on phones, as they require a password or a biometric authentication to unlock them.
How can encryption technologies make remote activation of phones by the police more risky or harmful?
Encryption technologies can make remote activation of phones by the police more risky or harmful by exposing law enforcement agencies to legal or technical challenges or dangers. Encryption technologies can also harm phone users by compromising their security or privacy.
For example, breaking encryption, which law enforcement agencies sometimes do to access data or communications on phones, can expose them to legal challenges, as it may violate laws or regulations that protect encryption or privacy. It can also expose them to technical dangers, as it may weaken the security of phones or networks and create vulnerabilities for hackers or criminals. Hacking encryption, which law enforcement agencies sometimes do to install malware or spyware on phones, can harm phone users by compromising their security or privacy, as it may allow unauthorized access to their data or functions.
How can encryption technologies make remote activation of phones by the police more controversial or unacceptable?
Encryption technologies can make remote activation of phones by the police more controversial or unacceptable by raising ethical and social issues or debates. Encryption technologies can also create conflicts or tensions between law enforcement agencies and phone users or providers.
For example, undermining encryption, which law enforcement agencies sometimes request to facilitate remote activation of phones, can raise ethical and social issues or debates, as it may affect human rights and civil liberties, such as privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers. They may have different interests or values regarding encryption and security.
How does EviCore NFC HSM technology developed by Freemindtronic offer a high level of protection for phone users?
Remote activation of phones by the police can be facilitated by exploiting security flaws, installing malware, or requesting backdoors in encryption technologies. However, some encryption technologies may be resistant to these measures and offer a higher level of protection for phone users. One of them is the EviCore NFC HSM technology developed by Freemindtronic.
This technology lets users create their own encryption keys in a random way and store them in a physical device that communicates with the phone via NFC (Near Field Communication). The device also lets users define their own trust criteria that must be met to use the keys or their segments. The encryption is done in post-quantum AES-256 mode from either a device compatible with the EviCore NFC HSM technology or from an encrypted enclave in the phone created in the Key chain (Apple) or the Key store (Android) via the EviCore HSM OpenPGP technology. The encryption keys are segmented and superior to 256 bits. Moreover, they are physically externalized from computer systems. Everything is designed by Freemindtronic to effectively fight against espionage and corruption of telephone, computer, communication and information systems. Finally, without a server, without a database, even in air gap and airplane mode works EviCore NFC HSM or EviCore HSM OpenPGP technology. Everything is designed to work in volatile memory to leave no trace in telephone and computer systems.
This technology offers a high level of security and privacy for phone users who want to protect their data from unauthorized access, including by the police. It also offers a high level of performance and usability for phone users who want to encrypt or over-encrypt all types of messaging in the world, including SMS and MMS. It also works with other applications that use encryption, such as email, cloud storage or blockchain.
Furthermore, this technology is designed to be totally anonymous, autonomous, unconnected, without a database, without collecting any information of any kind on the identity of the user, nor on the hardware, nor on the terminals used. The technology is designed to be totally isolated and totally independent of the security of the terminal used whether it is connected or not. Freemindtronic does not keep the unique pairing keys for each NFC HSM device. And even if it did, the user at installation will automatically generate segmented complementary keys for encryption with administrator and user passwords. Each NFC device has a unique 128-bit signature dedicated to fighting against counterfeiting of NFC devices. It is also used as a key segment. The secret stored in eprom memories or in enclaves of the phone and/or computer can be individually secured by other segmented keys characterized by additional trust criteria such as a geozone, a random hexadecimal code via an existing or generated QR code or Bar Code via EviCore HSM. It is therefore physically impossible for Freemindtronic but under judicial assignment to decrypt data encrypted via EviCore HSM technologies even with a quantum computer.
Conclusion
Remote activation of phones by the police is an intelligence technique. It aims to fight terrorism and crime by accessing data or sounds and images from phones without consent or knowledge. Law enforcement agencies in various countries have used or considered this technique. For example, France, the United States, Germany, Italy, Israel, Canada, China, and the United Kingdom. However, this technique raises technical, legal, ethical, and social challenges. They need to be addressed.
On the technical side, remote activation of phones by the police depends on three factors: compatibility, connectivity, and security of the phones. It can be done by three methods: exploiting vulnerabilities, installing malware, or using spyware on phones.For example, EviCore NFC HSM technology developed by Freemindtronic protects data and communications on phones from remote activation by the police. Encryption technologies can make this technique more difficult or impossible by preventing law enforcement agencies from accessing data or communications on phones, even if they remotely activate them.
On the legal side, remote activation of phones by the police requires a legal framework that regulates its use and scope. Laws or regulations can authorize it and specify the conditions and criteria for its application. Legal remedies can also challenge it and contest or oppose its validity or legality.
On the ethical side, remote activation of phones by the police involves a trade-off between security and privacy, as well as between effectiveness and legitimacy. It can enhance security by providing more information and evidence to law enforcement agencies to prevent, investigate, and prosecute crimes. It can also undermine privacy by letting law enforcement agencies access personal or professional data without notification or justification.
On the social side, remote activation of phones by the police raises issues or debates that affect human rights and civil liberties. For example, privacy, confidentiality, dignity, presumption of innocence, and right to a fair trial. It can also create conflicts or tensions between law enforcement agencies and phone users or providers, as they may have different interests or values regarding encryption and security.
Therefore, remote activation of phones by the police is a complex and controversial technique that requires a careful and balanced approach that respects the rights and interests of all parties involved. The French bill on remote activation of phones by the police and the EviCore NFC HSM Open PGP technology developed by Freemindtronic illustrate the complex and evolving relationship between intelligence and encryption in the digital age. They raise questions about finding a balance. It is between security and privacy, between public interest and individual rights, between innovation and regulation.
: According to Okta, privacy is the right to control how your information is viewed and used, while security is protection from threats or dangers (https://www.okta.com/identity-101/privacy-vs-security/).
: According to Carnegie Endowment for International Peace, finding a balance between security and privacy requires addressing technical, legal, and social questions (https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573).
: According to Springboard, finding a balance between innovation and regulation requires cooperation among stakeholders and respect for human rights (https://www.springboard.com/blog/cybersecurity/privacy-vs-security-how-to-balance-both/).
Articles, Cyberculture, Digital Security, Technical News
Protect Meta Account Identity Theft with EviPass and EviOTP
May
Protect Meta Account identity theft by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
How to Spot and Avoid Phishing Attacks on Meta
Have you ever wondered what would happen if someone hacked your Meta account and used it for malicious purposes? Identity theft is a serious threat that affects millions of internet users worldwide. It can harm your reputation, finances, privacy, and even your safety. That’s why it’s essential to protect your Meta account from identity theft.
Articles Crypto Currency Digital Security EviSeed EviVault Technology News
Enhancing Crypto Wallet Security: How EviSeed and EviVault Could Have Prevented the $41M Crypto Heist
Articles EviVault Technology News Uncategorized
Why choose a Cold Wallet NFC HSM to secure your cryptocurrencies?
Articles Digital Security EviVault Technology NFC HSM technology Technical News
EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester
Articles EviVault Technology Phishing
Cryptbot malware steals data cryptocurrencies
Protecting Your Meta Account from Identity Theft
Meta is a family of products that includes Facebook, Instagram, Messenger, WhatsApp, Oculus, and more. These products allow you to connect with people, share content, play games, shop online, and explore new realities. However, they also store a lot of personal information that can be exploited by hackers if you don’t secure your account properly.
Identity theft of online accounts is a growing problem that affects many Meta users. Hackers use various techniques to illegally obtain user credentials and two-factor authentication information. This results in financial, legal, and psychological consequences for the victims, who find themselves deprived of their digital identity. In this article, we explain how to protect your Meta account from identity theft, with a focus on the security of your passwords and your two-factor authentication. We also present real testimonials of identity theft on Meta, which illustrate the seriousness of this problem and the importance of protecting yourself. Finally, we introduce you to an innovative solution that allows you to manage OTP tokens (One Time Password) securely and contactlessly thanks to an NFC device (Near Field Communication).
Creating Strong and Unique Passwords to Safeguard Your Meta Account
To enhance the security of your Meta account, it’s crucial to create strong and unique passwords. A strong password is the first line of defense against identity theft. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using obvious personal information, such as your name or date of birth. Furthermore, avoid reusing the same password on multiple accounts, as this makes it easier for hackers to gain unauthorized access. Consider using a secure password manager such as EviPass, offered by Freemindtronic, to store your passwords securely and regularly check their integrity.
Enhancing Meta Account Security with Two-Factor Authentication (2FA)
Enhancing the security of your Meta account is crucial, and enabling two-factor authentication (2FA) is an effective way to achieve that. In the security and login settings of your Meta account, you have access to a range of 2FA methods. Each method has its own advantages and considerations, empowering you to select the most suitable option for your needs.
Table: Comparison of Different 2FA Methods on Meta
| 2FA Method | Advantages | Disadvantages |
|---|---|---|
| Security Key | Highly secure, doesn’t require internet connection | Expensive, susceptible to loss or forgetfulness, requires USB or NFC port |
| Authentication App | More secure than SMS, compatible with multiple accounts | Risk of smartphone loss or theft, requires prior installation |
| SMS | Simple and quick | Risk of phone number hacking, reliance on mobile network |
| Authentication Applications | Enhanced security, generates secure 2FA codes | Risk of smartphone loss or theft |
| EviPass | Highly secure, contactless, compatible with multiple accounts, no prior installation required | Requires purchase of EviPass device |
The Ultimate Solution – EviPass and EviOTP for Meta Account Protection
EviPass, powered by Freemindtronic’s EviOTP technology, offers the best of both worlds with its PassCypher product. PassCypher combines two technologies: EviPass Hardware and/or Digital Manager, compatible with Freemindtronic’s NFC HSM devices. It also incorporates the EviOTP technology, a secret key manager for OTP and HOTP, enabling the generation of OTP codes. With PassCypher, you can experience highly secure and contactless 2FA. It eliminates the need for prior installation and provides a seamless user experience. By securely storing and generating OTP secret keys using EviOTP technology, PassCypher ensures end-to-end authentication. Please note that the PassCypher device, which includes EviPass and EviOTP technologies, needs to be purchased to utilize this comprehensive solution.
Being Vigilant Against Phishing Attacks to Secure Your Meta Account
Hackers often use phishing techniques to trick you into disclosing your credentials. Be vigilant about suspicious emails or messages asking for your credentials or personal information. Do not click on dubious links and always check the website address before entering your information. If you receive a suspicious message claiming to be from Meta, report it immediately.
Regularly Updating Security Information for Meta Account Protection
To maintain optimal security, it is important to update your security information regularly, such as your recovery email address and phone number. This information will allow you to regain access to your account in case of identity theft or password forgetfulness. Make sure you choose secure and easily accessible recovery information that only you have access to.
Implementing EviOTP for Enhanced Meta Account Security against Identity Theft
One innovative solution for securing your Meta account is EviOTP by Freemindtronic. EviOTP utilizes contactless technology and NFC devices to securely manage OTP tokens (One Time Passwords). By enabling two-factor authentication with EviOTP, you are required to provide an additional code along with your password when logging into your Meta account. This method offers optimal protection against phishing attacks and identity theft, as your OTP tokens are stored and encrypted within the NFC device, physically isolated from your computer and phone systems.
Table: Advantages and disadvantages 2FA
| 2FA Method | Pros | Cons |
|---|---|---|
| SMS | Simple and fast | Risk of hacking your phone number, dependence on mobile network |
| Authentication App | More secure than SMS, compatible with multiple accounts | Risk of losing or stealing your smartphone, requires prior installation |
| Security Key | Very secure, does not require internet connection | Expensive, easy to lose or forget, requires USB or NFC port |
| EviOTP | Very secure, contactless, compatible with multiple accounts, does not require prior installation | Requires purchasing the EviOTP device |
Considering the different options available, each 2FA method offers unique benefits and drawbacks. Security keys provide a high level of security but may be costly and prone to loss. Authentication apps offer increased security and compatibility, but the risk of smartphone theft exists. SMS codes are simple and fast but carry the risk of phone number hacking. Authentication applications like Google Authenticator or Microsoft Authenticator generate secure codes but are still susceptible to smartphone loss. Finally, EviOTP stands out as a highly secure, contactless option compatible with multiple accounts, although it requires purchasing the EviOTP device.
EviOTP – The Ultimate 2FA Solution
For the ultimate 2FA solution, EviOTP by Freemindtronic offers unmatched security and convenience. EviOTP combines contactless technology, compatibility with multiple accounts, and a seamless user experience. It eliminates the need for prior installation and configuration, making it ready to use right out of the box. By securely storing and generating OTP secret keys, EviOTP ensures end-to-end authentication. To benefit from EviOTP, please note that the EviOTP device must be purchased.
To enable two-factor authentication with Contactless OTP Manager, you must follow these steps:
- Download and install the PassCypher application embedding the EviPass technology and especially EviOTP on your NFC-compatible Android mobile device from the Google Play Store.
- Log in to your Meta account on a computer or mobile browser.
- Go to the security and login settings of your Meta account and click on “Use two-factor authentication”.
- Choose the option “Authentication application” and follow the instructions on the screen.
- Open the PassCypher application on your mobile device and bring your Contactless OTP Manager device close to the phone to scan the QR code displayed by Meta.
- Enter the six-digit code generated by Contactless OTP Manager in the “Security Code” field on Meta and click on “Next”.
- Save the recovery codes provided by Meta in case of loss or theft in your Contactless OTP Manager device that you also use to generate codes to authenticate yourself.
Beware of phishing attacks
Hackers often use phishing techniques to trick you into disclosing your credentials. Be vigilant about suspicious emails or messages asking for your credentials or personal information. Do not click on dubious links and always check the website address before entering your information. If you receive a suspicious message claiming to be from Meta, report it immediately.
Update your security information regularly
To maintain optimal security, it is important to update your security information regularly, such as your recovery email address and phone number. This information will allow you to regain access to your account in case of identity theft or password forgetfulness. Make sure you choose secure and easily accessible recovery information only by you.
Real Testimonials of Meta Account Identity Theft and Steps to Protect Yourself
Identity theft is a phenomenon that affects more and more internet users worldwide. According to a study by the Federal Trade Commission, consumers reported losing more than $5.8 billion to fraud in 2021, an increase of more than 70% over the previous year. Among the most common types of fraud are identity theft scams, which aim to steal the login information of users on various Meta products, such as Instagram, Facebook, Messenger, WhatsApp or Oculus. These information can then be used to harm the reputation, finances or privacy of the victims.
Finding real testimonials of identity theft on Meta is not always easy. Indeed, victims may feel ashamed of being fooled, afraid of the consequences or simply not know who to turn to report the problem or ask for help. That’s why we have gathered in this section some true and verified stories that illustrate the different possible scenarios of identity theft on Meta. These stories are presented in the form of small short paragraphs that are easy to read and explain how the victims discovered the hacking, how they reacted and what were the consequences.
We hope that these testimonials will help you to become aware of the risks associated with identity theft on Meta and to adopt good practices to protect your personal data online. If you are a victim or witness of identity theft, do not hesitate to report the problem to the competent authorities and ask for help from specialized services.
- Marie found June 6, 2021 Marie’s Instagram account was hacked by scammers. They tricked her into giving them her login information. They used her account to ask her followers for money. Marie reported the hack to Instagram and warned her contacts. She finally got her account and her 2,000 followers back. She learned to be more careful online.
- A woman from France had her Instagram account hacked by scammers who tried to extort money from her followers. She contacted Meta, but received no response. She then contacted a cybersecurity expert who helped her recover her account and her 6,000 followers.
- Muriel, a regular user of Meta, was a victim of identity theft on her personal account as well as on her Meta Business Manager account. Despite activating two-factor authentication, hackers managed to bypass security measures, leaving Muriel in a difficult situation. Unable to receive the necessary help from Meta, she shared her experience on social networks, hoping to find a contact within Meta who could help her solve this frustrating problem.
- In December 2021, Meta filed a lawsuit against the bad actors who allegedly created over 39,000 websites that resembled the login pages of Instagram, Facebook, Messenger, and WhatsApp. The defendants used these websites to deceive users and collect their login information. They also infringed Meta’s trademarks by using its logos and names on their fake pages.
- In February 2023, a couple was victim of a phishing scam that targeted META users. They received an email that seemed to come from the social network and asked them to confirm their credentials and password to avoid the closure of their account. When they clicked on the link, they were redirected to a fake login page that recorded their data. A few days later, they noticed that their account had been hacked and that fraudulent purchases had been made with their credit card linked to their META account.
- In October 2022, a woman discovered that her Instagram account had been hacked and that a scammer had used her identity to blackmail her followers. He sent them messages pretending to be her and asking for nude photos or money. He threatened to expose their private conversations or photos if they did not comply. The victim reported the hack to Instagram and warned her contacts about the scam.
- In October 2021, a man was sentenced to 18 months in prison with a suspended sentence for having impersonated several personalities on social networks, including the president of the French Republic Emmanuel Macron. He created fake META (ex-Facebook) accounts and sent private messages to internet users asking them for money or services. He also tried to extort personal information from journalists and politicians by pretending to be their relatives or collaborators.
- In February 2020, a woman discovered that her META account had been hacked and that a scammer had used her identity to trick her friends. He sent them messages pretending to be her and asking them for financial help for an emergency. He then asked them to send him PCS recharge codes (prepaid cards) that he could use to buy goods or services online. The victim filed a complaint and alerted her contacts about the hack.
- French case of Loïc: Loïc suffered identity theft on Meta for a grueling period of 17 years. Hackers opened numerous bank accounts in his name, took out consumer loans and used his information to benefit from social and tax benefits. Loïc recounted his ordeal during an interview with Olivier Delacroix on Europe 1 on January 15th, 2019. For years, he had to provide proof of identity and fight with administrations, banks and bailiffs to restore the truth and regain control of his digital identity.
- Case of Julie: Julie was a victim of identity theft on her Meta account by her ex-partner. He managed to access her account by cloning her SIM card, changing her security information and posting defamatory messages in her name. Julie quickly became aware of the situation and immediately filed a complaint with the competent authorities. She also contacted the Cybermalveillance.gouv.fr service to get help in the process of recovering her account and protecting her online reputation.
- Thomas’s Instagram account was hacked by a hacker who impersonated him and sent rude messages to his contacts. He managed to recover his account with the help of a cybersecurity expert.
- Benoît fell victim to a scam on WhatsApp. He received a message from a friend who asked him to lend him money urgently. He agreed and sent 500 euros by bank transfer. He realized too late that it was an impostor who had hacked his friend’s account.
- Clara was a victim of identity theft on her Facebook account. She received a notification that told her she had won a free trip and asked her to click on a link to claim it. She followed the link and entered her Facebook credentials. She realized too late that it was a trap to steal her data and use it to create fake profiles in her name.
- David was a victim of identity theft on his Oculus account. He received an email that told him he had been selected to test a new virtual reality game and asked him to download an app on his smartphone. He downloaded the app and scanned a QR code with his Oculus headset. He realized too late that it was a malicious software that had stolen his login information and used his account to buy games without his permission.
- Emma was a victim of identity theft on her Meta Workplace account. She received a message from a colleague who asked her to send him confidential documents related to an ongoing project. She trusted him and sent the documents by email. She realized too late that it was an impostor who had hacked her colleague’s account and used the documents to harm the company.
- Another real case of identity theft on Meta is that of Aaron Elekes. This film and TV producer had his Facebook account hacked by scammers who impersonated him and his contacts. Despite his efforts to recover his account, he did not receive the necessary help from Meta. He had to create several new accounts under his name, which caused him a lot of stress and frustration. This testimonial shows how important it is to protect your Meta account from identity theft.
- Other real examples of identity theft on Meta include:
- A company called Meta that accuses Meta (formerly Facebook) of unlawfully seizing its mark, name and identity.
- The risks associated with identity theft on Meta, such as the loss of personal data, the spread of false information, the contact scam or the infringement of copyright.
These real testimonials of identity theft on Meta illustrate the severity of the problem and highlight the importance of taking adequate security measures to protect your account. By following the tips mentioned above, such as creating strong passwords, enabling two-factor authentication and using innovative solutions like EviPass and EviOTP, you can enhance the security of your Meta account and significantly reduce the risks of identity theft.
Conclusion: Safeguard Your Meta Account from Identity Theft
Protecting your Meta account from identity theft is essential to preserve your online security. By following the recommended security measures, such as creating strong and unique passwords, enabling two-factor authentication and using innovative solutions like EviPass and EviOTP from Freemindtronic, you enhance the security of your account and reduce the risks of identity theft. Also be vigilant about phishing attempts and make sure to update your security information regularly. Use the tools and technologies at your disposal to enhance the security of your Meta account. By following these tips, you will be able to fully enjoy your experience on Meta with peace of mind.
Protect your digital identity and take the necessary steps to secure your Meta account now. Don’t let hackers steal your online identity. Be proactive in your approach to security and make protecting your account a top priority.
By adopting strong security measures and staying informed about the latest techniques used by hackers, you can minimize the risks of identity theft and protect your digital life on Meta. Make sure you implement the recommendations presented in this article and don’t hesitate to explore more advanced security solutions to further enhance the protection of your account. Your online security is in your hands, so act now to protect your Meta account from identity theft.
Protect your digital identity and take the necessary steps to secure your Meta account now. Don’t let hackers steal your online identity. Be proactive in your approach to security and make protecting your account a top priority.
By adopting strong security measures and staying informed about the latest techniques used by hackers, you can minimize the risks of identity theft and protect your digital life on Meta. Make sure you implement the recommendations presented in this article and don’t hesitate to explore more advanced security solutions to further enhance the protection of your account. Your online security is in your hands, so act now to protect your Meta account from identity theft.
Remember that securing your Meta account is not limited to these measures. Stay vigilant, educate yourself on the latest security practices and be proactive in protecting your digital identity. By taking these precautions, you can fully enjoy your experience on Meta safely and peacefully.
About Freemindtronic
Freemindtronic is a company specialized in digital security solutions based on NFC technology (Near Field Communication). Founded in 2017 by Jean-Marc Zanni, an expert in embedded systems engineering, Freemindtronic offers innovative products such as EviPass and EviOTP that allow users to manage their passwords and OTP tokens securely and contactlessly. Freemindtronic’s solutions are designed for individuals and professionals who want to protect their digital identity from cyberattacks and identity theft.
2023, Articles, Cyberculture, Digital Security, Technical News
Strong Passwords in the Quantum Computing Era
May
Strong Passwords by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
How to Protect Your Passwords from Quantum Computers Introduction
Do you know that quantum computers could break your passwords in seconds? This could expose your personal and financial data to hackers. To prevent this, you need to create strong passwords that can resist quantum attacks. In this article, you will learn how to do it easily and effectively.
2024 Digital Security
Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool
2024 Cyberculture Digital Security News Training
Andorra National Cyberattack Simulation: A Global First in Cyber Defense
2024 Digital Security
Apple M chip vulnerability: A Breach in Data Security
2024 Articles Cardokey EviSwap NFC NDEF Technology GreenTech Technical News
NFC vCard Cardokey: Revolutionizing Digital Networking
2024 Digital Security
Cybersecurity Breach at IMF: A Detailed Investigation
2024 DataShielder Digital Security PassCypher Phishing
Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?
2024 Digital Security
PrintListener: How to Betray Fingerprints
2024 Articles Digital Security News
BitLocker Security: Safeguarding Against Cyberattacks
How to create strong passwords in the era of quantum computing?
Quantum computing is a technology that promises to revolutionize the field of computation by exploiting the properties of subatomic particles. It offers unprecedented possibilities for scientific research, artificial intelligence or cryptography. But it also represents a risk for the security of data and online communications. Indeed, quantum computers could be able to crack the secret codes that protect our passwords, our bank accounts or our private messages.
What is quantum computing? What is encryption? What is a brute force attack?How to protect ourselves from this threat? The answer is simple: create strong passwords and resist quantum attacks. But what is a strong password? And how to choose it? Here are some tips to help you strengthen your digital security in the era of quantum computing.
What is quantum computing and how does it work in video?
What is a strong password?
A strong password is a password that is hard to guess or crack by a hacker. It must be composed of at least 12 characters, mix uppercase and lowercase letters, numbers and symbols, and not contain dictionary words, proper names or personal data. For example, “P@ssw0rd123” is not a strong password, because it is too short, too simple and too common. On the other hand, “Qx7!tZ9#rGm4” is a strong password, because it is long, complex and random.
Why is a strong password important?
A strong password is important because it reduces the risk that your account will be hacked by a brute force attack. A brute force attack consists of testing all possible combinations of characters until finding the right password. The longer and more complex the password, the more possible combinations there are, and the more time and resources it takes to crack it.
For example, a password of 8 characters composed only of lowercase letters has about 200 billion (26^8) possible combinations. A classical computer can crack it in a few minutes. But a password of 20 characters composed of letters, numbers and symbols has about 10^39 (95^20) possible combinations. A classical computer would need 766 trillion years to crack it.
But what about quantum computers?
Quantum computers are able to perform calculations much faster and more powerful than classical computers thanks to their ability to manipulate qubits instead of bits. A qubit can take two states simultaneously (0 and 1), which allows it to explore multiple solutions at the same time. Thus, a quantum computer could theoretically crack a password by testing all possible combinations in parallel.
However, there are technical and practical limits to this ability. First, you need to have a quantum computer powerful and stable enough to perform this type of operation. However, current quantum computers are still very rudimentary and only have a limited number of qubits. Second, you need to know the type of encryption used to protect the password. However, there are encryption algorithms that are resistant to quantum attacks, such as symmetric encryption or elliptic curve encryption. Third, you need to have access to the system that stores the password. However, there are security measures that prevent unauthorized access, such as two-factor authentication or account locking after several unsuccessful attempts.
Thus, even if quantum computers represent a potential threat for the security of passwords, they are not yet able to crack them easily. Nevertheless, it is prudent to prepare for the advent of this technology by creating strong passwords and changing them regularly.
How to choose a strong password?
To choose a strong password, there are several methods. Here are some examples:
- The Diceware method: it consists of randomly choosing several words from a predefined list and separating them by spaces or symbols. For example, “piano cat star 7 &”. This method allows you to create passwords that are easy to remember and hard to crack.
- The XKCD method: it consists of choosing four random words and assembling them without space. For example, “correcthorsebatterystaple”. This method is inspired by a comic from the XKCD site that shows that this type of password is safer than a complex but short password.
The random generator method: it consists of using an online tool that creates a random password composed of letters, numbers and symbols. For example, “Qx7!tZ9#rGm4”. This is the method implemented in the evicore nfc and evicore hsm technology from Freemindtronic, which features a random password generator with Shannon entropy control. This technology also automatically calculates the number of bits of the generated password based on the type of printable ASCII 95 characters used. This method allows you to create very secure passwords but difficult or impossible to remember, which requires the use of a hardware or virtual password manager. Whatever the method chosen, it is important to follow some rules:
- Do not use the same password for multiple accounts or services.
- Do not write the password on a paper or store it on an insecure device.
- Do not share the password with other people or communicate it by email or phone.
- Do not use obvious clues or security questions to recover the password in case of forgetfulness.
- Use a password manager to store and manage your passwords securely.
Tools for creating and protecting strong passwords
If you want to create and protect strong passwords in the age of quantum computing, you can use some of these online tools to help you:
- Online password generator: A tool that creates a random and strong password composed of letters, numbers and symbols. For example, Mot de passe.xyz is a free and secure online password generator that lets you choose the length and types of characters for your password.
- Password strength calculator: A tool that calculates the entropy (the number of bits) of a password based on its length and the number of possible characters. For example, Password Entropy Calculator is a free online tool that shows you how strong your password is and how long it would take to crack it.
- Data breach checker: A tool that checks if your email or phone number has been exposed in a data breach. For example, Have I Been Pwned? is a free online service that lets you check if your personal information has been compromised by hackers.
Using these tools can help you create and protect strong passwords that are resistant to quantum attacks. However, you should also remember to use different passwords for different accounts, change them regularly, and use a password manager to store them safely.
In conclusion
Passwords are essential to protect our privacy and our data online. Faced with the potential threat of quantum computers, it is important to create strong passwords and resist quantum attacks. To do this, we need to choose passwords that are long and complex, change them regularly and manage them with caution. Thus, we will be able to enjoy the benefits of quantum computing without fearing for our digital security.
Mar
Electronic signatures are increasingly being used to authenticate and protect documents online. But did you know that there are different levels of security for electronic signatures? According to the eIDAS regulation, there are three types of electronic signatures: simple, advanced and qualified. Each type offers a different degree of reliability and safety. In this article, we will look at simple electronic signatures and explain how HSM OpenPGP can make them more secure.
Electronic Signature from HSM OpenPGP
Simple Electronic Signatures
A simple electronic signature is the most basic form of electronic signature. It has no specific criteria defined by the eIDAS regulation. It is based solely on the express or implied consent of the author of the document. For example, a simple click on an “I agree” button or entering a name in a form field can be considered a simple electronic signature.
Simple electronic signatures are used for documents that do not require increased security, such as newsletters, surveys or contact forms. They have limited legal value, as they do not guarantee the identity of the signer or the integrity of the document.
Simple electronic signatures present several risks for data security. First of all, they are easy to forge or usurp. It is enough to know the name or email address of the signer to be able to sign in his place. Then, they are vulnerable to computer attacks. A hacker can intercept, modify or delete the signed document without the signer or the recipient noticing. Finally, they are difficult to verify. There is no simple and reliable way to prove the authenticity and validity of a simple electronic signature.
Il is a tool that allows you to sign your electronic documents in compliance with the eIDAS regulation. HSM OpenPGP offers you several advantages to enhance the security of your simple electronic signatures:
HSM OpenPGP uses an asymmetric cryptography system to protect your data. Each signer has a pair of keys: a public key and a private key. The public key is used to verify the signature, while the private key is used to sign the document. The private key is stored in a secure digital vault and is only accessible to the signer. HSM OpenPGP generates a timestamp for each signed document. The timestamp is an indelible proof of the date and time of the signature. It ensures the integrity of the document and prevents tampering or repudiation. HSM OpenPGP allows you to choose the level of security of your electronic signature according to your needs. You can opt for a simple, advanced or qualified electronic signature. Each level offers additional guarantees on the identity of the signer and the validity of the document. It is therefore a tool that allows you to sign your electronic documents with confidence and compliance. If you want to learn more about HSM OpenPGP and its features, feel free to visit our website or contact us.
Advanced Electronic Signatures
Electronic signatures are increasingly used to authenticate and protect online documents. But not all electronic signatures are equal. According to the eIDAS regulation, there are three types of electronic signatures: simple, advanced and qualified. Each type offers a different level of reliability and security. In this article, we will focus on advanced electronic signatures and explain how HSM OpenPGP can make them safer.
An advanced electronic signature is a form of electronic signature that offers a higher level of security than a simple electronic signature. It is based on a digital certificate issued by a trusted third party, called a qualified trust service provider (QTSP). This certificate allows to authenticate the identity of the signer and to ensure the integrity of the signed document. To be considered as an advanced electronic signature, the signature must meet several criteria defined by the eIDAS regulation. It must be:
- Uniquely linked to the signer;
- Capable of identifying the signer;
- Created using signature creation data that the signer can use under his exclusive control;
- Linked to the signed data in such a way that any subsequent modification of the data is detectable.
Advanced electronic signatures are used for documents that require increased security, such as contracts, invoices or tax declarations. They have a stronger legal value than simple electronic signatures, because they can prove the origin and integrity of the document.
It is an encryption key management application that provides unparalleled security and privacy to users. It is compatible with all messaging services and offers end-to-end encrypted instant messaging via segmented key authentication SMS. It also has a file encryption and data signing system with signature self-verification.
- eIDAS compliance: By using HSM OpenPGP for advanced electronic signatures, you can be sure that your signatures meet the requirements of the eIDAS (Electronic IDentification, Authentication and Trust Services) regulation, which was established in July 2016 to define the criteria for an electronic signature process within the European Union.
- Timestamp of signed documents: HSM OpenPGP generated a timestamp for each signed document. The timestamp is indelible proof of the date and time of the signature. It ensures the integrity of the document and prevents falsification or repudiation.
- Choice of security level: HSM OpenPGP also allows you to choose the level of security of your electronic signature according to your needs.
- Advanced features for data security and privacy: In addition to meeting eIDAS requirements for advanced electronic signatures, HSM OpenPGP also offers other data security and privacy benefits. For example, it allows you to generate, store, and use all types of symmetric and asymmetric keys offline for Open PGP encryption algorithms. The user can freely choose the algorithm he wants to use from AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing, or use with HSM OpenPGP.
By using HSM OpenPGP for advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS regulation, but also additional protection for your data thanks to the advanced features offered by HSM OpenPGP.
Compliance with eIDAS Regulation
It is an innovative application for managing encryption keys and signing files. Although HSM OpenPGP offers an interesting approach to electronic signatures, it is important to note that its approach differs from the requirements for a qualified electronic signature under the eIDAS regulation.
The eIDAS Regulation (No 910/2014) was adopted on 23 July 2014 by the European Parliament and the European Union Council. It aims to strengthen trust in electronic transactions within the internal market by establishing a common foundation for secure electronic interactions between citizens, businesses and public authorities. According to this regulation, a qualified electronic signature must be created using a secure signature creation device (DSC) that ensures that the signature creation data is under the exclusive control of the signatory. It must also be based on a qualified electronic signature certificate that attests to the identity of the signatory and is issued by a qualified trust service provider (PSC) meeting applicable technical and regulatory requirements. Finally, it must allow the signatory to be identified and any subsequent changes to the signed data to be detected.
To learn more about the eIDAS Regulation, you can visit the EUR-Lex website at the following address:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014R0910
HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation because its approach does not rely on the use of a secure signature creation device (DSC) or a qualified certificate for electronic signatures issued by a qualified trust service provider (PSC).
However, It’s offers an innovative approach in the field of file signing and data encryption. HSM OpenPGP allows the signatory to generate, store and share their own public key and signature hash without relying on an external trusted third party. HSM OpenPGP uses technology patented by Freemindtronic on segmented key authentication to provide users with an unparalleled level of security and privacy. HSM OpenPGP also allows you to choose the level of security for your electronic signature based on your needs.
In short, although HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation, it offers an innovative approach to simple and advanced electronic signatures with a high level of security and privacy.
According to the eIDAS Regulation, an advanced electronic signature must meet the following criteria:
- It is uniquely linked to the signatory.
- It allows the signatory to be identified.
- It is created using data that the signatory can use under their exclusive control.
- It is linked to the data to which it relates in such a way that any subsequent changes to the data can be detected.
It is appears to meet these criteria by allowing the signatory to generate their own private key using an application on their phone. The private key is encrypted and stored in the keychain (Apple) or key store (Android) and is only accessible to the signatory. The signatory creates their signature in .asc format from their private key after authenticating by entering at least one key or two or three. The signatory then sends the signature and their public key to the recipient so that they can verify that the file has not been corrupted.
By using HSM OpenPGP for advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS Regulation, but also additional protection for your data thanks to HSM OpenPGP’s advanced features. For example, it has a file encryption system and data signing with self-verification of signatures. The user can freely choose which algorithm they want to use among AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing or use with HSM OpenPGP.
In conclusion, although HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation, it offers an innovative approach to simple and advanced electronic signatures with a high level of security and privacy. It is appears to meet the criteria for an advanced electronic signature by allowing the signatory to generate their own private key using an application on their phone and providing users with an unparalleled level of security and privacy thanks to its patented technology. By using HSM OpenPGPfor advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS Regulation, but also additional protection for your data thanks to HSM OpenPGP’s advanced features. For example, it has a file encryption system and data signing with self-verification of signatures. The user can freely choose which algorithm they want to use among AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing or use with HSM OpenPGP.
Sep
Freemindtronic licensed products
|
Compatible technologies |
EviVault & EviToken |
|
Compatible products |
Keepser, Keepser Premium, Keepser Premium+, Keepser PASS, Keepser PRO, Keepser PRO+, KCW PASS, KCW PRO, KCW PRO+, Personal Safe Clone, Expert Safe Clone |
|
Time to retain data in Eprom memory without electrical energy |
40 years |
|
Number of records cycles guaranteed |
MTBF – MTTF 1,000,000 writes at 25°C without error |
|
Battery-free functional energy |
NFC signal energy recovery via phone signal (NFC terminal) Energy harvesting |
|
Communication protocol |
NFC (ISO / IEC 15693) / Compatible (ISO / IEC 14443) |
|
Terminal compatible |
NFC Android phone or tablet |
|
Type of terminal operating system |
Android from version 6 and following |
|
Type of operation |
Contactless |
|
Typical composition of a Keeps |
|
|
Number of possible records |
50 or 100 |
|
Maximum number of characters for the name of the Keeps |
15 (dynamic optimization of characters number) |
|
Number of total characters per Keeps |
61 characters (name of label + username + password) |
|
Maximum number of characters for a credential password |
48 characters |
| Anti-counterfeiting | ECC BLS12-381 signature Read-only |
|
Number of RSA keys |
1 RSA4906 (private key and public key) |
| Type of characters allowed | ASCII (95 printable characters) – European ISO alpha digital – symbols |
|
Eprom NFC encryption |
AES-256 CBC |
| Automatic connection compatibility to internet accounts | Keepser Extension for web browsers Chrome, Opera, Brave, UC Browser, Vivaldi, Edge, Torch, Chromium |
Physical security – digital |
|
|
NDEF |
not available |
|
Memory type |
NFC EPROM |
|
Access control and authentication |
Depend of the models Multi Authentication Factors by default: Connection Key, UIID Phone, Dynamic Encryption Key Extension, anticounterfeight key and some customisable: Administrator password, user password, BSSID, Geolocation, Phone digital fingerprint |
|
Type of brute force protection |
Depend of the models 3 default pin attempts before the NFC terminal is automatically disconnected Number of attempts is configurable from 1 to 15 according to the models |
|
Labels display time |
Setable time from 5 seconds to 5 minuts according to the models |
|
Individual access control by Keeps |
Up to 5 setable authentication factors (MFA)
|
|
Secure data sharing |
Copy, backup, hardware cloning between devices by NFC only via a smartphone paired to the device, by NFC Beam, Nearby share and QR code, sending encrypted data by all types of messaging, including SMS or MMS |
|
Type of authentication of the NFC terminal on local network |
Dynamic encryption key |
|
Type of data encryption |
AES 256 / RSA 4096 / ECC 256-512 bits |
|
Physical security memory blocks |
Multi passwords protection |
| Technical features of the resin |
Flame resistance: 6,4 mm UL94 V-0 |
Physical properties |
|
|
Minimum operating temperature |
-40° F (-40 C) |
|
Maximum operating temperature |
+185° F (+85 C) |
|
Protection index CEI EN 62262 |
Higher than ISO IP89K |
| Liquid resistance of the electronic components coating |
|
| Material | PCB FR4 High Tg 170 |
| ISO/IEC NFC | 15693 & ISO/IEC 18000-3 mode 1 Compatible 14443 |
| Frequency | 13.56 megahertz of ±7 kilohertz of carrier frequency |
| Distance RF reading/writing | 0,8 to 2,5 inches (2 to 6 cm) |
| Format carte standard | ISO CR80 |
| Dimensions (inches) | 3.37 X 2,125 (85.6 x 54 mm) |
| Thickness | 0.4 inch (1 mm) |
| Weight (oz) | around 0.35 (10 gr) |
| Colour | Black, white, gold, silver |
General |
|
|
Manufacturer |
Freemindtronic (Andorra) or its licensee the Syselec Group (France) |
|
REACH (SVHC concentration) |
0% |
|
RoHS compliant |
Yes |
|
Intellectual property protections International |
|
|
Builder’s warranty |
Freemindtronic Technologies and Product Guarantee click HERE to learn more. |
Dec
Archive des Versions
Welcome to Freemindtornic’s software version history page. Here you will find a complete archive of all the updates and enhancements made to our software since their initial launch.
Update Details
Each history entry includes detailed information about the release, features added, bug fixes, and performance improvements to help you understand the evolution of our products.
Commitment to Excellence
We are committed to providing regular updates to continuously improve the user experience and meet the changing needs of our customer base.
Thank you for your continued trust and support.
Download softwares
Detailed History by Software
❌ DataShielder Engine Microsoft (Soon)
❌ DataShielder Engine Apple (Soon)
❌ DataShielder HSM PGP Chrome (Soon)
❌ DataShielder HSM PGP Edge (Soon)
❌ DataShielder HSM PGP Firefox (Soon)
✅ Freemindtronic Android NFC Phone App
✅ KEEPSER Android NFC Phone App
✅ Freemindtronic Web Extension
✅ EviCypher Webmail Encryption Legacy NFC HSM
✅ Freemindtronic Firefox Addons
Software Microsoft & Apple & Linux
EviDNS Microsoft
Network discovery
Software: EviDNS
Developer: Freemindtronic
Technology: zeroconf
Price: Free
Version: 1.3.6
Date : 2024/03/30
Security: Certificate Highest level by EV Code Signing Certificate
Requires operating system: Windows 10 64 bits, Windows 11 64 bits
How it works: click Here
Download this version click here
Version history of software:
Current version: 1.3.6
Date : 2024/03/30
Features
- Ad Id Manifest Edge
Version: 1.3.5
Date : 2023/12/22
Features
- Add compatibility with PassCypher HSM PGP and DataShielder HSM PGP
Download this version click here
Version: 1.3.4.1
Date : 2023/12/19
Download this version click here
version: 1.3.4
Date: July 3, 2023
Miscellaneous
- Add new ID for Pass Cypher NFC Extension
Download old version click here
Version: 1.3.3.1
Date: Dec 16, 2021
Download this version click here
Miscellaneous
- Addon ID from other addon store added
Version: 1.3.2
Date : Dec 9, 2021
Download this version click here
Bugs fixes
- On Windows the service restarts in case of a crash
Version: 1.3.1
Date: Sep 30, 2021
Features
- New network interface are taken in account
Bugs fixes
- Fix configuration file
- Panic error if no network interface found
- linux; fix service failing at startup
- linux/mac: fix manifest.json file permissions
Miscellaneous
- Update dependencies
Version: 1.3.1
Date: Sep 29, 2021
Features
- service lookup run as a service. Improve result speed
- add Intel driver hack to fix issues with Intel wifi driver on Windows
- improve zeroconf library for faster result
- add config file for configuration outside command arguments
- add grpc protocol for communication between components
Misc
- add ci workflow to github project
- follow strong linting rules
Version: 1.3.0 Alpha (pre-release)
Date: Sep 23, 2021
Version: 1.2.1
Date: Aug 31, 2021
Bugs fixes
- disable log by default to remove permissions error
Version: 1.2.0
Date : Aug 05, 2021
Version: 1.1
Date: Feb 10, 2021
EviDNS Apple
Network discovery
Software: EviDNS
Developer: Freemindtronic
Technology: zeroconf
Price: Free
Version: 1.3.6
Date : April 19, 2024
Security: Application signed by Apple
Requires operating system: macOS 11 or later
How it works: click Here
Version history of software
Actual version: 1.3.6
Date: April 19, 2024
Miscellaneous
- Ad Id Manifest Edge
version: 1.3.5
Date: Dec 22, 2023
Features
- Add compatibility with PassCypher HSM PGP and DataShielder HSM PGP
version: 1.3.4
Date: July 3, 2023
Features
- Add new ID for Pass Cypher NFC Extension
version: 1.3.3
Date: Dec 16, 2021
Miscellaneous
- Addon ID from other addon store added
Version: 1.3.2
Date : Dec 9, 2021
Bugs fixes
- On Windows the service restarts in case of a crash
Version: 1.3.1
Date: Sep 30, 2021
Features
- New network interface are taken in account
Bugs fixes
- Fix configuration file
- Panic error if no network interface found
- linux; fix service failing at startup
- linux/mac: fix manifest.json file permissions
Miscellaneous
- Update dependencies
Version: 1.3.1
Date: Sep 29, 2021
Features
- service lookup run as a service. Improve result speed
- add Intel driver hack to fix issues with Intel wifi driver on Windows
- improve zeroconf library for faster result
- add config file for configuration outside command arguments
- add grpc protocol for communication between components
Misc
- add ci workflow to github project
- follow strong linting rules
Version: 1.3.0 Alpha (pre-release)
Date: Sep 23, 2021
Version: 1.2.1
Date: Aug 31, 2021
Bugs fixes
- disable log by default to remove permissions error
Version: 1.2.0
Date : Aug 05, 2021
Version: 1.1
Date: Feb 10, 2021
EviDNS Linux
Network discovery
Software: EviDNS
Developer: Freemindtronic
Technology: zeroconf
Price: Free
Version: 1.3.4
Date: July 3, 2023
Requires operating system: Linux
How it works: click Here
Version history of software
Actual version: 1.3.4
Date: July 3, 2023
Verify SHA256, and MD5 Checksum :
amd64:
MD5: a6625dd222dcc9f33973a53b467a4604
SHA256: e3b6f496e46fba7d48a8f0eeb6fb8bdf7d2f1425b2d75f3032c7e1923536eebd
arm
MD5: 226dbdcb4c8304275969b36fcc66d8b8
SHA256: 10f6768079e08a8c224ffea67dd7dd7016e1dbb8f800e382b77e536077d2360c
arm64
MD5: 8969396e7aa5e5ec29f7e112667ee672
SHA256: 7a4c9a3647800bbb8b4079b0b88a0923e6cb25f9a9b9c2cf9d72bb5284e7de99
Miscellaneous
- Add new ID for Pass Cypher NFC Extension
Version: 1.3.3
Date: Dec 16, 2021
Miscellaneous
- Addon ID from other addon store added
Version: 1.3.2
Date : Dec 9, 2021
Bugs fixes
- On Windows the service restarts in case of a crash
Version: 1.3.1
Date: Sep 30, 2021
Features
- New network interface are taken in account
Bugs fixes
- Fix configuration file
- Panic error if no network interface found
- linux; fix service failing at startup
- linux/mac: fix manifest.json file permissions
Miscellaneous
- Update dependencies
Version: 1.3.1
Date: Sep 29, 2021
Features
- service lookup run as a service. Improve result speed
- add Intel driver hack to fix issues with Intel wifi driver on Windows
- improve zeroconf library for faster result
- add config file for configuration outside command arguments
- add grpc protocol for communication between components
Misc
- add ci workflow to github project
- follow strong linting rules
Version: 1.3.0 Alpha (pre-release)
Date: Sep 23, 2021
Version: 1.2.1
Date: Aug 31, 2021
Bugs fixes
- disable log by default to remove permissions error
Version: 1.2.0
Date : Aug 05, 2021
Version: 1.1
Date: Feb 10, 2021
PassCypher Engine Microsoft
Password Manager HSM, Serverless, Databaseless, Accountless, one-click auto-login!
Software: PassCypher
Developer: Freemindtronic
Technology: EviDNS Serverless
Price: click here
Version: 1.2.0
Date : 2024/04/16
Security: Certificate Highest level by EV Code Signing Certificate
Requires operating system: Windows 10 64 bits, Windows 11 64 bits, Windows 8 64 bits, Windows 7 64 bits)
How it works: click Here
Version history of software:
Actual version: 1.2.0
Date: April 16, 2024
- Features
- Date dynamic
- Download license
- Detect token infinite
Fixes
- Fix error message services respond
Old version: 1.0.1
Date: Feb 29, 2024
- Fix license error
Old version: 1.0.0
Date: Dec 19, 2023
PassCypher Engine Apple
Password Manager HSM, Serverless, Databaseless, Accountless, one-click auto-login!
Software: PassCypher Engine
Developer: Freemindtronic
Distributer: Fullsecure
Technologies: EviEngine
Version: 1.2.0
Date : 2024/04/19
Security: Code Signing Certificates by Apple
Requires operating system: macOS 11 or later
How it works: click here
Download older versions from information
Version history of software:
Actual version: 1.2.0
Date: April 19, 2024
- Features
- Date dynamic
- Download license
- Detect token infinite
Fixes
- Fix error message services respond
Old version: 1.0.1
Date: Feb 29, 2024
- Fix license error
Old version: 1.0.0
Date: Dec 19, 2023
PassCypher HSM PGP
Free Password Manager, AES 256 encryption key manager, Serverless, Databaseless, Accountless, anonymous, auto-login, autofill, anti-phishing,password integrity check, compatible with PassCypher Engine and PassCypher NFC HSM!
Software: PassCypher Suite
Developer: Freemindtronic
Technology: EviPass NFC HSM & EviPass HSM PGP
Compatible product: PassCypher Engine & PassCypher NFC HSM
Version: 1.4.0
Date : 2024/04/16
Security addons: Google, Edge, Opera, Firefox
Requires operating system: full
How it works: click Here
Version history of software:
Actual final version: 1.4.0
Date: April 16, 2024
Features
- Add checkbox for auto key wipe
- Add password hiding in EviPass and autofill
- Download license and dynamic date expiration
- Add entropy control for passphrase generation
Refactor
- Update translations
Bug Fixes
- Fix import key .eppc
- Fix select paths keys passcypher
Old test version: 1.3.0
Date: March 25, 2024
Features
- Update manifest 2 to 3
Fix
- Fix the password pwned
Old test version: 1.2.4
Date: March 4, 2024
Features
- Update manifest 2 to 3
Fix
- Fix the password pwned
First version: 1.2.3
Date: Dec 22, 2023
DataShielder Engine Licence
Microsoft
Encryption key manager and PGP HSM encryption, serverless, databaseless, accountless, automatic one-click encryption!
Software: DataShielder Engine
Developer: Freemindtronic
Distributor: Fullsecure
Technologies: EviEngine
Version: ND
Date : Soon
Security: Code Signing Certificates by Apple
Requires operating system: macOS 11 or later
How it works: click here
Download older versions from information
Version history of software:
DataShielder Engine
Apple
Encryption key manager and PGP HSM encryption, serverless, databaseless, accountless, automatic one-click encryption!
Software: DataShielder Engine
Developer: Freemindtronic
Distributor: Fullsecure
Technologies: EviEngine
Version: ND
Date : Soon
Security: Code Signing Certificates by Apple
Requires operating system: macOS 11 or later
How it works: click here
Download older versions from information
SOFTWARE EMAILS CLIENTS
APPLICATIONS
Freemindtronic Android NFC Phone App
Name: Freemindtronic App
Version: V2.1.4
Price: Free
Date: Aug 23, 2023
Requires Android: 6.0 or later
Compatible products Fullsecure Andorra: PassCypher NFC HSM, DataSielder NFC HSM
Compatible technologies NFC HSM: EviCore, EviVault, EviCypher, EviCrypt, EviFile, EviPass, EviDNS, EviSeed, EviOTP, EviToken, EviAuth, EviCloud, EviKeyless
Other technologies devices: EviKeyboard BLE, USB EviKey NFC HSM, SSD EviDISK NFC HSM,
History of application:
V2.1.4
Date: Aug 24, 2023
Fixe:
Autofill permissions with API 33 permissions
V2.1.3
Date: Aug 24, 2023
Fixe:
Some bugs related with API 33 permissions
Update:
– Update gradle
V2.1.2
Date: Aug 23, 2023
Fixes
- Modify manifest for publication
V2.1.1
Date: Aug 22, 2023
Update: SDK 33
Fixes
- Crashlytics error getting the wallet balance
- Crashlytics creating btc wallet
V2.1.0
Date: Jul 31, 2023
Fixe
- Error copying existing label
Features
- Create SeedNFC Product
Refactor
- Modify some icons
Translations:
- Add UK translations
V2.0.3
Date: Apr 13, 2023
Fixes
- Error saving label credential
- Bug with theme manager with the extension request
- Copying label with the same name with nfc
- Need minimun 1 key to generate a segmented key
Refactor
- Reinstate the auto-generate button in login
V2.0.2
Date: Apr 5, 2023
Fixes
- Fix flag bugs with S+ API 31
V2.0.1
Date: Apr 4, 2023
Fixes
- Some bugs with API 31 or above
V2.0.0
Date: Mar 31, 2023
Features
- Create PassCypher and PassCypher Lite product
- Create DataShielder Defense, DataShielder Master and DataShielder Lite products
- Create a new dictionary for segmented key of PassCypher
- Create a new label : Segmented key
Translations
- update translations
Core
- Update sdk API to 31
V1.9.7
Date: Oct 27, 2022
Fixes
- Null pointer exception in a function
Style
- Add new bleujour logo
- Update background colors
- Change otp position in the list
Translations
- Translations to Hindi
Miscellaneous
- Set minimum android version 6.0
V1.9.6
Date: Aug 4, 2022
Fixes
- Update the initial Card Id each time a different card is read
V1.9.5
Date: Aug 3, 2022
Fixes
- Check if it is the correct card when writing on it.
V1.9.4
Date: Jun 7, 2022
Fixes
- IOTA QRcode reader is now square
- Display sentence in 2 lines instead of 3/4 lines
Style
- Adapt usb key icon to dark mode
- Change freemindtronic pairing icon
- Change full key icon
- Change OTP Button position
- Button autologin function
Miscellaneous
- Change Bleujour product names
V1.9.3
Date: Mar 18, 2022
- Add Bleujour backup card
- Add Bleujour Cyber Computer card
- Fullkey geolocation not initialized
- Add inputstick for Bleujour Cyber Computer card
V1.9.2
Date: Mar 17, 2022
Fixes
- Add inputstick bleujour cyberpc card
V1.9.1
Date: Mar 17, 2022
Features
- add bleujour backup card
- add bleujour cyberpc card
Fixes
- fullkey geolocation not initialized
- disable label creation with fix left for BJ card
V1.9.0
Date: Mar 18, 2022
Features
- Add support of new yield and nested cards
- Add support for Polygon and BNB (BSC) cryptocurrencies and update pictures
- Hide encryption key creation for Nested device
- Hide label editing
- Hide label display
Fixes
- Background dark theme autofill
- Autofill theme & lens color
- Bleujour permission for Nested and Yield cards
- Add new name to BSC cryptocurrency
V1.8.2
Date: Feb 11, 2022
Fixes
- Invisible icon of “Allow to add a new account” in user settings in dark mode
Miscellaneous
- Translations updated
- Improved QRcode detection via a library update
V1.8.1
Date: Feb 10, 2022
Fixes
- Fix geo and bssid trust criteria being ignore with evicypher
- Ping phone ringtone stops after 5s
- Add a guide for Xiaomi user on how to enable autofill
- Cloud and OTP icon are now visible in dark mode
- Crypto settings switch is now visible in dark mode
Miscellaneous
- improved autofill field detection
- updated autofill icon
- moved the ping section in user settings to the end
- modified crypto settings design in admin panel
V1.8.0
Date: Feb 4, 2022
Features
- Add cryptocurrency advance settings
- Add phone IP in pairing list
- Add autofill feature
- Add phone IP during pairing
Fixes
- Crashlytics related bugs
- QRcode visible twice in IOTA
- Trust criteria taken into account in light view
Miscellaneous
- Dependencies updated
- Toast messages last longer
- A useless ping setting removed
V1.7.0
Date: Dec 23, 2021
Features
- Added support for OTP Token (TOTP)
V1.6.1
Date: Dec 1, 2021
Fixes
- Format device reset custom name
V1.6.0
Date: Dec 1, 2021
Features
- Add warning message on authentication if the wrong card is presented
- Require minimum admin password length of 4
Fixes
- Format device reset custom name
- Trust criteria elements visible
- Add missing InputStick permission needed by Android API 30
- Bug from Crashlytic
- Trust criteria progress bar hidden with BleuJour
- AES key auto-detection no working if label from a direct copy
Miscellaneous
- Rename Evitoken Technology » by « Freemindtronic Technology » in home screen
- Enable InputStick and disable EviKeyboard by default
- Switch InputStick and EviKeyboard position in user parameters
- Replace share icon by a QR code icon on label displayed
- New information message in authentication
- Traduction updated
Contact Freemindtronic for information about old versions click [here]
KEEPSER
Android NFC Phone App
Name: KEEPSER
Technology NFC HSM: EviToken & EviCore
Developer: Freemindtronic
Price: Free
Version 1.6.4
Date : March 23, 2023
Requires Android: 6.0 or later
History of application:
1.6.4
Fixe
- Error pending Intent with flag with API 31 or above.
- Change key string
1.6.3
- Change internal code related
- Update AP31
(*)⚠️ We are sorry to inform you that version 1.4.2 released on 22/0/20023 has issues with API 31. Please do not update at this time. A fix is in progress and will be available in version 1.4.3. Your data stored in your Keepser remains safe. Thank you for your understanding
1.6.2
Refactor
- Add new translations to access the store
1.6.0
Features
- add 2 new cryptocurrencies
- add user guide and ecommerce button
- add Expert Safe Clone and Personal Safe clone models
- Add theme for Backup Cards
- Autofill for Xiaomi
Fixes
- button autologin function
- title size in clone keepser screen
- name of the product (limit is 16 char)
Miscellaneous
- Improve all crypto images
- Add translations weblate
1.4.3
Bug fixes
- Additional security progress bar more intuitive
- Bug from Crashlytics
- Add progress dialog in authentication
- Format device reset custom name
- Miscellaneous
- Rename: By Freemindtronic -> Keepser by Freemindtronic
1.4.1
Features
- Add support of 6 new Keepser cards
- Add a warning toast on admin authentication if the wrong card is presented
Fixes
- App works correctly if opened from an NFC tap
- additional security layout updates on presentation of an other card
- progress bar in additional security is now visible and calibrated
- Fix some app crashes
Miscellaneous
- Enable crashlytics
- Replace share icon by QRcode one when showing a label for better user experience
- Translations updated
Extensions Applications
Chrome Web Store
Freemindtronic Web Extension
Passwordless / Auto login / Autofill
Name: Freemindtronic
Version: 1.5.2
Price: Free
Date: December 3, 2021
Requires navigator based on Chromium
Tested the november 27, 2021 with Chrome 96.0.4664.45 (64-bit)
Version history of extension:
Version: 1.5.2
Date: September 01, 2021
Features
- Add support of cloud key (post-it and create new label)
Miscellaneous
- Make EAN13 the default type when creation of an identication card,
Remove beta prefix, - Cloud key dialog box contains correct label text in post-it
Bug fixes
- Cloud key label generator display correct qr-code
- Playstore tab can again display Application qr-code
Version: 1.4.0
Date: September 01, 2021
Version: 1.3.1
Date: August 24, 2021
Chrome Web Store
DataShielder Web Extension
Encryption messagin and file / Encryption key Management
Name: DataShielder HSM PGP
Version: ND
Price: Licence by Fullsecure Andorra
Date: Soon for May 15, 2024
Requires navigator based on Chromium
Tested the April, 2024 with Chrome 124.0.6367.91 (64-bit)
Version history of extension:
Chrome Web Store
Keepser Web Extension
Passwordless / Auto login / Autofill
Name: KEEPSER
Developer: Freemindtronic
Price: Free
Version: 1.3.6
Date: May 12, 2022
Requires navigator based on Chromium
Tested the november 27, 2021 with Chrome 96.0.4664.45 (64-bit)
Version history of extension:
Version 1.4.1
Date: mai 12, 2022
Features
- Implementation force IP Adress
- FAQ button
Fixes
- Correction of several visual bugs.
- Link ‘keepser.com
- Card contact dev info
- Languages Shop
Miscellaneous
- Add Translations
Version 1.3.6
Date: November 16, 2021
Fixes
- Error message not visible when label creation
Miscellaneous
- Translations updated
1.3.5 August 26, 2021
- First publication
Chrome Web Store
Webmail Encryption
Name: EviCypher Webmail Legacy for NFC HSM
Technology: NFC HSM Legacy & OpenPGP for EviCryt & EviFile
Price: Free
Version: 1.5.0
Date : December 8, 2022
Requires navigator based on Chromium
Tested the november 27, 2021 with Chrome 96.0.4664.45 (64-bit)
Version history of extension:
v1.5.0 Latest
Features
add new functionalities to BITB
v1.13.1
Features
Add support for Zoho Webmail
New message to close decrypted box
Translations updated
v1.12.1
Fixes
Chrome: Fix logo wrapping
Miscellaneous
More user-friendly fetch label page
More user-friendly evilabel page
v1.12.0
Features
New UI for popup page. Element store
Add a new page: Get a Label
Add refresh button to phone tab on popup page
Fixes
Yandex tag updated
v1.11.2
Fixes
Encrypted mail can’t be re-encrypted #60
iCloud frame scale correctly
Miscellaneous
Rename extension
Add description to the extension
v1.11.1
Bug Fixes
legacy is the default mode of encryption
remove svg for better inter compatibility
Edge Addons
DataShielder Web Extension Application
Encryption messagin and file / Encryption key Management
Name: DataShielder HSM PGP
Version: ND
Price: Licence by Fullsecure Andorra
Date: Soon for May 15, 2024
Requires navigator based on Chromium
Tested the April, 2024 with Edge 124.0.2478.67 (64-bit)
Version history of extension:
Edge Microsoft
KEEPSER Web Extension
Passwordless / Auto login / Autofill
Name: KEEPSER
Developer: Freemindtronic
Price: Free
Version: 1.4.1
Date: May 12, 2022
Requires navigator based on Chromium
Tested the november 27, 2021 with Chrome 96.0.4664.45 (64-bit)
Version history of extension:
Version 1.4.1
Date: mai 12, 2022
Features
- Implementation force IP Adress
- FAQ button
Fixes
- Correction of several visual bugs.
- Link ‘keepser.com
- Card contact dev info
- Languages Shop
Miscellaneous
- Add Translations
Version 1.3.6
Date: November 16, 2021
Fixes
- Error message not visible when label creation
Miscellaneous
- Translations updated
1.3.5 August 26, 2021
- First publication
Edge Microsoft
EviCypher Webmail Encryption
Name: EviCypher Webmail & Cloud
Technology NFC HSM Legacy & OpenPGP: EviCryt & EviFile
Price: Free
Version: 1.5.0
Date : December 8, 2022
Requires navigator based on Chromium
Edge add-ons clic here
Version history of extension:
v1.5.0 Latest
Features
add new functionalities to BITB
v1.13.1
Features
Add support for Zoho Webmail
New message to close decrypted box
Translations updated
Version: 1.12.1
Date : December 15, 2021
Version: 1.11.1
Date : November 26, 2021
Opera
EviCypher Webmail Encryption
Name: EviCypher Webmail – legacy
Technology NFC HSM Legacy & OpenPGP: EviCryt & EviFile
Price: Free
Version: 1.13.1
Date : February 15, 2022
Requires navigator based on Chromium
Download: Coming soon
Version history of extension:
v1.13.1 Latest
Features
Add support for Zoho Webmail
New message to close decrypted box
Translations updated
Version: 1.12.1
Date : December 15, 2021
Version: 1.11.1
Date : November 26, 2021
WEB NAVIGATORS FIREFOX
Firefox Addons
DataShielder Web Extension Application
Encryption messagin and file / Encryption key Management
Name: DataShielder HSM PGP
Version: ND
Price: Licence by Fullsecure Andorra
Date: Soon for May 15, 2024
Requires navigator based on Chromium
Tested the April, 2024 with Chrome 124.0.6367.91 (64-bit)
Version history of extension:
Firefox
Freemindtronic
Passwordless / Auto login / Autofill
Name: Freemindtronic Extension
Version 1.6.2
Price: Free
Date: Feb 22, 2022
Browser version tested: 116.0.3 (64 bits) Aug 22, 2023
Signed and approved by Mozilla
Version history of extension:
Version 1.6.2
Date: Feb 22, 2022
Miscellaneous
- Updated translations
Version 1.6.1
Date: Feb 18, 2022
Features
- Add description to manual ip entry
Miscellaneous
- Updated translations
Version 1.6.0
Date: Feb 4, 2022
Features
- User can enter phone IP address manually
Version 1.5.2
Date: November. 6, 2021
Fixes
- Cloud key label generator display correct qr-code
- Playstore tab can again display Application qr-code
Miscellaneous
- Cloud key dialog box contains correct label text in post-it
Version 1.5.1
Date: December. 1, 2021
- Add support of cloud key (post-it and create new label)
Miscellaneous
- Make EAN13 the default type when creation of an identication card,
- Remove beta prefix,
- Cloud key dialog box contains correct label text in post-it
Bug fixes
- Cloud key label generator display correct qr-code
- Playstore tab can again display Application qr-code
Version 1.5.0
Date: November. 6, 2021
Features
- Add support of cloud key (post-it and create new label)
Version 1.4.0
Date: September 4, 2021
Firefox
KEEPSER
Passwordless / Auto login / Autofill
Name: Keepser
Developer: Freemindtronic
Price: Free
Version 1.4.2
Date: March 21, 2023
Browser version tested: 116.0.3 (64 bits) Aug 22, 2023
Signed and approved by Mozilla
Version history of extension:
Version 1.4.2
Date: March 21, 2023
Change : yoube channel link
Version 1.4.1
Date: mai 12, 2022
Features
- Implementation force IP Adress
- FAQ button
Fixes
- Correction of several visual bugs.
- Link ‘keepser.com
- Card contact dev info
- Languages Shop
Miscellaneous
- Add Translations
Version 1.3.6
Date: December 3, 2021
- Original version
Firefox
Webmail Encryption
Name: EviCypher Webmail – legacy
Technology NFC HSM Legacy & OpenPGP: EviCryt & EviFile
Version: 1.15.0
Price: Free
Date : Dec 6, 2022
Browser version tested: 116.0.3 (64 bits) Aug 22, 2023
Signed and approved by Mozilla
Version history of extension:
Version: 1.15.0
Date: Dec 6, 2022
Features
- Add new functionalities to BITB
Version: 1.14.3
Date: Nov 3, 2022
Bug Fixes
- outlook webmail
- BITB in english
Version: 1.14.2
Date: Nov 3, 2022
Features
- Add BITB mitigation
- Hindi translations
Bug Fixes
- Editor selectors
Version: 1.14.1
Date: Sep 21, 2022
Fixe
- Translations BITB mitigation
Version: 1.13.4
Date: Sep 21, 2022
Fixe
- Change selectors of Outlook
Version: 1.13.3
Date: Jun 15, 2022
Fixes
- add buttons outlook
Version: 1.13.2
Date: May 12, 2021
Fixes
- Yahoo and outlook buttons
Version: 1.13.1
Date: February 23, 2021
Fixes
- Close button decrypt translation
Version: 1.13.0
Date: February 22, 2022
Features
added support for Zoho Webmail
new message to close decrypted box
Bug Fixes
proton encrypt button appears always and decrypt works with all webmails
Version: 1.12.3
Date: December 21, 2021
Fixes
Added missing information required by add-on stores (add-on name must be present in all translations files)
Version: 1.12.2
Date: December 20, 2021
Fixes
Fetching a label without an username no longer crashes
Miscellaneous
Make supported languages visible by add-on stores
Updated dependencies
Version: 1.12.1
Date: December 16, 2021
Fixes
Chrome: Fix logo wrapping
Miscellaneous
More user-friendly fetch label page
More user-friendly evilabel page
Version: 1.12.0
Date: December 15, 2021
Features
New UI for popup page. Element store
Add a new page: Get a Label
Add refresh button to phone tab on popup page
Fixes
Yandex tag updated
Version: 1.11.2
Date: December 01, 2021
Fixes
Encrypted mail can’t be re-encrypted
iCloud frame scale correctly
Miscellaneous
Rename extension
Add description to the extension
Version: 1.11.1
Date: November 25, 2021
Bug Fixes
legacy is the default mode of encryption
remove svg for better inter compatibility
Thunderbird Mozilla
Thunderbird Email Encryption
Name: EviCypher
Technology NFC HSM Legacy & OpenPGP: EviCryt & EviFile
Price: Free
Version: 0.2.10
Date: july 11, 2022
Requires navigator Firefox: 78.4 or later
Tested with Thunderbird 115.1.0 (64 bits) Aug 22, 2023
Signed and approved by Mozilla
Version history of extension:
Version: 0.2.10
Date: july 11, 2022
- Chore: update thunderbird version compatibility
Version: 0.2.9
Date: may 12, 2021
- Fix: Déchiffrement automatique
- Taille de fichier à chiffrer infini
- Souris invisible sur le QR code
Version: 0.2.8
Date: may 10, 2021
- Update design
Version: 0.2.7
Date: may 10, 2021
- Update design
Version: 0.2.3
Date: may 6, 2021
- First version
2021, Articles, EviCypher NFC HSM, EviCypher Technology, Technical News
EviCypher A New Way to Keep Secrets and Pass Them On
May
EviToken & EviCypher Technology a new way to keep secrets and pass them on.
EviToken & EviCypher technology to control information privacy is an absolute necessity today, as there are so many cyber malicious acts. We can cite among others acts such as phishing, stalking or ransomware. These so-called “cyber” threats alone represent approximately 75% of the infiltration techniques giving access to your confidential or personal data. All of these techniques have the same approach, which is identity theft. This mechanism allows an individual, or a machine, to impersonate someone or something else. The recipient thus deceived, lifts his natural mistrust to trust this ill-intentioned sender.
Protection techniques for transmitting confidential or personal data have been around for a very long time, as have signature mechanisms. They are most often based on asymmetric key algorithms, with strong encryption (RSA of 2048 or 4096 bits or even ECDSA). Unfortunately, if the model on which these encryption techniques are based is proven and ensures flawless security, its IT implementation is, for its part, often undermined by man-in-the-middle attacks, or by elevations of law on information systems. These attacks, when identification or decryption relies only on one-factor authentication, allow the theft of encryption keys, and directly compromise the security of your data. To mitigate these threats, two-factor authentication (or 2FA) adds a layer of protection by either obtaining a unique code sent by SMS to your phone number, or by validating a request for it authentication (Google / Facebook), or through the use of authenticators which is increasingly recommended by security specialists.
Why use the EviToken & EviCypher Technology?
The purpose of EviToken & EviCypher technology is to secure secrets of different kinds, such as asymmetric keys (RSA), symmetric keys (AES) but also login information, PIN codes, account or bank card identifiers, cryptocurrency private keys, cryptocurrency wallet passphrases, cryptocurrency recovery phrases (SEED), etc. The EviToken & EviCypher secure safe is contained in a simple NFC card, not connected to a computer system. It communicates with the latter, on demand, via a near-field transmission protocol (NFC) which transmits data over an encrypted channel, built by EviToken & EviCypher. Secrets stored in the card are segmented and encrypted to make them physically inaccessible to cybercriminals. The EviToken & EviCypher secure safe is a real natural Air Gap component. Thus, apart from the case of data transmission, the architecture used has: no power supply; no security breach due to an increase in temperature (which makes it immune to malware such as “BitWhisper and Fansmitter”); no emission of sound signals, even those inaudible to the human ear and no emission of light or waves. Finally, to avoid a conflation with smart card-based systems, the support of EviToken & EviCypher technology does not require dedicated physical connection hardware with the digital system, nor does it have an operating system, which makes it insensitive to the introduction of malicious code as on a Java architecture. Like any electronic component, the EviToken & EviCypher secure safe can undergo invasive attacks which consist in using acids to expose the electronic circuit that will then have to be analyzed to try to understand the implementation of the secure secrets in multiple scrambled segments.
If EviToken & EviCypher technology provides security in a secure vault, what about the use of encryption keys to transport secrets over a secure channel?
In the context of two-factor authentication, we consider that you are the only one who can hold the second criterion of trust. This security measure traditionally allows, in case of failure, not to trigger the secure transport of your data. However, this function is not intended to secure the transport, it is the role of the encryption protocol to perform this operation. Thus, if the encryption keys are compromised, the data could be compromised during a listen. Faced with this problem, EviToken & EviCypher directly integrates metadata trust criteria into its encryption keys, in order to secure the encrypted messages during their transport. Thus, even in the event of a compromise of the keys, decryption remains blocked by the trust criteria. With this in mind, why stop at two criteria of trust? In its basic version, EviToken & EviCypher offers nine trust criteria based on the possession of a third-party object, technical components (phone ID, barcode, password, geolocation or BSSID) but also environmental and specific components to the sender, or recipient, to make data compromise even more difficult.
A simple example, you want to send a confidential message containing your latest invention to a colleague in a hostile environment, with a high probability of compromise. You will therefore add non-digital trust criteria to your encryption key, to ensure its protection in the event of a compromise. The decryption of the message by the AES 256 symmetric key will only be accessible, by the digital tool, once the conditions related to the trust criteria have been met. If we base one of the trust criteria on a geolocation for example, the recipient must not only be in possession of an EviToken & EviCypher card, but also be physically located at the location of geolocation defined in the trust criteria to decrypt the message. This location may be known to the recipient like a convention, but may also not be known. The trust criterion will then be transmitted to him as one of the authentication multi-factors, by SMS / QR Code / Photo or any other means.
If EviToken & EviCypher technology provides security in a secure safe, encryption of messages with trust criteria based on environmental components, technical or not, what about the transmission of keys for use in a space digital connected?
To secure end-to-end transmissions, several tools, used as gateways, such as smartphones or virtual keyboards, will be crossed. EviToken & EviCypher then builds encrypted channels, from the first communications between the EviToken & EviCypher card and the first NFC communication gateway, using an AES 128 symmetric pairing key. The latter will be replaced by a 256-bit AES symmetric key, with different trust criteria depending on the user’s choice, when recording a secret. Communication with web browsers is achieved using 256-bit ECC ephemeral keys (X25519), to negotiate exchanges between the smartphone and the browser plugin, to insert website authentication, text decryption, etc. As for the transmission, from the smartphone, of texts, images or encrypted files, the encryption is carried out with a symmetric key AES 256 bits with trust criteria.
Why choose the EviToken & EviCypher technology?
Our goal is to better understand the feasibility of digital malicious acts through a human approach to attacks. Thus, if you do not physically have the EviToken & EviCypher card, or if you do not have access to it with a connection duration long enough to carry out an attack, it will be very difficult to compromise the safe, but it is quite obvious that «to the impossible no one is bound “. “However, this attack requires physical contact, it is no longer possible to hide behind anonymizers. Assuming that the encrypted message is sufficiently protected, with algorithms such as 2048- or 4096-bit RSA or even ECDSA, then it is necessary to look into the protection of the key. Indeed, this protection will remain true as long as the encryption and decryption keys remain secret. History of computer attacks shows certain difficulties in maintaining this assertion. It is therefore necessary to strengthen the protection of the keys, by accepting the compromise of the latter, while protecting the message during its transport. at best for this requirement, non-digital trust criteria, that is to say criteria known, held, observable or understandable by the recipient, are required for the decryption of the message and no longer of the key.
EviToken & EviCypher technology, by adding these trust criteria, changes the current paradigm of access to secrets. Thus, even if a secret, and more particularly a decryption key, were stolen, it could only be used if the trust criteria are met.
Based on the EviToken & EviCypher principle, the new EviCypher technology, which won the 2021 gold medal for international inventions from Geneva, brings new innovations in the creation, management, integration and augmented intelligence linked to the use of trust criteria. A new chapter on this internationally patented invention on segmented key authentication is opening.
About the author
Fabrice Crasnier is the director of Research & Development departement of FREEMINDTRONIC. Freemindtronic, Andorran start-up designs and manufactures tailor-made solutions for its customers in the field of safety and cyber security of information systems and computer systems.
Fabrice is Associate Professor at Paul Sabatier University in Toulouse where he teaches cybercrime phenomena. He is at the origin of the creation of 3 forensic laboratories as head of forensic activities within the french police in Toulouse and within the SCASSI company. He has worked for 27 years in the judicial police, including 17 years following national and international cybercrime investigations. As a judicial expert since 2004 at the Court of Appeal of Toulouse, he has witnessed the delinquent transformation of cyberspace between 2000 and 2017. As a computer engineer, he has understood that the origin of cyberthreats is not always due to a defect in computer tools but more often to a misuse of these tools.
Fabrice can be reached online on LinkedIn: https://www.linkedin.com/in/fabricecrasnier/
For more information, visit the company website at www.freemindtronic.com
NEWS PROVIDED BY
Cyber Defense RSA Edition for 2021
May 18, 2021
Related Link:
https://www.cyberdefensemagazine.com
Source Link:
https://www.cyberdefensemagazine.com/annual-editions/RSA-2021/Cyber-Defense-Magazine-RSA-Edition-for-2021.pdf
2021, Articles, Cyberculture, Digital Security, EviPass, EviPass NFC HSM technology, EviPass Technology, Technical News
766 trillion years to find 20-character code like a randomly generated password
May
766 trillion years to find randomly generated 20-character code like randomly generated password
766 trillion years to find randomly generated 20-character code is the result of a simulator to find a 20-character generated by technology EviPass.
The age of the universe is estimated at only 14 billion years, this gives you an idea of comparison.
How did I find this result that you can control on your own?
We used the Password Strength Calculator developed by Bob Beeman [1] which was last updated on January 4, 2013.
This simulator is freely available on the www.bee-man.us website as well as the source code used.
Why We Chose Bob Beeman’s Simulator
In our quest to estimate the time it would take to crack a random 20-character code, we had several simulation tools at our disposal, including lastbit.com [2], password-checker.online-domain-tools.com [3], and ANSSI’s [4] simulator from ssi.gouv.fr. However, we ultimately opted for Mr. Bob BEEMAN’s simulator due to its transparent calculation method and its technical approach to brute force attacks.
Acknowledging Mr. Bob BEEMAN
Before delving into the details of our simulation, we must extend our gratitude to Mr. Bob BEEMAN for making his code freely accessible and copyable while upholding his copyrights, as explained on his website. We hope our research can contribute to his already impressive achievements, including a record-breaking 15-millisecond feat.
Reference to Ultra-Powerful Computers
To provide you with a comprehensive understanding of the state-of-the-art technology for brute force attacks in 2013, we examined Bob Beeman’s simulator’s reference to an ultra-powerful computer designed in 2012 specifically for password cracking.
Considering Computational Capacity
Bob Beeman’s simulator takes into account the computational capabilities of computers, including the 2012 design, for executing brute force attacks on passwords. It allows for adjustments in the “Values of Hacker: Axes/Second,” providing a valuable point of reference and comparison.
Staying with Default Parameters
For the sake of consistency, we maintained the default example provided by Bob Beeman, which assumed a rate of 60-109 (billion) attempts per second.
Radeon City: Revolutionizing Password Security
In this section, we’ll delve into the incredible story of Radeon City, a game-changing password-cracking cluster boasting 25 AMD Radeon graphics cards. Discover how it was built, what it can achieve, and why it’s reshaping the world of password security.
Building Radeon City
Jeremi Gosney, the visionary behind Radeon City and the CEO of Stricture Consulting Group, sought to create a powerhouse capable of cracking passwords with unprecedented speed and efficiency. His solution? Virtual OpenCL (VCL), a groundbreaking virtualization software.
Gosney assembled five servers, each armed with five AMD Radeon HD7970 graphics cards, interconnected through VCL. The cluster, aptly named Radeon City, was born at a cost of approximately $30,000 in 2012.
Unleashing Radeon City’s Power
Radeon City is a juggernaut, capable of generating an astounding 350 billion guesses per second when cracking NTLM cryptographic algorithm hashes. In just 5.5 hours, it can test every combination of eight-character passwords, including uppercase and lowercase letters, digits, and symbols.
But it doesn’t stop there. Radeon City can crack a range of cryptographic algorithms, from MD5 and SHA1 to SHA2 and even SHA3, at unprecedented speeds. It employs various attack types, including brute force, dictionary, rule-based, combinator, and hybrid attacks, using extensive wordlists and intricate rules.
Radeon City isn’t confined to offline attacks. It can also perform online attacks through distributed cracking, where passwords are guessed on live systems.
Why Radeon City is a Game-Changer
Radeon City marks a seismic shift in password security. It reveals the vulnerability of passwords protected by fast algorithms like NTLM and challenges the belief that longer, complex passwords equate to greater security. The key takeaway? Truly secure passwords are random strings absent from dictionaries.
Moreover, Radeon City advocates for slow and salted algorithms like Bcrypt, PBKDF2, or SHA512crypt, and underscores the importance of password management tools like EviPass.
Radeon City Specifications
Jeremi Gosney, a data security researcher, engineered a groundbreaking desktop rig that can swiftly dismantle older protocols. Leveraging the Open Computing Language (OpenCL) framework and Virtual OpenCL Open Cluster (VCL), Gosney deployed HashCat—a dedicated password-cracking program. The system comprises five quad-core servers, each housing 25 AMD Radeon GPUs, providing the immense computational power required for the task. These servers are interconnected with a 10 to 20 Gbps transfer rate facilitated by an Infiniband switch.
Here’s a snapshot of Radeon City’s technical specifications:
- Servers: 5
- Graphics Cards: 25 AMD Radeon GPUs
- Model: AMD Radeon HD7970
- Memory: 3 GB GDDR5
- Clock Speed: 925 MHz
- Compute Units: 32
- Stream Processors: 2048
- Peak Performance: 3.79 TFLOPS
- Virtualization Software: Virtual OpenCL (VCL)
- Password-Cracking Software: ocl-Hashcat Plus
- Cost: $30,000 (2012)
This powerhouse enables Radeon City to achieve unprecedented speeds in password cracking, making it a game-changer in the realm of data security.
Advantages and Disadvantages of Radeon City
Advantages:
- Power: Radeon City cracks passwords using both fast and slow algorithms.
- Flexibility: It executes a variety of attacks with extensive wordlists and complex rules.
- Innovation: Using virtualization technology, it overcomes hardware limitations.
Disadvantages:
- Cost: Building and operating Radeon City can be expensive, including high electricity costs.
- Noise: It generates significant noise, requiring specialized cooling and soundproofing.
- Ethical Considerations: While powerful, its capabilities raise ethical and legal questions about its potential misuse.
Simulation Parameters and Results
To calculate the estimated time required to find a 20-character code with 94 symbols, we used the formula:
a^b / (c * 2)
Where:
- “a” represents the number of possible characters,
- “b” denotes the number of characters in the password,
- “c” indicates the number of hash calculations achievable per second.
By selecting 94 symbols, a password length of 20 characters, and a 50% probability of success compared to the theoretical result, our simulation yielded an astonishing result: 766.076,000,000,000,000 years or 766 trillion [5] years.
Understanding the Financial Implications
This simulation approach not only provides insights into the time required but also sheds light on the financial investments necessary to establish a computer system capable of cracking such a password.
Consider this: The reference computer, as configured by Gosney, relies on a pool of 25 virtual AMD GPUs to crack even robust passwords. Yet, a single unit of this type, priced at approximately $30,000 in 2012, can generate just 348 billion hashes of NTLM passwords per second. To achieve results within the realm of 766 trillion years, one would need to acquire multiple such machines.
Hence, to decipher only a 20-character password generated with EviPass technology, residing within an EviTag NFC HSM or EviCard NFC HSM device, an investment of nearly $25 billion would be required. A remarkable comparison, given that global military expenses were estimated at 1.7 billion dollars [6].
Beyond Brute Force
It’s important to note that this test focused solely on brute force attacks without taking into account the activation and utilization of additional countermeasures, such as physical blockchain and jamming, which will be explored in future articles.
A Point of Reference: ANSSI’s Simulator
To provide further context, we examined the ANSSI website [7], whose simulator is limited to 20 characters and 90 symbols. This simulator yielded a score of 130, the maximum attainable. This score places passwords of this nature on par with the smallest key size of the standard AES (128-bit) encryption algorithm. Notably, our password generators exceed this maximum, boasting 20 characters with 94 symbols [8].
Forming Your Own Opinion
The aim of this article is to empower you to form your own assessment of the resilience of our password generators against brute force attacks. While we are not the sole providers of powerful password generators, our test stands as a benchmark against other comparable implementations.
Ensuring Ongoing Security
Our embedded password generator undergoes regular updates to maintain its complexity and withstand the evolving landscape of brute force attacks. Our commitment is to enhance security without compromising user convenience—a complex yet vital undertaking.
Diverse Password Generation Options
Our password creation options offer versatility. Users can either select passwords from the pool of 95 available characters, opt for a semi-automatic generation followed by modification, or automate the process entirely according to default criteria, allowing passwords of up to 20 characters.
Adaptability to Website Constraints
For websites that impose restrictions on symbols or character limits, users can customize their password generation preferences, choosing between identifiers, letters, and/or numbers, with or without symbols.
Hexadecimal Generator for Added Utility
We’ve also introduced a hexadecimal generator to facilitate programming of digital codes. This feature proves invaluable in various domains, including electronics, electromechanics, and maintenance services, enabling the creation and modification of digital access codes with ease. Furthermore, codes can be securely shared with building residents through functions like “scrambling” or encryption via a QR Code, all made possible by EviCore technologies from Freemindtronic.
To learn more about our solutions, please visit:
- [1] https://www.bee-man.us/computer/password_strength.html
- [2] http://lastbit.com/pswcalc.asp
- [3] http://password-checker.online-domain-tools.com
- [4] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe
- [5] https://www.btb.termiumplus.gc.ca/tpv2guides/guides/clefsfp/index-fra.html?lang=fra&lettr=indx_catlog_m&page=9-nI6-pQZOTM.html
- [6] https://www.lesechos.fr/24/04/2017/lesechos.fr/0212007699237_les-depenses-militaires-atteignent-2-2–du-pib-mondial.htm
- [7] https://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/
- [8] EviPass uses all the symbols of the printable ASCII table, i.e., 95 symbols. The NFC EviPass device can store contactless up to 51 randomly generated characters with the Freemindtronic app.
- [9] https://fr.wikipedia.org/wiki/American_Standard_Code_for_Information_Interchange
Apr
Air Gap secrets management by Freemindtronic Andorra.
The Importance of Air Gap secrets management
The challenge is to keep the secrets as long as possible, and that they are always accessible, in seconds, by authorized persons. The data must be non-repudiable.
The device must be scalable and easy to use, without batteries, without charge and without guarantee for life. It has a multi-level access control of physical source confidence. It can be used offline. It isskimmed from end to end from the device to the display as well as the sharing of secrets.
In addition, the device works for life without battery.
It is resistant to all types of environment, to immersion in liquids, X-rays, electrostatic, magnetic, electrical, thermal -40 to 85 degrees, mechanical stress. It also works under water, in wood or concrete.
Ideally, such a solution should also be favourable to the planet and should be ecologically favorable.
The device decentralizes the secrets of computer systems and information systems. The device has an autonomous energy security system. It designed to be the best security system and cyber security physical and digital. It is manageable and usable offline, without contact at the discretion of the administrator and/or the user.
Freemindtronic NFC devices have all the above features. In addition, they withstandbrute force attacks from a distance and nearby. A remote cyberattack is physicallyimpossible. Indeed, the devices are physically not connected with thenetwork, it communicates with the network only contactless, on demand, in an encrypted way. These are Air Gap devices.
How the Air Gap secrets management Works?
It’s a physical barrier, the “Air Gap”! The device is not physically connected to a network! It has no physical connectors! It has no back door! One means of communication, NFC industrial technology! For more information click 
Wikipedia on Air Gap security
How does the devices work?
All operating guides are made in real-time video, and show that sensitive data can be recorded, read and shared in seconds, offline, without a server connection. Everything is done without contact, via an industrial NFC memory capable of keeping the data in its memory for 40 years, without the need for an electrical energy source. It is possible to perform more than a million writing cycles in these memories, without error.
To learn more about how Freemindtronic’sNFC devices work, watch the videos from theplaylist of the Freemindtronic or EviVaultchannel.
These videos include user guides for various products and services designed and manufactured on the basis of our EviAlpha, EviToken and EviCyphertechnologies.
These devices are designed to store for life many types of secrets such as private cryptocurrency keys (Bitcoin, Ethereum and other crypto-assets such as IOAT, Tron) and the Passphrases of Smart Contracts and Seed Recovery BIP39 as well as passwords and encryption keys in RSA 4096 and AES 256.
To date, Freemindtronic’s NFC devices can generate the addresses of private keys for Solarcoin, Bitcoin, Bitcoin Cash, Bitcoin Gold, Dash, Digibyte, Dogecoin, Ethereum, Ethereum Classic, Ethereum Gold, Ethereum Lite, Ethereumcash, Feathercoin, Stellar, Litecoin, Namecoin,
To learn more about the EviVault NFC HSM Technology in click here or the EviCore NFC HSM Technology in click here