EviCrypt NFC HSM: Contactless Message Encryption

Multi-factor authentication

The control of access to the encryption keys is secured in multi-factor authentication that can be freely configured by the user. This is the addition of trust criteria of physical origin such as geolocation, password, fingerprint, as opposed to simple access control by password.

Redundant privacy

Maintaining end-to-end privacy from the NFC Encrypt Mail Cards device. Encryption keys are only stored in the device and individually secured up to 13 different trust criteria. It is physically impossible to compromise an encryption key even when sharing them. Communication protocols such as Wifi, Bluetooth, wired LAN, are encrypted by ephemeral single-use keys. Data exchanges on the communication protocol with NFC are also encrypted.

Cloudless (Serverless)

Encrypt Mail Cards incorporates Freemindtronic’s EviCrypt NFC HSM Technology. It does not use a server to function. Emails are encrypted before being sent to email servers. So even if the mail server is compromised, the messages still remain encrypted.

Full operating system compatible

Encryt Mail Cards works with all computers and all types of operating system such as Windows, Linux, macOS, Pi OS, OS/2, with a Chromium-based Windows web browser such as Chrome, Edge, Opera, Brave including Mozilla’s Firefox. It also works with Android NFC phones. In addition, you remove the risk of synchronizing your email services with computer systems. Everything is managed automatically from the NFC device and the Encryt Mail Cards app on the phone. Thus, you are free to freely use safely any computer and or NFC Android phone.

User anonymity 

Encrypt Mail Cards offers end-to-end anonymity from the NFC card. It does not use any remote servers to function. The solution does not request, collect, transferor provide any information on the identity of the owner and /or user. It works on an email service without having to know the identity of the sender and the recipients of the emails. The server receives an email and attachment already encrypt via Encrypt Mail Card. In fact, the sender of an email can decides to use an email service whose identity is anonymous or ephemeral.

End-to-end anonymity

Maintaining end-to-end privacy from the NFC Encrypt Mail Cards device. Encryption keys are only stored in the device and individually secured up to 13 different trust criteria. It is physically impossible to compromise an encryption key even when sharing them. Communication protocols such as Wifi, Bluetooth, wired LAN, are encrypted by ephemeral single-use keys. Data exchanges on the communication protocol with NFC are also encrypted.

Zero Trust in the servers

The Encrypt Mail Cards solution is part of zero trust solutions. This is because mail servers are considered to be presumed to be corrupted. The solution therefore makes it possible to give no trust to the mail servers. Since emails are encrypted upstream by a system physically outsourced via an NFC device, security is ensured even in the event that the server is compromised.

Without trusted third party

The criteria of trust on the identity of the correspondents are carried out without a trusted third party. They are carried out quickly and simply when sharing encryption keys via an encrypted QR Code. The key creator adds up to 13 different trust criteria at their discretion. To use the encryption, key all trust criteria must be validated. In fact, the recipient of the encrypted message has the certainty of the identity of the sender while maintaining his anonymity.

Keeper of encryption keys

No risk of error using the right key to decrypt emails. Everything is automated. You will have the right key and you will validate all the trust criteria to be able to decrypt as well as to encrypt. Thus, the user does not need any special skills to encrypt or decrypt.

Indeed, as far as the RSA 4096 encryption key is concerned, it is randomly generated by the user. The private key is automatically stored encrypted in the secure memory of the NFC device. The user does not physically have access to the private key. He only has access to the public key. Decryption is done automatically via his private key stored only in the device.

In fact, it is obvious that no third party can decrypt emails without having the right encryption key, the right NFC device and above all having validated all the trust criteria associated with the decryption key in order to use it.

A few unique features

• Authentication of recipients anonymously,
• Multi-criteria trust authentication from human to human.
• Security of exchanges adaptable according to the awakening strategy related to the surveillance and listening and / or monitoring of communications.
• End-to-end anonymity from an NFC device.
• The always-encrypted display of mails including attached files.
• Protection against spying, malicious or prying eyes.
• Freedom of encryption in all mobility, anywhere, anytime, in any situation even extreme, on any computer and NFC telephone system.
• Compatibility with all NFC Android computers and phones systems.
• Simplicity and quick usage.
• A simultaneous level of physical safety and security of the encryption keys.
• Two AES 256 symmetric encryption key generators and asymmetric up to RSA 4096.
• Automatic manager up to 200 different encryption keys.

Two internationally patented embedded technologies

The technology is protected by two invention patents on a new wireless device access control system to secure administrator and user differently and a new segmented key authentication system via wireless device.

Which makes it a unique solution in the world to encrypt only without contact via an NFC device.

Segmented key authentication

The patented segmented key authentication system ensures human-to-human authentication anonymously and not machine-to-machine authentication.

Thus, the level of certainty that you are communicating with the right person has never been higher. In addition, the management of automated trust criteria associated independently by encryption key, are defined at the discretion of the correspondents.

The latter must have the correct NFC device and have validated the multi-authentication and all the trust criteria to be able to use the correct key. Finally, the correspondents can impose without possibility of modification the conditions of use of the encryption key. There is no need for a trusted third party, since trust is established directly between inter-human recipients, in particular via the multi-criteria associated by the creator of the keys.

Metadata security, monitoring, and display

Encrypt Mail Card encrypts the content of your communications, but will not encrypt the metadata of your email services. In fact, encryption does not hide that you and your friend are communicating, that you are using encryption to communicate and other information such as the subject of your communication, the place, the times.

Reason why, we recommend using encryption even for non-sensitive emails. This is the advantage of this solution compatible with Webmail messaging services. You can use it on an anonymous or ephemeral email address, or use this encryption tool by everyone when possible.

This will make its use normal and not suspicious for those who listen to the networks. Email encryption can be performed offline only on the RAM of the computer and /or phone which will increase the level of security at rest and then in transit.

However, if you send end-to-end encrypted messages by encrypting your data in transit without encrypting your data at rest, this brings another advantage since in principle your messages will be the test of monitoring traffic and listening to the network.

Finally, even if an attacker physically accesses your mobile device or computer, they will not be able to read your encrypted emails.

Encryption keys are only in your Encrypt Mail Cards and in your pocket.