EviCore NFC HSM
EviCore NFC HSM Security Information is a page that gathers all the security information related to the cutting-edge EviCore NFC HSM technology developed by Freemindtronic in Andorra. This Andorran company provides white-label solutions under license in secure key and cryptographic secret management through a Near Field Communication (NFC) hardware module. This technology ensures the protection and encryption of keys and secrets using advanced algorithms, offering features such as offline isolation, seamless integration with other technologies and enhanced user experience. With its robust security measures and innovative advancements, EviCore NFC HSM sets a new standard for secure communication and secret management in the digital realm. In this space, you will learn more about the proprietary EVI MtoM interface, its compatibility with ISO standards, the algorithms used and its compatibility with various international regulations.
EVI (Encrypted Virtual Interface) is a proprietary protocol that Freemindtronic uses to communicate with its NFC HSM devices. These devices are hardware security modules that store and protect your sensitive information, such as encryption keys, passwords, blockchain private keys or bank cards. EVI is based on the ISO 15693 standard, which defines the physical and logical characteristics of contactless smart cards. But EVI adds several layers of security, such as encryption, authentication, anti-cloning, anti-replay, anti-counterfeiting and black box.
EviCore NFC HSM security allows you to benefit from this innovative and performant protocol to secure your sensitive data. In this section, we will explain how EVI works and how it uses the AES CTR mode with SHA256 to encrypt the data stored in the NFC HSM EEPROM memory of Freemindtronic.
Encryption ensures that the data exchanged between the reader and the device are encrypted with a symmetric algorithm AES 256, which uses a segmented key coming from different sources, including the BLS12-381 curve. Authentication ensures that the reader and the device recognize each other thanks to a signature based on a 128-bit key, which is locked in read-only mode in the device.
EVI also utilizes AES ECB 128 encryption specifically for encrypting the four access keys to the three EEPROM NFC memory blocks and the RF signal key. AES ECB (Advanced Encryption Standard Electronic Codebook) with a key size of 128 bits ensures the confidentiality and protection of these critical access keys. By encrypting the access keys with AES ECB 128, EVI strengthens the security of the NFC EEPROM memory blocks. This encryption prevents unauthorized access and safeguards the sensitive information stored within these blocks. Additionally, encrypting the RF signal key ensures the integrity and security of the communication between EVI devices and NFC HSMs.
EVI also employs the AES CTR (Counter) mode with SHA256 (Secure Hash Algorithm 256-bit) for encrypting data stored in the NFC HSM EEPROM memory of Freemindtronic. This combination of encryption and hash function enhances the security and integrity of the stored data. AES CTR mode with SHA256 works by using the AES encryption algorithm in CTR mode to encrypt the data in a block-by-block fashion. The encryption process relies on a counter that generates unique values for each block, ensuring the confidentiality of the data. Additionally, the SHA256 hash function calculates a cryptographic hash of the data, providing a means to verify its integrity. By utilizing AES CTR with SHA256, EVI ensures that the data stored in
the NFC HSM EEPROM memory is securely encrypted. This encryption protects the data from unauthorized access or tampering, as only authorized entities with the correct cryptographic keys can decrypt and access the information. The SHA256 hash function further strengthens data integrity. By calculating the hash of the data, EVI can verify its integrity by comparing the resulting hash with a previously stored hash value. If any changes or modifications to the data have occurred, the hash values will not match, indicating potential tampering. The combination of AES CTR encryption and SHA256 hashing in EVI’s NFC HSM EEPROM memory provides a robust and reliable solution for data security and integrity. It ensures that stored data remains confidential, protected, and tamper-evident, meeting the stringent security requirements of Freemindtronic’s NFC HSM technology.
Anti-cloning ensures that the device cannot be copied or counterfeited thanks to a unique and random signature, which is also locked in read-only mode in the device. Anti-replay ensures that the messages exchanged between the reader and the device even if they are intercepted cannot be decrypted or replayed since it is necessary to have all the segmented keys that can go up to 14 segments according to one of the implementations of Freemindtronic’s segmented key authentication patent.
EVI also implements Freemindtronic’s wireless access control patent https://patentscope.wipo.int/search/en/detail.jsf?docId=US233551824&_fid=EP234472494, which relates to a system for controlling access to a device protected by at least one preconfigured authentication factor, comprising an access control unit comprising a short-range wireless communication device, a key reception module, an authentication factor verification module, at least one access path, and at least one controllable switch, configured to open or close the access path to the protected device in case of receiving an access authorization from the verification module. The system further comprises an administration unit comprising a short-range wireless communication device, a key generation module, and a key transmission module, configured to generate and transmit a key to the access control unit. The key is associated with at least one authentication factor and is valid for a limited period of time. The system allows the administration unit to control the access to the protected device remotely and securely, without requiring physical contact or direct connection.
This patent enables EVI to use segmented keys that are associated with different authentication factors, such as biometric data, PIN codes, passwords or ID of the phone. This implies that only authorized entities with the correct authentication factors can access the NFC HSM device. For example, one of the segments of the key can be derived from the ID of the phone, which means that only a specific phone can be used to communicate with the NFC HSM device. This adds another layer of security and prevents unauthorized access.
The anti-counterfeiting system also ensures that the NFC HSM cannot be falsified or modified thanks to various combined systems of signature of the NFC HSM and segmented key authentication. In addition, there are trust criteria freely defined by the user of EVI technology that can be different to secure each secret stored encrypted in the EEPROM memory of the NFC HSM. Thus even in case of invasive or non-invasive attack the secrets will remain encrypted post quantum via keys greater than 256 bits. The non-modifiable black box ensures the traceability of use of
the NFC HSM device and monitors the number of attempts to enter the different administrator and user access codes. In case of unsuccessful attempts defined by the administrator, the NFC HSM is unpaired from the Android NFC phone with which it is paired. This implies that only the administrator with the unique pairing key of the NFC HSM can re-pair it with the Android NFC phone.
EVI is a powerful and innovative protocol that offers a high level of security and reliability for your sensitive information. By using EVI, you can communicate with Freemindtronic’s NFC HSM devices and store and protect your data from unauthorized access, tampering, cloning, replaying, counterfeiting and attacks. EVI also uses advanced encryption and hashing algorithms such as AES 256, AES ECB 128, AES CTR and SHA256 to ensure data confidentiality and integrity. EVI is compatible with any Android NFC phone and can be used for various applications such as encryption, password management, blockchain or payment.
(*) These standards are related to dual-use items because they specify security requirements and evaluation criteria for cryptographic modules, which can be used for both civil and military purposes. They also cover encryption algorithms and security services using AES, which is a widely used algorithm for both civil and military applications. These standards aim to prevent the proliferation of weapons of mass destruction and to contribute to international peace and security. They also reflect the commitments agreed upon in key multilateral export control regimes, such as the Wassenaar Arrangement and the Nuclear Suppliers Group.
The EviCore NFC HSM technology from Freemindtronic employs RSA 4096 for robust and secure encryption. RSA 4096 refers to the key size used in the RSA algorithm, where 4096 represents the length of the key in bits. RSA is an asymmetric encryption algorithm widely used for secure communication, digital signatures, and data encryption.
In RSA encryption, a key pair is generated consisting of a public key and a private key. The public key is used for encryption, while the private key remains secret and is used for decryption. The security of RSA lies in the computational complexity of factoring large numbers into their prime factors, which is the foundation of the algorithm.
By utilizing RSA 4096 as a default usage, EviCore NFC HSM ensures a high level of security and future-proofing that could potentially extend beyond 2030, unlike RSA 2048. The larger key size provides increased resistance against brute-force attacks, making it computationally infeasible to factorize the key and derive the private key without sufficient computational power and time. This significantly enhances the security of the encrypted data and protects against unauthorized access.
However, it is important to note that RSA is one of the encryption algorithms that could potentially be broken by a large enough quantum computer using Shor’s algorithm . While quantum computers pose a potential threat to many encryption algorithms, they are not yet powerful enough to break present-day encryption . The National Institute of Standards and Technology (NIST) has been working on developing post-quantum cryptographic standards that are resistant to quantum computer attacks .
By integrating RSA 4096 into EviCore NFC HSM, users benefit from the robust security provided by this encryption standard. Encryption keys are automatically generated in less than 300ms with automatic storage in an NFC HSM on Android NFC phones with an MCU clocked at 2.9 GHz, 2.8 GHz or 2.2 GHz with an Octa-Core processor. It is estimated at less than one minute on Android phones with NFC and Android 6 with a Qualcomm Snapdragon 801 processor, 4 cores, 32-bit architecture, clock speed up to 2.3 GHz and 3 GB of RAM. This demonstrates that EviCore NFC HSM technology benefits from the increased performance of its smartphones, significantly reducing the time between key creation and encrypted security storage in my freemindtronic NFC HSM eeprom memory. This guarantees on the one hand the confidentiality and integrity of the RSA private key as well as the use of its automatically generated public key from the NFC HSM. This allows on the other hand, sharing secrets between NFC HSMs or their secure backups stored encrypted in RSA-4096 on any type of external storage medium.
It’s important to note that EviCore NFC HSM technology does not use servers or databases. This means that a quantum computer would have to break the encryption of a secret encrypted via the RSA-4096 public key without any other information than the encrypted result.
Overall, while RSA 4096 offers strong protection against classical attacks, Freemindtronic maintains continuous monitoring to update its technology with new post-quantum algorithms standardized by NIST as they become available.
In terms of resistance to quantum attacks between RSA 2048 and RSA 4096 or higher key sizes, both would be vulnerable to Shor’s algorithm on a large enough quantum computer. A study estimated that a quantum circuit with 372 physical qubits and a depth of thousands would be necessary to challenge RSA-2048 . However, we couldn’t find specific information on how this scales with larger key sizes such as RSA 4096.
In terms of classical security, both RSA 2048 and RSA 4096 are considered secure for now. Security experts project that 2048-bit keys will be sufficient for commercial use until around the year 2030 . The main downside to using larger keys such as 3072 or 4096 is that they are slower to process . However, some organizations may choose to use larger keys such as RSA 4096 for added security or future-proofing. With EviCore NFC HSM technology from Freemindtronic using an Android NFC phone with an MCU clocked at 2.9GHz, 2.8GHz or 2.2GHz with an Octa-Core processor type, this downside is eliminated as keys can be generated in less than 300ms and secrets can be encrypted in real-time in less than 500ms.
Are you looking for a device that uses near-field communication (NFC) technology to provide secure and convenient management of cryptographic keys and secrets? If so, you might want to consider EviCore NFC HSM. This device is a product of Freemindtronic, a company that specializes in NFC solutions. EviCore NFC HSM complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards. This standard allows for a longer communication range and a higher data transfer rate than other NFC standards.
But before you buy or use EviCore NFC HSM, you should also be aware of the legal compliance issues that may arise from using NFC devices in different countries. NFC devices are subject to various laws, directives, regulations, agreements, and rules of law at the global level. You need to comply with them to avoid legal problems.
In this article, we will give you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. This is not a comprehensive list. You should always consult your local authorities and experts before using EviCore NFC HSM in your country.
EviCore NFC HSM is compliant with FIPS 140-2, a computer security standard used to validate hardware security modules (HSMs). This standard is used by the US government and other organizations to ensure the security of sensitive data. The compliance of EviCore NFC HSM with FIPS 140-2 ensures that it meets the highest level of security standards and can be used for secure data storage and transmission.
I hope this helps. Let me know if there’s anything else I can do for you
The RED, EviCore NFC HSM also complies with the following laws and regulations in Europe:
The Personal Information Protection Act (PIPA) in South Korea requires companies to protect customers’ personal information and report data breaches. EviCore NFC HSMs are designed to help companies comply with the PIPA by protecting sensitive information stored on NFC smart cards. EviCore NFC HSMs provide enhanced security for NFC transactions by storing encryption keys and performing encryption and decryption operations on the smart card itself.
These are some of the main regulations that apply to EviCore NFC HSM in different regions of the world.
However, this is not a comprehensive list, and you should always consult your local authorities and experts before using EviCore NFC HSM in your country. You should also check the latest updates and changes in the regulations, as they may vary over time.
EviCore NFC HSM is a device that uses NFC technology to provide secure and convenient management of cryptographic keys and secrets. It complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards, which allows for a longer communication range and a higher data transfer rate than other NFC standards. It also complies with various laws, directives, regulations, agreements, and rules of law at the global level, and you need to comply with them to avoid legal problems.
We hope this article has given you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. If you have any questions or comments, please feel free to contact us at firstname.lastname@example.org or visit our website at https://freemindtronic.com/evicore-nfc-hsm/ to learn more about EviCore NFC HSM and its features and benefits.
The NFC HSMs used with EviCore NFC HSM are compliant with the RoHS directive. RoHS stands for Restriction of Hazardous Substances and is a European Union directive that restricts the use of certain hazardous materials in electronic and electrical equipment. Compliance with RoHS ensures that the NFC HSMs used with EviCore NFC HSM are environmentally friendly and safe for use