EviCore NFC HSM Security Information is a page that gathers all the security information related to the cutting-edge EviCore NFC HSM technology developed by Freemindtronic in Andorra. This Andorran company provides white-label solutions under license in secure key and cryptographic secret management through a Near Field Communication (NFC) hardware module. This technology ensures the protection and encryption of keys and secrets using advanced algorithms, offering features such as offline isolation, seamless integration with other technologies and enhanced user experience. With its robust security measures and innovative advancements, EviCore NFC HSM sets a new standard for secure communication and secret management in the digital realm. In this space, you will learn more about the proprietary EVI MtoM interface, its compatibility with ISO standards, the algorithms used and its compatibility with various international regulations.
EVI (Encrypted Virtual Interface) is a proprietary protocol developed by Freemindtronic for communication with NFC HSM (Hardware Security Module) devices, offering an exceptional level of security for sensitive data. This protocol is considered a Zero Knowledge Proof (ZKP) protocol due to its adherence to several fundamental criteria:
Secret and Randomness: EVI employs encryption keys and authentication processes that are generated with a high degree of randomness and remain confidential. These keys are not predictable or derivable from any publicly available information, ensuring that the verifier has no prior knowledge of them.
Independence of Trust Criteria: The security and trustworthiness of EVI are not dependent on the secrecy of the keys used. Even if the criteria for trust and authentication are known, they do not reveal any information about the actual secret keys or the authentication methods employed.
Length of Key Segments: EVI employs sufficiently long key segments, which makes it resistant to brute-force attacks. The segmented key approach enhances security by requiring an attacker to compromise multiple independent key components, making unauthorized access extremely difficult.
Resilience to Attacks: EVI has been designed to withstand various types of attacks, including replay attacks, modification attempts, and interception. The protocol’s security measures ensure that unauthorized parties cannot tamper with the data or use intercepted information to gain access.
In addition to these core principles, EVI incorporates patented technologies to enhance its security and functionality:
Salting System: The implementation of the patent WO2010086552 introduces a salting system to counteract keyloggers. This system adds characters at predetermined positions known only to the user, which are subsequently removed during password entry. This obscures the password’s actual characters, making it resistant to keylogger detection.
Segmented Key Authentication: EVI utilizes Freemindtronic’s segmented key authentication patent, which associates different segments of keys with various authentication factors such as biometric data, PIN codes, passwords, or device identifiers. This approach ensures that only authorized entities with the correct combination of authentication factors can access the NFC HSM device, adding an additional layer of security.
Anti-Counterfeiting Measures: EVI incorporates anti-counterfeiting systems that prevent the falsification or modification of NFC HSMs through a combination of signature mechanisms and segmented key authentication. This makes it exceedingly difficult for malicious actors to counterfeit or tamper with these devices.
User-Defined Trust Criteria: Users of EVI technology can define trust criteria tailored to their specific needs. These criteria enhance the security of secrets stored in the EEPROM memory of the NFC HSM, even in the face of invasive or non-invasive attacks, ensuring that the secrets remain encrypted with keys exceeding 256 bits in length.
Black Box Monitoring: The non-modifiable black box feature monitors NFC HSM device usage, including the number of access code entry attempts by administrators and users. In cases of unsuccessful attempts defined by the administrator, the NFC HSM is unpaired from the Android NFC phone, adding an additional layer of security and control.
EVI’s robust security measures, combined with advanced encryption and hashing algorithms, such as AES 256, AES ECB 128, AES CTR, and SHA256, make it a formidable protocol for securing sensitive information. It is compatible with Android NFC phones and can be applied in various contexts, including encryption, password management, blockchain, and payment systems.
EVI (Encrypted Virtual Interface) is a proprietary protocol developed by Freemindtronic, and its design aligns with numerous well-established information security standards and best practices. These standards encompass a wide range of aspects related to information security, including data protection, risk management, cryptography, and more. Here’s how the EVI protocol complies with these established security standards and guidelines:
ISO/IEC 27001 and ISO/IEC 27002: EVI adheres to principles of information security management, ensuring that data confidentiality, integrity, and availability are maintained. It employs strong encryption, authentication, and access control mechanisms to protect sensitive information.
Common Criteria (ISO/IEC 15408): Common Criteria provides a framework for the evaluation of security properties of IT products and systems. While EVI itself may not undergo Common Criteria evaluation, its security features align with the principles of this standard, especially in terms of protection against unauthorized access and tampering.
NIST SP 800-53 and NIST SP 800-37 Revision 2: EVI follows the NIST guidelines for security controls and the management of security in information systems. It ensures that comprehensive security measures are in place, covering aspects like access control, audit and monitoring, and security assessments.
PCI DSS (Payment Card Industry Data Security Standard): EVI’s security measures align with the stringent requirements of PCI DSS when it comes to protecting payment card data and ensuring secure transactions.
HIPAA (Health Insurance Portability and Accountability Act): In healthcare environments, where the protection of personal health information is crucial, EVI’s encryption, access controls, and monitoring mechanisms help meet the security requirements of HIPAA.
GDPR (General Data Protection Regulation): EVI supports GDPR compliance by providing strong data protection and access control mechanisms, ensuring that personal data remains confidential and secure.
FIPS PUB 140-2: While not explicitly certified under FIPS 140-2, EVI’s use of strong cryptographic algorithms aligns with the FIPS standard for cryptographic modules.
ISO/IEC 19790: This standard pertains to cryptographic modules, and EVI’s use of cryptography conforms to the requirements of ISO/IEC 19790, ensuring the security and integrity of cryptographic operations.
ISO 9001, ISO 22301, ISO 31000: EVI’s adherence to ISO quality management, business continuity, and risk management standards demonstrates a commitment to robust security practices.
ISO/IEC 27034: EVI complies with secure application development principles, ensuring that its software components are designed with security in mind.
EVI’s security features and practices align with a wide array of established information security standards and best practices. These standards cover various facets of security, including data protection, risk management, encryption, and access control, ensuring that EVI provides a robust and reliable security solution for sensitive information in NFC HSM devices.
(*) These standards are related to dual-use items because they specify security requirements and evaluation criteria for cryptographic modules, which can be used for both civil and military purposes. They also cover encryption algorithms and security services using AES, which is a widely used algorithm for both civil and military applications. These standards aim to prevent the proliferation of weapons of mass destruction and to contribute to international peace and security. They also reflect the commitments agreed upon in key multilateral export control regimes, such as the Wassenaar Arrangement and the Nuclear Suppliers Group.
EviCore NFC HSM is not only a powerful and innovative technology, but also a compliant and reliable one. It follows several international standards for security and encryption, ensuring its quality and performance. Here are some of the standards that EviCore NFC HSM complies with:
This is an international standard that specifies physical and logical characteristics of smart cards. It covers card dimensions, electrical signals, transmission protocols, command structures, file organization, security features, and application identifiers. EviCore NFC HSM adheres to this standard for communicating with EviCard 2 Gen devices, which are smart cards with two NFC chips on PCB that can store up to 200 blockchain private keys.
EviCore adopts the IEC/ISO 8859-1 encoding standard, also known as Latin-1. This standard defines a character set that covers most Western European languages, allowing EviCore to handle text and data in various languages with ease. By following the IEC/ISO 8859-1 standard, EviCore ensures compatibility and seamless communication across different systems and platforms. Whether it’s processing, storing, or displaying information, EviCore leverages IEC/ISO 8859-1 to ensure efficient and accurate handling of multilingual data. With this encoding standard, EviCore provides a reliable and versatile solution for international communication needs.
This is an international standard that specifies mechanisms for Near Field Communication – Secured simple pairing. It covers security requirements, authentication protocols, key agreement schemes, and data encryption methods. EviCore NFC HSM follows this standard for establishing secure wireless communication between the NFC HSM device and the Android phone, using AES 256-bit algorithm for data encryption and RSA 4096-bit algorithm for key agreement.
This is an international standard that specifies criteria for the evaluation of IT products and system security. It covers security functional requirements, security assurance requirements, and evaluation methodology. EviCore NFC HSM uses this standard for ensuring the security and quality of its IT products and system security.
EviCore NFC HSM uses an NFC HSM that complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards. This standard defines the protocols and commands, the other parameters required to initialize communication between a vicinity integrated circuit card and a vicinity coupling device, the methods to detect and communicate with one card among several cards (“anticollision”), and the optional means to ease and speed up the selection of one card among several cards based on application criteria. The IEC/ISO 15693-3:2019 standard allows for a longer communication range (up to 1.5 meters) and a higher data transfer rate (up to 26 kbit/s) than other NFC standards.
EviCore NFC HSM does not use the NDEF standard for storing and exchanging data on the NFC HSM. Instead, it uses a proprietary format that ensures the security and integrity of the cryptographic keys and secrets stored on the device. The proprietary format also allows for more flexibility and customization of the data structure and content. EviCore NFC HSM provides a user-friendly interface for accessing and managing the data on the NFC HSM through an Android app.
By using EviCore NFC HSM, you can benefit from a high level of security and convenience for your crypto assets and credit cards, while complying with the relevant regulations and standards for NFC devices and payment cards.
This is an international standard that defines general methods and techniques for symmetric encryption. It includes block ciphers, stream ciphers, modes of operation, and authentication codes. EviCore NFC HSM applies this standard for encrypting and decrypting data with AES 256-bit algorithm, which is one of the recommended block ciphers.
This is an international standard that specifies encryption algorithms for public-key cryptography. It covers asymmetric-key algorithms, such as RSA, DSA, ECDSA, ElGamal and NTRU. EviCore NFC HSM uses this standard for performing key agreement and digital signature with RSA 4096-bit algorithm.
This is an international standard that specifies encryption algorithms for block ciphers. It covers 64-bit and 128-bit block ciphers, such as AES, Camellia, SEED, TDEA, MISTY1, CAST-128 and HIGHT. EviCore NFC HSM uses this standard for encrypting and decrypting data with AES 256-bit algorithm, which is one of the recommended block ciphers.
This is an international standard that specifies encryption algorithms for stream ciphers. It covers stream ciphers, modes of operation, and authentication codes. EviCore NFC HSM uses this standard for encrypting and decrypting data with stream ciphers, such as Trivium and Grain-128a.
This is an international standard that specifies physical and logical characteristics of Near Field Communication Interface and Protocol (NFCIP-1). It covers modulation schemes, coding schemes, bit rates, frame formats, initialization procedures, and data exchange protocols. EviCore NFC HSM conforms to this standard for communicating with EviTag devices, which are NFC tags that can store blockchain private keys and secrets.
This is an international standard that specifies security requirements for cryptographic modules. It covers design principles, roles and services, finite state model, physical security, logical security, cryptographic key management, electromagnetic compatibility, self-tests, mitigation of other attacks, and security policy. EviCore NFC HSM uses this standard for ensuring the security and integrity of its cryptographic functions and operations.
These standards ensure the compliance and interoperability of EviCore NFC HSM with other dual-use items that use the same standards. They also ensure the quality and reliability of EviCore NFC HSM in providing secure and efficient cryptographic services.
Il s’agit d’une norme internationale qui spécifie les exigences de sécurité pour les modules cryptographiques utilisés pour les signatures numériques. Il couvre les principes de conception, les rôles et les services, le modèle d’état fini, la sécurité physique, la sécurité logique, la gestion des clés cryptographiques, la compatibilité électromagnétique, les autotests, l’atténuation d’autres attaques et la politique de sécurité. EviCore NFC HSM utilise cette norme pour assurer la sécurité et l’intégrité de ses modules cryptographiques utilisés pour les signatures numériques.
This is an international standard that specifies requirements for an information security management system (ISMS). It covers organizational context, leadership, planning, support, operation, performance evaluation, and improvement. EviCore NFC HSM uses this standard for ensuring the security and quality of its information security management system.
Il s’agit d’une norme internationale qui spécifie les technologies de l’information – Techniques automatiques d’identification et de capture de données – Partie 13: Services de sécurité NFC utilisant AES. Il couvre les services de sécurité pour l’authentification et le cryptage des données à l’aide de l’algorithme AES. EviCore NFC HSM utilise cette norme pour fournir des services de sécurité pour l’authentification et le cryptage des données à l’aide de l’algorithme AES.
Ces normes garantissent la conformité et l’interopérabilité d’EviCore NFC HSM avec d’autres HSM ou articles à double usage qui utilisent les mêmes normes. Ils garantissent également la qualité et la fiabilité d’EviCore NFC HSM en fournissant des services cryptographiques sécurisés et efficaces.
This is an international standard that specifies lightweight cryptography mechanisms for block ciphers. It covers block ciphers, modes of operation, and authentication codes. EviCore NFC HSM uses this standard for encrypting and decrypting data with lightweight block ciphers, such as PRESENT and CLEFIA.
This is an international standard that specifies lightweight cryptography mechanisms for elliptic curve cryptography (ECC). It covers elliptic curve parameters, key pair generation, scalar multiplication, point compression and decompression, and signature schemes. EviCore NFC HSM uses this standard for performing elliptic curve cryptography with various curves, such as secp256k1 and secp256r1.
These standards ensure the compliance and interoperability of EviCore NFC HSM with other cryptographic systems that use the same standards. They also ensure the quality and reliability of EviCore NFC HSM in providing secure and efficient cryptographic services.
EviCore NFC HSM employs a range of robust algorithms to secure data and ensure the confidentiality, integrity, and authenticity of sensitive information. These algorithms have been carefully selected and implemented to meet the highest security standards. Here are the algorithms utilized by EviCore NFC HSM:
EviCore leverages the eXclusive OR (XOR) operation as a fundamental component of its cryptographic processes. XOR is a logical operation that takes two input bits and produces an output bit. In the context of EviCore NFC HSM, XOR plays a crucial role in key generation, encryption, and data integrity verification.
By applying XOR operations, EviCore is able to generate strong cryptographic keys that are resistant to various attacks. These keys are crucial for ensuring the confidentiality and integrity of sensitive information. Additionally, XOR is used in the encryption process, where it combines the plaintext with the generated key to produce ciphertext. This ensures that the encrypted data remains secure and unreadable without the corresponding key.
Moreover, XOR is employed for data integrity verification. By performing XOR operations on the original data and its corresponding hash or checksum, EviCore can detect any changes or tampering that may have occurred during data transmission or storage. This helps ensure the integrity and authenticity of the information.
Overall, by utilizing XOR operations, EviCore enhances the security and reliability of its cryptographic processes, providing users with a robust and trustworthy solution for protecting their data.
EviCore NFC HSM utilizes AES ECB 128 encryption specifically for encrypting the four access keys to the three EEPROM NFC memory blocks and the RF signal key. AES ECB (Advanced Encryption Standard Electronic Codebook) with a key size of 128 bits ensures the confidentiality and protection of these critical access keys.
By encrypting the access keys using AES ECB 128, EviCore strengthens the security of the NFC EEPROM memory blocks. This encryption prevents unauthorized access and safeguards the sensitive information stored within these blocks. Additionally, encrypting the RF signal key ensures the integrity and security of the communication between EviCore devices and NFC HSMs.
AES ECB 128 operates on fixed-size blocks and independently encrypts each block. This encryption method provides efficient and robust security for the access keys and RF signal key. The 128-bit key size enhances the strength of the encryption, making it highly resistant to unauthorized decryption attempts.
Through the use of AES ECB 128 encryption, EviCore ensures that the access keys to the NFC EEPROM memory blocks and the RF signal key remain confidential and protected from unauthorized access or tampering. This security measure adds an additional layer of protection to the overall system, making EviCore a trusted solution for secure NFC HSM operations.
The BLS12-381 elliptic curve operates on points defined on a finite field and has a bilinear pairing function that maps two points to an element of a field extension. This pairing function has properties that enable the construction of advanced cryptographic protocols, such as encryption or zero-knowledge proof schemes. The key size of 381 bits increases the resistance of the curve against discrete logarithm attacks, which enhances the overall security level of the system.
These are the reasons why Freemindtronic used this curve to create its system to fight against counterfeiting of NFC HSM devices. By using the BLS12-381 curve, EviCore strengthens the security of NFC HSM devices. This curve ensures their authenticity and integrity, thanks to a signature based on a 128-bit key, which is enough to prevent counterfeiting or hijacking of NFC HSM devices. This signature is unique and random for each NFC HSM device, and it is locked in read-only mode in the device. This 128-bit key also has a secondary use, as it is used as one of the segmented keys in a symmetric encryption algorithm AES 256, combined with other keys from other external sources of the NFC HSM device of physical origin for example. Thus, the confidentiality of the information they contain or exchange is also guaranteed.
By using the BLS12-381 curve, EviCore ensures that NFC HSM devices benefit from optimal security and performance for the cryptographic operations they perform. This security measure adds an extra layer of protection to the global system, making EviCore a reliable solution for secure operations with NFC HSM devices.
EviCore employs the AES CTR (Counter) mode with SHA256 (Secure Hash Algorithm 256-bit) for encrypting data stored in the NFC HSM EEPROM memory of Freemindtronic. This combination of encryption and hash function enhances the security and integrity of the stored data.
AES CTR mode with SHA256 works by using the AES encryption algorithm in CTR mode to encrypt the data in a block-by-block fashion. The encryption process relies on a counter that generates unique values for each block, ensuring the confidentiality of the data. Additionally, the SHA256 hash function calculates a cryptographic hash of the data, providing a means to verify its integrity.
By utilizing AES CTR with SHA256, EviCore ensures that the data stored in the NFC HSM EEPROM memory is securely encrypted. This encryption protects the data from unauthorized access or tampering, as only authorized entities with the correct cryptographic keys can decrypt and access the information.
The SHA256 hash function further strengthens data integrity. By calculating the hash of the data, EviCore can verify its integrity by comparing the resulting hash with a previously stored hash value. If any changes or modifications to the data have occurred, the hash values will not match, indicating potential tampering.
The combination of AES CTR encryption and SHA256 hashing in EviCore’s NFC HSM EEPROM memory provides a robust and reliable solution for data security and integrity. It ensures that stored data remains confidential, protected, and tamper-evident, meeting the stringent security requirements of Freemindtronic’s NFC HSM technology.
EviCore utilizes PBKDF2 (Password-Based Key Derivation Function 2) with HMAC SHA and 1000 iterations, using a 256-bit key, for encrypting the labels with segmented keys. This combination of key derivation and HMAC SHA hashing strengthens the security of the labels and ensures their confidentiality.
PBKDF2 is a key derivation function that transforms a password or passphrase into a cryptographic key suitable for encryption. By applying PBKDF2 with HMAC SHA and 1000 iterations, EviCore iteratively derives a strong and unique key for each label. The 256-bit key size enhances the security and strength of the derived keys.
HMAC SHA (Hash-based Message Authentication Code using SHA) is a cryptographic hash function that ensures the integrity and authenticity of the data. EviCore employs HMAC SHA to generate a hash-based message authentication code for each label, providing a means to verify the integrity of the encrypted data.
By combining PBKDF2 with HMAC SHA and a high number of iterations, EviCore significantly increases the security of the segmented keys used for encrypting the labels. The iterative key derivation process and the strong hash function help protect against unauthorized access or decryption attempts.
With this approach, EviCore ensures that the labels stored within its system are encrypted using robust and unique keys. The utilization of PBKDF2 with HMAC SHA and 1000 iterations, along with the 256-bit key size, enhances the confidentiality, integrity, and security of the labels and the overall cryptographic operations within EviCore.
EviCore NFC HSM utilizes AES CBC (Cipher Block Chaining) mode without padding, consistently operating on 48-byte blocks, to enhance the security and confidentiality of the information within the system.
AES CBC mode in EviCore NFC HSM encrypts data in blocks, with each block dependent on the previous block. By employing AES CBC without padding and adhering to a fixed block size of 48 bytes, EviCore ensures consistent encryption and decryption processes, maintaining the integrity of the data.
The absence of padding in AES CBC mode ensures that each block of data is always fixed at 48 bytes. This consistent block size enables seamless integration and interoperability within the EviCore NFC HSM system, ensuring reliable encryption and decryption of the concatenated trust criteria.
The utilization of AES CBC without padding and the fixed block size of 48 bytes in EviCore NFC HSM reinforces the security and confidentiality of the system. It provides a consistent and reliable encryption mechanism for the concatenated trust criteria, protecting sensitive information from unauthorized access and maintaining the integrity of the data within the NFC HSM environment.
EviCore NFC HSM’s implementation of AES CBC without padding and the fixed 48-byte block size demonstrates its commitment to robust security practices, offering a secure and consistent encryption approach for the protection of sensitive information within the system.
EviCore NFC HSM utilizes AES CBC (Cipher Block Chaining) mode without padding, consistently operating on 48-byte blocks, to enhance the security and confidentiality of the information within the system.
AES CBC mode in EviCore NFC HSM encrypts data in blocks, with each block dependent on the previous block. By employing AES CBC without padding and adhering to a fixed block size of 48 bytes, EviCore ensures consistent encryption and decryption processes, maintaining the integrity of the data.
The absence of padding in AES CBC mode ensures that each block of data is always fixed at 48 bytes. This consistent block size enables seamless integration and interoperability within the EviCore NFC HSM system, ensuring reliable encryption and decryption of the concatenated trust criteria.
The utilization of AES CBC without padding and the fixed block size of 48 bytes in EviCore NFC HSM reinforces the security and confidentiality of the system. It provides a consistent and reliable encryption mechanism for the concatenated trust criteria, protecting sensitive information from unauthorized access and maintaining the integrity of the data within the NFC HSM environment.
EviCore NFC HSM’s implementation of AES CBC without padding and the fixed 48-byte block size demonstrates its commitment to robust security practices, offering a secure and consistent encryption approach for the protection of sensitive information within the system.
EviCore NFC HSM incorporates salting, using a 256-bit key, a 160-bit ID, and a 64-bit salt, to enhance the security and integrity of its cryptographic operations.
Salting involves adding a unique and random value, known as a salt, to the data before encryption or hashing. By utilizing a 256-bit key, a 160-bit ID, and a 64-bit salt, EviCore NFC HSM ensures the uniqueness and unpredictability of the derived cryptographic values.
The 256-bit key provides a strong and secure encryption foundation, while the 160-bit ID adds an additional layer of identification and uniqueness to the cryptographic processes within EviCore NFC HSM. The inclusion of a 64-bit salt further strengthens the security by introducing randomization and making precomputed attacks significantly more difficult.
The salting technique employed by EviCore NFC HSM significantly increases the complexity and resistance to various cryptographic attacks, such as rainbow table attacks or brute-force attacks. By introducing randomness and uniqueness through salting, EviCore NFC HSM enhances the security and integrity of the cryptographic operations performed within the system.
With salting, a 256-bit key, a 160-bit ID, and a 64-bit salt, EviCore NFC HSM ensures that the cryptographic values derived from its processes remain secure, unpredictable, and resilient against attacks. This approach enhances the overall security of the system, safeguarding sensitive information and maintaining the integrity of the cryptographic operations performed by EviCore NFC HSM.
EviCore NFC HSM incorporates data scrambling to add an additional level of protection, making it more difficult to determine the beginning of the data and enforcing a fixed size of 255 bytes. This data scrambling intentionally introduces noise into the data while hiding the IV (Initialization Vector) and salt.
The data scrambling process involves the following steps:
Shift: The data is shifted by 8 bits to introduce randomness and obfuscation, making it harder to decipher the original content.
Random Data: Random data is generated to add further noise and confusion to the scrambled data. The size of the random data is determined based on the scrambling requirements.
Salage Size Secure: XOR operation is performed between the salage size and the salage (salt) to provide secure salting. This enhances the randomness and uniqueness of the salt used in the cryptographic operations.
Shift Secure: XOR operation is performed between the shift value and the salage (salt) to provide secure shifting. This ensures that the shifting process remains secure and protected.
Position Secure: XOR operation is performed between the position value and the salage (salt) to provide secure positioning. This adds an additional layer of security to the data scrambling process.
This scrambling method, which incorporates shifting, random data, secure salting, secure shifting, and secure positioning, is also implemented in the patented segmented key authentication method. By introducing noise and applying secure salting and shifting, EviCore NFC HSM enhances the security and confidentiality of the data, making it more challenging for unauthorized individuals to decipher or manipulate the scrambled information.
Through the implementation of data scrambling with these techniques, EviCore NFC HSM ensures the integrity, confidentiality, and protection of the data within the system, providing an advanced level of security for cryptographic operations and key authentication.
EviCore NFC HSM utilizes the ECDH Curve 25519 with segmented key authentication to secure all communication protocols (Wi-Fi, LAN, Bluetooth, proximity, Adhoc, WebRTC) between the EviCore NFC HSM and its browser-based extension for Chromium and Firefox. All communications employ JSON packets with salting, leveraging the patented segmented key authentication method. This approach offers portability advantages over traditional certificates and enables compact key exchange using QR codes for pairing the extension with the EviCore NFC HSM application installed on an Android NFC-enabled device.
The ECDH Curve 25519 provides a secure and efficient elliptic curve Diffie-Hellman key exchange. It allows the EviCore NFC HSM and its extension to generate unique session keys for encrypting and decrypting data during communication. The generation of certificates involves the creation of ID, salting, and three keys, each with a size of 256 bits.
The extension generates an ECC (Elliptic Curve Cryptography) key consisting of the ID, IV (Initialization Vector), salt (128 bits), ECC (256 bits), and the first, second, and third keys (128 bits each). The extension encrypts the public key using the parameters of a temporary server, ensuring secure transmission. This encrypted public key is used to create a unique session key for each session, employing AES CTR (Counter) mode in combination with PBKDF2, HMAC SHA, and XOR operations to encrypt the exchanged secrets from the NFC HSM.
Certificates are refreshed in each session by exchanging their five 256-bit ECC public keys. This process ensures continuous security and allows for the establishment of unique session keys for each communication session, enhancing the confidentiality and integrity of the exchanged data.
By utilizing ECDH Curve 25519 with segmented key authentication and employing strong encryption techniques, EviCore NFC HSM ensures secure communication and confidentiality between the NFC HSM and its browser-based extension. This approach provides robust protection for sensitive data and facilitates secure key exchange, enabling secure and reliable cryptographic operations within the EviCore NFC HSM system.
The EviCore NFC HSM technology from Freemindtronic employs RSA 4096 for robust and secure encryption. RSA 4096 refers to the key size used in the RSA algorithm, where 4096 represents the length of the key in bits. RSA is an asymmetric encryption algorithm widely used for secure communication, digital signatures, and data encryption.
In RSA encryption, a key pair is generated consisting of a public key and a private key. The public key is used for encryption, while the private key remains secret and is used for decryption. The security of RSA lies in the computational complexity of factoring large numbers into their prime factors, which is the foundation of the algorithm.
By utilizing RSA 4096 as a default usage, EviCore NFC HSM ensures a high level of security and future-proofing that could potentially extend beyond 2030, unlike RSA 2048. The larger key size provides increased resistance against brute-force attacks, making it computationally infeasible to factorize the key and derive the private key without sufficient computational power and time. This significantly enhances the security of the encrypted data and protects against unauthorized access.
However, it is important to note that RSA is one of the encryption algorithms that could potentially be broken by a large enough quantum computer using Shor’s algorithm . While quantum computers pose a potential threat to many encryption algorithms, they are not yet powerful enough to break present-day encryption . The National Institute of Standards and Technology (NIST) has been working on developing post-quantum cryptographic standards that are resistant to quantum computer attacks .
By integrating RSA 4096 into EviCore NFC HSM, users benefit from the robust security provided by this encryption standard. Encryption keys are automatically generated in less than 300ms with automatic storage in an NFC HSM on Android NFC phones with an MCU clocked at 2.9 GHz, 2.8 GHz or 2.2 GHz with an Octa-Core processor. It is estimated at less than one minute on Android phones with NFC and Android 6 with a Qualcomm Snapdragon 801 processor, 4 cores, 32-bit architecture, clock speed up to 2.3 GHz and 3 GB of RAM. This demonstrates that EviCore NFC HSM technology benefits from the increased performance of its smartphones, significantly reducing the time between key creation and encrypted security storage in my freemindtronic NFC HSM eeprom memory. This guarantees on the one hand the confidentiality and integrity of the RSA private key as well as the use of its automatically generated public key from the NFC HSM. This allows on the other hand, sharing secrets between NFC HSMs or their secure backups stored encrypted in RSA-4096 on any type of external storage medium.
It’s important to note that EviCore NFC HSM technology does not use servers or databases. This means that a quantum computer would have to break the encryption of a secret encrypted via the RSA-4096 public key without any other information than the encrypted result.
Overall, while RSA 4096 offers strong protection against classical attacks, Freemindtronic maintains continuous monitoring to update its technology with new post-quantum algorithms standardized by NIST as they become available.
In terms of resistance to quantum attacks between RSA 2048 and RSA 4096 or higher key sizes, both would be vulnerable to Shor’s algorithm on a large enough quantum computer. A study estimated that a quantum circuit with 372 physical qubits and a depth of thousands would be necessary to challenge RSA-2048 . However, we couldn’t find specific information on how this scales with larger key sizes such as RSA 4096.
In terms of classical security, both RSA 2048 and RSA 4096 are considered secure for now. Security experts project that 2048-bit keys will be sufficient for commercial use until around the year 2030 . The main downside to using larger keys such as 3072 or 4096 is that they are slower to process . However, some organizations may choose to use larger keys such as RSA 4096 for added security or future-proofing. With EviCore NFC HSM technology from Freemindtronic using an Android NFC phone with an MCU clocked at 2.9GHz, 2.8GHz or 2.2GHz with an Octa-Core processor type, this downside is eliminated as keys can be generated in less than 300ms and secrets can be encrypted in real-time in less than 500ms.
Are you looking for a device that uses near-field communication (NFC) technology to provide secure and convenient management of cryptographic keys and secrets? If so, you might want to consider EviCore NFC HSM. This device is a product of Freemindtronic, a company that specializes in NFC solutions. EviCore NFC HSM complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards. This standard allows for a longer communication range and a higher data transfer rate than other NFC standards.
But before you buy or use EviCore NFC HSM, you should also be aware of the legal compliance issues that may arise from using NFC devices in different countries. NFC devices are subject to various laws, directives, regulations, agreements, and rules of law at the global level. You need to comply with them to avoid legal problems.
In this article, we will give you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. This is not a comprehensive list. You should always consult your local authorities and experts before using EviCore NFC HSM in your country.
EviCore NFC HSM is compliant with FIPS 140-2, a computer security standard used to validate hardware security modules (HSMs). This standard is used by the US government and other organizations to ensure the security of sensitive data. The compliance of EviCore NFC HSM with FIPS 140-2 ensures that it meets the highest level of security standards and can be used for secure data storage and transmission.
I hope this helps. Let me know if there’s anything else I can do for you
The RED, EviCore NFC HSM also complies with the following laws and regulations in Europe:
South Korea: Protection Act (PIPA)
The Personal Information Protection Act (PIPA) in South Korea requires companies to protect customers’ personal information and report data breaches. EviCore NFC HSMs are designed to help companies comply with the PIPA by protecting sensitive information stored on NFC smart cards. EviCore NFC HSMs provide enhanced security for NFC transactions by storing encryption keys and performing encryption and decryption operations on the smart card itself.
These are some of the main regulations that apply to EviCore NFC HSM in different regions of the world.
However, this is not a comprehensive list, and you should always consult your local authorities and experts before using EviCore NFC HSM in your country. You should also check the latest updates and changes in the regulations, as they may vary over time.
EviCore NFC HSM is a device that uses NFC technology to provide secure and convenient management of cryptographic keys and secrets. It complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards, which allows for a longer communication range and a higher data transfer rate than other NFC standards. It also complies with various laws, directives, regulations, agreements, and rules of law at the global level, and you need to comply with them to avoid legal problems.
We hope this article has given you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. If you have any questions or comments, please feel free to contact us at contact@freemindtronic.com or visit our website at https://freemindtronic.com/evicore-nfc-hsm/ to learn more about EviCore NFC HSM and its features and benefits.
The NFC HSMs used with EviCore NFC HSM are compliant with the RoHS directive. RoHS stands for Restriction of Hazardous Substances and is a European Union directive that restricts the use of certain hazardous materials in electronic and electrical equipment. Compliance with RoHS ensures that the NFC HSMs used with EviCore NFC HSM are environmentally friendly and safe for use
