EviKey NFC HSM: How to Safeguard Your Data with Your Smartphone

What is EviKey NFC HSM?

EviKey  integrates an embedded electronic system that renders the storage device invisible to any computer or device when locked; this feature is known as the “undetectable mode.” To unlock this mode, bring your smartphone close to the device and authenticate using the Fullkey or Fullkey Plus app for NFC-enabled phones. The app sends a signal via NFC, making the device visible again. This can be done either by directly connecting it or by plugging the device into any computer or device after unlocking.

EviKey offers physical data protection against unauthorized access, theft, loss, or hacking. This is a unique and innovative feature not found in other secure storage devices.

EviKey is based on a patented invention by Freemindtronic, an Andorran company specializing in cybersecurity and bespoke security solutions. The patent describes a contactless secure data storage device comprising a wireless communication module, an access control module, a data storage module, a power management module, and an attack detection module. Additionally, it explains the undetectable mode, which makes the device invisible to any computer or device when locked.

EviKey NFC HSM is committed to upholding various international standards and regulations, including:

• ISO/IEC 14443 and ISO/IEC 15693 Standards: These standards define technical specifications and communication protocols for contactless smart cards and RFID tags. EviKey NFC aligns with these protocols, ensuring seamless compatibility.
• ISO/IEC 27001 and ISO/IEC 27002 Standards: These standards establish stringent requirements and best practices for implementing robust information security management systems (ISMS). EviKey NFC HSM adheres to these standards, guaranteeing the highest level of data security.
• International and European Data Protection Laws: EviKey NFC complies with various international and European laws governing personal data protection and privacy, including the General Data Protection Regulation (GDPR) and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108). Your data remains in safe hands, meeting all legal requirements.
• NIST Password Recommendations: Following the guidelines set forth by the National Institute of Standards and Technology (NIST), EviKey NFC HSM enhances the security of memorized secrets, including passwords, PINs, and passphrases. Your data is fortified against unauthorized access.
• NIST Cybersecurity Recommendations: EviKey NFC HSM adheres to the cybersecurity recommendations provided by NIST, offering a comprehensive framework for organizations to effectively manage risks associated with the security of their information systems. Your data is shielded with a robust security framework.

Furthermore, EviKey NFC HSM operates with an undetectable mode, rendering the device invisible when locked. This mode is effortlessly activated and deactivated via NFC using your smartphone, simplifying import and export operations without the need for additional encryption authorizations.

Moreover, EviKey NFC HSM incorporates a tamper-evident black box, meticulously recording all device-related events, including access attempts, code modifications, connections, errors, anomalies, and potential security breaches. This comprehensive log can serve as invaluable documentation in cases of disputes, audits, or as legal evidence.

It’s essential to note that the black box of EviKey NFC HSM can only be accessed by the user with access to the black box. It is not freely accessible. Thus, in case of disputes, it is the user who can provide the physical evidence. Remember, EviKey NFC HSM technology is not connected and operates in a completely anonymized manner. Freemindtronic not only prioritizes the security of your data but also diligently complies with international standards and regulations to provide you with a transparent and legally robust data protection solution.

EviKey NFC HSM improves data protection while enhancing convenience. This improvement stems from its ability to simplify import and export operations through its unique technology, which doesn’t rely on built-in encryption systems. Consequently, complex encryption authorizations and compliance with various international regulations become unnecessary.

Let’s explore specific scenarios where regulations differ based on the presence or absence of encryption systems in a product EviKey USB NFC HSM or EviKey SSD NFC HSM:

• Europe: Export controls for dual-use goods, which include products with both civil and military applications or ties to weapons of mass destruction proliferation, are harmonized under community regulation. Encryption system-containing products fall into this category, specifically in category 5, part 2 of the regulation. Typically, exporters must secure prior authorization from their Member State authorities. Exceptions or general licenses may apply, but EviKey NFC technology, devoid of an embedded encryption system yet utilizing patented segmented key authentication for contactless memory access, circumvents this authorization requirement.
• China: A dedicated regulation, the “Regulation on the Administration of Commercial Cryptography Technologies and Products,” governs products containing encryption systems. This mandates that manufacturers, distributors, and users meet specific requirements, including licensing or certification, adherence to national technical standards, submission to inspections or audits, and product-related information declaration. EviKey technology, without an embedded encryption system but featuring secure data storage, bypasses these stringent requirements.
• Japan: The “Foreign Exchange and Foreign Trade Act” aims to prevent the illicit transfer of goods or technologies with potential use in nuclear weapons or other weapons of mass destruction. Controlled goods or technologies, including products with encryption systems, are categorized in list 1 or list 2 of the implementing regulation. Exporters usually need prior authorization from the Ministry of Economy, Trade and Industry (METI). Exceptions or general licenses may apply, but EviKey’s technology, lacking an embedded encryption system yet featuring an unfalsifiable black box, exempts users from this authorization.
• South Korea: The “Strategic Trade Control Act” aims to prevent the illicit transfer of goods or technologies that can contribute to nuclear weapons or other weapons of mass destruction development. Controlled goods or technologies, including encryption system-equipped products, are classified in list 1 or list 2 of the implementing regulation. Exporters usually require prior authorization from the Ministry of Trade, Industry and Energy (MOCIE). Exceptions or general licenses may apply, but EviKey NFC technology, with no embedded encryption system yet offering compatibility with all encryption systems, negates the need for such authorization.

In conclusion, EviKey NFC HSM delivers secure and user-friendly data protection. Despite the absence of an embedded encryption system, it provides unmatched data security. Furthermore, it complies with diverse international standards and regulations, streamlining import and export processes without encryption system-related complications. Additionally, it integrates an unfalsifiable black box to meticulously record product-related events.

EviKey NFC HSM incorporates an advanced self-diagnostic and protection system, which continuously monitors its operational status and takes appropriate actions in response to issues. This system consists of the following components:

• Three thermal sensors: These sensors are strategically placed near the USB connector, the electrical protection and regulation system, and the primary active systems, including the PCB. They continuously measure the device’s temperature and, if overheating is detected, trigger an automatic thermal breaker. The breaker resets once the temperature returns to normal.
• Asymmetrical electrical monitoring and protection system: This component is designed to detect voltage and current variations between power and the load. It acts as a safeguard against overvoltages, undervoltages, and overcurrents that could potentially harm the device or compromise data integrity.
• Tamper-evident black box: EviKey NFC HSM’s black box diligently records all device-related events, including access attempts, code modifications, connections, errors, anomalies, and potential security breaches. This black box serves as a comprehensive and reliable history of device usage, which can prove invaluable in disputes, audits, or legal proceedings.
• Two LEDs: These LEDs serve as indicators of the device’s status, recorded events, detected errors, and more. Detailed explanations of these LED codes can be found in the user manual.

Thanks to this sophisticated system, EviKey NFC HSM ensures the quality, reliability, and security of your storage devices. It not only alerts you to potential issues but also provides appropriate solutions. Furthermore, it offers real-time monitoring of flash memory usage, with all activities logged in the black box from the first device use.

EviKey NFC HSM employs a segmented secret key system based on distinct user profiles. These profiles include administrators, regular users, temporary users, and smartphones. The secret keys are distributed across both the smartphone and the device, residing in separate memory sections secured by the embedded system.

Each segment of the secret key possesses its own unique and random characteristics. Some segments are determined by the user’s PIN code. To reconstruct the complete secret key, one must effectively combine all individual segments. This process is facilitated by the NFC HSM technology’s embedded system, which meticulously validates each segment to grant access to the device’s physical memory.

This comprehensive process serves to make the secret key exceedingly challenging, if not practically impossible, to steal, intercept, or guess.

Replay attacks involve recording and reusing NFC signals exchanged between the smartphone and the device to unlock it without the code. EviKey NFC HSM resists such attacks through several features:

• Usage of the industrial NFC 15693 standard, more robust and secure than the consumer-grade NFC 14443 standard, enabling reliable and fast contactless communication between the smartphone and the device.
• Utilization of segmented secret keys, distributed between the smartphone and the device, with each segment being unique and random. Reconstructing the secret key requires gathering all segments using NFC HSM technology, which validates them to unlock physical memory access. This process makes stealing, intercepting, or guessing the secret key extremely challenging.
• Employing a unique pairing key created during the initial use of the device, identifying the paired smartphone and rejecting any other. This key also prevents cloning the device or smartphone.
• Usage of an independent and autonomous embedded system that validates all key segments, operating independently of the application. This system is physically disconnected from the USB port, preventing USB port attacks. Access control is only possible through contactless means, using the smartphone’s NFC signal, which also powers the security system independently.

Thanks to these features, EviKey NFC HSM makes replay attacks virtually impossible. Accessing the device requires the paired smartphone, paired device, password, and the secret key. If any of these elements are missing, the device remains locked and invisible, safeguarding data from unauthorized access, theft, loss, or hacking.

EviKey NFC HSM utilizes an embedded system that validates all key segments independently of the application. This system is physically disconnected from the USB port, preventing USB port attacks. Access control is only possible through contactless means, using the smartphone’s NFC signal, which also powers the security system independently.

The security system incorporates multiple protection mechanisms:

• Memory access self-blocking by partitioning, preventing unauthorized reading or writing on the device.
• Automatic erasure of temporary memory areas, removing all traces of key segments or codes after each device use.
• Detection of replay attacks – recording and reusing NFC signals. The system verifies the authenticity and uniqueness of signals, rejecting duplicated or falsified ones.

Thanks to these mechanisms, EviKey NFC HSM makes replay attacks highly complex, if not impossible. It ensures data security and confidentiality.

Enhanced Data Security with Versatile NFC Data Security Solutions

Discover the wide range of applications for boosting data security with NFC data security solutions like EviKey:

1. Enhanced Data Storage Security:
   • Utilize NFC data security technology as a dongle to secure various storage devices.
   • Protect fixed SSDs, hard drives, or removable media, including USB keys and external SSDs, using NFC data security.
   • Enable TMP2.0 unlocking and encryption keys (e.g., BitLocker) for enhanced security.
   • Require contactless authentication through your smartphone and the NFC data security device for unmatched data protection.
2. Streamlined SSH Key Authentication:
   • Ensure secure SSH key-based sessions with NFC data security.
   • Facilitate convenient access to remote servers and devices.
   • Your smartphone, paired with NFC data security, acts as an SSH key, enhancing security.
   • Encrypt, backup, restore, share, or send SSH keys using segmented key authentication.
3. Robust Sensitive Information Management:
   • NFC data security serves as a secure vault for encrypted secrets.
   • Ideal for token management, identifier and password management, encryption key management, and segmented key management.
   • Ensure the highest levels of security when handling sensitive data.
   • Easily generate, input, scan, and transfer secrets with the FullKey+ app or Freemindtronic (FMT) app.
4. Passwordless Contactless Authentication:
   • Manage a robust strongbox system for passwordless contactless authentication with NFC data security.
   • Utilize your smartphone and NFC data security for secure authentication across applications and services.
   • Simplify the management, backup, restoration, sharing, sending, and storage of passwordless contactless credentials with the FullKey+ app or Freemindtronic (FMT) app.
5. Efficient Web Authentication:
   • Store and manage web authentication keys securely with NFC data security.
   • Seamlessly integrate with standards like WebAuthn and Web3.0 for reliable web authentication.
   • Simplify web authentication key management with the FullKey+ app or Freemindtronic (FMT) app.

One standout example of NFC data security’s application is its role in PassCypher HSM—a real-time token authentication manager. This innovation revolutionizes password and identifier management, eliminating the need for servers or databases. It seamlessly integrates with other Freemindtronic technologies, including EviCore HSM OpenPGP, EviPass NFC HSM, and EviCore NFC HSM Browser Extension.

These dynamic use cases highlight the adaptability and ingenuity of NFC data security technology, underscoring its relevance across diverse scenarios while ensuring robust data security.

You can find and purchase EviKey NFC HSM-enabled storage devices on Freemindtronic’s website or through its partners like Syselec Group, RS Pro, PassCypher HSM. You can also contact Freemindtronic for a customized quote or to become an authorized distributor.