How does EviPass NFC HSM work?

EviPass NFC HSM is a password management solution that uses the NFC HSM to protect your online or offline accounts and secrets. It allows you to generate or import passwords based on different bases and options. You can also access and manage your passwords and secrets with a simple NFC scan of your smartphone.

Password generation

EviPass NFC HSM allows you to generate passwords based on the 95 printable ASCII characters or on the hexadecimal base 16, 58, 64 or 85. You can choose the length and complexity of the password according to your needs. A password based on the 95 printable ASCII characters can have up to 60 characters, which is equivalent to 395 bits. A password based on the hexadecimal base 16, 58, 64 or 85 can have up to 51 characters, which is equivalent to 329.6 bits. These passwords offer a very high level of security and are hard to crack.

You can also customize your password by selecting or deselecting certain types of characters from the ASCII table, such as lowercase characters, uppercase characters, numbers, or symbols. This allows you to meet many cases of constraint related to the compatibility of online account management, offline, other proprietary software accounts and command line where certain characters should not be used since used for other specific functions. Here is a table that explains each option and gives an example:

Generate a random password

This function allows you to create a random password up to 51 characters long, based on the 95 printable ASCII characters, which is equivalent to a key of about 336 bits. You can choose the length and complexity of the password according to your needs.

Password management functions

EviPass NFC HSM allows you to store your passwords and secrets on your EviPass NFC HSM compatible device. The device encrypts the data using post-quantum encryption algorithms based on lattice problems, such as learning with errors (LWE) or ring learning with errors (RLWE). These problems are hard to solve, even for quantum computers, and their security is proven to reduce to the worst case. LWE and RLWE are also efficient and compatible with existing communication protocols and networks.

You can access and manage your passwords and secrets on your EviPass NFC HSM compatible device using the EviPass Web Browser Extension on your computer or phone. The extension allows you to access your online accounts without entering or memorizing any passwords or secrets. Here is a table that lists all the functions of EviPass NFC HSM:

The number of bits in a password is calculated by taking the logarithm base 2 of the number of possible combinations, which is the size of the character set raised to the power of the password length. For example, a password of 51 characters based on 95 printable ASCII characters has 95^51 possible combinations, which is approximately 2^336. Therefore, the number of bits in this password is log2​(95^51) = 336.

For example, a hexadecimal password of 8 characters has 8 x 4 = 32 bits. A hexadecimal password based on base 58, 64 or 85 uses more characters than the standard base 16, which means it can encode more bits per character. For example, a base 58 password of 51 characters has 51 x log2​(58) = 266.5 bits. A base 64 password of 51 characters has 51 x log2​(64) = 306 bits. A base 85 password of 51 characters has 51 x log2​(85) = 329.6 bits.

How to customize your password with the ASCII table options

EviPass NFC HSM allows you to customize your password by choosing which types of characters you want to include or exclude from the ASCII table. The ASCII table is a standard that defines 128 characters, including letters, numbers, symbols, and control codes. Each character has a corresponding decimal number, from 0 to 127, and a binary code, from 00000000 to 11111111.

The EviPass NFC HSM technology uses the 95 printable ASCII characters, from 32 to 126, to generate passwords. These characters are divided into different types, such as lowercase characters, uppercase characters, numbers, symbols, etc. You can select or deselect each type of character by using the options in the EviPass NFC HSM app or the EviPass NFC HSM Browser Extension.

To help you understand the different types of characters that you can select or deselect from the ASCII table, here is a table that explains each option and gives an example:

With the EviPass NFC HSM technology, you can customize your password by choosing which types of characters you want to include or exclude. For example, if you want to generate a password without space or angle brackets, you can disable these two options. The generated password will only contain the other characters from the ASCII table.

The number of bits in a password is a measure of its strength and security. The more bits a password has, the harder it is to guess or crack. The number of bits in a password is calculated by taking the logarithm base 2 of the number of possible combinations, which is the size of the character set raised to the power of the password length. For example, a password of 51 characters based on 95 printable ASCII characters has 95^51 possible combinations, which is approximately 2^336. Therefore, the number of bits in this password is log2​(95^51) = 336.

Here is a formula that you can use to calculate the number of bits in a password:

Number of bits = log2​(character set size^password length)

Here is a table that shows some examples of passwords and their number of bits, based on different character sets and lengths:

As you can see, the number of bits in a password increases as the character set size and the password length increase. A password with more bits is more secure and harder to crack than a password with fewer bits. However, a password with more bits may also be harder to remember and type. Therefore, you need to balance the security and usability of your password. With EviPass NFC HSM, you can generate and store your passwords securely and access them easily with a simple NFC scan of your smartphone.

Generate a hexadecimal password

This function allows you to create a random hexadecimal password, based on base 16, 58, 64 or 85. You can choose the length and base of the password according to your needs. A hexadecimal password is a password that uses only the 16 digits from 0 to 9 and from A to F. The number of bits in a hexadecimal password is equal to the length of the password multiplied by 4.

This table provides a comprehensive view of the advanced features for contactless management and use of secrets stored in the NFC HSM. It allows users to create, read, modify, delete, duplicate, clone, share, encrypt and decrypt their secrets securely and conveniently.

The number of bits in a password is calculated by taking the logarithm base 2 of the number of possible combinations.

For example, a hexadecimal password of 8 characters has 8 x 4 = 32 bits. A hexadecimal password based on base 58, 64 or 85 uses more characters than the standard base 16, which means it can encode more bits per character. For example, a base 58 password of 51 characters has 51 x log2​(58) = 266.5 bits. A base 64 password of 51 characters has 51 x log2​(64) = 306 bits. A base 85 password of 51 characters has 51 x log2​(85) = 329.6 bits.

EviPass NFC HSM allows you to generate hexadecimal passwords based on different bases and options. You can choose the number of bytes between 4 and 48, and the base between 16, 58, 64 or 85. You can also customize your password by selecting or deselecting certain types of characters from the ASCII table. Here is a table that summarizes the functions of the hexadecimal password generator of EviPass NFC HSM:

With the EviPass NFC HSM technology, you can generate and store your hexadecimal passwords securely and access them easily with a simple NFC scan of your smartphone.

Use cases

Hexadecimal passwords can be useful for various purposes, such as encryption, authentication and hashing. Here are some examples of use cases where you can use EviPass NFC HSM to generate and store your hexadecimal passwords:

• AES (Advanced Encryption Standard): AES is a symmetric encryption algorithm that uses hexadecimal keys to encrypt and decrypt data. AES can use keys of 128, 192 or 256 bits, which correspond to 32, 48 or 64 hexadecimal characters. For example, a 256-bit AES key can be: 0E329232EA6D0D73 99029D908C00D204 66E94BD4EF8A2C3B 884CFA59CA342B2E. With EviPass NFC HSM, you can generate and store your AES keys securely and access them easily with a simple NFC scan of your smartphone.
• WEP (Wired Equivalent Privacy): WEP is a security protocol for wireless networks that uses hexadecimal keys to authenticate users and encrypt communications. WEP can use keys of 40 or 104 bits, which correspond to 10 or 26 hexadecimal characters. For example, a 104-bit WEP key can be: 0123 4567 89AB CDEF 0123 45. With EviPass NFC HSM, you can generate and store your WEP keys securely and access them easily with a simple NFC scan of your smartphone.
• SHA (Secure Hash Algorithm): SHA is a family of hash functions that produce hexadecimal fingerprints from any data. SHA can use fingerprints of 160, 224, 256, 384 or 512 bits, which correspond to 40, 56, 64, 96 or 128 hexadecimal characters. For example, a SHA-256 fingerprint can be: 68E656B251E67E83 1B8E8B5579A68B9D D42A90D5E78E8DA1 5E6BEEE39E930CE5. With EviPass NFC HSM, you can generate and store your SHA fingerprints securely and access them easily with a simple NFC scan of your smartphone.
• TETRA: TETRA is a digital radio standard for public safety and security organizations. It uses hexadecimal keys to encrypt and decrypt radio communications. With EviPass NFC HSM, you can generate and store your TETRA keys securely and easily.

To generate a random hexadecimal key of 10 bytes (80 bits) with EviPass NFC HSM, follow these steps:

• Launch the hexadecimal password generator on your EviPass NFC HSM compatible device.
• Choose the number of bytes, 10 for a 80-bit key.
• Choose the hexadecimal base, 16 by default.
• Choose the letter case, uppercase in this example.
• Press the “Generate” button to get a random hexadecimal key.
• You will get a 10-byte (20-hexadecimal character) key composed of digits from 0 to 9 and letters from A to F. For example, you may get 3F 8A 6B 4C 9D 1E 7F 2A 5B 0C.
• Write the hexadecimal key in uppercase, separated by spaces. You will get 3F 8A 6B 4C 9D 1E 7F 2A 5B 0C.

Here is the hexadecimal key of 10 bytes (80 bits) generated randomly in base 16:

3F 8A 6B 4C 9D 1E 7F 2A 5B 0C

This is how you can generate a hexadecimal key for TETRA with EviPass NFC HSM.

Other use cases of hexadecimal passwords

Hexadecimal passwords can be useful for various purposes, such as encryption, authentication and hashing. Here are some examples of use cases where you can use EviPass NFC HSM to generate and store your hexadecimal passwords:

• AES (Advanced Encryption Standard): AES is a symmetric encryption algorithm that uses hexadecimal keys to encrypt and decrypt data. AES can use keys of 128, 192 or 256 bits, which correspond to 32, 48 or 64 hexadecimal characters. For example, a 256-bit AES key can be: 0E329232EA6D0D73 99029D908C00D204 66E94BD4EF8A2C3B 884CFA59CA342B2E. With EviPass NFC HSM, you can generate and store your AES keys securely and access them easily with a simple NFC scan of your smartphone.
• WEP (Wired Equivalent Privacy): WEP is a security protocol for wireless networks that uses hexadecimal keys to authenticate users and encrypt communications. WEP can use keys of 40 or 104 bits, which correspond to 10 or 26 hexadecimal characters. For example, a 104-bit WEP key can be: 0123 4567 89AB CDEF 0123 45. With EviPass NFC HSM, you can generate and store your WEP keys securely and access them easily with a simple NFC scan of your smartphone.
• SHA (Secure Hash Algorithm): SHA is a family of hash functions that produce hexadecimal fingerprints from any data. SHA can use fingerprints of 160, 224, 256, 384 or 512 bits, which correspond to 40, 56, 64, 96 or 128 hexadecimal characters. For example, a SHA-256 fingerprint can be: 68E656B251E67E83 1B8E8B5579A68B9D D42A90D5E78E8DA1 5E6BEEE39E930CE5. With EviPass NFC HSM, you can generate and store your SHA fingerprints securely and access them easily with a simple NFC scan of your smartphone.
• TETRA: TETRA is a digital radio standard for public safety and security organizations. It uses hexadecimal keys to encrypt and decrypt radio communications. With EviPass NFC HSM, you can generate and store your TETRA keys securely and easily.

EviPass NFC HSM is an advanced hexadecimal generator that offers you the highest level of security and convenience.

Cybersecurity and safety of EviCore NFC HSM implemented in EviPass NFC HSM technology

EviPass NFC HSM is a password management solution that uses EviCore NFC HSM technology to store and manage your secrets securely and conveniently. EviCore NFC HSM is a technology that combines encryption from an HSM and NFC communication protocols to protect your keys and secrets. Learn about the cybersecurity and security aspects of EviCore NFC HSM and how it keeps your secrets safe and private.

EviCore NFC HSM offers a high level of cybersecurity for your secrets, as it employs several mechanisms and features to prevent unauthorized access, duplication, or modification of your secrets. Some of these mechanisms and features are:

• EVI protocol: EVI (Encrypted Virtual Interface) is a proprietary protocol developed by Freemindtronic for communication with NFC HSM devices, offering an exceptional level of security for sensitive data. This protocol is considered a Zero Knowledge Proof (ZKP) protocol, as it uses encryption keys and authentication processes that are generated with a high degree of randomness and remain confidential. It also uses cryptographic signatures and timestamps to verify the authenticity and freshness of your secrets. EVI is resistant to various types of attacks, such as replay attacks, modification attempts, and interception.
• Anti-cloning and anti-replay mechanisms: EviCore NFC HSM has anti-cloning and anti-replay mechanisms that block any unauthorized access or duplication of your secrets. These mechanisms use cryptographic signatures and timestamps to verify the authenticity and freshness of your secrets. They also use a salting system to counteract keyloggers, which adds characters at predetermined positions known only to the user, which are subsequently removed during password entry.
• Segmented key authentication system: EviCore NFC HSM has a patented segmented key authentication system that allows you to define up to 9 trust criteria for encrypting your secrets, such as geolocation, BSSID, password, or fingerprint. These criteria increase your security and convenience by allowing you to access your secrets only with the required information. They also use a dynamic key generation system, which generates a new key for each encryption or decryption operation, making it impossible to reuse the same key.
• Wireless access control system: EviCore NFC HSM has a patented wireless access control system that lets you define two different access profiles: administrator and users. The administrator can create, modify, delete, and share secrets, while the users can only read and use them. The administrator and the users cannot access each other’s secrets without their permission. This system also allows you to set a time limit for sharing your secrets and a trust level for encrypting your secrets.

EviCore NFC HSM also offers a high level of safety for your secrets, as it employs several mechanisms and features to ensure the integrity and availability of the device and the data stored in it. Some of these mechanisms and features are:

• Power supply monitoring and protection device with black box: EviCore NFC HSM has a patented power supply monitoring and protection device with black box that guarantees the integrity and availability of the device. This device detects and prevents any power failure or tampering that could damage the device or the data stored in it. It also records the events that occur in the device, such as the number of accesses, the type of operations, or the errors encountered.
• EEPROM memory: EviCore NFC HSM has an EEPROM memory that can store up to 64 KB of data. The data stored in the memory are encrypted without contact from the EviCore NFC HSM application which performs encryption and decryption operations using state-of-the-art algorithms, such as AES 256 bits and RSA 4096 bits. The EEPROM memory is resistant to physical attacks, such as heat, cold, or radiation, and can retain the data for up to 10 years without power.
• NFC communication: EviCore NFC HSM uses NFC communication protocols to communicate with the Android phone serving as the HSM terminal and IHM. The NFC communication is powered by the NFC signal of the phone, which means that the device does not need any battery or external power source. The NFC communication is also fast and convenient, as it only requires a simple contact or proximity between the device and the phone.

EviCore NFC HSM is a technology that provides cybersecurity and safety for your secrets. It uses hardware encryption and NFC communication protocols to protect your cryptographic keys and secrets. It is the core technology behind EviPass NFC HSM, which adds more features and functions for password management. To learn more about EviPass NFC HSM, visit our website.

Here is a table that provides some technical specifications of EviCore NFC HSM:

Specification Value
Dimensions Consult the technical documents
Weight Consult the technical documents
Operating temperature -40°C to +85°C
Storage temperature -65°C to +150°C
Humidity 5% to 95% non-condensing and resin-coating free
Shock resistance Up to 1000 G and resin-coating free
Vibration resistance Up to 20 G and resin-coating free
NFC frequency 13.56 MHz
NFC range Up to 10 cm
NFC data rate Up to 424 kbps
NFC ISO/IEC 14443 Type A/B, ISO/IEC 15693, ISO/IEC 18092 (NFCIP-1), ISO/IEC 21481 (NFCIP-2), ISO/IEC 18000-3 Mode 1/2/3
Secure element (SE) ST M24LR64E-R NFC EEPROM
Memory size (SE) Up to 64 KB EEPROM
EviCore NFC HSM cryptographic algorithms AES, RSA, ECC, DES/3DES, SHA, HMAC, CRC, LWE, RLWE
EviCore NFC HSM cryptographic standards FIPS PUB 197, FIPS PUB 186-4, FIPS PUB 180-4, FIPS PUB 198-1, ISO/IEC 9797-1 MAC Algorithm 3 (Retail MAC), ISO/IEC 9797-1 MAC Algorithm

EviKeyboard BLE is a device that allows you to use your phone or tablet as a wireless keyboard for your computer. It uses Inputstick technology to connect to your computer’s USB port and EviCore NFC HSM technology to secure your keystrokes. You can use the EviKeyboard app on your phone or tablet to choose the keyboard language and type passwords or cryptographic information.
Why EviKeyboard BLE?

EviKeyboard BLE has several advantages over other wireless keyboards, such as:

Eliminate the risk of theft, interception or corruption of keystrokes, by using Bluetooth encryption and random order of keystrokes
Simplify the user experience, by not requiring installation or configuration on the computer, and by starting automatically when plugged in
Improve the security and privacy of users, by using state-of-the-art encryption and verification methods that resist quantum attacks
Enable faster and more convenient access to online and offline systems and services, by using your phone or tablet as a wireless keyboard for your computer
Be compatible with any computer and any application that requires keyboard input. You can use it with Windows, Linux, Mac OS X and many other platforms.

How to use EviKeyboard BLE?

To use EviKeyboard BLE, you need a device compatible with EviPass NFC HSM technology and an EviKeyboard BLE device. You also need the EviKeyboard app on your phone or tablet. Here is what you need to do:

Connect your device compatible with EviPass NFC HSM technology to your phone or tablet with NFC.
Open the EviKeyboard app and choose the language of the virtual keyboard from the list.
Plug your EviKeyboard BLE device into your computer’s USB port.
Tap on “Connect” in the app and enter the encryption key.
Type on your phone or tablet and see the text on your computer screen.

You can also use the app to get user info, password info, crypto info, IOTA info or secret note info from your device compatible with EviPass NFC HSM technology. You can copy them or send them to your computer.

EviPass NFC HSM: A contactless and passwordless password management technology

EviPass NFC HSM (Encrypted Virtual Interface – Near Field Communication – Hardware Security Module) is a groundbreaking technology that seeks to overcome the challenges associated with passwords, one of the most common and widely used methods for online accounts and services authentication. Despite their ubiquity, passwords come with a myriad of drawbacks and limitations, such as:

• They are vulnerable to theft, phishing, brute force attacks and other common threats.
• They are hard to remember and manage, especially when users have multiple accounts and passwords.
• They are inconvenient and time-consuming to enter, especially on mobile devices or public computers.
• They are not secure enough against quantum attacks, which could break the encryption and verification methods based on traditional cryptography.

To overcome these challenges, Freemindtronic has developed a new innovative hardware-based contactless password management solution with passwordless function. It works without a server, without a database, without the need to know, memorize, enter a password, or know the username or its identifier or identify the equipment used to connect without contact in multi factors authentication: EviPass NFC HSM.

EviPass NFC HSM is a secure, decentralized password management technology that uses contactless, passwordless authentication and post-quantum encryption to protect users’ online accounts and secrets. Users can access their accounts online or offline without entering, remembering, knowing or viewing passwords or secrets. Users can also manage their passwords and secrets on their computer with EviPass NFC HSM technology using the EviCore NFC HSM Browser Extension web browser extension. EviPass NFC HSM is compatible with all NFC websites and Android phones. EviPass NFC HSM can work on Android NFC computer or phone systems online, offline or in LAN including command line with EviKeyboard BLE virtual USB Bluetooth keyboard technology.

Patented technologies behind EviPass NFC HSM

EviPass NFC HSM relies on Freemindtronic’s international patented technology, a company based in Andorra, which designed and developed several inventions in the field of computer security and access control. These inventions are the system of wireless access control to a device protected by pre-set authentication factors and the system of segmented key authentication for a computer application. These inventions are the system of wireless access control to a device protected by pre-set authentication factors (WO2017129887) and the system of segmented key authentication for a computer application (WO2018154258).

EviPass contactless technology combines these two inventions to offer a secure and decentralized contactless hardward password management solution but also centralized via an innovative end-to-end encrypted air gap sharing system in RSA 4096 between two NFC HSMs.

EviPass does not store your passwords on your computer or phone, but encrypts and decrypts them on the fly thanks to an NFC HSM device compatible with EviPass, such as a smartphone or a security key. EviPass does not ask you to enter your passwords, but transmits them wirelessly and without password using NFC. EviPass uses post-quantum encryption, which resists attacks from quantum computers.

With EviPass, you benefit from the advantages of NFC HSM:

• You enjoy a high level of security, using secret keys and multiple authentication factors.
• You simplify the authentication process, avoiding complex passwords or one-time codes.
• You easily manage your permissions, configuring the authentication factors and tokens associated.
• You adapt your solution to different types of devices or applications protected, using controllable switches.

EviPass works with two technologies EviCore NFC HSM or EviCore HSM OpenPGP from Freemindtronic, which implement these two patents among others. These technologies are secure hardware modules (HSM) that allow you to generate, store and use cryptographic keys securely. They comply with international standards, such as NFC, Bluetooth, AES 256 bits, RSA 4096 bits, IEC/ISO 15639, IEC/ISO 7816:2020, IEC/ISO 8859-1:1998, IEC/ISO 13157-2:2016 and IEC/ISO 15408-1:2022 .

EviPass is also compatible with a new technology of authentication by segmented key in two levels (people), requiring the proximity of two people to use the services of the HSM NFC technology of EviCore. This means that to access a protected device or application, you need two NFC HSM mobile devices and two segments, which are held by two different people. It is mandatory to present both NFC HSM containing each one segment to reconstitute the password that can exceed 256 bits. This segmented key authentication by tiers is already compatible with the EviCore HSM OpenPGP technology by segmenting AES-256 OpenPGP encryption key.

This technology of authentication by segmented key in two levels offers a high level of security, requiring the physical presence and cooperation of two people to access a protected system from a computer or phone system using identification and/or password. It also significantly reduces the risks of password corruption in case of loss or theft, by dividing them into two distinct parts and entrusting them to two different people who only know their segment.

NFC hardware password manager EviPass is the ultimate solution for wireless access control to protected devices or applications.