2024, Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

Posted on February 24, 2024March 15, 2024 by FMTAD

24
Feb

The CRA: Strengthening Cybersecurity Across the EU

Cyber Resilience Act (CRA) is a pivotal European regulation, enhancing cybersecurity standards for digital products. This legislation aims to safeguard users and businesses from cyber threats, ensure market competitiveness, and foster innovation in the cybersecurity field. In this article, we delve into the CRA’s essential features, its advantages and potential challenges, and the implications for manufacturers and distributors of digital products. Discover how the CRA aims to fortify digital security and resilience throughout the European Union.

A modern cybersecurity control center with a diverse team monitoring national cyber threats during the Andorra National Cyberattack Simulation.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

Digital image showing a confused user at a computer surrounded by complex password symbols

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

2023 Cyberculture

New EU Data Protection Regulation 2023/2854: What you need to know

December 25, 2023

Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.

Explore our Cyberculture section for detailed information on the Cyber Resilience Act CRA, authored by Jacques Gascuel, a pioneer in contactless, serverless, databaseless sensitive data security solutions. Stay up to date and secure with our frequent updates.

The Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

The Cyber Resilience Act (CRA) is a European regulation that imposes cybersecurity standards on digital products. It aims to protect users and businesses from cyber threats, harmonise the digital internal market and support innovation in cybersecurity. In this article, we’ll walk you through the key features of the CRA, its pros and cons, and its implications for manufacturers and distributors of digital products.

Introduction au Cyber Resilience Act (CRA)

The EU proposed the Cyber Resilience Act in 2022 to set uniform safety standards for products with digital components, such as internet-connected devices, software and online services. These products can be exposed to cyberattacks that affect their availability, integrity and confidentiality. The CRA aims to protect users and businesses from these risks, by requiring common rules for market entry and cybersecurity measures throughout the product lifecycle. It also establishes a CE marking system to indicate compliance with cybersecurity standards. Moreover, the CRA distinguishes critical products, which have higher obligations according to their level of criticality. The CRA is part of the 2020 EU Cybersecurity Strategy, which seeks to enhance the EU’s collective resilience against cyber threats and foster a secure and trustworthy digital environment for all.

The CRA was approved by the Council and the Parliament in november 2023, and will enter into force in 2024, 20 days after its publication in the Official Journal of the EU. However, it will not be applicable until 2027, to allow a transition period for existing products and software. Moreover, the CRA will be revised every five years, to adapt to technological developments and stakeholder needs.

In this subject, we will explain the main provisions of the CRA, its pros and cons, and its impact on the digital market and society. So,the CRA aims to increase the security and resilience of digital systems in the EU, by imposing strict and binding requirements for the design, development and maintenance of digital products. It also introduces a CE marking system for digital products, ensuring their compliance with established cybersecurity standards.

Strengthening the EU’s Cybersecurity Framework: The Provisional Agreement on the Cyber Resilience Act

A Milestone for a Secure Digital Single Market

The Council presidency and the European Parliament have struck a landmark agreement on the proposed Cyber Resilience Act (CRA), taking a major step forward in fortifying the European Union’s cybersecurity landscape. This critical legislation outlines EU-wide cybersecurity requirements for digital products, addressing the urgent need for a harmonized approach to securing connected devices before they reach consumers.

Hailed as a crucial step by Spanish Minister of Digital Transformation José Luis Escrivá, the agreement emphasizes the essential need for a basic cybersecurity level for all connected devices sold within the EU, ensuring robust protection for both businesses and consumers.

Key Features and Amendments of the Agreement

The provisional agreement preserves the core principles of the European Commission’s proposal, focusing on several key areas:

Rebalancing Compliance Responsibility: Manufacturers now take primary responsibility, handling tasks like risk assessments, conformity declarations, and cooperation with authorities.
Vulnerability Handling: The agreement mandates processes for manufacturers to ensure ongoing cybersecurity and outlines specific obligations for importers and distributors as well.
Transparency and Consumer Protection: Measures are introduced to enhance transparency regarding the security of both hardware and software for consumers and businesses, empowering informed decision-making.
Market Surveillance Framework: A robust framework will enforce the regulations, ensuring compliance and safeguarding the EU’s digital space.

Co-legislators have also proposed adjustments, including:

Simplified Product Classification: A streamlined approach for classifying regulated digital products, facilitating easier compliance and understanding.
Product Lifetime Determination: Manufacturers must specify the expected lifespan of digital products, with a minimum five-year support period, unless shorter use is anticipated.
Reporting Obligations: A focus on reporting actively exploited vulnerabilities and incidents, enhancing the role of national authorities and ENISA in managing cybersecurity threats.

Looking Forward: Implementation and Impact

With the provisional agreement in place, technical work continues to finalize the regulation’s details. The compromise text will be presented for endorsement by member states, marking a critical moment in the EU’s journey towards a cohesive and secure digital ecosystem.

The CRA is set to apply three years after enactment, providing manufacturers with ample time to adapt. Additionally, specific support measures for small and micro enterprises have been agreed upon, including awareness-raising, training, and assistance with testing and compliance procedures.

The Path to the Cyber Resilience Act

This provisional agreement marks the culmination of a journey that began with the Council’s 2020 conclusions on the cybersecurity of connected devices, emphasizing the need for comprehensive legislation. Reflecting the urgency expressed by Commission President von der Leyen in 2021 and subsequent Council conclusions, the CRA proposal submitted by the Commission in September 2022 aims to complement the existing EU cybersecurity framework, including the NIS Directive and the EU Cybersecurity Act.

This agreement represents a significant milestone in the EU’s commitment to enhancing cybersecurity resilience, marking a new era of digital product security and consumer protection across the Union.

Business Requirements and Responsibilities

Under the CRA, manufacturers and distributors of digital products are required to ensure the compliance of their offerings from the moment they are placed on the market and throughout their lifecycle. This involves actively monitoring for vulnerabilities and working closely with security researchers to identify and fix potential vulnerabilities within 90 days of discovery.

Cooperation and Sanctions

Another cornerstone of the CRA is the enhanced cooperation between EU Member States and the European Commission to monitor the application of the Regulation. In the event of non-compliance, companies risk severe penalties, up to 10% of their annual global turnover. This underlines the EU’s commitment to ensuring a high level of digital security.

Application and Exclusions of the CRA

The CRA applies to a wide range of digital products, with the notable exception of those already regulated by other EU legislation, such as medical devices or vehicles. Its aim is to close legislative gaps and strengthen coherence in the field of cybersecurity.

Conclusion and Outlook

Following its approval by the Council of the EU and the European Parliament, the CRA is scheduled to enter into force in early 2024. Manufacturers then have 36 months to comply with the new rules. This initiative marks an important step towards a more secure and resilient European Union in the face of digital threats.

Benefits of the Cyber Resilience Act for the Digital Ecosystem

The Cyber Resilience Act (CRA) is envisaged not only as a regulatory framework, but also as a lever for improving cybersecurity at the European Union level. It brings several significant benefits, both for users and for the digital economy as a whole.

Strengthening Consumer and Business Protection

One of the main strengths of the CRA is its ability to raise the level of security for consumers and businesses. By imposing high and constantly updated cybersecurity standards, the regulation ensures that digital products purchased or used offer optimal protection against cyber threats. This helps to create a safer digital environment for all.

Harmonization of the Digital Internal Market

The CRA plays a crucial role in harmonising cybersecurity rules across the EU. By eliminating the fragmentation and divergence of national laws, it facilitates the free movement of digital products within the Single Market. This is essential to support economic integration and boost intra-European trade in digital solutions.

Driving Innovation in Cybersecurity

Finally, the CRA is a driver of innovation in the cybersecurity sector. By increasing demand for secure digital products, it encourages investment in research and development. This dynamic creates valuable opportunities for European companies, allowing them to stand out as leaders in the field of cybersecurity on the global stage.

In sum, the benefits of the CRA are manifested in enhanced protection for users, regulatory harmonisation beneficial to the European single market, and increased support for innovation in the cybersecurity sector. Through these measures, the CRA aims to establish a solid foundation for a safe, competitive and innovative digital ecosystem in the European Union.

Analysis of the Challenges Posed by the Cyber Resilience Act

The Cyber Resilience Act (CRA), while aiming to strengthen digital security within the European Union, raises concerns about its potential impact on various aspects of the digital landscape. These drawbacks deserve special attention to understand the challenges associated with the implementation of this legislation.

Impact on Vulnerability Disclosure

A major criticism is the possible reluctance of security researchers to report discovered vulnerabilities. The fear of sanctions or legal action, due to failure to comply with deadlines or procedures dictated by the CRA, could deter these key players from sharing their findings, thus limiting collective efforts to strengthen cybersecurity.

Effects on Free and Open-Source Software

The CRA is also suspected of slowing down the development and adoption of free and open-source software. The latter, known for their security and transparency, could be subject to disproportionate and onerous compliance requirements. These risks hindering innovation and the use of these valuable resources in the digital ecosystem.

Standardization of Disclosure Models

Another sticking point is the potential reduction in the effectiveness and diversity of vulnerability disclosure models. The one-size-fits-all and rigid approach advocated by the CRA may not be appropriate for all situations, requiring flexibility to adapt to the specifics of each case.

Potentially disproportionate penalties

The penalties envisaged by the CRA for non-compliance are considered by some to be excessive. The prospect of severe financial penalties could jeopardize the economic viability of digital manufacturers and distributors, as well as their ability to innovate. This approach could, therefore, have negative repercussions for the entire digital sector.

In sum, although the CRA aims to establish a strengthened security framework for the European Digital Space, it is crucial to assess and address its possible negative impacts. Careful consideration of these issues will allow the regulation to be adjusted and refined so that it effectively supports cybersecurity without hindering innovation or collaboration in the digital domain.

Cyber Resilience Act Compliance Guide for the Digital Industry

The Cyber Resilience Act (CRA) is a major initiative by the European Union to increase cybersecurity across its Member States. Compliance with this regulation requires a series of targeted and structured actions, applicable to both manufacturers and distributors of digital products.

Actions Required for Digital Product Manufacturers

Conducting Cyber Risk Assessments: The first step involves analyzing and documenting the risks associated with the products. This includes identifying threats, vulnerabilities, impacts, and protective measures, with this information regularly updated.
Application of the CE Marking and Information to Users: Products must bear the CE marking, a symbol of their compliance with EU safety standards. It is essential to provide comprehensive information on the cybersecurity characteristics of products, including conditions of use and maintenance.
Security Updates: Manufacturers must establish and maintain procedures for updating the security of products, ensuring the ability of products to receive and install these updates. Proactive communication about the need for and availability of updates is crucial.
Vulnerability Reporting: Discovered or reported vulnerabilities must be reported within 90 days. It is important to communicate corrective actions to users using appropriate channels and adhering to the principles of responsible disclosure.
Cooperation with Cybersecurity Authorities: Collaboration with competent authorities, participation in audits and provision of the necessary documents for compliance verification are key elements.

Obligations of Digital Product Distributors

Product Conformity Verification: Distributors must ensure that the products marketed comply with the requirements of the CRA, including the CE marking. They must also provide adequate information about the cybersecurity of the products.
Security Update Information and Support: Distributors are responsible for notifying users of security updates and assisting them with their installation. Communication about vulnerabilities and remediation is also required.
Audit and Cooperation with Authorities: Submission to controls, cooperation with competent authorities and provision of the necessary information to demonstrate compliance are essential.

Importance of Compliance

Failure to comply with CRA guidelines can result in significant penalties, including fines of up to 10% of annual worldwide turnover. The adoption of internal compliance and governance mechanisms is therefore crucial to avoid such consequences.

CRA compliance is not only a legal imperative but also an opportunity to improve the security and resilience of the European digital ecosystem. With these measures, the digital industry makes a significant contribution to data protection and user trust in digital technologies.

Which products are covered by the Cyber Resilience Act?

General definition of the products concerned

The CRA applies to all products with digital elements that are directly or indirectly connected to another device or network, with the exception of those already covered by other EU rules, such as medical devices, aviation or cars. The CRA aims to fill gaps and ensure consistency in existing cybersecurity legislation.

Distinguishing between critical and non-critical products

The CRA applies to a wide range of products with digital components, such as internet-connected devices, software and online services. However, not all products are subject to the same level of scrutiny and obligations. The CRA distinguishes between critical and non-critical products, based on the level of risk they pose to users and society.

The scope of the CRA

The CRA covers all products that have a digital component and that are connected directly or indirectly to another device or network. This includes all connected hardware (computers, phones, household appliances, cars, toys, virtual assistive devices, etc.) as well as systems such as VPNs, antivirus, password managers, software essential to the management of cloud services, or the operating systems of the aforementioned hardware.

For the sake of clarity, the draft CRA provides a list of affected products and software. However, this list is not exhaustive and may be updated by the Commission to take into account technological developments.

The classification of critical products

As you will discover by reading further, this CRA regulation makes a distinction between a general category of products containing digital elements, and those considered “critical”. The latter category represents 10% of the objects covered by this regulation. While critical products are those which, if compromised, would have significant impacts on the security of property and people as well as society.

In summary, this regulation is subdivided into critical products and two other classes according to the level of criticality of the risks. Thus, depending on the class to which they belong, software or hardware will be subject to more or less strict supervision and obligations.

The obligations for different classes of products

To streamline the understanding of the impact of the Cyber Resilience Act (CRA) on product classes, let’s take a look at this simplified guide. This is a table that succinctly classifies products according to their criticality under CRA regulations. As a result, this has the advantage of highlighting the specific obligations as well as their impacts on manufacturers and their potential effects on the market. Therefore, this has the effect of presenting this information in a clear and organized manner. We also aim to facilitate the smooth adaptation process for stakeholders to this Cyber Resilience Act regulation. So prepare now to take this information into account to effectively improve and anticipate your strategies. Anticipate your compliance with its new and evolving European cybersecurity standards.

Table 2: CRA Obligations by Product Class

Product Class	Obligations	Impact on Manufacturers	Market Effects
Most Critical	Certification by an independent body before market entry.	Incurs significant costs and delays.	May hinder innovation and competitiveness, especially in electronics and embedded systems.
Intermediate	Self-assessment and declaration of conformity by manufacturers.	Reduces administrative burden and time to market.	Demands high responsibility and transparency.
Less Critical	Compliance with essential requirements, no formal certification needed.	Ensures basic security levels without excessive costs.	Enhances trust in less critical digital products.

Key Insights:

First, the Cyber Resilience Act classifies products based on their impact on cybersecurity and imposes specific compliance obligations on them.
This is why the most critical products are subject to strict certification processes.
In fact, this affects market dynamics. Whereas, intermediate and less critical classes follow simplified compliance pathways. This balances security needs and market viability.
Finally, this concise overview facilitates informed decision making and strategic planning for market positioning and observation.

Navigating the Cyber Resilience Act (CRA): A Quick Guide

We’ve compiled a simplified guide to help you quickly navigate the complexities of the Cyber Resilience Act (CRA). Thus, this table details the objectives of this regulation on the products it covers and the essential requirements it imposes. Additionally, it also highlights the main benefits and potential obstacles of the law. Thus, this brief overview aims to inform you of the essential knowledge to understand and adapt to the implications of the ARC. By familiarizing yourself with these critical aspects now, you can advantageously stay one step ahead. This therefore guarantees you preparation for the expected developments over three years in the cybersecurity landscape within the EU by 2027.

Table 1: Overview of the CRA

Aspect	Details
Aim of the CRA	To strengthen the cybersecurity of products and software within the EU.
Covered Products and Software	Hardware: Smartphones, tablets, smartwatches, desktops, laptops, routers, smart home appliances, POS systems, medical devices, etc. Software: Operating systems (Windows, macOS, Linux), browsers (Chrome, Firefox, Safari), mobile apps, security software, cloud services, etc. Data Storage/Processing: Hard drives, cloud storage, PCs, servers, software handling sensitive data.
Key Requirements	Conduct risk assessments Implement security measures Provide information to users Report vulnerabilities Cooperate with authorities
Main Benefits	Enhanced user security Increased trust in the digital economy Accelerated innovation in cybersecurity
Potential Challenges	Increased costs for compliance Regulatory complexity Risk of market fragmentation
Staying Informed	Regular updates and compliance checks are crucial for adherence to the CRA.

Key Takeaways

First, the CRA is an essential regulation having an impact on the European cybersecurity framework.
Then, this involves compliance with the requirements of the mandatory CRA for manufacturers, distributors and importers.
Finally, this has the effect of offering significant advantages but at the same time generates certain additional cost challenges.

In summary, this table format provides a concise and organized summary of the ARC. This makes it easier for you to understand its scope, requirements, benefits and challenges.

Hardware Security Module with the CRA

Under the Cyber Resilience Act (CRA), Hardware Security Modules (HSMs) play a crucial role in securing Europe’s digital infrastructure. Indeed, they are the Guardians of the cryptographic keys. They are in fact the pillars of data security and digital transactions. Without question, HSMs are essential tools to meet the strict requirements of the CRA.

Definition of HSMs

Hardware and digital security modules (HSMs) play a crucial role in securing cryptographic processes. They generate, protect, and manage encryption, decryption, digital signature, and certification keys. Their importance for the protection of sensitive data and digital trust classifies them as critical products according to the Cyber Resilience Act (CRA).

Features of the HSM Hardware

Hardware HSM comes in the form of a physical device, ensuring high security against physical and logical attacks. It can be integrated into a computer system such as a PCI card or an external enclosure. These devices are evaluated and certified according to international safety standards, such as FIPS 140 and Common Criteria EAL4+, attesting to their reliability and robustness.

Benefits of Digital HSM

At the same time, digital HSM offers a software solution that provides security comparable to that of a hardware HSM. With virtualization and advanced encryption, it can be deployed on servers, cloud environments, or mobile devices. Certifications, such as FIPS 140-2 Level 1 or Common Criteria EAL2+, validate the compliance of these software solutions with rigorous security standards.

Cyber-resilience regulation certification process in force

In accordance with the requirements of the CRA, HSMs, whether physical or digital, must obtain certification from an independent body before they are placed on the market. This certification assures users that the devices meet high standards of security and protection of sensitive information.

Importance of HSMs in Cybersecurity

Hardware and digital HSMs are critical components of an organization’s security infrastructure. They secure the exchange of information by providing a reliable and certified method of protection for critical data. By facilitating secure management of cryptographic keys, HSMs build digital trust and support regulatory compliance.

In short, both hardware and digital HSMs are indispensable tools in the modern cybersecurity landscape. Their role in securing cryptographic keys and encryption processes is vital for data protection and trust in digital systems. The mandatory certification emphasizes their importance and ensures that they comply with the highest safety standards.

Hardware Security Modules (HSMs) Under the Cyber Resilience Act

Definition and Features of HSMs

HSMs are specialized devices designed for the secure management of cryptographic keys, crucial for data encryption and transaction security. These modules embody the core principles of the CRA, providing foundational security capabilities across critical and less critical sectors.

Fixed HSMs

Embedded within infrastructural setups, fixed HSMs offer enduring security solutions. These devices are pivotal in safeguarding essential services, from energy distribution to financial transactions, aligning with the CRA’s high-security benchmarks.

Removable HSMs

Offering versatility, removable HSMs, such as USB HSMs, enable secure key management across varied operational contexts. They facilitate a balance between security and mobility, catering to diverse needs within the CRA framework.

NFC HSMs

Merging NFC technology with HSM security, NFC HSMs introduce a new paradigm in contactless transaction security. Although categorized as non-critical, their adherence to CRA standards exemplifies the act’s comprehensive approach to cybersecurity, spanning from retail to access control applications.

NFC HSM and the Cyber Resilience Act (CRA): A Closer Look at Secure Technology

NFC HSM (Near Field Communication Hardware Security Module) represents a technological fusion. It integrates a hardware security module with Near Field Communication (NFC) technology like those manufactured by the Freemindtronic company in Andorra. They also have the particularities of being patented, of operating without a server, without a database and without the user needing to identify themselves or create an account to use them. They are not connected by default. This device provides secure, on-demand wireless interaction between devices over short distances, further protecting the data exchanges they encrypt.

They represent a significant advancement in secure short-range wireless communication by integrating near-field communication (NFC) with the robust security of hardware security modules (HSM). These devices provide enhanced protection of cryptographic keys and sensitive data, facilitating secure, contactless transactions and interactions with ease and flexibility.

Features and Advantages:

Enhanced Security: Embedded HSMs safeguard against external threats, ensuring the integrity of cryptographic keys and sensitive data.
Secure Authentication: NFC technology supports mutual authentication, minimizing fraud and counterfeiting risks.
Ease of Use: Simplified transactions through touch, eliminating manual data entry.
Versatility: Can be integrated into a wide array of devices and applications.

Applications:

Contactless Payments: Devices equipped with NFC HSM technology facilitate fast and secure transactions, enhancing user convenience and safety.
Access Control: These systems manage entry to secure areas, safeguarding physical and digital assets by regulating access to buildings and sensitive data.
Tracking and Traceability: NFC HSMs play a crucial role in supply chain management, enabling the authentication and monitoring of goods, ensuring their integrity from origin to destination.
Electronic Tickets: Ideal for storing digital tickets for transportation, events, and other services, streamlining the user experience while ensuring security.
Contactless Hardware Secrets Manager: A novel application where NFC HSMs manage passwords, encryption keys, secret keys, PIN codes, and 2FA credentials, offering a secure and convenient solution for managing digital identities and access rights across various platforms.

These examples underscore the versatility and security enhancements provided by NFC HSM technology, aligning with the objectives of the Cyber Resilience Act to foster a secure and resilient digital environment across the EU.

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

Incorporating Freemindtronic’s NFC HSM as a case study offers an insightful lens through which to view the Cyber Resilience Act’s (CRA) implications for digital product security. Freemindtronic’s approach exemplifies adherence to the CRA through its innovative security measures and compliance practices.

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

As we delve into the CRA’s extensive requirements and scope, practical examples like Freemindtronic’s NFC Hardware Security Modules (HSMs) illuminate how digital products are aligning with heightened security standards.

Meeting CRA’s Fundamental Compliance Demands:

Risk Assessment: Freemindtronic has not just conducted a thorough risk evaluation but has also embedded stringent risk management practices from inception through to development, manufacturing, and usage of NFC HSMs. This includes countermeasures against both invasive and non-invasive threats, reflecting the CRA’s directive for integrated risk management.
Security Implementations: With patented multi-security functions such as segmented key authentication and customizable trust criteria, alongside post-quantum considered AES-256 encryption in NFC HSM memories, Freemindtronic exceeds the CRA’s requirements for advanced security measures.
Vulnerability Disclosure: Freemindtronic’s immediate vulnerability disclosure mechanism, especially through its website, aligns with the CRA’s demand for timely vulnerability reporting to authorities, despite over seven years without detected vulnerabilities in NFC HSM products.
Regulatory Cooperation: Freemindtronic’s proactive partnership with Andorran regulatory bodies, including the National Cybersecurity Agency of Andorra (ANC), signifies a commitment to enhancing security collaboratively, as encouraged by the CRA.

Freemindtronic’s NFC HSM Features Enhancing CRA Compliance:

Serverless and Database-Free Operation: This minimizes potential attack vectors, aligning with the CRA’s focus on cybersecurity risk reduction.
User Anonymity and No Account Creation: By operating anonymously without user identification or account creation, It embodies a contactless plug-and-play principle, making it physically impossible to identify the NFC HSM users. Freemindtronic supports the CRA’s emphasis on user privacy and data protection.
End-to-End Anonymization: Freemindtronic’s NFC HSMs are not active by default, given their battery-less design. They are inert products that become active for less than a second during the use of the secret contained within the NFC HSM. Secrets used on the phone or computer are not stored in the systems; everything is conducted ephemerally in volatile memory. This approach is in strict adherence to the CRA’s data protection and confidentiality principles.
Innovation Patent Protection: Freemindtronic’s security solutions, underpinned by innovation patents, set a high compliance standard with the Cyber Resilience Act.

Industry Advantages:

Simplified Compliance Process: Freemindtronic’s NFC HSMs provide a pre-compliance solution that simplifies adherence to CRA regulations, saving time and resources for businesses.
Enhanced Data Security: Freemindtronic sets a security benchmark for sensitive data and cryptographic keys, embodying the CRA’s aim to standardize protection across digital products.
Adaptability to Diverse Applications: The flexibility of Freemindtronic’s NFC HSMs showcases the adaptability of security solutions to meet various application needs within the CRA framework.

By showcasing Freemindtronic’s NFC HSMs, we highlight how innovative security technologies can not only meet but surpass the rigorous expectations of the CRA. This insight into Freemindtronic’s compliance strategy offers a practical perspective on adhering to CRA guidelines, reinforcing the regulation’s role in boosting the cybersecurity posture of digital products within the EU.

Key Features of the CRA at a Glance

In summary, the Cyber Resilience Act aims to strengthen the cybersecurity of products sold within the European Union.

This concerns a very large number of products, such as Internet-connected devices, software and online services.

Indeed, manufacturers and distributors will be required to comply with the various requirements of this European CRA regulation. In particular, they will have to carry out risk assessments on their products, implement security measures and inform users.

Thus, the Cyber Resilience Act should offer many advantages. This is characterized by increased user security. But it should also promote trust and the digital economy and help accelerate European innovation in the cybersecurity sector. However, the downside is that the ARC will impose certain challenges, such as increased costs for manufacturers and distributors, increased regulatory complexity and potential fragmentation of the single market.

Overall, the CRA constitutes an important piece of legislation that will have a major impact on the European cybersecurity landscape. It is important that all stakeholders are aware of the ARC requirements and take steps to comply with them.

The table below provides a summary of the CRA’s key features.

Table 1: Summary of the Cyber Resilience Act (CRA)

Feature	Benefits	Challenges
Scope	Wide range of products	Exclusion of certain products
Requirements	Harmonization of cybersecurity requirements	Costs and delays for manufacturers
Compliance	Certification process for critical products	Market fragmentation
Sanctions	Fines for non-compliance	Discouragement of vulnerability reporting
Objectives	Improved security and resilience	Impact on innovation
Impact	Protection of users and businesses	Difficulty balancing security and innovation

Finally, this table above constitutes a simple summary of the main characteristics of the CRA. So you have a more complete visual understanding of the Cyber Resilience Act.

In conclusion on the European cyber-resilience act regulation

In conclusion, the Cyber Resilience Act (CRA) represents a significant step forward in the European Union’s efforts to strengthen cybersecurity and protect consumers in the digital age. While challenges remain, the CRA has the potential to create a more secure and resilient digital ecosystem for all. As the regulation comes into effect and evolves over time, it will be crucial to monitor its impact and adapt it as needed to ensure its continued effectiveness in a rapidly changing technological landscape. Ultimately, the success of the CRA will depend on the collective efforts of governments, businesses, and individuals to embrace its principles and work together to build a more secure and trustworthy digital world.

Sources

Here are some official sources which confirm this information:

Cyber Resilience: Directive (EU) 2022/2555 of the European parliament and of the council of 14 December 2022
CRA Legislation: Council and Parliament agree on security requirements for digital products
Shaping Europe’s digital future: EU Cyber Resilience Act
The Cyber Resilience act will enter into force on January 1, 2027: Except for existing products and software which will benefit from a transition period until December 31, 2030, in accordance with Article 44 of the regulation: manufacturers will have to comply with the rules 36 months later their entry into force at the beginning of March 2024. The CRA will be reviewed every five years by the European Commission, which will assess its effectiveness, impact and relevance, and which will propose, if necessary, legislative modifications, in accordance with Article 42 of the regulation.

2024, Cyberculture, Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

Posted on February 21, 2024March 15, 2024 by FMTAD

21
Feb

Protecting encrypted messaging: the ECHR decision

Encrypted messaging is vital for digital privacy and free speech, but complex to protect. The historic ECHR decision of February 13, 2024 supports strong encryption against government surveillance. We discuss the importance of this decision. You will discover EviCypher NFC HSM encryption technology from Freemindtronic, guardian of this decision but for all messaging services in the world.

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

March 15, 2024

2024 Cyberculture Uncategorized

Chinese cyber espionage: a data leak reveals the secrets of their hackers

March 2, 2024

2024 Cyberculture

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

February 24, 2024

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

February 21, 2024

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

January 22, 2024

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

January 5, 2024

2023 Cyberculture

New EU Data Protection Regulation 2023/2854: What you need to know

December 25, 2023

Stay informed in our posts dedicated to Cyberculture to follow its evolution thanks to our regularly updated topics

Learn more through this Cyberculture section on your data encryption rights to protect your personal and professional data written by Jacques Gascuel, creator of data security solutions. Stay informed and secure with our regular news.

Encrypted messaging: ECHR says no to states that want to spy on them

The historic judgment of the European Court of Human Rights (ECHR) elevates encrypted messaging to the rank of guardian of privacy and freedom of expression. But this also poses security and public order problems. On February 13, 2024, she spoke out in favor of strong encryption, against state interference.

The ECHR has rejected Russian authorities’ request to Telegram, a messaging application, to provide private keys for encrypting its users’ communications, or to install backdoors that would allow authorities to access them. The Court considered that this request violated the rights to privacy and correspondence, as well as freedom of expression, of Telegram users.

The context of the case

The case background Six journalists and human rights activists challenged the request of the Russian authorities to Telegram before the ECHR. They claimed that this request violated their fundamental rights. They relied on Articles 8 and 10 of the European Convention on Human Rights. These articles protect the right to privacy and correspondence, and the right to freedom of expression.

The reasoning of the Court

The Court’s reasoning The Court acknowledged that the request of the Russian authorities had a legitimate aim of national security and crime prevention. However, it found that the interference with the rights of the applicants was not proportionate to the aim pursued. It emphasised that encryption plays a vital role in ensuring the confidentiality of communications and the protection of personal data. It held that the request of the Russian authorities was too general and vague. It did not offer enough safeguards against abuse. It could deter people from using encrypted messaging services.

The Court also noted that encryption helps citizens and businesses to defend themselves against the misuse of information technologies, such as hacking, identity theft, data breach, fraud and undue disclosure of confidential information. It stated that this should be duly taken into account when assessing the measures that could weaken encryption.

The Court further observed that, in order to be useful to the authorities, the information must be decrypted at some point. It suggested that the authorities should use other means to obtain the necessary information, such as undercover operations, metadata analysis and international cooperation.

The consequences of the decision

The decision’s implications The decision of the Court is final and binding for Russia. It has to implement it within a reasonable time. It also has a broader impact. It sets out principles applicable to all member states of the Council of Europe, which comprises 47 countries. It sends a strong signal in favour of the respect of fundamental rights on the internet. It aligns with the position of several international organisations, such as the UN, the EU or the OSCE. They have stressed the importance of encryption for the protection of human rights online.

The official link of the ECHR decision is: AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE. You can access it by clicking on the title or copying the address in your browser.

The position of other countries in the world

Encryption of communications is not a consensual topic. Countries have different, even opposite, positions on the issue. Here are some examples:

The Netherlands have argued for the right to strong encryption. They considered it a human right that must be safeguarded, in the country’s own interest.
The United States have repeatedly asked technology companies to provide them with access to encrypted data. They invoked the need to fight terrorism. These requests have been challenged by companies, such as Apple. They refused to create backdoors in their encryption systems.
China adopted a cybersecurity law in 2016. It requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption. This law has been denounced by human rights defenders. They fear that it will be used to strengthen the surveillance and censorship of the Chinese regime.
The European Union adopted a directive on the protection of personal data in 2016. It recognizes encryption as a technical measure suitable for ensuring the security of data. The EU also supported the development of end-to-end encryption. It funded projects such as the free software Signal, which allows to encrypt calls and messages.

These examples show the divergences and convergences between different countries on the subject of encryption. They also reveal the political, economic and social issues that are at stake.

The world’s reactions to the ECHR decision on Encrypted Messaging

The ECHR decision on Encrypted Messaging has sparked different reactions in the world. Some countries praised the judgment, which boosts the protection of human rights on the internet. Other countries slammed the position of the Court, which undermines, according to them, the judicial cooperation and the national security.

The supporters of the ECHR decision

The Netherlands are among the countries that supported the ECHR decision. They argued for the right to strong encryption, considering it a human right that must be safeguarded, in the country’s own interest. The European Union also backed the Court, reminding that encryption is a technical measure suitable to ensure the security of data, in accordance with the directive on the protection of personal data adopted in 2016. The EU also stressed that it funds the development of end-to-end encryption, through projects such as the free software Signal, which allows to encrypt calls and messages.

The opponents of the ECHR decision

The United States are among the countries that opposed the ECHR decision. They have repeatedly asked technology companies to provide them with access to encrypted data, invoking the need to fight terrorism. These requests have been challenged by companies, such as Apple, which have refused to create backdoors in their encryption systems. China also expressed its disagreement with the Court, stating that encryption of communications fosters the dissemination of illegal or dangerous content, such as terrorist propaganda, child pornography or hate speech. China recalled that it has adopted in 2016 a cybersecurity law, which requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption.

The non-signatories of the European

Convention on Human Rights Some countries have not reacted to the ECHR decision, because they are not signatories of the European Convention on Human Rights. This is the case for example of Russia, which ceased to be a member of the Council of Europe on March 16, 2022, after the invasion of Ukraine decided by the Kremlin. The country no longer participates in the activities of the ECHR. This is also the case of many countries in Africa, Asia or Latin America, which are not part of the Council of Europe and which have not ratified the Convention.

The signatory countries of the European Convention on Human Rights

The European Convention on Human Rights is an international treaty adopted by the Council of Europe in 1950, which aims to protect human rights and fundamental freedoms in the states parties. It entered into force in 1953, after being ratified by ten countries: Belgium, Denmark, France, Ireland, Italy, Luxembourg, the Netherlands, Norway, Sweden and the United Kingdom .

Since then, the Convention has been ratified by 36 other countries, bringing the total number of states parties to 46. They are: Albania, Germany, Andorra, Armenia, Austria, Azerbaijan, Bosnia and Herzegovina, Bulgaria, Cyprus, Croatia, Estonia, Finland, Georgia, Greece, Hungary, Iceland, Latvia, Liechtenstein, Lithuania, Malta, Moldova, Monaco, Montenegro, North Macedonia, Poland, Portugal, Romania, Russia, San Marino, Serbia, Slovakia, Slovenia, Spain, Czech Republic, Turkey and Ukraine.

All these countries recognize the jurisdiction of the European Court of Human Rights (ECHR), which is in charge of ensuring the respect of the Convention. The ECHR can be seized by any person, group of persons or non-governmental organization who claims to be a victim of a violation of the Convention by one of the states parties. The ECHR can also be seized by a state party who alleges that another state party has violated the Convention. The ECHR delivers judgments that are final and binding for the states parties.

An innovative and sovereign alternative: the EviCypher NFC HSM technology

Facing the challenges of encryption of communications, some users may look for an alternative more innovative and sovereign than the traditional messaging applications. This is the case of the EviCypher NFC HSM technology, developed by the Andorran company Freemindtronic. This technology makes it possible to generate, store, manage and use AES-256 encryption keys to encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, private messaging like Linkedin, Skype, X and even via postal mail with encrypted QR code messages, etc.

EviCypher NFC HSM: A Secure and Innovative Solution for Encrypted Messaging

Firstly, it guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Secondly, it preserves the anonymity and sovereignty of users, because it works without server and without database. It does not require internet connection, nor user account, nor phone number, nor email address. It leaves no trace of its use, nor of its user. It does not depend on the policies or regulations of the countries or companies that provide the communication services.

Thirdly, it offers an extreme portability and availability of encryption keys, thanks to the NFC technology. The user can carry his encryption keys on a physical support, such as a card, a bracelet, a key ring, etc. He can use them with any device compatible with NFC, such as a smartphone, a tablet, a computer, etc. He can also share them with other trusted users, in a simple and secure way.

Lastly, it is compatible with the EviCore NFC HSM or EviCore HSM technology, which allows to secure the access to equipment and applications. The user can thus use the same physical support to encrypt his communications and to authenticate on his different digital services.

The EviCypher NFC HSM technology guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Transforming Encrypted Messaging with EviCypher NFC HSM

The European Court of Human Rights (ECHR) decisively highlights encrypted messaging’s vital role in protecting privacy and freedom of speech. EviCypher NFC HSM, aligning perfectly with these principles, emerges as a pioneering solution. It confronts the challenges of state surveillance and privacy breaches head-on, providing unmatched defense for private communications. EviCypher NFC HSM goes beyond the ECHR’s conventional security and privacy requirements. It crafts an inviolable communication platform that honors users’ privacy rights profoundly. With its innovative approach, EviCypher NFC HSM introduces new data protection standards, forging a robust barrier against government intrusion.

Global Reach and User Empowerment

EviCypher NFC HSM’s technology has a broad global impact, seamlessly addressing the varied encryption landscapes worldwide. It provides a consistent answer to privacy and security issues, disregarding geographic limits. This global applicability makes EviCypher NFC HSM an indispensable tool for users worldwide, solidifying its position as a guardian of global privacy.

Despite potential skepticism about new technologies, the user-friendly and accessible nature of EviCypher NFC HSM aims to dispel such doubts. It promotes wider adoption among those seeking to enhance their communication security. Its compatibility with diverse devices and straightforward operation simplify encryption, facilitating an effortless shift towards secure communication practices.

EviCypher NFC HSM: A Beacon of User Autonomy

EviCypher NFC HSM technology deeply commits to empowering users. It allows individuals to generate, store, and manage their encryption keys independently, giving them direct control. This autonomy not only improves data security but also demonstrates a strong commitment to protecting users’ fundamental rights. It resonates with the values emphasized across the discussion, providing an effective way to strengthen online privacy and security. EviCypher NFC HSM marks a significant leap forward in the movement towards a more secure and private digital landscape.

This technologie HSM stands out as a state-of-the-art, self-sufficient solution, perfectly in line with the ECHR’s decisions and the worldwide need for secure encrypted communication. It leads the charge in advancing user autonomy and security, signaling a crucial evolution in encrypted messaging towards unparalleled integrity.

Incorporating EviCypher’s distinctive features—its operation without servers or databases, interoperability, and backward compatibility with all current communication systems, such as email, SMS, MMS, RCS, and social media messaging, even extending to physical mail via encrypted QR codes—highlights its adaptability and innovative spirit. EviCypher’s resistance to zero-day vulnerabilities, due to encrypting communications upfront, further underscores its exceptional security. Operating anonymously and offline, it provides instant usability without requiring user identification or account creation, ensuring seamless compatibility across phone, computer, and communication systems.

Summary at encrypted messaging

Encrypted Messaging is crucial for the digital society. It protects internet users’ privacy and freedom of expression. But it also challenges security and public order. The European Court of Human Rights (ECHR) supported strong encryption on February 13, 2024. It defended the right to encryption, against states that want to access it. Several international organizations agree with this position. They emphasize the importance of encryption for human rights online. However, the ECHR decision sparked diverse reactions worldwide. Different countries have different views on encryption.

Our conclusion on Encrypted Messaging

EviCypher NFC HSM technology is an innovative and sovereign alternative for Encrypted Messaging. Users can generate, store, manage and use AES-256 encryption keys. They can encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, etc. EviCypher NFC HSM technology ensures data confidentiality and integrity. It works even if messaging services are compromised. It preserves users’ anonymity and sovereignty. It does not need server or database. It offers extreme portability and availability of encryption keys, thanks to NFC technology. It is compatible with EviCore NFC HSM or EviCore HSM technology. They secure access to equipment and applications.

DataShielder products provide EviCypher NFC HSM technology. They are contactless encryption devices, guardians of keys and secrets. Freemindtronic, an Andorran company specialized in NFC security, designs and manufactures them.

Articles, DataShielder, News

DataShielder Defense NFC HSM: Protect Your Sovereign Communications

Posted on November 24, 2023November 24, 2023 by FMTAD

24
Nov

DataShielder Defense NFC HSM – Jacques Gascuel: This article will be updated with any new information on the topic.

Why You Need DataShielder Defense NFC HSM

DataShielder Defense NFC HSM, a patented solution, ensures maximum confidentiality and anonymization of communications from sovereign entities. Using NFC technology, this HSM manages up to 200 secrets offline, contactless and shareable via any communication method, including email and SMS. A GreenTech innovation, it is interoperable, backward compatible and versatile, designed to immediately respond to various specific needs and customizable for enhanced secret security.

Shadowy hacker with a laptop in front of a digital map of Russia highlighted in red, symbolizing the origin of Kapeka Malware.

2024 Digital Security

Kapeka Malware: Comprehensive Analysis of the Russian Cyber Espionage Tool

April 18, 2024

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

April 15, 2024

Illustration of an Apple MacBook with a highlighted M-series chip vulnerability, surrounded by symbols of data security breach and a global impact background.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

March 25, 2024

Digital world map with cybersecurity icons representing the Cybersecurity Breach at IMF.

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

March 15, 2024

Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

March 10, 2024

PrintListener technology concept with NFC security solutions.

2024 Digital Security

PrintListener: How to Betray Fingerprints

February 22, 2024

A visual representation of BitLocker Security featuring a central lock icon surrounded by elements representing Microsoft, TPM, and Windows security settings.

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

February 10, 2024

Digital shield by Freemindtronic repelling cyberattack against Microsoft Exchange

2024 Articles Digital Security News

How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts

February 8, 2024

DataShielder Defense NFC HSM: How to Protect Your Sovereign Communications with a Revolutionary Solution

The protection of sovereign entities and the enhancement of existing defense and intelligence systems are crucial challenges in today’s world. Sovereign communications, such as those between heads of state, diplomats, military personnel, or secret agents, are constantly exposed to threats of interception, hacking, or manipulation. These threats can compromise the security, integrity, and confidentiality of sensitive information, and have serious consequences for national and international security.

To address these challenges, a revolutionary solution has been developed by Freemindtronic, a andorran company specialized in data security and encryption. This solution is called DataShielder Defense NFC HSM, and it is the ultimate solution for protecting all forms of communications of sovereign entities. This innovative and cutting-edge solution, protected by two patents, guarantees an unparalleled level of confidentiality and trust among humans, without compromise. With DataShielder, your secrets and sensitive data remain inaccessible and indecipherable, even in case of compromise of the equipment and information and communication systems.

In this article, we will explain how DataShielder Defense NFC HSM works, what are its features and benefits, and how it can be customized to suit your specific needs. We will also show how this solution could have influenced several major events in the history of communication security, and how it has received international recognition and awards for its excellence.

How DataShielder Defense NFC HSM Works

DataShielder Defense NFC HSM is a device that uses Near Field Communication (NFC) technology to create, store, and use up to 100 different secrets in a single device. A secret can be anything that you want to protect, such as an encryption key, a password, a PIN code, a cryptocurrency key, a bank account information, or a message. DataShielder allows you to share your encrypted secrets via all the means of communication available in the world, such as postal mail, webcam, email, SMS, MMS, RCS, messaging, or directly between two NFC HSM devices.

To use DataShielder, you need an Android NFC phone or tablet, and the DataShielder app, which is available for free on the Google Play Store. You also need a DataShielder Defense NFC HSM device, which is a small and discreet card that can be customized to fit different formats and accessories. The device does not require any battery or external power source, as it uses the energy of the NFC signal of the phone to operate on demand.

To create a secret, you simply need to tap your phone on the device, and choose the type of secret you want to create. You can either generate a random secret, or import an existing one. You can also add specific trust criteria for each secret, such as BSSID, geographical area, password, fingerprint, QR code or barcode scan, and phone UID. The absence of any of these criteria makes the access to the secret impossible, ensuring maximum and personalized security.

To use a secret, you simply need to tap your phone on the device, and choose the secret you want to use. You can either use it directly on your phone, or send it to another device or person. You can also use the secret to unlock secure USB or SSD keys, to log in to your favorite websites, to make secure voice calls and SMS, to manage your banking information, to generate and use cryptocurrency wallets, and more.

To share a secret, you simply need to tap your phone on the device, and choose the secret you want to share. You can either share it directly with another NFC HSM device, or encrypt it with the RSA-4096 public key of the recipient, and send it via any means of communication. The recipient will need to decrypt the secret with their NFC HSM device, using the EviSCP HSM (ZKP) protocol, which is a patented technology that ensures a secure and confidential exchange of secrets.

Differentiating Benefits of DataShielder Defense NFC HSM

DataShielder Defense NFC HSM offers a complete and adaptable solution to your needs, thanks to the set of advanced and efficient features that it incorporates. These features are based on different technologies, each with a specific name and function. Here is a summary of the main features and benefits of DataShielder:

Feature	Technology	Function	Benefit
Random generation of symmetric and asymmetric encryption keys	EviCypher NFC HSM	Encrypt all types of data (texts, images, videos) in post-quantum AES-256. Use the RSA-4096 public key to exchange encrypted secrets between distant NFC devices.	Protect your data and secrets from unauthorized access and decryption, even in case of quantum computing attacks.
Random generation of identifiers and passwords	EviPass NFC HSM	Generate automatically complex and complicated passwords up to 48 characters based on the 95 ASCII characters, or on bases 16, 58, 64 or 85. Import and store manually login identifiers, PIN codes, PUK, lock codes, TPM2.0 passwords, BitLocker… Log in automatically to your favorite websites.	Secure your online accounts and devices with strong and unique passwords. Save time and avoid typing errors with automatic login.
Create a segmented key	EviAuth NFC HSM	Divide your secret into two segments and store them on two different NFC HSM devices. Require the presence of two people to reconstitute the secret.	Increase the security and confidentiality of your secret by adding a human factor. Prevent the access to the secret by a single person or device.
Management of secret OTP keys	EviOTP NFC HSM	Store securely the secret OTP keys whose one-time passwords based on time (TOTP) or HMAC (HOTP) to generate a secondary authentication factor (2FA).	Enhance the security of your online accounts and services with a second factor of authentication. Avoid the risk of losing or compromising your OTP keys.
Secure voice calls and SMS	EviCall NFC HSM	Store your phone contacts and make a voice call from the NFC HSM without leaving any trace in the phone history.	Communicate securely and discreetly with your contacts. Avoid the interception and recording of your voice calls and SMS.
Secure management of banking information	EviPay NFC HSM	Store, manage and use securely the information related to credit cards and bank accounts.	Protect your financial information and transactions from fraud and theft. Access and use your banking information easily and securely.
Unlocking of secure USB or SSD keys without contact	EviKey NFC HSM	Manage the administrator, user and temporary user PIN codes to unlock the secure USB/SSD keys without contact.	Secure your external and internal storage with a contactless unlocking system. Manage the access rights and permissions of the USB/SSD keys.
Generation of cryptocurrency wallets	EviSeed NFC HSM	Automatically and directly create from a blockchain the secret BIP39 key, its derived key, its public key and the public address. The balance verification is done directly on the blockchain.	Create and use cryptocurrency wallets securely and conveniently. Store your cryptocurrency keys in an inviolable and encrypted manner. Verify your balance directly on the blockchain.
Automatic import of private keys	EviVault NFC HSM	Import derived private keys by scanning their QR codes from five blockchain platforms including Bitcoin, Ethereum, Polygon, Binance Smart Chain and IOTA. Create and save also the BIP39 PassPhrases.	Import and use private keys from different blockchain platforms easily and securely. Scan the QR codes and store the keys in an encrypted manner. Create and save also the BIP39 PassPhrases.
Management of authentication cards	EviCore NFC HSM	Scan and store the barcode or QR code of any type of card that uses this type of identification (access cards, loyalty cards sometimes linked to a payment system).	Store and use authentication cards securely and conveniently. Scan the barcode or QR code and store it in an encrypted manner.
NFC HSM pairing key manager	EviCore NFC HSM	Manage the NFC HSM fleet within a sovereign entity.	Manage and control the NFC HSM devices within your organization. Assign and revoke pairing keys for the devices.
Data encryption	EviCrypt NFC HSM	Encrypt your texts and files upstream before sending them to your recipients using your usual messaging services.	Encrypt your data before sending it via any means of communication. Ensure that only the intended recipients can decrypt and access your data.
Use on all computer systems	EviCore NFC HSM Browser Extension	Use your NFC HSM with the free Freemindtronic browser extension based on Chromium and Firefox. Find the DataShielder NFC HSM functions on all your computers.	Use your NFC HSM on any computer system.
Use of a virtual USB Bluetooth keyboard	EviKeyboard BLE	Use a virtual keyboard for secure and discreet input. Extend the use of secrets in HID mode on various computer systems, TPM2.0, BitLocker, Windows, Linux, Apple, proprietary software and web browsers.	Don’t touch the keyboard. Enter a free line of code up to 52 characters. Entering BIOS passwords. Easy to use

Stealth Customization Options

The manufacturer Freemindtronic offers a customization service specially designed for sovereign entities, combining discretion and functionality.

Discreet Formats: Modified standard PVC and PCB cards for effective camouflage.

Stealth Accessories: Labels, key rings, promotional pens, and cufflinks subtly integrating NFC HSM devices.

USB Dummy Keys: Mini USB keys functioning as secret containers for the NFC HSM devices.

NFC On/Off Card: PCB cards with switchable NFC antenna for increased stealth.

These options guarantee invisible security, ideal for special operations and covert missions.

Complementary Accessories

Secure NFC EviKey USB and SSD Keys: These devices offer secure external and internal storage, perfectly integrated with DataShielder NFC HSM for enhanced data protection.
Bluetooth Virtual Keyboard EviKeyboard BLE: An innovative keyboard for secure and discreet input, complementing the DataShielder NFC HSM by an additional layer of security in data entry.

International Distinctions and Awards

The EviCypher NFC HSM technology, essential to DataShielder, has received worldwide recognition, marked by several important awards.

Gold Medal 2021 of the Geneva Inventions: EviCypher Technology awarded among hundreds of international inventions.
Three Global InfoSec Awards 2021: Awarded for being the best data security solution by Cyber Defense Magazine “Next-Gen in Crypto Security”, “Most Innovative Hardware Password Manager”, “Next-Gen in Secrets Management”.
Two E&T Innovation Awards 2021: Distinguished for the best communication and IT solution, as well as for the best cybersecurity solution.
Two nominations for the National Cyber Awards 2021 of the United Kingdom: Finalist in two categories “The Innovation in Cyber Award 2021” and “The Cyber Defense Product of the Year 2021”.
Gold Globee Award 2022: Cyber Computer NFC winner of a Cyber Security Global Excellence Awards®.
Fortress Award 2023: Awarded for its excellence in encryption and privacy protection.

Conclusion

DataShielder Defense NFC HSM is a revolutionary solution for protecting your sovereign communications. It offers a high level of security, confidentiality, and trust, without compromise. It is compatible with all types of data and communication means, and can be customized to suit your specific needs. It is also environmentally friendly, durable, and interoperable. It has received international recognition and awards for its excellence and innovation. If you are looking for a solution that can protect your secrets and sensitive data from any threat, DataShielder Defense NFC HSM is the solution for you. Contact Freemindtronic today and get your DataShielder Defense NFC HSM device. You will not regret it.

2023, Awards, Fortress Cyber Security Award

DataShielder HSM Fortress Award 2023 from FullSecure: the Andorran serverless and databaseless encryption solution

Posted on September 20, 2023February 20, 2024 by FMTAD

20
Sep

Catala version

DataShielder HSM, FullSecure’s Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

We are proud to announce that our Andorran DataShielder HSM solution from FullSecure, developed by Freemindtronic, has won the Fortress 2023 Cyber Security Award in encryption in the product and service category. This award, awarded by the Business Intelligence Group, recognizes the excellence and innovation of companies around the world, products and people in the field of cybersecurity. DataShielder HSM from FullSecure is a serverless encryption solution that uses EviCore HSM OpenPGP technology from Freemindtronic. This technology enables to create HSM (Hardware Security Module) on any type of device (computer, phone, cloud, HD, SSD, SD, USB media) to encrypt and sign any data.

DataShielder HSM is an innovative solution that allows managing and generating many types of tokens (identifiers, passwords, certificates, encryption keys, etc.) on any available medium, whether connected or not. It offers a high level of security and performance, by encrypting, signing and authenticating data with keys stored in self-created secure hardware modules. Thus, DataShielder HSM is designed to transform any device into a HSM (Hardware Security Module), without server, without database, totally anonymous, untraceable and undetectable. The DataShielder HSM range is a complete ecosystem that meets many needs in terms of safety, cybersecurity, especially in mobility.

DataShielder HSM also incorporates the EviSign technology developed by Freemindtronic, which allows electronically signing documents with a legally recognized value. EviSign uses the OpenPGP protocol to ensure the integrity, authenticity and non-repudiation of signatures. EviSign is compatible with all document formats (PDF, Word, Excel, etc.) and can be used with any NFC reader or smartphone.

The Fortress 2023 Cyber Security Award acknowledges the work and expertise of Freemindtronic, who offers innovative and adapted solutions to the current and future challenges of cybersecurity. Freemindtronic is proud of this distinction and thank the jury of the contest as well as their customers and partners for their trust and support.

DataShielder HSM was presented in a Dual-Use version in June 2022 at Coges Eurosatory (https://www.eurosatory.com), the international defense and security exhibition. This version allows DataShielder HSM to be used for both civil and military applications, offering a level of protection adapted to each context. The Dual-Use version of DataShielder HSM will soon be available in a civilian version by the end of October 2023, to meet the growing demand from individuals and professionals keen to protect their sensitive data.

“We are very proud that DataShielder HSM from FullSecure has been awarded the Fortress Cyber Security Award 2023”, said Christine Bernard, director of FullSecure. “Our solution provides an innovative and adapted response to the current and future challenges of cybersecurity. We thank the Business Intelligence Group for this distinction, as well as our customers and partners for their trust and support.”

“We are also very happy to be the first Andorran company to have applied for the Fortress Cyber Security Award created in 2018 by the Business Intelligence Group. The Business Intelligence Group is an organization that recognizes true talent and superior performance in the business world. Its Fortress Cyber Security Award aims to identify and recognize the world’s leading companies and products working to protect our data and electronic assets against a growing threat from hackers.”

Dylan DA COSTA FERNANDES gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Eric Casanova programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Hugo Goncalves Oliveira co-gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Alex Garcia Sanchez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Adrian Serrano Gómez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Victor Gil Feliu programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023

Jacques Gascuel Inventor de datashielder HSM CEO de Freemindtronic Andorra el Premi Fortress 2023 cat

DataShielder HSM OpenPGP: Una solució de xifratge 100% andorrana

En resum, DataShielder HSM OpenPGP és una solució innovadora que permet crear mòduls de seguretat hardware (HSM) en qualsevol tipus de suport (ordinador, telèfon, núvol, HD, SSD, SD, clau USB) per xifrar i signar qualsevol tipus de dada. Aquesta solució utilitza la tecnologia EviCore HSM OpenPGP desenvolupada per Freemindtronic, una empresa andorrana titular de patents internacionals i líder en les tecnologies NFC HSM. Aquesta tecnologia ofereix un alt nivell de seguretat i rendiment.

Es tracta del primer producte dedicat a la gestió de claus de xifratge i de xifratge per HSM 100% andorrà. En efecte, l’equip de desenvolupament de DataShielder HSM OpenPGP és 100% d’una formació de la Universitat d’Andorra, l’única universitat pública del país. La Universitat d’Andorra és reconeguda per la seva excel·lència acadèmica i la seva recerca innovadora en els àmbits de les ciències, l’enginyeria i les tecnologies de la informació. L’equip de desenvolupament de DataShielder HSM OpenPGP va ser coordinat per un enginyer de programari de la Universitat Politècnica de Catalunya (UPC) i professor de la Universitat d’Andorra. Això fa de DataShielder HSM OpenPGP el primer sistema de xifratge d’origen andorrà a haver rebut un premi internacional, el “Fortress Cybersecurity Award”.

Aquesta solució testimonia el saber fer i el potencial d’Andorra en el camp de la ciberseguretat i el xifratge de les dades. DataShielder HSM OpenPGP és una solució que respon a les necessitats actuals i futures de les empreses i els particulars que volen protegir les seves dades sensibles al núvol o als sistemes informàtics, oferint una nova solució en el camp de la sobirania de les dades.

You will soon be able to learn more about the DataShielder HSM product line at FullSecure. Without waiting you can already learn more about the Freemindtronic technologies embedded in DataShielder HSM, by clicking on the following links:

To learn more about the Fortress 2023 Cyber Security Award and other winners, you can visit the following sites:

Premsa Nacional d’Andorra:

DataShielder HSM de la revista de tecnologia Freemindtronic Fullsecure i incrustada Bondia 29 de setembre de 2023

Diari Andorra dijous 5 octubre del 2023: Fullsecure Guanya el Premi Fortress Andorra national press

News provided by Fortress^® Cybersecurity Award 2023 from Business Intelligence Group

The Business Intelligence Group was founded with the mission of recognizing true talent and superior performance in the business world. Unlike other industry award programs, these programs are judged by business executives having experience and knowledge. The organization’s proprietary and unique scoring system selectively measures performance across multiple business domains and rewards those companies whose achievements stand above those of their peers.

2023 Articles Communications Cybersecurity Digital Security News Technical News

5Ghoul: 5G NR Attacks on Mobile Devices

December 29, 2023

Predator Files How a Spyware Consortium Targeted Civil Society Politicians and Officials

Articles Cybersecurity Digital Security Spying

Predator Files: The Spyware Scandal That Shook the World

October 19, 2023

Fullsecure DataShielder HSM Fortress Award Jacques Gascuel inventor CEO de Freemindtronic Andorra el premi fortress 2023 de Business Intelligence Group

Awards Fortress Cyber Security Award

DataShielder HSM, la solució andorrana de FullSecure amb tecnologies de Freemindtronic, guanya el Premi Fortress 2023

September 22, 2023

DataShielder HSM, FullSecure's Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

2023 Awards Fortress Cyber Security Award

DataShielder HSM Fortress Award 2023 from FullSecure: the Andorran serverless and databaseless encryption solution

September 20, 2023

BITB attacks Browser-In-The-Browser remove delete destroy by IRDR Ifram Redirect Detection Removal since EviCypher freeware web extension open-source from Freemindtronic in Andorra

Articles Cryptocurrency Cybersecurity Digital Security Phishing

BITB Attacks: How to Avoid Phishing by iFrame

May 10, 2023

Gold Globee Winner 2022 at the Cyber Security Global Excellence Awards Cyber Computer NFC Freemindtronic Andorra

2022 Awards Cybersecurity EviCypher Technology

Gold Globee Winner 2022 Cyber Computer NFC

February 24, 2022

Awards CES Awards Distinction Excellence

Keepser Group Award CES 2022

January 9, 2022

Secure Card de Bleujour CES 2022 by Freemindtronic Andorra contactless data encryption from an NFC HSM security hardware module

2022 Events EviCypher NFC HSM Exhibitions Licences Freemindtronic NFC Contactless

Secure Card CES 2022

January 5, 2022

2021 Cybersecurity Distinction Excellence EviCypher Technology finalists

E&T Innovation Awards Cybersecurity

November 30, 2021

2021 E&T Innovation Awards Freemindtronic Andorra EviCypher Technology finalist Communications & IT

2021 Awards Communications Distinction Excellence EviCypher Technology finalists IT

E&T Innovation Awards Communications & IT

November 30, 2021

2021 Distinction Excellence finalists

Finalists The National Cyber Awards 2021

September 14, 2021

Articles EviCore NFC HSM Technology EviCypher Technology International Inventions Geneva multi-factor authentication News NFC HSM technology

Geneva International Exhibition of Inventions 2021

May 30, 2021

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

May 19, 2021

2021 Awards Distinction Excellence

Freemindtronic Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2021

May 18, 2021

EviCypher Gold Medal 2021 best invention worldwide gold medal Geneva International Inventions computer sciences software electronics electricity method communication Contactless Hardware Secrets Keeper

2021 Awards International Inventions Geneva

EviCypher Gold Medal 2021 of the Geneva International Inventions

March 16, 2021

2017 Awards Embedded System Awards IoT

Award 2017 MtoM & Embedded System & IoT

September 25, 2017

2017 Awards

Award RCO 2017 hardware wallet password manager secured contactless

March 17, 2017

2017 Cybersecurity finalists

Award FIC 2017 10th Most innovative international startup

January 14, 2017

2015 finalists NFC Contactless

Finalist Contactless Services Challenge

March 12, 2015

FIC 2015 Distinction Excellence 19th most innovative international cybersecurity startup with Freemindtronic EviKey USB stick unlock contactless by nfc phone invented by Jacques Gascuel

2015 Awards Distinction Excellence EviKey & EviDisk

FIC 2015 Distinction Excellence 19th Most innovative international startup

February 12, 2015

To improve in English: If you want to download images, Freemindtronic logo, you can access the Freemindtronic media kit, which contains various files and information related to the company and its products or awards. You will find the link to the media kit at the end of this article. In addition, if you prefer to read this article in another language, or download the press release, you can choose from the following options:

Download the press release in English by clicking here
Llegeix aquest article en català clica aquí

We hope you enjoyed this article and that you learned something interesting about Freemindtronic and its innovative technology.

[Kit de mitjans de Freemindtronic]

Sign up for Newsletter

The CRA: Strengthening Cybersecurity Across the EU

The Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

Introduction au Cyber Resilience Act (CRA)

Strengthening the EU’s Cybersecurity Framework: The Provisional Agreement on the Cyber Resilience Act

A Milestone for a Secure Digital Single Market

Key Features and Amendments of the Agreement

Looking Forward: Implementation and Impact

The Path to the Cyber Resilience Act

Business Requirements and Responsibilities

Cooperation and Sanctions

Application and Exclusions of the CRA

Conclusion and Outlook

Benefits of the Cyber Resilience Act for the Digital Ecosystem

Strengthening Consumer and Business Protection

Harmonization of the Digital Internal Market

Driving Innovation in Cybersecurity

Analysis of the Challenges Posed by the Cyber Resilience Act

Impact on Vulnerability Disclosure

Effects on Free and Open-Source Software

Standardization of Disclosure Models

Potentially disproportionate penalties

Cyber Resilience Act Compliance Guide for the Digital Industry

Actions Required for Digital Product Manufacturers

Obligations of Digital Product Distributors

Importance of Compliance

Which products are covered by the Cyber Resilience Act?

General definition of the products concerned

Distinguishing between critical and non-critical products

The scope of the CRA

The classification of critical products

The obligations for different classes of products

Table 2: CRA Obligations by Product Class

Navigating the Cyber Resilience Act (CRA): A Quick Guide

Table 1: Overview of the CRA

Key Takeaways

Hardware Security Module with the CRA

Definition of HSMs

Features of the HSM Hardware

Benefits of Digital HSM

Cyber-resilience regulation certification process in force

Importance of HSMs in Cybersecurity

Hardware Security Modules (HSMs) Under the Cyber Resilience Act

Definition and Features of HSMs

Fixed HSMs

Removable HSMs

NFC HSMs

NFC HSM and the Cyber Resilience Act (CRA): A Closer Look at Secure Technology

Features and Advantages:

Applications:

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

Meeting CRA’s Fundamental Compliance Demands:

Freemindtronic’s NFC HSM Features Enhancing CRA Compliance:

Industry Advantages:

Key Features of the CRA at a Glance

In conclusion on the European cyber-resilience act regulation

Sources

Protecting encrypted messaging: the ECHR decision

Encrypted messaging: ECHR says no to states that want to spy on them

The context of the case

The reasoning of the Court

The consequences of the decision

The position of other countries in the world

The world’s reactions to the ECHR decision on Encrypted Messaging

The supporters of the ECHR decision

The opponents of the ECHR decision

The non-signatories of the European

The signatory countries of the European Convention on Human Rights

An innovative and sovereign alternative: the EviCypher NFC HSM technology

EviCypher NFC HSM: A Secure and Innovative Solution for Encrypted Messaging

Transforming Encrypted Messaging with EviCypher NFC HSM

Global Reach and User Empowerment

EviCypher NFC HSM: A Beacon of User Autonomy

Summary at encrypted messaging

Our conclusion on Encrypted Messaging

Why You Need DataShielder Defense NFC HSM

DataShielder Defense NFC HSM: How to Protect Your Sovereign Communications with a Revolutionary Solution

How DataShielder Defense NFC HSM Works

Differentiating Benefits of DataShielder Defense NFC HSM

News provided by Fortress^® Cybersecurity Award 2023 from Business Intelligence Group