Tag Archives: HSM

image_pdfimage_print

Side-Channel Attacks via HDMI and AI: An Emerging Threat

Side-channel attacks visualized through an HDMI cable emitting invisible electromagnetic waves intercepted by an AI system.
Side-channel attacks via HDMI are the focus of Jacques Gascuel’s analysis, which delves into their legal implications and global impact in cybersecurity. This ongoing review is updated regularly to keep you informed about advancements in these attack methods, the protective technologies from companies like Freemindtronic, and their real-world effects on cybersecurity practices and regulations.

Protecting Against HDMI Side-Channel Attacks

Side-channel attacks via HDMI, bolstered by AI, represent a growing threat in cybersecurity. These methods exploit electromagnetic emissions from HDMI cables to steal sensitive information from a distance. How can you protect yourself against these emerging forms of cyberattacks?

2024 Cyberculture

Electronic Warfare in Military Intelligence

2024 Articles Cyberculture Legal information

ANSSI Cryptography Authorization: Complete Declaration Guide

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

Understanding the Impact and Evolution of Side-Channel Attacks in Modern Cybersecurity

Side-channel attacks, also known as side-channel exploitation, involve intercepting electromagnetic emissions from HDMI cables to capture and reconstruct the data displayed on a screen. These attacks, which were previously limited to analog signals like VGA, have now become possible on digital signals thanks to advances in artificial intelligence.

A group of researchers from the University of the Republic in Montevideo, Uruguay, recently demonstrated that even digital signals, once considered more secure, can be intercepted and analyzed to reconstruct what is displayed on the screen. Their research, published under the title “Deep-TEMPEST: Using Deep Learning to Eavesdrop on HDMI from its Unintended Electromagnetic Emanations”, is available on the arXiv preprint server​ (ar5iv).

Complementing this, Freemindtronic, a company specializing in cybersecurity, has also published articles on side-channel attacks. Their work highlights different forms of these attacks, such as acoustic or thermal emissions, and proposes advanced strategies for protection. You can explore their research and recommendations for a broader understanding of the threats associated with side-channel attacks by following this link: Freemindtronic – Side-Channel Attacks.

Freemindtronic Solutions for Combating Side-Channel Attacks via HDMI

Freemindtronic’s PassCypher and DataShielder product lines incorporate advanced hardware security technologies, such as NFC HSM (Hardware Security Module) or HSM PGP containers, to provide enhanced protection against side-channel attacks.

How Do These Products Protect Against HDMI Attacks?

Freemindtronic’s PassCypher and DataShielder product lines incorporate advanced hardware security technologies, such as NFC HSM (Hardware Security Module) or HSM PGP containers, to provide enhanced protection against side-channel attacks.

  • PassCypher NFC HSM and PassCypher HSM PGP: These devices are designed to secure sensitive data exchanges using advanced cryptographic algorithms considered post-quantum, and secure key management methods through segmentation. Thanks to their hybrid HSM architecture, these devices ensure that cryptographic keys always remain in a secure environment, protected from both external and internal attacks, including those attempting to capture electromagnetic signals via HDMI. Even if an attacker managed to intercept signals, they would be unusable without direct access to the cryptographic keys, which remain encrypted even during use. Furthermore, credentials and passwords are decrypted only ephemerally in volatile memory, just long enough for auto-login and decryption.
  • DataShielder NFC HSM: This product goes even further by combining hardware encryption with NFC (Near Field Communication) technology. DataShielder NFC HSM is specifically designed to secure communications between phones and computers or exclusively on phones, ensuring that encryption keys are encrypted from the moment of creation and decrypted only in a secure environment. The messages remain encrypted throughout. This means that even if data were intercepted via a side-channel attack, it would remain indecipherable without the decryption keys stored within the HSM. Additionally, the NFC technology limits the communication range, reducing the risk of remote interception, as even the information transmitted via the NFC channel is encrypted with other segmented keys.

Why Are These Products Effective Against HDMI Attacks?

  • Segmented Cryptographic Key Protection: The hybrid HSMs integrated into these products ensure that cryptographic keys never leave the secure environment of the module. Even if an attacker were to capture HDMI signals, without access to the keys, the data would remain protected.
  • Encryption from NFC HSM or HSM PGP: Hybrid encryption, using keys stored in a secure enclave, is far more secure than software-only encryption because it is less likely to be bypassed by side-channel attacks. The PassCypher and DataShielder solutions use advanced AES-256 CBC PGP encryption, making it much harder for attackers to succeed.
  • Electromagnetic Isolation: These devices are designed to minimize electromagnetic emissions as much as possible and only on demand in milliseconds, making side-channel attacks extremely difficult to implement. Moreover, the data exchanged is encrypted within the NFC signal, significantly reducing the “attack surface” for electromagnetic signals. This prevents attackers from capturing exploitable signals.
  • Limitation of Communications: With NFC technology, communications are intentionally limited to short distances, greatly complicating attempts to intercept data remotely.

In summary

Freemindtronic’s PassCypher NFC HSM, PassCypher HSM PGP, and DataShielder NFC HSM products offer robust protection against side-channel attacks via HDMI. By integrating hardware security modules, advanced encryption algorithms, and limiting communications to very short distances, these devices ensure high-level security, essential for sensitive environments where data must be protected against all forms of attacks, including those using side-channel techniques.

To learn more about these products and discover how they can enhance your system’s security, visit Freemindtronic’s product pages:

Produit de Cyberdéfense de l’Année : Freemindtronic Finaliste aux National Cyber Awards 2024

Certificat de finaliste du DataShielder Auth NFC HSM pour le Produit de Cyberdéfense de l'Année 2024 aux National Cyber Awards

COMMUNIQUÉ DE PRESSE – DataShielder Auth NFC HSM conçu en Andorre par Freemindtronic Finaliste pour le Produit de Cyberdéfense de l’Année 2024!

Les National Cyber Awards 2024 célèbrent l’excellence des produits de cyberdéfense de l’année avec BAE Systems comme sponsor principal

Escaldes-Engordany, Andorre, 5 août 2024 – Cyber Defence Product of the Year, Freemindtronic Andorra, finaliste, annonce avec fierté sa sélection pour ce prestigieux prix aux National Cyber Awards 2024. Ces prix, désormais dans leur sixième édition, honorent les contributions et les réalisations exceptionnelles dans le domaine de la cybersécurité.

Alors que les menaces numériques s’intensifient, la cybersécurité devient de plus en plus cruciale. Les cyberattaques, y compris le vol d’identité, les ordres de transfert falsifiés, le vol de données sensibles, l’espionnage industriel à distance et de proximité, ainsi que le vol d’informations sensibles sur les téléphones (comme les SMS, les mots de passe, les codes 2FA, les certificats et les clés secrètes), présentent des risques extrêmement préjudiciables pour les entreprises, les gouvernements et les individus à l’échelle mondiale. Les National Cyber Awards, reconnus comme un gage d’excellence, établissent des normes dans l’industrie. Ils sont conçus pour encourager l’innovation, la résilience et la dévotion à la protection du paysage numérique. Ils favorisent l’amélioration continue et l’adoption des meilleures pratiques à l’échelle mondiale.

Cette année, les National Cyber Awards 2024 visent à récompenser ceux qui s’engagent en faveur de l’innovation cybernétique, de la réduction de la cybercriminalité et de la protection des citoyens en ligne. Gordon Corera, le célèbre correspondant de sécurité de la BBC, apporte son immense expertise à cet événement. Il couvre des questions critiques comme le terrorisme, la cybersécurité, l’espionnage et diverses préoccupations de sécurité mondiale. Il note que l’événement de 2024 promet une célébration de l’excellence et de l’innovation au sein de l’industrie de la cybersécurité. Cela offre des perspectives uniques d’une des voix principales de la sécurité internationale.

National Cyber Awards maintient l’Intégrité et l’Équité pour tous ses trophées

Leur jury indépendant maintient l’intégrité du processus d’évaluation des National Cyber Awards en adhérant à un code de conduite strict. Cela garantit un processus d’évaluation juste, transparent et rigoureux. Ils s’engagent pour empêcher toute pratique de paiement pour concourir. Ceci est essentiel pour maintenir les normes les plus élevées d’impartialité dans leurs récompenses.

La cérémonie de remise des prix comprend des catégories telles que les Services de Police et d’Application de la Loi, le Service Public, l’Innovation et la Défense, la Cyber dans les Entreprises, l’Éducation et l’Apprentissage. Les nominés et les lauréats seront célébrés pour leur impact significatif sur la sécurisation du cyberespace contre les menaces en constante évolution.

Freemindtronic Andorre a été sélectionné par le jury comme finaliste pour le Produit de Cyberdéfense de l’Année avec notre produit, DataShielder Auth NFC HSM.

Les organisateurs de l’événement nous ont notifié:

“Nous sommes ravis de vous informer que vous avez été sélectionné par notre panel de juges comme finaliste pour le Produit de Cyberdéfense de l’Année 2024! Il s’agit d’une réalisation exceptionnelle, compte tenu des centaines de candidatures que nous avons reçues cette année. Félicitations de la part de toute l’équipe des National Cyber Awards!”

Le dirigean de Freemindtronic déclare:

“Nous nous sentons honorés et reconnaissants d’être reconnus parmi les leaders de la cybersécurité. Être finaliste valide notre engagement envers l’innovation et la protection des données sensibles et des identités numériques contre les menaces en constante évolution, désormais assistées par l’intelligence artificielle. Nous sommes très honorés et fiers d’être nommés parmi les finalistes représentant le 10e plus petit pays du monde, Andorre, en tant qu’acteur industriel de la cyberdéfense. Au nom de l’équipe de Freemindtronic et de moi-même, nous félicitons tous les autres finalistes.”

Jacques Gascuel, PDG et Chef de la Recherche et du Développement, concepteur de solutions de contre-espionnage et détenteur de brevets au Royaume-Uni, sera présent à la cérémonie d’annonce des lauréats.

Cette deuxième nomination pour notre entreprise andorrane Freemindtronic par le jury des National Cyber Awards marque un autre jalon dans la conception et la fabrication de produits de contre-espionnage d’usage civil et militaire accessibles à tous. Nous avons été précédemment reconnus en 2021 comme “Highly Commended at National Cyber Awards” et finalistes pour deux années consécutives en 2021.

Message du Premier Ministre du Royaume-Uni pour les National Cyber Awards 2024

L’Honorable Keir Starmer, Premier Ministre du Royaume-Uni, commente les prix: “Les National Cyber Awards sont une merveilleuse façon de récompenser, de célébrer et de mettre en valeur le travail de ceux qui s’engagent à nous protéger. Veuillez transmettre mes plus chaleureuses félicitations aux lauréats qui sont une source d’inspiration pour tous ceux du secteur qui souhaitent protéger les autres.”

Les National Cyber Awards auront lieu à Londres le 23 septembre, la veille de l’Expo Cybernétique Internationale annuelle.

Les organisateurs félicitent tous les autres finalistes et attendent avec impatience de célébrer cet événement international avec nous le 23 septembre lors de la cérémonie de remise des prix! Si vous souhaitez vous joindre à nous pour une soirée de célébration et d’excitation, vous pouvez acheter des billets et des tables pour l’événement via le site web à l’adresse www.thenationalcyberawards.org.

Notes aux Rédacteurs

Qu’est-ce que les National Cyber Awards?

Les National Cyber Awards ont débuté en 2019 dans le but de célébrer l’excellence et l’innovation parmi ceux qui se consacrent à la cybersécurité. En effet, ces prix mettent en lumière les réalisations exceptionnelles de professionnels, d’entreprises et d’éducateurs des secteurs privé et public. D’ailleurs, des leaders de l’industrie, passionnés par l’élévation du domaine de la cybersécurité, ont conçu ces prix. Ainsi, ils reconnaissent et inspirent l’engagement à relever les défis en constante évolution de la cybersécurité.

En ce qui concerne leur mission, elle est d’identifier et de célébrer les contributions exceptionnelles dans le domaine. En outre, nous aspirons à fournir un critère d’excellence auquel tout le monde peut aspirer. De plus, nous envisageons un avenir où chaque innovation en cybersécurité internationale est reconnue et célébrée. Cette reconnaissance encourage l’amélioration continue et l’adoption des meilleures pratiques à l’échelle mondiale. Grâce au soutien de nos sponsors, la participation aux prix reste gratuite. En conséquence, chaque finaliste reçoit un billet gratuit pour la cérémonie, minimisant les barrières à l’entrée et rendant la participation accessible à tous.

http://www.thenationalcyberawards.org

Contact: Future Tech Events, Fergus Bruce, info@futuretechevents.com

Finalistes 2024 pour les National Cyber Awards dans la catégorie “Produit de Cyberdéfense de l’Année 2024”

Résumé du Candidat

  • Produit: DataShielder Auth NFC HSM
  • Catégorie: Produit de Cyberdéfense de l’Année 2024
  • Nom: Jacques Gascuel
  • Entreprise: Freemindtronic
  • Courriel: contact at freemindtronic.com
  • Biographie de l’Entreprise: Freemindtronic se distingue par sa spécialisation dans la conception, l’édition et la fabrication de solutions de contre-espionnage. En effet, notre dernière innovation, le DataShielder Auth NFC HSM, sert de solution de contre-espionnage à double usage pour les applications civiles et militaires. Notamment, nous avons présenté cette solution pour la première fois au public le 17 juin 2024 à Eurosatory 2024. Plus précisément, elle combat activement le vol d’identité, l’espionnage et l’accès aux données et messages sensibles et classifiés grâce au chiffrement post-quantum AES 256 CBC. De surcroît, elle fonctionne hors ligne, sans serveurs, sans bases de données, et sans nécessiter que les utilisateurs s’identifient ou changent leurs habitudes de stockage de données sensibles, de services de messagerie ou de protocoles de communication, tout en évitant les coûts d’infrastructure. C’est pourquoi nous avons spécialement conçu le DataShielder Auth NFC HSM pour combiner sécurité et discrétion. Concrètement, il se présente sous deux formes pratiques : une carte de la taille d’une carte de crédit et une étiquette NFC discrète. D’une part, la carte se glisse facilement dans un portefeuille, à côté de vos cartes bancaires NFC, et protège physiquement contre l’accès illicite. D’autre part, vous pouvez attacher l’étiquette NFC, similaire à un badge d’accès RFID, à un porte-clés ou la cacher dans un objet personnel. Ainsi, cette approche garantit que vous ayez toujours votre DataShielder Auth NFC HSM à portée de main, prêt à sécuriser vos communications, authentifier les collaborateurs et valider les donneurs d’ordres, le tout sans attirer l’attention.

Caractéristiques Additionnelles du Produit

  • Compatibilité avec Divers Systèmes de Communication: DataShielder Auth NFC HSM est compatible avec plusieurs systèmes de communication, y compris les e-mails, les chats, les webmails, les SMS, les MMS, les RCS et les services de messagerie instantanée publics et privés. Cette compatibilité universelle permet une intégration parfaite dans les environnements de communication existants. Cela assure une protection continue sans modifications significatives de l’infrastructure.
  • Protection Contre les Attaques Assistées par IA: DataShielder Auth NFC HSM fournit une protection avancée contre les attaques sophistiquées assistées par IA. Avec un chiffrement robuste et une authentification forte, le produit élimine les risques posés par les tentatives de vol d’identité utilisant des techniques avancées d’ingénierie sociale. Ainsi, il assure une sécurité améliorée pour les utilisateurs.
  • Méthodes de Gestion des Clés: Le produit utilise des modules de sécurité matériels dotés de la technologie NFC pour créer et gérer les clés de manière sécurisée. Les dispositifs DataShielder stockent de manière sécurisée les clés de chiffrement générées aléatoirement. Le système fonctionne sans serveurs ni bases de données. Cela offre un anonymat de bout en bout et réduit significativement les points potentiels de vulnérabilité.

Les produits DataShielder NFC HSM sont disponibles exclusivement en France à travers AMG Pro et internationalement à travers Fullsecure Andorra.

Nous remercions tous les membres du jury pour l’intérêt qu’ils ont montré envers notre dernier produit révolutionnaire, le DataShielder NFC HSM.

Jury des National Cyber Awards

  • Mary Haigh: CISO, BAE Systems
  • Rachael Muldoon: Avocate, Maitland Chambers
  • Shariff Gardner: Chef de la Défense, Militaire et Application de la Loi, Royaume-Uni, Irlande et Pays Nordiques, SANS Institute
  • Damon Hayes: Commandant Régional, National Crime Agency
  • Miriam Howe: Responsable de la Consultation Internationale, BAE Systems Digital Intelligence
  • Myles Stacey OBE: Conseiller Spécial du Premier Ministre, 10 Downing Street
  • Daniel Patefield: Chef de Programme, Cyber & National Security, techUK
  • Sir Dermot Turing: Administrateur, Bletchley Park Trust
  • Nicola Whiting MBE: Présidente du Jury
  • Oz Alashe MBE: PDG et Fondateur, CybSafe
  • Professeure Liz Bacon: Principale et Vice-Chancelière, Université d’Abertay
  • Richard Beck: Directeur de la Cybersécurité, QA
  • Martin Borret: Directeur Technique, IBM Security
  • Bronwyn Boyle: CISO, PPRO
  • Charlotte Clayson: Associée, Trowers & Hamlins LLP
  • Pete Cooper: Fondateur, Aerospace Village
  • Professeur Danny Dresner: Professeur de Cybersécurité, Université de Manchester
  • Ian Dyson QPM DL: Police de la Ville de Londres
  • Mike Fell OBE: Directeur de la Cybersécurité, NHS England
  • Tukeer Hussain: Responsable de la Stratégie, Département de la Culture, des Médias et des Sports
  • Dr Bob Nowill: Président, Cyber Security Challenge
  • Chris Parker MBE: Directeur, Gouvernement, Fortinet (Cybersécurité)
  • Dr Emma Philpott MBE: PDG, IASME Consortium Ltd
  • Peter Stuart Smith: Auteur
  • Rajinder Tumber MBE: Chef de l’Équipe de Consultance en Sécurité, Sky
  • Saba Ahmed: Directrice Générale, Accenture Security
  • Charles White: Directeur, The Cyber Scheme
  • Professeure Lisa Short: Areta Business Performance / XTCC
  • Emma Wright: Associée, Harbottle & Lewis LLP
  • Dr Budgie Dhanda MBE: Consultant en Gestion, PA Consulting
  • Jacqui Garrad: Directrice du Musée National de l’Informatique
  • Dr Vasileios Karagiannopoulos: Codirecteur du Centre de Cybercriminalité et Criminalité Économique, Université de Portsmouth
  • Debbie Tunstall: Directrice de Compte, Immersive Labs
  • Sarah Montague: HMRC

Découvrez nos autres distinctions, y compris notre reconnaissance en tant que finaliste en solution de Cyberdéfense de l’Année 2024, aux côtés de nos trophées et des médailles d’argent et d’or que nous avons remportées au cours de la dernière décennie. 🏆🌟👇

NEWS PROVIDED BY
The National Cyber ​​Awards 2024
August 2024

Autres langues disponibles : catalan et anglais. [Cliquez ici pour le catalan] [Cliquez ici pour l’anglais]

SHARE THIS ARTICLE

Producte de Ciberdefensa de l’Any 2024 – Freemindtronic Finalista

DataShielder Auth NFC HSM by Freemindtronic – Finalist for Cyber Defence Product of the Year 2024

COMUNICAT DE PREMSA – DataShielder Auth NFC HSM Fet a Andorra per Freemindtronic Finalista per al Producte de Ciberdefensa de l’Any 2024!

Els National Cyber Awards 2024 Celebren l’Excel·lència dels Productes de Ciberdefensa de l’Any amb BAE Systems com a Patrocinador Principal

Escaldes-Engordany, Andorra, 5 d’agost de 2024 – Freemindtronic Andorra, finalista del Producte de Ciberdefensa de l’Any, anuncia amb orgull la seva selecció per a aquest prestigiós premi als National Cyber Awards 2024. Aquests premis, ara en la seva sisena edició, honoren les contribucions i els èxits destacats en el camp de la ciberseguretat.

A mesura que les amenaces digitals s’intensifiquen, la importància de la ciberseguretat no es pot subestimar. Els ciberatacs, incloent-hi el robatori d’identitat, les ordres de transferència falses, el robatori de dades sensibles, l’espionatge industrial remot i de proximitat, i el robatori d’informació sensible dels telèfons (com SMS, contrasenyes, codis 2FA, certificats i claus secretes), presenten riscos extremadament perjudicials per a empreses, governs i individus a nivell global. Els National Cyber Awards, reconeguts com un segell d’excel·lència, estableixen estàndards en la indústria. Estan dissenyats per fomentar la innovació, la resiliència i la dedicació a la protecció del paisatge digital, promovent la millora contínua i l’adopció de les millors pràctiques a nivell mundial.

Enguany, els National Cyber Awards 2024 tenen com a objectiu premiar aquells compromesos amb la innovació cibernètica, la reducció de la ciberdelinqüència i la protecció dels ciutadans en línia. Gordon Corera, l’estimat corresponsal de seguretat de la BBC, aporta la seva extensa experiència a aquest esdeveniment, cobrint qüestions crítiques com el terrorisme, la ciberseguretat, l’espionatge i diverses preocupacions de seguretat global. Destaca que l’esdeveniment de 2024 promet una celebració d’excel·lència i innovació dins de la indústria de la ciberseguretat, oferint perspectives úniques d’una de les veus principals en seguretat internacional.

Mantenir la Integritat i l’Equitat per al Producte de Ciberdefensa de l’Any

El nostre jurat independent manté la integritat del procés d’avaluació dels National Cyber Awards adherint-se a un codi de conducta estricte. Això garanteix un procés d’avaluació just, transparent i robust. Estem compromesos a evitar qualsevol pràctica de pagament per jugar per mantenir els estàndards més alts d’imparcialitat en els nostres premis.

La cerimònia de lliurament de premis inclou categories com Serveis de Policia i Aplicació de la Llei, Servei Públic, Innovació i Defensa, Ciber en els Negocis, Educació i Aprenentatge. Els nominats i els guanyadors seran celebrats pel seu impacte significatiu en la seguretat del ciberespai contra les amenaces en evolució constant.

Freemindtronic Andorra ha estat seleccionat pel jurat com a finalista per al Producte de Ciberdefensa de l’Any amb el nostre producte, DataShielder Auth NFC HSM.

Els organitzadors de l’esdeveniment ens van notificar

“Ens complau informar-vos que heu estat seleccionats pel nostre jurat com a finalistes per al Producte de Ciberdefensa de l’Any 2024! Es tracta d’un assoliment destacat, tenint en compte els centenars de nominacions que hem rebut aquest any. Felicitats de part de tot l’equip dels National Cyber Awards!”

El CEO de Freemindtronic declara

“Ens sentim honorats i agraïts de ser reconeguts entre els líders en ciberseguretat. Ser finalistes valida el nostre compromís amb la innovació i la protecció de les dades sensibles i les identitats digitals contra les amenaces en constant evolució, ara assistides per la intel·ligència artificial. Ens sentim molt honorats i orgullosos de ser nominats entre els finalistes representant el desè país més petit del món, Andorra, com a actor industrial en ciberdefensa. En nom de l’equip de Freemindtronic i de mi mateix, felicitem tots els altres finalistes.”

Jacques Gascuel, CEO i Cap de Recerca i Desenvolupament, dissenyador de solucions de contraespionatge i titular de patents al Regne Unit, estarà present a la cerimònia d’anunci dels guanyadors.

Aquesta és la segona nominació per a la nostra empresa andorrana Freemindtronic pel jurat dels National Cyber Awards. Anteriorment vam ser reconeguts el 2021 com a “Highly Commended at National Cyber Awards” i com a finalistes per dos anys consecutius el 2021. Aquesta nominació de 2024 per a aquest prestigiós premi marca un altre pas important en el disseny i fabricació de productes de contraespionatge d’ús dual civil i militar accessibles per a tothom.

Missatge del Primer Ministre del Regne Unit per als National Cyber Awards 2024

L’Honorable Keir Starmer, Primer Ministre del Regne Unit, comenta sobre els premis: “Els National Cyber Awards són una manera meravellosa de recompensar, celebrar i mostrar el treball d’aquells compromesos a mantenir-nos segurs. Si us plau, transmeteu les meves més càlides felicitacions als guanyadors que són una inspiració per a tots els del sector que desitgen protegir els altres.”

Els National Cyber Awards tindran lloc a Londres el 23 de setembre, la nit de dilluns que precedeix l’Expo Cibernètica Internacional anual.

Els organitzadors feliciten tots els altres finalistes i esperen celebrar aquest esdeveniment internacional amb nosaltres el 23 de setembre a la cerimònia de lliurament de premis! Si voleu unir-vos a nosaltres per una nit de celebració i emoció, podeu comprar entrades i taules per a l’esdeveniment a través del lloc web a www.thenationalcyberawards.org.

Notes per als Editors

Què són els National Cyber Awards?

Els National Cyber Awards van començar el 2019 per celebrar l’excel·lència i la innovació entre aquells dedicats a la ciberseguretat. Aquests premis destaquen els èxits excepcionals de professionals, empreses i educadors tant del sector privat com públic. Líders de la indústria, apassionats per elevar el camp de la ciberseguretat, van concebre aquests premis. Reconeixen i inspiren el compromís per afrontar els reptes en constant evolució de la ciberseguretat.

La nostra missió és identificar i celebrar contribucions excepcionals en el camp. Aspirem a proporcionar un punt de referència d’excel·lència per a tothom. Envisionem un futur on cada innovació en ciberseguretat internacional sigui reconeguda i celebrada. Aquest reconeixement fomenta la millora contínua i l’adopció de les millors pràctiques a nivell mundial. Amb el suport dels nostres patrocinadors, la participació en els premis continua sent gratuïta. Cada finalista rep una entrada gratuïta per a la cerimònia, minimitzant les barreres d’entrada i fent que la participació sigui accessible per a tothom.

http://www.thenationalcyberawards.org

Contacte: Future Tech Events, Fergus Bruce, info@futuretechevents.com

Finalistes del 2024 per als National Cyber Awards en la categoria “Producte de Ciberdefensa de l’Any 2024”

Resum del Candidat

  • Producte: DataShielder Auth NFC HSM
  • Categoria: Producte de Ciberdefensa de l’Any 2024
  • Nom: Jacques Gascuel
  • Empresa: Freemindtronic
  • Correu Electrònic: contact at freemindtronic.com
  • Biografia de l’Empresa: Freemindtronic es especialitza en dissenyar, publicar i fabricar solucions de contraespionatge. La nostra última innovació, el DataShielder Auth NFC HSM, serveix com una solució de contraespionatge d’ús dual per a aplicacions civils i militars. Vam presentar aquesta solució per primera vegada al públic el 17 de juny de 2024 a Eurosatory 2024. Combate activament el robatori d’identitat, l’espionatge i l’accés a dades i missatges sensibles i classificats mitjançant xifratge post-quantum AES 256 CBC. A més, funciona fora de línia, sense servidors, sense bases de dades, i sense necessitat que els usuaris s’identifiquin o canviïn els seus hàbits d’emmagatzematge de dades sensibles, serveis de missatgeria o protocols de comunicació, tot evitant els costos d’infraestructura. Hem dissenyat especialment el DataShielder Auth NFC HSM per combinar seguretat i discreció. Ve en dues formes pràctiques: una targeta de la mida d’una targeta de crèdit i una etiqueta NFC discreta. La targeta es llisca fàcilment en una cartera, al costat de les teves targetes bancàries NFC, i protegeix físicament contra l’accés il·lícit. Mentrestant, pots enganxar l’etiqueta NFC, similar a una insígnia d’accés RFID, a un clauer o amagar-la en un objecte personal. Aquest enfocament assegura que sempre tinguis el teu DataShielder Auth NFC HSM a mà, llest per assegurar les teves comunicacions, autenticar col·laboradors i validar donants d’ordres, tot sense cridar l’atenció.

Característiques Addicionals del Producte

  • Compatibilitat amb Diversos Sistemes de Comunicació: DataShielder Auth NFC HSM és compatible amb múltiples sistemes de comunicació, incloent correus electrònics, xats, webmails, SMS, MMS, RCS i serveis de missatgeria instantània públics i privats. Aquesta compatibilitat universal permet una integració perfecta en entorns de comunicació existents, assegurant una protecció contínua sense canvis significatius en la infraestructura.
  • Protecció Contra Atacs Assistits per IA: DataShielder Auth NFC HSM proporciona protecció avançada contra atacs sofisticats assistits per IA. Amb un xifratge robust i una autenticació forta, el producte elimina els riscos plantejats per intents de robatori d’identitat mitjançant tècniques avançades d’enginyeria social, assegurant així una seguretat millorada per als usuaris.
  • Mètodes de Gestió de Claus: El producte utilitza mòduls de seguretat de maquinari amb tecnologia NFC per crear i gestionar claus de manera segura. Els dispositius DataShielder emmagatzemen de manera segura les claus de xifratge generades aleatòriament. El sistema funciona sense servidors ni bases de dades, oferint anonimat de punta a punta i reduint significativament els punts potencials de vulnerabilitat.

Els productes DataShielder NFC HSM estan disponibles exclusivament a França a través d’AMG Pro i internacionalment a través de Fullsecure Andorra.

Agraïm a tots els membres del jurat l’interès mostrat en el nostre últim producte revolucionari, el DataShielder NFC HSM.

Jurat dels National Cyber Awards

  • Mary Haigh: CISO, BAE Systems
  • Rachael Muldoon: Advocada, Maitland Chambers
  • Shariff Gardner: Cap de Defensa, Militar i Aplicació de la Llei, Regne Unit, Irlanda i Països Nòrdics, SANS Institute
  • Damon Hayes: Comandant Regional, National Crime Agency
  • Miriam Howe: Cap de Consultoria Internacional, BAE Systems Digital Intelligence
  • Myles Stacey OBE: Assessor Especial del Primer Ministre, 10 Downing Street
  • Daniel Patefield: Cap de Programa, Cyber & National Security, techUK
  • Sir Dermot Turing: Administrador, Bletchley Park Trust
  • Nicola Whiting MBE: Presidenta del Jurat
  • Oz Alashe MBE: CEO i Fundador, CybSafe
  • Professora Liz Bacon: Principal i Vicecanceller, Universitat d’Abertay
  • Richard Beck: Director de Ciberseguretat, QA
  • Martin Borret: Director Tècnic, IBM Security
  • Bronwyn Boyle: CISO, PPRO
  • Charlotte Clayson: Soci, Trowers & Hamlins LLP
  • Pete Cooper: Fundador, Aerospace Village
  • Professor Danny Dresner: Professor de Ciberseguretat, Universitat de Manchester
  • Ian Dyson QPM DL: Policia de la Ciutat de Londres
  • Mike Fell OBE: Director de Ciberseguretat, NHS England
  • Tukeer Hussain: Responsable de l’Estratègia, Departament de Cultura, Mitjans de Comunicació i Esports
  • Dr Bob Nowill: President, Cyber Security Challenge
  • Chris Parker MBE: Director, Govern, Fortinet (Ciberseguretat)
  • Dr Emma Philpott MBE: CEO, IASME Consortium Ltd
  • Peter Stuart Smith: Autor
  • Rajinder Tumber MBE: Cap de l’Equip de Consultoria en Seguretat, Sky
  • Saba Ahmed: Directora General, Accenture Security
  • Charles White: Director, The Cyber Scheme
  • Professora Lisa Short: Areta Business Performance / XTCC
  • Emma Wright: Soci, Harbottle & Lewis LLP
  • Dr Budgie Dhanda MBE: Consultor en Gestió, PA Consulting
  • Jacqui Garrad: Directora del Museu Nacional de la Informàtica
  • Dr Vasileios Karagiannopoulos: Codirector del Centre per a la Cibercriminalitat i la Criminalitat Econòmica, Universitat de Portsmouth
  • Debbie Tunstall: Directora de Comptes, Immersive Labs
  • Sarah Montague: HMRC

Explora els nostres reconeixements addicionals, incloent la nominació com a finalista del Producte de Ciberdefensa de l’Any, juntament amb els nostres trofeus i les medalles de plata i or que hem guanyat durant la darrera dècada. 🏆🌟👇

NEWS PROVIDED BY
The National Cyber ​​Awards 2024
August 2024

Altres idiomes disponibles: anglès i francès. [Cliqueu aquí per a francès] [Cliqueu aquí per a anglès]

SHARE THIS ARTICLE

Russian Cyberattack Microsoft: An Unprecedented Threat

Cybersecurity theme with shield, padlock, and computer screen displaying warning signs, highlighting the Russian cyberattack on Microsoft.

Russian Cyberattack on Microsoft: Unprecedented Threat Uncovered

The recent Russian cyberattack on Microsoft, orchestrated by the notorious group Midnight Blizzard, has revealed a far more severe threat than initially anticipated. Learn how Microsoft is countering this sophisticated attack and what implications it holds for global cybersecurity.

2024 Cyberculture

Electronic Warfare in Military Intelligence

2024 Articles Cyberculture Legal information

ANSSI Cryptography Authorization: Complete Declaration Guide

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.

Discover our new Cyberculture article about the Russian Cyberattack on Microsoft, authored by Jacques Gascuel, a pioneer in counterintelligence and expert in contactless, serverless, databaseless, loginless, and wireless security solutions. Stay informed and safe by subscribing to our regular updates.

Microsoft Admits Russian Cyberattack Was Worse Than Expected

Microsoft recently confirmed that the cyberattack by the Russian group Midnight Blizzard was far more severe than initially reported. Midnight Blizzard, also known as NOBELIUM, APT29, and Cozy Bear, is a state-sponsored actor backed by Russia. This group primarily targets governments, NGOs, and IT service providers in the United States and Europe.

Background and Technical Details

Active since at least 2018, Midnight Blizzard has been involved in notorious attacks such as the SolarWinds campaign. This group employs various sophisticated techniques, including password spray attacks and the exploitation of malicious OAuth applications. These methods allow attackers to penetrate systems without raising suspicion​.

Immediate Response from Microsoft

On January 12, 2024, Microsoft detected unauthorized access to its internal systems. The security team immediately activated a response process to investigate and mitigate the attack. Midnight Blizzard compromised a legacy non-production test account, gaining access to several internal email accounts, including those of senior executives and critical teams like cybersecurity and legal​.

Impact of Compromised Emails from the Russian Cyberattack

Midnight Blizzard managed to exfiltrate internal Microsoft emails, including sensitive information shared between the company and its clients. The attackers used this information to attempt access to other systems and increased the volume of password spray attacks by tenfold in February 2024. This led to an increased risk of compromise for Microsoft’s clients​.

Statistical Consequences of the Russian Cyberattack on Microsoft

  • Increase in Attacks: In February 2024, the volume of password spray attacks was ten times higher than in January 2024.
  • Multiple Targets: The compromised emails allowed Midnight Blizzard to target not only Microsoft but also its clients, thereby increasing the risk of compromise across various organizations.
  • Access to Internal Repositories: The attackers were able to access some source code repositories and internal systems, although no customer-facing systems were compromised​.

Advanced Encryption and Security Solutions

To protect against such sophisticated threats, it is crucial to adopt robust encryption solutions. Technologies like DataShielder NFC HSM, DataShielder HSM PGP, and DataShielder Auth NFC HSM offer advanced means to encrypt all types of messaging, including Microsoft’s emails. These solutions ensure the security of sensitive communications by keeping emails and attachments always encrypted. They manage and use encryption keys via NFC HSM or HSM PGP, ensuring that emails are no longer dependent on the security of the messaging services.

Imagine if the victims of the Midnight Blizzard attack had used DataShielder. In this scenario, even if their inboxes were compromised, the encrypted emails would have remained unreadable to the attackers. This additional protection could have significantly reduced the risk of sensitive information disclosure. Statistically, about 90% of data breaches are due to unencrypted or poorly protected emails. If DataShielder had been used, this percentage could have been significantly reduced, offering a robust defense against such intrusions.

Furthermore, DataShielder ensures centralized and secure key management, eliminating the risks associated with decentralized management. The solution easily integrates with existing systems, minimizing operational disruptions during implementation.

Global Reactions and Security Measures

This attack highlights the ongoing risks posed by well-funded state actors. In response, Microsoft launched the Secure Future Initiative (SFI). This initiative aims to strengthen the security of legacy systems and improve internal processes to defend against such cyber threats. The company has also adopted a transparent approach, quickly sharing details of the attack and closely collaborating with government agencies to mitigate risks​.

Best Practices in Cybersecurity to Prevent Russian Cyberattacks

To protect against these threats, companies must adopt robust security measures. Multi-factor authentication and continuous system monitoring are crucial. Additionally, implementing regular security updates is essential. The CISA emergency directive ED 24-02 requires affected federal agencies to analyze the content of exfiltrated emails, reset compromised credentials, and secure authentication tools for privileged Azure accounts​ (CISA)​.

Comparison with Other Cyberattacks

This attack is reminiscent of other major incidents, such as those against SolarWinds and Colonial Pipeline. These attacks demonstrate the evolving techniques of attackers and the importance of maintaining constant vigilance. Companies must be ready to respond quickly and communicate transparently with stakeholders to minimize damage and restore trust​.

Conclusion on the Russian Cyberattack on Microsoft

The Midnight Blizzard cyberattack on Microsoft serves as a poignant reminder of the complex challenges posed by state actors. It also underscores the critical importance of cybersecurity in today’s digital world. To learn more about this attack and its implications, stay informed with continuous updates from Microsoft and recommendations from security experts​.​​

Further Reading: For a more detailed analysis of this incident and its wider implications, read our previous article on the Midnight Blizzard cyberattack against Microsoft and HPE, authored by Jacques Gascuel. Read the full article here.

 

Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

European Commission logo symbolizing the Cyber Resilience Act and NFC HSM technology.

The CRA: Strengthening Cybersecurity Across the EU

Cyber Resilience Act (CRA) is a pivotal European regulation, enhancing cybersecurity standards for digital products. This legislation aims to safeguard users and businesses from cyber threats, ensure market competitiveness, and foster innovation in the cybersecurity field. In this article, we delve into the CRA’s essential features, its advantages and potential challenges, and the implications for manufacturers and distributors of digital products. Discover how the CRA aims to fortify digital security and resilience throughout the European Union.

2024 Cyberculture

Electronic Warfare in Military Intelligence

2024 Articles Cyberculture Legal information

ANSSI Cryptography Authorization: Complete Declaration Guide

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.

Explore our Cyberculture section for detailed information on the Cyber ​​Resilience Act CRA, authored by Jacques Gascuel, a pioneer in contactless, serverless, databaseless sensitive data security solutions. Stay up to date and secure with our frequent updates.

The Cyber Resilience Act: a European regulation to strengthen the cybersecurity of digital products

The Cyber Resilience Act (CRA) is a European regulation that imposes cybersecurity standards on digital products. It aims to protect users and businesses from cyber threats, harmonise the digital internal market and support innovation in cybersecurity. In this article, we’ll walk you through the key features of the CRA, its pros and cons, and its implications for manufacturers and distributors of digital products.

Introduction au Cyber Resilience Act (CRA)

The EU proposed the Cyber Resilience Act in 2022 to set uniform safety standards for products with digital components, such as internet-connected devices, software and online services. These products can be exposed to cyberattacks that affect their availability, integrity and confidentiality. The CRA aims to protect users and businesses from these risks, by requiring common rules for market entry and cybersecurity measures throughout the product lifecycle. It also establishes a CE marking system to indicate compliance with cybersecurity standards. Moreover, the CRA distinguishes critical products, which have higher obligations according to their level of criticality. The CRA is part of the 2020 EU Cybersecurity Strategy, which seeks to enhance the EU’s collective resilience against cyber threats and foster a secure and trustworthy digital environment for all.

The CRA was approved by the Council and the Parliament in november 2023, and will enter into force in 2024, 20 days after its publication in the Official Journal of the EU. However, it will not be applicable until 2027, to allow a transition period for existing products and software. Moreover, the CRA will be revised every five years, to adapt to technological developments and stakeholder needs.

In this subject, we will explain the main provisions of the CRA, its pros and cons, and its impact on the digital market and society. So,the CRA aims to increase the security and resilience of digital systems in the EU, by imposing strict and binding requirements for the design, development and maintenance of digital products. It also introduces a CE marking system for digital products, ensuring their compliance with established cybersecurity standards.

Strengthening the EU’s Cybersecurity Framework: The Provisional Agreement on the Cyber Resilience Act

A Milestone for a Secure Digital Single Market

The Council presidency and the European Parliament have struck a landmark agreement on the proposed Cyber Resilience Act (CRA), taking a major step forward in fortifying the European Union’s cybersecurity landscape. This critical legislation outlines EU-wide cybersecurity requirements for digital products, addressing the urgent need for a harmonized approach to securing connected devices before they reach consumers.

Hailed as a crucial step by Spanish Minister of Digital Transformation José Luis Escrivá, the agreement emphasizes the essential need for a basic cybersecurity level for all connected devices sold within the EU, ensuring robust protection for both businesses and consumers.

Key Features and Amendments of the Agreement

The provisional agreement preserves the core principles of the European Commission’s proposal, focusing on several key areas:

  • Rebalancing Compliance Responsibility: Manufacturers now take primary responsibility, handling tasks like risk assessments, conformity declarations, and cooperation with authorities.
  • Vulnerability Handling: The agreement mandates processes for manufacturers to ensure ongoing cybersecurity and outlines specific obligations for importers and distributors as well.
  • Transparency and Consumer Protection: Measures are introduced to enhance transparency regarding the security of both hardware and software for consumers and businesses, empowering informed decision-making.
  • Market Surveillance Framework: A robust framework will enforce the regulations, ensuring compliance and safeguarding the EU’s digital space.

Co-legislators have also proposed adjustments, including:

  • Simplified Product Classification: A streamlined approach for classifying regulated digital products, facilitating easier compliance and understanding.
  • Product Lifetime Determination: Manufacturers must specify the expected lifespan of digital products, with a minimum five-year support period, unless shorter use is anticipated.
  • Reporting Obligations: A focus on reporting actively exploited vulnerabilities and incidents, enhancing the role of national authorities and ENISA in managing cybersecurity threats.

Looking Forward: Implementation and Impact

With the provisional agreement in place, technical work continues to finalize the regulation’s details. The compromise text will be presented for endorsement by member states, marking a critical moment in the EU’s journey towards a cohesive and secure digital ecosystem.

The CRA is set to apply three years after enactment, providing manufacturers with ample time to adapt. Additionally, specific support measures for small and micro enterprises have been agreed upon, including awareness-raising, training, and assistance with testing and compliance procedures.

The Path to the Cyber Resilience Act

This provisional agreement marks the culmination of a journey that began with the Council’s 2020 conclusions on the cybersecurity of connected devices, emphasizing the need for comprehensive legislation. Reflecting the urgency expressed by Commission President von der Leyen in 2021 and subsequent Council conclusions, the CRA proposal submitted by the Commission in September 2022 aims to complement the existing EU cybersecurity framework, including the NIS Directive and the EU Cybersecurity Act.

This agreement represents a significant milestone in the EU’s commitment to enhancing cybersecurity resilience, marking a new era of digital product security and consumer protection across the Union.

Business Requirements and Responsibilities

Under the CRA, manufacturers and distributors of digital products are required to ensure the compliance of their offerings from the moment they are placed on the market and throughout their lifecycle. This involves actively monitoring for vulnerabilities and working closely with security researchers to identify and fix potential vulnerabilities within 90 days of discovery.

Cooperation and Sanctions

Another cornerstone of the CRA is the enhanced cooperation between EU Member States and the European Commission to monitor the application of the Regulation. In the event of non-compliance, companies risk severe penalties, up to 10% of their annual global turnover. This underlines the EU’s commitment to ensuring a high level of digital security.

Application and Exclusions of the CRA

The CRA applies to a wide range of digital products, with the notable exception of those already regulated by other EU legislation, such as medical devices or vehicles. Its aim is to close legislative gaps and strengthen coherence in the field of cybersecurity.

Conclusion and Outlook

Following its approval by the Council of the EU and the European Parliament, the CRA is scheduled to enter into force in early 2024. Manufacturers then have 36 months to comply with the new rules. This initiative marks an important step towards a more secure and resilient European Union in the face of digital threats.

Benefits of the Cyber Resilience Act for the Digital Ecosystem

The Cyber Resilience Act (CRA) is envisaged not only as a regulatory framework, but also as a lever for improving cybersecurity at the European Union level. It brings several significant benefits, both for users and for the digital economy as a whole.

Strengthening Consumer and Business Protection

One of the main strengths of the CRA is its ability to raise the level of security for consumers and businesses. By imposing high and constantly updated cybersecurity standards, the regulation ensures that digital products purchased or used offer optimal protection against cyber threats. This helps to create a safer digital environment for all.

Harmonization of the Digital Internal Market

The CRA plays a crucial role in harmonising cybersecurity rules across the EU. By eliminating the fragmentation and divergence of national laws, it facilitates the free movement of digital products within the Single Market. This is essential to support economic integration and boost intra-European trade in digital solutions.

Driving Innovation in Cybersecurity

Finally, the CRA is a driver of innovation in the cybersecurity sector. By increasing demand for secure digital products, it encourages investment in research and development. This dynamic creates valuable opportunities for European companies, allowing them to stand out as leaders in the field of cybersecurity on the global stage.

In sum, the benefits of the CRA are manifested in enhanced protection for users, regulatory harmonisation beneficial to the European single market, and increased support for innovation in the cybersecurity sector. Through these measures, the CRA aims to establish a solid foundation for a safe, competitive and innovative digital ecosystem in the European Union.

Analysis of the Challenges Posed by the Cyber Resilience Act

The Cyber Resilience Act (CRA), while aiming to strengthen digital security within the European Union, raises concerns about its potential impact on various aspects of the digital landscape. These drawbacks deserve special attention to understand the challenges associated with the implementation of this legislation.

Impact on Vulnerability Disclosure

A major criticism is the possible reluctance of security researchers to report discovered vulnerabilities. The fear of sanctions or legal action, due to failure to comply with deadlines or procedures dictated by the CRA, could deter these key players from sharing their findings, thus limiting collective efforts to strengthen cybersecurity.

Effects on Free and Open-Source Software

The CRA is also suspected of slowing down the development and adoption of free and open-source software. The latter, known for their security and transparency, could be subject to disproportionate and onerous compliance requirements. These risks hindering innovation and the use of these valuable resources in the digital ecosystem.

Standardization of Disclosure Models

Another sticking point is the potential reduction in the effectiveness and diversity of vulnerability disclosure models. The one-size-fits-all and rigid approach advocated by the CRA may not be appropriate for all situations, requiring flexibility to adapt to the specifics of each case.

Potentially disproportionate penalties

The penalties envisaged by the CRA for non-compliance are considered by some to be excessive. The prospect of severe financial penalties could jeopardize the economic viability of digital manufacturers and distributors, as well as their ability to innovate. This approach could, therefore, have negative repercussions for the entire digital sector.

In sum, although the CRA aims to establish a strengthened security framework for the European Digital Space, it is crucial to assess and address its possible negative impacts. Careful consideration of these issues will allow the regulation to be adjusted and refined so that it effectively supports cybersecurity without hindering innovation or collaboration in the digital domain.

Cyber Resilience Act Compliance Guide for the Digital Industry

The Cyber Resilience Act (CRA) is a major initiative by the European Union to increase cybersecurity across its Member States. Compliance with this regulation requires a series of targeted and structured actions, applicable to both manufacturers and distributors of digital products.

Actions Required for Digital Product Manufacturers

  • Conducting Cyber Risk Assessments: The first step involves analyzing and documenting the risks associated with the products. This includes identifying threats, vulnerabilities, impacts, and protective measures, with this information regularly updated.
  • Application of the CE Marking and Information to Users: Products must bear the CE marking, a symbol of their compliance with EU safety standards. It is essential to provide comprehensive information on the cybersecurity characteristics of products, including conditions of use and maintenance.
  • Security Updates: Manufacturers must establish and maintain procedures for updating the security of products, ensuring the ability of products to receive and install these updates. Proactive communication about the need for and availability of updates is crucial.
  • Vulnerability Reporting: Discovered or reported vulnerabilities must be reported within 90 days. It is important to communicate corrective actions to users using appropriate channels and adhering to the principles of responsible disclosure.
  • Cooperation with Cybersecurity Authorities: Collaboration with competent authorities, participation in audits and provision of the necessary documents for compliance verification are key elements.

Obligations of Digital Product Distributors

  • Product Conformity Verification: Distributors must ensure that the products marketed comply with the requirements of the CRA, including the CE marking. They must also provide adequate information about the cybersecurity of the products.
  • Security Update Information and Support: Distributors are responsible for notifying users of security updates and assisting them with their installation. Communication about vulnerabilities and remediation is also required.
  • Audit and Cooperation with Authorities: Submission to controls, cooperation with competent authorities and provision of the necessary information to demonstrate compliance are essential.

Importance of Compliance

Failure to comply with CRA guidelines can result in significant penalties, including fines of up to 10% of annual worldwide turnover. The adoption of internal compliance and governance mechanisms is therefore crucial to avoid such consequences.

CRA compliance is not only a legal imperative but also an opportunity to improve the security and resilience of the European digital ecosystem. With these measures, the digital industry makes a significant contribution to data protection and user trust in digital technologies.

Which products are covered by the Cyber Resilience Act?

General definition of the products concerned

The CRA applies to all products with digital elements that are directly or indirectly connected to another device or network, with the exception of those already covered by other EU rules, such as medical devices, aviation or cars. The CRA aims to fill gaps and ensure consistency in existing cybersecurity legislation.

Distinguishing between critical and non-critical products

The CRA applies to a wide range of products with digital components, such as internet-connected devices, software and online services. However, not all products are subject to the same level of scrutiny and obligations. The CRA distinguishes between critical and non-critical products, based on the level of risk they pose to users and society.

The scope of the CRA

The CRA covers all products that have a digital component and that are connected directly or indirectly to another device or network. This includes all connected hardware (computers, phones, household appliances, cars, toys, virtual assistive devices, etc.) as well as systems such as VPNs, antivirus, password managers, software essential to the management of cloud services, or the operating systems of the aforementioned hardware.

For the sake of clarity, the draft CRA provides a list of affected products and software. However, this list is not exhaustive and may be updated by the Commission to take into account technological developments.

The classification of critical products

As you will discover by reading further, this CRA regulation makes a distinction between a general category of products containing digital elements, and those considered “critical”. The latter category represents 10% of the objects covered by this regulation. While critical products are those which, if compromised, would have significant impacts on the security of property and people as well as society.

In summary, this regulation is subdivided into critical products and two other classes according to the level of criticality of the risks. Thus, depending on the class to which they belong, software or hardware will be subject to more or less strict supervision and obligations.

The obligations for different classes of products

To streamline the understanding of the impact of the Cyber ​​Resilience Act (CRA) on product classes, let’s take a look at this simplified guide. This is a table that succinctly classifies products according to their criticality under CRA regulations. As a result, this has the advantage of highlighting the specific obligations as well as their impacts on manufacturers and their potential effects on the market. Therefore, this has the effect of presenting this information in a clear and organized manner. We also aim to facilitate the smooth adaptation process for stakeholders to this Cyber ​​Resilience Act regulation. So prepare now to take this information into account to effectively improve and anticipate your strategies. Anticipate your compliance with its new and evolving European cybersecurity standards.

Table 2: CRA Obligations by Product Class
Product Class Obligations Impact on Manufacturers Market Effects
Most Critical
  • Certification by an independent body before market entry.
  • Incurs significant costs and delays.
  • May hinder innovation and competitiveness, especially in electronics and embedded systems.
Intermediate
  • Self-assessment and declaration of conformity by manufacturers.
  • Reduces administrative burden and time to market.
  • Demands high responsibility and transparency.
Less Critical
  • Compliance with essential requirements, no formal certification needed.
  • Ensures basic security levels without excessive costs.
  • Enhances trust in less critical digital products.

Key Insights:

  • First, the Cyber ​​Resilience Act classifies products based on their impact on cybersecurity and imposes specific compliance obligations on them.
  • This is why the most critical products are subject to strict certification processes.
  • In fact, this affects market dynamics. Whereas, intermediate and less critical classes follow simplified compliance pathways. This balances security needs and market viability.
  • Finally, this concise overview facilitates informed decision making and strategic planning for market positioning and observation.

Navigating the Cyber Resilience Act (CRA): A Quick Guide

We’ve compiled a simplified guide to help you quickly navigate the complexities of the Cyber ​​Resilience Act (CRA). Thus, this table details the objectives of this regulation on the products it covers and the essential requirements it imposes. Additionally, it also highlights the main benefits and potential obstacles of the law. Thus, this brief overview aims to inform you of the essential knowledge to understand and adapt to the implications of the ARC. By familiarizing yourself with these critical aspects now, you can advantageously stay one step ahead. This therefore guarantees you preparation for the expected developments over three years in the cybersecurity landscape within the EU by 2027.

Table 1: Overview of the CRA

Aspect Details
Aim of the CRA
  • To strengthen the cybersecurity of products and software within the EU.
Covered Products and Software
  • Hardware: Smartphones, tablets, smartwatches, desktops, laptops, routers, smart home appliances, POS systems, medical devices, etc.
  • Software: Operating systems (Windows, macOS, Linux), browsers (Chrome, Firefox, Safari), mobile apps, security software, cloud services, etc.
  • Data Storage/Processing: Hard drives, cloud storage, PCs, servers, software handling sensitive data.
Key Requirements
  • Conduct risk assessments
  • Implement security measures
  • Provide information to users
  • Report vulnerabilities
  • Cooperate with authorities
Main Benefits
  • Enhanced user security
  • Increased trust in the digital economy
  • Accelerated innovation in cybersecurity
Potential Challenges
  • Increased costs for compliance
  • Regulatory complexity
  • Risk of market fragmentation
Staying Informed
  • Regular updates and compliance checks are crucial for adherence to the CRA.

Key Takeaways

  • First, the CRA is an essential regulation having an impact on the European cybersecurity framework.
  • Then, this involves compliance with the requirements of the mandatory CRA for manufacturers, distributors and importers.
  • Finally, this has the effect of offering significant advantages but at the same time generates certain additional cost challenges.

In summary, this table format provides a concise and organized summary of the ARC. This makes it easier for you to understand its scope, requirements, benefits and challenges.

Hardware Security Module with the CRA

Under the Cyber ​​Resilience Act (CRA), Hardware Security Modules (HSMs) play a crucial role in securing Europe’s digital infrastructure. Indeed, they are the Guardians of the cryptographic keys. They are in fact the pillars of data security and digital transactions. Without question, HSMs are essential tools to meet the strict requirements of the CRA.

Definition of HSMs

Hardware and digital security modules (HSMs) play a crucial role in securing cryptographic processes. They generate, protect, and manage encryption, decryption, digital signature, and certification keys. Their importance for the protection of sensitive data and digital trust classifies them as critical products according to the Cyber Resilience Act (CRA).

Features of the HSM Hardware

Hardware HSM comes in the form of a physical device, ensuring high security against physical and logical attacks. It can be integrated into a computer system such as a PCI card or an external enclosure. These devices are evaluated and certified according to international safety standards, such as FIPS 140 and Common Criteria EAL4+, attesting to their reliability and robustness.

Benefits of Digital HSM

At the same time, digital HSM offers a software solution that provides security comparable to that of a hardware HSM. With virtualization and advanced encryption, it can be deployed on servers, cloud environments, or mobile devices. Certifications, such as FIPS 140-2 Level 1 or Common Criteria EAL2+, validate the compliance of these software solutions with rigorous security standards.

Cyber-resilience regulation certification process in force

In accordance with the requirements of the CRA, HSMs, whether physical or digital, must obtain certification from an independent body before they are placed on the market. This certification assures users that the devices meet high standards of security and protection of sensitive information.

Importance of HSMs in Cybersecurity

Hardware and digital HSMs are critical components of an organization’s security infrastructure. They secure the exchange of information by providing a reliable and certified method of protection for critical data. By facilitating secure management of cryptographic keys, HSMs build digital trust and support regulatory compliance.

In short, both hardware and digital HSMs are indispensable tools in the modern cybersecurity landscape. Their role in securing cryptographic keys and encryption processes is vital for data protection and trust in digital systems. The mandatory certification emphasizes their importance and ensures that they comply with the highest safety standards.

Hardware Security Modules (HSMs) Under the Cyber Resilience Act

Definition and Features of HSMs

HSMs are specialized devices designed for the secure management of cryptographic keys, crucial for data encryption and transaction security. These modules embody the core principles of the CRA, providing foundational security capabilities across critical and less critical sectors.

Fixed HSMs

Embedded within infrastructural setups, fixed HSMs offer enduring security solutions. These devices are pivotal in safeguarding essential services, from energy distribution to financial transactions, aligning with the CRA’s high-security benchmarks.

Removable HSMs

Offering versatility, removable HSMs, such as USB HSMs, enable secure key management across varied operational contexts. They facilitate a balance between security and mobility, catering to diverse needs within the CRA framework.

NFC HSMs

Merging NFC technology with HSM security, NFC HSMs introduce a new paradigm in contactless transaction security. Although categorized as non-critical, their adherence to CRA standards exemplifies the act’s comprehensive approach to cybersecurity, spanning from retail to access control applications.

NFC HSM and the Cyber Resilience Act (CRA): A Closer Look at Secure Technology

NFC HSM (Near Field Communication Hardware Security Module) represents a technological fusion. It integrates a hardware security module with Near Field Communication (NFC) technology like those manufactured by the Freemindtronic company in Andorra. They also have the particularities of being patented, of operating without a server, without a database and without the user needing to identify themselves or create an account to use them. They are not connected by default. This device provides secure, on-demand wireless interaction between devices over short distances, further protecting the data exchanges they encrypt.

They represent a significant advancement in secure short-range wireless communication by integrating near-field communication (NFC) with the robust security of hardware security modules (HSM). These devices provide enhanced protection of cryptographic keys and sensitive data, facilitating secure, contactless transactions and interactions with ease and flexibility.

Features and Advantages:
  • Enhanced Security: Embedded HSMs safeguard against external threats, ensuring the integrity of cryptographic keys and sensitive data.
  • Secure Authentication: NFC technology supports mutual authentication, minimizing fraud and counterfeiting risks.
  • Ease of Use: Simplified transactions through touch, eliminating manual data entry.
  • Versatility: Can be integrated into a wide array of devices and applications.
Applications:
  • Contactless Payments: Devices equipped with NFC HSM technology facilitate fast and secure transactions, enhancing user convenience and safety.
  • Access Control: These systems manage entry to secure areas, safeguarding physical and digital assets by regulating access to buildings and sensitive data.
  • Tracking and Traceability: NFC HSMs play a crucial role in supply chain management, enabling the authentication and monitoring of goods, ensuring their integrity from origin to destination.
  • Electronic Tickets: Ideal for storing digital tickets for transportation, events, and other services, streamlining the user experience while ensuring security.
  • Contactless Hardware Secrets Manager: A novel application where NFC HSMs manage passwords, encryption keys, secret keys, PIN codes, and 2FA credentials, offering a secure and convenient solution for managing digital identities and access rights across various platforms.

These examples underscore the versatility and security enhancements provided by NFC HSM technology, aligning with the objectives of the Cyber Resilience Act to foster a secure and resilient digital environment across the EU.

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

Incorporating Freemindtronic’s NFC HSM as a case study offers an insightful lens through which to view the Cyber Resilience Act’s (CRA) implications for digital product security. Freemindtronic’s approach exemplifies adherence to the CRA through its innovative security measures and compliance practices.

Exemplifying CRA Compliance: Freemindtronic’s NFC HSM

As we delve into the CRA’s extensive requirements and scope, practical examples like Freemindtronic’s NFC Hardware Security Modules (HSMs) illuminate how digital products are aligning with heightened security standards.

Meeting CRA’s Fundamental Compliance Demands:

  • Risk Assessment: Freemindtronic has not just conducted a thorough risk evaluation but has also embedded stringent risk management practices from inception through to development, manufacturing, and usage of NFC HSMs. This includes countermeasures against both invasive and non-invasive threats, reflecting the CRA’s directive for integrated risk management.
  • Security Implementations: With patented multi-security functions such as segmented key authentication and customizable trust criteria, alongside post-quantum considered AES-256 encryption in NFC HSM memories, Freemindtronic exceeds the CRA’s requirements for advanced security measures.
  • Vulnerability Disclosure: Freemindtronic’s immediate vulnerability disclosure mechanism, especially through its website, aligns with the CRA’s demand for timely vulnerability reporting to authorities, despite over seven years without detected vulnerabilities in NFC HSM products.
  • Regulatory Cooperation: Freemindtronic’s proactive partnership with Andorran regulatory bodies, including the National Cybersecurity Agency of Andorra (ANC), signifies a commitment to enhancing security collaboratively, as encouraged by the CRA.

Freemindtronic’s NFC HSM Features Enhancing CRA Compliance:

  • Serverless and Database-Free Operation: This minimizes potential attack vectors, aligning with the CRA’s focus on cybersecurity risk reduction.
  • User Anonymity and No Account Creation: By operating anonymously without user identification or account creation, It embodies a contactless plug-and-play principle, making it physically impossible to identify the NFC HSM users. Freemindtronic supports the CRA’s emphasis on user privacy and data protection.
  • End-to-End Anonymization: Freemindtronic’s NFC HSMs are not active by default, given their battery-less design. They are inert products that become active for less than a second during the use of the secret contained within the NFC HSM. Secrets used on the phone or computer are not stored in the systems; everything is conducted ephemerally in volatile memory. This approach is in strict adherence to the CRA’s data protection and confidentiality principles.
  • Innovation Patent Protection: Freemindtronic’s security solutions, underpinned by innovation patents, set a high compliance standard with the Cyber Resilience Act.

Industry Advantages:

  • Simplified Compliance Process: Freemindtronic’s NFC HSMs provide a pre-compliance solution that simplifies adherence to CRA regulations, saving time and resources for businesses.
  • Enhanced Data Security: Freemindtronic sets a security benchmark for sensitive data and cryptographic keys, embodying the CRA’s aim to standardize protection across digital products.
  • Adaptability to Diverse Applications: The flexibility of Freemindtronic’s NFC HSMs showcases the adaptability of security solutions to meet various application needs within the CRA framework.

By showcasing Freemindtronic’s NFC HSMs, we highlight how innovative security technologies can not only meet but surpass the rigorous expectations of the CRA. This insight into Freemindtronic’s compliance strategy offers a practical perspective on adhering to CRA guidelines, reinforcing the regulation’s role in boosting the cybersecurity posture of digital products within the EU.

Key Features of the CRA at a Glance

In summary, the Cyber ​​Resilience Act aims to strengthen the cybersecurity of products sold within the European Union.

This concerns a very large number of products, such as Internet-connected devices, software and online services.

Indeed, manufacturers and distributors will be required to comply with the various requirements of this European CRA regulation. In particular, they will have to carry out risk assessments on their products, implement security measures and inform users.

Thus, the Cyber Resilience Act should offer many advantages. This is characterized by increased user security. But it should also promote trust and the digital economy and help accelerate European innovation in the cybersecurity sector. However, the downside is that the ARC will impose certain challenges, such as increased costs for manufacturers and distributors, increased regulatory complexity and potential fragmentation of the single market.

Overall, the CRA constitutes an important piece of legislation that will have a major impact on the European cybersecurity landscape. It is important that all stakeholders are aware of the ARC requirements and take steps to comply with them.

The table below provides a summary of the CRA’s key features.

Table 1: Summary of the Cyber Resilience Act (CRA)

Feature Benefits Challenges
Scope
  • Wide range of products
  • Exclusion of certain products
Requirements
  • Harmonization of cybersecurity requirements
  • Costs and delays for manufacturers
Compliance
  • Certification process for critical products
  • Market fragmentation
Sanctions
  • Fines for non-compliance
  • Discouragement of vulnerability reporting
Objectives
  • Improved security and resilience
  • Impact on innovation
Impact
  • Protection of users and businesses
  • Difficulty balancing security and innovation

Finally, this table above constitutes a simple summary of the main characteristics of the CRA. So you have a more complete visual understanding of the Cyber ​​Resilience Act.

In conclusion on the European cyber-resilience act regulation

In conclusion, the Cyber Resilience Act (CRA) represents a significant step forward in the European Union’s efforts to strengthen cybersecurity and protect consumers in the digital age. While challenges remain, the CRA has the potential to create a more secure and resilient digital ecosystem for all. As the regulation comes into effect and evolves over time, it will be crucial to monitor its impact and adapt it as needed to ensure its continued effectiveness in a rapidly changing technological landscape. Ultimately, the success of the CRA will depend on the collective efforts of governments, businesses, and individuals to embrace its principles and work together to build a more secure and trustworthy digital world.

Sources

Here are some official sources which confirm this information:

Encrypted messaging: ECHR says no to states that want to spy on them

ECHR landmark ruling in favor of encrypted messaging, featuring EviCypher NFC HSM technology by Freemindtronic.

Protecting encrypted messaging: the ECHR decision

Encrypted messaging is vital for digital privacy and free speech, but complex to protect. The historic ECHR decision of February 13, 2024 supports strong encryption against government surveillance. We discuss the importance of this decision. You will discover EviCypher NFC HSM encryption technology from Freemindtronic, guardian of this decision but for all messaging services in the world.

2024 Cyberculture

Electronic Warfare in Military Intelligence

2024 Articles Cyberculture Legal information

ANSSI Cryptography Authorization: Complete Declaration Guide

2024 Articles Cyberculture

EAN Code Andorra: Why It Shares Spain’s 84 Code

Stay informed in our posts dedicated to Cyberculture to follow its evolution thanks to our regularly updated topics

Learn more through this Cyberculture section on your data encryption rights to protect your personal and professional data written by Jacques Gascuel, creator of data security solutions. Stay informed and secure with our regular news.

Encrypted messaging: ECHR says no to states that want to spy on them

The historic judgment of the European Court of Human Rights (ECHR) elevates encrypted messaging to the rank of guardian of privacy and freedom of expression. But this also poses security and public order problems. On February 13, 2024, she spoke out in favor of strong encryption, against state interference.

The ECHR has rejected Russian authorities’ request to Telegram, a messaging application, to provide private keys for encrypting its users’ communications, or to install backdoors that would allow authorities to access them. The Court considered that this request violated the rights to privacy and correspondence, as well as freedom of expression, of Telegram users.

The context of the case

The case background Six journalists and human rights activists challenged the request of the Russian authorities to Telegram before the ECHR. They claimed that this request violated their fundamental rights. They relied on Articles 8 and 10 of the European Convention on Human Rights. These articles protect the right to privacy and correspondence, and the right to freedom of expression.

The reasoning of the Court

The Court’s reasoning The Court acknowledged that the request of the Russian authorities had a legitimate aim of national security and crime prevention. However, it found that the interference with the rights of the applicants was not proportionate to the aim pursued. It emphasised that encryption plays a vital role in ensuring the confidentiality of communications and the protection of personal data. It held that the request of the Russian authorities was too general and vague. It did not offer enough safeguards against abuse. It could deter people from using encrypted messaging services.

The Court also noted that encryption helps citizens and businesses to defend themselves against the misuse of information technologies, such as hacking, identity theft, data breach, fraud and undue disclosure of confidential information. It stated that this should be duly taken into account when assessing the measures that could weaken encryption.

The Court further observed that, in order to be useful to the authorities, the information must be decrypted at some point. It suggested that the authorities should use other means to obtain the necessary information, such as undercover operations, metadata analysis and international cooperation.

The consequences of the decision

The decision’s implications The decision of the Court is final and binding for Russia. It has to implement it within a reasonable time. It also has a broader impact. It sets out principles applicable to all member states of the Council of Europe, which comprises 47 countries. It sends a strong signal in favour of the respect of fundamental rights on the internet. It aligns with the position of several international organisations, such as the UN, the EU or the OSCE. They have stressed the importance of encryption for the protection of human rights online.

The official link of the ECHR decision is: AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE and AFFAIRE PODCHASOV c. RUSSIE. You can access it by clicking on the title or copying the address in your browser.

The position of other countries in the world

Encryption of communications is not a consensual topic. Countries have different, even opposite, positions on the issue. Here are some examples:

  • The Netherlands have argued for the right to strong encryption. They considered it a human right that must be safeguarded, in the country’s own interest.
  • The United States have repeatedly asked technology companies to provide them with access to encrypted data. They invoked the need to fight terrorism. These requests have been challenged by companies, such as Apple. They refused to create backdoors in their encryption systems.
  • China adopted a cybersecurity law in 2016. It requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption. This law has been denounced by human rights defenders. They fear that it will be used to strengthen the surveillance and censorship of the Chinese regime.
  • The European Union adopted a directive on the protection of personal data in 2016. It recognizes encryption as a technical measure suitable for ensuring the security of data. The EU also supported the development of end-to-end encryption. It funded projects such as the free software Signal, which allows to encrypt calls and messages.

These examples show the divergences and convergences between different countries on the subject of encryption. They also reveal the political, economic and social issues that are at stake.

The world’s reactions to the ECHR decision on Encrypted Messaging

The ECHR decision on Encrypted Messaging has sparked different reactions in the world. Some countries praised the judgment, which boosts the protection of human rights on the internet. Other countries slammed the position of the Court, which undermines, according to them, the judicial cooperation and the national security.

The supporters of the ECHR decision

The Netherlands are among the countries that supported the ECHR decision. They argued for the right to strong encryption, considering it a human right that must be safeguarded, in the country’s own interest. The European Union also backed the Court, reminding that encryption is a technical measure suitable to ensure the security of data, in accordance with the directive on the protection of personal data adopted in 2016. The EU also stressed that it funds the development of end-to-end encryption, through projects such as the free software Signal, which allows to encrypt calls and messages.

The opponents of the ECHR decision

The United States are among the countries that opposed the ECHR decision. They have repeatedly asked technology companies to provide them with access to encrypted data, invoking the need to fight terrorism. These requests have been challenged by companies, such as Apple, which have refused to create backdoors in their encryption systems. China also expressed its disagreement with the Court, stating that encryption of communications fosters the dissemination of illegal or dangerous content, such as terrorist propaganda, child pornography or hate speech. China recalled that it has adopted in 2016 a cybersecurity law, which requires companies to cooperate with authorities to provide encryption keys or means to bypass encryption.

The non-signatories of the European

Convention on Human Rights Some countries have not reacted to the ECHR decision, because they are not signatories of the European Convention on Human Rights. This is the case for example of Russia, which ceased to be a member of the Council of Europe on March 16, 2022, after the invasion of Ukraine decided by the Kremlin. The country no longer participates in the activities of the ECHR. This is also the case of many countries in Africa, Asia or Latin America, which are not part of the Council of Europe and which have not ratified the Convention.

The signatory countries of the European Convention on Human Rights

The European Convention on Human Rights is an international treaty adopted by the Council of Europe in 1950, which aims to protect human rights and fundamental freedoms in the states parties. It entered into force in 1953, after being ratified by ten countries: Belgium, Denmark, France, Ireland, Italy, Luxembourg, the Netherlands, Norway, Sweden and the United Kingdom .

Since then, the Convention has been ratified by 36 other countries, bringing the total number of states parties to 46. They are: Albania, Germany, Andorra, Armenia, Austria, Azerbaijan, Bosnia and Herzegovina, Bulgaria, Cyprus, Croatia, Estonia, Finland, Georgia, Greece, Hungary, Iceland, Latvia, Liechtenstein, Lithuania, Malta, Moldova, Monaco, Montenegro, North Macedonia, Poland, Portugal, Romania, Russia, San Marino, Serbia, Slovakia, Slovenia, Spain, Czech Republic, Turkey and Ukraine.

All these countries recognize the jurisdiction of the European Court of Human Rights (ECHR), which is in charge of ensuring the respect of the Convention. The ECHR can be seized by any person, group of persons or non-governmental organization who claims to be a victim of a violation of the Convention by one of the states parties. The ECHR can also be seized by a state party who alleges that another state party has violated the Convention. The ECHR delivers judgments that are final and binding for the states parties.

An innovative and sovereign alternative: the EviCypher NFC HSM technology

Facing the challenges of encryption of communications, some users may look for an alternative more innovative and sovereign than the traditional messaging applications. This is the case of the EviCypher NFC HSM technology, developed by the Andorran company Freemindtronic. This technology makes it possible to generate, store, manage and use AES-256 encryption keys to encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, private messaging like Linkedin, Skype, X and even via postal mail with encrypted QR code messages, etc.

EviCypher NFC HSM: A Secure and Innovative Solution for Encrypted Messaging

Firstly, it guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Secondly, it preserves the anonymity and sovereignty of users, because it works without server and without database. It does not require internet connection, nor user account, nor phone number, nor email address. It leaves no trace of its use, nor of its user. It does not depend on the policies or regulations of the countries or companies that provide the communication services.

Thirdly, it offers an extreme portability and availability of encryption keys, thanks to the NFC technology. The user can carry his encryption keys on a physical support, such as a card, a bracelet, a key ring, etc. He can use them with any device compatible with NFC, such as a smartphone, a tablet, a computer, etc. He can also share them with other trusted users, in a simple and secure way.

Lastly, it is compatible with the EviCore NFC HSM or EviCore HSM technology, which allows to secure the access to equipment and applications. The user can thus use the same physical support to encrypt his communications and to authenticate on his different digital services.

The EviCypher NFC HSM technology guarantees the confidentiality and integrity of data, even if the messaging services are compromised for any reason, including by a court order. Indeed, it is physically impossible for Freemindtronic, the manufacturer of the DataShielder products, to provide encryption keys generated randomly by the user. These keys are stored encrypted in AES-256 via segmented keys in the HSM and NFC HSM. Only the user holds the decryption keys, which he can erase at any time.

Transforming Encrypted Messaging with EviCypher NFC HSM

The European Court of Human Rights (ECHR) decisively highlights encrypted messaging’s vital role in protecting privacy and freedom of speech. EviCypher NFC HSM, aligning perfectly with these principles, emerges as a pioneering solution. It confronts the challenges of state surveillance and privacy breaches head-on, providing unmatched defense for private communications. EviCypher NFC HSM goes beyond the ECHR’s conventional security and privacy requirements. It crafts an inviolable communication platform that honors users’ privacy rights profoundly. With its innovative approach, EviCypher NFC HSM introduces new data protection standards, forging a robust barrier against government intrusion.

Global Reach and User Empowerment

EviCypher NFC HSM’s technology has a broad global impact, seamlessly addressing the varied encryption landscapes worldwide. It provides a consistent answer to privacy and security issues, disregarding geographic limits. This global applicability makes EviCypher NFC HSM an indispensable tool for users worldwide, solidifying its position as a guardian of global privacy.

Despite potential skepticism about new technologies, the user-friendly and accessible nature of EviCypher NFC HSM aims to dispel such doubts. It promotes wider adoption among those seeking to enhance their communication security. Its compatibility with diverse devices and straightforward operation simplify encryption, facilitating an effortless shift towards secure communication practices.

EviCypher NFC HSM: A Beacon of User Autonomy

EviCypher NFC HSM technology deeply commits to empowering users. It allows individuals to generate, store, and manage their encryption keys independently, giving them direct control. This autonomy not only improves data security but also demonstrates a strong commitment to protecting users’ fundamental rights. It resonates with the values emphasized across the discussion, providing an effective way to strengthen online privacy and security. EviCypher NFC HSM marks a significant leap forward in the movement towards a more secure and private digital landscape.

This technologie HSM stands out as a state-of-the-art, self-sufficient solution, perfectly in line with the ECHR’s decisions and the worldwide need for secure encrypted communication. It leads the charge in advancing user autonomy and security, signaling a crucial evolution in encrypted messaging towards unparalleled integrity.

Incorporating EviCypher’s distinctive features—its operation without servers or databases, interoperability, and backward compatibility with all current communication systems, such as email, SMS, MMS, RCS, and social media messaging, even extending to physical mail via encrypted QR codes—highlights its adaptability and innovative spirit. EviCypher’s resistance to zero-day vulnerabilities, due to encrypting communications upfront, further underscores its exceptional security. Operating anonymously and offline, it provides instant usability without requiring user identification or account creation, ensuring seamless compatibility across phone, computer, and communication systems.

Summary at encrypted messaging

Encrypted Messaging is crucial for the digital society. It protects internet users’ privacy and freedom of expression. But it also challenges security and public order. The European Court of Human Rights (ECHR) supported strong encryption on February 13, 2024. It defended the right to encryption, against states that want to access it. Several international organizations agree with this position. They emphasize the importance of encryption for human rights online. However, the ECHR decision sparked diverse reactions worldwide. Different countries have different views on encryption.

Our conclusion on Encrypted Messaging

EviCypher NFC HSM technology is an innovative and sovereign alternative for Encrypted Messaging. Users can generate, store, manage and use AES-256 encryption keys. They can encrypt all communication systems, such as WhatsApp, sms, mms, rcs, Telegram, webmail, email client, etc. EviCypher NFC HSM technology ensures data confidentiality and integrity. It works even if messaging services are compromised. It preserves users’ anonymity and sovereignty. It does not need server or database. It offers extreme portability and availability of encryption keys, thanks to NFC technology. It is compatible with EviCore NFC HSM or EviCore HSM technology. They secure access to equipment and applications.

DataShielder products provide EviCypher NFC HSM technology. They are contactless encryption devices, guardians of keys and secrets. Freemindtronic, an Andorran company specialized in NFC security, designs and manufactures them.

DataShielder Defense NFC HSM: Protect Your Sovereign Communications

DataShielder Defense NFC HSM Protect your Sovereign Communications by Freemindtronic Andorra
DataShielder Defense NFC HSM – Jacques Gascuel: This article will be updated with any new information on the topic.

Why You Need DataShielder Defense NFC HSM

DataShielder Defense NFC HSM, a patented solution, ensures maximum confidentiality and anonymization of communications from sovereign entities. Using NFC technology, this HSM manages up to 200 secrets offline, contactless and shareable via any communication method, including email and SMS. A GreenTech innovation, it is interoperable, backward compatible and versatile, designed to immediately respond to various specific needs and customizable for enhanced secret security.

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

DataShielder Defense NFC HSM: How to Protect Your Sovereign Communications with a Revolutionary Solution

The protection of sovereign entities and the enhancement of existing defense and intelligence systems are crucial challenges in today’s world. Sovereign communications, such as those between heads of state, diplomats, military personnel, or secret agents, are constantly exposed to threats of interception, hacking, or manipulation. These threats can compromise the security, integrity, and confidentiality of sensitive information, and have serious consequences for national and international security.

To address these challenges, a revolutionary solution has been developed by Freemindtronic, a andorran company specialized in data security and encryption. This solution is called DataShielder Defense NFC HSM, and it is the ultimate solution for protecting all forms of communications of sovereign entities. This innovative and cutting-edge solution, protected by two patents, guarantees an unparalleled level of confidentiality and trust among humans, without compromise. With DataShielder, your secrets and sensitive data remain inaccessible and indecipherable, even in case of compromise of the equipment and information and communication systems.

In this article, we will explain how DataShielder Defense NFC HSM works, what are its features and benefits, and how it can be customized to suit your specific needs. We will also show how this solution could have influenced several major events in the history of communication security, and how it has received international recognition and awards for its excellence.

How DataShielder Defense NFC HSM Works

DataShielder Defense NFC HSM is a device that uses Near Field Communication (NFC) technology to create, store, and use up to 100 different secrets in a single device. A secret can be anything that you want to protect, such as an encryption key, a password, a PIN code, a cryptocurrency key, a bank account information, or a message. DataShielder allows you to share your encrypted secrets via all the means of communication available in the world, such as postal mail, webcam, email, SMS, MMS, RCS, messaging, or directly between two NFC HSM devices.

To use DataShielder, you need an Android NFC phone or tablet, and the DataShielder app, which is available for free on the Google Play Store. You also need a DataShielder Defense NFC HSM device, which is a small and discreet card that can be customized to fit different formats and accessories. The device does not require any battery or external power source, as it uses the energy of the NFC signal of the phone to operate on demand.

To create a secret, you simply need to tap your phone on the device, and choose the type of secret you want to create. You can either generate a random secret, or import an existing one. You can also add specific trust criteria for each secret, such as BSSID, geographical area, password, fingerprint, QR code or barcode scan, and phone UID. The absence of any of these criteria makes the access to the secret impossible, ensuring maximum and personalized security.

To use a secret, you simply need to tap your phone on the device, and choose the secret you want to use. You can either use it directly on your phone, or send it to another device or person. You can also use the secret to unlock secure USB or SSD keys, to log in to your favorite websites, to make secure voice calls and SMS, to manage your banking information, to generate and use cryptocurrency wallets, and more.

To share a secret, you simply need to tap your phone on the device, and choose the secret you want to share. You can either share it directly with another NFC HSM device, or encrypt it with the RSA-4096 public key of the recipient, and send it via any means of communication. The recipient will need to decrypt the secret with their NFC HSM device, using the EviSCP HSM (ZKP) protocol, which is a patented technology that ensures a secure and confidential exchange of secrets.

Differentiating Benefits of DataShielder Defense NFC HSM

DataShielder Defense NFC HSM offers a complete and adaptable solution to your needs, thanks to the set of advanced and efficient features that it incorporates. These features are based on different technologies, each with a specific name and function. Here is a summary of the main features and benefits of DataShielder:

 

Feature Technology Function Benefit
Random generation of symmetric and asymmetric encryption keys EviCypher NFC HSM Encrypt all types of data (texts, images, videos) in post-quantum AES-256. Use the RSA-4096 public key to exchange encrypted secrets between distant NFC devices. Protect your data and secrets from unauthorized access and decryption, even in case of quantum computing attacks.
Random generation of identifiers and passwords EviPass NFC HSM Generate automatically complex and complicated passwords up to 48 characters based on the 95 ASCII characters, or on bases 16, 58, 64 or 85. Import and store manually login identifiers, PIN codes, PUK, lock codes, TPM2.0 passwords, BitLocker… Log in automatically to your favorite websites. Secure your online accounts and devices with strong and unique passwords. Save time and avoid typing errors with automatic login.
Create a segmented key EviAuth NFC HSM Divide your secret into two segments and store them on two different NFC HSM devices. Require the presence of two people to reconstitute the secret. Increase the security and confidentiality of your secret by adding a human factor. Prevent the access to the secret by a single person or device.
Management of secret OTP keys EviOTP NFC HSM Store securely the secret OTP keys whose one-time passwords based on time (TOTP) or HMAC (HOTP) to generate a secondary authentication factor (2FA). Enhance the security of your online accounts and services with a second factor of authentication. Avoid the risk of losing or compromising your OTP keys.
Secure voice calls and SMS EviCall NFC HSM Store your phone contacts and make a voice call from the NFC HSM without leaving any trace in the phone history. Communicate securely and discreetly with your contacts. Avoid the interception and recording of your voice calls and SMS.
Secure management of banking information EviPay NFC HSM Store, manage and use securely the information related to credit cards and bank accounts. Protect your financial information and transactions from fraud and theft. Access and use your banking information easily and securely.
Unlocking of secure USB or SSD keys without contact EviKey NFC HSM Manage the administrator, user and temporary user PIN codes to unlock the secure USB/SSD keys without contact. Secure your external and internal storage with a contactless unlocking system. Manage the access rights and permissions of the USB/SSD keys.
Generation of cryptocurrency wallets EviSeed NFC HSM Automatically and directly create from a blockchain the secret BIP39 key, its derived key, its public key and the public address. The balance verification is done directly on the blockchain. Create and use cryptocurrency wallets securely and conveniently. Store your cryptocurrency keys in an inviolable and encrypted manner. Verify your balance directly on the blockchain.
Automatic import of private keys EviVault NFC HSM Import derived private keys by scanning their QR codes from five blockchain platforms including Bitcoin, Ethereum, Polygon, Binance Smart Chain and IOTA. Create and save also the BIP39 PassPhrases. Import and use private keys from different blockchain platforms easily and securely. Scan the QR codes and store the keys in an encrypted manner. Create and save also the BIP39 PassPhrases.
Management of authentication cards EviCore NFC HSM Scan and store the barcode or QR code of any type of card that uses this type of identification (access cards, loyalty cards sometimes linked to a payment system). Store and use authentication cards securely and conveniently. Scan the barcode or QR code and store it in an encrypted manner.
NFC HSM pairing key manager EviCore NFC HSM Manage the NFC HSM fleet within a sovereign entity. Manage and control the NFC HSM devices within your organization. Assign and revoke pairing keys for the devices.
Data encryption EviCrypt NFC HSM Encrypt your texts and files upstream before sending them to your recipients using your usual messaging services. Encrypt your data before sending it via any means of communication. Ensure that only the intended recipients can decrypt and access your data.
Use on all computer systems EviCore NFC HSM Browser Extension Use your NFC HSM with the free Freemindtronic browser extension based on Chromium and Firefox. Find the DataShielder NFC HSM functions on all your computers. Use your NFC HSM on any computer system.
Use of a virtual USB Bluetooth keyboard EviKeyboard BLE Use a virtual keyboard for secure and discreet input. Extend the use of secrets in HID mode on various computer systems, TPM2.0, BitLocker, Windows, Linux, Apple, proprietary software and web browsers. Don’t touch the keyboard. Enter a free line of code up to 52 characters. Entering BIOS passwords. Easy to use

Stealth Customization Options

The manufacturer Freemindtronic offers a customization service specially designed for sovereign entities, combining discretion and functionality.

Discreet Formats: Modified standard PVC and PCB cards for effective camouflage.

Stealth Accessories: Labels, key rings, promotional pens, and cufflinks subtly integrating NFC HSM devices.

USB Dummy Keys: Mini USB keys functioning as secret containers for the NFC HSM devices.

NFC On/Off Card: PCB cards with switchable NFC antenna for increased stealth.

These options guarantee invisible security, ideal for special operations and covert missions.

Complementary Accessories

  • Secure NFC EviKey USB and SSD Keys: These devices offer secure external and internal storage, perfectly integrated with DataShielder NFC HSM for enhanced data protection.
  • Bluetooth Virtual Keyboard EviKeyboard BLE: An innovative keyboard for secure and discreet input, complementing the DataShielder NFC HSM by an additional layer of security in data entry.

International Distinctions and Awards

The EviCypher NFC HSM technology, essential to DataShielder, has received worldwide recognition, marked by several important awards.

  • Gold Medal 2021 of the Geneva Inventions: EviCypher Technology awarded among hundreds of international inventions.
  • Three Global InfoSec Awards 2021: Awarded for being the best data security solution by Cyber Defense Magazine “Next-Gen in Crypto Security”, “Most Innovative Hardware Password Manager”, “Next-Gen in Secrets Management”.
  • Two E&T Innovation Awards 2021: Distinguished for the best communication and IT solution, as well as for the best cybersecurity solution.
  • Two nominations for the National Cyber Awards 2021 of the United Kingdom: Finalist in two categories “The Innovation in Cyber Award 2021” and “The Cyber Defense Product of the Year 2021”.
  • Gold Globee Award 2022: Cyber Computer NFC winner of a Cyber Security Global Excellence Awards®.
  • Fortress Award 2023: Awarded for its excellence in encryption and privacy protection.

Conclusion

DataShielder Defense NFC HSM is a revolutionary solution for protecting your sovereign communications. It offers a high level of security, confidentiality, and trust, without compromise. It is compatible with all types of data and communication means, and can be customized to suit your specific needs. It is also environmentally friendly, durable, and interoperable. It has received international recognition and awards for its excellence and innovation. If you are looking for a solution that can protect your secrets and sensitive data from any threat, DataShielder Defense NFC HSM is the solution for you. Contact Freemindtronic today and get your DataShielder Defense NFC HSM device. You will not regret it.

DataShielder HSM Fortress Award 2023 from FullSecure: the Andorran serverless and databaseless encryption solution

DataShielder HSM, FullSecure's Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

DataShielder HSM, FullSecure’s Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

We are proud to announce that our Andorran DataShielder HSM solution from FullSecure, developed by Freemindtronic, has won the Fortress 2023 Cyber Security Award in encryption in the product and service category. This award, awarded by the Business Intelligence Group, recognizes the excellence and innovation of companies around the world, products and people in the field of cybersecurity. DataShielder HSM from FullSecure is a serverless encryption solution that uses EviCore HSM OpenPGP technology from Freemindtronic. This technology enables to create HSM (Hardware Security Module) on any type of device (computer, phone, cloud, HD, SSD, SD, USB media) to encrypt and sign any data.

DataShielder HSM is an innovative solution that allows managing and generating many types of tokens (identifiers, passwords, certificates, encryption keys, etc.) on any available medium, whether connected or not. It offers a high level of security and performance, by encrypting, signing and authenticating data with keys stored in self-created secure hardware modules. Thus, DataShielder HSM is designed to transform any device into a HSM (Hardware Security Module), without server, without database, totally anonymous, untraceable and undetectable. The DataShielder HSM range is a complete ecosystem that meets many needs in terms of safety, cybersecurity, especially in mobility.

DataShielder HSM also incorporates the EviSign technology developed by Freemindtronic, which allows electronically signing documents with a legally recognized value. EviSign uses the OpenPGP protocol to ensure the integrity, authenticity and non-repudiation of signatures. EviSign is compatible with all document formats (PDF, Word, Excel, etc.) and can be used with any NFC reader or smartphone.

The Fortress 2023 Cyber Security Award acknowledges the work and expertise of Freemindtronic, who offers innovative and adapted solutions to the current and future challenges of cybersecurity. Freemindtronic is proud of this distinction and thank the jury of the contest as well as their customers and partners for their trust and support.

DataShielder HSM was presented in a Dual-Use version in June 2022 at Coges Eurosatory (https://www.eurosatory.com), the international defense and security exhibition. This version allows DataShielder HSM to be used for both civil and military applications, offering a level of protection adapted to each context. The Dual-Use version of DataShielder HSM will soon be available in a civilian version by the end of October 2023, to meet the growing demand from individuals and professionals keen to protect their sensitive data.

We are very proud that DataShielder HSM from FullSecure has been awarded the Fortress Cyber Security Award 2023”, said Christine Bernard, director of FullSecure. “Our solution provides an innovative and adapted response to the current and future challenges of cybersecurity. We thank the Business Intelligence Group for this distinction, as well as our customers and partners for their trust and support.

“We are also very happy to be the first Andorran company to have applied for the Fortress Cyber ​​​​Security Award created in 2018 by the Business Intelligence Group. The Business Intelligence Group is an organization that recognizes true talent and superior performance in the business world. Its Fortress Cyber ​​Security Award aims to identify and recognize the world’s leading companies and products working to protect our data and electronic assets against a growing threat from hackers.”

Fortress Cyber security Award 2023 logo
Dylan DA COSTA FERNANDES gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Eric Casanova programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Hugo Goncalves Oliveira co-gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Alex Garcia Sanchez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Adrian Serrano Gómez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Victor Gil Feliu programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Jacques Gascuel Inventor de datashielder HSM CEO de Freemindtronic Andorra el Premi Fortress 2023 cat

DataShielder HSM OpenPGP: Una solució de xifratge 100% andorrana

En resum, DataShielder HSM OpenPGP és una solució innovadora que permet crear mòduls de seguretat hardware (HSM) en qualsevol tipus de suport (ordinador, telèfon, núvol, HD, SSD, SD, clau USB) per xifrar i signar qualsevol tipus de dada. Aquesta solució utilitza la tecnologia EviCore HSM OpenPGP desenvolupada per Freemindtronic, una empresa andorrana titular de patents internacionals i líder en les tecnologies NFC HSM. Aquesta tecnologia ofereix un alt nivell de seguretat i rendiment.

Es tracta del primer producte dedicat a la gestió de claus de xifratge i de xifratge per HSM 100% andorrà. En efecte, l’equip de desenvolupament de DataShielder HSM OpenPGP és 100% d’una formació de la Universitat d’Andorra, l’única universitat pública del país. La Universitat d’Andorra és reconeguda per la seva excel·lència acadèmica i la seva recerca innovadora en els àmbits de les ciències, l’enginyeria i les tecnologies de la informació. L’equip de desenvolupament de DataShielder HSM OpenPGP va ser coordinat per un enginyer de programari de la Universitat Politècnica de Catalunya (UPC) i professor de la Universitat d’Andorra. Això fa de DataShielder HSM OpenPGP el primer sistema de xifratge d’origen andorrà a haver rebut un premi internacional, el “Fortress Cybersecurity Award”.

Aquesta solució testimonia el saber fer i el potencial d’Andorra en el camp de la ciberseguretat i el xifratge de les dades. DataShielder HSM OpenPGP és una solució que respon a les necessitats actuals i futures de les empreses i els particulars que volen protegir les seves dades sensibles al núvol o als sistemes informàtics, oferint una nova solució en el camp de la sobirania de les dades.

You will soon be able to learn more about the DataShielder HSM product line at FullSecure. Without waiting you can already learn more about the Freemindtronic technologies embedded in DataShielder HSM, by clicking on the following links:

To learn more about the Fortress 2023 Cyber Security Award and other winners, you can visit the following sites:

Premsa Nacional d’Andorra:

DataShielder HSM de la revista de tecnologia Freemindtronic Fullsecure i incrustada Bondia 29 de setembre de 2023
Diari Andorra dijous 5 octubre del 2023: Fullsecure Guanya el Premi Fortress Andorra national press

News provided by Fortress® Cybersecurity Award 2023 from Business Intelligence Group

The Business Intelligence Group was founded with the mission of recognizing true talent and superior performance in the business world. Unlike other industry award programs, these programs are judged by business executives having experience and knowledge. The organization’s proprietary and unique scoring system selectively measures performance across multiple business domains and rewards those companies whose achievements stand above those of their peers.

May 31, 2023 Related Link: https://www.bintelligence.com/posts/105-people-companies-and-products-named-in-2023-fortress-cyber-security-awards

2022 Awards Cybersecurity EviCypher Technology

Gold Globee Winner 2022 Cyber Computer NFC

Awards CES Awards Distinction Excellence

Keepser Group Award CES 2022

2022 Events EviCypher NFC HSM Exhibitions Licences Freemindtronic NFC Contactless

Secure Card CES 2022

2021 Cybersecurity Distinction Excellence EviCypher Technology finalists

E&T Innovation Awards Cybersecurity

2021 Awards Communications Distinction Excellence EviCypher Technology finalists IT

E&T Innovation Awards Communications & IT

2021 Distinction Excellence The National Cyber Awards

Highly Commended at National Cyber Awards: Freemindtronic’s 2021 Success

2021 Awards Distinction Excellence finalists

Finalists The National Cyber Awards 2021

Awards Cyberculture EviCypher Technology International Inventions Geneva NFC HSM technology

Geneva International Exhibition of Inventions 2021

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

2021 Awards International Inventions Geneva

EviCypher Gold Medal 2021 of the Geneva International Inventions

2017 Awards Embedded System Awards IoT

Award 2017 MtoM & Embedded System & IoT

2017 Cybersecurity finalists

Award FIC 2017 10th Most innovative international startup

2015 finalists NFC Contactless

Finalist Contactless Services Challenge

2015 Awards Distinction Excellence EviKey & EviDisk

FIC 2015 Distinction Excellence 19th Most innovative international startup

2014 Awards Embedded System Awards EviKey & EviDisk News

The story of the first NFC hardened USB stick EviKey

2014 Awards Electronics Embedded System Awards EviKey & EviDisk

Embedded Trophy 2014 Freemindtronic

To improve in English: If you want to download images, Freemindtronic logo, you can access the Freemindtronic media kit, which contains various files and information related to the company and its products or awards. You will find the link to the media kit at the end of this article. In addition, if you prefer to read this article in another language, or download the press release, you can choose from the following options:

  • Download the press release in English by clicking here
  • Llegeix aquest article en català clica aquí

We hope you enjoyed this article and that you learned something interesting about Freemindtronic and its innovative technology.

[Kit de mitjans de Freemindtronic]
This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.