Tag Archives: OpenPGP

image_pdfimage_print

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

Digital representation of Ivanti Zero-Day Flaws threatening cybersecurity in a futuristic cityscape

Ivanti Patches Two Critical Zero-Day Vulnerabilities, One Under Active Attack

Ivanti, a leader in endpoint and network management solutions, has patched two critical zero-day vulnerabilities, one of which was actively exploited by cybercriminals. Learn more about these vulnerabilities and how to protect your organization.

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

This sentence is under a slider that shows similar topics on the zero day.

The Ivanti zero-day flaws, written by Jacques Gascuel, inventor of cybersecurity solutions, of cyber-safety of sensitive data and of counter-espionage, deal with the subject of the Ivanti Zero Day 2024 vulnerabilities.

What are Zero-Day Flaws and Why are They Dangerous?

A zero-day flaw is a previously unknown vulnerability in software that hackers can exploit before the vendor becomes aware and devises a patch. These vulnerabilities are particularly perilous because there is no existing defense against their exploitation. Cybercriminals can use zero-day flaws to launch sophisticated cyberattacks, leading to unauthorized data access, system damage, and widespread security breaches.

Ivanti’s Two Zero-Day Vulnerabilities: CVE-2024-21888 and CVE-2024-21893

Ivanti’s announcement highlights two specific vulnerabilities:

  • CVE-2024-21888: This is a critical privilege escalation vulnerability found in the web components of Ivanti Connect Secure and Policy Secure (versions 9.x, 22.x). It allows malicious users to gain administrator privileges, thereby obtaining the ability to alter system configurations, access restricted data, and potentially introduce further malicious code into the network infrastructure.
  • CVE-2024-21893: Identified as a server-side request forgery (SSRF) flaw within the SAML component of Ivanti Connect Secure, Policy Secure (versions 9.x, 22.x), and Ivanti Neurons for ZTA, this vulnerability enables attackers to bypass authentication mechanisms to access restricted resources. This flaw is particularly concerning due to its active exploitation, which suggests a targeted approach by cybercriminals to leverage this vulnerability for malicious purposes.

Ivanti has acknowledged the targeted exploitation of CVE-2024-21893 and expressed concerns over the potential for increased malicious activities following the public disclosure of these vulnerabilities.

How to Protect Your Organization from Ivanti’s Zero-Day Flaws

In response to the discovery of these vulnerabilities, Ivanti has taken swift action by releasing patches for the affected products, including specific versions of Connect Secure and ZTA. The company strongly advises a precautionary factory reset of devices before applying the patches to eliminate any lingering threats from the system. Additionally, Ivanti recommends importing a mitigation file named “mitigation.release.20240126.5.xml” as a temporary countermeasure against these vulnerabilities.

To safeguard against these vulnerabilities, organizations are urged to apply Ivanti’s patches immediately, conduct a factory reset of devices prior to patching, and adopt a proactive cybersecurity posture. This includes regular software updates, comprehensive user education on cybersecurity best practices, and the implementation of robust security measures such as firewalls, intrusion detection systems, and regular security audits.

The Impact of Ivanti’s Zero-Day Flaws on the Cybersecurity Landscape

Since the beginning of 2024, the cybersecurity community has witnessed the disclosure of six zero-day vulnerabilities within Ivanti’s product lineup, with half of them being actively exploited. A study conducted by Volexity found that more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. These attacks have affected organizations from all sectors, including government agencies, Fortune 500 companies and cloud service providers .

CISA Issues Emergency Directive for Federal Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. It requires all federal agencies to apply Ivanti’s patches and mitigations, and report any compromise to the CISA. This directive is important because it shows the urgency and the severity of the situation, and its implications for the national and international security.

Mandiant Identifies Bypass Technique and Webshell Deployment

Mandiant, a cybersecurity firm, has identified a technique that bypasses the mitigation file and allows the deployment of a custom webshell named BUSHWALK. This webshell works by injecting malicious code into the legitimate web pages of Ivanti devices, and allows the attackers to execute commands and access files on the compromised systems. Mandiant has provided a detailed description of how this webshell works, how to detect it, and how to remove it. Mandiant has also clarified that this technique is distinct from the mass exploitation that followed the disclosure of the vulnerabilities.

UNC5221: The Threat Group Behind the Targeted Exploitation

Mandiant has also attributed the exploitation of the Ivanti zero-day flaws to a threat group named UNC5221, suspected to be linked to China. This group has targeted organizations from various sectors, including government agencies, Fortune 500 companies and cloud service providers . Mandiant has also revealed the tools and the malware used by this group, such as BUSHWALK, BLOODHOUND, CHOPSTICK and SLIGHTPULSE. These tools and malware are designed to perform reconnaissance, lateral movement, credential theft and data exfiltration on the compromised networks.

The Number of Victims and the Potential Consequences

According to the latest reports from Volexity and Mandiant, more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. The sectors most affected by these intrusions include government, finance, healthcare, education, and technology. The potential consequences of these intrusions include unauthorized data access, system encryption by ransomware, installation of backdoors for persistent access, and execution of malicious code. Such incidents can lead to significant financial losses, reputational damage, operational disruptions, and legal implications for the affected organizations.

EviCypher and EviPass: Innovative Technologies to Protect Yourself from the Zero-Day Flaws

Facing the threat of the Ivanti zero-day flaws, there are innovative solutions to protect yourself effectively. These are the EviCypher and EviPass technologies, developed by Freemindtronic, a company specialized in pocket cybersecurity.

EviCypher is a NFC device that allows you to encrypt and decrypt messages securely and anonymously. You just need to slide your EviCypher card behind your smartphone for the message to be encrypted or decrypted. The system uses individual encryption keys, stored offline, in a non-volatile and physically secure memory. Thus, even if the message is intercepted by an attacker who exploits an Ivanti zero-day flaw, he will not be able to read it without the corresponding key.

EviPass is a mobile application that allows you to manage your passwords and credentials securely and conveniently. You just need to scan your EviPass card with your smartphone to access your online accounts. The application uses an OpenPGP encryption algorithm, based on public and private keys. The private keys are stored offline, in a non-volatile and physically secure memory. Thus, even if an attacker manages to access a compromised Ivanti device, he will not be able to steal the passwords and credentials without the EviPass card.

These two solutions offer a high level of security, based on the principle of “Air Gap”, which consists of creating a physical and digital barrier between the data and the attackers. They are also easy to use, without requiring any specific knowledge in cybersecurity. They are compatible with all digital communication systems, including those that use Ivanti products. They are protected by international patents, and manufactured in Andorra by Freemindtronic.

EviPass NFC NFC and EviPass HSM PGP: Freemindtronic’s Technologies for Password Management

EviPass NFC NFC and EviPass HSM PGP are two technologies developed by Freemindtronic for password management. EviPass NFC NFC is a technology that uses NFC cards to store and access passwords and credentials. EviPass HSM PGP is a technology that uses hardware security modules (HSM) to store and access passwords and credentials using the OpenPGP encryption algorithm. Both technologies are integrated into the EviPass mobile application, which allows users to manage their passwords and credentials securely and conveniently.

EviCypher NFC HSM and EviCypher HSM PGP: Freemindtronic’s Technologies for Message Encryption

EviCypher NFC HSM and EviCypher HSM PGP are two technologies developed by Freemindtronic for message encryption. EviCypher NFC HSM is a technology that uses NFC cards and hardware security modules (HSM) to encrypt and decrypt messages. EviCypher HSM PGP is a technology that uses hardware security modules (HSM) to encrypt and decrypt messages using the OpenPGP encryption algorithm. Both technologies are integrated into the EviCypher NFC device, which allows users to encrypt and decrypt messages securely and anonymously.

PassCypher and DataShielder: Freemindtronic’s Products that Incorporate EviCypher and EviPass Technologies

PassCypher and DataShielder are two products designed and manufactured by Freemindtronic that incorporate the EviCypher and EviPass technologies. PassCypher is a NFC device that connects to your smartphone or computer and allows you to access your online accounts using the EviPass technology. DataShielder is a NFC device that connects to your smartphone or computer and allows you to encrypt and decrypt messages using the EviCypher technology. With these products, you can benefit from the EviCypher and EviPass technology to protect your passwords, credentials and messages.

To learn more about these solutions, you can visit the Freemindtronic website or the Codeur blog, which present the features and benefits of EviCypher and EviPass.

Conclusion

In conclusion, the Ivanti zero-day flaws are dangerous vulnerabilities that can compromise the security and confidentiality of the users’ data. It is therefore important to protect yourself effectively against these flaws, by applying the patches provided by Ivanti, following the cybersecurity recommendations, and using innovative solutions like EviCypher and EviPass, developed by Freemindtronic. These solutions are integrated into innovative products, designed and manufactured in Andorra. Don’t wait any longer to protect yourself from the Ivanti zero-day flaws, and discover the EviCypher and EviPass solutions from Freemindtronic. What are your impressions on these products? Let us know in the comments below.

DataShielder HSM, la solució Xifratge de dades andorrana de Fullsecure – Freemindtronic, guanya el Premi Fortress 2023

Fullsecure DataShielder HSM Fortress Award Jacques Gascuel inventor CEO de Freemindtronic Andorra el premi fortress 2023 de Business Intelligence Group

DataShielder HSM Xifratge de dades, la solució andorrana de Fullsecure amb tecnologies de Freemindtronic, guanya el Premi Fortress 2023

Estem orgullosos d’anunciar que la nostra solució andorrana DataShielder HSM Xifratge de dades de Fullsecure, desenvolupada per Freemindtronic, ha guanyat el premi Fortress 2023 Cyber Security Award en la categoria de xifratge en productes i serveis. Aquest guardó, atorgat pel Business Intelligence Group, reconeix l’excel·lència i la innovació d’empreses d’arreu del món, així com de productes i persones en l’àmbit de la ciberseguretat. DataShielder HSM de Fullsecure és una solució de xifratge sense servidor que utilitza la tecnologia EviCore HSM OpenPGP de Freemindtronic. Aquesta tecnologia permet crear un H-HSM (Hybrid Hardware Security Module) en qualsevol tipus de dispositiu (ordinador, telèfon, núvol, HD, SSD, SD, suports USB) per xifrar i signar qualsevol dada.

DataShielder HSM Xifratge de dades és una solució innovadora que permet gestionar i generar diversos tipus de fitxes (identificadors, contrasenyes, certificats, claus de xifratge, etc.) en qualsevol suport disponible, estigui connectat o no. Aquesta solució ofereix un alt nivell de seguretat i rendiment, xifrant, signant i autenticant les dades amb claus emmagatzemades en mòduls de maquinari segur creats pel propi usuari. Així, DataShielder HSM està dissenyat per transformar qualsevol dispositiu en un H-HSM, sense servidor, sense base de dades, totalment anònim, inrastrejable i indetectable. La gamma DataShielder H-HSM és un ecosistema complet que cobreix moltes necessitats en termes de seguretat i ciberseguretat, especialment en mobilitat.

DataShielder HSM Xifratge de dades també incorpora la tecnologia EviSign desenvolupada per Freemindtronic, que permet signar electrònicament documents amb un valor legalment reconegut. EviSign utilitza el protocol OpenPGP per assegurar la integritat, l’autenticitat i la no-repudiació de les signatures. EviSign és compatible amb tots els formats de document (PDF, Word, Excel, etc.) i es pot utilitzar amb qualsevol lector NFC o telèfon intel·ligent.

DataShielder HSM Xifratge de dades es va presentar en una versió de doble ús el juny de 2022 a Coges Eurosatory (https://www.eurosatory.com), l’exposició internacional de defensa i seguretat. Aquesta versió permet utilitzar DataShielder H-HSM tant per a aplicacions civils com militars, oferint un nivell de protecció adaptat a cada context. La versió de doble ús de DataShielder H-HSM aviat estarà disponible en una versió civil a finals d’octubre de 2023, per satisfer la demanda creixent de persones i professionals interessats a protegir les seves dades sensibles.

El premi Fortress 2023 Cyber Security Award reconeix la feina i l’expertesa de Freemindtronic, que ofereix solucions innovadores i adaptades als reptes actuals i futurs de la ciberseguretat. Freemindtronic està orgullós d’aquesta distinció i agraeix al jurat del concurs, així com als seus clients i socis, per la seva confiança i suport.

Estem molt orgullosos que DataShielder HSM Xifratge de dades de Fullsecure hagi rebut el premi Fortress 2023 de ciberseguretat”, va dir Christine Bernard, directora de Fullsecure. “La nostra solució aporta una resposta innovadora i adaptada als reptes actuals i futurs de la ciberseguretat. Agraïm al Business Intelligence Group per aquesta distinció, així com als nostres clients i socis per la seva confiança i suport.

També estem molt contents de ser la primera empresa andorrana que ha participat al Fortress Cyber ​​​​​​Security Award creat l’any 2018 pel Business Intelligence Group. El Business Intelligence Group és una organització que reconeix el veritable talent i un rendiment superior al món empresarial. El seu premi Fortress Cyber ​​​​Security té com a objectiu identificar i reconèixer les empreses i productes líders del món que treballen per protegir les nostres dades i actius electrònics contra una amenaça creixent dels pirates informàtics.

Equip andorrà de recerca i desenvolupament del projecte DataShielder

Fortress Cyber security Award 2023 logo
Dylan DA COSTA FERNANDES gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Eric Casanova programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Hugo Goncalves Oliveira co-gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Alex Garcia Sanchez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Victor Gil Feliu programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Adrian Serrano Gómez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Jacques Gascuel Inventor de datashielder HSM CEO de Freemindtronic Andorra el Premi Fortress 2023 cat

DataShielder HSM OpenPGP: Una solució de xifratge 100% andorrana

En resum, DataShielder HSM OpenPGP és una solució innovadora que permet crear mòduls de seguretat hardware (H-HSM) en qualsevol tipus de suport (ordinador, telèfon, núvol, HD, SSD, SD, clau USB) per xifrar i signar qualsevol tipus de dada. Aquesta solució utilitza la tecnologia EviCore H-HSM OpenPGP desenvolupada per Freemindtronic, una empresa andorrana titular de patents internacionals i líder en les tecnologies NFC H-HSM. Aquesta tecnologia ofereix un alt nivell de seguretat i rendiment.

Es tracta del primer producte dedicat a la gestió de claus de xifratge i de xifratge per HSM 100% andorrà. En efecte, l’equip de desenvolupament de DataShielder HSM OpenPGP és 100% d’una formació de la Universitat d’Andorra, l’única universitat pública del país. La Universitat d’Andorra és reconeguda per la seva excel·lència acadèmica i la seva recerca innovadora en els àmbits de les ciències, l’enginyeria i les tecnologies de la informació. L’equip de desenvolupament de DataShielder HSM OpenPGP va ser coordinat per un enginyer de programari de la Universitat Politècnica de Catalunya (UPC) i professor de la Universitat d’Andorra. Això fa de DataShielder HSM OpenPGP el primer sistema de xifratge d’origen andorrà a haver rebut un premi internacional, el “Fortress Cybersecurity Award”.

Aquesta solució testimonia el saber fer i el potencial d’Andorra en el camp de la ciberseguretat i el xifratge de les dades. DataShielder HSM OpenPGP és una solució que respon a les necessitats actuals i futures de les empreses i els particulars que volen protegir les seves dades sensibles al núvol o als sistemes informàtics, oferint una nova solució en el camp de la sobirania de les dades.

Aviat podreu conèixer més detalls sobre la línia de productes DataShielder HSM de Fullsecure. Sense esperar, ja podeu conèixer més sobre les tecnologies de Freemindtronic incorporades a DataShielder HSM, fent clic als següents enllaços:

[Fullsecure] [EviCore H-HSM Open PGP] [EviCore NFC H-HSM] [Xifratge sense contacte per NFC H-HSM] [Guia de Seguretat de Dades EviKey NFC H-HSM] [EviSign]

Per conèixer més sobre el premi Fortress 2023 Cyber Security Award i altres guanyadors, podeu visitar els següents llocs web:

[Premi de Ciberseguretat Fortress] [Persones, Empreses i Productes Nomenats als Premis de Ciberseguretat Fortress 2023]

Premsa Nacional d’Andorra

DataShielder HSM de la revista de tecnologia Freemindtronic Fullsecure i incrustada Bondia 29 de setembre de 2023
Diari Andorra dijous 5 octubre del 2023: Fullsecure Guanya el Premi Fortress Andorra national press

Notícies proporcionades pel Premi de Ciberseguretat Fortress® 2023 del Business Intelligence Group.

El Business Intelligence Group va ser fundat amb la missió de reconèixer el veritable talent i la superior performance en el món empresarial. A diferència d’altres programes de premis de la indústria, aquests programes són jutjats per executius empresarials amb experiència i coneixement. El sistema de puntuació propietari i únic de l’organització mesura selectivament el rendiment en diversos àmbits empresarials i recompensa aquelles empreses els èxits de les quals destaquen per sobre dels de les seves competidores.

31 de maig de 2023

Enllaç relacionat: https://www.bintelligence.com/posts/105-people-companies-and-products-named-in-2023-fortress-cyber-security-awards

2023 Awards Fortress Cyber Security Award

DataShielder HSM Fortress Award 2023: Andorran Data Encryption Solution

2022 Awards Cybersecurity EviCypher Technology

Gold Globee Winner 2022 Cyber Computer NFC

Awards CES Awards Keepser New

Keepser Group Award CES 2022

2022 Events EviCypher NFC HSM Exhibitions Licences Freemindtronic NFC Contactless

Secure Card CES 2022

2021 Cybersecurity Distinction Excellence EviCypher Technology finalists

E&T Innovation Awards Cybersecurity

2021 Awards Communications Distinction Excellence EviCypher Technology finalists IT

E&T Innovation Awards Communications & IT

2021 Distinction Excellence The National Cyber Awards

Highly Commended at National Cyber Awards: Freemindtronic’s 2021 Success

2021 Awards Distinction Excellence finalists

Finalists The National Cyber Awards 2021

Awards Cyberculture EviCypher Technology International Inventions Geneva NFC HSM technology

Geneva International Exhibition of Inventions 2021

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

2021 Awards International Inventions Geneva

EviCypher Gold Medal 2021 of the Geneva International Inventions

2017 Awards Embedded System Awards IoT

Award 2017 MtoM & Embedded System & IoT

2017 Cybersecurity finalists

Award FIC 2017 10th Most innovative international startup

2015 finalists NFC Contactless

Finalist Contactless Services Challenge

2015 Awards Distinction Excellence EviKey & EviDisk

FIC 2015 Distinction Excellence 19th Most innovative international startup

2014 Awards Embedded System Awards EviKey & EviDisk News

The story of the first NFC hardened USB stick EviKey

2014 Awards Electronics Embedded System Awards EviKey & EviDisk

Embedded Trophy 2014 Freemindtronic

Si voleu descarregar imatges, logotip de Freemindtronic, podeu accedir al kit multimèdia Freemindtronic, que conté diversos arxius i informació relacionada amb l’empresa i els seus productes o trofeus. Trobareu l’enllaç al kit multimèdia al final d’aquest article. A més, si prefereixes llegir aquest article en un altre idioma, o descarregar-te la nota de premsa, pots triar entre les següents opcions:

  • Descarrega’t la nota de premsa en català fent clic aquí
  • Una solució andorrana guanya el premi internacional de ciberseguretat Fortress 2023
  • Read this article in English click here

Articles de premsa catalana:

Esperem que aquest article us hagi agradat i que hàgiu après alguna cosa d’interessant sobre Freemindtronic i la seva tecnologia innovadora.

[Kit de mitjans de Freemindtronic]

DataShielder HSM Fortress Award 2023: Andorran Data Encryption Solution

DataShielder HSM, FullSecure's Andorran solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

DataShielder HSM, Fullsecure’s Andorran data encryption solution featuring Freemindtronic technologies, wins the 2023 Fortress Award

We are proud to announce that our Andorran DataShielder HSM solution from Fullsecure, developed by Freemindtronic, has won the Fortress 2023 Cyber Security Award in encryption in the product and service category. This award, awarded by the Business Intelligence Group, recognizes the excellence and innovation of companies around the world, products and people in the field of cybersecurity. DataShielder HSM from Fullsecure is a serverless encryption solution that uses EviCore HSM OpenPGP technology from Freemindtronic. This technology creates Hybrid Hardware Security Modules (H-HSM) on any device, such as computers, phones, cloud storage, HDs, SSDs, SD cards, and USB media. By combining hardware and software, the hardware securely stores keys, ensuring high-level security, while the software handles encryption and signing. This hybrid approach leverages the strengths of both components, providing robust security and flexibility.

DataShielder HSM is an innovative solution that manages and generates various types of tokens (identifiers, passwords, certificates, encryption keys, etc.) on any medium, whether connected or not. It offers high security and performance by encrypting, signing, and authenticating data with keys stored in self-created secure hardware modules. DataShielder HSM transforms any device into a Hardware Security Module (HSM) without the need for servers or databases, ensuring total anonymity, untraceability, and undetectability. The DataShielder HSM range is a comprehensive ecosystem that addresses numerous safety and cybersecurity needs, particularly in mobility.

DataShielder HSM also incorporates the EviSign technology developed by Freemindtronic, which allows electronically signing documents with a legally recognized value. EviSign uses the OpenPGP protocol to ensure the integrity, authenticity and non-repudiation of signatures. EviSign is compatible with all document formats (PDF, Word, Excel, etc.) and can be used with any NFC reader or smartphone.

The Fortress 2023 Cyber Security Award acknowledges the work and expertise of Freemindtronic, who offers innovative and adapted solutions to the current and future challenges of cybersecurity. Freemindtronic is proud of this distinction and thank the jury of the contest as well as their customers and partners for their trust and support.

DataShielder HSM was presented in a Dual-Use version in June 2022 at Coges Eurosatory (https://www.eurosatory.com), the international defense and security exhibition. This version allows DataShielder HSM Hybrid Encryption Solutions to be used for both civil and military applications, offering a level of protection adapted to each context. The Dual-Use version of DataShielder HSM will soon be available in a civilian version by the end of October 2023, to meet the growing demand from individuals and professionals keen to protect their sensitive data.

We are very proud that DataShielder HSM from Fullsecure has been awarded the Fortress Cyber Security Award 2023”, said Christine Bernard, director of Fullsecure. “Our solution provides an innovative and adapted response to the current and future challenges of cybersecurity. We thank the Business Intelligence Group for this distinction, as well as our customers and partners for their trust and support.

“We are also very happy to be the first Andorran company to have applied for the Fortress Cyber ​​​​Security Award created in 2018 by the Business Intelligence Group. The Business Intelligence Group is an organization that recognizes true talent and superior performance in the business world. Its Fortress Cyber ​​Security Award aims to identify and recognize the world’s leading companies and products working to protect our data and electronic assets against a growing threat from hackers.”

Fortress Cyber security Award 2023 logo
Dylan DA COSTA FERNANDES gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Eric Casanova programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Hugo Goncalves Oliveira co-gerent programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Alex Garcia Sanchez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Adrian Serrano Gómez programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Victor Gil Feliu programador de DataShielder HSM a Freemindtronic premi Fortress Cybersecurity award 2023
Jacques Gascuel Inventor de datashielder HSM CEO de Freemindtronic Andorra el Premi Fortress 2023 cat

DataShielder HSM OpenPGP: Una solució de xifratge 100% andorrana

En resum, DataShielder HSM OpenPGP és una solució innovadora que permet crear mòduls de seguretat hardware (HSM) en qualsevol tipus de suport (ordinador, telèfon, núvol, HD, SSD, SD, clau USB) per xifrar i signar qualsevol tipus de dada. Aquesta solució utilitza la tecnologia EviCore HSM OpenPGP desenvolupada per Freemindtronic, una empresa andorrana titular de patents internacionals i líder en les tecnologies NFC HSM. Aquesta tecnologia ofereix un alt nivell de seguretat i rendiment.

Es tracta del primer producte dedicat a la gestió de claus de xifratge i de xifratge per HSM 100% andorrà. En efecte, l’equip de desenvolupament de DataShielder HSM OpenPGP és 100% d’una formació de la Universitat d’Andorra, l’única universitat pública del país. La Universitat d’Andorra és reconeguda per la seva excel·lència acadèmica i la seva recerca innovadora en els àmbits de les ciències, l’enginyeria i les tecnologies de la informació. L’equip de desenvolupament de DataShielder HSM OpenPGP va ser coordinat per un enginyer de programari de la Universitat Politècnica de Catalunya (UPC) i professor de la Universitat d’Andorra. Això fa de DataShielder HSM OpenPGP el primer sistema de xifratge d’origen andorrà a haver rebut un premi internacional, el “Fortress Cybersecurity Award”.

Aquesta solució testimonia el saber fer i el potencial d’Andorra en el camp de la ciberseguretat i el xifratge de les dades. DataShielder HSM OpenPGP és una solució que respon a les necessitats actuals i futures de les empreses i els particulars que volen protegir les seves dades sensibles al núvol o als sistemes informàtics, oferint una nova solució en el camp de la sobirania de les dades.

You will soon be able to learn more about the DataShielder HSM product line at Fullsecure. Without waiting you can already learn more about the Freemindtronic technologies embedded in DataShielder HSM, by clicking on the following links:

To learn more about the Fortress 2023 Cyber Security Award and other winners, you can visit the following sites:

Premsa Nacional d’Andorra:

DataShielder HSM de la revista de tecnologia Freemindtronic Fullsecure i incrustada Bondia 29 de setembre de 2023
Diari Andorra dijous 5 octubre del 2023: Fullsecure Guanya el Premi Fortress Andorra national press

News provided by Fortress® Cybersecurity Award 2023 from Business Intelligence Group

The Business Intelligence Group was founded with the mission of recognizing true talent and superior performance in the business world. Unlike other industry award programs, these programs are judged by business executives having experience and knowledge. The organization’s proprietary and unique scoring system selectively measures performance across multiple business domains and rewards those companies whose achievements stand above those of their peers.

May 31, 2023 Related Link: https://www.bintelligence.com/posts/105-people-companies-and-products-named-in-2023-fortress-cyber-security-awards

2023 Awards Fortress Cyber Security Award

DataShielder HSM Fortress Award 2023: Andorran Data Encryption Solution

2022 Awards Cybersecurity EviCypher Technology

Gold Globee Winner 2022 Cyber Computer NFC

Awards CES Awards Keepser New

Keepser Group Award CES 2022

2022 Events EviCypher NFC HSM Exhibitions Licences Freemindtronic NFC Contactless

Secure Card CES 2022

2021 Cybersecurity Distinction Excellence EviCypher Technology finalists

E&T Innovation Awards Cybersecurity

2021 Awards Communications Distinction Excellence EviCypher Technology finalists IT

E&T Innovation Awards Communications & IT

2021 Distinction Excellence The National Cyber Awards

Highly Commended at National Cyber Awards: Freemindtronic’s 2021 Success

2021 Awards Distinction Excellence finalists

Finalists The National Cyber Awards 2021

Awards Cyberculture EviCypher Technology International Inventions Geneva NFC HSM technology

Geneva International Exhibition of Inventions 2021

Awards Global Infosec Awards News Press

List of Winners Global Infosec Awards 2021

2021 Awards International Inventions Geneva

EviCypher Gold Medal 2021 of the Geneva International Inventions

2017 Awards Embedded System Awards IoT

Award 2017 MtoM & Embedded System & IoT

2017 Cybersecurity finalists

Award FIC 2017 10th Most innovative international startup

2015 finalists NFC Contactless

Finalist Contactless Services Challenge

2015 Awards Distinction Excellence EviKey & EviDisk

FIC 2015 Distinction Excellence 19th Most innovative international startup

2014 Awards Embedded System Awards EviKey & EviDisk News

The story of the first NFC hardened USB stick EviKey

2014 Awards Electronics Embedded System Awards EviKey & EviDisk

Embedded Trophy 2014 Freemindtronic

To improve in English: If you want to download images, Freemindtronic logo, you can access the Freemindtronic media kit, which contains various files and information related to the company and its products or awards. You will find the link to the media kit at the end of this article. In addition, if you prefer to read this article in another language, or download the press release, you can choose from the following options:

  • Download the press release in English by clicking here
  • Llegeix aquest article en català clica aquí

We hope you enjoyed this article and that you learned something interesting about Freemindtronic and its innovative technology.

[Kit de mitjans de Freemindtronic]

Electronic Signature HSM OpenPGP

Electronic Signature from DataShielder

Electronic signatures are increasingly being used to authenticate and protect documents online. But did you know that there are different levels of security for electronic signatures? According to the eIDAS regulation, there are three types of electronic signatures: simple, advanced and qualified. Each type offers a different degree of reliability and safety. In this article, we will look at simple electronic signatures and explain how HSM OpenPGP can make them more secure.

Simple Electronic Signatures

A simple electronic signature is the most basic form of electronic signature. It has no specific criteria defined by the eIDAS regulation. It is based solely on the express or implied consent of the author of the document. For example, a simple click on an “I agree” button or entering a name in a form field can be considered a simple electronic signature.

Simple electronic signatures are used for documents that do not require increased security, such as newsletters, surveys or contact forms. They have limited legal value, as they do not guarantee the identity of the signer or the integrity of the document.

Simple electronic signatures present several risks for data security. First of all, they are easy to forge or usurp. It is enough to know the name or email address of the signer to be able to sign in his place. Then, they are vulnerable to computer attacks. A hacker can intercept, modify or delete the signed document without the signer or the recipient noticing. Finally, they are difficult to verify. There is no simple and reliable way to prove the authenticity and validity of a simple electronic signature.

Il is a tool that allows you to sign your electronic documents in compliance with the eIDAS regulation. HSM OpenPGP offers you several advantages to enhance the security of your simple electronic signatures:

HSM OpenPGP uses an asymmetric cryptography system to protect your data. Each signer has a pair of keys: a public key and a private key. The public key is used to verify the signature, while the private key is used to sign the document. The private key is stored in a secure digital vault and is only accessible to the signer. HSM OpenPGP generates a timestamp for each signed document. The timestamp is an indelible proof of the date and time of the signature. It ensures the integrity of the document and prevents tampering or repudiation. HSM OpenPGP allows you to choose the level of security of your electronic signature according to your needs. You can opt for a simple, advanced or qualified electronic signature. Each level offers additional guarantees on the identity of the signer and the validity of the document. It is therefore a tool that allows you to sign your electronic documents with confidence and compliance. If you want to learn more about HSM OpenPGP and its features, feel free to visit our website or contact us.

Advanced Electronic Signatures

Electronic signatures are increasingly used to authenticate and protect online documents. But not all electronic signatures are equal. According to the eIDAS regulation, there are three types of electronic signatures: simple, advanced and qualified. Each type offers a different level of reliability and security. In this article, we will focus on advanced electronic signatures and explain how HSM OpenPGP can make them safer.

An advanced electronic signature is a form of electronic signature that offers a higher level of security than a simple electronic signature. It is based on a digital certificate issued by a trusted third party, called a qualified trust service provider (QTSP). This certificate allows to authenticate the identity of the signer and to ensure the integrity of the signed document. To be considered as an advanced electronic signature, the signature must meet several criteria defined by the eIDAS regulation. It must be:

  • Uniquely linked to the signer;
  • Capable of identifying the signer;
  • Created using signature creation data that the signer can use under his exclusive control;
  • Linked to the signed data in such a way that any subsequent modification of the data is detectable.

Advanced electronic signatures are used for documents that require increased security, such as contracts, invoices or tax declarations. They have a stronger legal value than simple electronic signatures, because they can prove the origin and integrity of the document.

It is an encryption key management application that provides unparalleled security and privacy to users. It is compatible with all messaging services and offers end-to-end encrypted instant messaging via segmented key authentication SMS. It also has a file encryption and data signing system with signature self-verification.

  • eIDAS compliance: By using HSM OpenPGP for advanced electronic signatures, you can be sure that your signatures meet the requirements of the eIDAS (Electronic IDentification, Authentication and Trust Services) regulation, which was established in July 2016 to define the criteria for an electronic signature process within the European Union.
  • Timestamp of signed documents: HSM OpenPGP generated a timestamp for each signed document. The timestamp is indelible proof of the date and time of the signature. It ensures the integrity of the document and prevents falsification or repudiation.
  • Choice of security level: HSM OpenPGP also allows you to choose the level of security of your electronic signature according to your needs.
  • Advanced features for data security and privacy: In addition to meeting eIDAS requirements for advanced electronic signatures, HSM OpenPGP also offers other data security and privacy benefits. For example, it allows you to generate, store, and use all types of symmetric and asymmetric keys offline for Open PGP encryption algorithms. The user can freely choose the algorithm he wants to use from AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing, or use with HSM OpenPGP.

By using HSM OpenPGP for advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS regulation, but also additional protection for your data thanks to the advanced features offered by HSM OpenPGP.

Compliance with eIDAS Regulation

It is an innovative application for managing encryption keys and signing files. Although HSM OpenPGP offers an interesting approach to electronic signatures, it is important to note that its approach differs from the requirements for a qualified electronic signature under the eIDAS regulation.

The eIDAS Regulation (No 910/2014) was adopted on 23 July 2014 by the European Parliament and the European Union Council. It aims to strengthen trust in electronic transactions within the internal market by establishing a common foundation for secure electronic interactions between citizens, businesses and public authorities. According to this regulation, a qualified electronic signature must be created using a secure signature creation device (DSC) that ensures that the signature creation data is under the exclusive control of the signatory. It must also be based on a qualified electronic signature certificate that attests to the identity of the signatory and is issued by a qualified trust service provider (PSC) meeting applicable technical and regulatory requirements. Finally, it must allow the signatory to be identified and any subsequent changes to the signed data to be detected.

To learn more about the eIDAS Regulation, you can visit the EUR-Lex website at the following address:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014R0910

HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation because its approach does not rely on the use of a secure signature creation device (DSC) or a qualified certificate for electronic signatures issued by a qualified trust service provider (PSC).

However, It’s offers an innovative approach in the field of file signing and data encryption. HSM OpenPGP allows the signatory to generate, store and share their own public key and signature hash without relying on an external trusted third party. HSM OpenPGP uses technology patented by Freemindtronic on segmented key authentication to provide users with an unparalleled level of security and privacy. HSM OpenPGP also allows you to choose the level of security for your electronic signature based on your needs.

In short, although HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation, it offers an innovative approach to simple and advanced electronic signatures with a high level of security and privacy.

According to the eIDAS Regulation, an advanced electronic signature must meet the following criteria:

  • It is uniquely linked to the signatory.
  • It allows the signatory to be identified.
  • It is created using data that the signatory can use under their exclusive control.
  • It is linked to the data to which it relates in such a way that any subsequent changes to the data can be detected.

It is appears to meet these criteria by allowing the signatory to generate their own private key using an application on their phone. The private key is encrypted and stored in the keychain (Apple) or key store (Android) and is only accessible to the signatory. The signatory creates their signature in .asc format from their private key after authenticating by entering at least one key or two or three. The signatory then sends the signature and their public key to the recipient so that they can verify that the file has not been corrupted.

By using HSM OpenPGP for advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS Regulation, but also additional protection for your data thanks to HSM OpenPGP’s advanced features. For example, it has a file encryption system and data signing with self-verification of signatures. The user can freely choose which algorithm they want to use among AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing or use with HSM OpenPGP.

In conclusion, although HSM OpenPGP does not generate a qualified electronic signature within the meaning of the eIDAS Regulation, it offers an innovative approach to simple and advanced electronic signatures with a high level of security and privacy. It is appears to meet the criteria for an advanced electronic signature by allowing the signatory to generate their own private key using an application on their phone and providing users with an unparalleled level of security and privacy thanks to its patented technology. By using HSM OpenPGPfor advanced electronic signatures, you not only benefit from a high level of reliability and security in accordance with the eIDAS Regulation, but also additional protection for your data thanks to HSM OpenPGP’s advanced features. For example, it has a file encryption system and data signing with self-verification of signatures. The user can freely choose which algorithm they want to use among AES 128 192 256 or RSA 2048 3072 4096 Open PGP. They can also import or export existing keys for storage, management, sharing or use with HSM OpenPGP.

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.