EviCore NFC HSM
EviCore NFC HSM Security Information is a page that gathers all the security information related to the cutting-edge EviCore NFC HSM technology developed by Freemindtronic in Andorra. This Andorran company provides white-label solutions under license in secure key and cryptographic secret management through a Near Field Communication (NFC) hardware module. This technology ensures the protection and encryption of keys and secrets using advanced algorithms, offering features such as offline isolation, seamless integration with other technologies and enhanced user experience. With its robust security measures and innovative advancements, EviCore NFC HSM sets a new standard for secure communication and secret management in the digital realm. In this space, you will learn more about the proprietary EVI MtoM interface, its compatibility with ISO standards, the algorithms used and its compatibility with various international regulations.
EVI (Encrypted Virtual Interface) is a proprietary protocol developed by Freemindtronic for communication with NFC HSM (Hardware Security Module) devices, offering an exceptional level of security for sensitive data. This protocol is considered a Zero Knowledge Proof (ZKP) protocol due to its adherence to several fundamental criteria:
Secret and Randomness: EVI employs encryption keys and authentication processes that are generated with a high degree of randomness and remain confidential. These keys are not predictable or derivable from any publicly available information, ensuring that the verifier has no prior knowledge of them.
Independence of Trust Criteria: The security and trustworthiness of EVI are not dependent on the secrecy of the keys used. Even if the criteria for trust and authentication are known, they do not reveal any information about the actual secret keys or the authentication methods employed.
Length of Key Segments: EVI employs sufficiently long key segments, which makes it resistant to brute-force attacks. The segmented key approach enhances security by requiring an attacker to compromise multiple independent key components, making unauthorized access extremely difficult.
Resilience to Attacks: EVI has been designed to withstand various types of attacks, including replay attacks, modification attempts, and interception. The protocol’s security measures ensure that unauthorized parties cannot tamper with the data or use intercepted information to gain access.
In addition to these core principles, EVI incorporates patented technologies to enhance its security and functionality:
Salting System: The implementation of the patent WO2010086552 introduces a salting system to counteract keyloggers. This system adds characters at predetermined positions known only to the user, which are subsequently removed during password entry. This obscures the password’s actual characters, making it resistant to keylogger detection.
Segmented Key Authentication: EVI utilizes Freemindtronic’s segmented key authentication patent, which associates different segments of keys with various authentication factors such as biometric data, PIN codes, passwords, or device identifiers. This approach ensures that only authorized entities with the correct combination of authentication factors can access the NFC HSM device, adding an additional layer of security.
Anti-Counterfeiting Measures: EVI incorporates anti-counterfeiting systems that prevent the falsification or modification of NFC HSMs through a combination of signature mechanisms and segmented key authentication. This makes it exceedingly difficult for malicious actors to counterfeit or tamper with these devices.
User-Defined Trust Criteria: Users of EVI technology can define trust criteria tailored to their specific needs. These criteria enhance the security of secrets stored in the EEPROM memory of the NFC HSM, even in the face of invasive or non-invasive attacks, ensuring that the secrets remain encrypted with keys exceeding 256 bits in length.
Black Box Monitoring: The non-modifiable black box feature monitors NFC HSM device usage, including the number of access code entry attempts by administrators and users. In cases of unsuccessful attempts defined by the administrator, the NFC HSM is unpaired from the Android NFC phone, adding an additional layer of security and control.
EVI’s robust security measures, combined with advanced encryption and hashing algorithms, such as AES 256, AES ECB 128, AES CTR, and SHA256, make it a formidable protocol for securing sensitive information. It is compatible with Android NFC phones and can be applied in various contexts, including encryption, password management, blockchain, and payment systems.
EVI (Encrypted Virtual Interface) is a proprietary protocol developed by Freemindtronic, and its design aligns with numerous well-established information security standards and best practices. These standards encompass a wide range of aspects related to information security, including data protection, risk management, cryptography, and more. Here’s how the EVI protocol complies with these established security standards and guidelines:
ISO/IEC 27001 and ISO/IEC 27002: EVI adheres to principles of information security management, ensuring that data confidentiality, integrity, and availability are maintained. It employs strong encryption, authentication, and access control mechanisms to protect sensitive information.
Common Criteria (ISO/IEC 15408): Common Criteria provides a framework for the evaluation of security properties of IT products and systems. While EVI itself may not undergo Common Criteria evaluation, its security features align with the principles of this standard, especially in terms of protection against unauthorized access and tampering.
NIST SP 800-53 and NIST SP 800-37 Revision 2: EVI follows the NIST guidelines for security controls and the management of security in information systems. It ensures that comprehensive security measures are in place, covering aspects like access control, audit and monitoring, and security assessments.
PCI DSS (Payment Card Industry Data Security Standard): EVI’s security measures align with the stringent requirements of PCI DSS when it comes to protecting payment card data and ensuring secure transactions.
HIPAA (Health Insurance Portability and Accountability Act): In healthcare environments, where the protection of personal health information is crucial, EVI’s encryption, access controls, and monitoring mechanisms help meet the security requirements of HIPAA.
GDPR (General Data Protection Regulation): EVI supports GDPR compliance by providing strong data protection and access control mechanisms, ensuring that personal data remains confidential and secure.
FIPS PUB 140-2: While not explicitly certified under FIPS 140-2, EVI’s use of strong cryptographic algorithms aligns with the FIPS standard for cryptographic modules.
ISO/IEC 19790: This standard pertains to cryptographic modules, and EVI’s use of cryptography conforms to the requirements of ISO/IEC 19790, ensuring the security and integrity of cryptographic operations.
ISO/IEC 27034: EVI complies with secure application development principles, ensuring that its software components are designed with security in mind.
EVI’s security features and practices align with a wide array of established information security standards and best practices. These standards cover various facets of security, including data protection, risk management, encryption, and access control, ensuring that EVI provides a robust and reliable security solution for sensitive information in NFC HSM devices.
(*) These standards are related to dual-use items because they specify security requirements and evaluation criteria for cryptographic modules, which can be used for both civil and military purposes. They also cover encryption algorithms and security services using AES, which is a widely used algorithm for both civil and military applications. These standards aim to prevent the proliferation of weapons of mass destruction and to contribute to international peace and security. They also reflect the commitments agreed upon in key multilateral export control regimes, such as the Wassenaar Arrangement and the Nuclear Suppliers Group.
The EviCore NFC HSM technology from Freemindtronic employs RSA 4096 for robust and secure encryption. RSA 4096 refers to the key size used in the RSA algorithm, where 4096 represents the length of the key in bits. RSA is an asymmetric encryption algorithm widely used for secure communication, digital signatures, and data encryption.
In RSA encryption, a key pair is generated consisting of a public key and a private key. The public key is used for encryption, while the private key remains secret and is used for decryption. The security of RSA lies in the computational complexity of factoring large numbers into their prime factors, which is the foundation of the algorithm.
By utilizing RSA 4096 as a default usage, EviCore NFC HSM ensures a high level of security and future-proofing that could potentially extend beyond 2030, unlike RSA 2048. The larger key size provides increased resistance against brute-force attacks, making it computationally infeasible to factorize the key and derive the private key without sufficient computational power and time. This significantly enhances the security of the encrypted data and protects against unauthorized access.
However, it is important to note that RSA is one of the encryption algorithms that could potentially be broken by a large enough quantum computer using Shor’s algorithm . While quantum computers pose a potential threat to many encryption algorithms, they are not yet powerful enough to break present-day encryption . The National Institute of Standards and Technology (NIST) has been working on developing post-quantum cryptographic standards that are resistant to quantum computer attacks .
By integrating RSA 4096 into EviCore NFC HSM, users benefit from the robust security provided by this encryption standard. Encryption keys are automatically generated in less than 300ms with automatic storage in an NFC HSM on Android NFC phones with an MCU clocked at 2.9 GHz, 2.8 GHz or 2.2 GHz with an Octa-Core processor. It is estimated at less than one minute on Android phones with NFC and Android 6 with a Qualcomm Snapdragon 801 processor, 4 cores, 32-bit architecture, clock speed up to 2.3 GHz and 3 GB of RAM. This demonstrates that EviCore NFC HSM technology benefits from the increased performance of its smartphones, significantly reducing the time between key creation and encrypted security storage in my freemindtronic NFC HSM eeprom memory. This guarantees on the one hand the confidentiality and integrity of the RSA private key as well as the use of its automatically generated public key from the NFC HSM. This allows on the other hand, sharing secrets between NFC HSMs or their secure backups stored encrypted in RSA-4096 on any type of external storage medium.
It’s important to note that EviCore NFC HSM technology does not use servers or databases. This means that a quantum computer would have to break the encryption of a secret encrypted via the RSA-4096 public key without any other information than the encrypted result.
Overall, while RSA 4096 offers strong protection against classical attacks, Freemindtronic maintains continuous monitoring to update its technology with new post-quantum algorithms standardized by NIST as they become available.
In terms of resistance to quantum attacks between RSA 2048 and RSA 4096 or higher key sizes, both would be vulnerable to Shor’s algorithm on a large enough quantum computer. A study estimated that a quantum circuit with 372 physical qubits and a depth of thousands would be necessary to challenge RSA-2048 . However, we couldn’t find specific information on how this scales with larger key sizes such as RSA 4096.
In terms of classical security, both RSA 2048 and RSA 4096 are considered secure for now. Security experts project that 2048-bit keys will be sufficient for commercial use until around the year 2030 . The main downside to using larger keys such as 3072 or 4096 is that they are slower to process . However, some organizations may choose to use larger keys such as RSA 4096 for added security or future-proofing. With EviCore NFC HSM technology from Freemindtronic using an Android NFC phone with an MCU clocked at 2.9GHz, 2.8GHz or 2.2GHz with an Octa-Core processor type, this downside is eliminated as keys can be generated in less than 300ms and secrets can be encrypted in real-time in less than 500ms.
Are you looking for a device that uses near-field communication (NFC) technology to provide secure and convenient management of cryptographic keys and secrets? If so, you might want to consider EviCore NFC HSM. This device is a product of Freemindtronic, a company that specializes in NFC solutions. EviCore NFC HSM complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards. This standard allows for a longer communication range and a higher data transfer rate than other NFC standards.
But before you buy or use EviCore NFC HSM, you should also be aware of the legal compliance issues that may arise from using NFC devices in different countries. NFC devices are subject to various laws, directives, regulations, agreements, and rules of law at the global level. You need to comply with them to avoid legal problems.
In this article, we will give you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. This is not a comprehensive list. You should always consult your local authorities and experts before using EviCore NFC HSM in your country.
EviCore NFC HSM is compliant with FIPS 140-2, a computer security standard used to validate hardware security modules (HSMs). This standard is used by the US government and other organizations to ensure the security of sensitive data. The compliance of EviCore NFC HSM with FIPS 140-2 ensures that it meets the highest level of security standards and can be used for secure data storage and transmission.
I hope this helps. Let me know if there’s anything else I can do for you
The RED, EviCore NFC HSM also complies with the following laws and regulations in Europe:
The Personal Information Protection Act (PIPA) in South Korea requires companies to protect customers’ personal information and report data breaches. EviCore NFC HSMs are designed to help companies comply with the PIPA by protecting sensitive information stored on NFC smart cards. EviCore NFC HSMs provide enhanced security for NFC transactions by storing encryption keys and performing encryption and decryption operations on the smart card itself.
These are some of the main regulations that apply to EviCore NFC HSM in different regions of the world.
However, this is not a comprehensive list, and you should always consult your local authorities and experts before using EviCore NFC HSM in your country. You should also check the latest updates and changes in the regulations, as they may vary over time.
EviCore NFC HSM is a device that uses NFC technology to provide secure and convenient management of cryptographic keys and secrets. It complies with the IEC/ISO 15693-3:2019 standard for communication with contactless vicinity cards, which allows for a longer communication range and a higher data transfer rate than other NFC standards. It also complies with various laws, directives, regulations, agreements, and rules of law at the global level, and you need to comply with them to avoid legal problems.
We hope this article has given you an overview of some of the most important regulations that apply to EviCore NFC HSM in different regions of the world. If you have any questions or comments, please feel free to contact us at firstname.lastname@example.org or visit our website at https://freemindtronic.com/evicore-nfc-hsm/ to learn more about EviCore NFC HSM and its features and benefits.
The NFC HSMs used with EviCore NFC HSM are compliant with the RoHS directive. RoHS stands for Restriction of Hazardous Substances and is a European Union directive that restricts the use of certain hazardous materials in electronic and electrical equipment. Compliance with RoHS ensures that the NFC HSMs used with EviCore NFC HSM are environmentally friendly and safe for use