- NFC HSM device for secure contactless OTP token management (HOTP & TOTP)
- Embedded in PassCypher NFC HSM (Lite & Master)
- Quantum-Resistant Passwordless Manager (Intersec Awards 2026)
- NFC Hardware Wallet OTP Token Manager
- New secure end-to-end contactless OTP key manager
- Contactless OTP Manager Application
- New International Innovation – 2022 and Beyond
- Multi-factor authentication
- Redundant privacy
- Cloudless (Serverless)
- Human-to-Human Secure Key Sharing
- End-to-end anonymity
- NFC Android Compatible
- Zero Trust in Host Devices
- Without trusted third party
- Solution Syllogism
- Secure control of the entire value chain
- Hybrid physical and digital security
- Unique Added Values of EviOTP NFC HSM Manager
- Keeper of Encryption Keys
- Mobility & Instant Use
- Simplicity & Interoperability
- Dual Security Architecture
- Segmented key authentication
- Metadata security, monitoring, and display
- Contactless Secret Manager
- Real-World Use Cases of EviOTP NFC HSM Manager
- MFA for Remote Access – Without Infrastructure
- Offline OTP Air Gap in Sensitive Environments
- Shared Access to Critical Accounts – with Human-Level Traceability
- Zero-Trust MFA in Travel or Hostile Environments
- Healthcare or Legal Access Control with OTP Logs
- Comparative Table – EviOTP NFC HSM vs OTP Key Managers
- Summary OTP NFC HSM Manager
- Legal & Regulatory Compliance
- GDPR-Aligned by Design
- Standards-Compliant Implementation
- Ready for Civil and Defense Applications
EviOTP NFC HSM Manager
Offline, contactless, and zero-trust OTP custody: TOTP/HOTP secrets stay encrypted inside the NFC HSM, while passcodes are generated RAM-only.
Offline OTP Key Vault
Encrypted TOTP/HOTP private keys stored in EEPROM inside the NFC HSM.
RAM-only Generation
One-time codes generated on demand in volatile memory—no permanent traces.
Zero-Trust Host
The phone is treated as an untrusted display surface, not a secret holder.
No USB / No Bluetooth
Reduced attack surface; fully contactless NFC operation.
Security validity conditions (must remain true)
- No secret material persists on the host device.
- No host-side identifiers are required to “make it work”.
- Stop conditions are enforced when assumptions are not met.
- “No dedicated app” is not a guarantee: claims depend on where secrets exist and when they are decrypted.
Up to 100 encrypted TOTP/HOTP keys
SHA-1 / SHA-256 / SHA-512 (HMAC)
< 3 seconds QR import & ready to use
Serverless / Cloudless MFA
Read the full technical description
EviOTP NFC HSM Manager is an Offline TOTP/HOTP private key manager (SHA-1, SHA-256, SHA-512) and
contactless HOTP manager designed as an NFC HSM OTP vault. It stores encrypted TOTP/HOTP private keys in EEPROM and generates one-time codes on demand in volatile (RAM-only) memory, making it ideal for serverless 2FA, air-gapped authentication, and zero-trust MFA without cloud, USB, or Bluetooth.
The EviOTP NFC HSM Manager offers a cutting-edge, contactless hardware solution to manage one-time passwords (OTP), PINs (One-Time Authorisation Codes), and OTACs with unmatched security. Each code remains valid for only one session or transaction, ideal for high-assurance two-factor authentication (2FA). OTP generation is requested via NFC, but the host phone is treated as an untrusted display surface.
Thanks to its fully offline design, it stores up to 100 encrypted TOTP and HOTP private keys directly in the NFC HSM EEPROM. Secrets remain physically isolated from any software environment, protecting them from malware and data leaks. QR imports remain seamless across common OTP ecosystems while secrets stay encrypted and isolated inside the NFC HSM.
When a user requests a TOTP or HOTP code, it is generated securely on demand in volatile memory on an NFC Android phone—and never written to permanent storage.Users can import an OTP secret in less than 3 seconds by scanning a QR code, assigning it a name, and using it immediately.
The design avoids USB and Bluetooth to reduce attack surface. However, “no dedicated app” is not a security guarantee; claims rely on where secrets exist, when they are decrypted, and how invalid conditions are handled. Ultimately, it functions as a powerful encrypted OTP key vault and offline TOTP manager for critical environments—without compromising usability or digital sovereignty.
Embedded in PassCypher NFC HSM (Lite & Master)
EviOTP is embedded directly inside the PassCypher NFC HSM line, enabling a contactless TOTP/HOTP manager
and offline OTP vault within sovereign security workflows.
Embedded OTP custody
Manage TOTP/HOTP secrets kept encrypted in NFC HSM EEPROM.
RAM-only OTP generation
Codes are generated on demand in volatile memory, minimizing persistent traces.
Serverless, cloudless, FIDO-free
Designed to avoid third-party trust, cloud sync, and external identity dependencies.
Choose your model
Choose your model
What this enables
- Hardware password manager with built-in TOTP.
- Passwordless manager workflows with offline OTP when OTP is required.
- Quantum-resistant security workflow that avoids third-party trust.
Real-world needs strengthened by the embedded design
Offline TOTP manager hardware, contactless 2FA token manager, NFC HSM TOTP vault, air-gapped OTP sharing, and serverless multi-factor authentication —
without exposing secrets to operating systems, cloud sync, or third-party trust.
without exposing secrets to operating systems, cloud sync, or third-party trust.
Quantum-Resistant Passwordless Manager (Intersec Awards 2026)
PassCypher positions these capabilities inside a passwordless, FIDO-free model emphasizing RAM-only handling of sensitive material.
This aligns with a strategy to reduce attack surface, avoid persistent traces, and keep verification strong when hosts are untrusted.
Read the full technical narrative
Moreover, Freemindtronic embeds the EviOTP NFC HSM Manager technology directly inside the PassCypher NFC HSM product line. Therefore, you can run a contactless TOTP manager and offline OTP vault inside a hardware device designed for sovereign security workflows. In other words, PassCypher integrates EviOTP so you can manage TOTP/HOTP secrets, keep them encrypted in NFC HSM EEPROM, and generate OTP codes on demand in volatile (RAM-only) memory — while staying serverless, cloudless, and FIDO-free.
Consequently, PassCypher works as a hardware password manager with built-in TOTP, a passwordless manager with offline OTP, and a quantum-resistant security workflow that avoids third-party trust. This embedded design strengthens real-world needs without exposing secrets to operating systems, cloud sync, or third-party trust.
In addition, PassCypher positions these capabilities inside a Quantum-Resistant Passwordless Manager approach, emphasizing RAM-only handling of sensitive material.
EviOTP NFC HSM Manager
Secure OTP wallet built into a contactless hardware token.
The EviOTP NFC HSM Manager enables encrypted generation, storage, and usage of up to 100 private TOTP and HOTP keys. This offline vault ensures full isolation and sovereignty of your 2FA secrets — with no cloud, no USB, no compromise.
Peer-to-peer trust, serverless
The EviOTP NFC HSM Manager decentralises OTP key management away from servers and IT infrastructures. It supports secure human-to-human sharing, with built-in cryptographic trust criteria, ensuring usage is restricted to verified recipients only — even remotely.
True end-to-end anonymity
This NFC HSM solution never collects or transmits any data about the user, owner, or device. OTP secrets are encrypted and stored in the module’s EEPROM. They are accessed only on demand and only in volatile memory, with no trace left behind.
Encrypted OTP sharing made easy
Share OTP secrets securely via a RSA-4096 encrypted QR Code, compatible with all communication channels — including air gap transfers using a webcam. The OTP secret remains protected throughout, ensuring zero risk of interception.
NFC Hardware Wallet OTP Token
New encryption end-to-end contactless token manager
Simple contactless use
Create, import, and use TOTP and HOTP tokens in seconds with the EviOTP NFC HSM Manager. Thanks to its patented NFC hardware integration, you can scan a QR code, store up to 100 encrypted OTP keys, and use them instantly — without cables, apps, or drivers. Tokens are generated on demand with full contactless control and no dependency on host systems.
Protection against key theft
Each OTP key remains encrypted inside the NFC HSM’s EEPROM.
Access requires a trusted NFC device with multi-factor authentication: PIN code, geolocation, phone ID, and more. Even if your phone is compromised, the keys stay isolated and physically inaccessible.
Air gap sharing via encrypted QR
Easily share OTP secret keys using RSA-4096 encrypted QR codes. No network required — transfer can be performed via webcam, print, or visual scan, making it perfect for offline and high-security environments.
Easy to use with any NFC Android phone
The solution is device-independent. OTP codes are generated in the volatile memory of the phone on demand and are never stored. Your EviOTP NFC HSM Manager can pair with any compatible Android NFC phone, enabling full mobility and zero trust in the host environment.
Contactless OTP Manager Application
The OTP token manager function is integrated in the EviCypher application from Freemindtronic.
Contactless OTP Manager supports both types of OTP. The time-based TOTP and the counter-based HOTP.
Below is the application version history. It does not imply any required cloud dependency for OTP secret custody or OTP generation.
1.7.0 EviCypher by Freemindtronic application NFC phone Android
First version December 25, 2022
Features
- Added support for OTP Token (TOTP)
To learn more about the EviCypher by Freemindtronic application click HERE
TOTP/HOTP compatibility and offline OTP manager keywords
This offline TOTP authenticator and contactless OTP generator supports RFC 6238 TOTP and RFC 4226 HOTP, including SHA-1 / SHA-256 / SHA-512. It fits common needs such as hardware TOTP token without USB, air-gapped OTP vault, NFC security key for OTP, and serverless MFA for critical systems.
New International Innovation – 2022 and Beyond
The EviOTP NFC HSM Manager breaks away from all traditional OTP and HOTP solutions. Protected by two international patents, this technology secures your one-time password secrets entirely offline, without storing them on a computer, mobile phone, or remote server.
Each secret key is stored encrypted in the NFC HSM module and used only on demand to generate OTP codes directly in the volatile memory of an NFC Android phone — never permanently stored or exposed.
The device fits in your pocket and works autonomously, giving you fast, contactless, and zero-trust 2FA authentication anywhere, anytime.
Unlike other digital or hardware tokens, EviOTP NFC HSM Manager supports advanced trust criteria for each key. You can restrict usage by PIN, geolocation, phone ID, and more.
You can even share OTP keys securely between remote devices using RSA-4096 encrypted QR codes — a true human-to-human encryption model that ensures complete control over your credentials.
Multi-factor authentication
Access to every OTP key is protected by user-defined trust criteria: PIN codes, temporary users, phone ID, geolocation, or time-based restrictions. The system enforces strict validation: all criteria must be met, otherwise the OTP cannot be generated.
Redundant privacy
All OTP keys remain encrypted within the device, never duplicated, and individually protected. Up to 13 distinct trust conditions can be associated with a single key, making unauthorized access physically and cryptographically impossible, even in a sharing context.
Cloudless (Serverless)
The system operates in total isolation from the internet. No servers, no sync, no external trust infrastructure. Passcodes are self-generated offline, directly from the NFC HSM, ensuring absolute data sovereignty.
Human-to-Human Secure Key Sharing
Keys can be shared securely between NFC HSMs using RSA-4096 encrypted QR codes, including over air-gapped channels (e.g., webcam scan, printout).
Shared keys are immutable — the recipient cannot alter trust criteria imposed by the sender. This guarantees authentic, human-to-human encryption, without servers or identity exposure.
End-to-end anonymity
The solution does not collect, store, or transmit any information about the user, owner, or hardware. Even when sharing encrypted keys, the system maintains anonymity while ensuring cryptographic identity confirmation. You remain unknown to the network — but trusted by the recipient.
NFC Android Compatible
Works instantly with any Android phone equipped with NFC. No pairing, no app permissions, no data leaks. OTP codes are displayed in under 3 seconds, fully contactless.
Zero Trust in Host Devices
The NFC phone is treated as an inherently untrusted environment. OTP secrets are never written or transferred to the phone. Codes are generated only when needed, only in volatile memory, and only within the conditions defined by the user.
Without trusted third party
Human correspondents establish trust directly, without relying on external systems. The sender defines immutable usage conditions, and the recipient must validate each one to activate the key. As a result, the system eliminates the need for any third-party authority — since trust is fully embedded in the device and controlled by its owner.
Secure control of the entire value chain
To ensure the absolute security of the EviOTP NFC HSM Manager, Freemindtronic fully designs, develops, and manufactures every element of the solution — from software and apps to embedded systems, electronic design, and production tools. This guarantees total sovereignty over the full value chain — from concept to final product — with no dependency on third-party vendors.
Hybrid physical and digital security
The EviOTP NFC HSM Manager uses an ISO/IEC 15693 NFC component to physically secure access to stored secrets.
The system encrypts OTP keys with embedded trust criteria, which the user can partially define. Most importantly, it never stores at least one of those criteria inside the device, ensuring that even if physical protection is compromised, the OTP secret remains inaccessible — and therefore effectively resists invasive attacks.
Unique Added Values of EviOTP NFC HSM Manager
Keeper of Encryption Keys
You face no risk of using the wrong OTP key. Since the system binds each OTP secret to specific trust criteria, it automatically selects and validates the correct key to generate the OTP passcode. However, if even one criterion fails, the system blocks the generation process entirely — thus making any unauthorized attempt instantly ineffective.
Mobility & Instant Use
- Works anywhere, anytime, even in offline, high-risk, or air-gapped conditions
- Simply tap your NFC Android phone, and the system generates your OTP in under 3 seconds — instantly ready for secure use.
- No setup, no login, no dependency on cloud or keyboard
Simplicity & Interoperability
- Import OTP QR codes from other apps automatically
- Compatible with most existing OTP manager solutions
- Setup and backup in seconds
- Ideal for remote or emergency usage
Dual Security Architecture
- Hardware-level protection via ISO/IEC 15693 NFC chip (see standard)
- Logical-level protection via user-defined trust conditions
- Resistant to physical intrusion and side-channel attacks
Segmented key authentication
The patented system ensures anonymous human-to-human authentication instead of relying on machines. The sender defines immutable trust conditions (e.g. location, device, time window, fingerprint), and the recipient must validate them to activate the key. This process guarantees the integrity of the sender’s security rules, which remain unchangeable — even after secure RSA-4096 sharing.
Metadata security, monitoring, and display
- The tamper-resistant NFC HSM encrypts and isolates everything internally.
- The system generates OTP codes only on demand, using the phone’s volatile memory.
- It never saves, stores, or logs them — not even temporarily.
- Once displayed, the passcode disappears instantly.
Even if a hacker steals your phone, they would also need your admin/user PINs and meet all trust criteria to attempt any attack — without success.
Your secrets never leave the NFC. They stay in your pocket.
Contactless Secret Manager
- Automatic OTP key manager
- Automatic login manager
- Built-in RSA-4096 key generation for secure exchanges
Real-World Use Cases of EviOTP NFC HSM Manager
Here are real scenarios where the EviOTP NFC HSM Manager provides unmatched value:
MFA for Remote Access – Without Infrastructure
Use the device to authenticate to critical systems over VPN, RDP, or SSH.
No server, no database, no account needed — just the user, the NFC device, and a volatile OTP display.
Offline OTP Air Gap in Sensitive Environments
Operators authenticate in military, diplomatic, or classified operations without any connected interface. They generate OTPs via NFC and use them offline, never exposing the key or needing internet access.
Shared Access to Critical Accounts – with Human-Level Traceability
Delegate one-time or time-limited access to privileged accounts (e.g. root, admin) via a segmented key with conditions: device ID, geolocation, or usage window.
Trust remains under human control — not servers.
Zero-Trust MFA in Travel or Hostile Environments
Use your Android NFC phone and your EviOTP HSM token to authenticate anywhere, without risk of compromise, even in environments hostile to mobile security (e.g. border control, cybercafés, untrusted networks).
Healthcare or Legal Access Control with OTP Logs
Distribute OTPs to professionals requiring regulated access to patient/legal files. Logs remain human-readable, human-controlled, and unlinkable to the original issuer — enforcing both privacy and accountability.
Comparative Table — OTP Key Managers (TOTP/HOTP Tokens)
This comparison is intentionally limited to solutions that store TOTP/HOTP secrets and
generate OTP codes locally as a token (hardware or software). Security keys, password managers with built-in TOTP,
and server-dependent OTP infrastructures are covered separately below to avoid scope confusion.
| Feature / Solution | EviOTP NFC HSM Manager | Feitian c200 / c300 | SmartOTP Pro (Token2) | Google Authenticator | Aegis Authenticator | FreeOTP+ |
|---|---|---|---|---|---|---|
| Offline operation (no server required) | ✓ Native | ✓ Native | ✓ Native | ✓ App-based (offline, but phone-dependent) | ✓ App-based (offline, but phone-dependent) | ✓ App-based (offline, but phone-dependent) |
| Secret storage location | Encrypted inside NFC HSM (EEPROM) | Inside hardware token (model-dependent) | Inside hardware token | Inside phone storage | Inside phone storage (supports encrypted backups) | Inside phone storage |
| Host device trusted? | No (host treated as untrusted display) | Partial (depends on workflow) | Partial (depends on workflow) | Yes (phone is the secret holder) | Yes (phone is the secret holder) | Yes (phone is the secret holder) |
| Contactless NFC usage | ✓ Primary | Model-dependent | Typically no / model-dependent | N/A (app) | N/A (app) | N/A (app) |
| RAM-only OTP generation/display | ✓ Design claim | N/A / token-generated | N/A / token-generated | No (app runtime + OS persistence risks) | No (app runtime + OS persistence risks) | No (app runtime + OS persistence risks) |
| USB / Bluetooth required | No | Model-dependent | No (token) | No | No | No |
| Cloud sync | No (by design) | No (by default) | No (by default) | Possible (Google account / device backup dependent) | Optional (backup/export dependent) | Optional (backup/export dependent) |
| Secure key sharing (air-gapped) | ✓ Encrypted QR sharing (RSA-4096) | No / limited | No / limited | No (manual / screenshot risks) | Partial (export/backup workflows) | Partial (export/backup workflows) |
| Import via QR code | ✓ | Depends (often provisioning only) | Depends (often provisioning only) | ✓ | ✓ | ✓ |
| HOTP support (RFC 4226) | ✓ | Model-dependent | Model-dependent | Partial / app-dependent | ✓ (commonly supported) | ✓ (commonly supported) |
| TOTP support (RFC 6238) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Hash options (SHA-1 / SHA-256 / SHA-512) | ✓ Automatic | Model-dependent | Model-dependent | Partial / app-dependent | ✓ (commonly supported) | ✓ (commonly supported) |
| Multi-criteria access control (PIN, geo, device rules…) | ✓ Trust-criteria model | Limited | Limited | OS-level only | OS-level + app options | OS-level + app options |
| Open-source | No | No | No | No | ✓ | ✓ |
| Best fit | Sovereign offline OTP custody + sharing | Classic hardware OTP use | Classic hardware OTP use | Convenience OTP on phone | Power users on Android | Open-source OTP app users |
Note: competitor capabilities vary by model/version. “Model-dependent” indicates features that are not consistently available across editions or workflows.
Not OTP Tokens — Frequently Confused Solutions
These solutions are often mentioned in the same conversations, but they do not match the same threat model.
They may handle authentication, secrets, or second factors — yet they are not equivalent to a TOTP/HOTP token that stores a secret and generates OTP codes locally.
| Solution category | Typical products | Why it is different from a TOTP/HOTP token |
|---|---|---|
| Security keys (FIDO2/WebAuthn) | YubiKey-class devices, FIDO2 keys | Primary model is challenge-response / phishing-resistant auth. Not designed as a multi-secret TOTP/HOTP vault with sovereign offline sharing constraints. |
| Password managers with built-in TOTP | 1Password, Bitwarden, LastPass class | TOTP is an auxiliary feature inside a trusted software vault. Secrets and codes depend on a trusted host and often cloud sync, which is a different risk model. |
| Server-dependent enterprise OTP | Centralized OTP infrastructures | Typically requires backend enrollment, policies, and lifecycle management. This is not sovereign offline custody and not optimized for air-gapped workflows. |
| Push-based authenticators | Approval apps (push) | Uses online approval flows instead of local OTP generation from a shared secret, which changes failure modes and dependencies. |
Summary OTP NFC HSM Manager
SEO long-tail: offline TOTP manager hardware, NFC HSM authenticator, contactless OTP vault, air-gapped TOTP token, serverless 2FA device, RAM-only OTP display, password manager with built-in TOTP, FIDO-free passwordless MFA.
Unlike all software apps and most hardware competitors:
- EviOTP NFC HSM is the only fully contactless, offline OTP key vault.
- No USB, no trust in the host phone or computer, no cloud dependency.
- It uniquely combines hardware-level isolation with secure, human-to-human encrypted key sharing and multi-factor trust conditions.
Legal & Regulatory Compliance
As a sovereign and contactless hardware solution, the EviOTP NFC HSM Manager operates entirely offline by design. Although it is not certified by external bodies, its architecture and implementation strictly follow — and often go beyond — internationally recognized standards and regulatory frameworks for cybersecurity, encryption, and data protection.
GDPR-Aligned by Design
- The system never collects, stores, or transmits personal data.
- No user identification, account creation, or metadata tracking.
- 100% local use with zero server dependency.
- HMAC SHA-1, SHA-256 & SHA-512 — automatic support for TOTP/HOTP private keys
Fully aligned with the principles of the General Data Protection Regulation (GDPR), including data minimization, privacy by design, and sovereignty of use.
Standards-Compliant Implementation
The team developed the product in strict adherence to internationally recognized standards, including:
- ISO/IEC 15693 — for contactless NFC communication
- AES-256 — for OTP encryption and storage
- RSA 4096 — for secure key sharing via encrypted QR code
- RFC 6238 & RFC 4226 — for compatibility with TOTP and HOTP
- Hash support (automatic): SHA-1, SHA-256, SHA-512 — for TOTP/HOTP private keys
Ready for Civil and Defense Applications
- Designed to meet the needs of critical infrastructure, defense, diplomacy, and regulated sectors
- Developed without reliance on foreign technologies or third-party infrastructures
- Follows principles of Zero Trust, Zero Knowledge, and Air Gap capability
The EviOTP NFC HSM Manager is a trusted-by-design solution, engineered to operate in extreme conditions with no compromise on confidentiality or operational independence.
FAQ – EviOTP NFC HSM Manager
Answers about this offline, contactless TOTP/HOTP private key manager and its NFC HSM OTP vault architecture.
What is EviOTP NFC HSM Manager in simple terms?
EviOTP NFC HSM Manager is an offline TOTP/HOTP manager that keeps OTP private keys encrypted in an NFC HSM. It generates one-time passcodes on demand without cloud services, USB, or Bluetooth pairing.
Does it store TOTP/HOTP private keys? Where are they kept?
Yes. It stores encrypted TOTP and HOTP private keys inside the NFC HSM EEPROM, keeping secrets isolated from operating systems and apps.
Which hash algorithms are supported for TOTP/HOTP keys (SHA-1, SHA-256, SHA-512)?
EviOTP automatically accepts TOTP and HOTP private keys using HMAC SHA-1, SHA-256, and SHA-512. As a result, imports remain seamless across common OTP ecosystems and enterprise configurations.
Is it compatible with RFC 6238 (TOTP) and RFC 4226 (HOTP)?
Yes. The system aligns with RFC 6238 (TOTP) and RFC 4226 (HOTP), while preserving offline operation and HSM-grade key isolation.
How does “RAM-only” OTP display work?
When you request a code, the OTP is generated and displayed in volatile memory (RAM-only) on a compatible NFC Android phone, without writing secrets or passcodes to persistent storage.
Can I import existing OTP secrets from other authenticators?
Yes. You can import OTP secrets by scanning a QR code. Because EviOTP supports standard OTP formats and SHA-1 / SHA-256 / SHA-512, migrations are smoother from many existing authenticator setups.
Does it work without internet access?
Yes. EviOTP is designed for serverless MFA and cloudless authentication, including offline, air-gapped, and high-risk environments.
How is OTP sharing handled in air-gapped environments?
EviOTP supports encrypted OTP sharing using RSA-4096 encrypted QR codes. Transfers can be performed via visual channels (including air gap workflows such as webcam scan or printed QR).
Is EviOTP embedded in PassCypher NFC HSM devices (Lite & Master)?
Yes. Freemindtronic embeds EviOTP technology inside PassCypher NFC HSM Lite and PassCypher NFC HSM Master, enabling a hardware password manager with built-in TOTP/HOTP workflows and an offline OTP vault approach.
How does this relate to passwordless and the Intersec Awards 2026 finalist announcement?
PassCypher is positioned as a Quantum-Resistant Passwordless Manager with a FIDO-free approach and a RAM-only philosophy. EviOTP complements that strategy by securing OTP private keys offline when OTP-based MFA is required.
Glossary
Key terms for offline TOTP/HOTP, NFC HSM, and serverless authentication.
TOTP
Time-based One-Time Password. A one-time code derived from a shared secret and time steps, commonly aligned with RFC 6238.
HOTP
HMAC-based One-Time Password. A counter-based OTP derived from a shared secret and an incrementing counter, commonly aligned with RFC 4226.
OTP private key
The secret used to generate one-time passwords. Protecting this secret is the core security requirement of any OTP system.
HMAC SHA-1 / SHA-256 / SHA-512
Hash algorithms used in HMAC for TOTP/HOTP computation. EviOTP automatically accepts private keys configured with SHA-1, SHA-256, or SHA-512.
NFC
Near Field Communication. A short-range contactless method used to interact with the NFC HSM without cables.
NFC HSM
A contactless hardware security module that stores secrets and enforces protected operations, enabling an offline OTP key vault approach.
EEPROM
Non-volatile memory used to store encrypted OTP private keys inside the NFC HSM.
RAM-only
A security approach where sensitive material is handled only in volatile memory (RAM) and is not written to persistent storage.
Serverless / Cloudless
Operation without remote servers or cloud synchronization, reducing third-party dependency and online attack surface.
Air gap
A model where systems remain physically isolated from networks. EviOTP supports air-gapped workflows via encrypted QR transfers.
RSA-4096 encrypted QR
A QR-based transfer protected with RSA-4096 encryption, enabling secure sharing across online or offline channels, including air-gapped transfers.
Zero Trust
A security approach that treats hosts and networks as untrusted by default and relies on strict validation and isolation of secrets.
Passwordless
Authentication methods that avoid reusable passwords. In this ecosystem, PassCypher promotes passwordless workflows while EviOTP secures OTP private keys offline when OTP is required.