NFC HSM device for secure contactless OTP token management (HOTP & TOTP)
The EviOTP NFC HSM Manager offers a cutting-edge, contactless hardware solution to manage one-time passwords (OTP), PINs (One-Time Authorisation Codes), and OTACs with unmatched security. Each code remains valid for only one session or transaction, which makes it ideal for high-assurance two-factor authentication (2FA).
Unlike static passwords that attackers can easily steal or reuse, the device generates a new OTP for every login. Users simply activate the code from their NFC HSM token and confirm access instantly — without ever relying on their phone, cloud services, or operating system.
Thanks to its fully offline design, the EviOTP NFC HSM Manager stores up to 100 encrypted OTP and HOTP private keys directly in the NFC HSM’s EEPROM. As a result, all secrets stay physically isolated from any software environment, protecting them from malware and data leaks.
When the user requests an OTP, the system generates the code securely and on demand in the volatile memory of an NFC Android phone — and never writes anything to permanent storage. Additionally, users can import any OTP secret in less than 3 seconds by scanning a QR code, assigning it a name, and using it immediately.
Even if a cybercriminal steals your static password, they cannot generate your OTP — because the secret key never leaves your pocket, safely stored in your contactless 2FA token.
Fully autonomous, the EviOTP NFC HSM Manager requires no USB connection, no Bluetooth pairing, and no dedicated app. It relies entirely on NFC contactless communication, providing maximum privacy, mobility, and user trust.
Ultimately, it functions as a powerful encrypted OTP key vault, delivering high-speed and high-security authentication for even the most critical environments — all without compromising usability or digital sovereignty.
EviOTP NFC HSM Manager
Secure OTP wallet built into a contactless hardware token.
The EviOTP NFC HSM Manager enables encrypted generation, storage, and usage of up to 100 private OTP and HOTP keys. This offline vault ensures full isolation and sovereignty of your 2FA secrets — with no cloud, no USB, no compromise.
Peer-to-peer trust, serverless
The EviOTP NFC HSM Manager decentralises OTP key management away from servers and IT infrastructures. It supports secure human-to-human sharing, with built-in cryptographic trust criteria, ensuring usage is restricted to verified recipients only — even remotely.
True end-to-end anonymity
This NFC HSM solution never collects or transmits any data about the user, owner, or device. OTP secrets are encrypted and stored in the module’s EEPROM. They are accessed only on demand and only in volatile memory, with no trace left behind.
Encrypted OTP sharing made easy
Share OTP secrets securely via a RSA-4096 encrypted QR Code, compatible with all communication channels — including air gap transfers using a webcam. The OTP secret remains protected throughout, ensuring zero risk of interception.
NFC Hardware Wallet OTP Token Manager
New secure end-to-end contactless OTP key manager
Simple contactless use
Create, import, and use OTP and HOTP tokens in seconds with the EviOTP NFC HSM Manager. Thanks to its patented NFC hardware integration, you can scan a QR code, store up to 100 encrypted OTP keys, and use them instantly — without cables, apps, or drivers. Tokens are generated on demand with full contactless control and no dependency on host systems.
Protection against key theft
Each OTP key remains encrypted inside the NFC HSM’s EEPROM.
Access requires a trusted NFC device with multi-factor authentication: PIN code, geolocation, phone ID, and more. Even if your phone is compromised, the keys stay isolated and physically inaccessible.
Air gap sharing via encrypted QR
Easily share OTP secret keys using RSA-4096 encrypted QR codes. No network required — transfer can be performed via webcam, print, or visual scan, making it perfect for offline and high-security environments.
Easy to use with any NFC Android phone
The solution is device-independent. OTP codes are generated in the volatile memory of the phone on demand and are never stored. Your EviOTP NFC HSM Manager can pair with any compatible Android NFC phone, enabling full mobility and zero trust in the host environment.
Contactless OTP Manager Application
The OTP token manager function is integrated in the EviCypher application from Freemindtronic.
Contactless OTP Manager supports both types of OTP. The time-based TOTP and the counter-based HOTP.
Below you can see the version history of the cloud service that uses encryption keys.
1.7.0 EviCypher by Freemindtronic application NFC phone Android
Frst version December 25, 2022
Features
- Added support for OTP Token (TOTP)
To learn more about the EviCypher by Freemindtronic application click HERE
New International Innovation – 2022 and Beyond
The EviOTP NFC HSM Manager breaks away from all traditional OTP and HOTP solutions. Protected by two international patents, this technology secures your one-time password secrets entirely offline, without storing them on a computer, mobile phone, or remote server.
Each secret key is stored encrypted in the NFC HSM module and used only on demand to generate OTP codes directly in the volatile memory of an NFC Android phone — never permanently stored or exposed.
The device fits in your pocket and works autonomously, giving you fast, contactless, and zero-trust 2FA authentication anywhere, anytime.
Unlike other digital or hardware tokens, EviOTP NFC HSM Manager supports advanced trust criteria for each key. You can restrict usage by PIN, geolocation, phone ID, and more.
You can even share OTP keys securely between remote devices using RSA-4096 encrypted QR codes — a true human-to-human encryption model that ensures complete control over your credentials.
Multi-factor authentication
Access to every OTP key is protected by user-defined trust criteria: PIN codes, temporary users, phone ID, geolocation, or time-based restrictions. The system enforces strict validation: all criteria must be met, otherwise the OTP cannot be generated.
Redundant privacy
All OTP keys remain encrypted within the device, never duplicated, and individually protected. Up to 13 distinct trust conditions can be associated with a single key, making unauthorized access physically and cryptographically impossible, even in a sharing context.
Cloudless (Serverless)
The system operates in total isolation from the internet. No servers, no sync, no external trust infrastructure. Passcodes are self-generated offline, directly from the NFC HSM, ensuring absolute data sovereignty.
Human-to-Human Secure Key Sharing
Keys can be shared securely between NFC HSMs using RSA-4096 encrypted QR codes, including over air-gapped channels (e.g., webcam scan, printout).
Shared keys are immutable — the recipient cannot alter trust criteria imposed by the sender. This guarantees authentic, human-to-human encryption, without servers or identity exposure.
End-to-end anonymity
The solution does not collect, store, or transmit any information about the user, owner, or hardware. Even when sharing encrypted keys, the system maintains anonymity while ensuring cryptographic identity confirmation. You remain unknown to the network — but trusted by the recipient.
NFC Android Compatible
Works instantly with any Android phone equipped with NFC. No pairing, no app permissions, no data leaks. OTP codes are displayed in under 3 seconds, fully contactless.
Zero Trust in Host Devices
The NFC phone is treated as an inherently untrusted environment. OTP secrets are never written or transferred to the phone. Codes are generated only when needed, only in volatile memory, and only within the conditions defined by the user.
Without trusted third party
Human correspondents establish trust directly, without relying on external systems. The sender defines immutable usage conditions, and the recipient must validate each one to activate the key. As a result, the system eliminates the need for any third-party authority — since trust is fully embedded in the device and controlled by its owner.
Secure control of the entire value chain
To ensure the absolute security of the EviOTP NFC HSM Manager, Freemindtronic fully designs, develops, and manufactures every element of the solution — from software and apps to embedded systems, electronic design, and production tools. This guarantees total sovereignty over the full value chain — from concept to final product — with no dependency on third-party vendors.
.
Hybrid physical and digital security
The EviOTP NFC HSM Manager uses an ISO/IEC 15693 NFC component to physically secure access to stored secrets.
The system encrypts OTP keys with embedded trust criteria, which the user can partially define. Most importantly, it never stores at least one of those criteria inside the device, ensuring that even if physical protection is compromised, the OTP secret remains inaccessible — and therefore effectively resists invasive attacks.
Unique Added Values of EviOTP NFC HSM Manager
Keeper of Encryption Keys
You face no risk of using the wrong OTP key. Since the system binds each OTP secret to specific trust criteria, it automatically selects and validates the correct key to generate the OTP passcode. However, if even one criterion fails, the system blocks the generation process entirely — thus making any unauthorized attempt instantly ineffective.
Mobility & Instant Use
- Works anywhere, anytime, even in offline, high-risk, or air-gapped conditions
- Simply tap your NFC Android phone, and the system generates your OTP in under 3 seconds — instantly ready for secure use.
- No setup, no login, no dependency on cloud or keyboard
Simplicity & Interoperability
- Import OTP QR codes from other apps automatically
- Compatible with most existing OTP manager solutions
- Setup and backup in seconds
- Ideal for remote or emergency usage
Dual Security Architecture.
- Hardware-level protection via ISO/IEC 15693 NFC chip (see standard)
- Logical-level protection via user-defined trust conditions
- Resistant to physical intrusion and side-channel attacks
Segmented key authentication
The patented system ensures anonymous human-to-human authentication instead of relying on machines. The sender defines immutable trust conditions (e.g. location, device, time window, fingerprint), and the recipient must validate them to activate the key. This process guarantees the integrity of the sender’s security rules, which remain unchangeable — even after secure RSA-4096 sharing.
Metadata security, monitoring, and display
- The tamper-resistant NFC HSM encrypts and isolates everything internally.
- The system generates OTP codes only on demand, using the phone’s volatile memory.
- It never saves, stores, or logs them — not even temporarily.
- Once displayed, the passcode disappears instantly.
Even if a hacker steals your phone, they would also need your admin/user PINs and meet all trust criteria to attempt any attack — without success.
Your secrets never leave the NFC. They stay in your pocket.
Contactless Secret Manager
- Automatic OTP key manager
- Automatic login manager
- Built-in RSA-4096 key generation for secure exchanges
Real-World Use Cases of EviOTP NFC HSM Manager
Here are real scenarios where the EviOTP NFC HSM Manager provides unmatched value:
MFA for Remote Access – Without Infrastructure
Use the device to authenticate to critical systems over VPN, RDP, or SSH.
No server, no database, no account needed — just the user, the NFC device, and a volatile OTP display.
Offline OTP Air Gap in Sensitive Environments
Operators authenticate in military, diplomatic, or classified operations without any connected interface. They generate OTPs via NFC and use them offline, never exposing the key or needing internet access.
Shared Access to Critical Accounts – with Human-Level Traceability
Delegate one-time or time-limited access to privileged accounts (e.g. root, admin) via a segmented key with conditions: device ID, geolocation, or usage window.
Trust remains under human control — not servers.
Zero-Trust MFA in Travel or Hostile Environments
Use your Android NFC phone and your EviOTP HSM token to authenticate anywhere, without risk of compromise, even in environments hostile to mobile security (e.g. border control, cybercafés, untrusted networks).
Healthcare or Legal Access Control with OTP Logs
Distribute OTPs to professionals requiring regulated access to patient/legal files. Logs remain human-readable, human-controlled, and unlinkable to the original issuer — enforcing both privacy and accountability.
Comparative Table – EviOTP NFC HSM vs OTP Key Managers
| Feature / Solution | EviOTP NFC HSM Manager | Feitian c200 / c300 | SmartOTP Pro (Token2) | Google Authenticator | Aegis Authenticator | FreeOTP+ |
|---|---|---|---|---|---|---|
| Private OTP key storage | ✅ Up to 100 keys | ❓ Limited | ❓ Limited | ✅ In app | ✅ In app | ✅ In app |
| Hardware-based key isolation | ✅ (EEPROM NFC HSM) | ✅ (secure chip) | ❌ Software only | ❌ | ❌ | ❌ |
| Contactless usage (NFC) | ✅ Native | ❌ USB only | ❌ USB / Bluetooth | ❌ | ❌ | ❌ |
| Connectivity | NFC (ISO/IEC 15693) | USB-A / USB-C | USB / BLE | Mobile App only | Mobile App only | Mobile App only |
| Serverless and cloudless | ✅ Yes | ✅ Yes | ✅ Yes | ❌ (Google-linked) | ✅ | ✅ |
| Air Gap compatible (QR Code sharing) | ✅ Encrypted QR (RSA 4096) | ❌ | ❌ | ❌ | ❌ | ❌ |
| Zero account / Zero ID | ✅ Zero-Knowledge | ❌ | ❌ | ❌ | ✅ | ✅ |
| No software installation required on computer | ✅ (mobile NFC only) | ❌ Software needed | ❌ Software needed | ❌ | ✅ | ✅ |
| One-time code display in volatile memory | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Trust criteria patented (geo/time/device binding) | ✅ Segmented key auth | ❌ | ❌ | ❌ | ❌ | ❌ |
| Key backup & sharing (QR encrypted) | ✅ RSA 4096 key export | ❌ | ❌ | ❌ | ❌ | ❌ |
| Multi-key support | ✅ 100 OTP/HOTP keys | ❓ Not specified | ❓ Not specified | ✅ | ✅ | ✅ |
| Zero Trust & Zero Knowledge by design | ✅ Native | ❌ | ❌ | ❌ | ❌ | ❌ |
| Open-source | ❌ No | ❌ | ❌ | ✅ | ✅ | ✅ |
Summary OTP NFC HSM Manager
Unlike all software apps and most hardware competitors:
- EviOTP NFC HSM is the only fully contactless, offline OTP key vault.
- No USB, no trust in the host phone or computer, no cloud dependency.
- It uniquely combines hardware-level isolation with secure, human-to-human encrypted key sharing and multi-factor trust conditions.
Legal & Regulatory Compliance
As a sovereign and contactless hardware solution, the EviOTP NFC HSM Manager operates entirely offline by design. Although it is not certified by external bodies, its architecture and implementation strictly follow — and often go beyond — internationally recognized standards and regulatory frameworks for cybersecurity, encryption, and data protection.
GDPR-Aligned by Design
- The system never collects, stores, or transmits personal data.
- No user identification, account creation, or metadata tracking.
- 100% local use with zero server dependency.
Fully aligned with the principles of the General Data Protection Regulation (GDPR), including data minimization, privacy by design, and sovereignty of use.
Standards-Compliant Implementation
The team developed the product in strict adherence to internationally recognized standards, including:
- ISO/IEC 15693 — for contactless NFC communication
- AES-256 — for OTP encryption and storage
- RSA 4096 — for secure key sharing via encrypted QR code
- RFC 6238 & RFC 4226 — for compatibility with TOTP and HOTP
Ready for Civil and Defense Applications
- Designed to meet the needs of critical infrastructure, defense, diplomacy, and regulated sectors
- Developed without reliance on foreign technologies or third-party infrastructures
- Follows principles of Zero Trust, Zero Knowledge, and Air Gap capability
The EviOTP NFC HSM Manager is a trusted-by-design solution, engineered to operate in extreme conditions with no compromise on confidentiality or operational independence.