The EviOTP NFC HSM Manager offers a cutting-edge, contactless hardware solution to manage one-time passwords (OTP), PINs (One-Time Authorisation Codes), and OTACs with unmatched security. Each code remains valid for only one session or transaction, which makes it ideal for high-assurance two-factor authentication (2FA).
Unlike static passwords that attackers can easily steal or reuse, the device generates a new OTP for every login. Users simply activate the code from their NFC HSM token and confirm access instantly — without ever relying on their phone, cloud services, or operating system.
Thanks to its fully offline design, the EviOTP NFC HSM Manager stores up to 100 encrypted OTP and HOTP private keys directly in the NFC HSM’s EEPROM. As a result, all secrets stay physically isolated from any software environment, protecting them from malware and data leaks.
When the user requests an OTP, the system generates the code securely and on demand in the volatile memory of an NFC Android phone — and never writes anything to permanent storage. Additionally, users can import any OTP secret in less than 3 seconds by scanning a QR code, assigning it a name, and using it immediately.
Even if a cybercriminal steals your static password, they cannot generate your OTP — because the secret key never leaves your pocket, safely stored in your contactless 2FA token.
Fully autonomous, the EviOTP NFC HSM Manager requires no USB connection, no Bluetooth pairing, and no dedicated app. It relies entirely on NFC contactless communication, providing maximum privacy, mobility, and user trust.
Ultimately, it functions as a powerful encrypted OTP key vault, delivering high-speed and high-security authentication for even the most critical environments — all without compromising usability or digital sovereignty.
Secure OTP wallet built into a contactless hardware token.
The EviOTP NFC HSM Manager enables encrypted generation, storage, and usage of up to 100 private OTP and HOTP keys. This offline vault ensures full isolation and sovereignty of your 2FA secrets — with no cloud, no USB, no compromise.
The EviOTP NFC HSM Manager decentralises OTP key management away from servers and IT infrastructures. It supports secure human-to-human sharing, with built-in cryptographic trust criteria, ensuring usage is restricted to verified recipients only — even remotely.
Share OTP secrets securely via a RSA-4096 encrypted QR Code, compatible with all communication channels — including air gap transfers using a webcam. The OTP secret remains protected throughout, ensuring zero risk of interception.
Create, import, and use OTP and HOTP tokens in seconds with the EviOTP NFC HSM Manager. Thanks to its patented NFC hardware integration, you can scan a QR code, store up to 100 encrypted OTP keys, and use them instantly — without cables, apps, or drivers. Tokens are generated on demand with full contactless control and no dependency on host systems.
Each OTP key remains encrypted inside the NFC HSM’s EEPROM.
Access requires a trusted NFC device with multi-factor authentication: PIN code, geolocation, phone ID, and more. Even if your phone is compromised, the keys stay isolated and physically inaccessible.
Easily share OTP secret keys using RSA-4096 encrypted QR codes. No network required — transfer can be performed via webcam, print, or visual scan, making it perfect for offline and high-security environments.
The solution is device-independent. OTP codes are generated in the volatile memory of the phone on demand and are never stored. Your EviOTP NFC HSM Manager can pair with any compatible Android NFC phone, enabling full mobility and zero trust in the host environment.
The OTP token manager function is integrated in the EviCypher application from Freemindtronic.
Contactless OTP Manager supports both types of OTP. The time-based TOTP and the counter-based HOTP.
Below you can see the version history of the cloud service that uses encryption keys.
1.7.0 EviCypher by Freemindtronic application NFC phone Android
Frst version December 25, 2022
Features
To learn more about the EviCypher by Freemindtronic application click HERE
The EviOTP NFC HSM Manager breaks away from all traditional OTP and HOTP solutions. Protected by two international patents, this technology secures your one-time password secrets entirely offline, without storing them on a computer, mobile phone, or remote server.
Each secret key is stored encrypted in the NFC HSM module and used only on demand to generate OTP codes directly in the volatile memory of an NFC Android phone — never permanently stored or exposed.
The device fits in your pocket and works autonomously, giving you fast, contactless, and zero-trust 2FA authentication anywhere, anytime.
Unlike other digital or hardware tokens, EviOTP NFC HSM Manager supports advanced trust criteria for each key. You can restrict usage by PIN, geolocation, phone ID, and more.
You can even share OTP keys securely between remote devices using RSA-4096 encrypted QR codes — a true human-to-human encryption model that ensures complete control over your credentials.
Access to every OTP key is protected by user-defined trust criteria: PIN codes, temporary users, phone ID, geolocation, or time-based restrictions. The system enforces strict validation: all criteria must be met, otherwise the OTP cannot be generated.
All OTP keys remain encrypted within the device, never duplicated, and individually protected. Up to 13 distinct trust conditions can be associated with a single key, making unauthorized access physically and cryptographically impossible, even in a sharing context.
The system operates in total isolation from the internet. No servers, no sync, no external trust infrastructure. Passcodes are self-generated offline, directly from the NFC HSM, ensuring absolute data sovereignty.
Keys can be shared securely between NFC HSMs using RSA-4096 encrypted QR codes, including over air-gapped channels (e.g., webcam scan, printout).
Shared keys are immutable — the recipient cannot alter trust criteria imposed by the sender. This guarantees authentic, human-to-human encryption, without servers or identity exposure.
The solution does not collect, store, or transmit any information about the user, owner, or hardware. Even when sharing encrypted keys, the system maintains anonymity while ensuring cryptographic identity confirmation. You remain unknown to the network — but trusted by the recipient.
Works instantly with any Android phone equipped with NFC. No pairing, no app permissions, no data leaks. OTP codes are displayed in under 3 seconds, fully contactless.
The NFC phone is treated as an inherently untrusted environment. OTP secrets are never written or transferred to the phone. Codes are generated only when needed, only in volatile memory, and only within the conditions defined by the user.
Human correspondents establish trust directly, without relying on external systems. The sender defines immutable usage conditions, and the recipient must validate each one to activate the key. As a result, the system eliminates the need for any third-party authority — since trust is fully embedded in the device and controlled by its owner.
To ensure the absolute security of the EviOTP NFC HSM Manager, Freemindtronic fully designs, develops, and manufactures every element of the solution — from software and apps to embedded systems, electronic design, and production tools. This guarantees total sovereignty over the full value chain — from concept to final product — with no dependency on third-party vendors.
.
The EviOTP NFC HSM Manager uses an ISO/IEC 15693 NFC component to physically secure access to stored secrets.
The system encrypts OTP keys with embedded trust criteria, which the user can partially define. Most importantly, it never stores at least one of those criteria inside the device, ensuring that even if physical protection is compromised, the OTP secret remains inaccessible — and therefore effectively resists invasive attacks.
You face no risk of using the wrong OTP key. Since the system binds each OTP secret to specific trust criteria, it automatically selects and validates the correct key to generate the OTP passcode. However, if even one criterion fails, the system blocks the generation process entirely — thus making any unauthorized attempt instantly ineffective.
Dual Security Architecture.
The patented system ensures anonymous human-to-human authentication instead of relying on machines. The sender defines immutable trust conditions (e.g. location, device, time window, fingerprint), and the recipient must validate them to activate the key. This process guarantees the integrity of the sender’s security rules, which remain unchangeable — even after secure RSA-4096 sharing.
Even if a hacker steals your phone, they would also need your admin/user PINs and meet all trust criteria to attempt any attack — without success.
Your secrets never leave the NFC. They stay in your pocket.
Here are real scenarios where the EviOTP NFC HSM Manager provides unmatched value:
Use the device to authenticate to critical systems over VPN, RDP, or SSH.
No server, no database, no account needed — just the user, the NFC device, and a volatile OTP display.
Operators authenticate in military, diplomatic, or classified operations without any connected interface. They generate OTPs via NFC and use them offline, never exposing the key or needing internet access.
Delegate one-time or time-limited access to privileged accounts (e.g. root, admin) via a segmented key with conditions: device ID, geolocation, or usage window.
Trust remains under human control — not servers.
Use your Android NFC phone and your EviOTP HSM token to authenticate anywhere, without risk of compromise, even in environments hostile to mobile security (e.g. border control, cybercafés, untrusted networks).
Distribute OTPs to professionals requiring regulated access to patient/legal files. Logs remain human-readable, human-controlled, and unlinkable to the original issuer — enforcing both privacy and accountability.
| Feature / Solution | EviOTP NFC HSM Manager |
Feitian c200 / c300 |
SmartOTP Pro (Token2) | Google Authenticator |
Aegis Authenticator | FreeOTP+ |
|---|---|---|---|---|---|---|
| Private OTP key storage | ✅ Up to 100 keys |
❓ Limited |
❓ Limited |
✅ In app |
✅ In app |
✅ In app |
| Hardware-based key isolation | ✅ (EEPROM NFC HSM) |
✅ (secure chip) |
❌ Software only |
❌ | ❌ | ❌ |
| Contactless usage (NFC) | ✅ Native |
❌ USB only |
❌ USB / Bluetooth |
❌ | ❌ | ❌ |
| Connectivity | NFC (ISO/IEC 15693) | USB-A / USB-C | USB / BLE | Mobile App only | Mobile App only | Mobile App only |
| Serverless and cloudless | ✅ Yes |
✅ Yes |
✅ Yes |
❌ (Google-linked) |
✅ | ✅ |
| Air Gap compatible (QR Code sharing) | ✅ Encrypted QR (RSA 4096) |
❌ | ❌ | ❌ | ❌ | ❌ |
| Zero account / Zero ID | ✅ Zero-Knowledge |
❌ | ❌ | ❌ | ✅ | ✅ |
| No software installation required on computer | ✅ (mobile NFC only) |
❌ Software needed |
❌ Software needed |
❌ | ✅ | ✅ |
| One-time code display in volatile memory | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Trust criteria patented (geo/time/device binding) | ✅ Segmented key auth |
❌ | ❌ | ❌ | ❌ | ❌ |
| Key backup & sharing (QR encrypted) | ✅ RSA 4096 key export |
❌ | ❌ | ❌ | ❌ | ❌ |
| Multi-key support | ✅ 100 OTP/HOTP keys |
❓ Not specified |
❓ Not specified |
✅ | ✅ | ✅ |
| Zero Trust & Zero Knowledge by design | ✅ Native |
❌ | ❌ | ❌ | ❌ | ❌ |
| Open-source | ❌ No |
❌ | ❌ | ✅ | ✅ | ✅ |
Unlike all software apps and most hardware competitors:
As a sovereign and contactless hardware solution, the EviOTP NFC HSM Manager operates entirely offline by design. Although it is not certified by external bodies, its architecture and implementation strictly follow — and often go beyond — internationally recognized standards and regulatory frameworks for cybersecurity, encryption, and data protection.
Fully aligned with the principles of the General Data Protection Regulation (GDPR), including data minimization, privacy by design, and sovereignty of use.
The team developed the product in strict adherence to internationally recognized standards, including:
The EviOTP NFC HSM Manager is a trusted-by-design solution, engineered to operate in extreme conditions with no compromise on confidentiality or operational independence.
