Weaving a new cybersecurited links with your own encryption keys

Features of secrets encryption with several configurable trust criteria

Feature on Next-gen in secrets management

Fundamentals

Preamble on the secrets keeper

The specificity of EviCypher is based on the protection of keys, called secrets.

Indeed, according to the principle of Auguste Kerckhoffs, the security of a cryptosystem must be based only on the secrecy of the key. All other parameters are assumed to be known to the adversary, using the so-called “Shannon maxim”.

In fact, EviCypher uses proven, known and recognized open source encryption algorithms.

The Freemindtronic design office, designer of EviCypher, ensures proper implementation of their implementations.

Manage Generate Use Store

EviCypher offers its user the possibility of generating, managing and using freely, in complete safety, secrets such as encryption keys, complicated passwords, pairing keys and PIN codes.

These secrets are stored encrypted, offline, in non-volatile memory with physically secure access. The only access possibility is contactless via an NFC phone serving as an interface.

Tamperproofing

EviCypher is materially and mathematically indecipherable.
EviCypher can fall into the hands of malicious people without requiring knowledge of the secret.

Secure secret sharing

Secrets saved in EviCypher can be communicated and stored, without the aid of written notes, and can be freely changed at the discretion of correspondents who also own an EviCypher.

Complete communications

EviCypher is compatible with all digital communication systems, paper printing and SMS and MMS telecommunications.

Personal Cyber Security

EviCypher is an individual NFC device that fits in your pocket. Its handling and operation does not require the assistance of several people.

Easy to use

EviCypher is very easy to use. It does not imply special knowledge, nor knowledge of a long series of rules to be observed.

Protected by two international patents

EviCypher is an individual safety and cyber security system of secrets. It is protected by international patents. Click here to find out more.

Anti-counterfeit system

EviCypher embeds a tamper-proof anti-counterfeiting system. Each NFC device has a physically locked and permanently read-only signature by BLS12-381.

Technology patented click here to find out more. 

Cybersecurity Glossary

Consult the cybersecurity glossary produced by NICCS ® to understand the definition of words used in the EviCypher site.

Cybersecurity Glossary

Green Tech

Energy harvesting

EviCypher works for life contactless via an NFC phone acting as an interface.

The EviCypher NFC device uses the phone’s NFC signal on demand only to collect electrical energy for operation.

Batteryless

EviCypher operates for life, battery-free and maintenance-free.

Reduced environmental impact

The number of active and passive electronic components as well as the connectors and boxes in EviCypher are reduced to a minimum.

EviCypher works only contactless. In fact, it does not have a connector, screen, buttons and peripheral accessories (USB, card reader). EviCypher does not use any remote (cloud) server to store and use secrets. Secrets are kept for 40 years, with no source of electrical power.

EviCypher thus significantly reduces its environmental impact from design to use.

EviCypher can be integrated into various materials

EviCypher can be integrated into various recyclable materials that do not block the NFC signal: ABS, PCB, wood, walls, concrete, liquid. EviCypher electronic boards are coated with a military-grade epoxy resin providing physical protection to electronic components.

In the bank card version in ABS, the components are coated by the ABS card. For the other formats of the RFID tag type in ABS with ring and metal hook, they are also recyclable. The EviCypher 200 board is made of PCB FR4 resin and fiberglass, also recyclable.

Extreme longevity errorless

The component used in EviCypher is guaranteed by the manufacturer STMicroelectronics for 1 million error-free overwrite cycles per 64k memory address. To know more about it, click here

EviCypher offers its user error-free availability of secrets for many years. Indeed, even if you change a secret once a month, the risk of error will appear in about 229 years.

Second hand walking

EviCypher is designed to return to factory configuration. It can therefore be resold without risk since the encrypted secrets are destroyed during the operation.

EviCypher can be transferred, loaned or resold on the second hand market. Extreme longevity estimated at 229 error-free years (read Extreme longevity errorless) significantly reduces the environmental impact of recyclable electronic devices.

Green Tech DNA

EviCypher technology is designed and developed by Freemindtronic, a research and development design office specializing in safety and cyber security and expert in NFC technology.

Freemindtronic does everything to reduce the impact on the environment from the design, manufacture and end use of products. To learn more about Freemindtronic’s Green Tech DNA, click here

Use cases

End-to-end from an NFC device

With EviCypher you can encrypt everything with your own symmetric AES256 and asymmetric RSA4096 encryption keys: mail, SMS, MMS, files as well as all your means of communication.

Encrypt data on your USB, SD, HD or SSD drives

Use EviCypher’s Passwordless feature not only to log into your internet accounts but also any other application that uses a web browser interface.

Also, automatically log into all computer systems without entering or remembering a password or any other knowledge-based secret.

Passwardless system

Randomly generate a complicated password (up to 48 characters) which will be saved encrypted in your EviCypher. Then, connect automatically without contact, without having to know it, nor to enter it on the keyboard.

EviCypher’s anti-phishing system, automatically backs up your original favorite websites and / or web interface to allow automatic login.

Encryption in complete freedom constraintless or dependenceless

With EviCypher you can natively encrypt all your written communication means with the keys that you have generated. Thanks to various specific extensions such as the one developed for the Thunderbird mail client, the EviCypher encryption and decryption system is integrated.
In fact, you can encrypt your emails locally and or on your email server. Thus, all your messages always remain encrypted even in the event of corruption of your messaging services.
Decryption is only possible with the right key saved in your EviCypher.

Self-encrypting drive

Use your own secret keys to auto-encrypt your data storage utilities (SED Self Encrypting Drives / FDE Hardware-based full disk encryption).

Likewise, use your secret keys to encrypt data storage media such as USB sticks and external or internal drives, via software of your choice such as Bitlocker.

Encrypt your sensitive data contactless

Simply encrypt any file types you want with your own encryption keys. Then back them up to any local, removable storage media of your choice such as USB drives, SD card, external HD / SSD, phone, as well as any online storage.

Encrypting SSH keys

Store encrypted in AES256, on any fixed, removable or online media, your SSH keys thanks to the EviCypher encryption function from a computer or an NFC phone.

You can individually protect your SSH keys by adding until 9 cumulative, physical trust criteria. All the trust criteria you have determined must be met to be able to use your SSH key. This has the effect of making it impossible to use your SSH key without using your NFC EviCypher device.

Internet of Things (IoT)

Store your secret codes for accessing and/or administering your IoT in encrypted form. Also use the Passwordless function to connect to your IoTs. An ideal solution for ensuring maintenance, especially remotely.

Advantageously, the addition of trust criteria considerably increases the authentication of the person authorized to access your secret codes. The simplicity of sharing your secret codes via a QR code encrypted in RSA 4096, offers you extreme mobility completely secure from end to end from an NFC EviCypher device

International mobility and individual sovereignty

The patented EviCypher encryption system is designed not to expose the user as an investigative journalist or international investigator operating in hostile territory. Each country is sovereign in terms of the right to the protection of sensitive data. Voluntarily withholding data from police authorities when crossing borders, for example, can be very risky.
Take the example of a French editor who assigns a journalist to investigate in a country at risk of corrupting sensitive data. The editor-in-chief creates an encryption key with a trust criteria, a geographical area in France. In fact, the decryption of the data encrypted with this key by the journalist can only be carried out in the defined geographical area. The reporter crosses the border with an empty EviCypher. The journalist creates an RSA 4096 key, and sends his public key by SMS to the editor. The latter sends his slave AES key to a geographical area unknown to the journalist. The journalist then encrypts his sensitive data with the editor’s encryption key.

The journalist can then remove the encryption key from his EviCypher to cross the border with an empty EviCypher. Even if the editor’s key was intercepted, it can only be used in the area defined and known only to the editor. Thus, at no time is the journalist exposed to lies and he is unaware of the criteria of trust defined by the chief reactor.

Example of use by journalists

Prenons l’exemple d’un rédacteur en chef Français qui missionne un journaliste d’enquêté dans un pays à risque de corruption de données sensibles. Le rédacteur en chef créé une clé de chiffrement asservie à une zone géographique. De fait, le déchiffrement des données chiffrées avec cette clé par son journaliste ne peut être réalisé que dans cette zone géographique en France. Le journaliste passe la frontière avec une EviCypher vide. En cas de contrôle EviCypher est vide. Le journaliste créer une clé RSA 4096, et envoie par SMS sa clé publique au rédacteur en chef. Ce dernier envoie sa clé AES asservie à sa zone géographique inconnu par le journaliste. Ensuite, le journaliste chiffre ses données sensibles avec son EviCypher avec la clé de chiffrement du rédacteur en chef. Le journaliste peut ensuite supprime la clé de chiffrement de son EviCypher pour repasser la frontière avec une EviCypher vide. Même si la clé du rédacteur était interceptée, elle n’est utilisable que dans la zone défini et connu par le rédacteur en chef. Ainsi, à aucun moment le journaliste n’est exposé au mensonge d’une part, et n’a connaissance des critères de confiance définie par le réacteur en chef.

Use any NFC computer or phone

The user of an EviCypher device is not dependent on computer systems or NFC phones serving as a terminal. The user can freely pair his device with an NFC phone and then delete it. Likewise, it can freely add and delete the pairing of the NFC phone with the extension for web browsers.

The fundamental operating principle of EviCypher technology is to leave no traces, neither in a computer nor in the NFC phone. Thus, EviCypher is designed to be used freely on any computer or NFC phone. Secrets are only stored encrypted in the memory of EviCypher’s NFC device. In addition, EviCypher natively embeds a telephone fleet manager.

End-to-end protection against espionage

EviCypher includes end-to-end protection systems against espionage in particular. Passordless functionality and remote encryption of text and data on the same local network via your EviCypher helps reduce the spy attack surface.

This is because secrets can be used without the need to provide an EviCypher to an intern, temporary worker or subcontractor. It is indeed possible to control the use of its secrets from end to end from an NFC device. This can be done even remotely, on any computer or phone, without the need to transmit secrets in the clear. Likewise, you can use an EviCypher without physically accessing the secrets.

As a reminder, each secret can also have up to 12 physical trust criteria. This has the effect of considerably reducing the surface area of ​​proximity and / or remote espionage. Finally, sensitive data encrypted in AES256 and / or RSA 4096 is resistant to any form of espionage, since the encryption keys are physically in the NFC EviCypher device.

Advantageously, thanks to the Passwordless function of EviCypher, you can use other encryption software such as TrueCrypt or VeraCrypt since the secret encryption keys are stored encrypted in your EviCypher.

Bios authentication management system

With the Passwordless function and the virtual Bluetooth keyboard encrypted in AES218, manage up to 200 connection profiles to divestments of operating systems of all types of computer.

This solution also allows very low-level management of administrator and user access control profiles via the computer’s Bios as well as the self-encryption of SED / Opal2.0 storage units.

Datasheet

EviCypher 100 capacity

EviCypher 100 storage capacity: Up to 100 secrets and a pair of RSA 4096 keys

EviCypher 200 capacity

EviCypher 200 storage capacity: Up to 200 secrets and 2 pair of RSA 4096 keys

Type of storage encryption

Storage encryption: AES-256, CBC mode

Type of data encryption

data encryption: AES256, mode xxx

Type encryption secret sharing

Encryption secret sharing: RSA 4096 bits 

Type of communication encryption

Communication encryption: ECC 256-512 bits

Bluetooth InputStick virtual keyboard encryption

Bluetooth InputStick virtual keyboard encryption: AES128

Random number generator

Générateur de nombres aléatoires (TRNG) : 40 kbit/s

Type of secrets

Type of secrets you can store: Passwords, identifiers, encryption keys symmetric and asymmetric, notes and pairing keys (EviCypher, EviToken, EviKey and EviDisk)

Anti-counterfeit signature

Type de secrets : Mot de passe, identifiant, clés de chiffrement systémique et asymétrique, notes, clés d’appairages (EviCypher, EviToken, EviKey, EviDisk)

Life expectancy

Life expectancy (MTBF, MTTF): 1,000,000 rewrites at a temperature of 25 ° C per memory address are guaranteed to be error free. This is information that you can consult freely in the technical documents of STMicroelectronics, manufacturer of NFC components.

For more information see “NFC Datasheets” below.

Backup time without power

The duration of saving secrets without the need for electric power is 40 years.

Each time you use your EviCypher, the backup of encrypted content secrets is revitalized for a further 40 years without any power source.

Energy harvesting

EviCypher’s energy source comes from energy harvesting via the NFC signal of the NFC phone with which it is paired.

NFC Datasheets

Consult the technical documents of the components used in the manufacture of EviCypher products. ISO / IEC15693 NFC components are industrial grade and operate between -40° C to + 85° C. EviCypher uses secure 64Kbit capacity eprom memory. It uses the NFC signal energy recovery system emitted by the NFC phone with which it is paired. EviCypher uses two types of technology which has resistance against invasive brute force attacks including 32-bit passwords for the M24LR64E-R and 64-bit passwords for the ST25DV64K. Understood that even if the passwords are corrupted, the secrets contained in the eprom memory are encrypted in AES256 with segmented keys of physical origin defined in part by the user and / or the administrator of EviCypher. Understood that the signature system and other parameters are permanently locked in read-only manner. So even if the component passwords are corrupted tampering with locked NFC memories is physically impossible.

Consult the technical document of the component used for products dedicated to companies, independent professionals, Architects, design office, IT department and information system not classified Defense.

Datasheet NFC M24LR64E-R STMicroelectronics 

Consult the technical document of the component used for products dedicated to state services, intelligence, Defense, banking services, health services, and sensitive classified enterprise, investigative journalist, sensitive organization, international investigator, judicial organization, IT services and Defense classified information system.

Datasheet NFC ST25DV64K STMicroelectronics

Safety and Cyber security

EviCypher is a product that simultaneously offers two types of protection and security, one is physical and the other is digital.

EviCypher is an NFC Air Gap device that only connects on demand to computer systems via an NFC phone using as a terminal. Secrets stored in EviCypher’s secure non-volatile memories are end-to-end encrypted from the device. Otherwise, EviCypher is a passive product. It needs the NFC signal sent by an NFC phone it is paired with to become active.

In fact, this excludes any form of remote cyber attack.

EviCypher is designed to resist invasive and non-invasive attacks as well. Indeed, the secrets stored in the eprom memories are encrypted in AES 256 with segmented keys of physical origin. Up to 9 different cumulative trust criteria can be added for each stored secret. These are in addition to the 4 other native physical trust criteria such as the pairing key, the anti-forgery signature, the password defined by the administrator of EviCypher.

EviCypher also offers the user the possibility of adding up to 5 cumulative trust criteria of non-modifiable physical origin to exchange secrets encrypted with the public key RSA 4096 of another EviCypher. This makes it possible to impose the conditions of access to a shared secret. All the trust criteria must be met to authorize access to secrets and their use. For this, EviCypher also embeds a generator with auto backup of RSA 4096 keys. The private keys are also encrypted in the device in AES 256 by segmented keys with addition of confidence criteria of physical origin.

The public keys of the RSA keys are used to exchange secrets in an encrypted manner between 2 EviCypher devices. Exchanges can be carried out by any means of communication. They can also be printed. Finally, they can be shared in real time by QR Code display between phones, or contactless via the Beam NFC Android function.

EviCypher is an easy-to-use tool, with individual sovereignty, capable of effectively resisting any attempt to corrupt your secrets. This is fundamental to increase tolerance to attacks. It is also a system that keeps a set of crucial features functioning well despite malicious behavior.

Adding trust criteria

Each secret can have up to 9 cumulative trust criteria of physical origin: 3 geolocations, 3 BSSID addresses, phone ID, Password or Barcode/QR Code to be accessible. An ideal solution to manage teleworking.

The trust criteria can be imposed in such a way that their modifications are physically and numerically impossible. It is thus possible to control end-to-end from an EviCypher device the conditions of use of secrets.

Storage of secrets physically offline

Secrets are physically stored encrypted in the non-volatile memory of the EviCypher NFC device. Secrets are used encrypted from EviCypher.

Passwordless online and local

Use complicated and complex passwords to automatically connect to your accounts on the internet and/or web interface (example: administration router), without writing or memorizing the username and/or password.

Everything is done contactless via the freely downloaded Android application for NFC phones and via a browser extension based on Chromium, Opera and Firefox from Mozilla. This automatic connection can be carried out on all the browsers of the computers present on the same network and paired with an NFC telephone. Thus, it is possible to make automatic remote connections in the local network with a single EviCypher device.

Full control over your secrets

Your secrets, including your sensitive data, always remain encrypted, even if the information system and/or the computer system is corrupted. EviCypher is an individual sovereignty tool that allows you to take control of your sensitive data.

You always remain secure and protected against many forms of attack, espionage, loss, theft and corruption of information systems and computer and telephone systems.

Anonymat

EviCypher has no backdoor.

EviCypher products do not collect any data either on EviCypher or on their users and administrators. No information is requested. It does not use any remote server to save the secrets.

The principle is that the user remains anonymous from end to end, from the device and its use via a computer and or an NFC phone with which he is paired.

Anti-counterfeiting system and quality

Each EviCypher manufactured receives a unique signature ECC BLS12-381 of authenticity achieved by the tooling. This signature is physically tamper-proof in read-only mode. This verifies that your EviCypher device is genuine.

In addition, each EviCypher is individually tested before receiving the signature. This is a guarantee of manufacturing quality and security of EviCypher devices.

Finally, the pairing keys are automatically destroyed after delivery of the devices. In fact, Freemindtronic is not able to provide the pairing keys of EviCypher in the event of loss.

Supported systems and interfaces

EviCypher works with Freemindtronic’s FMT application developed for Android NFC phones

Freemindtronic’s FMT extension compatible with EviCypher works on all Opera, Mozilla Firefox web browsers as well as Chromium-based browsers (chrome, Brave, Edge).

EviCypher is compatible with all Windows, macOS, Linux, BSD operating systems

EviCypher compatible with Thunderbird from Mozilla

EviCypher is also compatible with the Thunderbird email client through the extension of Freemindtronic.

It allows contactless encryption of messages and attachments with your own AES256 encryption keys.

Thus the mails are always displayed encrypted. They are decrypted if the right AES key and the correct trust criteria are validated.

Size of EviCypher NFC devices

EviCypher Card : 86 × 54 x 1 mm

EviCypher Tag : 35 x 27 x 6 mm

Weight

EviCypher Card is around 0,2 oz (6 gr)

EviCypher Tag is around 0,3 oz (9 gr)

Operating temperature

EviCypher works between  – 40°F and + 185°F (- 40° C et + 85° C)

Compliance

EviCypher NFC devices comply with FCC, CE and RoHS standards

EviCypher is in compliance with the regulations on the protection of private data, notably with the European directives NIS & RGPD but not only.

If you want to know more, read the Freemindtronic article on this subject. Click here

To read other articles on compliance with European directives, laws and decrees of French origin click here