part, often undermined by man-in-the-middle attacks, or by elevations of law on information systems.
            These attacks, when identification or decryption relies only on one-factor authentication, allow the theft
            of encryption keys, and directly compromise the security of your data. To mitigate these threats, two-
            factor authentication (or 2FA) adds a layer of protection by either obtaining a unique code sent by SMS
            to your phone number, or by validating a request for it authentication (Google / Facebook), or through
            the use of authenticators which is increasingly recommended by security specialists.

            Why use the EviToken Technology?

            The purpose of EviToken technology is to secure secrets of different kinds, such as asymmetric keys
            (RSA), symmetric keys (AES) but also login information, PIN codes, account or bank card identifiers,
            cryptocurrency  private  keys,  cryptocurrency  wallet  passphrases,  cryptocurrency  recovery  phrases
            (SEED), etc. The EviToken secure safe is contained in a simple NFC card, not connected to a computer
            system. It communicates with the latter, on demand, via a near-field transmission protocol (NFC) which
            transmits data over an encrypted channel, built by EviToken. Secrets stored in the card are segmented
            and encrypted to make them physically inaccessible to cybercriminals. The EviToken secure safe is a
            real natural Air Gap component. Thus, apart from the case of data transmission, the architecture used
            has: no power supply; no security breach due to an increase in temperature (which makes it immune to
            malware such as "BitWhisper and Fansmitter"); no emission of sound signals, even those inaudible to
            the human ear and no emission of light or waves. Finally, to avoid a conflation with smart card-based
            systems, the support of EviToken technology does not require dedicated physical connection hardware
            with  the  digital  system,  nor  does  it  have  an  operating  system,  which  makes  it  insensitive  to  the
            introduction of malicious code as on a Java architecture. Like any electronic component, the EviToken
            secure safe can undergo invasive attacks which consist in using acids to expose the electronic circuit
            that will then have to be analyzed to try to understand the implementation of the secure secrets in multiple
            scrambled segments.


            If EviToken technology provides security in a secure vault, what about the use of encryption keys
            to transport secrets over a secure channel?


            In the context of two-factor authentication, we consider that you are the only one who can hold the second
            criterion of trust. This security measure traditionally allows, in case of failure, not to trigger the secure
            transport of your data. However, this function is not intended to secure the transport, it is the role of the
            encryption protocol to perform this operation. Thus, if the encryption keys are compromised, the data
            could be compromised during a listen. Faced with this problem, EviToken directly integrates metadata
            trust criteria into its encryption keys, in order to secure the encrypted messages during their transport.
            Thus, even in the event of a compromise of the keys, decryption remains blocked by the trust criteria.
            With this in mind, why stop at two criteria of trust? In its basic version, EviToken offers nine trust criteria
            based on the possession of a third-party object, technical components (phone ID, barcode, password,
            geolocation or BSSID) but also environmental and specific components to the sender, or recipient, to
            make data compromise even more difficult.

            A  simple  example,  you  want  to  send  a  confidential  message  containing  your  latest  invention  to  a
            colleague in a hostile environment, with a high probability of compromise. You will therefore add non-
            digital trust criteria to your encryption key, to ensure its protection in the event of a compromise. The
            decryption of the message by the AES 256 symmetric key will only be accessible, by the digital tool, once
            the  conditions  related  to  the  trust  criteria  have  been  met.  If  we  base  one  of  the  trust  criteria  on  a
            geolocation for example, the recipient must not only be in possession of an EviToken card, but also be





                                                                                                              96