MULTI-PARTY CRYPTO SOLUTION
LONG STORY SHORT
about TRIDENT HSM
TRIDENT HSM is the first hardware security module (HSM) in the world to combine high-level hardware security and multi-party computation in order to provide the highest level of data protection required in business.
The unique and revolutionary solution developed by i4p, a Hungarian company founded by leading cryptography experts, offers exceptional security, authentication and encryption for organizations ranging from SMB’s to large enterprises, including financial institutions that have to comply with the strictest regulations. TRIDENT HSM received the Common Criteria (CC) EAL4+ certification which is the highest level of certification available for HSM modules in Europe.
TRIDENT HSM is easy to integrate and provides multiple functions for different use cases, offering an ideal solution for data protection challenges in several industries including banking and financial services, government and manufacturing as well as data safekeepers and qualified trust service providers.
Large enterprises and small and medium-sized businesses struggle with cybersecurity concerns worldwide on a daily basis while they also have to comply with strict regulations. TRIDENT HSM enables these organizations to ensure outstanding security for their sensitive data and meet the requirements of the most common standards including GDPR, eIDAS and PSD2.
The core of the solution is the unique and patent pending multi-party computation technology that has never been used in HSM modules before. This revolutionary design is the intellectual property of the founders of i4p, the leading cryptography professionals of the region.
WANT TO KNOW MORE?
The TRIDENT HSM system can generate signing and encryption RSA key pairs in a truly revolutionary and distributed manner. When configured for the most secure mode, no appliance will ever see a secret key as a whole, as they generate, store and use merely parts of the secret. When configured for using the faster (called the trusted dealer) method, one of the appliances generates the secrets, splits them and securely distributes the parts to the other appliances before securely erasing the generated key.
The signature or decryption functions are executed on all or – if configured that way – on n-out-of-k appliances separately, as the appliances taking part in the process use only the parts of the secrets they store and protect. The result of this unique procedure will always be a standard RSA signing or decrypting operation.
- PKCS#11, JCA/JCE, CSP/KSP
- CMAPI (proprietary)
- Triple gigabit Ethernet port
- Dual USB port
- Display port
- CC EAL4+ (received in May 2019)
- eIDAS listing (due in Q3 2019)
- Multi-party asymmetric: RSA, ECC (due in Q1 2019)
- Non-distributed asymmetric: RSA, ECC
- Multi-party symmetric: AES (due in Q1 2019)
- Non-distributed symmetric (AES, TDES), hash (SHA1, SHA256, SHA384, SHA512), message authentication (HMAC, AES-GMC)
- Encryption/decryption scheme: PKCS#1 (RSAES-PKCS1- v1_5)
- Random Number Generation: hybrid deterministic seeded with TRNG Physical Characteristics (per appliance)
- Format: Standard 1.5U 19” rack mount chassis
- Dimensions: 19” x 21” x 2.58” (482.6mm x 533.4mm x 65.7mm)
- Weight: 19lb (8.5kg)
- Input Voltage: 24V DC (PSU 100–240V, 50–60Hz)
- Power Consumption: 120W maximum, 50W typical