TRIDENT HSM
The first hardware security module (HSM) with the proven achievements of secure multi-party computation.
LONG STORY SHORT
about TRIDENT HSM
TRIDENT HSM is the first hardware security module (HSM) in the world to combine high-level hardware security and multi-party computation in order to provide the highest level of data protection required in business.
The unique and revolutionary solution developed by i4p, a Hungarian company founded by leading cryptography experts, offers exceptional security, authentication and encryption for organizations ranging from SMB’s to large enterprises, including financial institutions that have to comply with the strictest regulations. TRIDENT HSM received the Common Criteria (CC) EAL4+ certification which is the highest level of certification available for HSM modules in Europe.
TRIDENT HSM is easy to integrate and provides multiple functions for different use cases, offering an ideal solution for data protection challenges in several industries including banking and financial services, government and manufacturing as well as data safekeepers and qualified trust service providers.
Large enterprises and small and medium-sized businesses struggle with cybersecurity concerns worldwide on a daily basis while they also have to comply with strict regulations. TRIDENT HSM enables these organizations to ensure outstanding security for their sensitive data and meet the requirements of the most common standards including GDPR, eIDAS and PSD2.
The core of the solution is the unique and patent pending multi-party computation technology that has never been used in HSM modules before. This revolutionary design is the intellectual property of the founders of i4p, the leading cryptography professionals of the region.
The TRIDENT HSM
is developed by I4P Ltd.
Follow us on our LinkedIn channel. We provide advice, share guidance and news in the crypto world.
The TRIDENT HSM system can generate signing and encryption RSA key pairs in a truly revolutionary and distributed manner. When configured for the most secure mode, no appliance will ever see a secret key as a whole, as they generate, store and use merely parts of the secret. When configured for using the faster (called the trusted dealer) method, one of the appliances generates the secrets, splits them and securely distributes the parts to the other appliances before securely erasing the generated key.
The signature or decryption functions are executed on all or – if configured that way – on n-out-of-k appliances separately, as the appliances taking part in the process use only the parts of the secrets they store and protect. The result of this unique procedure will always be a standard RSA or ECC signing or decrypting operation.
HIGH AVAILABILITY ARCHITECTURE
Due to its distributed architecture, the TRIDENT HSM meets the most demanding availability and load balance requirements. If deployed in geographically dispersed datacenters it is as disaster tolerant as any IT service can be. If placed close to each other together they achieve the highest speed. Regardless of the chosen architecture, the system provides service as one. Any of the appliances is capable of communicating with the outside world so extremely high availability and load balance can be achieved.
TRIDENT HSM deploys simply into existing TCP/IP network infrastructures and communicates with other network devices smoothly.
The HSM crypto functionality can be utilized using the industry standard PKCS#11 library, OpenSSL and the proprietary CMAPI interface of the HSM.
MULTI-FACTOR AUTHENTICATION
TRIDENT HSM enables both local and remote users to use multi-factor authentication. Besides passwords, the Time-based One-Time Password (TOTP) mechanism according the RFC 6238 can be enabled for any administrators and users. The necessary TOTP codes can be generated using any standard application, such as the Google Authenticator running on a smartphone. Starting from v2.1.3 delegated authentication based on signed JWT tokens can also be used which makes its integration even easier into existing systems.
UPLOAD LOCAL APPLICATIONS
TRIDENT HSM’s integrated Tamper Detection Module with multiple sensors that monitor the environment for maximal security even when the appliance is not powered. The sensitivity of the TDM sensors can be configured to fit to the unique operating environment of the appliance. Also, TRIDENT HSM allows local client applications (LCAs) to be installed into its protected environment. LCAs run in protected containers to ensure that they are isolated from other LCAs and from the HSM core. LCAs are created using the industry standard Linux Container Framework.
CC evaluated, eIDAS listed
TRIDENT HSM has successfully achieved Common Criteria EAL 4+ certification (Evaluation Assurance Level EAL 4 augmented by AVA_VAN.5 and ALC_FLR.3 based on ISO/IEC 18045:2008) meeting the requirements of both the Protection Profile for Cryptographic Module for Trust Services (EN 419221-5) and the Protection Profile for QSCD for Server Signing (EN 419241-2) with strict conformance.
Based on its CC certification the TRIDENT HSM became a Qualified Signature (and Seal) Creation Device (QSCD) under European Union Regulation 910/2014 on Electronic Identification and Trust Services (eIDAS). Thus, the TRIDENT HSM enables Trust Providers to offer both Qualified and non-Qualified Remote Electronic Signature and Remote Electronic Seal services in the most secure way a user of trust services of this kind can require.
EASY INTEGRATION
TRIDENT HSM deploys simply into existing TCP/IP network infrastructures and communicates with other network devices smoothly. The HSM crypto functionality can be utilized using the industry standard PKCS#11 library, JCA/JCE, Microsoft CSP and KSP, OpenSSL and the proprietary CMAPI interface of the HSM. TRIDENT HSM can also communicate directly with security access modules (eg. MIFARE SAM AV2) to enable quick and secure integration into ticketing ecosystems.
eIDAS compatibility
TRIDENT HSM is a Qualified Signature (and Seal) Creation Device (QSCD) under European Union Regulation 910/2014 on Electronic Identification and Trust Services (eIDAS) (look for "Trident version 2.1.3" on the official list of the EU). Thus, the TRIDENT HSM enables Trust Providers to offer both Qualified and non-Qualified Remote Electronic Signature and Remote Electronic Seal services in the most secure way a user of trust services of this kind can require.
Cryptographic APIs
- PKCS#11, JCA/JCE, CSP/KSP/CNG
- OpenSSL
- CMAPI (proprietary)
Host Interface
- Triple gigabit Ethernet port
- Dual USB port
- Display port
- Phoenix terminal block
- Redundant power supply
Certifications
- CC EAL4+ (v1.0 received in May 2019, v2.1.3 in Sep 2020)
- eIDAS listing (v1.0 received in July 2019, v2.1.3 in Sep 2020)
- Multi-party asymmetric: RSA, ECC
- Non-distributed asymmetric: RSA, ECC
- Multi-party symmetric: AES (soon)
- Non-distributed symmetric (AES, TDES), hash (SHA1, SHA256, SHA384, SHA512), message authentication (HMAC, AES-GMC)
- Encryption/decryption scheme: PKCS#1 (RSAES-PKCS1- v1_5), ECIES
- Post-quantum algorithm: SPHINCS+
- Random Number Generation: hybrid deterministic seeded with TRNG Physical Characteristics (per appliance)
- Format: Standard 1.5U 19” rack mount chassis
- Dimensions: 19” x 21” x 2.58” (482.6mm x 533.4mm x 65.7mm)
- Weight: 19lb (8.5kg)
- Input Voltage: dual 24V DC (PSU 100–240V, 50–60Hz)
- Power Consumption: 120W maximum, 50W typical
DO YOU HAVE QUESTIONS?
CONTACT US!
Try our unique and revolutionary hardware security module (HSM) which is the 1st & #1 in the world to combine high-level hardware security and multi-party computation in order to provide the highest level of data protection required in business. With TRIDENT HSM your company will be able to achieve:
- eIDAS compatibility
- Multi-factor authentication
- HA architecture
- Exceptional security
Contact us by filling out our online form or send us an e-mail at info@i4p.com
- You need support? For i4p support requests, please send an e-mail to support@i4p.com
- For press and media inquiries, please send an e-mail to pr@i4p.com
i4p is an outstanding innovator in the field of IT security solutions and an expert of protecting your cryptographic keys and secrets. i4p is the vendor of Trident hardware security module and its main activity is the development of applied cryptography solutions.
The company aims to develop highly secure hardware and software solutions, as well as related services capable of disrupting the IT security market. Its mission is to provide a technological background to new regulations on data security and data protection and to develop and launch distributed cryptographic processes and distributed platforms based on them.
i4p is the first company to offer a certified hardware security module with multi-party cryptography* that provides the highest level of data protection required in business.
The company’s founders and experts possess a uniquely high level of professional expertise including significant experience in cryptographic development, product and service development as well as project management.
*patent pending
This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No H2020-SMEINST-887639_TRIDENT. This website reflects only the author’s view and the EASME and the Commission are not responsible for any use that may be made of the information it contains.