i4p digital signature products and solutions
Trident HSM – Multi-party crypto solution
TRIDENT HSM is the first hardware security module (HSM) in the world to combine high-level hardware security and multi-party computation in order to provide the highest level of data protection required in business.
The unique and revolutionary solution developed by i4p, a Hungarian company founded by leading cryptography experts, offers exceptional security, authentication and encryption for organizations ranging from SMB’s to large enterprises, including financial institutions that have to comply with the strictest regulations. TRIDENT HSM received the Common Criteria (CC) EAL4+ certification which is the highest level of certification available for HSM modules in Europe.
TRIDENT HSM is easy to integrate and provides multiple functions for different use cases, offering an ideal solution for data protection challenges in several industries including banking and financial services, government and manufacturing as well as data safekeepers and qualified trust service providers.
Large enterprises and small and medium-sized businesses struggle with cybersecurity concerns worldwide on a daily basis while they also have to comply with strict regulations. TRIDENT HSM enables these organizations to ensure outstanding security for their sensitive data and meet the requirements of the most common standards including GDPR, eIDAS and PSD2.
The core of the solution is the unique and patent pending multi-party computation technology that has never been used in HSM modules before. This revolutionary design is the intellectual property of the founders of i4p, the leading cryptography professionals of the region.
Trident RSS – Remote signature solution with CC certified SAM & CM
i4p’s TRIDENT RSS is the first eIDAS listed Remote Signature Solution with the Signature Activation Module (SAM) coming from the same vendor as the underlying Crypto Module (CM).
For organizations who want to offer their clients, employees, partners and users convenient Remote Signature services without compromising on their security, this is the leanest solution with the lowest cost of acquisition and ownership. For Trust Service Providers planning to offer Qualified Remote Signing services, the only one-vendor solution that is both Common Criteria certified and eIDAS listed is indeed the TRIDENT RSS.
The SAM manages the users of the Signature Service, generates cryptographic keys for them, receives datato-be-signed through an easily implementable Signature Activation Protocol and securely connects to the CM in order to have it manage the keys.
For the highest possible cryptographic security level, the keys can even be generated, stored and managed in an entirely distributed way using SMPC (Secure Multi-party Computation), another unique feature of our Solution.
Trident TSS – Time Stamping solution
i4p is the vendor to have developed both the CM and the TSS components needed for offering Qualified or Advanced Timestamping Services, as opposed to having to buy them from separate vendors.
The TSS can reside within the secure perimeter of a TRIDENT HSM (or it can be used with any other vendor’s HSM with PKCS#11 interface on the market) it uses for storing the signing keys. This solution is leaner compared to multi-vendor solutions. As a consequence, it has significantly lower Cost of Ownership, thus dramatically improving Trust Service Providers’ potential ROI.
The TRIDENT Timestamp Server ensures the tamper-proof creation and authenticity of timestamps for any purposes. It is able to verify at all times, whether or not the time stamped data matches the exact same form at the point in time it was logged by the timestamp.
The TRIDENT TSS can be run as an LCA (Local Client Application) integrated and protected by TRIDENT Hardware Security Module.
In case of TSS running in TRIDENT HSM the integrated Hardware Security Module is certified in accordance with Common Criteria EAL 4+ certification (Evaluation Assurance Level EAL 4 augmented by AVA_VAN.5 and ALC_FLR.3 based on ISO/IEC 18045:2008) meeting the requirements of both the Protection Profile for Cryptographic Module for Trust Services (EN 419221-5) and the Protection Profile for QSCD for Server Signing (EN 419241-2) with strict conformance.