Hardware Continuity
The appliance provides a long-term, secure root of trust that remains stable even as software capabilities evolve.
The Evolutive, Cloud-Native Hardware Security Module
ProvenHSM delivers enduring hardware trust that evolves at the speed of software.
Built on an EAL7 foundation, it combines maximum security with seamless, remote-first operations.
ProvenHSM: The New Generation of HSM & Trust Platform
ProvenHSM serves as a programmable and certifiable trust platform that governs critical business workflows beyond simple key protection.
By combining a hardware root of trust with formally verified software, it enables security infrastructure to evolve without requiring hardware refresh cycles.
Single platform for keys, identities, and secure applications.
Cloud, on-premises, and hybrid ready.
Designed and made in France.
Why ProvenHSM Exists
The cryptographic landscape never stops evolving : regulations change, algorithms advance, and deployment models shift.
ProvenHSM empowers your infrastructure to evolve right alongside them, eliminating the need for costly hardware refresh cycles.
CORE PRINCIPLES
Scale with Software Speed
ProvenHSM uses a dual-world ARM TrustZone architecture that balances isolation with extensibility
Seamless Evolution
Capabilities are advanced through secure remote updates, combining certified software, firmware, and FPGA bitstream configurations—via a secure REST API.
Rapid Innovation
The compositionality of ProvenCore allows for the delivery of new features in weeks, bypassing traditional multi-year hardware timelines.
Unified Hardware
A single hardware model is purchased, then deployed with the security configuration that best matches the organization’s security, compliance, and operational requirements.
CERTIFICATION
Certification Without Slowdowns
Certification FIPS 140-3 Level 3
EAL 5+ Common Criteria (CC)
ProvenHSM®
Trusted Execution Boundary
HSM Certification Scope
Certification often slows innovation. ProvenHSM's composability reduces certification time by up to 3x.
Certification Without Slowdowns
Certification often slows innovation. ProvenHSM's composability reduces certification time by up to 3x.
The certified foundation remains stable as the platform evolves.
New Trusted Applications do not invalidate the certified TOE.
When needed, the platform supports faster, lower-cost delta-certification.
Non-certified extensions remain isolated from the certified baseline.
Certification status: CC EAL5+ and FIPS 140-3 Level 3, in progress, expected completion Q4 2026.
Cloud-Native Operations
Operate ProvenHSM like modern cloud infrastructure, not like legacy hardware appliances.
Full remote administration via REST APIs
X.509 certificate-based admin authentication
M-of-N quorum + RBAC for sensitive actions
Backup & restore APIs
Secure, attestable firmware updates
CERTIFICATION
Certification Without Slowdowns
Certification often slows innovation. ProvenHSM's composability reduces certification time by up to 3×.
Stable Certified Core
The certified foundation remains stable as the platform evolves.
Extensible Architecture
New Trusted Applications can be added without invalidating the certified TOE.
Fast-Track Certification
When certification is needed for an extension, the platform supports faster, lower-cost paths.
Isolated Extensions
Non-certified extensions remain isolated and do not break the certified baseline.
Pending Certifications
In progress, target completion 2026 Q4
Certification FIPS 140-3 Level 3
EAL5+ Common Criteria (CC)
CLOUD-NATIVE
Cloud-Native Operations
Designed for datacenters, sovereign clouds, and service providers.
Full remote administration over REST
External X.509 certificates for admin authentication
M-of-N quorum + RBAC for sensitive actions
Backup & restore APIs
Secure firmware update process
