Isolated Security Domain
The SAM runs in its own isolated security domain within ProvenCore TEE OS.
Deploy Advanced and Qualified signatures with a certified hardware foundation.
We simplify the complexity of eIDAS audits while ensuring high-performance, long-term trust for your signing services.
Certified trust for AdES and QES levels
Streamlined path to QTSP status

THE PROBLEM
Legacy HSM architectures often lack the flexibility needed for modern cloud-first operations, creating a misalignment with today's automation needs.
While AdES allows for flexible architectures, achieving QES status requires rigorous audits and the use of a certified device, making compliance costly and time-consuming for providers.
Costly re-certifications for QES
Rigid HSM systems lacking cloud scalability
Complex sole-control requirements for AdES
THE SOLUTION
ProvenHSM provides a tamper-resistant environment for Signature Activation Modules (SAM), allowing them to be embedded directly for maximum security.
This architecture reduces the trusted computing base and simplifies conformity assessments while providing direct, low-latency access to internal cryptographic tokens.
Direct SAM embedding for QSCD compliance
Minimized attack surface and latency
This application supports qualified remote electronic signatures under Regulation EU 910/2014. It runs inside the ProvenHSM network-attached HSM on top of the ProvenCore formally proven trusted execution environment.
Controlled auditable execution environment
Flexible deployment for QTSPs
CAPABILITIES
The eIDAS v1 Qualified Signature Application provides a secure runtime environment for qualified remote signature workflows, where regulatory control is enforced independently from business applications and identity services.
Signature Activation Module (SAM) Logic
Enforcement of Signer Sole Control and Intent
ARCHITECTURE
The application runs as an isolated workload inside ProvenHSM, protected by the ProvenCore TEE operating system.
The SAM runs in its own isolated security domain within ProvenCore TEE OS.
Cryptographic HSM functionality can run alongside it, in a separate isolated domain.
All interactions between components are explicit and auditable.
No generic cryptographic interface is exposed unless explicitly required by the deployment model.
DEPLOYMENT
The application supports deployment models commonly used by QTSPs and ISVs.
This monolithic QSCD runs the SAM and HSM applications on one ProvenHSM.
CERTIFICATION
Certification is typically driven by the ISV providing the SAM software, with ProvenRun supporting integration and evaluated configurations.
By isolating applications and minimizing shared trusted code, ProvenHSM helps reduce evaluation scope and timelines compared to monolithic designs.
Pending certifications 2026

Certification FIPS

EAL 5+ Common
An MVP is available today for demonstration, evaluation, and early integration. The current implementation is not yet Common Criteria certified.
AUDIENCE
Designed for professionals operating qualified trust infrastructures.
Deploying or modernizing qualified remote signature services.
Developing SAM or SSA products and looking for a certification-oriented execution platform.
Responsible for long-term maintainability, auditability, and regulatory alignment.
BENEFITS
ProvenHSM combines high-density multi-tenancy with formal security proofs to deliver a signing platform that exceeds standard compliance requirements.
Validation of Signature Activation Data (SAD)
Separation between regulatory enforcement and cryptographic operations
Strong isolation enforced by ProvenCore
No external PKCS#11 exposure required
Simplified integration and operational footprint
For a QSCD, the SAM runs inside a tamper protected ProvenHSM appliance and connects to separate network HSMs
External HSM: another ProvenHSM or third-party CC-certified HSM
Suitable for reusing existing HSM infrastructure
Adopt ProvenHSM without disrupting established architectures
EAL5+ — following EN 419 241-2 for the SAM and EN 419 221-5 for cryptographic modules, where applicable.
Go beyond conventional firmware with an architecture built on a formally proven EAL7 foundation
Support up to 1,000 secure PKCS#11 partitions per appliance for massive infrastructure scaling
Accelerate your path to compliance with security certifications reaching up to CC EAL5+ levels
Manage your signature infrastructure remotely without weakening the core security boundaries
Leverage FPGA-based acceleration specifically optimized for high-volume signing and low latency
Prepare for future standards with a platform-ready for Post-Quantum Cryptography transition
Trusted By