Home/HSM Providers

Solution

HSMs secure the boundary.
Lokblok removes what's inside it.

The next evolution of hardware security is not stronger protection. It's no key persistence at all. Phantom Secrets™ extends your HSM from a secure store into a stateless cryptographic execution engine.

THE PROBLEM

A key stored inside an HSM is still a key, exposed to lifetime risk.

HSMs are the gold standard:

FIPS 140-3 certificationTamper-resistant hardwareStrong access controlsProven trust boundaries

But they still rely on one assumption:

"The key exists inside the HSM."

The gap HSMs can't close alone:

Keys persist between operations
Keys can be accessed under privilege
Keys can be compelled legally
Keys remain long-term targets

Your customers already understand this. Regulators are starting to ask it explicitly.

How every major breach chain succeeds today:

Session hijacking

Active sessions hold live key access

Endpoint compromise

Host systems expose HSM interfaces

Insider misuse

Privileged access is real and abusable

Social engineering

Humans are the weakest link to key access

HSM abuse via privileged access

Admins can reach keys that persist

Not by breaking cryptography.
By reaching the key.

THE LOKBLOK MODEL

Zero-Persistence inside the boundary.

Lokblok extends HSMs with Phantom Secrets. The HSM enforces the boundary. Phantom Secrets ensures nothing persists inside it.

What no longer exists:

Keys stored at rest
Key shares
Recoverable material
Persistent attack surface

Instead:

Keys reconstructed inside the HSM
Used for a single operation
Immediately destroyed

What This Changes

From Secure storageto Secure execution

The HSM no longer stores keys. It becomes a stateless cryptographic engine.

From Custodyto Zero custody

No vendor holds key material. No liability for stored secrets.

From Protectionto Elimination

No key = no target.

HOW IT WORKS

Five steps. Zero persistence.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction module1

Phantom Secrets™

Stateless key model

  • No persistent key material in the HSM
  • No backup or replication
  • HSM becomes a cryptographic engine, not a store
Toughkey™, Lokblok® cryptographic hardware key2

Toughkey™

Ephemeral reconstruction

  • Key material reconstructed inside secure boundary
  • Exists only for milliseconds
  • Destroyed immediately after use
ToughID™, Lokblok® hardware-bound identity attestation device3

ToughID™

Threshold-driven control

  • Multiple participants required
  • No single entity can act alone
  • Hardware-bound identity for each participant
Phantom Gate™, Lokblok® zero-trust authentication gateway4

Phantom Gate™

Policy-governed access

  • Ephemeral session authentication
  • No persistent session tokens
  • Policy enforced at access layer
Secure Terminal™, Lokblok® hardware execution layer5

Secure Terminal™

Hardware-enforced execution

  • All operations within FIPS-certified boundary
  • No exposure to host OS or network
  • No key material leaves the enclave

Why MPC Isn't Enough

MPC improves distribution.
It doesn't eliminate persistence.

MPC replaces one target with many. It doesn't remove the target.

Shares still exist
Nodes still store secrets
Attack surface still accumulates
DKG overhead reduces scalability

HSM + PHANTOM SECRETS VS ALTERNATIVES

The only model that removes the key entirely.

CapabilityHSMMPCHSM + Phantom Secrets™
Persistent key at rest
shares
Certified hardware boundary
Legal compellability
Insider risk
Scalability
DKG overhead
Endpoint / session protection

WHAT THIS ENABLES FOR HSM PROVIDERS

A new product category. A new position in the market.

New product category

Zero-custody cryptographic infrastructure

  • Not just secure storage, but no storage at all
  • Compete beyond FIPS certification
  • Offer capabilities no competitor can match
  • Move ahead of MPC-only vendors

Regulatory advantage

Sovereignty and compliance

  • Eliminate key custody exposure entirely
  • Align with sovereignty requirements
  • Reduce compliance burden
  • Address legal compellability head-on

Enterprise & government demand

All moving toward no persistent key models

  • Financial institutions
  • Sovereign cloud providers
  • Defence and critical infrastructure
  • Tier 1 digital asset platforms

Commercial impact

Move up the value chain

  • From hardware vendor → security architecture provider
  • Solve higher-level problems (custody, sovereignty, governance)
  • Increase deal size
  • Future-proof with zero trust, PQC, and sovereignty trends

EXPANDED SECURITY STACK

Phantom Secrets doesn't replace HSMs.
It enhances them.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction module

Phantom Secrets™

Eliminates persistence

ToughID™, Lokblok® hardware-bound identity attestation device

ToughID™

Hardware-bound identity

Phantom Gate™, Lokblok® zero-trust authentication gateway

Phantom Gate™

Ephemeral session authentication

Secure Terminal™, Lokblok® hardware execution layer

Secure Terminal™

Endpoint protection

Together: close the full attack surface, not just the key boundary. Every layer of exposure covered, from identity to execution to endpoint.

THE STRATEGIC SHIFT

The question has changed.

HSMs solved

"Where should keys live?"

Lokblok answers

"Why should they live at all?"

Products Used in This Solution

Five products. One connected architecture.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Phantom Gate™, Lokblok® zero-trust authentication gatewayPhantom Gate™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

The closing argument

The strongest boundary in the world means nothing…
if the key inside it still exists.

Lokblok removes what's inside the boundary. Permanently.

Explore IntegrationSee Architecture