Solution Briefs

White-Box Cryptography Solution Brief

Issue link:

Contents of this Issue


Page 0 of 1

Solution Brief | Why White-Box Cryptography? Why White-Box Cryptography? Building connected apps with innovative and responsive user experiences requires communicating and maintaining sensitive content. Whether this is account information, functionality updates, levels for a game, or video streams, it is imperative that content remains secure —  no matter how or where it travels, rests, or is stored. Failing to protect content and communications with users can result in government penalties, fraud, and intellectual property theft — not to mention lost customer trust, brand damage, and revenue impact. Today's cybercriminals are exploiting any and all app weaknesses in order to gain financially from stolen customer identities, intellectual property, or by gaining access to back office systems. Encrypting information throughout its lifecycle — in transit, and in app —  is key to keeping sensitive data out of the wrong hands. Significant effort has been applied to securing data in transit, from secure transport layers to encrypting data from the source. The weak link in this chain is the endpoint: the app. The app is the weakest link Apps utilizing encrypted content use keys to decrypt incoming traffic and encrypt outgoing traffic — operations managed by functions inside the code of the application. If an app's code is reverse engineered, the keys used to encrypt/decrypt content can be discovered and provide a bad actor what they need to decipher encrypted information. Data resident in the app can be compromised along with all communications the app uses to interact with back office systems. If cipher keys are uncovered, they can be copied, re-distributed, and used maliciously. Detecting misuse of compromised keys is nearly impossible since they will be used through seemingly legitimate traffic. Once compromised, remediating a key breach is time and resource-intensive and will require re-keying and updating every app and process using those keys. This unsecured threat vector must be remediated, since existing data protection methods were not designed to defend keys from being discovered via reverse engineering or compromised app code. White-Box Cryptography White-Box Cryptography complements existing encryption technologies used to provide strong in-transit protection and is designed to protect encryption/decryption keys stored within an app. Using mathematical techniques and transformations, white-box cryptography blends together app code and keys to secure cryptographic operations, so keys cannot be found or extracted from the app to be used elsewhere. protects sensitive keys and data with a fully-featured white-box cryptography suite that can be used for adding protection to mobile, desktop, and server apps.'s White-Box Cryptography supports all major ciphers, modes, and key sizes; and can directly interoperate with other cryptographic packages (such as OpenSSL) and devices in your environment without requiring server-side changes. In addition to supporting all major algorithms and modes, a version of White-Box Cryptography protection has been FIPS-certified to verify that's white-box implementation is compliant with current security standards, and that it produces functionally correct results. White-Box Cryptography is available on iOS, Android, Windows, Mac, and Linux platforms.

Articles in this issue

Links on this page

view archives of Solution Briefs - White-Box Cryptography Solution Brief