Every application containing critical sensitive data requires some form of cryptography, either using public key or symmetric methods. To be effective, these keys need to be kept private from potential attackers. If attackers can access the keys, then they can access the sensitive data.
With legacy software crypto methods, it is difficult to keep cryptographic keys private because the hacker can easily analyse the software to find the secrets. This is compounded with the trend to running secure software on open platforms – these environments should always be considered as compromised – from the moment they are first switched on.
WhiteBox cryptography dissolves keys into the code and obscures algorithms, including at runtime. This keeps keys safe even when an attacker has complete access to the device on which the cryptographic functions are executing.
Inside Secure's WhiteBox uniquely provides developers with a toolkit to compile WhiteBox implementations of cryptographic algorithms and other C-code within applications, while retaining control over the vital static keys that “unlock” the WhiteBox.
Traditional WhiteBox vendors provide a pre-compiled library, which requires the vendor to control your keys – effectively they manage your security.
The crypto functions that WhiteBox provides can be used via an API in exactly the same way as other crypto libraries, yet it provides a way to infuse your key data immutably into your application’s logic in such a way that it is impractical to extract.
WhiteBox Tool has been designed so that is can be used in performance-sensitive implementations such as the on-demand decryption of streamed DRM video in restricted Mobile platforms, yet its effect on code size is such that it is successfully deployed in multiple HCE Payment mobile applications globally.
WhiteBox protects data from attacks, whether it is at rest, in transit or in use by the application – without the need for hardware. WhiteBox allows you to encrypt and decrypt data without the encryption keys being exposed, allowing the secure transfer of sensitive information from directly within your applications.