Cryptographic Key Protection
How Cybercriminals are Stealing Keys
Exploit poor Key Management practices
Exploit hardware-based security storage
Inspect apps in an execution environment under their control
Use malware to steal keys from device memory
Exfiltrate keys embedded in the source code
Compromising unsecured cloud storage
Secure Your Cryptographic Keys with White-Box Cryptography
Zimperium zKeyBox leverages white-box cryptography to protect keys and secrets within your mobile application. Fundamentally, white-box cryptography is an approach to hiding keys used in general-purpose software implementations. It transforms and obscures cryptographic algorithms so that keys never appear in the clear and the execution logic is untraceable. Your keys cannot be extracted—even if the device itself has been compromised. Key benefits include:
- Supports All Standard & Custom Algorithms. Agnostic security works on all platforms and devices. Protect any cryptographic algorithm such as AES, 3DES, RSA, ECC, HMAC, etc. Custom algorithm support is also available.
- No Hardware Dependency. No dependency on any hardware based mechanisms provided by the platforms. (Ex. Keystores, Secure Enclave, Trusted Execution Environment (TEE) on Android)
- Protect Keys When Stored, In Transit, and In Use. Keep keys safe at all times, even on compromised, jailbroken, or rooted devices. Keys are never exposed in memory; algorithms operate directly on encoded keys.
Platforms Supported
Why Zimperium for Cryptographic Key Protection
Simple Deployment & Integration
zKeyBox is simple to integrate and offers plug-and-play replacement for standard cryptographic libraries.
Built-In Support for Regulations
Supports DUKPT key management, TR-31 key blocks, and separation of payment card and PIN data as specified by PCI-DSS.
Integrated Security Suite
zKeyBox is part of our Mobile App Protection Suite, the only unified platform with centralized visibility and comprehensive in-app protection.
“ToothPic’s mission is to help companies to enhance the security of their digital services through our unique technology. We were looking for a technological partner who shared our same goal and Zimperium turned out to be the perfect one to collaborate with. The integration of Zimperium’s zKeyBox in our Key Protection SDK has strengthened the robustness of our technology. Together we brought the security to the next level, offering on the market a solution never seen before.”
– Giulio Coluccia, CEO & Co-Founder of ToothPic
Recommended Reading
Top 5 Cryptographic Key Protection Best Practices
Read the top five best practices that developer teams should implement to keep cryptographic keys safer.
How to Make Mobile Payments Frictionless, Open and Secure for Everyone
Speakers: Andrew Cole (Chief Financial Officer of Felix Payment Systems), Noah Fitzgerald (Chief Operations Officer of Felix Payment Systems), & Krishna Vishnubhotla (VP of Product Strategy at Zimperium)
Top 7 Source Code Obfuscation Techniques
Download our report to learn about the top obfuscation security techniques used by developers around the world.