Cryptographic Key Protection

How Cybercriminals are Stealing Keys

Exploit poor Key Management practices

Exploit hardware-based security storage

Inspect apps in an execution environment under their control

Use malware to steal keys from device memory

Exfiltrate keys embedded in the source code

Compromising unsecured cloud storage

Secure Your Cryptographic Keys with White-Box Cryptography

Zimperium zKeyBox leverages white-box cryptography to protect keys and secrets within your mobile application. Fundamentally, white-box cryptography is an approach to hiding keys used in general-purpose software implementations. It transforms and obscures cryptographic algorithms so that keys never appear in the clear and the execution logic is untraceable. Your keys cannot be extracted—even if the device itself has been compromised. Key benefits include:

  • Supports All Standard & Custom Algorithms. Agnostic security works on all platforms and devices. Protect any cryptographic algorithm such as AES, 3DES, RSA, ECC, HMAC, etc. Custom algorithm support is also available.
  • No Hardware Dependency. No dependency on any hardware based mechanisms provided by the platforms. (Ex. Keystores, Secure Enclave, Trusted Execution Environment (TEE) on Android)
  • Protect Keys When Stored, In Transit, and In Use. Keep keys safe at all times, even on compromised, jailbroken, or rooted devices. Keys are never exposed in memory; algorithms operate directly on encoded keys.

Media Firm Strengthens Content Key Security Across Its Multi-Platform Distribution Network

Learn how a major media firm leveraged Zimperium’s zKeyBox and zShield solutions to significantly bolster its security infrastructure and proactively safeguard its diverse content delivery network against malicious attacks aimed at business disruption and data theft.

Download Case Study

Platforms Supported

Why Zimperium for Cryptographic Key Protection

Simple Deployment & Integration

zKeyBox is simple to integrate and offers plug-and-play replacement for standard cryptographic libraries.

Built-In Support for Regulations

Supports DUKPT key management, TR-31 key blocks, and separation of payment card and PIN data as specified by PCI-DSS.

Integrated Security Suite

zKeyBox is part of our Mobile App Protection Suite, the only unified platform with centralized visibility and comprehensive in-app protection.

“ToothPic’s mission is to help companies to enhance the security of their digital services through our unique technology. We were looking for a technological partner who shared our same goal and Zimperium turned out to be the perfect one to collaborate with. The integration of Zimperium’s zKeyBox in our Key Protection SDK has strengthened the robustness of our technology. Together we brought the security to the next level, offering on the market a solution never seen before.”

– Giulio Coluccia, CEO & Co-Founder of ToothPic

Sign Up For Our Newsletter

Get the latest Mobile Security News and Updates in your inbox

Get started with Zimperium today