Keep secrets and keys safe on any mobile device
Even the strongest encryption methods fail when the cryptographic keys are compromised. Hackers can easily find and steal exposed keys in code or memory.
Zimperium zKeyBox leverages white-box cryptography to protect keys and secrets within your mobile application. It transforms and obscures cryptographic algorithms so that keys never appear in the clear and the execution logic is untraceable. Your keys cannot be extracted—even if the device itself has been breached.
Benefits
Strongest software-based key protection
Conceals and obscures keys and algorithm logic so keys can’t be extracted and tampering attempts are shut down. No dependency on any hardware based mechanisms provided by the platforms. (Ex. Keystores, Secure Enclave, Trusted Execution Environment (TEE) on Android)
Protect keys when stored, in transit, and in use
Keep keys safe at all times, even on compromised, jailbroken, or rooted devices. Keys are never exposed in memory; algorithms operate directly on encoded keys.
Accelerate time to market
Replace your standard cryptographic libraries with plug and play white-box secured key protection.
Any algorithm, any platform
Agnostic security works on all platforms and devices. Protect any cryptographic algorithm such as AES, 3DES, RSA, ECC, HMAC, and others. Custom algorithm support is also available.
Comply with regulations
Meet and exceed application security and data privacy requirements while minimizing approval and testing timelines. Supports PCI-DSS specifications including separation of payment card and PIN data.
Backed by experts
Zimperium’s deep expertise to guide every step of your deployment. zKeyBox protects keys in millions of installed apps and undergoes regular independent security testing.
Easy implementation that accelerates time-to-market
Seamless integration: zKeyBox is a simple to integrate plug and play replacement for standard cryptographic libraries.
Built-in support for security regulations: Undergoes regular penetration testing and supports DUKPT key management, TR-31 key blocks, and separation of payment card and PIN data as specified by PCI-DSS.
No dedicated security hardware: No TPM, TEE, SE, SIM or HSM devices are required.
“Security and risk management leaders must take due care in protecting their application clients to avoid turning a promising software design trend into a security failure.”
– Gartner’s Market Guide for In-App Protection Report (July 3, 2019; Dionisio Zumerle and Manjunath Bhat)