The first enterprise-ready white-box cryptography solution for web applications ensures security against cyberattack
Intertrust has announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack.
It protects cryptographic keys even when running on a compromised host, and provides stronger and broader protection than low-level interfaces, such as the Web Crypto API, which do not secure against side-channel and other attacks running outside the browser.
A lot of people think that by using cryptography they are securing their systems, but what they often don’t realize is that they are merely shifting the problem of data protection to protecting the keys, said Bill Horne, general manager of the Secure Systems product group at Intertrust.
Secure Key Box for Web prevents hackers from stealing keys from Web applications, resisting existing and future side-channel and fault injection attacks with ‘drop-in and go’ ease that requires no additional operations or protocols, he said.
Information shared via a browser often needs to be encrypted to ensure rogue actors cannot access proprietary data and systems, impersonate a legitimate user, generate fraudulent digital signatures, or modify or create entirely false data and transactions.
For example, applications increasingly use APIs to interact with server-side applications, yet browser APIs and third-party cryptographic libraries cannot protect keys from attacks on the underlying host without having access to underlying hardware security support.
Hackers are able to obtain keys through various techniques including scanning memory at runtime for keys, or examining code to find hard-coded keys, and then employ the same key in attacks against the server.
The solution prevents application attacks by enabling standard cryptographic functions to be performed without the keys ever being exposed whether in use or at rest. SKB for Web also protects keys and credentials from side-channel attacks by making them safe from exploits running within the browser, as well as natively on the PC or device.
This article is for information purposes only.
Please remember that financial investments may rise or fall and past performance does not guarantee future performance in respect of income or capital growth; you may not get back the amount you invested.
There is no obligation to purchase anything but, if you decide to do so, you are strongly advised to consult a professional adviser before making any investment decisions.