Intertrust Launches First and Only Enterprise-Ready White-Box Cryptography Solution for Web Applications


SAN FRANCISCO at RSA Conference (North Expo Booth 5464)—February 24, 2020—Intertrust today announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack.

whiteCryption Secure Key Box™ (SKB) for Web Combines Ease of ‘Drop-in and Go’ Library with the Strongest and Broadest Protection of Web Cryptographic Keys

SAN FRANCISCO at RSA Conference (North Expo Booth 5464)—February 24, 2020—Intertrust today announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack.

SKB for Web brings Intertrust’s proven whiteCryption white-box technology, which prevents hackers from extracting keys using either static or dynamic methods, to web applications. SKB for Web is delivered as a JavaScript consumable API that securely performs all common cryptographic functions. It protects cryptographic keys even when running on a compromised host, and provides stronger and broader protection than low-level interfaces, such as the Web Crypto API, which do not secure against side-channel and other attacks running outside the browser.

“A lot of people think that by using cryptography they are securing their systems, but what they often don’t realize is that they are merely shifting the problem of data protection to protecting the keys,” said Bill Horne, general manager of the Secure Systems product group at Intertrust. “Secure Key Box for Web prevents hackers from stealing keys from Web applications, resisting existing and future side-channel and fault injection attacks with ‘drop-in and go’ ease that requires no additional operations or protocols.”

Information shared via a browser often needs to be encrypted to ensure rogue actors cannot access proprietary data and systems, impersonate a legitimate user, generate fraudulent digital signatures, or modify or create entirely false data and transactions. However, with the skyrocketing growth of applications running on mobile devices, as well as the overall migration of applications to the cloud and the use of JavaScript, there are a host of downstream impacts and new risk vectors that expose the cryptographic keys that protect this information from theft.

For example, applications increasingly use APIs to interact with server-side applications, yet browser APIs and third-party cryptographic libraries cannot protect keys from attacks on the underlying host without having access to underlying hardware security support. Hackers are able to obtain keys through various techniques including scanning memory at runtime for keys, or examining code to find hard-coded keys, and then employ the same key in attacks against the server. Horne explained, “SKB for Web makes it extremely difficult for an attacker to reverse engineer apps or extract key information even when the Javascript source code of the implementation is available.”

The solution prevents application attacks by enabling standard cryptographic functions to be performed without the keys ever being exposed whether in use or at rest. SKB for Web also protects keys and credentials from side-channel attacks by making them safe from exploits running within the browser, as well as natively on the PC or device.

Learn more about whiteCryption Secure Key Box for Web at intertrust.com/whitecryption.

RSA Conference 2020 attendees can discuss Secure Key Box for Web with experts from Intertrust, and see demonstrations of the product, by dropping by the Intertrust booth in Moscone Center North. A live demo of SKB for Web will also take place at the RSA Conference South briefing center on Thursday, Feb. 27, at 11:30 AM.

About Intertrust

Intertrust provides trusted computing products and services to leading global corporations–from mobile, consumer electronics and IoT manufacturers, to service providers and enterprise software platform companies. These products include the world’s leading digital rights management (DRM), software tamper resistance, and technologies to enable private data exchanges for various verticals including energy, entertainment, retail/marketing, automotive, fintech, and IoT. Founded in 1990, Intertrust is headquartered in Silicon Valley with regional offices in London, Tokyo, Mumbai, Bangalore, Beijing, Seoul, Riga, and Tallinn. The company has a legacy of invention, and its fundamental contributions in the areas of computer security and digital trust are globally recognized. Intertrust holds hundreds of patents that are key to Internet security, trust, and privacy management components of operating systems, trusted mobile code and networked operating environments, web services, and cloud computing.