Article

PACE Anti-Piracy Raises the Bar in White-Box Encryption Protection for Bank, PSP, and Payment Scheme Applications

Next-gen ‘White-Box Works’ code generator launches complete with EMVCo Software-Based Mobile Payment security evaluation certificate

1st March 2022 - San Jose, California - Banks, payment service providers (PSPs), schemes, and other financial institutions can now benefit from a uniquely high level of sensitive data protection and application attack resistance, following today’s launch of White-Box Works, a next-generation EMVCo-evaluated White-Box code generator, from PACE Anti-Piracy. 

Unlike traditional solutions, White-Box Works gives the customer complete, independent control over their protected code, ensuring their encryption keys and proprietary algorithms never leave the customer’s premises. White-Box Works can transform any C-code into a protected white-box variant in a single step, offering unparalleled flexibility, security, and efficiency.

This level of in-house control also promises to increase operational efficiency for the customer, since they are no longer beholden to a white-box library vendor’s build schedule and can develop their application in accordance with their internal schedules. It also enables the customer to use, replace and update their deployed encryption keys and algorithms at will, with no need to re-engage PACE Anti-Piracy, or any other third-party vendor, to do so. 

White-Box Works has been designed to defeat a variety of sophisticated attacks, including those involving reverse engineering, fault injection, and advanced statistical analysis (such as Differential Computation Analysis).

White-Box Works outputs code that has been designed to defeat a range of attacks to which many encryption-dependent financial apps remain vulnerable, including, for example, those supporting mobile payments, digital identity, self-service retail, and softPOS use-cases. 

White-Box Works has also achieved an EMVCo Software-Based Mobile Payment (SBMP) security evaluation certificate, following a successful EMVCo SBMP Evaluation conducted by global security lab, Riscure. 

“Statistical Analysis attacks are the bane of all white-box encryption protection solutions,” comments Allen Cronce, CEO of PACE Anti-Piracy, Inc. “We are very proud to be equipping the financial services industry with a solution capable of addressing these and other vulnerabilities. White-Box Works represents a significant step forward in the encryption protection space, and will give banks, PSPs, schemes, and other financial sector users greater confidence in the security of their sensitive data. We’re also delighted to accompany the launch with news of White-Box Works’ EMVCo SBMP evaluation certificate and are grateful to Riscure’s talented penetration testers. The entire Riscure team has been a pleasure to work with throughout the rigorous EMVCo evaluation process.”

“Riscure is proud to have assisted PACE Anti-Piracy in achieving an EMVCo SBMP evaluation certificate for White-Box Works,” adds Maarten Bron, Managing Director of Riscure North America. “This innovative technology provides a unique security capability for solution developers as it supports the creation of white-box instances for any algorithm, allowing for optimal flexibility and developer freedom when the protection of cryptographic keys is vital. This makes White-Box Works not only useful in payments, but also in other fields such as digital rights management, eHealth, IoT, automotive and more.” 

“It's also noteworthy that White-Box Works was evaluated as a stand-alone technology and did not require the additional protection of binary hardening and tamper-proofing technology to receive an EMVCo security evaluation certificate,” adds Allen Cronce. “I believe this is another industry first for White-Box Works. It’s an unmatched achievement we are immensely proud to highlight.”

White-Box Works is available now. For more information, please visit our White-Box Works webpage or contact PACE Anti-Piracy at [email protected]

About PACE Anti-Piracy, Inc.

PACE Anti-Piracy, Inc. is a privately held company based in San Jose, California. Since 1985, PACE has provided software publishers and distributors with high-quality solutions for secure software distribution. PACE products are used by a growing number of world-class software publishers around the world.

www.paceap.com 

About Riscure

Founded in 2001, Riscure is a leading global advisor on the security of connected and IoT devices, as well as a recognized vendor of advanced security testing tools and security training. Riscure helps customers around the world to build robust hardware and software solutions and to speed up the process of secure development and certification. Riscure is the thought leader in Mobile Security and has been the front runner on security analysis of White-box Cryptographic implementations since 2012.
www.riscure.com

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram