Mobile Wallets

Secure & manage your mobile payment wallet with 
PACE Anti-Piracy’s white-box cryptography tools

White-Box Cryptography for Secure Mobile Payments

PACE Anti-Piracy’s White-Box Works is the culmination of many years of development, delivering unparalleled security performance from a toolkit over which the mobile payment wallet and SDK developers have full control. 
Mobile Wallet
While ApplePay and GooglePay have become dominant in Western Europe and much of North America, banks in Latin America, Central Asia, and Africa have recognised the advantages of adding mobile payments to their existing Android banking apps. 
In these cases, the banks themselves, or their Payment Service Providers (PSPs), are developing Software Development Kits (SDKs) to allow the addition of EMVCo card payments directly into their own branded and managed wallets, taking advantage of access to the established Credit Card Schemes’ Tokenization services. These are often referred to as Issuer or HCE Wallets.
Increasingly, there is a focus on securing Issuer Wallets. This requires strong protection of cryptographic and payment credentials within the wallet. Since the very first Issuer Wallet, a proven approach has been to use white-box cryptography.

Resistant to Modern Cryptographic Attacks

White-Box Works is a modern developer tool for adding white-box cryptography to applications. It provides a pure software solution for protecting cryptographic and payment keys on your users’ mobile devices. It offers significantly better protection against attacks than existing solutions and is more flexible without compromising ease of use or performance.
Continuous in-house and external security evaluations ensure white-box implementations generated with White-Box Works are resistant to modern white-box attacks, including reverse engineering, side channel analysis (memory trace analysis), register trace analysis, and fault injection.

Key Rotation

It has been said elsewhere that “Cryptography is a machine for turning any problem into a key management problem.” This has been the case throughout the history of Mobile Wallets. However, the issue has recently become a greater imperative in Mobile Payments.
The cloud computing principle of “Key Rotation” is now being recommended by some security labs for Mobile Wallet (and SoftPOS) solutions. While this is a relatively mature process for ‘always on’ or ‘always connected’ cloud instances and APIs, it is much more challenging for discrete Mobile Applications on a consumer’s smart-phone.
Using white-box technology, where a root or wrapping key is dissolved into the white-box’s code, Key Rotation is achieved by replacing the whole white-box library in the app with a new one that contains the updated key. Once incorporated in the wallet code and tested, a new version update can be pushed to all apps via the Google Play store.
If traditional Gen 1 white-box libraries are used, the wallet developer will have to request a replacement build from their vendor, send the new key(s) to the provider, and then incorporate the resulting new library into the code. This is time consuming, the new keys are out of the developers’ hands, and this may be a chargeable service. 
As a result, if the Security lab sets a target of a monthly Key Rotation in order to certify the application, this means 12 customer-specific keys (per wallet) and 12 completely new white-box libraries are required from the vendor per year.
PACE’s White-Box Works is a Gen 3 white-box tool. It gives you the ability to define and build your own white-boxes. This makes Key Rotation a simple process, without any external dependencies. This means no delays, no risk of external mistakes, and—often most importantly—no additional costs.

Key Rotation
EMVCo logo

Security and Compliance

The Payment Schemes and EMVCo have had mobile wallet specifications in place for many years. These are required to ensure that end-user customers’ and wallet providers’ data is secured at all stages of the payment process. The Tokenization Services from Card Schemes are a critical component but the “weakest link” is always the mobile app and the wallet within. This is why the Card Schemes, via EMVCo, demand strict certification testing at accredited security labs. 
Consumer trust is paramount.
The key to achieving certification, a critical milestone for Fintechs, is the secure management of the required cryptographic functions within Mobile Wallet applications. 

Learn more about securing your Mobile Wallet with White-Box Works

To learn more about how PACE Anti-Piracy can add a layer of protection to your mobile wallet, contact our team of security experts today.

PACE Anti-Piracy’s White-Box Works developer tools quickly and efficiently deliver critical components of the cryptographic architecture required for mobile wallets - while allowing the developer the freedom to create innovative software for banks and card holders alike.

To learn more about how PACE Anti-Piracy can add a layer of protection to your mobile wallet, contact our team of security experts today.

Key Benefits

Strong Security

Leave software protection to us - that's what we do. Your focus can be on developing great products.

Keep Code In-house

Your code stays in-house with full support from our engineering team.

EMVCo Certified

PACE Anti-Piracy has completed rigorous penetration testing and received certification from EMVCo.

Flexible Implementation

Ability to create unique white-box cyptographic networks and architectures on demand.

Developer Freedom

Full freedom to build upon PCI, EMVCo, MPoC and SPoC standards.

Algorithm Agnostic

White-Box Works can protect both industry standard and proprietary implementations. 

PCI Compliant

PCI Develops the underlying security structure for payments. They are developing new flexible standards for SoftPOS.

Customer Support

Our customers receive full documentation, quality support, and access to our engineering team.

Proven Track Record

PACE brings nearly 4 decades of security and licensing experience.
homelicensemove linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram