Trusted Deployment Service (TDS) is a solution offered by whiteCryption that focuses on generating diversified white-box protected packages of whiteCryption SKB with unique export keys. By employing TDS, whiteCryption clients can gain access to the following options.
-
Diversifying whiteCryption SKB packages. This involves generating a unique binary-level implementation of the whiteCryption SKB program code. Although the set of cryptographic operations provided by each diversified whiteCryption SKB package is the same, the way these operations are physically implemented in the program code varies. The principal benefit of this feature is improved security. For example, if an adversary manages to compromise a particular system that uses whiteCryption SKB, this breach will not directly affect other systems with a different binary implementation.
-
Injecting unique export keys into whiteCryption SKB packages. Each whiteCryption SKB package contains an embedded key called the export key. This key is used for exporting and importing internal secure data (usually cryptographic keys). The export key is unique to each set of whiteCryption SKB packages of each client. Therefore, data exported by whiteCryption SKB packages of one client cannot be imported into whiteCryption SKB packages of another client.
whiteCryption TDS provides diversification and makes generation, injection, and storage of export keys as safe as possible. With TDS, these operations are performed in a trusted and controlled manner. When a new production package is generated, a unique binary implementation is created and a new export key is securely injected into the whiteCryption SKB package. The production package is then encrypted and distributed to the client.
