Code Signing Solutions

Code Signing by Thales e-Security protects your software from tampering and maximizes security with tamper-resistant hardware and software solutions.

Code Signing

In an effort to protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted a practice known as code signing. Thales can help you implement efficient, high assurance code signing solutions that protect your business and your customers from attacks that forge or modify applications.

Code Signing
Building Trust into Business Applications

An application of public key cryptography, code signing is a specific use of certificate based digital signatures that enables an organization to verify the identity of the software publisher and prove that the software has not been changed since it was published. But if code signing is to be an effective measure for identifying trustworthy software, the code signing process itself must be secure. To prevent attackers from using forged code signatures to hide infected code, organizations must take steps to protect the process for creating these digital signatures.

Virtualization and Cloud Computing

As virtualization brings flexibility, the dynamic deployment and de-provisioning of application instances increases the need for integrity validation. Also, with the proliferation of cloud-based services, software developers need to ensure the integrity of their software as it executes in cloud environments over which they have minimal control.

Proliferation of Mobile Devices

The smartphone and tablet revolutions, arrival of the ‘app store economy,’ and the deployment of intelligent connected devices are increasing the proportion of business logic that resides and executes on unsecured devices in untrusted locations.

Thales Code Signing Solution

Designed for software vendors of all sizes and for enterprises that develop their own code, the Thales Code Signing Solution is a comprehensive solution that enables you to implement high assurance, high-efficiency code signing processes to protect your software from tampering and bring appropriate governance to your software publishing practices. Combining tamper-resistant nShield hardware security modules (HSMs) with services from Thales ASG, the Thales Code Signing solution is backed by our extensive expertise in code signing best practices and standards of due care.

Strong Hardware-based Key Protection

Hardware security modules from Thales provide tamper-resistant, certified protection for private code signing keys and a secure platform on which to execute critical digital signature processes.

Code Signing Operations

The Thales Code Signing Solution supports a range of authorization scenarios to suit your operational needs—including automated request/approval workflows. Thales also works with customers to address a flexible range of automation requirements for code signing processes as well as for centralized cryptographic key management. These capabilities are particularly applicable for medium to large- sized software-producing organizations where the volume and/or distribution of software build stations warrants shared services and resources.

Thales code signing solutions provide the following benefits:
  • Protect your company, partners and users from the potential risks associated with software tampering.
  • Implement a secure code signing process appropriate to your organization’s size and scope.
  • Maximize security with a tamper-resistant, hardware-based solution.
  • Simplify and streamline the code signing process using workflow automation capabilities.
  • Reduce risk by working with an expert in code signing best practices.
  • Deploy high assurance solutions that position your organization to meet requirements for regulatory compliance and emerging standards of due care.

Solution Briefs : Securing Code Signing

In addition to enhanced code signing key security, the Thales Code Signing solution offers a flexible range of automation capabilities for code signing approval processes as well as for centralized cryptographic key management. The Thales Code Signing solution is unique in that it not only provides a high assurance method to protect private code signing keys in certified secure hardware, but also offers a flexible range of capabilities to simplify and automate the code signing request/approval workflow for organizations with more complex environments.

Download

Webcasts : How High Assurance Code Signing Can Make You a Hero (Webcast)

Advanced persistent threats (APTs) like Stuxnet and Duqu have caused many software-producing organizations to re-examine their code signing operations – specifically the security of private signing keys that underpin the integrity of the entire process.

Listen Now

Посмотрите интерактивное демо Подробнее
Записаться на демо Записаться
Свяжитесь со специалистом Свяжитесь с нами