Company type | Private |
---|---|
Industry | IT, Cybersecurity, Application Security |
Founded | 2001 |
Headquarters | , USA |
Number of locations | USA (6), United Kingdom (1), France (1), Germany (1), Sweden (1), Japan (1), Korea (1) |
Key people |
|
Products | Arxan Code Protection, Cryptographic Key & Data Protection, Threat Analytics, and App Management |
Website | www.arxan.com |
Digital Ai (Formerly known as Arxan Technologies) is an American technology company specializing in anti-tamper and digital rights management (DRM) for Internet of Things (IoT), mobile, and other applications. Arxan's security products are used to prevent tampering or reverse engineering of software, thus preventing access or modifications to said software that are deemed undesirable by its developer. The company reports that applications secured by it are running on over 500 million devices. Its products are used across a range of industries, including mobile payments & banking, automotive, healthcare and gaming. [1] [2] [3]
Arxan is privately held and private equity-backed. In the fall of 2013, TA Associates, a private equity firm, completed a majority investment in Arxan Technologies. Previously, the company received Series B funding in 2003, [4] followed by $13 million in Series C funding in 2007 and a Series D funding of $4 million in 2009.[ citation needed ] Early investors included Trident Capital, EDF Ventures, Legend Ventures, Paladin Capital, Dunrath Capital, TDF Fund and Solstice Capital.
Arxan was founded in 2001 by Eric Davis and Purdue University researchers, Mikhail Atallah, Tim Korb, John Rice and Hoi Chang. The first funding came from Richard Early and Dunrath Capital. Rich Early subsequently became Arxan's first CEO. The company's early intellectual property was licensed from Purdue University. The company's initial focus was on defense anti-tamper applications. Following the sale of its defense technology unit, Arxan Defense Systems, to Microsemi in 2010, [5] Arxan focused on commercial applications.
In April 2020, Arxan Technologies joined CollabNet VersionOne and XebiaLabs to form Digital.ai, a software company with the stated aim of 'pulling software development, business agility and application security into a single platform'. [6] [7]
Arxan offers a number of Anti-Tamper Software products for application and cryptographic key protection. These include:
In May 2012, the company announced comprehensive support for Android application protection and hardening against tampering and piracy. [8] In June 2014, Arxan announced that its mobile application protection offerings will be sold by IBM as part of IBM's portfolio of security products.
The core technology consists of a multi-layered, interconnected network of Guards that each perform a specific security function and are embedded into application binaries to make programs tamper-aware, tamper-resistant, and self-healing. The company claims a three-layer protection paradigm of defend, detect and react as a differentiating approach. By detecting when an attack is being attempted and responding to detected attacks with alerts and repairs, this protection helps secure software against hacking attacks and threats such as: [9]
Arxan's IoT products insert the anti-tamper protection into the firmware of the device itself, causing parts of the code to continually check each other for integrity. If any tamper attempt is detected, Arxan's product can either attempt to restore the code to its original form, stop the firmware from running entirely, send a notification to the developer or any combination of the three. [10]
Its DRM solutions have been compared to their competitor Denuvo, with both working to provide a layer of anti-tamper security on top of already existing copy protection mechanisms added by the developer. This results in a multi-layered approach in which the original DRM software protects the software from unauthorized copying, modification or use, while Arxan prevents any attempt to remove or alter said protection. However, much like with Denuvo's application of it, this approach has also been criticised for increasing the use of system resources. Arxan has previously expressed strong confidence that its DRM solutions would not be cracked, but in fact cracks or bypasses for Arxan products have been shown to exist; in one example Zoo Tycoon Ultimate Animal Collection was successfully cracked in 2018 while using a five-layer approach featuring UWP, XbLA, MSStore, EAppX and Arxan protection simultaneously. [11] [12] [13] Several more bypasses of Arxan's protection have since emerged in 2018 [14] and 2019, with Arxan-protected Gears 5 being cracked by a scene group less than two weeks following its original release. [15]
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.
Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.
A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.
In cryptography and computer security, a man-in-the-middle (MITM) attack or on-path attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889.
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.
Tamperproofing, conceptually, is a methodology used to hinder, deter or detect unauthorised access to a device or circumvention of a security system. Since any device or system can be foiled by a person with sufficient knowledge, equipment, and time, the term "tamperproof" is a misnomer unless some limitations on the tampering party's resources is explicit or assumed.
Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM), such as access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM technologies govern the use, modification and distribution of copyrighted works and of systems that enforce these policies within devices. DRM technologies include licensing agreements and encryption.
Microsemi Corporation was an Aliso Viejo, California-based provider of semiconductor and system solutions for aerospace & defense, communications, data center and industrial markets.
Apperian, Inc. was a Boston-based software company. The organization provided a mobile application management platform that did not require app code modifications or software development kits (SDKs).
Anti-tamper software is software which makes it harder for an attacker to modify it. The measures involved can be passive such as obfuscation to make reverse engineering difficult or active tamper-detection techniques which aim to make a program malfunction or not operate at all if modified. It is essentially tamper resistance implemented in the software domain. It shares certain aspects but also differs from related technologies like copy protection and trusted hardware, though it is often used in combination with them. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.
A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).
Denuvo Anti-Tamper is an anti-tamper and digital rights management (DRM) system developed by the Austrian company Denuvo Software Solutions GmbH. The company was formed from a management buyout of DigitalWorks, the developer of SecuROM, and began developing the software in 2014. It was introduced with FIFA 15 in September. In addition to Denuvo Anti-Tamper, Denuvo Software Solutions has developed the anti-cheat system Denuvo Anti-Cheat and Nintendo Switch Emulator Protection, which attempts to prevent Nintendo Switch games from being emulated. The company was acquired by Irdeto in January 2018.
Verimatrix provides cybersecurity solutions that protect video content, streaming media, mobile applications, websites and APIs. The company merged with Inside Secure in 2019. It is headquartered in France and Asaf Ashkenazi is the CEO.
V-Key is a software-based digital security provider. Headquartered in Singapore, it provides products to financial institutions, mobile payment providers and governments to implement cloud-based payments, authentication for mobile banking, and secured mobile applications for user access and data protection.
This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.