Plug & play
app, keys and data Protection

QShield protects your apps, keys and data against static and dynamic attacks.
Locally and remotely react in case your environment is compromised.
Secure your keys without embedding an expensive hardware element.
Simply protect your data benefiting of the best avaiable security environment.

Defend and Protect your sensitive assets reducing the risk of a data breach

Preserve your software Intellectual Property from attackers with a layered and modular security approach.

Avoid your data and applications are used for unintended purposes.

Reduce the time of certification thanks to best in class technology.

Reshaping the modern software security posture

In our modern environment, software is present in every aspect of our professional and personal life. As they are crucial in this aspect, applications also contain large amounts of personal, financial and medical data. The ever-growing rise of attacks has shown that building barriers around them is today no longer sufficient to safeguard applications. We must rethink the security approach for these endpoints and integrate protection measures from within, giving them the ability to defend themselves against attacks.

QShield is built to this intent and provides a comprehensive set of in-app protection technologies for software running on mobile, desktop and embedded architectures. By layering several protection measures and counter-measures against a wide range of attacks, QShield ensures that your applications, data, code and keys are safe.

Three components to protect code, data, and cryptographic keys

  • Deter attackers to reverse-engineer your applications with QShield obfuscation-compiler.
  • Apply more than 30 possibilities of scrambling software blocks, functions and modules. 
  • Choose the right security combination while maximizing performances.
  • Counter static and dynamic analysis with our Runtime Application Self-Protections (RASP)
  • Conceal secret keys and unique identifiers from prying eyes with QShield white-box cryptography library.
  • Prevent cryptographic keys recovery in unsecured devices without changing the hardware layout.
  • Choose the right cryptographic protocols to serve your authentication, signature and encryption needs.
  • Protect keys against static and dynamic analysis and bind them to authorized devices.
  • Prevent leaks and theft of sensitive data, such as Personal Identifiable Information (PII).
  • Leverage hardware and software protection environment with a simple API.
  • Encrypt and decrypt data in a simple manner without dealing with complex and device specific protocols.
  • Protect data against static analysis and bind them to authorized devices.

A robust & proven Software Protection Tool (SPT)

Faster certification time for payment vendors

All QShield components have been successfully certified under the stringent evaluation process for Software-Based Mobile Payment Solution, by an independent third-party lab.

QShield is also the first product worldwide to have a white-box cryptography component certified under this evaluation process.

This certification guarantees a high level of security assurance as technologies evaluated under this process must showcase a high level of robustness, which is of importance for mobile payment applications, and can be further leveraged for other applications such as for the entertainment industry or protecting software Intellectual Property.

QShield in the real world

Viaccess-Orca was looking for an organisation able to offer a high level of proximity and responsiveness to threats and this is what we have found with Quarkslab.

Our teams are now working closely together to obfuscate source code, protect encryption keys for our secure player as well as maintain the best ratio between performance and security.

Cédric Hardouin

Executive VP R&D, Viaccess-Orca

Partners

Resources

Securing Mobile Payment Applications

PCI CPoC - Mobile Payment

Ready to augment your security operations?

Get in touch with our team for a platform demo.