[英]Android Saving debit/credit card details in database
I was wondering how big e-commerce players like Flipkart and Paytm saves users debit/credit card information in a database. 我想知道像Flipkart和Paytm这样的大型电子商务玩家如何在数据库中保存用户借记卡/信用卡信息。 I know it would not be simple plain text so that anyone with a little programming background can reach. 我知道这不是简单的纯文本,因此任何具有一点编程背景的人都可以访问。 I was curious to know whether they store it in an online database only or they do save it in mobiles internal database(SQLite) also.If yes which encryption mechanism is generally used to store such an important details of the user. 我很想知道他们是将它存储在一个在线数据库中,还是将它们保存在移动设备内部数据库(SQLite)中。如果是,通常使用哪种加密机制来存储用户的这些重要细节。 Is any special permission from any authority is required to do so? 是否需要获得任何机构的特别许可? Thanks. 谢谢。
Firstly, you can look at Apple's privacy overview . 首先,您可以查看Apple的隐私概述 。 You can see that 你可以看到
When you add a credit, debit card, or prepaid card to Apple Pay, the information that you enter on your device by typing or using the iSight camera is encrypted and sent to Apple servers. 向Apple Pay添加信用卡,借记卡或预付卡时,您通过键入或使用iSight摄像头在设备上输入的信息将被加密并发送至Apple服务器。
This is an overview from Apple. 这是Apple的概述。 The same technique is adopted by other leading companies to protect user data safely. 其他领先公司采用相同的技术来安全地保护用户数据。
Storing credentials in the internal storage is highly condemned. 在内部存储中存储凭据受到高度谴责。 DO NOT store data in the internal storage. 请勿将数据存储在内部存储器中。
Secondly, as far as the encryption algorithm is concerned then 其次,就加密算法而言
In PCI, AES, Triple-DES, SHA-1, RSA etc. are fairly common. 在PCI,AES,Triple-DES,SHA-1,RSA等中相当普遍。 PCI is bit slow to adopt new cryptographic standards. PCI采用新的加密标准有点慢。 This is for part that payment industry uses devices (like cards) with relatively underpowered processing units. 这是支付行业使用具有相对不足的处理单元的设备(如卡)的部分。
AES is used mostly but the encryption technique varies with time and better and more secure versions are used for stronger security. AES主要使用,但加密技术随时间而变化,更好,更安全的版本用于更强的安全性。 In fact more that one algorithm is used in conjunction for better ciphering of data. 事实上,更多的是一种算法结合使用以更好地加密数据。
Lastly, 最后,
Is any special permission from any authority is required to do so.
No. You don't need any special permission for encryption and storage as long as you know what you are doing with those sensitive data. 不需要。只要您知道自己在处理这些敏感数据时,您就不需要任何加密和存储的特殊权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.