堆栈内存溢出
  简体   繁体   English

如何在iPhone上存储信用卡信息?

[英]How to store credit card info on iphone?

 原文  2012-05-30 16:04:25       iphone/ ios/ security

问题描述

I have requirement to store credit card number in iPhone app. 我要求在iPhone应用程序中存储信用卡号码。 How to store the data secure manner. 如何以安全的方式存储数据。 I have looked at keychain. 我看过钥匙扣。 Apart from it, is there anything i can use. 除此之外,还有什么我可以使用的。

4 个解决方案

解决方案1
 4 已采纳  2012-05-30 16:55:11

As mentioned above, you should first look into the legality of this, especially with Apple restrictions on what goes in the app store. 如上所述,您应该首先考虑这一点的合法性,特别是Apple对应用商店内容的限制。

That said, I have had to encrypt sensitive information before, and decided to go overboard with AES-256 encryption. 也就是说,我之前不得不加密敏感信息,并决定过度使用AES-256加密。 Since usernames, passwords and personal data were being sent over a network, it was necessary. 由于用户名,密码和个人数据是通过网络发送的,因此是必要的。 I used FBEncrypt for this - it's a great wrapper around CCCrypt. 我使用了FBEncrypt - 它是CCCrypt的一个很好的包装器。

https://github.com/dev5tec/FBEncryptor https://github.com/dev5tec/FBEncryptor

That will allow you to do base-64 encoding and AES-256 encoding, among other things, and it is really convenient. 这将允许您进行base-64编码和AES-256编码等等,这非常方便。 Check it out if you really need it! 如果你真的需要它,请检查一下!

解决方案2
 1  2012-05-30 16:14:31

This question as stated is difficult to answer. 如上所述的这个问题很难回答。 It is up to author(s) of the requirement to determine the level of security needed. 由作者决定所需的安全级别。 They may wish to get some legal advice about what, if any, liability may be incurred for leaking the data. 他们可能希望获得一些法律建议,以了解泄露数据可能产生的责任(如果有的话)。

Once you know the appropriate level of protection, then you can start evaluating solutions. 一旦了解了适当的保护级别,就可以开始评估解决方案。 Keychain is good, but there are quite a few encryption options available. 钥匙串很好,但有很多加密选项可供选择。

Questions you may want to get answers to besides how to store the number include: 除了如何存储号码外,您可能想要获得答案的问题包括:

  • What authentication will be needed to expose the number? 公开号码需要什么身份验证?
  • What is the expected lifecycle of the exposed number? 暴露号码的预期生命周期是多少?
    • How long can the number stay exposed? 这个数字可以暴露多久?
    • How will the number be purged from memory? 如何从内存中清除号码?
  • How can the exposed number be used? 如何使用暴露的数字?
    • Can the number ever be displayed to the user? 该号码是否可以显示给用户?
    • Will you allow the number to be copied to the clipboard? 您是否允许将号码复制到剪贴板?

If you want to be serious about protecting information (any information), you need to do some serious design work. 如果您想认真保护信息(任何信息),您需要做一些认真的设计工作。

解决方案3
 0  2012-05-30 18:26:56

You need to do very serious research into this and not necessarily accept what people on this site say without thorough research and confirmation on your part. 您需要对此进行非常认真的研究,并且不一定接受本网站上的人所说的内容,而无需您进行彻底的研究和确认。

Storing information like credit card info is not something you should implement just based on responses on this site IMO. 存储信息如信用卡信息不是您应该根据本网站IMO的回复实施的。

If you are serious you need to read, understand and apply the material in the book "Hacking And Securing iOS Applications" to understand what the dangers are and how you can mitigate against them, and how techniques that people say are secure really aren't as secure as you think they might be. 如果你是认真的,你需要阅读,理解和应用“破解和保护iOS应用程序”一书中的材料,以了解危险是什么以及如何减轻它们,以及人们认为安全的技术真的不是像你认为的那样安全。

解决方案4
 0  2013-12-12 10:24:31

Encryption and the use of SSL/HTTPS seems enough for this case. 对于这种情况,加密和使用SSL / HTTPS似乎已足够。 If you are new to the subj, good general guidelines here: Mobile App Development Tips: How to Ensure Data Security 如果您是subj的新手,那么这里有一个很好的通用指南: 移动应用开发技巧:如何确保数据安全

There are many implementations, eg you can use AES256 algorithm mentioned above: 有很多实现,例如你可以使用上面提到的AES256算法:

  1. When an app saves a credit card number for the first time, a random masterKey and initialization vector (IV) are generated. 当应用程序第一次保存信用卡号时,会生成随机masterKey和初始化向量(IV)。 Use them later for encryption. 稍后使用它们进行加密。
  2. A masterSalt is generated and saved locally. 在本地生成并保存masterSalt。
  3. Using plainPassword and masterSalt, a hash (PBKDF2) is calculated. 使用plainPassword和masterSalt,计算哈希值(PBKDF2)。
  4. Using the AES256 algorithm, the calculated hash is used to encrypt both MasterKey and IV. 使用AES256算法,计算的散列用于加密MasterKey和IV。
  5. Encrypted MasterKey and IV are saved locally. 加密的MasterKey和IV在本地保存。
  6. Decrypt the MasterKey and IV using plainPassword and masterSalt hash (PBKDF2). 使用plainPassword和masterSalt哈希(PBKDF2)解密MasterKey和IV。
  7. Now, encrypt the data with MasterKey and IV using the AES256 algorithm. 现在,使用AES256算法使用MasterKey和IV加密数据。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iPhone将信用卡信息保存在钥匙串中还是使用加密技术? - Iphone save Credit card info in keychain or use cryptography? 如何在 iPhone 中加密信用卡号码 - How to encrypt credit card number in iPhone 如何在iPhone应用程序中从用户处进行信用卡付款? - How to take credit card payments from user in iPhone applications? 如何在我的iPhone应用程序中进行信用卡订阅? - How do I take a credit card subscription in my iPhone app? 我们可以向用户询问信用卡号或贝宝详细信息,将信用卡号存储在我们的服务器上,我们可以在 iPhone 应用程序中使用 SSL 进行交易吗? - Can we ask user for credit card number or paypal details,store credit card number on our server, can we use SSL in iphone application for transaction? 在iPhone应用程序中存储信用卡详细信息 - Storing Credit Card details in the iPhone App iPhone PayPal信用卡处理API - iphone paypal credit card processing api iPhone Sdk中的信用卡验证算法 - Credit Card Validation Algorithm in iPhone Sdk iPhone:用于信用卡输入的数字键盘 - iPhone: numeric keyboard for credit card input 在iPhone应用程序中验证信用卡公式 - Validate Credit Card Formula in Iphone App
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM