移动设备上的数据保护
我正在手机上存储一些医疗数据,我想知道最好的加密系统是什么,以确保数据安全。它基本上是一堆模型对象,我使用 NSKeyedArchiver / Blackberry 上的等效项进行序列化和存储(这个名字现在让我无法理解)
有什么建议吗?我不想在进行过程中制定安全协议,但其他线程之一建议了以下方法。
- 生成公钥/私钥对
- 存储公钥
- 使用用户密码的哈希值加密私钥。
- 使用公钥对字节流进行加密。
- 每当用户登录时,解密 pvt 密钥,将其保存在内存中,并根据需要解密存储的数据。
有没有更标准的方法来做到这一点?
谢谢,
特贾。
编辑:我很感激你试图帮助我,但目前正在讨论的事情是业务层面的讨论,我无法控制。因此,重新表述我的问题,如果您忽略它是医疗保健数据,而是一些机密数据,例如密码,您会如何做?
I'm storing some healthcare data on a mobile phone and I'd like to know what the best system of encryption is, to keep the data secure. It's basically a bunch of model objects, that I'm serializing and storing using NSKeyedArchiver / the equivalent on Blackberry (the name eludes me for now)
Any tips? I don't want to make up security protocols as I go along, but one of the other threads suggested the following approach.
- Generate a public / private key pair
- Store the public key
- Encrypt the private key with a hash of the user's password.
- Use the public key to encrypt the byte stream.
- Decrypt the pvt key, keep it in memory, whenever the user logs in, and decrypt the stored data as needed.
Is there a more standard way of doing this?
Thanks,
Teja.
Edit: I appreciate it that you're trying to help me, but the things currently being discussed are business level discussions, on which I have no control of. So rephrasing my question, if you ignore that it's healthcare data, but some confidential data, say a password, how would you go about doing it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
可能有一种更简单的安全数据存储方法。苹果在iOS 4.0中引入了提供应用程序文档加密的系统。这意味着操作系统负责以相当透明的方式进行所有加密和解密。
因此,只有当您的应用程序处于活动状态时,才能以未加密的格式读回文件。但好处是它们总是在磁盘上加密。因此,即使有人越狱或备份设备,检索到的文件也毫无价值。
引入这可能是为了符合所需的某些特定数据安全标准。但我在任何地方都找不到。
有关详细信息,请参阅 iOS 4.0 发行说明。
There might be an easier way for secure data storage. With iOS 4.0 apple introduced system provided encryption of application documents. This means that the OS is responsible for doing all the encryption and decyryption in a fairly transparent way.
So only when your app is active, the files can be read back in unencrypted format. But the nice thing is that they are always encrypted on disk. So even if someone jailbreaks the device, or backs it up, the retrieved files are worthless.
This was probably introduced to conform to some specific data security standard that is required. I can't find that anywhere though.
For more info see the iOS 4.0 release notes.
http://en.wikipedia.org/wiki/HIPAA
请确保您阅读并理解本内容!
编辑:抱歉,我什至没有去检查 OP 来自哪里,但即使它们不是来自美国,在 HIPAA 中仍然有一些好的做法可以遵循。
http://en.wikipedia.org/wiki/HIPAA
Make sure you read and understand this!
edit: Sorry, didn't even bother to check to see where the OP is from, but even if they aren't from the USA there are still some good practices to follow in HIPAA.
我最好的建议是,不要将敏感数据存储在用户的手机中。
如果这不适合您,那么某种公钥/私钥加密(例如您所描述的加密)将是下一个最佳选择。
My best advice would be, don't store sensitive data in the user's mobile phone.
If that is not an option for you, then some kind of public/private key encryption, such as one you described, would be the next best option.
HIPPA 是一种商业实践和总体系统级隐私/安全法规。因此,应用程序本身无法满足随机用户的随机硬件要求。您需要确定您的应用程序如何适应客户医疗保健提供商的总体监管合规流程,然后才能确定可能找到哪种算法来符合该流程。
HIPPA is a business practice and total system level privacy/security regulation. As such, an app can't comply by itself on random hardware for a random user. You need to determine how your app fits into a client health care provider's total regulatory compliance process before you can determine what algorithm might be found to comply with that process.