移动设备上的数据保护

发布于 2024-09-16 11:11:33 字数 445 浏览 9 评论 0原文

我正在手机上存储一些医疗数据,我想知道最好的加密系统是什么,以确保数据安全。它基本上是一堆模型对象,我使用 NSKeyedArchiver / Blackberry 上的等效项进行序列化和存储(这个名字现在让我无法理解)

有什么建议吗?我不想在进行过程中制定安全协议,但其他线程之一建议了以下方法。

  • 生成公钥/私钥对
  • 存储公钥
  • 使用用户密码的哈希值加密私钥。
  • 使用公钥对字节流进行加密。
  • 每当用户登录时,解密 pvt 密钥,将其保存在内存中,并根据需要解密存储的数据。

有没有更标准的方法来做到这一点?

谢谢,
特贾。

编辑:我很感激你试图帮助我,但目前正在讨论的事情是业务层面的讨论,我无法控制。因此,重新表述我的问题,如果您忽略它是医疗保健数据,而是一些机密数据,例如密码,您会如何做?

I'm storing some healthcare data on a mobile phone and I'd like to know what the best system of encryption is, to keep the data secure. It's basically a bunch of model objects, that I'm serializing and storing using NSKeyedArchiver / the equivalent on Blackberry (the name eludes me for now)

Any tips? I don't want to make up security protocols as I go along, but one of the other threads suggested the following approach.

  • Generate a public / private key pair
  • Store the public key
  • Encrypt the private key with a hash of the user's password.
  • Use the public key to encrypt the byte stream.
  • Decrypt the pvt key, keep it in memory, whenever the user logs in, and decrypt the stored data as needed.

Is there a more standard way of doing this?

Thanks,
Teja.

Edit: I appreciate it that you're trying to help me, but the things currently being discussed are business level discussions, on which I have no control of. So rephrasing my question, if you ignore that it's healthcare data, but some confidential data, say a password, how would you go about doing it?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

_失温 2024-09-23 11:11:33

可能有一种更简单的安全数据存储方法。苹果在iOS 4.0中引入了提供应用程序文档加密的系统。这意味着操作系统负责以相当透明的方式进行所有加密和解密。

处理敏感用户数据的应用程序现在可以利用某些设备上可用的内置加密来保护该数据。当您的应用程序将特定文件指定为受保护时,系统会以加密格式将该文件存储在磁盘上。当设备被锁定时,您的应用程序和任何潜在的入侵者都无法访问文件的内容。但是,当用户解锁设备时,将创建一个解密密钥以允许您的应用程序访问该文件。

因此,只有当您的应用程序处于活动状态时,才能以未加密的格式读回文件。但好处是它们总是在磁盘上加密。因此,即使有人越狱或备份设备,检索到的文件也毫无价值。

引入这可能是为了符合所需的某些特定数据安全标准。但我在任何地方都找不到。

有关详细信息,请参阅 iOS 4.0 发行说明

There might be an easier way for secure data storage. With iOS 4.0 apple introduced system provided encryption of application documents. This means that the OS is responsible for doing all the encryption and decyryption in a fairly transparent way.

Applications that work with sensitive user data can now take advantage of the built-in encryption available on some devices to protect that data. When your application designates a particular file as protected, the system stores that file on-disk in an encrypted format. While the device is locked, the contents of the file are inaccessible to both your application and to any potential intruders. However, when the device is unlocked by the user, a decryption key is created to allow your application to access the file.

So only when your app is active, the files can be read back in unencrypted format. But the nice thing is that they are always encrypted on disk. So even if someone jailbreaks the device, or backs it up, the retrieved files are worthless.

This was probably introduced to conform to some specific data security standard that is required. I can't find that anywhere though.

For more info see the iOS 4.0 release notes.

空袭的梦i 2024-09-23 11:11:33

http://en.wikipedia.org/wiki/HIPAA

请确保您阅读并理解本内容!

编辑:抱歉,我什至没有去检查 OP 来自哪里,但即使它们不是来自美国,在 HIPAA 中仍然有一些好的做法可以遵循。

http://en.wikipedia.org/wiki/HIPAA

Make sure you read and understand this!

edit: Sorry, didn't even bother to check to see where the OP is from, but even if they aren't from the USA there are still some good practices to follow in HIPAA.

南城追梦 2024-09-23 11:11:33

我最好的建议是,不要将敏感数据存储在用户的手机中。

如果这不适合您,那么某种公钥/私钥加密(例如您所描述的加密)将是下一个最佳选择。

My best advice would be, don't store sensitive data in the user's mobile phone.

If that is not an option for you, then some kind of public/private key encryption, such as one you described, would be the next best option.

红衣飘飘貌似仙 2024-09-23 11:11:33

HIPPA 是一种商业实践和总体系统级隐私/安全法规。因此,应用程序本身无法满足随机用户的随机硬件要求。您需要确定您的应用程序如何适应客户医疗保健提供商的总体监管合规流程,然后才能确定可能找到哪种算法来符合该流程。

HIPPA is a business practice and total system level privacy/security regulation. As such, an app can't comply by itself on random hardware for a random user. You need to determine how your app fits into a client health care provider's total regulatory compliance process before you can determine what algorithm might be found to comply with that process.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文