tags:

views:

342

answers:

2
Q: 

Sending secure data over the network in iPhone

Hi,

I have a query regarding sending secure data over the network in iPhone.

What should be used to secure credit-card, bank acct# etc. information which is sent over wireless network.

Is there any difference in methods if we use a native-app or a web-app?

Are there any direct APIs available for this?

Any tutorial will be really helpful. Thanks in advance.

EDIT :

So where exactly the certificate/encryption is needed? Is following procedure correct?

1]Make connection to “https:” web-service using NSURLConnection

2]The server should implement SSL/TLS Server will respond with a digital certificate (*.p12 file)

3]Client side authorization will be done. (Whether the obtained certificate is trusted or not is checked. If trusted,then we can continue. Otherwise exit gracefully)

4]Now Secure Channel is established. Send the data (Credit card info. etc) to server. Encryption can be done using public/private key pair

+3  A: 

Make sure the receiving server-side code implements SSL/TLS, the iphone's NSURLConnection and the alternative open-source ASIHTTPRequest both support secure connections to https websites by default.

luvieere  2009-11-16 08:47:07
but how to send the password, credit card info securely?We cant send it as plain text.How to use encryption/Decryption?what about Certificate, Key, and Trust Services?How to use them?
Roger_iPhone  2009-11-16 12:36:42
What luvieere is suggesting would encrypt your sensitive data by virtue of HTTPS. This is the same way eCommerce websites secure their online transactions.
Jason Whitehorn  2009-11-16 15:23:51
A: 

I am able to connect to a "http://" SOAP webservice. procedure:

1) Create a SOAP Envelope (With required i/p parameters)
2) Make NSURL Object with required web service addr
3) Initialize 'NSMutableURLRequest' with above url
4) Set parameters for NSMutableURLRequest
5) Initiate 'NSURLConnection' with above request.

After this automatically NSURLConnection methods are called. Now I want to connect to 'Https://' web-service and send sensitive info to it.

So,what extra needs to be done? Do I need to add extra methods or above approach works? (I send parameters as plain text from in http)

Roger_iPhone  2009-11-17 05:21:02
This is not an answer, this should be an edit to your question. As for the question, yes, on your side on the iPhone, you do the same if it's http or https. The security is taken care of by https, so you don't have to encrypt the data yourself.
luvieere  2009-11-17 11:58:41
Thanks for reply.I have edited the question.Please help regarding that question.
Roger_iPhone  2009-11-18 04:59:48

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?