[Owasp-leaders] Mobile Encryption

Ala'a Mubaied alaa.mubaied at owasp.org
Thu Dec 27 10:33:18 UTC 2012


Hey Leaders

I am working with the mobile application team on designing the One Sync
Solutions for all devices. The biggest challenge here is how to store the
user data in the client side.

Basically, the idea is to encrypt the data in the client side by assigning
a secret to each user, and the secret is stored in the server side only.
Whenever the client application read the local storage, it requires to get
the secret key from the server by user authentication through https
connection. But there are 2 questions in my mind

   - In this case, we cannot provide the offline access of the user data
   - The secret is still stored in the memory of the application

Team, any similar use case encounter before?

Thanks and Regards,

Ala'a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121227/47f58833/attachment.html>


More information about the OWASP-Leaders mailing list