On Mon, May 30, 2011 at 12:51 PM, Bob Kerns <[email protected]> wrote: > Don't worry about the terminology -- "ad hoc wifi network" is what you're > looking for. I just wanted to figure out what you intended to say. > > Hmm, "peer-to-peer" and "sensitive financial data" has me a bit concerned. > I don't advocate sending sensitive data, via servers or not, unencrypted. I > hope you're using some sort of public key encryption, with a secure key > exchange, such as Diffie-Hellman. If all I have to do is eavesdrop on your > NFC communications.... (The role of the public key encryption part is to > give you a way to strongly identify the recipient you're exchanging the > encryption keys with). >
It might actually be easier and more secure to exchange just URLs, and have the app get the data via https *and* authenticate to the server, rather than trying to implement a secure protocol on top of NFC. That way the app can be sure it's talking to the right server (server certificate) and the server can be sure it's giving the data to the right person (Google account, etc. authentication). -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
