client side encryption

In light of recent news about US government surveillance (some of it surprising, some of it not) I thought I'd point out a browser API that is on the standards track (and supported by Mozilla, Google, etc) http://www.w3.org/TR/WebCryptoAPI/ 

Today it's possible to fully encrypt data client side in pure JavaScript but there are security implications and also execution will be slow since it's not native code. In the future, the WebCrypto API will expose native crypto code to JavaScript and also address security details by hiding a lot of logic in the chrome layer.

WebCrypto applies to more than just payments but it will be especially nice for decentralized payment fulfillment. You could, theoretically, encrypt a credit card number so that only the target payment processor can decrypt it. You could then pass that opaque blob all over the Internet. It would not need to rely on a cloud service to do the encryption (which is typically how the web works today, aside from SSL/TLS).

Kumar

Received on Friday, 7 June 2013 19:42:56 UTC