The App Security API is a collection of JavaScript API for Hybrid HTML5 application developers. It enables developers, even those who are not security experts, to take advantage of the security properties and capabilities supported by the platform.
The API collection is available to developers in the form of a Cordova plugin (JavaScript API and middleware), supported on the following operating systems:
- Android
- iOS
- Windows 8.
This version of the App Security API introduces two major scopes: secure data (data-in-use) and secure storage (data-at-rest). It is primarily an introduction of the concept and the delivery of this new API collection with the Intel® XDK (http://xdk-software.intel.com/). You can start to build applications with the App Security API plugin, learn about the API collection using this documentation and the sample application (https://software.intel.com/en-us/html5/articles/my_private_notes_sample), and try to integrate the App Security API plugin in your applications.
You can use these API anywhere in the application. Here are several usage examples
- A game keeps a score for a player. Suppose players get credits and promotions based on their score. You can maintain the score as secure data while the game is being played and save it as secure storage when the game is closed.
- A personal note application stores all data on the web. To improve performance, while maintaining confidentiality, you can download the data (requested by the user) from the web and cache it using secure storage on the device. Next time it is used, the application can read it from the device and does not need to access the web.
- An application uses access and authentication to a cloud backend. To keep the communication alive it uses a token that was created by the backend. The application can cache the token using secure storage.
The API are grouped in ‘mega-functions’ (namespace), each mega-function includes a collection of API within the scope of functionality. This version of the App Security API is primarily targeting the introduction of the new API, you can take advantage of capabilities that are on par with the capabilities of the platform and operating system. The API is built in a way that can be extended, while maintaining a solid API layer. Future extensions may include:
- Improved security of the middleware implementation, using hardware technologies and advanced software techniques.
- Wider scope of API, adding mega-functions, such as secure transport, or secure input/output.
Mega Functions:
- Secure Data
- Collection of API that provide data in-use protection and data sealing support. Enables creating, managing and using a data stream object in memory. Access to this object is done via an instance ID. Sensitive object properties and sensitive content are hidden.
- Secure Storage
- Collection of API that provide data at-rest protection. Enables storing and retrieving data objects using non-volatile storage.
Data Structures:
- Common Data Structures
- Common data structures used within the different API.