ios usaepay magstripe credit card data, send for processing - ios

In my application I use online payment, for that i used PaySabar device (audio jack device) which reads magstrip data on credit card swipe.
I got credit data in encrypted format, all track1, track2 data are correct and perfect, but how to i send that data to USAePAY server. Please help.

I believe USAePay requires the encrypted data to be:
Encrypted with their public key
Formatted in a specific manner
Passed in magstripe or credit card number field
Because you are using their PaySaber hardware, see below for step 3.
USAePay Wiki - End To End Encryption:
If you are using idynamo library, here is what you need to do:
NSString *responseString = [mtSCRALib getResponseData];
NSData *responseData = [responseString dataUsingEncoding:NSASCIIStringEncoding];
NSString *encodedString = [NSString stringWithFormat:#"enc://%#", [^] [responseData base64Encoding]];
and then send encodedString to the gateway as MagStripe.

You will need to integrate your application with one of their transaction interfaces. You will also need a developer account for testing transaction responses.
They have a wide array of different integration solutions and source code examples to use, including an iOS library.
http://wiki.usaepay.com/developer/Support

Related

Trying To Make Sense of RNCryptor

I am working on a project and we need to encrypt some user credentials (username, password, userId, ect.) to pass to our server. We have decided to use AES256 in order to achieve this. Doing some research on this subject it was hard to avoid noticing a project out there, RNCryptor that claims to be an easy-to-use solution to this problem.
So I included the framework into my project and soon realized it was not as straight forward as I thought. I was hoping for a solution to where I could encrypt my credential strings by simply - (1) derive a key that I would like to encrypt my stringed credentials with, (2) pass the key and my string into the appropriate RNCryptor's method, (3) retrieve my encrypted string back from said method.
This would be too good to be true however.
The reality of RNCryptor is that it has methods like this:
[RNEncryptor encryptData:someData
withSettings:kRNCryptorAES256Settings
password:someString
error:&someError];
This is confusing because of the terminology.
WHAT IS PASSWORD?
This is never explained. A password for what? Is this for a user password I want to encrypt, the password key that I want to encrypt with, or the password to login to my computer (sarcasm).
ENCRYPT DATA?
Is this a UTF8 encoded string of what the user credentials that I want to encrypt? That is my best guess but again, not explained in the RNCryptor Github "documentation".
password is used to generate the encryption key, it is an NSString the data is encrypted with. encryptData is the data to encrypt and is an NSData.
Encryption works with data, that an array of 8-bit bytes. You need to convert whatever you have to an NSData. For an NSString there is the method:
NSData *dataToBeEncrypted = [myString dataUsingEncoding:NSUTF8StringEncoding];
and
NSString *myString = [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding];
Additionally it requires an encryption key, RNCryptor takes an NSString and derives an encryption key from it.
There are of course options and while most of these handles internally by RNCryptor there still some available to the developer using it.
There two main versions with more options, you are probably best off using the password version.
One taking a NSString password:
+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings password:(NSString *)password error:(NSError **)error;
A second taking an NSData encryption key as well as a NSData authentication key.
+ (NSData *)encryptData:(NSData *)data withSettings:(RNCryptorSettings)settings encryptionKey:(NSData *)encryptionKey HMACKey:(NSData *)HMACKey error:(NSError **)error;
RNCryptor is you best choice, it handles key derivation from a password, a random IV, authentication of the encrypted data and padding.

AES Encryption in ios

my iOS app is connected to a web service. App is written in objective-c. Server sending a string that has encrypted using AES encryption using a password string and IV string. I want to decrypt that string in this app side. How can I do it?
Please help me. Thanks
UPDATE
This is how I decrypt my string
NSData *url1Data = [strEncrypted dataUsingEncoding:NSUTF8StringEncoding];
NSData *url1DataDecrypt = [[StringEncryption alloc] decrypt:url1Data key:Hashkey iv:iv];
NSString * decryptedText = [[NSString alloc] initWithData:url1DataDecrypt encoding:NSUTF8StringEncoding];
You need generate Public key certificate & distribute to both side user FBEncrypt Library to decrypt data using AES Algorithm it is secure & Easy to implement FBEncrypt Library.

Evernote iOS SDK - How do I authenticate with a token?

I am using Evernote SDK for iOS and I am saving the authentication token when the user has authorized access.
Once the user installs my application on a different device, I want to use that token to reauthenticate automatically, but it looks like SDK doesn't support that. Is there a way to do that?
I had the same issue last week, and their SDK indeed doesn't support it out-of-the-box, but after some research I found a solution that works perfectly. This solution mimics a valid authentication flow.
A little background:
When the ENSession class initializes, it retrieves the credentials that are saved on the keychain (unless [[ENSession sharedSession] unauthenticate] was called earlier). The problem is that the keychain is empty when using a different device, so our goal is to add a valid ENCredentials instance to the ENCredentialStore.
Solution:
Add the following imports to your code: ENCredentials.h and ENCredentialStore.h. We will need them later.
Initialize the ENSession like you already do, using setSharedSessionConsumerKey:(NSString *)key consumerSecret:(NSString *)secret optionalHost:(NSString *)host.
In order to create a valid ENCredentials object, we need to provide the following objects:
NSString * host
NSString * edamUserId
NSString * noteStoreUrl
NSString * webApiUrlPrefix
NSString * authenticationToken
NSDate * expirationDate
The host is always www.evernote.com (as defined in ENSession under ENSessionBootstrapServerBaseURLStringUS).
edamUserId is the user id you received when you got the original token. Same for the expirationDate. If you are not sure how to get them then you should use [[ENSession sharedSession].userStore getUserWithSuccess:^(EDAMUser *user) once authenticated.
So the only objects that are actually missing are noteStoreUrl and webApiUrlPrefix. Their format is always:
noteStoreUrl: https://www.evernote.com/shard/edam_shard/notestore
webApiUrlPrefix: https://www.evernote.com/shard/edam_shard/
Luckily, your token already contains edam_shared (value of S=, see this):
#"S=s161:U=5ce3f20:E=1561182201b:C=24eb9d000f8:P=285:A=app:V=2:H=e8ebf56eac26aaacdef2f3caed0bc309"
If you extract s161 and put it in the URLs above it will work (I am sure you know how to extract that, but let me know if you're having problems).
Now we are ready to authenticate using the token. First, expose the necessary functions from ENSession using a category:
#interface ENSession(Authentication)
- (void)startup;
- (void)addCredentials:(ENCredentials *)credentials;
#end
And authenticate using the token:
ENCredentials *credentials = [[ENCredentials alloc] initWithHost:ENSessionBootstrapServerBaseURLStringUS edamUserId:userId noteStoreUrl:noteStoreUrl webApiUrlPrefix:webApiUrlPrefix authenticationToken:token expirationDate:expirationDate];
[[ENSession sharedSession] addCredentials:credentials];
[[ENSession sharedSession] startup];
The last line is important in order to refresh the ENSession and retrieve the new stored credentials.
Now you are authenticated and ready to query the SDK. Good luck.

Parse credit card data using ID TECH UniPay Smart Card Reader

I'm developing iOS app using "UniPay, Mobile Audio Jack MagStripe and Smart Card Reader"
to read smart credit card data.
I got the card data but it is not plain text, the SDK does not show how to parse the data. I have set the encryption mode to unencrypted mode. I guess the data is encoded in some kind of format. I have used the same decoding I use to parse magnetic stripe data but it did not work. does anyone know what kind of encoding is used or if the is kind of encrypted regards the flag i set. The following code is the example provided from SDK, I need to parse the rt.data to get credit card information such as card Number.
RDResult rt =[reader smart_ICC_PowerOn]; if (rt.status != RDS_SUCCESS) {
NSLog(#"ICC Powerd On - Failed.");
return; }
Else
{
NSLog(#"ICC Powered On: %#", rt.data.description); }
Thanks in advance,

api for zip +4 from an address

What's the best api/resource to get a zip +4 from an address?
I don't want something that needs to be downloaded and updated from time to time; I want one that's updated automagically.
The goal is to look up state and federal officials without getting "duplicate" positions.
have you tried Google Maps JavaScript API V3
UPDATED:
in responce to your comment
this is easy as count 1, 2 , 3 ;)
take a look at this:
http://maps.google.com/maps/api/geocode/json?address=Winnetka&sensor=false
you need to looking for google map geocoding service! ( Viewport Biasing )
http://code.google.com/intl/it-IT/apis/maps/documentation/geocoding/
example code would be:
using jQuery
$(function() {
$.getJSON("http://maps.google.com/maps/api/geocode/json?address=Winnetka&sensor=false",
function(data) {
var zip_code = data.results[0].long_name;
alert(zip_code);
});
});
Yahoo has a zip + 4 in thier API, limit 5000 request per day.
Yahoo GeoCoding
The USPS has an API for finding/checking zip codes (among other things).
http://www.usps.com/webtools/address.htm
I've used Endicia at past jobs. It is a network HTTP-based API. (I can't remember if it was SOAP or REST.)
Apple provide brilliant facility to get zip+4code from lattitude and longitude with reverse geocoder -
- (void)getPlaceMarkInfo
{
CLLocationCoordinate2D coordinate;
coordinate.latitude = your lattitude;
coordinate.longitude = your longitude;
MKReverseGeocoder *RevGeoCoder = [[MKReverseGeocoder alloc] initWithCoordinate:coordinate];
RevGeoCoder.delegate = self;
[RevGeoCoder start];
}
#pragma mark MKReverseGeocoderDelegate:
- (void)reverseGeocoder:(MKReverseGeocoder *)geocoder didFindPlacemark:(MKPlacemark *)placemark
{
NSLog(#"YOUR STATE IS - %#",[placemark.addressDictionary valueForKey:#"State"]);
NSDictionary *dictAddress = placemark.addressDictionary;
NSString *strZipPlus4Code = [NSString
stringWithFormat:#"%#-%#",[dictAddress valueForKey:#"ZIP"],
[dictAddress valueForKey:#"PostCodeExtension"]];
strStateName = [placemark.addressDictionary valueForKey:#"State"];
}
- (void)reverseGeocoder:(MKReverseGeocoder *)geocoder didFailWithError:(NSError *)error
{
NSLog(#"REVERSE GEOCODER FAILED");
}
Previous answers have included some really good information, most importantly:
USPS API can only be used if you're shipping through USPS (from their terms of service: "User agrees to use the USPS Web site, APIs and USPS data to facilitate USPS shipping transactions only.")
ZIP Codes are adjusted/updated fairly frequently, so it would be important to have the most current data. (More info about how often to re-validate your addresses here)
You also said you want something that doesn't need to be installed and kept updated.
With those qualifications in mind, I would suggest LiveAddress API. It's a cloud-based, automatically updated API that returns, among over 40 other datapoints, ZIP+4 data on your addresses. It can handle thousands of addresses per second, so it's super-fast and easy to use. If you have a list of address you want to work though (rather than one at a time), you might want LiveAddress for Lists, which lets you upload and process a whole list at once.
Disclosure: I work at SmartyStreets, the company that provides LiveAddress.
In reference of Yahoo BOSS GEO Api:
http://yboss.yahooapis.com/geo/placefinder?location=170+South+Market+St.,+San+Jose,+CA
Make a GET request with following authorization HEADER
Example of using OAuth in HTTP Header:
Authorization: OAuth realm="http://yboss.yahooapis.com/",oauth_consumer_key="dj0yJmk9QnFUYVRUSWtRZEhsJmQ9WVdrOVFrYzFja2x4TkdNbWNHbzlNVEExTWpFMk1ESTJNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1lNA--",oauth_nonce="ZDQDDVLFCWKCZ0BD",oauth_signature_method="HMAC-SHA1",oauth_timestamp=" 1367827192",oauth_version="1.0",oauth_signature="phP2dNiCmvwpK4M6G%2F85KnnvTXo%3D"
where:
Authentication for BOSS Geo queries requires OAuth information in the HTTP header OR through parameters in the GET request. There are six elements that are required for authorization:
oauth_version=1.0 – The standard of OAuth supported by BOSS Geo.
oauth_timestamp= – The timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT. The timestamp value MUST be a positive integer and MUST be equal to or greater than the timestamp used in previous requests. The timestamp can be reused for up to 5 minutes. Important: After 5 minutes a fresh timestamp must be supplied.
oauth_nonce – is a random string, uniquely generated for all requests for a specific timestamp. This helps verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel (such as HTTP).
oauth_consumer_key= – obtained from YDN during the BOSS project registration process. This is unique to the developer. Please follow the directions on the displayed key page and copy the entire key from YDN. If you do not copy the entire key, this results in a "Consumer Key rejected" error.
oauth_signature_method=HMAC-SHA1 – (specific algorithm used for BOSS OAuth calls).
oauth_signature – can be generated by an OAuth library. A list of supported OAuth libraries is available here: http://oauth.net/code. Over a dozen languages are supported.
You will get zip+4 code in Response under "postalcode" key.

Resources