Hi,
We have a partner approach us for an Opportunity for Mobile Authentication, below mentioned is the RFP for the same, please tell me whether our product fits the bill on this.
1. Password entered in Mobile App / back-office system.
2. Remote Web service or encrypted mobile APK called for encryption using the public key to create password hash. Recommend the algorithm. Scope - Vendor
3. User information with the password hash stored in database. The same is used to compare for matching in later scope.
4. Retrieval process will require a hardware token (USB interface) with Private key and algorithm to decrypt and display the password. Not more than 2 Tokens. – Scope Vendor
5. Mobile based matching for Audit purpose where the encrypted password hash is compared with the hash on the server with success or failure returned. Scope - Vendor
6. So to summarize, the encryption algo is with the vendor, hash stored in our database, decryption algo is with the vendor and hardware decryption key is with the COO over USB based hardware token.
Apreciate any help on this
Thanks