When a customer is planning to develop a new mobile app on Android and IOS using Mobile OTP, the initial requirement is to have the "seed" stored inside the mobile keychain.
Is it possible? if yes, how?
Release : Advanced Authentication 9.1
It is possible to store the OTP seed inside the mobile keychain on both Android and iOS platforms.
On Android, you can use the Android Keystore system to store cryptographic keys and secrets in a secure hardware-backed environment. You can generate an OTP seed and store it in the Android Keystore by using the Android Keystore API. This will ensure that the seed is encrypted and stored securely on the device.
On iOS, you can use the iOS Keychain system to store sensitive data such as passwords and cryptographic keys. You can generate an OTP seed and store it in the iOS Keychain by using the Keychain Services API. This will ensure that the seed is encrypted and stored securely on the device.
Both platforms have secure methods to store the OTP seed, and it is recommended to use these methods to ensure the security of the OTP seed. However, it is important to note that storing the OTP seed on the device also increases the risk of it being compromised if the device is lost or stolen. Therefore, it is important to have additional security measures in place, such as requiring a PIN or biometric authentication to access the OTP seed.
If you already have a solution that stores the MobileOTP data securely in the device keychain, then it may be preferable for you to continue using your existing solution instead of using Broadcom AA. It's important to prioritize security when it comes to storing sensitive information like MobileOTP data.
However, it's worth noting that Broadcom AA also provides secure storage for MobileOTP data using the Android Keystore and iOS Keychain systems. So if the customer decides to use Broadcom AA, they can still ensure that the MobileOTP data is stored securely on the device.
Ultimately, the decision on which solution to use will depend on the specific requirements and security needs. You should weigh the pros and cons of each solution and choose the one that best fits your needs and provides the level of security you require.
For storing the OTP seed on the key chain it is required to implement a store class and use the setStore method. Is it the correct way?
To store the OTP seed securely in the device keychain using Broadcom AA, you need to implement a class that implements the Store interface and use the setStore method to set the store instance.
The Store interface defines methods for storing and retrieving secrets securely on the device. You can create a custom implementation of the Store interface to store the OTP seed securely in the device keychain. In the Store implementation, you can use the Android Keystore or iOS Keychain API to securely store the OTP seed on the device.
Once you have implemented the Store interface, you can set the store instance by calling the 'setStore' method with an instance of your Store implementation. This will ensure that the OTP seed is stored securely on the device and can be retrieved securely when needed.
It's important to ensure that the Store implementation is secure and properly handles sensitive data. It's also important to properly configure and secure the device to ensure that the OTP seed is not compromised if the device is lost or stolen.