Offline Authentication

To access application data, one can use offline authentication implemented by encryption methods. Encryption is provided using methods of the OpenSSL 1.1.0g library.

Offline authentication scenario:

1. Authentication must be executed online at the first time. The user enters login and password. Credentials are checked for correctness.

2. The mobile application accepts login and password entered by the user and generates a single-string parameter from them.

3. The SHA-256 hash function is applied to the obtained parameter. An additional key (salt) is added to the string with calculated result of hash function, after which the SHA-256 hash function is again applied to the obtained string.

4. The obtained result is used as a key sent to open and decrypt data from mobile device database.

5. If the database is successfully opened, the user is considered authenticated and can start work with the application without connection to a mobile platform server.

NOTE. The generated encryption/decryption key is located only in application RAM, which prevents from getting access to data by direct connection to the file system.

See also:

Knowledge Base

Copy page URL

Back to top

To report a found bug, please, select the text with the bug and click Report a Bug or CTRL+ENTER.

Help system 23.12 of 04/10/2024, © FORESIGHT