I need an idea to develop a secure algorithm to authenticate online operations using PHP in the server and an Android app in the user's device.
What is the idea?
The user try to login in the system. The server sends a confirmation request to user's device (Android).
The user sees the country, city, IP, browser and OS in the app, all about the login try, and if all this informations match he can clicks on confirm. The app will generate an 8 digit token based in this informations and send to server, the server will try to generate a token with the same informations and if both tokens match, the server accept the login try.
This is just one possible operation.
What do I need?
An universal algorithm to authenticate any online operation.
e.g.:
function generateRandonTokenUsingNParameters(){
$args = func_num_args();
$token = 12345678; //Start token
for($i=0; $i < $args; $i++){
$token = CRAZY_MATH_USING_ALL_PARAMETERS_TO_GENERATE_8_DIGITS_TOKEN($token, func_get_arg($i));
}
return $token; //Final token based in the informations of the operation
}
//LOGIN INFORMATION
$ip = "192.168.0.1";
$browser = "Chrome";
$city = "Los Angeles";
$country = "USA";
$os = "Windows";
$android_app_local_seed = "ab0982deb79a9d73b2e820";
//PRINTING LOGIN TOKEN
echo generateRandonTokenUsingNParameters($ip, $browser, $city, $country, $os, $android_app_local_seed);
What would you use in the CRAZY_MATH_USING_ALL_PARAMETERS_TO_GENERATE_8_DIGITS_TOKEN() function?
Thanks.
