You seem to seed the SecureRandom object with the current time. I think this reduces security and it would be better to omit the seed and let SecureRandom seed itself.

It also looks like you do normal String equals to compare secrets, which could be vulnerable to a timing attack.

Are you sure you are qualified to implement crypto?