# How it works
MobileID is a product that securely binds a device to a user. The device can then be used to authorise returning access or operations. MobileID consists of two main components: an identity store for storing users, and
devices which are used for mobile authentication.
# Identity store
Once you have created a MobileID user in our identity store, you can add devices used for authentication and authorisation operations in your mobile app. A MobileID user can have multiple devices registered.
You also have the flexibility to add any custom attributes to a user, such as an address or phone number. Identity attributes are stored within our MobileID identity store as key-value pairs.
The identity of a user is proofed outside of MobileID. The product allows you to support different proofing mechanisms depending on your target markets, whilst still using the same identity store and mobile authentication solution. For the proofing mechanism, you can use:
- Any of our ID methods
- Any of our electronic identity verification (eIDV) solutions
- Any other proofing mechanism that you have already implemented
# User management operations
Create new users
Get a user and its attributes
Update a user and its attributes
Deactivate a user
Lock and unlock a user
See user management operations in our MobileID API reference documentation for further details.
# Mobile authentication
Our Strong Customer Authentication (SCA) mobile product is based on a challenge and response protocol. All communication between our MobileID backend and the SDK is secured with application layer encryption. This protects every message passed between the MobileID service and the mobile app using our SDK.
Our solution is compliant with the Payment Services Directive (PSD2) (opens new window) and can be used for high-value transactions.
# Device operations
With MobileID's device operations, you can conduct a:
Register a new device to an identity. An identity must have at least one registered device in order to perform any of the other device operations.
See Registration in our MobileID API reference documentation for further details.
Authentication and Authorisation
Trigger an authentication or an authorisation for a user.
This can be used whenever:
- You need to verify that it is the same user accessing your services.
- You need the user to confirm a transaction.
- You need the user to perform a payment authorisation.
For all authorisations, we dynamically link the context to the transaction. This ensures compliance with the PSD2 RTS.
See Authentication in our MobileID API reference documentation for further details.
Similar to the authorisation operation, however, we return a signed JWT of the transaction. This JWT can be stored and used to prove that the transaction occurred and was authorised by the user.
See Signature in our MobileID API reference documentation for further details.
# Device operation endpoints
Each device operation has three endpoints:
- Start an operation
- Get status of an operation
- Cancel an operation
# Device operation steps
Each device operation consists of three steps:
All operations are initiated by making a request to our MobileID REST APIs.
See our MobileID API documentation for detailed descriptions of the different MobileID operations.
Carry out operation on device
Once an operation has been initiated, it is carried out from within your application, using our SDK. Most of our SDK APIs consist of a start and a finish operation. For more documentation on the SDKs, contact us at: email@example.com.
When the operation is completed on the device and our service has verified the operation, we will send a callback notification to your server with the result of the operation.
# Integration flow diagrams
The sequence diagrams below provide an overview of the operations that make up the integration process.
# Device management operations
Get device information
Deactivate a device
Lock and unlock a device
See device management operations in our MobileID API reference documentation for further details.
The device management operations are API calls that allow you to manage all devices in your MobileID identity store, and therefore do not require any device interaction.