How it works

MobileID is a product that securely binds a device to an end-user. The device can then be used to authorise returning access or operations. MobileID consists of two main components:

• An identity store for storing users.
• Devices which are used for mobile authentication.

Identity store

Once you have created a MobileID user in our identity store, you can add devices used for authentication and authorisation operations in your mobile app. A MobileID user can have multiple devices registered.

You also have the flexibility to add any custom attributes to a user, such as an address or phone number. Identity attributes are stored within our MobileID identity store as key-value pairs.

The identity of a user is proofed outside of MobileID. The product allows you to support different proofing mechanisms depending on your target markets, whilst still using the same identity store and mobile authentication solution. For the proofing mechanism, you can use:

• Any of our eIDs
• Any of our electronic identity verification (eIDV) solutions
• Any other proofing mechanism that you have already implemented

User management operations

• Create new users
• Get a user and its attributes
• Update a user and its attributes
• Deactivate a user
• Lock and unlock a user

Want to learn more?

To learn more about these operations, see the User API in our MobileID API reference documentation.

Mobile authentication

Our Strong Customer Authentication (SCA) mobile product is based on a challenge and response protocol.

All communication between our MobileID backend and the SDK is secured with application layer encryption. This protects every message passed between the MobileID service and the mobile app using our SDK.

Compliance

Our solution is compliant with the Payment Services Directive (PSD2) and can be used for high-value transactions.

Device operations

With MobileID's device operations, you can conduct a:

• Registration
• Authentication and authorisation
• Consent signature

About device operations

Registration

This operation enables you to register a new device to an identity. An identity must have at least one registered device in order to perform any of the other device operations.

Want to learn more?

To learn more about this operation, see the Registration API in our MobileID API reference documentation.

Authentication and authorisation

This operation enables you to trigger an authentication or an authorisation for a user. For all authorisations, we dynamically link the context to the transaction. This ensures compliance with the PSD2 RTS.

It can be used whenever:

• You need to verify that it is the same user accessing your services.
• You need the user to confirm a transaction.
• You need the user to perform a payment authorisation.

Want to learn more?

To learn more about this operation, see the Authentication API in our MobileID API reference documentation.

Consent signature

This operation is similar to the authorisation operation, however, we return a signed JWT of the transaction. This JWT can be stored and used to prove that the transaction occurred and was authorised by the user.

Want to learn more?

To learn more about this operation, see the Signature API in our MobileID API reference documentation.

Device operation endpoints

Each device operation has three endpoints:

• Start an operation
• Get status of an operation
• Cancel an operation

Device operation steps

Each device operation consists of three steps:

1. Initiate the operation

To initiate an operation, a request must be made to our MobileID REST APIs. You can learn about the different MobileID operations in our MobileID API reference documentation.

2. Carry out the operation on the device

Once an operation has been initiated, it is carried out from within your application using our SDK. Most of our SDK APIs consist of a start and a finish operation.

You can learn about our SDKs in our iOS and Android SDK documentation.

3. Finalise the operation

When the operation is completed on the device and our service has verified the operation, we will send a callback notification to your server with the result of the operation.

Integration flow diagrams

The sequence diagrams below provide an overview of the operations that make up the integration process.

Registration

The following is an example of how to register a new device for an existing user from within a mobile app.

Sequence diagram showing MobileID registration

Authentication and Authorisation

The following is an example of how to initiate and complete a MobileID authentication or authorisation from within a mobile app.

Sequence diagram showing MobileID authentication and authorisation

Consent Signature

The following is an example of how to initiate and complete a MobileID Consent Signature from within a mobile app.

Sequence diagram showing MobileID consent signature

Device management operations

Device management operations are API calls that allow you to manage all devices in your MobileID identity store. They do not require any device interaction.

For example, you can:

• Get device information
• Deactivate a device
• Lock and unlock a device

Want to learn more?

To learn more about these operations, see the Device management API in our MobileID API reference documentation.

Try it out

Demo portal

You can explore how MobileID works in our demo portal