link

# MobileID InApp

# About MobileID InApp

Signicat MobileID InApp offers a secure, low latency multi-channel authentication, authorisation and identity solution. On-device biometrics and device binding are used as the primary factors when authenticating users. This improves security, UX and customer engagement.

The InApp solution provides a simple way to implement and use two-factor authentication on mobile devices, with an API which allows merchants to first register a user by tying a device to an identity.

# Supported use cases

# Key features

Provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.

Supports both PIN and fingerprint (Touch ID, Android fingerprint, Samsung fingerprint)

Realtime Application Self Protection (RASP) optional

Push notification service for Android and iOS optional

Signing of documents with MobileID is available through Signicat's electronic signature solution.

# Integrate with MobileID InApp

MobileID InApp has native multi-channel support. This means that the MobileID solution supports use cases where the initiating party, initiating channel or initiating component can vary. Different operations can take place entirely within the merchant's mobile app (mobile app-initiated operations) or can start through a non-mobile channel such as a web application (backend-initiated operations).

Click the buttons below for guides that illustrate how to integrate operations with MobileID InApp, including detailed diagrams and step-by-step descriptions.

# Mobile app-initiated operations

# Backend-initiated operations

# MobileID InApp Architecture

Key concepts

Signicat: MobileID InApp Solution Provider

Merchant: A customer of Signicat that will integrate and use the MobileID InApp solution

# Component descriptions

The main components involved in the Signicat MobileID InApp solution are as follows. The diagram illustrates how each component fits into the solution.

Expand/ collapse component descriptions

click-to-zoom

Merchant web app

This is the browser-based user interface that a merchant will optionally develop and offer to its end-users.

Merchant mobile app

This is the mobile app that a merchant will develop and offer to its end-users. The merchant's mobile app integrates the MobileID Encap SDK.

Merchant backend

This is the backend component that a merchant will develop. The merchant's backend is the initial point of contact for the merchant web app and the merchant's mobile app. This component will usually communicate with services provided by Signicat via the OIDC/OAuth protocol.

Signicat backend

This is the cloud service provided by Signicat. The Signicat backend is the primary point of contact for the merchant's backend and the merchant's mobile and web apps. Signicat currently offers a plugin architecture-based variant, with a microservice-based variant under development.

# MobileID service (OIDC interface)

This component uses Signicat's proprietary plugin-based architecture which provides various HTTP endpoints that are recommended to be accessed according to the OpenID Connect (OIDC) protocol. SOAP interfaces are provided for some features. Additionally, it provides endpoints to consume other services and products offered by Signicat, such as signing and authentication with other ID methods.

# MobileID service (REST interface)

This component is currently under development and will use Signicat's microservice-based architecture which provides similar features to Signicat's plugin-based architecture. Endpoints offered by microservices are recommended to be accessed according to the OIDC or OAuth 2.0 protocols.

MobileID Encap server

This is the core security server offered and maintained by Signicat in collaboration with AllClearID (opens new window). The MobileID Encap server takes care of secure communication with the merchant's app (via the Encap client SDK) and also offers push notification services that make use of the Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).

MobileID Encap client SDK

This the mobile client SDK, which the merchant will need to import and use in its mobile apps.

Signicat Identity Store

This is an internal Signicat component. The Signicat Identity Store is not exposed to the public or to the merchant.

# Realtime Application Self Protection (RASP)

MobileID InApp customers may optionally secure their mobile app using Realtime Application Self Protection (RASP). The RASP option is recommended and is offered through the third-party solution Promon Shield, which is offered through the company Promon.

By applying this layer of protection, you can protect your app against reverse engineering and modification, monitor its runtime behaviour, detect whether the app executes in an insecure environment (i.e. on rooted/jailbroken devices) and modify its behaviour in real time to interrupt potential attacks. The option is available for Android and iOS.

Promon Shield is integrated as a fully automatic post-compilation step or as an integrated part of building the app with the Android or iOS build systems. Signicat will build a specific software package for customers who decide to implement the RASP option. Contact Signicat at support@signicat.com for additional information.

# Push notification service for Android and iOS

As part of the MobileID product, Signicat optionally offers a push notification service. The service is typically used to bring the user's attention to the mobile device when authentication is initiated on another device (e.g. in a browser on a desktop or laptop) or in other use cases where there is a need to bring the app to the foreground.

Signicat's push notification service uses Google's FCM service for Android devices and Apple's APNS for iOS devices. Customers may also choose to use their own push notification service with MobileID.

If you are considering using MobileID in more than one of your apps, a good practice is to configure each app with a unique applicationId to take possible future scenarios into consideration. Signicat will set this up on your behalf. Contact Signicat at support@signicat.com for additional information.

# Electronic signatures

MobileID InApp can be used for electronic signing of documents, such as loan applications or contracts (authentication-based signing) or general consent texts, such as GDPR consent forms (native signing).

For details on electronic signatures with MobileID InApp, refer to our MobileID InApp electronic signature documentation.

# Test information

# Demo

If you would like to see how MobileID InApp works, you can use Signicat's demo service.

# Sample projects and code

View the code for sample apps that demonstrate how to integrate with Signicat's MobileID InApp solution:

https://github.com/signicat/sample-mobileid-inapp-common-react-native (opens new window) App

This is a sample app (React Native) that demonstrates how to integrate with Signicat's MobileID InApp solution. This app requires a backend.

https://github.com/signicat/sample-mobileid-inapp-common-backend (opens new window) Backend

This is a simple sample backend to be used with a merchant's mobile app. Registration and authentication start either on the merchant's website or on the merchant's mobile app. The sample backend uses the OIDC protocol for communication with Signicat.

# Sample Android and iOS apps

For Android, you can download a sample merchant mobile app from Google Play (opens new window).

For iOS, you can install a sample merchant mobile app through TestFlight. To test the iOS app via TestFlight, contact us at support@signicat.com and provide the following:

  1. The name of the app in question; in this case the MobileID InApp sample merchant iOS app.

  2. The email addresses of the testers you would like us to add to TestFlight. These email addresses need to be the same as those used by the Apple accounts on the phones you want to use for testing.

Signicat will then add the testers to TestFlight. You will receive an email from Apple that will prompt you to download the TestFlight app and accept an invitation from Signicat by redeeming a code.

  1. Download the TestFlight app from the App Store.

  2. Redeem the code which will have been sent to you via email by Apple.

  3. You can now start testing the MobileID InApp sample merchant iOS app.

# MobileID InApp upgrade guide

The Signicat MobileID InApp solution requires that our customers regularly update their client applications throughout the product's lifetime.

Signicat MobileID uses Encap Security (opens new window) technology, which is a proven, certified, banking-grade security solution for mobile applications.

For details on how to update the Encap client, refer to our MobileID InApp upgrade guide.

# Support

If you have any further questions, contact us at support@signicat.com.

# Further reading

Last updated: 8/31/2021, 9:25:11 AM