MobileID InApp

Table of contents

About MobileID InApp

Signicat MobileID InApp offers a simple way to implement and use two-factor authentication on mobile devices. The solution provides an API which allows merchants to register users and implement strong customer authentication in their existing mobile apps.

The solution also offers functionality for

  • consent signature for the signing of text elements with evidence output in the form of a signed JSON Web Token (JWT). MobileID integration with consent signature is described in detail in our InApp Mobile integration guide. For general information on Signicat consent signature, visit our consent signature documentation.
  • payment authorization by means of consent texts without evidence output, compliant with the PSD2 SCA and Dynamic Linking requirements.
  • authentication-based signing of documents on mobile devices. This functionality utilizes Signicat’s Sign product.
  • native signing of text elements such as consent messages. This functionality utilizes Signicat’s Sign product.

MobileID InApp supports fingerprint, facial recognition or PIN code for authentication, and provides Strong Customer Authentication (SCA) satisfying PSD2 requirements.

Key features

  • Supports both PIN and fingerprint (Touch ID, Android fingerprint, Samsung fingerprint)
  • Relies on Encap for app security (supports both Android and iOS). Encap is a well established and trusted provider of mobile security solutions.
  • Part of SignicatID (SCID). Combine MobileID with other factors as you like.
  • Signing of documents with MobileID is available through Signicat’s signing functionality.

Integration guides

The MobileID registration, authentication, payment authorization and consent signature operations can take place entirely within the merchant’s app (mobile integration). The registration, authentication and payment authorization operations can also start on the merchant’s website (web integration).

Mobile integration

This guide illustrates how to integrate with MobileID InApp by registering the user and providing authentication, payment authorization, and consent signature functionality solely within the merchant’s app.

Integrating MobileID payment authorization functionality follows the same process as authentication, with an additional parameter included in the URL in the request sent by the customer’s backend to Signicat’s authorization endpoint. This is described in step 1 ‘Initiate operation on merchant server’.

Integration process

The following integration guides provide step-by-step instructions and detailed descriptions of the mobile integration process. The numbering in the lists corresponds to the numbered steps in the sequence diagrams.

URL construction guides

Web integration

This guide illustrates how to integrate with MobileID InApp by starting the registration, authentication, and payment authorization steps on the merchant’s website.

Integrating MobileID payment authorization functionality follows the same process as authentication, with an additional parameter included in the URL in the request sent by the customer’s backend to Signicat’s authorization endpoint. This is described in step 1 ‘Initiate operation on merchant server’.

Integration process

The following integration guides provide step-by-step instructions and detailed descriptions of the web integration process. The numbering in the lists corresponds to the numbered steps in the sequence diagrams.

URL construction guides

Electronic signing

For electronic signing, MobileID InApp can be used in two ways; Authentication-based signing and native signing.

Use case

With Signicat Signature you can use MobileID InApp to sign (as well as view or upload) one or more documents, such as loan applications or contracts (authentication-based signing), or sign general consent texts (such as GDPR consent forms (native signing).

Authentication-based signing

The first alternative, authentication-based signing, offers mobile device-based signing of documents. This functionality utilizes Signicat’s Sign product, with MobileID acting as an authentication-based signing method just like other ID methods used in a sign flow.

The input for MobileID authentication-based signature is typically a PDF file. The document is displayed in the browser, and the signing process takes place on the mobile device, where a signing title text that connects to the document is shown. The process results in an LTV-SDO, an implementation of XAdES in Signicat’s solution, ensuring a unified output format in accordance with EU specifications as well as a scalable, responsive signflow supporting all modern device standards.

You can find an example of an LTV-SDO as a signing result, with authentication-based signing and MobileID as the authentication method, here.

Native signing

The second alternative, native signing, offers signing of text elements such as consent messages. This functionality utilizes Signicat’s Sign product, with MobileID acting as a native (third-party) signing method just like other ID methods used in a sign flow.

The input for MobileID native signature is a text file with the text to be displayed in the MobileID-enabled app. The process results in a signed JSON Web Token (JWT).

For more information about getting started with electronic signing, the different signing methods and more, please see this page for our signing documentation.

 

Sample projects and code

View the code for sample apps that demonstrate how to integrate with Signicat’s MobileID InApp solution:

Apphttps://github.com/signicat/sample-mobileid-inapp-common-react-native
This is a sample app (React Native) that demonstrates how to integrate with Signicat’s MobileID InApp solution. This app requires a backend.

Backendhttps://github.com/signicat/sample-mobileid-inapp-common-backend
This is a simple sample backend to be used with a merchant’s mobile app. Registration and authentication start either on the merchant’s website or on the merchant’s mobile app. The sample backend server uses the OIDC protocol for communication with Signicat.

Download the backend sample project: sample-mobileid-inapp-common-backend-1.0.7.zip

Upgrade guide

Introduction

The Signicat MobileID InApp solution requires that our customers regularly update their client applications throughout the product’s lifetime.

Background

Signicat MobileID uses Encap Security technology, which is a proven, certified, banking-grade security solution for mobile applications. Encap Security releases new versions of its Client and Server APIs, with unified version numbering, about three times per year. New releases of Signicat MobileID reflect the Encap Security releases in order to continuously improve the service and fulfill our customers’ security requirements.

Encap Security requires compatibility between the client and the server, motivated by the fact that it is a security product and shall be updated regularly. Encap follows the paradigm of approximately two-year backward compatibility between the client and the server. Hence it is the release dates which are relevant for compatibility between the client and the server, not the actual version numbers. There can be intermediate patches, such as 3.9.x, which both Signicat and its customers should upgrade to as soon as possible.

Latest version of the Encap Client and Server solution

The latest release of Encap is version 3.10, released in August 2019.

Current version of Encap used by the MobileID service

The current release of Encap Server that the Signicat MobileID solution uses is version 3.9, supporting Encap Client versions 3.5 – 3.9.

Upgrade Plan of the MobileID service

This is the preliminary upgrade plan for the MobileID service:

MobileID service upgrade Encap server version Encap release date Compatible Encap Client versions Comments
13 Oct 2020 3.9 Dec 2019 3.53.9 Currently used by the MobileID service
3.10 Q2 2020 3.5 – 3.10 This version will be skipped in MobileID
Q1 2021 3.11 Q4 2020 3.93.11
3.12 Q1 2021 3.10 – 3.12 This version will be skipped in MobileID
Q3 2021 3.13 Q2 2021 3.11 – 3.13

Upgrade process

Signicat regularly sends notifications to its customers regarding updates to the MobileID service. The notifications contain information about new service releases, along with details on which client versions will need to be upgraded at what point in time. The process is illustrated in the following steps (reflecting version numbers relevant at the time of writing):

The MobileID service currently runs version 3.9 and clients run versions 3.5 – 3.9.

  1. Customers upgrade their clients to version 3.9 in order to be compatible with the next server version, 3.11. Refer to the ‘Compatible Encap client versions’ column in the upgrade plan table.
  2. Signicat notifies its customers of the pending upgrade of the MobileID service to version 3.11 with the planned service window.
    1. New features will be listed
    2. Customers should prepare the upgrade of their apps to use the latest Encap Client version as soon as possible, even if backward compatibility indicates that it is possible to keep using the current version.
  3. Signicat upgrades the MobileID service to version 3.11 and notifies its customers when the new version is in production.
  4. Customers upgrade their apps to use version 3.11 of the Encap Client.
  5. Repeat the process for version 3.13 and further, according to the upgrade plan.

Support

If you have any further questions, please contact us at support@signicat.com.