USERS DOWNLOAD THE APP
User downloads the app from the App Store or Play Store. It can be either Notakey app or Notakey compatible app, where Notakey is integrated.
In case of Notakey app the user is asked choose, which of the services they want to enable before going through the verification step. In case of white-label or Notakey compatible app, user can go directly to the next step and skip this one.
Notakey does not store any user data. Instead, once the user has enrolled in the service, all data is kept with them on their mobile phone and Notakey does not have access to it.
USER DOES THE SERVICE ON-BOARDING
Once user chooses the service they want to use, they are asked to follow the procedures set by the service provider to check their identity. Once the identity check has been successful a public key is shared with service provider, which will only work with the pair of private key protected by secure enclave or trusted execution environment.
Based on your legal and company policies, following on-boarding scenarios could be used:
MANY WAYS TO ONBOARD
SMS or email code
Passport or Photo ID
SERVICE PROVIDER SENDS REQUEST TO AUTHENTICATE
After defining on-boarding procedures for services, service providers can also choose authentication factors for different users or user groups. User groups can be imported straight from Active Directory, CRM system or added manually. Additionally device health can be detected to determine if the user requires additional authentication factors (e.g. authentication device is rooted).
Multiple user approval
USER CHECKS THE INFORMATION
User checks if all the information in the request is correct and just then chooses to approve it. In case the user needs to see more information about the request (like document signature or geo location), it is possible to press on the notification and view additional information in the app itself.
In case user sees that this has been a mistake they can simply deny the request or report it as a fraudulent activity.
SERVICE PROVIDER AUTHENTICATES THE USER
After approval, payload is sent encrypted to the user for encryption and signature with private key. A payload with request, request response and signature with a timestamp is sent back to the user. The service provider then verifies the certificate, which is included with the signature and if it is valid – user is authenticated or document signed.