STEP ONE

USERS DOWNLOAD THE APP

User downloads the app from the App Store or Play Store. It can be either Notakey app or Notakey compatible app, where Notakey is integrated.

In case of Notakey app user is asked to choose, which of the services they want to enable. In case of white-label or Notakey compatible app, user can go directly to the next step and skip this one.

Notakey does not store any user data. Instead, once the user has enrolled in the service, all data is kept with them on their mobile phone and Notakey does not have access to it.

STEP TWO

USER DOES THE SERVICE ON-BOARDING

Once user chooses the service they want to use, they are asked to follow the procedures set by the service provider to check their identity. Once the identity check has been successful a public key is shared with service provider, which will only work with the pair of private key protected by secure enclave or trusted execution environment.

Based on your legal and company policies, following on-boarding scenarios could be used:

MANY WAYS TO ONBOARD

SMS or email code

eID Card

Passport or Photo ID

QR code

Bank card

3rd party

STEP THREE

SERVICE PROVIDER SENDS REQUEST TO AUTHENTICATE

After defining on-boarding procedures for services, service providers can also choose authentication factors for different users or user groups. User groups can be imported straight from Active Directory, CRM system or added manually. Additionally device health can be detected to determine if the user requires additional authentication factors (e.g. authentication device is rooted).

AUTHENTICATION FACTORS

Multiple user approval

Geo-fencing

Push notification

Fingerprint

Optional PIN

STEP FOUR

USER CHECKS THE INFORMATION

User checks if all the information in the request is correct and just then chooses to approve it. In case the user needs to see more information about the request (like document signature or geo location), it is possible to press on the notification and view additional information in the app itself.

In case user sees that this has been a mistake they can simply deny the request or report it as a fraudulent activity.

STEP FIVE

SERVICE PROVIDER AUTHENTICATES THE USER

After approval, payload is sent encrypted to the user for encryption and signature with private key. A payload with request, request response and signature with a timestamp is sent back to the user. The service provider then verifies the certificate, which is included with the signature and if it is valid – user is authenticated or document signed.