The process is as follows:
- A user application asks idCAT Mobile to authenticate a user's identity.
- The idCAT Mòbil service asks the user to enter their identification document number and their mobile phone number.
- The system validates whether the user is registered in the register by verifying the information provided (identification document and mobile number).
- If the validation operation is successful, a message is sent to the mobile phone (SMS) with a single-use password that can only be used in the scope of the associated request or service and with a limited temporal validity of 30 minutes from the moment of the request.
- The idCAT Mobile service will ask the user to enter this password in order to authenticate their identity.
- If the password entered is correct, the system will grant access to the application, or allow the generation of an ordinary electronic signature.
- The Service will save and allow you to consult the evidence associated with the whole process, giving guarantees of the authenticity of the authenticated identity.
Applications and web pages can use the mobile idCAT system as a signature mechanism if they develop this functionality, which allows the identification acts carried out to be linked to the signed documents. The electronic signatures produced have legal value , and are suitable for actions with a medium level of security.
The mobile idCAT is an alternative mechanism to the use of digital certificates, which means that you cannot perform the same functions as with a digital certificate, such as, for example, signing a PDF on its own.