The process is as follows:
- A user application asks idCAT Mobile to authenticate a user's identity.
- The idCAT Mobile service asks the user to enter their identification document number and their mobile phone number.
- The system validates if the user is registered in the register by verifying the information provided (identification document and mobile number).
- If the validation operation is successful, a message is sent to the mobile phone (SMS) with a one-time password that can only be used in the scope of the associated application or service and with a time limit limited to 30 minutes from the time of request.
- The idCAT Mobile service will ask the user to enter this password in order to authenticate their identity.
- If the password entered is correct, the system will give access to the application, or allow the generation of an ordinary electronic signature.
- The Service will store and allow you to consult the evidence associated with the entire process, giving guarantees of the authenticity of the authenticated identity.
Applications and web pages can use the idCAT Mobile system as a signing mechanism if they develop this functionality, which allows the identification acts carried out to be linked to the signed documents. The electronic signatures produced have legal value , and are suitable for actions with a medium level of security.
IdCAT Mobile is an alternative mechanism to the use of digital certificates, which means that the same functionalities cannot be performed as with a digital certificate, such as signing a PDF on its own.