Personal identification process
- The user enters his or her telephone number or username in the system that he or she wants to access (the service provider). The service provider sends the personal identification code (if the user entered a username) and/or telephone number of the person to DigiDocService.
- DigiDocService checks the validity of the Mobiil-ID’s personal identification certificate of the person by using the OCSP validity confirmation service.
- DigiDocService receives certificate validity information from the validity confirmation service.
- a. If the user’s certificate is valid, DigiDocService returns the verification code and user information (name, personal identification code) to the service provider. Otherwise an error code is sent and the personal identification process is discontinued. ATTENTION! The person is not yet identified immediately after receipt of the user information, as a supplementary authentication status inquiry is also necessary for final personal identification.
- b. DigiDocService sends a personal identification inquiry to the mobile telephone operator.
- a. The service provider displays the verification code of the authentication inquiry to the user.
- b. The mobile telephone operator forwards the personal identification inquiry.
- a. The service provider asks for the authentication inquiry status from DigiDocService. Upon asking for the status, it is possible to stipulate that the service would not give an answer before the created signature has reached the service (the example above uses the same option). In case the authentication inquiries with longer response time cannot be used for some reason, it is possible to demand immediate response to the inquiry and repeat the inquiry later.
- b. The user’s mobile telephone displays a message about receiving the personal identification inquiry. It is then checked if the displayed verification code matches the one displayed by the web service provider in the application and the entry is accepted.
- The user enters his or her Mobiil-ID PIN1 and the generated signature is sent to the mobile telephone operator.
- The mobile telephone operator forwards the signature received from the telephone to DigiDocService.
- DigiDocService responds to the authentication inquiry referred to in step 6a by indicating that the person has been identified.
Please consult the documentation of DigiDocService for further details about the process and descriptions of various methods.
The signing process
The signing process is similar to the personal identification process. The service user must forward the files that are to be signed or the hashes of those files to DigiDocService prior to carrying out the signing process.
The service takes care of generating the signed file (DigiDoc) and returns the signed file structure and the DigiDoc file later to the user.
In case the hashes of data files are sent to the service, the user must insert the data file contents inside the DigiDoc file individually. If the data files were sent to the service individually, the DigiDoc file that the service returns immediately becomes usable and distributable right away.
Read more about digitally signed files (DigiDoc), the signing process and methods necessary for signing with the Mobiil-ID service from the DigiDocService documentation.