Logo
Quali-Sign
Specialists in mobile apps for eID and Strong Customer Authentication

Resources > Demonstration & Evaluation

Perform eID at a turnstile to access a sports stadium
In order to access the stand at a football stadium, a person must present their match ticket, their Covid-19 certification status and also their ID.
At the turnstile the ticket holder scans a QR code with their eID wallet app. They then touch the fingerprint sensor to present their ticket and their covid status (Green/Red) at the same time (in the form of attributes). The whole procedure takes 14 seconds.
In this demo the person's smartphone is offline. It communicates with the turnstile via a proximity connection (BLE). The procedure can also work with both the smartphone and the turnstile offline. The eID wallet app is still able to authenticate the turnstile/stadium (Relying Party) and the turnstile is still able to verify the eID proof (including ticket and covid attributes).
Evaluation Requests
If you would like to evaluate our eID-SCA app, we can provide you with a profile on our demonstration server.
Please contact us for more details.
The following flavours of the app are available:
Android: Available on Google Play.
iOS: Available in the App Store.
Open a bank account
This recording was commissioned by the eIDAS enabled i-Banking project. The project has received funding from the European Union's Innovation and Networks Execuitve Agency (INIA), under Grant Agreement No INEA/CEF/ICT/A2018/1633440.
A person who holds an Electronic Identification (eID) wallet app opens a new bank account online with NewBank.
Before the account can be opened, the person must sign the Terms & Conditions and NewBank must also perform Customer Due Diligence (CDD) on the customer.
The person launches their eID app and scans a QR code displayed on NewBank's web site.
The eID app asks the person to sign the T's & C's and lists the attributes that are required. They sign with a touch of the fingerprint sensor.
The signed (eID) proof includes the person's Identity Certificate and an Attribute Certificate for each attribute that is required.
Links to copies of the eID proof and the EU DSS Validation Report.
Visit Our Demo Site
Once you have eID-SCA set up on your smartphone, visit here to try some of these demos.
You can email yourself the SCA proof. Here are some useful links:
Verify the SCA proof. Under 'More Options', please select following Validation level: 'Validation process for Basic Signatures'.
Pretty Print the XML Advanced Electronic Signatures (XAdES).
View the contents of an X.509 Certificate.
Decode the Base64 encoded data
Migrate eID Profile (wallet) to a new smartphone.
A person upgrades their mobile phone and wishes to migrate their eID Profile (wallet) to their new smartphone, including all their attributes.
Having installed the eID app on their new smartphone, the app generates a Certificate Signing Request (CSR).
Before their Identity and Attribute Service Providers can issue a new set of certificates to the new smartphone, the person performs SCA on the CSR using their existing smartphone's eID app.
NulaBG - Login and approve payments
NulaBG is a Payment Initiation Service Provider (PISP). They are the first to implement the Embedded SCA APIs proposed in the Berlin Group 'Signed Payment Request' (AdES flavour) Change Request(CR). This CR proposes extensions to the NextGenPSD2 Open Banking Standard.
In this demo, the PSU logs into the NulaBG site using their Dedicated Authentication/EUeID App.
The PSU then proceeds to approve a tax payment.
Embedded SCA - Merchant Point of Sale (POS)
At the checkount in a shop, the customer pays using their bank issued Dedicated Authentication App (DA-App).
The DA-App is on the left and the Merchant POS is on the right.
The user scans the QR code, reviews the payee and amount, selects an account to debit and then signs. The end-to-end procedure takes 20 seconds.
Their smartphone does not have a network connection. It connects with the POS terminal using proximity technologies (QR codes and BLE).
Watch carefuly and you will see the BLE communication progress on both devices.
Embedded SCA - Initiate payments via a 3rd party website.
A user visits the website of a Third Party Provider (TPP). They log in by scanning a QR code displayed on the TPP website with a Dedicated Authentication App, provided by their bank.
Having logged in, the user proceeds to initiate a variety of payments (single, bulk and recurring) and also consents to the TPP accessing their account data.
The user signs each payment/consent request via their Dedicated Authentication App.
The TPP then initiates the signed payment/consent requests via PSD2 APIs. No further authorisation is required.
eID - Website Login
A user visits the website of a Third Party Provider (TPP). The website gives the user the option of logging in using an eID app previously issued to the user by an Identity Service Provider (e.g. a bank). The TPP performs the role of Identity Consumer.
The TPP website displays a QR code for the user to scan with their eID app. The content of the QR code includes an identifier of the browser session and the URL of the TPP server.
When the user scans the QR code, a secure end-to-end encrypted connection is established between the eID app and server of the TPP.
The TPP then prepares an Authentication Request, this takes the form of an Advanced Electronic Signature (AdES) and contains the TPP's QSEAL (machine signature) and corresponding certificate chain.
The eID app first identifies and authenticates the TPP by verifying the QSEAL.
The eID app then presents the user with the authentication request and asks them to approve it by touching the biometric sensor on their smartphone.
The Authentication Proof extends the TPP's AdES by adding the user's countersignature. This countersignature includes the user's certificate chain.
The countersignature is transmitted back to the TPP via the secure connection. The TPP can then identify and authenticate the user by verifying the signature either themselves or via a verification service.
Decoupled SCA - Corporate - Multi-User Approval (3 minutes)
A corporate ERP/Treasury platform prepares: a) a bulk file of credit transfers, b) a file direct debits, c) an account opening request and d) an e-mandate proposal.
All files (orders) are transmitted to the bank via an SFTP host-to-host connection. On receipt, the bank places the orders into its Decoupled SCA procedure. All require dual approval.
Two authorised representatives of the corporate are notified by their bank issued Dedicated Authentication App (installed on their phones) that they have new orders to approve.
They are able to review the details of each order before approving or cancelling it.
In the recording below, one user's iPhone is on the left, the other user's Android smartphone is on the right. The SFTP upload tool is in the middle. In the browser below is the IBM Sterling File Gateway (SFG) status reporting tool. SFG manages the Decoupled procedure.
Decoupled SCA - Corporate Bulk Payments - Multi-User Approval (1.5 minutes)
A corporate ERP/Treasury platform prepares a bulk file of 1000 SCT transactions.
The bulk payments file is transmitted to the bank via an SFTP host-to-host connection. On receipt, the bank places the payment order into its Decoupled SCA procedure. This payment order requires dual approval.
Two authorised representatives of the corporate are notified by their bank issued Dedicated Authentication App (installed on their phones) that they have a new order to approve.
They are able to review payment details before approving the payment order.
Once dual approval is completed, the status of the payment order changes to RCVD (received). The bank then releases it for further processing.
In the recording below, one user's iPhone is on the left, the other user's Android smartphone is on the right. The SFTP upload tool is in the middle. In the browser below is the IBM Sterling File Gateway (SFG) status reporting tool. SFG manages the Decoupled procedure.
Bill Payment via QR Scan
A paper invoice is received containing a QR code (EPC SCT format).
To pay the invoice, the user scans the QR code with their bank issued app.
An SCT payment request is generated and transmitted to the bank.
The payment request is verified a bank's ISO20022 test platform.