ADSS RAS Service
When a business application initiates a signing transaction on behalf of a user, the signing request is received by RAS and an authorisation request message is sent to the user's Go>Sign Mobile App, which prompts them to authorise the signing transaction (OR the user rejects the request or the request times out). The user/signer uses Go>Sign Mobile App (or native Mobile App with the Go>Sign Mobile SDK embedded within it) to securely authorise the server-side signing action using a trusted path protocol. The Go>Sign Mobile App confirms the user’s authority to sign by digitally signing an authorisation request message that was sent to their Go>Sign Mobile App, clearly identifying what they are being asked to sign. The authorisation message is signed using a dedicated authorisation private key held in the Secure Element/Enclave or the user's mobile device. RAS passes the authorisation request to SAM Service for confirmation that the message has been authorised properly by checking the signature, device and message details. One or multiple hashes may be within the request. See the SAM Service for details of its processing. The SAM responses contain the user's Qualified (or Advanced) signature on the hash data (as a PKCS#1 signed hash) that RAS sends back to the calling business application or ADSS Signing Service.