Digital signing after service login using iAM Smart | My Site (2025)

info

In this guide there will be some sample code provided for your refernce, please note that the sample code ONLY aims for reference and shall provide NO SUPPORT for any issue on the sample code.

Introduction

This is general walk-through for getting start iAM Smart APIs development of Signing Using Login with "iAM Smart" use case.

Developers of Online Services adopting iAM Smart may find this guide useful when designing and developing application flows for signing adopting iAM Smart functions.

In this guide we will provide guides on:

  • Setting up your iAM Smart development environment
  • Request Signing
  • Open iAM Smart Mobile App for Getting Context
  • Online Service Acknowledge Signing Result

User Journey

Digital signing after service login using iAM Smart | My Site (1)

Flow

Please find below the sequence diagram for the whole Signing Using Login with "iAM Smart" process:

Digital signing after service login using iAM Smart | My Site (2)

In this guide, we will focus on some of the key steps that online service and users will be involved into when adopting and using "iAM Smart".

Click sign by "iAM Smart"

UI Display

Online service shall display one of the following button depends on the scenario:

Digital signing after service login using iAM Smart | My Site (3)Digital signing after service login using iAM Smart | My Site (4)

info

Please note that the request shall be initiated after the user clicked the "Signing with iAM Smart" button.

Online service is required to add a link / button, “More info” or “了解更多” in the initiation page. The link / button shall be linked to the “iAM Smart” thematic webpage based on language preference of user.The initiation page refers to the page that initiate the “iAM Smart” service, which user clicks the “iAM Smart” button to initiate the interaction with “iAM Smart” mobile application.

LanguageLink
Englishhttps://www.iamsmart.gov.hk/en/
Traditional Chinesehttps://www.iamsmart.gov.hk/tc/
Simplified Chinesehttps://www.iamsmart.gov.hk/sc/

Submit “Request Signing”

Composing Reuqest Body

ParametersData TypeDescription
businessIDstringbusinessID is a unique identifier for eService to differentiate different request. It should be ASCII string with length less than or equal to 36 chars.
accessTokenstringaccessToken value
openIDstringTokenised ID value
sourcestringRequest initiator. The supported source values can be found in part 0 of the Appendix in this specification.
redirectURIstringcallback URI.
statestring(Optional) If state parameter is presented in the request message, the same state value will be returned to online service during callback. It is used to prevent the CSRF attack. The value of state is defined by online service and it should be a secure random value. It can be an ASCII string of any length less than or equal to 36 (UUID string length). Only ASCII letters, numbers, underscore and hyphen are accepted.URI.
hashCodestringthe document hash to be signed. Online Service should compute the hash and send this hash to iAM Smart System for signing. The value should be Base64 encoded.
sigAlgostring(Optional) signature algorithm to be used. Online Service can specify either SHA256withRSA or NONEwithRSA. The default value is SHA256withRSA. While using NONEwithRSA, hashCode provided must be hashed with SHA256.
HKICHashstringSigning request will only be processed when the hash of the HKIC number of the iAM Smart user is matched with the HKICHash provided by Online Service. Online Service should convert the HKIC number into hash value using SHA256 before sending to iAM Smart System. Only the identifier of HKIC number will be hashed, no check digit is needed e.g. A123456. The value should be Base64 encoded.
department  string  (Optional)The department that initiates the signing request.
serviceNamestringThe service name.
documentNamestringThe document name that the user is going to sign.

Your request body should look something like this:

{
"businessID": "bbb8aae57c104cda40c93843ad5e6db8",

"accessToken": "xxxa42e76bf4cb0846a68e6d83d6096",

"openID": "liR14%2BvX%2F5hSum5uf4ERczu0KcDnIJA5BM7FoM1ag9c%3D",

"source": "Android_Chrome",

"redirectURI": "https://<rp_domain>/<rp_context>/<call_back_endpoint>",

"state": "eddd527b6",

"hashCode": " 965e638fda4c70f667efc2d68c40c6111e5965bfc82356d",

"HKICHash": " 6ea37e641260714009a880a8057032a414009a80f667efc",

"department": " Office of the Government Chief Information Officer",

"serviceName": "OnlinOnline Service1",

"documentName": "Doc0001"
}

Encryption

To better protect the data in transit, an additional layer of data encryption will be applied to all APIs POST request (except the one that Online Service request for getting symmetric encryption key).

info

To encrypt the data, a Content Encryption Key is required, please refer to iAM Smart API Specification 6.3.1.1 or online mockup API

In this case we will use a mock-up Content Encryption Key (CEK), please find below a base64-encoded mock CEK:

pvD2Zc1mf7tKVh17JOftmzyTaDyVmcULg92nB9qeEoQ=

Online Service should check whether its CEK is still valid and use it to encrypt all the JSON data of the POST request body as ciphertext using encryption algorithm “AES/GCM/NoPadding”.

This algorithm requires an initialisation vector (“IV”) which is provided by Online Service. The ciphertext, IV and length of IV are then concatenated in the following sequence and BASE64 encoded to formulate the value of JSON name/value pair called “content”.

Content value:

4 bytes IV length + IV + ciphertext

You may refer to the psuedo code below for the encryption implementation:

// request body
byte[] contentByte = content.getBytes();

// using AES/GCM/NoPadding for encryption algorithm
SecretKeySpec sKeySpec = new SecretKeySpec(key, Constants.ALGORITHM_AES);

byte[] encrypted;

SecureRandom secureRandom = new SecureRandom();
byte[] iv = new byte[Constants.IV_LENGTH];
secureRandom.nextBytes(iv);

Cipher cipher = Cipher.getInstance(Constants.AES_GCM_NOPADDING);
GCMParameterSpec parameterSpec = new GCMParameterSpec(Constants.GCM_AUTH_TAG_LENGTH, iv);

// encrypt the request body
cipher.init(Cipher.ENCRYPT_MODE, sKeySpec, parameterSpec);
encrypted = cipher.doFinal(contentByte);


// concatenated IV_len + IV + ciphertext + authTag
ByteBuffer byteBuffer = ByteBuffer.allocate(Constants.INT_BYTE_LENGTH + iv.length + encrypted.length);
byteBuffer.putInt(iv.length);
byteBuffer.put(iv);
byteBuffer.put(encrypted);
byte[] cipherMessage = byteBuffer.array();

result = Base64.getEncoder().encodeToString(cipherMessage);

info

Please note that the psuedo code ONLY aims for reference and shall provide NO SUPPORT for any issue on the psuedo code.

Please find below an example of base64-encoded IV:

vM7EArooK0hCCX8E

If you use the above json and encrypt with the above CEK and IV, concatenated and base64 encoded, you should get the following result:

AAAADLzOxAK6KCtIQgl/BJRVECazUaNiaf13rfcGNApA3K0BI0qZkB5pMWAjcTF0z0PLOnsCyxCtVUytAbA/cm2U5W83FrRXvtZZ74SrCWY4cQiAlq38TLSeOY9B418Tc5dUr1JnbCVeHe8HNrEY81QyI3r7JMZfXGaWgRoz0os8C7zbzty88vPGPSmBE7WqZF5I84IJ7wzwpRs+ifz9DfpFqWzj55mftTHQERWDhcKRALgdZECoFCqtmNhRFERxAm+MrIkypZG/JAdcho0cLyIGTkw7KLqKT0/NmQgQ3vsi6IxGOF4u8gPfLHfRkLopZkU7sXXHNC5hVtEmGXz0zrp+Pq9diKIX6MyrAtwjhIxxKu5iI9MO7XB272hpeonpJYWA0dvh0F882tjNnN6oRJrQ1ZxPXfeA

Now put it in the value of JSON name/value pair called “content” as the request body:

{
"content": "AAAADLzOxAK6KCtIQgl/BJRVECazUaNiaf13rfcGNApA3K0BI0qZkB5pMWAjcTF0z0PLOnsCyxCtVUytAbA/cm2U5W83FrRXvtZZ74SrCWY4cQiAlq38TLSeOY9B418Tc5dUr1JnbCVeHe8HNrEY81QyI3r7JMZfXGaWgRoz0os8C7zbzty88vPGPSmBE7WqZF5I84IJ7wzwpRs+ifz9DfpFqWzj55mftTHQERWDhcKRALgdZECoFCqtmNhRFERxAm+MrIkypZG/JAdcho0cLyIGTkw7KLqKT0/NmQgQ3vsi6IxGOF4u8gPfLHfRkLopZkU7sXXHNC5hVtEmGXz0zrp+Pq9diKIX6MyrAtwjhIxxKu5iI9MO7XB272hpeonpJYWA0dvh0F882tjNnN6oRJrQ1ZxPXfeA"
}

Composing Request Header

ParametersData TypeDescription
clientIDstringonline service client identifier, the client ID will be assigned to online service at the initial registration
signatureMethodstringHmacSHA256
timestampintegerThe timestamp is the request submit time expressed in the number of milliseconds since January 1, 1970 00:00:00 GMT. It is used to prevent replay attack. The value MUST be a positive integer and equal or greater than the timestamp used in previous requests.
noncestringA nonce is a random string, uniquely generated for each request by Online Service. It is used to prevent replay attack. A nonce can be an ASCII string of any length less than or equal to 36 (UUID string length) as long as the uniqueness requirement is met.
signaturestringIt is a signature of the submitted data. Online Service uses clientSecret to sign the request body string and timestamp to get the signature. The pseudo code to generate the signature is shown at below.

Online Service uses clientSecret to sign the concatenated string of clientID, signatureMethod, timestamp, nonce and request body to get the signature.

In this case, we will use the following parameter for signature generation:

> clientID: clientID20220817demo

> clientSecret: clientSecret20220817demo

> signatureMethod: HmacSHA256

> timestamp: 1660721425291

> nonce: nonce20220817

The concatenated string of clientID, signatureMethod, timestamp, nonce and request body should be as followed:

clientID20220817demoHmacSHA2561660721425291nonce20220817{"content": "AAAADLzOxAK6KCtIQgl/BJRVECazUaNiaf13rfcGNApA3K0BI0qZkB5pMWAjcTF0z0PLOnsCyxCtVUytAbA/cm2U5W83FrRXvtZZ74SrCWY4cQiAlq38TLSeOY9B418Tc5dUr1JnbCVeHe8HNrEY81QyI3r7JMZfXGaWgRoz0os8C7zbzty88vPGPSmBE7WqZF5I84IJ7wzwpRs+ifz9DfpFqWzj55mftTHQERWDhcKRALgdZECoFCqtmNhRFERxAm+MrIkypZG/JAdcho0cLyIGTkw7KLqKT0/NmQgQ3vsi6IxGOF4u8gPfLHfRkLopZkU7sXXHNC5hVtEmGXz0zrp+Pq9diKIX6MyrAtwjhIxxKu5iI9MO7XB272hpeonpJYWA0dvh0F882tjNnN6oRJrQ1ZxPXfeA"}

You may refer to the psuedo code below for the signature generation:

// Digest with HmacSha256
Mac sha256HMAC = null;
try {
sha256HMAC = Mac.getInstance(Constants.SIGNATURE_METHOD);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

if (sha256HMAC == null) {
return null;
}

SecretKeySpec secretKey = new SecretKeySpec(clientSecret.getBytes(), Constants.SIGNATURE_METHOD);
try {
sha256HMAC.init(secretKey);
} catch (InvalidKeyException e) {
e.printStackTrace();
}

// base64-encoded
String hash = Base64.getEncoder().encodeToString(sha256HMAC.doFinal(message.getBytes()));

// URL enconded
return URLEncoder.encode(hash, StandardCharsets.UTF_8);

With the parameters provided you should get the following result:

17uX5GHbU7x1mz1czXBLifRqOJ%2BwzZG105bj%2FWpuwU0%3D

Now construct the request header with all the parameters:

{
"clientID": "clientID20220817demo",

"signatureMethod": "HmacSHA256",

"timestamp": 1660721425291,

"nonce": "nonce20220817",

"signature": "17uX5GHbU7x1mz1czXBLifRqOJ%2BwzZG105bj%2FWpuwU0%3D"
}

The completed request should be like following;


// Request Headers
{

"clientID": "clientID20220817demo",

"signatureMethod": "HmacSHA256",

"timestamp": 1660721425291,

"nonce": "nonce20220817",

"signature": "17uX5GHbU7x1mz1czXBLifRqOJ%2BwzZG105bj%2FWpuwU0%3D"

}

// Request Body
{

"content": "AAAADLzOxAK6KCtIQgl/BJRVECazUaNiaf13rfcGNApA3K0BI0qZkB5pMWAjcTF0z0PLOnsCyxCtVUytAbA/cm2U5W83FrRXvtZZ74SrCWY4cQiAlq38TLSeOY9B418Tc5dUr1JnbCVeHe8HNrEY81QyI3r7JMZfXGaWgRoz0os8C7zbzty88vPGPSmBE7WqZF5I84IJ7wzwpRs+ifz9DfpFqWzj55mftTHQERWDhcKRALgdZECoFCqtmNhRFERxAm+MrIkypZG/JAdcho0cLyIGTkw7KLqKT0/NmQgQ3vsi6IxGOF4u8gPfLHfRkLopZkU7sXXHNC5hVtEmGXz0zrp+Pq9diKIX6MyrAtwjhIxxKu5iI9MO7XB272hpeonpJYWA0dvh0F882tjNnN6oRJrQ1ZxPXfeA"

}

Now initiate the request with POST method to the Request Signing enpoint.


> https://<iAM_Smart_domain>/api/v1/account/signing/initiateRequest

Upon success you should receive the encrypted response:

{
"txID": "<T=938ffb193b4b4370b6c2584372c6a588>",

"code": "D00000",

"message": "SUCCESS",

"content":"AAAADLzOxAK6KCtIQgl/BJRVECazUaNiaf13rfcGNApA3K0BI0qZkB5pMWAjcTF0z0PLOnsCyxCtVUytAbA/cm2U5W83FrRXvtZZ74SrCWY4cQiAlq38TLSeOY9B418Tc5dUr1JnbCVeHe8HNrEY81QyI3r7JMZfXGaWgRoz0os8C7zbzty88vPGPSmBE7WqZF5I84IJ7wzwpRs+ifz9DfpFqWzj55mftTHQERWDhcKRALgdZECoFCqtmNhRFERxAm+MrIkypZG/JAdcho0cLyIGTkw7KLqKT0/NmQgQ3vsi6IxGOF4u8gPfLHfRkLopZkU7sXXHNC5hVtEmGXz0zrp+Pq9diKIX6MyrAtwjhIxxKu5iI9MO7XB272hpeonpJYWA0dvh0F882tjNnN6oRJrQ1ZxPXfeA"
}

info

Noted the secretKey used for encryption is also provided in the response body, this is for when the request hits the time of updating the CEK, an old CEK is used to encrypt the reuqest, in this scenario online service may use the provided secretKey in the request body for decryption.

Decryption

The structure of the encrypted content of response body is the same as the encrypted trequest body:

4 bytes IV length + IV + ciphertext

To decrypt the encrypted content, you will have to locate the following data:

  • 4 bytes IV length
  • IV
  • ciphertext
  • authTag (if necessary)

You may refer to the psuedo code below for the decryption implementation:

// base64-decode the contnet
byte[] content = Base64.getDecoder().decode(base64Content);

SecretKeySpec sKeySpec = new SecretKeySpec(key, Constants.ALGORITHM_AES);

// locate IV and authTag
ByteBuffer byteBuffer = ByteBuffer.wrap(content);
int ivLength = byteBuffer.getInt();
if (ivLength != Constants.IV_LENGTH) {
throw new IllegalArgumentException("Invalid iv length");
}

byte[] iv = new byte[ivLength];
byteBuffer.get(iv);
byte[] cipherText = new byte[byteBuffer.remaining()];
byteBuffer.get(cipherText);

Cipher cipher = Cipher.getInstance(Constants.AES_GCM_NOPADDING);
GCMParameterSpec parameterSpec = new GCMParameterSpec(Constants.GCM_AUTH_TAG_LENGTH, iv);

// decrypt the encrypted content
cipher.init(Cipher.DECRYPT_MODE, sKeySpec, parameterSpec);
byte[] original = cipher.doFinal(cipherText);

result = new String(original);

info

Please note that the psuedo code ONLY aims for reference and shall provide NO SUPPORT for any issue on the psuedo code.

You should get the following result:

{
"txID": "<T=938ffb193b4b4370b6c2584372c6a588>",

"code": "D00000",

"content": {
"authByQR": true
}
}

Now we can proceed to calculate identification code.

Calculate identification code

After submitting signing request by sending access token, hash and tokenized ID, iAM Smart core system will acknowledge signing request and send response to Online Service server. When iAM Smart user has logged in the Online Service, both Online Service and iAM Smart System will compute and display a 4-digit identification code using the Document Hash and the hash of Tokenised ID of the iAM Smart.
4-digit identification code generation algorithm is as follows:

  • Concatenate the Document Hash and the Tokenised ID hash value (calculated with SHA-512), and perform the digital digest for the concatenation result with SHA-512
  • Perform the MD5 calculation to obtain a unique MD5 hash value
    Digital signing after service login using iAM Smart | My Site (5)
  • Divide the 128-bit MD5 hash value into four groups of 4 bytes binary value and then extract the fistt byte from each group as a data sample.
  • Perform 4-bit unsigned right shift to each byte of the result obtained above for the hexadecimal data.
  • Perform the modulo operation on each byte (modulo 10) to obtain a number of 0-9.
  • Assemble the 4 numbers obtained above as a 4-digit identificatin code.
    Digital signing after service login using iAM Smart | My Site (6)

You may refer the pseudo code below for the calculation of identification code:

private static final char hexDigits[] = {0,1,2,3,4,5,6,7,8,9};
public static String getSignCode (String hashCode, String openlD) {
// Assume Document Hash is BASE64 encoded and perform decode
byte[] hashCodeBytes = Base64Util.base64Decode(hashCode);

// Calculate SHA-512 hashcode of Tokenised ID
byte[] openlDBytes = DigestUtil.digestToByte(openlD, Alg.SHA512);
char code[] = new char [4];
byte[] source = new byte[hashCodeBytes.length + openlDBytes.length];
System.arraycopy(hashCodeBytes, 0, source, 0, hashCodeBytes.length);
System.arraycopy(openlDBytes, 0, source, hashCodeBytes.length, openlDBytes.length);

// Calculate SHA-512 hashcode from concatenated Document Hash and
// SHA-512 hashed Tokenised ID
byte[] inData = DigestUtil.digestToByte(source, Alg.SHA512);

// Calculate MD% hashcode
byte[] digestMD5Data = DigestUtil.digestToByte(inData, Alg.MD5);

// Convert MD5 value 4-digit identification code
for (int i = 0; i < 4; i++) {
code[i] = hexDigits[(digestMD5Data[i * 4] >>> 4 & 0xf)10];
return new String(code);
}

info

Please note that the pseudo code ONLY aims for reference and shall provide NO SUPPORT for any issue on the pseudo code.

The next step will introduce Instruction Page for requesting signing.

Instruction Page for requesting signing

After online service sends the initiate signing request to “iAM Smart” system, online service is required to instruct to open the “iAM Smart” app in his/her mobile phone. Please refer to the table below for different scenarios.

Digital signing after service login using iAM Smart | My Site (7)Now we may proceed to request the "iAM Smart" QR Page/App broker page.

Open iAM Smart Mobile App for Getting Context

When iAM Smart Mobile App is opened, Online Service Website should keep synchronising with Online Service for signing processing result, such as polling. Online Service Website/app invokes iAM Smart Mobile App using URL Scheme with “ticketID” (set Context as “hash-sign or “pdf-sign” in URL Scheme).

Construct the URL Scheme

ParametersData TypeDescription
ticketIDstringTicketID is a unique identifier provided by iAM Smart Core System, Online Service retrieve ticketID while requesting the context (Profile / Signing / Form Filling / Re-authentication). It is ASCII string with length less than or equal 36 chars.
sourcestring(Optional) This parameter is required only in anonymous form filling or anonymous signing workflows. Request initiator (App_Scheme, App_Link).The detail of supported source values can be found in Appendex B of this specification.
redirectURIstring(Optional) callback redirect URI. This parameter is required only in anonymous form filling or anonymous signing workflows and its value should be URL encoded.
statestring(Optional) If state parameter is presented in the request message, the same state value will be returned to Online Service during callback. It is used to prevent the CSRF attack. The value of state is defined by Online Service and it should be a secure random string of any length less than or equal to 36 (UUID string length). Only ASCII letters, numbers, underscore and hyphen are accepted.

You request scheme should be something as following:

> hk.gov.ogcio://hash-sign?ticketID=bbb8aae57c104cda40c93843ad5e6db8

Callback to Receive Signing Result

After iAM Smart user logs in iAM Smart Mobile App, reviews the signing authorisation request (e.g. continue or reject the request) and verify the 4-digit identification code with Online Service Website/app. iAM Smart user follows the instructions in iAM Smart Mobile App to complete signing operation. iAM Smart System invokes Online Service callback API to return the result with “businessID” of the signing request to Online Service server.

Callback Parameters

ParametersData TypeDescription
businessIDstringbusinessID is a unique identifier for Online Service to differentiate different request. Online Service can use the businessID to relate the callback message with the original request.
statestring(Optional) If the state parameter has been present in the request message, the exact value of state will be returned. It is used to prevent the CSRF attack. The value of state is defined by Online Service and it should be a secure random value.
hashCodestring(Optional) The document hash submitted by Online Service in the API request.
timestamplong(Optional) Timestamp in milliseconds since January 1, 1970 00:00:00 GMT. iAM Smart System will provide this to Online Service only when signing is successful.
signaturestring(Optional) Base64-encoded signature result string. iAM Smart System will provide this to Online Service only when signing is successful.
certsting(Optional) Base64-encoded DER format certificate for the iAM Smart user. iAM Smart System will provide this to Online Service only when the signing is successful.

Upon success you should receive the encrypted response, after decryption, you should get the following result:

{
"txID": "<T=938ffb193b4b4370b6c2584372c6a588>",

"code": "D00000",

"message": "SUCCESS",

"content": {
"businessID": "2YotnFZFEjr1zCsicMWpAA",
"state": "unesidkd",
"hashCode": "tGzv3JOkF0XG5Qx2TlKWIA",
"timestamp": 1556450176000,
"signature": "nnoadisauflanefhykdjf",
"cert": "sdfGSDGsdfaGDEHfjslgGQG……GSGjljlkjwmh",
}
}

Online Service Acknowledge Signing Result

Online Service Server completes the document signing process, verify the result and acknowledges iAM Smart System the signing result using iAM Smart API with the same “businessID” of the signing request.

You may refer the pseudo code below for the verification of signing result:

public static boolean verifySignature(PublicKey publicKey, String algName, byte[] signatureByte, byte[] hash) {
boolean isCorrect = false;
try {
Signature signature = Signature.getInstance(algName);
signature.initVerify(publicKey);
signature.update(hash);
isCorrect = signature.verify(signatureByte);
} catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
e.printStackTrace();
}
return isCorrect;
}

Composing Request body

ParametersData TypeDescription
businessIDstringbusinessID is a unique identifier for Online Service to differentiate different request. It should be ASCII string with length less than or equal to 36 chars.
signingResultstring"SR001": digital signature is accepted
"SR002": digital signature is rejected
"SR003": no digital signature was received.

Your request body should look something like this:

{
"businessID": "bbb8aae57c104cda40c93843ad5e6db8",

"signingResult": "SR001",
}

Upon success you should receive the encrypted response, after decryption, you should receive the following result:

{
"txID": "<T=938ffb193b4b4370b6c2584372c6a588>",

"code": "D00000",

"message": "SUCCESS"
}

Online Service Server matches the result using the “businessID” and shows the signing result in corresponding Online Service Website.

Summary

Congratulations! You have sucessfully go through the following items.

  1. Setting up your iAM Smart development environment
  2. Request Signing
  3. Open iAM Smart Mobile App for Getting Context
  4. Online Service Acknowledge Signing Result

Next Steps

Get started with "iAM Smart" API:

  1. To learn about the Login and linkup with iAM Smart, refer to [Login linkup with iAM Smart] (Login and GetProfile)
  2. To learn about the use case of Digital Signing with iAM Smart, refer to [Digital Signing] (Digital Signing [After Authentication API] & Anonymouse Signing)

Further Reading

  • "iAM Smart" API Specification v1.2.7, Section 4.5.1, 4.5.2, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.4.5
  • "iAM Smart" Developer Guide v1.2.7, Section 3.6.1, 3.6.2
Digital signing after service login using iAM Smart | My Site (2025)

FAQs

How do I enable digital signing on iAM Smart? ›

Upgrade Steps
  1. Go to the self-registration kiosk location in person.
  2. Start to use the "iAM Smart" self-registration system on kiosk.
  3. Select the language.
  4. Select "Haven't got the digital signing function"
  5. Select "Apply"
  6. Open "iAM Smart" mobile app on your personal mobile phone.
  7. Login "iAM Smart" App.
  8. Select "Scan QR Code"

What is the difference between iAM smart and iAM smart? ›

What is the difference between "iAM Smart" and "iAM Smart+"? "iAM Smart" account is available in two versions, namely "iAM Smart" and "iAM Smart+". The "iAM Smart" version has authentication, form-filling and personalized notifications functions, while the "iAM Smart+" version has the digital signing function.

How to login to ismart? ›

Authentication Go to the login page of the Licence service using the browser on your computer, and click the "Log in by using "iAM Smart"" button. A QR code will be displayed on the webpage. Launch the "iAM Smart" mobile app on your smartphone and perform Page 2 biometric authentication to log in "iAM Smart".

How do I log into my iAM smart? ›

1. Open the iAM Smart app in your mobile device. 2. Click “Login” to log in to the system.

How do I enable iAM authentication? ›

Open the Amazon RDS console at https://console.aws.amazon.com/rds/ .
  1. In the navigation pane, choose Databases.
  2. Choose the DB instance that you want to modify. ...
  3. Choose Modify.
  4. In the Database authentication section, choose Password and IAM database authentication to enable IAM database authentication. ...
  5. Choose Continue.

What is the difference between authentication and authorization in IAM? ›

Authentication confirms that users are who they say they are. Authorization gives those users permission to access a resource. While authentication and authorization might sound similar, they are distinct security processes in the world of identity and access management (IAM).

How does IAM authorization work? ›

IAM Authorization

Users are granted authorizations according to their role at an organization. This practice is referred to as “role-based access control” (RBAC). Authorizations determine a role's resources and level of access in the network.

How to upgrade IAM smart to IAM smart+? ›

First, open the "iAM Smart" app and select "Upgrade to iAM Smart+". Then, please carefully read and agree to the Declaration of the Applicant before selecting "Continue". Start by taking a photo of the front of your ID card. You can choose to enable "Audio Guide" during the upgrade process if needed.

How does iSmart app work? ›

Once you've planned your route you'll get real-time traffic updates, route guidance and an accurate arrival time. Not only that, but the app will tell you all the points of interest you won't want to miss along the way. Get real-time traffic updates and accurate route and arrival time calculations.

What are the functions of iAM smart? ›

“iAM Smart” aims to provide all Hong Kong residents aged 11 or above with a single digital identity and an authentication function to conduct government and commercial transactions online. Hong Kong residents are free to register and use the “iAM Smart”.

How to get iAM smart+? ›

Method one: With a new smart identity (ID) card1, and a mobile phone which supports NFC (Near Field Communication) function and meets the operating system requirements2, you can use version 3.5. 0 or above of the "iAM Smart" mobile app to upgrade to "iAM Smart+" on your own.

How do I activate my smart ID? ›

If you get in, it means you are ready to set up Smart-ID!
  1. Step 1: open the Smart-ID app on your smart device. ...
  2. Step 2: choose your PIN-codes. ...
  3. Step 3: continue registration on your computer. ...
  4. Step 4: fill in the details on your computer. ...
  5. Step 5: confirm your Smart-ID account on your computer.

How do I enable DSC? ›

The process for enabling DSC can vary depending on your hardware and operating system. Typically, you can enable it from within the graphics card control panel. For NVIDIA, this is usually found in the NVIDIA Control Panel under the 'Display' settings. For AMD, the Radeon Settings may offer an option to enable DSC.

How do I enable device driver signing? ›

How to Enable Driver Signature Enforcement?
  1. In the Search bar, write cmd and right-click Command Prompt to choose Run as administrator.
  2. Execute the below command and press Enter. bcdedit /set testsigning on.
  3. Close or shut the Command Prompt window and restart the system.
Jun 18, 2024

How do I activate my digital certificate? ›

Install your digital certificate in your browser
  1. Open Internet Explorer.
  2. Click on “Tools” on the toolbar and select “Internet Options”. ...
  3. Select the “Content” tab.
  4. Click the “Certificates” button. ...
  5. In the “Certificate Import Wizard” window, click the “Next” button to start the wizard.
  6. Click the “Browse…” button.

How do I enable integrated authentication? ›

Enabling Integrated Windows Authentication in Internet Explorer
  1. Start the browser and open Internet options.
  2. Click the Advanced tab. In the Security section, select Enable Integrated Windows Authentication.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Arline Emard IV

Last Updated:

Views: 6486

Rating: 4.1 / 5 (52 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Arline Emard IV

Birthday: 1996-07-10

Address: 8912 Hintz Shore, West Louie, AZ 69363-0747

Phone: +13454700762376

Job: Administration Technician

Hobby: Paintball, Horseback riding, Cycling, Running, Macrame, Playing musical instruments, Soapmaking

Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.