The solution is based on Public Key Infrastructure (PKI). Each authorization must be signed with the user's private key. The app is managing and protecting the keys and certificates, so user does not have to figure out key/cert management. Some info here; https://www.mepin.com/technical-overview/