BankID (SE)

​Used by almost 8 million Swedes, BankID has become a household brand and a highly trusted digital identification and signing service for Swedish citizens.​ Almost 7 million has a mobile BankID and this eID was used in 96 % of logins and signings. It is also available as BankID on file and BankID on card.

Enable BankID in your services

To enable BankID to sign using E-Signing it is necessary with a merchant certificate ("förlitande certifikat") to be used in the communication between E-Signing (on your behalf) and with BankID. Nets is reseller of BankID and will help establish this certificate. 

More information about BankID:

Merchant certificate ("Förlitande certifikat")​​

​​​​

​​​​​BankID agreement through Nets as reseller

​To establish the "Förlitande certifikat". Nets need the following information:

  • ​Your organisation name 
  • Ce​rtificate display name (this is visible in the BankID security application during the end user's login)
  • ​VAT number

Nets will handle the communication with a bank issuing the certificate. 

​BankID agreement directly with an​​​ issuing bank​

It is also possible to have a BankID agreement directly with a bank issuing BankID. You will need to enter into an agreement with the bank. To establish the "Förlitande certificat", these steps must be done:

  1. ​​​Provide Nets with information about your organisation name, VAT number, certificate display name (visible during end user login) and the bank name.
  2. Nets will generate a certificate request based on this information and send it to you.
  3. You need to forward this certificate request to your bank. Do not make your own certificate request.
  4. ​​​The bank will issue the certificate based on the certificate request. Please forward this to Nets. 
  5. Nets will install and setup you configuration with BankID. 

​​

Test certificate ("Förlitande certifikat")

​Nets has a default test certificate that all customers can use. This will be set up during configuration, and you do not need to do anythi​ng.​

Test users

See here ​for more information on how to get a BankID test user.

SDO seal and customer signature

To seal signed documents (SDOs) and to enable merchant signing, all customers using BankID must order a merchant certificate from Nets. This certificate will be issued from the Nets internal utility CA “Eurida Connect CA”. The ordering of this certificate will be done in dialogue with support. 
To use the merchant signing feature with this certificate for some or all of your documents, add the below to your sign order:​​
<Signer>
  <MerchantSigner>
    <LocalSignerReference>Sample123</LocalSignerReference>
    <SigningPKIType>EuridaConnect</SigningPKIType>
  </MerchantSigner>
</Signer>

​​​Handlin​​​g of​ SSN

​For BankID, the end user's SSN is a part of his/hers certificate that is used during signing. This certificate is a part of the signature in the signed document.

How to find the SSN?

GetSignature

The SSN of a signer can be fetched from E-Signing using the GetSignature call. The SSN is returned in the SignerID / IDValue element of the response.

GetSDODetails

Use the GetSDODetails function to inspect the content of the SDO and return the SSN. For BankID this can be found in the UniqueId element in  ​​SDOSignature / SignerCertificateInfo. See the SDOSignatures element.

​User experience

BankID dialogue

Step 1 (optional): 

BankId SE - step 1.png

Step 2 (PDF document shown inline):

BankID SE - step 2.png

​​Step 3: 

BankID SE - step 3.png

​​Control the start of BankID app​​

 

The BankID signing dialogue can either be started by presenting the user with the screen in “Step 1” above or it can be skipped. 

The BankID app is available using two different versions of the BankID app; one for computers and one for mobile. The BankID app does not necessarily have to be installed and started from the device where the document to be signed is presented. 

How the start of the BankID app will be for the user depends on the usage of the autostart parameter appended to the sign URL and the SignerID element in the sign order. The table below explains the different scenarios. ​

​​Autostart​SignerID​Behaviour
​false
(default)
​null
(default)
​The user will be presented with the page in "Step 1" above where he/she can choose to use this device or another device. 
false​​xxxxxxxWhen setting the SignerID, the transaction is locked to a specific user. The user can sign on the device of his/her choice, and he/she is presented with the message “Launch your BankID Security App.")”. 
​true​null​The client will be auto started on current device and the signing is not locked to a specific user. 
​true​xxxxxxx​The client will be auto started on current device, and locked to the given SignerID. If the user doesn't have a certificate in the BankID security app connected to that user, an error will be shown. ​

​PDF document signing​

For PDF document signing, the document will be presented to the end user prior to launching the BankID security application. The document can either be visible inline as shown in "Step 2" above or with a link to the PDF document that must be opened before the user can continue. 

Note: All new customers will get the inline PDF view. If you do not have the inline view, contact our support​ to request this view. 

When using the inline PDF view, the height of the iframe shouldd be set to 660 px or higher. 

Turn off inline PDF view 

The inline PDF view can be turned off by using the inlinepdf parameter appended to the sign URL. If the inline view is turned off, a link to the PDF document is shown to the user. The PDF document will be opened in another browser window or PDF application. The user must open this before proceeding with the signing. Read more about the inlinepdf parameter.​​

Sign text in BankID app

In the BankID security application, a descriptive text will be shown to the user. This will be the user visible text that the user signs. The hash of the PDF document will be added as a non-visible sign text. ​The descriptive text will either be:

 

  • ​a default Nets defined text: "You are now about to sign the PDF-document that was presented on the previous page." or
  • a customer defined text. See below for description on how to add it.

 

How to add the customer ​​defined sign text​

  • Contact support​ to update your customer configuration setting to enable this functionality.
  • ​​Insert the customer defined sign text into the Description element of a sign order.​ ​

 

Note: The text added to the Description element is also shown in the header if using Nets standalone GUI and it is added to the SDO (signed document). ​​

​Document types and sizes

 

The following document formats are supported using BankID:

  • ​​PDF​
  • Tex​t
​The size limit of a document is set to 3MB base64 encoded document or approximately 2,2 MB non-encoded.​




 

 

​