About this document

The purpose of this document is to provide the basics for implementing BankID at merchants. This is a practically oriented document which aims to be independent of BankID client and BankID server implementations. References to other documents are provided where necessary.

The detailed information about the server APIs are contained in separate interface descriptions ([IJSRV] [ICSRV]). These documents are vital when performing an actual BankID implementation.

For a more hands-on approach to implementing BankID, see [BIDG].

The specifications in this document may be updated in future releases to allow for extended services offered in BankID server and BankID client.

Organisation of this document

This document is originally written for the BankID Java Client and this client is no longer supported. Adaptions have been made to make the document suitable to cover BankID App and BankID on Mobile. Please note that only the legacy clients are described here.

Note: The Web-client, which was introduced as a part of the BankID 2.0-project, is described separately. See section 2.1.2 for details.

The document is organised as follows:

Section 2 presents the principal architecture of BankID and gives an overview of the SDK components.
Section 3 gives an overview of the task of implementing BankID at a merchant.
- Section 3.1 focuses on implementation of BankID App.
- Section 3.2 focuses on implementation of BankID on Mobile.
Section 4 discusses migration between test and production environments.
Section 5 troubleshooting.
Section 6 address some security issues that the merchant must consider.
Appendix A contains some key concepts for further understanding of BankID.
Appendix B contains an overview of services offered by the BankID server.

Target audience

The target audience of this document is the BankID project teams in banks, BankID partners, and technical personnel designing and coding the integration with BankID server.

Limitations

This document focuses primarily on how application developers should integrate the BankID server applications. It does not describe the process of applying for BankID certificates, key generation, test and activation of certificates and certificate suspending and revocation. Neither does it describe the overall BankID infrastructure. The server APIs are covered in separate documents.

Preconditions

It is important that the reader has an understanding of the basic functionality within BankID. The reader should have read and be familiar with the white paper [WP] before reading this document.

The technical background required by the reader should include C or Java programming, some knowledge of PKI and in particular the use of digital certificates and signatures. An understanding of common web technologies is beneficial.

Acronyms

Acronym	Description
BSK	Bankenes Standardiseringskontor
CA	Certification Authority
COI	Common Operational Infrastructure
DN	Distinguished Name
DNS	Domain Name System
HSM	Hardware Security Module
HAT	Hardware Activation Tool
MITM	Man-in-the-middle
MNO	Mobile Network Operator
NC	Netcentric Client /Banklagret Klient
OCSP	Online Certificate Status Protocol
OTP	One-Time Password
PKI	Public Key Infrastructure
SDK	Software Development Kit
SDO	Signed Data Object
SSL	Secure Sockets Layer
SSN	Social Security Number
TCP/IP	Transmission Control Protocol/Internet Protocol
TLS	Transport Layer Security
UDD	User Dialogue Description
URI	Uniform Resource Identifier
URL	Uniform Resource Locator
VA	Validation Authority
XML	Extensible Markup Language
XSL	Extensible Stylesheet Language
PAdES	PDF Advanced Electronic Signatures

Referenced documents

Document Type	Name	Reference
Interface	BankID Interface Description, C Server	[ICSRV]
Interface	BankID Interface Description, Java Server	[IJSRV]
White paper	BankID COI White paper	[WP]
BankID Tools	HAT User Guide	[HAT]
BankID Guides	BankID Quick Start Guides	[BIDG]
Implementation	BankID Implementation Guide Web-client	[IMPLW]
RFC-6960	https://tools.ietf.org/html/rfc6960	[rfc6960]

Kiev-Open (COI)

.Introduction vEspoo