# Swedish BankID

Swedish BankID is a personal and easy method of secure electronic identification and signing on the Internet.

Individuals who have a Swedish personnummer (Swedish national identification number) can obtain Swedish BankID through their bank. A BankID has the same value and is used the same way, regardless of the bank that issued it. BankID may be issued to persons over 18 years, but several banks also give BankID to persons under 18 years. As of 2020, Swedish BankID has 8.5 million users, including 98.7% of the Swedish population between 21 and 50 years old. You can refer to the Swedish BankID website (opens new window) for further information about user statistics.

# Demo

If you want to see how Swedish BankID works, you can use Signicat's demo service and demo credentials.

Sign up for demo credentials

# Method names in authentication URLs

When you want to redirect the end-user so they can authenticate, you have to include the name of the relevant method in the redirect URL. The tables below show which method names are available for Swedish BankID. For further information about the authentication URL, see the Authentication API.

# Authentication and digital onboarding

Method name Description
sbid Regular Swedish BankID
sbid-qr Swedish BankID with QR code scan

These methods can also be used for authentication-based signing.

# Third-party signing

Method name Description
sbid-sign Regular Swedish BankID signing
sbid-qr-sign Swedish BankID signing with QR code scan

# Digital onboarding

Swedish BankID can be used for digital onboarding of a user, through user identification. The ID method can be used as a standalone method or in combination with other services provided by Signicat to verify an identity, such as identity paper verification and lookups.

# Use case

In order to become a customer, you first have to register. During this digital onboarding process, you can choose to use Swedish BankID, among others, as an ID method to register as a user for the first time.

Note

If Swedish BankID is used for user onboarding, it is not allowed to issue alternative credentials (also known as ID switch). So if Swedish BankID is used for the initial user onboarding then Swedish BankID should also be used for all subsequent authentications.

# Screenshots

click-to-zoom

# Authentication

When the user has completed the digital onboarding process, Swedish BankID can be used for authentication by verifying an existing user’s identity. The getting started guides for authentication can be found here.

An authentication will result in a type of response that will depend on the type of authentication protocol used. See the Result section for an example.

# Use case

As a registered customer with a bank, you will be able to apply for a loan. To be able to log in to your bank, you have to authenticate to prove your identity. Swedish BankID can be used for authentication, the same way it can be used for registering as a new customer.

# Screenshot for desktop

click-to-zoom

# Screenshots for mobile

click-to-zoom

Alternatively, Signicat offers the ability to use the Mobilt BankID app to scan a QR code that is displayed on a different device (such as a desktop PC). This replaces the need for providing a personnummer and enhances the security of the authentication process, as both the user and the web browser that the code is scanned from need to be in the same place.

click-to-zoom

# Authentication result

This is an example of an OIDC flow when Swedish BankID is used for authentication:

Request

curl -XGET "https://preprod.signicat.com/oidc/userinfo" -H "Authorization: Bearer ACCESS_TOKEN"

Response

{ 
	"family_name": "Signicat", 
	"given_name": "John", 
	"locale": "SE", 
	"name": "John Signicat", 
	"signicat.national_id": "199010275312", 
	"sub": "KGMyh5FBCMTkEN934sOLyyBS0rPd4-up", 
	"subject.nameid.namequalifier": "BANKID-SE" 
}

The OIDC result will be the same regardless of whether it is Swedish BankID or Swedish Mobile BankID optimized for in-app that is used during authentication. See more about the in-app solution here.

# Electronic signing

For electronic signing of documents, Swedish BankID can be used in two ways; Authentication-based signing or third-party signing.

The first alternative, authentication-based signing, is Signicat's own signing solution and supports the use of any type of authentication method provided by Signicat. Swedish BankID as an authentication method is used for this alternative, where the authentication result is reused for signing. It will ensure a unified output format in accordance with EU specifications as well as a scalable, responsive signflow supporting all modern device standards and window sizes.

The second alternative, performing native signing with Swedish BankID as a third-party method, is Swedish BankID’s native signing support. It will not follow the same output formats and cannot be guaranteed to support responsive signflows nor necessarily support all of the same signing functionalities as the authentication-based alternative. Swedish BankID natively supports signing of text documents in the BankID säkerhetsprogram (BankID Security Application). The technical requirements are that your text document is UTF-8 (opens new window) encoded and doesn’t exceed 100 KB. Control characters such as TAB and CR LF are allowed. This file is a text document which is within the 100 KB limit.

The signing result will, regardless of the alternative chosen for signing, result in a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES, implemented as LTV-SDO). See the Result section for signing result examples.

For more information about getting started with electronic signing, the different signing methods and more, refer to the signing documentation.

# Use case

With Signicat Signature you can use Swedish BankID to sign (as well as view or upload) one or more documents, such as loan applications or contracts. Signing with authentication-based signing will allow you to sign all documents at once, while third-party signing will require you to sign the documents one at a time.

# Screenshots for desktop

The screenshot illustrates authentication-based signing and third-party signing when using Swedish BankID. In both flows, there are two documents for signing, ‘Letter of intent’ and ‘Contract details’, as well as one document for viewing only, ‘Information about Signicat’.

# Authentication-based signing

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Third-party signing

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Screenshots for mobile

The screenshot below illustrates the signature process for Mobile BankID.

click-to-zoom

Signing with Swedish BankID also supports the scanning of a QR code in order to perform the signature process. Contact support@signicat.com in order to have this functionality configured.

# Signing result

The signing result will produce a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES as LTV-SDOs).

# Authentication-based signing

An example of an LTV-SDO as a signing result, with authentication-based signing and Swedish BankID as the authentication method, can be found here.

An example of a PAdES as a signing result, with authentication-based signing and Swedish BankID as the authentication method, can be found here.

# Third-party signing

An example of an LTV-SDO as a signing result, with third-party signing and Swedish BankID as the authentication method, can be found here.

An example of a PAdES as a signing result, with third-party signing and Swedish BankID as the authentication method, can be found here.

# How to get started with Swedish BankID

In order for Signicat to set up a new solution with Swedish BankID, there are two pieces of information the customer must provide before Signicat can start the process:

  • A preferred BankID bank. If the customer does not have a preferred BankID bank, Signicat will select an issuing bank.
  • A display name for the BankID app.

The customer then signs an agreement with Signicat AS, which enables Signicat to have a Relying Party certificate (Förlitandepartcertifikat, or FP-certifikat) issued on behalf of the customer. Signicat is an official BankID broker, approved by Finansiell ID-Teknik in Sweden.

Signicat will then install the Relying Party certificate in the customer’s service. No further input is normally needed from the customer.

# Certificate information

# Relying Party Certificate

The Relying Party certificate (Förlitandepartcertifikat, or FP-certifikat) is used to identify a service provider offering BankID. It is intended to secure communication to and from said service provider. It does not store any personally identifiable information.

Important

The Replying Party certificates created by Signicat cannot be used outside of Signicat's solution, i.e. not in applications that do not use Signicat's cloud service. If a certificate without this limitation is desired, see our documentation on how to get started with Swedish BankID through an agreement with a BankID bank.

# BankID e-identity for private persons

Personal BankID certificates are usually accessed via an app on the end-user’s phone. In a few cases, they are stored on a smartcard or on a file on the end-user’s computer.

Several Swedish banks are capable of issuing BankID e-identities for private persons. Such identities roam across banks.

# Test information

Signicat offers 24/7/365 free access to the test environment at preprod.signicat.com.

# Certificates for test users

If you already have a certificate for production BankID, you can log in to https://demo.bankid.com and issue test certificates as explained below. This is also possible using an existing valid test certificate.

Prepare a name and personnummer (Swedish national identification number) for the test users you would like to create. The personnummer should be a valid combination of 12 digits. You can use www.personnummer.nu to create a valid personnummer for Sweden. See the next paragraph of how to obtain a Swedish personnummer . You will get a number in this format: YYMMDD-XXXX. You will have to change this to YYYYMMDDXXXX. If you do not have a Swedish BankID, you may order a code from https://demo.bankid.com/CreateCode.aspx and issue new test-users according to the ‘How to obtain the test user’ section.

If you do not have a personnummer, you may construct one for testing. This must be a properly formatted national ID including a control digit. For details, see www.personnummer.nu.

# How to obtain a personnummer (Swedish national identification number)

To get a Swedish personnummer you can go to www.personnummer.nu to generate one.

If you do not understand Swedish

  • Födelsedatum = Date of birth (ÅÅ-MM-DD) = (YY-MM-DD) as in year-month-day.
  • Kön = Sex
  • Kvinna = Woman
  • Man = Man
  • Generera = Generate
click-to-zoom

The highlighted field is the generated personnummer . To use it for the purpose of authenticating/signing you need to remove the hyphen and add a prefix. The prefix should be the two first numbers of the year the person was born. So if the person was born between 1900-1999 the prefix is 19, and if the person was born between 2000-2099 the prefix is 20.

The generated personnummer 800618-4629 would appear as 198006184629 without the hyphen and with the prefix.

# How to install the application

# How to install the application (Android)

  1. To install the Swedish Mobile BankID application for testing you first have to download it from this page: http://www.bankid.com/rp/info/
  2. Under the header "Test av BankID” choose the "Testversion BankID säkerhetsapp för Android” link and save the .apk file you get
  3. Send the .apk file to your smartphone by e-mail
  4. You have to allow the phone to install from unknown sources
  5. Click the .apk file in your e-mail and install the app
  6. When you open the app you need a Swedish personnummer for testing purposes and an activation code

The installation file can be found here: click-to-zoom

# How to install the application (iOS)

  1. Install BankID säkerhetsapp from the App Store.
  2. Go into Settings -> BankID -> Utvecklare (Developer) -> Server. Change this to businternal.test.bankid.com. This setting makes the security app communicate with the test environment instead of production, and it cannot be changed back. If you later need the production version, uninstall the app and install it again via the App Store.

# How to install the application (Windows Phone 8)

  1. Install the BankID säkerhetsapp from the Windows Phone Store
  2. Start the BankID Security App, select Settings / Developer / Server and enter "businternal.test.bankid.com"
  3. Save, exit the BankID Security App and launch again
  4. The BankID Security App will now connect to the test server

# How to install the application (Windows)

  1. Uninstall all previous versions of the BankID säkerhetsprogram. Reboot PC
  2. Download and install the latest version, available at https://install.bankid.com/
  3. Find the config folder at this location: %APPDATA%\Roaming\BankID\ (Find appdata by writing %appdata% in the adressbar)
click-to-zoom
  1. You will end up in the ‘Roaming’ folder. From there, continue to the BankID folder. Your adress path should look like the following now: C:\Users\Steffen(Your username)\AppData\Roaming\BankID. Here, you will find a folder named ‘Config’.
click-to-zoom
  1. Rename this to ‘Config.prod’ and create a new folder named ‘Config’.
click-to-zoom
  1. Open the ‘Config’ folder you created. Create a new .txt file and name it CavaServerSelector.txt.
click-to-zoom
  1. Open it in Notepad, write "kundtest” and save.
click-to-zoom
  1. Restart the PC.

# How to obtain the test user

Go to https://demo.bankid.com/ and log in using your preferred option.

https://www.bankid.com/rp/info also contains links and information about Swedish BankID and how to obtain test users.

There are four options

  1. Logga in med test-BankID” = Log in with a test BankID.
    You can either log in with a test user on the computer or with a test user using the mobile application you installed (that is, if you already have a test user in the app/ computer).
  2. "Logga in med produktions-BankID” = Log in with a production BankID.
    If you have a Swedish BankID you can log in with your production BankID on the computer or in the production app (if you have set up the app for your BankID).
  3. "Logga in med personligkod” = Log in with a personal code.
    If you do not have a personal code, you can choose to generate a new code.
  4. "Logga in med BankID på fil eller kort – Plugin” = Log in with a BankID on file or card – Plugin
    Here you would have been able to use the old solution with plug-ins in the browser that were phased out during 2014. This is the option you would have chosen if you had BankID Security 5.0.2 or older.
click-to-zoom
  1. After logging in you will be presented with this page. Choose "Hämta BankID för test”:
click-to-zoom
  1. On this page, you can choose to download Mobile BankID (left) or desktop BankID (right). Fill in the form with the personnummer as well as first and last name and click "Hämta”.
click-to-zoom

# Mobile client

If you choose Mobile BankID, you will get an activation code such as the following (you must disable any popup blockers). This code is valid for 10 minutes.

Open the BankID app on your phone, enter the personnummer and activation code. In the next window, you create a PIN code with at least 6 digits. The last two images below show the end of the activation process and the phone settings indicating that Swedish BankID is ready for use.

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# Desktop client

If you choose BankID on file, you will be presented with a new window (you must disable any popup blockers). Press "Open BankID issuing” to get started and download the client, install it, and choose your password. After you have downloaded and installed the app you will be asked to choose a password for your BankID. You have to remember this PIN code for use later when you test authentication/ signing. The app will not allow you to choose a simple code like 111111 or 123456, so it is recommended to use date of birth, e.g. 180680.

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

# If you have an ordinary or test BankID, you may follow these steps:

  1. Access https://demo.bankid.com/nyademobanken.
  2. Log in with your BankID and select "Hämta BankID för test”.
  3. You will receive an activation code which you may use in the BankID säkerhetsapp.
  4. Select your security code for Mobile BankID, minimum 6 digits.

If you don’t have a Swedish BankID, you may follow this manual procedure:

  1. Send an email to teknikinfo@bankid.com (Financiell ID-Teknik) and describe where you work, the purpose of your development, and phone numbers
  2. They will contact you and initiate creation of a test BankID. During this process you have to specify some data into the BankID säkerhetsapp. They will verify that the newly issued BankID working.
  3. If you do not have a personnummer, you may construct one for test. This must be a properly formatted national ID including control digit. See: www.personnummer.nu.

# Mobilt BankID

Mobilt BankID is a personal electronic identification for cell phones and tablets. It may be used from a mobile device in the same way as BankID on card or file can be used from a PC. Mobilt BankID supports authentication and digital signature with Swedish BankID. It depends neither on a special SIM card, nor on a specific telecom company. It is even possible to have Mobilt BankID without a subscription in a Swedish telecom company, but it can only be ordered by persons with a personnummer. Mobilt BankID may be used from Android and iOS based phones and tablets (provided they have Internet access).

Today, three Swedish banks are issures of Mobilt BankID:

  • Swedbank
  • Skandiabanken
  • Länsförsäkringar Bank

Several other banks plan to follow these three banks.

# Getting started

# For merchants

Existing customers of Signicat may contact support@signicat.com to find out what needs to be done to get up and running with Mobilt BankID.

For other customers the establishment process is identical with ordinary Swedish BankID. See a detailed description under certificates.

  1. You will need a merchant agreement with your bank.
  2. The bank performs a "Köpargenomgång” of your company.

After the agreements are signed and "Köpargenomgång” is performed, the bank will issue a merchant certificate for the test and production environment.

# For end-users

End-users must install the BankID säkerhetsapp on their mobile device.

  • For Android users, the BankID säkerhetsapp may be installed from Google Play.
  • For iOS users, the BankID säkerhetsapp may be installed from AppStore.

# How to integrate authentication with Swedish BankID from headless systems

In May 2014, Signicat released a version of Swedish Mobile BankID optimized for in-app usage. If you want to send headless authentication requests (typically from a backend or app to backend system) via Signicat, we recommend using our OpenID Connect (OIDC) API as a mediator. Refer to our documentation on headless authentication for further details.

# Description of the Android App

The Signicat Swedish Mobile BankID Android App (referred to as the app or android app for the rest of this document) is a native Android app that demonstrates using Swedish Mobile BankID for authentication from a native app. It uses Signicat services and demonstrates a simple authentication scenario where the user enters their personnummer, continues the process in the BankID app and finally returns to the app for completion.

If you are building your own browserless native app and want to utilize mobile text-only signing, or Consent signature, via Signicat, you can do this using our OpenID Connect (OIDC) API as a mediator. Refer to our documentation on Consent signature for detailed information on how to integrate Consent signature.

# Detecting if the end-user has the BankID app installed

# From a native app

If you are writing a native app where you utilize Signicat services for your authentication or signature needs, then you will be able to detect if the end-user has installed the BankID app necessary to complete the transaction.

# Detecting on iOS

BOOL installed = [[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"bankid://"]];

Refer to Apple Developer Center for more information on canOpenUrl.

# Detecting on Android

private boolean isSwedishMobiltBankIdInstalled(Context context) {
    PackageManager pm = context.getPackageManager();
    try {
        pm.getPackageInfo("com.bankid.bus", GET_ACTIVITIES);
        return true;
    } catch (NameNotFoundException e) {
        return false;
    }
}

Refer to Android Developer Center for more information about the PackageManager.

# From a web page on a mobile device

It is not possible to detect if the end-user has the BankID app installed from a web page on a mobile device. Otherwise, it would be possible for any web page to scan users’ phones and tablets for which apps are installed, perhaps to target an attack against the user.

The good news is that you do not have to do anything about this because Signicat already does its best depending on the platform.

  • For iOS, an attempt is made to launch the app from javascript. If nothing seems to happen, a message is displayed saying that it appears that the app could not be launched, along with a link to the app store.
  • For Android, a message is immediately presented to the user saying that the app is required to complete the process (along with a link to the app store). Two buttons are presented, one to launch the app and one to cancel. If the user chooses to launch the app even though it is not installed, nothing happens. Presumably, the end-user realizes the mistake and either proceeds to download the app, or simply cancels.

# Swedish BankID support

Support email Website homepage
teknikinfo@bankid.com www.bankid.com

# Other sources

Last updated: 3/17/2021, 8:19:29 AM