Signing with BankID on mobile

Idfy has developed a solution for signing with BankID on mobile

Published: 10.08.2018

Signing documents using eID-mechanisms such as BankID is a great way to digitize and streamline business processes. Another great advantage of signing with eID, is the strong link between the document and the identity of the signer, because a secure identification is implicitly done when the document is signed. 


How BankID works

BankID is today primarily used as an authentication method to log in to different web applications such as online banking, government services, etc. As a rule of thumb, a secure authentication process should involve at least two so-called “factors”, meaning that a user is granted access only after successfully presenting two or more pieces of evidence (two-factor authentication, or 2FA). There are three common factors used for authentication: something you know (such as a password or PIN), something you have (such as a smart card) and something you are (such as a fingerprint or other biometric method). Both authentication and signing with eID requires the use two such factors.

The Norwegian BankID infrastructure has to separate mechanisms for authentication, netcentric BankID and BankID on mobile. Netcentric BankID utilizes a one-time-password generated from a hardware token (commonly known as “kodebrikke” in Norwegian) as the “have factor” and a password as the “know factor”. With BankID on mobile, the have factor is the mobile phone (or actually the SIM-card), and the know factor is a four digit PIN. 

The challenge

Today, if you are required to sign a PDF document with BankID, an active regular (netcentric) BankID is required. BankID on mobile does not support native signing of PDF-documents, only short texts. This is a problem, because many people are only using BankID on mobile and have thrown away their hardware token and/or forgotten their password for netcentric BankID. The netcentric BankID might also have expired if they have stopped using it for a long period of time. This is more common than one might think, because most people feel BankID on mobile is more user friendly and they don’t want to carry the hardware token around with them.

A typical hardware token used for netcentric BankID

Our solution

In order to solve this problem, Idfy has developed a solution where we present the document for the signer in our own responsive document viewer. The signer then signes a hash that is uniquely linked to the document presented. This hash is signed using the native signing capability of BankID on mobile. This way, the signer only has to have a working BankID on mobile, and only has to input phone number, date of birth and their four digit PIN. This makes it incredibly simple to sign a document, and the signature conversion rate improves significantly.

How to sign with BankID on mobile in three easy steps. Note that signature method choice can be customized to appear after the document viewer, if this is preferable.