In general, an eID (electronic ID) is a mechanism with which users can perform online authentication towards public services, banks and other institutions supporting such mechanisms. An eID is issued by a so-called trust service provider such as public authorities or banks, which give a level of guarantee of the physical identification performed by the user and the security mechanism backing the eID.
An eID is usually created by performing a physical one-time identification of the user at an official office (public institution, post office or bank), where the user is physically identified with a passport, and data from the passport (such as name, date of birth, social security number and potentially biometrics) are stored and made available to users digitally through the eID mechanism, so that they can be presented and proven to other services/service providers in a secure and easy way.
In addition to online authentication, many (but not necessarily all) eIDs also support the possibility to digitally sign documents, texts and other formats (for PKI based eID mechanisms). BankID in Norway and Sweden for instance, supports both authentication and signing capabilities.
Often (but not always) the technology used in an eID is PKI-based (Public Key Infrastructure), meaning that the user is issued a digital certificate, keys and security modules by the trust service provider when the eID instance is created for the user. BankID in Norway is an example of a PKI-based eID mechanism, that links the data from the physical passport to the digital identity.
Norwegian BankID is a centralized electronic identification and signature infrastructure and technology, owned by all Norwegian banks through the Norwegian BankID cooperation entity BankID Norge AS. BankID Norge AS is responsible for developing and operating the central trust infrastructure in BankID.
Swedish BankID is similar to the Norwegian one. Swedish BankID is the leading eID in Sweden, and has been developed by a number of large banks for use by members of the public, authorities and companies. Swedish BankID has 7,5 million active users. Many services are provided where citizens can use their BankID for digital identification as well as signing transactions and documents.
BankID is used by all Swedish and Norwegian banks and is the de-facto standard to log in to Internet banks, mobile apps etc., and to sign documents. BankID is used by the public authorities as a login mechanism for all public services, and BankID is also used as the preferred method for electronic ID and signatures in a wide range of areas in the private sector.
BankID is certified at the highest public authentication and non-repudiation level for electronic IDs in Norway (level 4), and is notified on the Norwegian eIDAS trust list (pending official notification in EU from Norwegian authorities when eIDAS is implemented in Norwegian legislation).
The verified ID data that are included in BankID are: full official name, date of birth, social security number and a unique BankID identifier mapping 1-1 with social security number (BankID PID).
Advanced Electronic Signature: An advanced electronic signature is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the internal market
AES: Advanced Encryption Standard - a specification for the encryptionestablished of electronic data National Institute of Standards and Technology by the U.S. (NIST) in 2001
API: Application Programming Interface – an interface for making programmatic integration between different digital services
Auth: Digital authentication. The process of verifying someone's identity digitally.
BankID: A level 4 / qualified electronic ID (eID) issued by banks in Norway, can be used for both identification and signatures
Certificate: an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet
EDI: Electronic Data Interface – an interface for exchanging data digitally
eID: Electronic ID to be used for either identifying a person or performing a digital signature
eIDAS: The Regulation (EU) N910/2014 on electronic identification and trust services for electronic transactions in the internal market
ETSI: European Telecommunications Standards Institute
HSM: Hardware Security Module
HTTP: Hypertext Transfer Protocol, an application protocol for distributed, collaborative, and hypermedia information systems.
OAuth: An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OpenID Connect: OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an industry standard authorization framework. The standard is controlled by the OpenID Foundation, and is widely accepted and used by big players like Google and Facebook.
OTP: One-time password, a password that is valid for only one login session or transaction
PAdES: PDF Advanced Electronic Signature. A set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for Advanced Electronic Signature. This is published by ETSI as TS 102 778.
PDF: Portable Document Format. A file format used to present documents in a manner independent of application software, hardware, and operating systems.
PID: A unique personal identifier used in the BankID framework (not considered as sensitive data)
PKI: Public Key Infrastructure - a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email
Qualified Electronic Signature: A qualified electronic signature is an electronic signature that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market, and which in practice is performed using a qualified certificate
REST: Representational state transfer. A web service for providing interoperability between computer systems on the Internet
SDO: Signed Data Object. A standard file format for the electronic signatures produced by BankID, designed to act as a self-contained validation of electronic signatures.
Seal: Electronic Seal is designed to ensure the integrity and authenticity of documents sealed with it. A seal certificate contains information, which defines what exactly does “the authenticity” of the document imply.
Sign: Digital signature. The process of signing a document digitally.
SDK: Software Development Kit (or devkit). A set of software development tools that allows the creation of applications for a certain software package
SSO: Single-Sign-On – a mechanism to federate access across different websites and services
Token: An object (in software or in hardware) which represents the right to perform some operation (i.e. access token, security token, session token, etc.)
TLS: Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communications security over a computer network.
TSA: Time Stamp Authiority
URL: Uniform Resource Locator. Commonly known as a «link».
XML: Extensible Markup Language. This a standard machine-readable format used widely within banking and finance