First part of this page will explain changes needed to support Buypass ID in mobile in Norwegian. Further down the instructions are given in English.
Implementering av Buypass ID i mobil - norsk
I november 2016 lanserte vi Buypass ID i mobil sammen med Difi i ID-porten. Personer kan nå få tilgang til kvalifiserte sertifikater på høyeste sikkerhetsnivå via Buypass smartkort eller sin mobil.
...
Respons fra IPS
Ingen endringer.
Språk
Ingen endringer. Både norsk og engelsk språk. Vi antar at Brukerstedet bruker default språk basert på innstillinger på PC, så dersom Brukerstedet ikke gjør endringer, men angir som i dag, så kommer norsk eller engelsk automatisk om Brukerstedet ikke velger å styre dette selv eller tilby skifte mellom norsk/engelsk.
Logo og profil
Brukerstedene har implementert ulike måter å velge Buypass ID på lik linje med andre elektroniske IDer. Her er eksempel på godkjent bruk av grafiske elementer og begreper. Si fra om dere trenger oppdateringer av profilelementer.
Felles innlogging for både smartkort og mobil. Her vil IPS foreslå smartkort dersom smartkort detekteres i kortleser, ellers Buypass ID i mobil med det ID-instrumentet vedkommende har aktivert eller sist benyttet.
Angi alle tre InstrumentAttribute: ips:BPSC, ips:OTP1PKI, ips:CC2PKI
Splittet innlogging for smartkort og Buypass ID i mobil – eksempel fra ID-porten.
...
Ved spørsmål og koordinering send epost til kundeservice@buypass.no og merk dette med "Buypass ID i mobil og koordinering test".
Eksempelkode for IPS-requester
Dersom wips-requesten ikke angir noen spesifikke instrumenter, defaulter vi til smartkort.
Dersom requesten bare angir ID-instrumenter for Buypass ID i mobil, bruker vi ikke smartkort (selv om det står et kort i leseren) men går rett på FNR-dialogen. I dette tilfellet vises heller ikke linken «Bruk smartkort i stedet».
Dersom requesten angir både ID-instrumenter for Buypass ID i mobil og smartkort, bruker vi smartkortet dersom det står i leseren. I motsatt fall vises FNR-dialogen, men da med linken «Bruk smartkort i stedet».
Implementing of Buypass ID in mobile - English
In November 2016 we launched Buypass ID in mobile with Difi in "ID porten". Users can now access qualified certificates at the highest level of security through Buypass smart card or on their mobile.
Buypass ID in mobile is a solution where a person's Buypass ID is stored centrally at Buypass, and the user uses his mobile to access the ID. This centrally stored ID is based on the use of cryptographic keys and qualified certificates in accordance with the "eSignature loven". This ensures that this is an qualified ID on Level4, which is the highest security level in the same way as qualified certificates on Buypass smartcard. Read more on our website - here.
For companies already a Buypass Net Merchant who has implemented support for Buypass smartcard the IPS7 integration needs just a few changes in order to implement support for Buypass ID in mobile.
If you want to see a "live" authentication implementation, you can use the ID Porten by logging in to Altinn, NAV, Skatt or another public service using the ID Porten.
Merchant profile for existing IPS Merchants are already set up to start implementing and testing in our environment in TEST4. New Merchants will be set up with Buypass smartcards and mobile from start. Follow the instructions below.
What needs to be done?
IPS requester
For at dere skal kunne tilby en bruker å bruke Buypass ID i mobil, enten med Passord+OTP på SMS til registrert mobil eller bruk av Buypass ID-app, så gjøres dette på akkurat samme måte som for dagens smartkortløsning, men med følgende forskjeller/tillegg i IPS7-forespørselen:
In order to support Buypass ID in mobile, either with Password + OTP on SMS to registered mobile or using the Buypass ID APP, this should be implemented in the same way as today's smartcards, but with the following changes / extentions in the IPS7 request:
- ips:GUI as name in RequestAttribute where WIPSGUI2 or another GUI-type is used must be changed to WIPSGUI4
- ips:BPSC as name in InstrumentAttribute must be extended to all required instruments
GUI
If WIPSGUI2 is not explicitly stated in today's integration, it means that WIPSGUI2 is set up as the default GUI. In this case, this is an item that must be added to the request and not just changed.
Important to know is that the WipsGUI4 scales and thus supports mobile size scaling. You no longer need a hard-coded size on the IFRAME as you need to do for WIPSGUI2.
ID instrument
InstrumentAttribute works in the same way as RequestAttribute - if InstrumentAttribute is not explicitly specified in today's integration ips: BPSC is set as default instrument and is the default value used. In this case, this is also an item that must be added to the request and not just changed.
You can specify several instruments in one InstrumentAttribute:
- All three: ips:BPSC, ips:OTP1PKI, ips:CC2PKI
- Just two of them: For example ips:BPSC, ips:OTP1PKI or ips:OTP1PKI, ips:CC2PKI
If all ID instruments are specified, IPS7 will try to determine what is best for the user based on the elements in the request and which ID instruments the user actually has. We present the user for a suggestion before the person himself can make a choice.
- ips:BPSC = Buypass Smartcard
- ips:OTP1PKI = SSN + password + one time code (OTP) on SMS to the users registered mobile
- ips:CC2PKI = Mobile APP with PIN for logging in trough another "channel“ - typically on PC
- CC2 = 2CC = ”Two Channel Commit”
See sample code associated with different layouts on the InstrumentAttribute element at the end of this page.
NB! WIPSGUI4, OTP1PKI and CC2PKI must be configured in the merchant profile at Buypass. This is done at Buypass, but if something is missing you will have error code 31901 (E_METHOD_PERMISSION_DENIED). Please tell us if you have problems!
Library
If you have implemented signature in addition to identification, the Java or .NET library must be upgraded. If only identification is implemented, existing libraries can be used. You should always download the latest version.
The libraries are available here in the IPS7 integration web, but if you do not find the latest versions please tell, and we will send it by email.
- Java-WIRI-8.3.0
- WipsDotNet-1.5_170613
Respons from IPS
No changes.
Language
No changes - both Norwegian and English.
Logo and profile
Different merchants have implemented the way of choosing Buypass ID in different ways. Here you will find some examples of approved use of graphic elements and concepts. Please tell us if you need updates of profile items.
Shared login for both smartcard and mobile. Here, IPS will suggest smartcards if smartcard is detected in card reader, otherwise SSN and Buypass ID in mobile with the ID instrument the user has activated or last used.
Specify all three InstrumentAttribute: ips:BPSC, ips:OTP1PKI, ips:CC2PKI
Splittet innlogging for smartkort og Buypass ID i mobil – eksempel fra ID-porten.
Angi kun InstrumentAttribute: ips:BPSC på første og ips:OTP1PKI, ips:CC2PKI på andre
NB! ID-porten has configured two buttons to tell there are two choices, but the integration to IPS and Buypass is the same behind both. The user can choose Buypass ID on smartcard or in mobile independent of which button is chosen.
Testing
You will be able to test Buypass ID in mobile easily if you implement as specified above using our TEST4 environment and your one solution using Buypass ID on smartcard which already is tested in TEST4. Buypass ID on smartcard can generally be used for self-service functions which is used as parts of the customer flow through the acquisition of Buypass ID in mobile. Use of BankID or Digipost for authentication in Self-Service will be difficult, as Digipost does not offer a solution with test subjects, and the likelihood that you have test subjects associated with a test BankID account account is small.
For the purpose of testing, you need to access Buypass ID in mobile using Password ID (OTP1PKI = SSN + Password + One time code (OTP) on SMS to registered mobile). Our TEST APP Store for downloading our mobile APP is not available from outside. The use of PasswordID must be coordinated with Buypass to minimize the challenge for you. A coordination will also be required if you wish to retest the procurement process, because we need to reset data for a test person before you will be able to retest.
Do you already have your own test persons with smartcards which you want to reuse for Buypass ID in mobile, please send information about the names of the test subjects, SSN or possibly Buypass ID, and we will contribute with what is necessary for you to continue using the same test persons. In addition, we need to have a mobile phone number that you want to use for testing in order to define correctly in our database.
If you have questions or need to coordinate tests please send an email to kundeservice@buypass.no and mark it ".
...
Buypass ID in mobile and coordinating of test".
Exampel code for IPS-requests
Dersom wips-requesten ikke angir noen spesifikke instrumenter, defaulter vi til smartkort.
Dersom requesten bare angir SSID-instrumenter, bruker vi ikke smartkort (selv om det står et kort i leseren) men går rett på FNR-dialogen. I dette tilfellet vises heller ikke linken «Bruk smartkort i stedet».
If the WIPS-request does not specify any specific instruments, we will defaulter into smartcards.
If the request only specifies ID-instruments for Buypass ID in mobile, we do not use smartcards (even if there is a card in the reader) but is directed at the SSN-dialog. In this case, the "Do not use smart cards instead" link will also appear.
If the request specifies both ID-instruments for Buypass ID in mobile and smartcards, we use the smart-card if it is in the card reader. Otherwise, the SSN-dialog will appear, but then showing the "Use smart card instead" link.