- Installing BankID Security Application in corporate environments
- Install package
- Installing, updating and uninstalling
- Automatic version control
- Communication between BankID Security Application and the BankID server
- Proxy settings
- Managing installed versions
- Card readers
- Windows Terminal Server, roaming profiles
Automatic version control
It is important not to use versions of the BankID Security Application that are no longer considered to be functional or reliable from a security point of view. It is necessary that the progam is verified on a
regular basis so it can be updated when required.
To verify the installation, an automatic version control regularly checks the software version against an Internet based Version Control Server (VKS). The response states whether the installed version is accepted or blocked.
If the queries are consistently blocked, the program will obtain the blocked status within approximately one month. Further attempts to use the program will lead to a dialog stating that the program needs to be updated.
If an installation of BankID Security Application cannot make version control queries, it will
act as though it is blocked. There is no need for the user to get a new BankID on file. It is only the program that is blocked, not the user's BankID.
Standard variant
A program version can be accepted, in phase-out, or blocked. When a version is being phased out, the user is informed that a more recent version is available. Normally, the BankID program will download and start installing the new version, but in some conditions it will suggest the user to manually update. If the user follows the suggestion, the web browser will open https://install.bankid.com. From that website the user can download and install the latest version.
Both variants
Under certain circumstances a specific version of the progam may need to be blocked, for example for security-related reasons. An installation obtains the blocked status if it receives information that it is blocked from the VKS, or if it is consistently prevented from performing version control.
A blocked version displays a dialog stating that the program needs to be updated, and transaction traffic to the BankID server is rejected.
Technical description
The program makes the first version control request in conjunction with installation. After this the request is normally made every 14 days, provided that the program is running. If a request should have been issued while the program wasn’t running, the request is issued as soon as the program starts.
Standard variant
If the version control shows that a newer version is available and the user responds "remind me later" to the updating offer, the next version control request will be made the following day.
If the answer is that the BankID program should automatically download and update, the program will initiate file download (silently) via https from install.bankid.com. When the file is downloaded, the BankID program will display a message that update will take place. When the user confirms the dialogue, update starts. The user can continue using BankID as soon as the update is finished. If the download or the installation fails, the program will retry five times, with a few hours between each try. If the update still fails, the BankID program will display the dialogue that suggests the user to manually update the BankID program.
Both variants
BankID Security Application starts automatically when called up, for example in connection with identification with BankID or when the user starts the program manually. If a version control request is due at an automatic program start, the BankID program awaits the response from the version control, before the requested action is performed.
Content of version control request
A version control request consists of one or two HTTPS requests on port 443 to a version control server (VKS) on the internet, vks.bankid.com (IP address 141.226.253.92). Both the request and the response consist of XML structures as shown in the examples below.
Exemple of request
Accept:[*/*]
Accept-Encoding:[gzip, deflate, br]
Accept-Language:[sv-se]
Content-Length:[220]
Content-Type:[ application/xml; charset=utf-8]
User-Agent:[BankIDSecurityProgram]
<?xml version="1.0">
<autoUpdateRequest>
[REQUESTCONTENT]
</autoUpdateRequest>In the above example the following variables have been used: [REQUESTCONTENT].
This content comprises a number of XML elements, for example <requestVersion> och <versionString>, or other XML elements and/or Base64 encoded data.
Exemple of response
Cache-Control => [no-cache, no-store, no-transform, mustrevalidate, private, max-age=0]
Expires => [Thu, 01 Jan 1970 01:00:00 CET]
Pragma => [no-cache]
X-Accel-Expires => [0]
Date => [Fri, 05 Jun 2020 12:35:04 GMT]
Content-Length => [216]
Content-Type => [application/xml; charset=utf-8]
<?xml version="1.0" encoding="utf-8"?>
<autoUpdateResponse>
[RESPONSECONTENT]
</autoUpdateResponse>In the above example the following variables have been used: [RESPONSECONTENT].
This content comprises a number of XML elements and/or Base64 encoded data. Note that the content of the HTTP header may vary in the example above.
Stadard variant
The response to the version control request can make the BankID program initiate downloading of an installation file of type EXE via HTTPS for updating the BankID program. Before the update is installed, an informative dialogue is displayed to the user.
In some circumstances, updating could be performed also when the user is not logged on as administrator.