Communication channels
The Nevis Mobile Authentication solution makes use of two communication channel types called the out-of-band and the in-band channel.
The following figure shows the basic concept, for both the in-band and out-of-band communication mode:
Out-of-band communication is the opposite of in-band communication, where all messages are transferred through the same channel.
In-band or in-app
Use cases using the in-band channel only involve the Nevis Mobile Authentication SDK and the Nevis Mobile Authentication backend. These use cases are the easiest ones to implement, since the systems involved in the communication flows are kept to a minimum.
Out-of-band
Out-of-band use cases use channels other than the main communication channel for sending messages. This makes it possible to authenticate on a separate device by delivering messages through separate channels. For example, this allows users to authenticate on their mobile devices while accessing the business application from their laptop. The supported out-of-band channels are push notifications, links and QR codes.
- For additional conceptual information regarding out-of-band message transmission, see the Out of Band Message Transmission chapter in the nevisFIDO documentation.
- For additional information regarding push notification handling, see the Dispatch Target Management chapter in the nevisFIDO documentation.
Using push notifications
One of the ways of delivering messages from the Nevis Mobile Authentication backend to the mobile application is to use the push notification channel. All out-of-band use cases can use this channel to involve the mobile application in any FIDO operation that is triggered from outside the mobile application.
The Nevis Mobile Authentication SDK provides an API which is responsible for registering, updating and deregistering push notification capabilities with the Nevis Mobile Authentication backend. Any interaction with the push notification provider is managed separately by the mobile application. Typically, a dedicated SDK is used to ease integration with the provider.
For a detailed description of the push notification use case, see Push notifications in out-of-band scenarios.
The supported push notification provider is Firebase Cloud Messaging. For additional client-relevant documentation regarding the integration of FCM into a mobile client application, see the Firebase official documentation.
Using QR codes
Out-of-band registration and authentication involves a QR code generated by the Nevis Mobile Authentication backend. The QR code is then scanned by the mobile application and forwarded to the Nevis Mobile Authentication SDK. From here on, the SDK can complete the containing operation with the backend.
Using links
Out-of-band operations using links enable mobile-only scenarios. The user clicks a link in the mobile browser or a separate mobile application, which then opens the mobile application using the Nevis Mobile Authentication SDK. Similarly to the QR code, the SDK is able to process the payload presented as part of the link.
Channel types and actors
The following figure shows both channel types and the actors involved:
Use cases using the in-band channel only involve the Nevis Mobile Authentication SDK and the Nevis Mobile Authentication backend.
- The mobile client contacts the backend.
- The backend sends the response back to the client.
Use cases using the out-of-band channel involve additional actors. For example a laptop accessing a protected business application and a push notification provider. In these scenarios, several other systems already communicated between each other before the SDK and the backend initiate their first interaction.
- A user agent or third party actor contacts the backend.
- The backend issues an out-of-band message (through QR code or push notification).
- The mobile client obtains the message.
- The mobile client contacts the backend using information provided in the out-of-band message.
- The backend sends the response back to the client.