The mobile authentication specified by the FIDO Alliance is based on the central concept of the private key stored by the authenticator. Since the authenticators provided by Nevis Mobile Authentication solution are software-based and used on a mobile device, several constraints must be considered. Protection of the private key is crucial to guarantee that the user who is authenticating, is the person they say they are. The concepts in the subchapters describe how they contribute to key protection.
- Secure Storage stores the private key securely, and guarantees that the key never leaves the hardware.
- User verification and user enrollment allow a user to correctly use the authenticators that manage the interaction of the user with the private key.
- The device lock screen is a prerequisite for storing and using the private key securely. If a user fails to authenticate too many times with a biometric authenticator, they are locked, and the private key cannot be accessed until the authenticator is unlocked. The Locked biometric authenticator chapter gives more details on the lock strategy and how to unlock the authenticator.
Apart from this, security considerations also explain the impact of the considerations on the protection of the key.