Technical architecture
The Nevis Mobile Authentication Client SDK is composed of four main layers:
- The Nevis Mobile Authentication Client
- The FIDO UAF Client
- The Authenticator Specific Module (ASM)
- The FIDO UAF Authenticators
The Nevis Mobile Authentication Client is a proprietary implementation designed to integrate easily with the Nevis Mobile Authentication Backend, whereas the FIDO UAF Client, the ASM and FIDO UAF Authenticator are FIDO layers and fully specified by the FIDO Alliance.
The following figure shows the main layers of the Nevis Mobile Authentication Client SDK:
Nevis Mobile Authentication Client
The Nevis Mobile Authentication Client is the entry point to the Mobile Authentication SDK. It provides the publicly accessible APIs that can be consumed by the mobile application to perform FIDO and proprietary operations.
The mobile application interacts only with the Nevis Mobile Authentication Client and not directly with the other SDK layers. Also, the SDK does not offer any UI elements. Any interaction with the user required by the SDK is delegated to the application or to the mobile device operating system.
The following figure provides a high-level architectural overview. The next sections describe the function of each individual building block.
Out-of-Band Operations
The out-of-band operations exposed by the manager are registration, authentication, and transaction confirmation.
In-Band Operations
The in-band operations exposed by the manager are authentication, transaction confirmation and deregistration.
Network Layer
The SDK has its own networking component. The reasons behind it are the fine-grained control of the networking layer without relying on the networking component of the mobile application.
Crypto
The Crypto component encloses the necessary cryptographic functionalities to encrypt, decrypt, sign and hash data that is used internally by the SDK.
Secure Crypto Storage
The Nevis Mobile Authentication SDK uses the Secure Storage component to protect sensitive data. On Android, the component (that is, Shared Preferences) is a complete component part of the Nevis Mobile Authentication SDK. On iOS, the counterpart is used (that is, Keychain), which is not part of the SDK. This secure storage component is mainly used by the Application PIN Authenticator to store the PIN.
User Interaction Callback System
The User Interaction component is involved in out-of-band and in-band operations and manages interactions between the SDK and the mobile application that require user interaction, for example, authenticator selection, user enrolment, or user verification. While some interactions (like access to the fingerprint capabilities of the device) are triggered using the device system API, others need a custom implementation. In those cases, the SDK delegates the screen presentation and user interaction handling to the mobile application. These interactions are asynchronous and the trigger always comes from the SDK.
- For more information on communication channels, see Communication Channels.
- For more information on secure storage, see Secure Storage.
FIDO UAF Layers
The FIDO UAF layers of the Nevis Mobile Authentication Client SDK have the following functions:
FIDO UAF Client
The FIDO UAF Client is responsible for accepting the FIDO requests generated by the Nevis Mobile Authentication Client and for transferring them further down to the ASM layer. It also informs the Mobile Authentication Client of any message coming from the ASM.
Authenticator Specific Module (ASM)
The Authenticator Specific Module is the interface responsible for the communication between FIDO UAF Authenticator and FIDO UAF Client.
FIDO UAF Authenticator
A FIDO UAF Authenticator provides the means to protect and access the FIDO-specific cryptographic material in a secure way to provide user verification. The Nevis Mobile Authentication SDK provides several authenticators that are implemented in the software: biometric authenticators (biometric and fingerprint in Android, touch ID and face ID in iOS), device passcode authenticator and an application PIN Authenticator.
For more information on FIDO UAF authenticators, see FIDO UAF Authenticators.