| In-band communication | Using the current channel. | A message is delivered through an already established and currently used HTTP communication channel. |
| Out-of-band (OOB) communication | Using a channel other than the main communication channel. | A message is delivered through push notification, instead of a currently used HTTP communication channel. |
| Out-of-band (OOB) authentication | Authentication done in an application separated from the application that requires the authentication, with no direct communication between the two. | A web application for banking is accessed from a browser on a laptop. The web application handles the banking-related business logic, but requires authentication by a distinguished Access App, which is installed on a mobile device. |
| In-band authentication | Authentication done within the same application that requires it. | A mobile banking application, which does not require the installation of another application to handle the authentication. All required functionality is built into one application. |
| Transaction confirmation | An operation in the FIDO protocol that allows a relying party to request that a FIDO Client displays some information to the user, and requires the user to authenticate locally to their FIDO Authenticator to confirm the information. This provides proof-of-possession of previously registered key material and an attestation of the confirmation back to the relying party. | A mobile banking application has among its capabilities bank transfers. If the amount of the transfer exceeds a threshold, the user must confirm the transaction after authenticating. In the confirmation message presented to the user, the amount of the transaction is included. When the user confirms the transaction, the contents of the message (and thus the amount) are proven by the FIDO server. |
| Access App | Dedicated native mobile app built to implement the FIDO UAF authentication, registration and deregistration capabilities. Optionally also implements transaction confirmation capabilities. | |
| Business App | A business application, that users interact with, to conduct business with Nevis customers. | |
| Relying Party | "A web site or other entity that uses a FIDO protocol to directly authenticate users (that is, performs peer-entity authentication)." → see FIDO Technical Glossary. | |
| FIDO | Fast Identity Online | |
| FIDO UAF Client | "A FIDO UAF Client implements the client side of the FIDO UAF protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary. | |
| FIDO UAF Server | "A FIDO UAF server implements the server side of the FIDO UAF protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary. | |
| FIDO UAF Protocol | "The FIDO UAF protocols carry FIDO UAF messages between user devices and Relying Parties." → see FIDO UAF Architectural Overview and FIDO Technical Glossary. | |
| FIDO Authenticator | "A FIDO Authenticator is responsible for user verification, and maintaining the cryptographic material required for the relying party authentication." → see FIDO Technical Glossary. | |
| FIDO UAF Authenticator | "A FIDO UAF Authenticator is a secure entity, connected to or housed within FIDO user devices, that can create key material associated to a Relying Party. The key can then be used to participate in FIDO UAF strong authentication protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary. | |
| UAF | "The FIDO Protocol and family of authenticators which enable a service to offer its users flexible and interoperable authentication. This protocol allows triggering the authentication before the server knows the user" → see FIDO Technical Glossary. | |
| Client TLS | A two way TLS connection where the client also needs a valid certificate. Also known as two way SSL. | |
| Dispatch Target | Client identifier used in out-of-band message. transmission. | A unique id identifying a physical mobile device of a user |
| Dispatch Channel | A means, by which the message is transmitted to the client. | Push (message), Link, E-Mail, ... |
| Dispatcher | The actual implemented component tasked with sending an out-of-band message. | The Firebase Cloud Messaging Dispatcher (bound to the 3rd party Firebase Cloud Messaging Service). |
| Channel Linking | Channel linking describes the concept, where a user is requested to visually confirm an out-of-band authentication. The user does so by comparing information shown in a web browser and in the authentication client application. The purpose of channel linking is to verify the current channel or operation, to prevent login attempts by a malicious second party, for example, another user. | During authentication, the browser shows the characters "6A". The same characters are shown in the mobile application, allowing the user to "link" these two channels. |