Skip to main content
Version: 3.6.x.x RR


Client SDK

Secure EnclaveThe Secure Enclave is a coprocessor fabricated within the system on chip (SoC). It uses encrypted memory and includes a hardware random number generator. The Secure Enclave provides all the cryptographic operations for Data Protection key management and maintains the integrity of Data Protection, even if the kernel is compromised.All iPhones using the A7 processor or newer contain the Secure Enclave
TPMThe Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.Most newer generation Android devices contain TPM chips to securely store data.

General Nevis Mobile Authentication

In-band communicationUsing the current channel.A message is delivered through an already established and currently used HTTP communication channel.
Out-of-band (OOB) communicationUsing a channel other than the main communication channel.A message is delivered through push notification, instead of a currently used HTTP communication channel.
Out-of-band (OOB) authenticationAuthentication done in an application separated from the application that requires the authentication, with no direct communication between the two.A web application for banking is accessed from a browser on a laptop. The web application handles the banking-related business logic, but requires authentication by a distinguished Access App, which is installed on a mobile device.
In-band authenticationAuthentication done within the same application that requires it.A mobile banking application, which does not require the installation of another application to handle the authentication. All required functionality is built into one application.
Transaction confirmationAn operation in the FIDO protocol that allows a relying party to request that a FIDO Client displays some information to the user, and requires the user to authenticate locally to their FIDO Authenticator to confirm the information. This provides proof-of-possession of previously registered key material and an attestation of the confirmation back to the relying party.A mobile banking application has among its capabilities bank transfers. If the amount of the transfer exceeds a threshold, the user must confirm the transaction after authenticating. In the confirmation message presented to the user, the amount of the transaction is included. When the user confirms the transaction, the contents of the message (and thus the amount) are proven by the FIDO server.
Access AppDedicated native mobile app built to implement the FIDO UAF authentication, registration and deregistration capabilities. Optionally also implements transaction confirmation capabilities.
Business AppA business application, that users interact with, to conduct business with Nevis customers.
Relying Party"A web site or other entity that uses a FIDO protocol to directly authenticate users (that is, performs peer-entity authentication)." → see FIDO Technical Glossary.
FIDOFast Identity Online
FIDO UAF Client"A FIDO UAF Client implements the client side of the FIDO UAF protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary.
FIDO UAF Server"A FIDO UAF server implements the server side of the FIDO UAF protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary.
FIDO UAF Protocol"The FIDO UAF protocols carry FIDO UAF messages between user devices and Relying Parties." → see FIDO UAF Architectural Overview and FIDO Technical Glossary.
FIDO Authenticator"A FIDO Authenticator is responsible for user verification, and maintaining the cryptographic material required for the relying party authentication." → see FIDO Technical Glossary.
FIDO UAF Authenticator"A FIDO UAF Authenticator is a secure entity, connected to or housed within FIDO user devices, that can create key material associated to a Relying Party. The key can then be used to participate in FIDO UAF strong authentication protocols." → see FIDO UAF Architectural Overview and FIDO Technical Glossary.
UAF"The FIDO Protocol and family of authenticators which enable a service to offer its users flexible and interoperable authentication. This protocol allows triggering the authentication before the server knows the user" → see FIDO Technical Glossary.
Client TLSA two way TLS connection where the client also needs a valid certificate. Also known as two way SSL.
Dispatch TargetClient identifier used in out-of-band message. transmission.A unique id identifying a physical mobile device of a user
Dispatch ChannelA means, by which the message is transmitted to the client.Push (message), Link, E-Mail, ...
DispatcherThe actual implemented component tasked with sending an out-of-band message.The Firebase Cloud Messaging Dispatcher (bound to the 3rd party Firebase Cloud Messaging Service).
Channel LinkingChannel linking describes the concept, where a user is requested to visually confirm an out-of-band authentication. The user does so by comparing information shown in a web browser and in the authentication client application. The purpose of channel linking is to verify the current channel or operation, to prevent login attempts by a malicious second party, for example, another user.During authentication, the browser shows the characters "6A". The same characters are shown in the mobile application, allowing the user to "link" these two channels.