Introduction

The Nevis Mobile Authentication Client SDK is a software development kit to develop native mobile applications, that are capable of carrying out FIDO UAF 1.1-based authentication in combination with a Nevis Mobile Authentication backend. The Nevis Mobile Authentication Client SDK is part of the Nevis Mobile Authentication solution, and it is designed to offer maximum flexibility. You can embed the Nevis Mobile Authentication Client SDK into existing native iOS and Android mobile applications to enhance them with Nevis Mobile Authentication capabilities, or use the SDK in a new mobile application written from scratch.

The Nevis Mobile Authentication solution enables secure and seamless authentication, by letting users verify their identity through their mobile device. The following figure shows the placement of the Nevis Mobile Authentication Client SDK within the Nevis Mobile Authentication solution:

Overview

• Technical architecture provides you with a high-level overview of how the SDK is structured.
• Communication channels explains how your app can communicate with the backend using different means, such as directly through HTTP or indirectly through push notifications, QR codes or links.
• Authenticators gives you an overview of all the available platform authentication methods as well as their benefits and drawbacks.
• The Operation section gives you an overview of the FIDO UAF operations supported by the SDK, from the perspective of the app. The chapters explain the sequence for registration, authentication, transaction confirmation and deregistration.
• Push notifications chapter explains the nuances involved in handling push messages.
• HTTP API authentication explains how you can access Nevis protected HTTP API endpoints when using the SDK to perform the authentication.
• Key protection is a chapter going into detail of how the SDK ensures with different means that the private key material of the authenticators is protected from malicious access.
• Security considerations covers all security related aspects of the SDK to keep your users and their credentials safe.

FIDO UAF 1.1

To provide a secure, yet user-friendly authentication, the Nevis Mobile Authentication Client SDK implements the FIDO UAF 1.1 protocol specified by the FIDO Alliance. This includes the following FIDO UAF elements:

• FIDO UAF 1.1 Client
• FIDO UAF 1.1 ASM (Authenticator Specific Module)
• FIDO UAF 1.1 Authenticators

On top of the FIDO UAF 1.1 functionalities, the Nevis Mobile Authentication Client SDK provides additional functionality to support use cases such as second channel authentication through push notifications or QR codes.

The Nevis Mobile Authentication Client SDK is a proprietary implementation designed to integrate easily with the Nevis Mobile Authentication backend, whereas the FIDO UAF Client, ASM, and FIDO UAF Authenticators are the FIDO layers defined by the FIDO Alliance in the FIDO UAF 1.1 specification.

info

For further reading for general information on the Nevis Mobile Authentication solution, the FIDO UAF protocol, and underlying concepts, see Mobile authentication concepts in the nevisFIDO documentation.

Purpose of the SDK

The purpose of the Nevis Mobile Authentication Client SDK is to simplify the life of the developer, by abstracting away all complex FIDO UAF core implementations and related flows that interact with the Nevis Mobile Authentication backend. When embedding the SDK into your existing mobile applications, you only have to focus on the client side. There is no need to worry about the complex interactions between the FIDO UAF core implementations, and the Nevis Mobile Authentication backend.

Basic concept

The Nevis Mobile Authentication Client SDK enables secure and seamless mobile authentication, in combination with the FIDO UAF 1.1 protocol and the Nevis Mobile Authentication backend. Together, they provide the following core mobile authentication use cases:

• Registration (of the user/device)
• Authentication (of the user/device)
• Transaction Confirmation (of transactions carried out by the user/device)
• Deregistration (of the user/device)

On top of these FIDO-based operations, the Nevis Mobile Authentication solution supports use cases, where the user accesses an application on his laptop, but authenticates on his mobile device. This so-called out-of-band procedure makes use of push notifications, links or QR codes. It is a Nevis proprietary implementation.