Nevis Access App
Getting Started
- The release notes keeps you up to date on the latest Access App changes and new features.
- The ordering guide helps you when ordering your first Access App.
- The troubleshooting provides information on frequently encountered issues and their solution.
- The Appendix section contains useful information, such as publication preparation for Android and iOS.
Feature Overview
The Nevis Access App is a standardized Access App. It is possible to create customer-branded instances of the Nevis Access App. The Nevis Access App offers the following functionality:
- Available for iOS and Android (supported version: iOS 12+ and Android 7+)
- Based on the FIDO UAF 1.1 standard
- Authentication via PIN, fingerprint or biometric authentication (depending on device capabilities, includes fingerprint, face, and iris recognition) on Android devices
- Authentication via PIN, fingerprint or faceID on iOS devices
- Deregistration of the Access App from within the app
- Generic transaction confirmation
- Customer-branding (logo, colors, fonts)
- Forced Access App Update
- Different message transmission Channels such as push, link or QR code
- Number matching support to prevent push-fatigue attacks.
- Customisable translations for all app messages
- Right to left language support
- Configurable links to in-app rendered HTTP pages including multi-language support for
- the privacy policy page (app store requirement)
- app help page (optional)
- account registration page (optional)
Nevis provides regular releases of the Access Apps to customers and partners, implements improvements, ensures that bugs are fixed and new OS versions are supported.
Hardware Requirements
Because of the high-security nature of the Nevis Access App, it requires the presence of a TEE/SE1. For Apple devices, this is ensured by the iOS12+ limitation. Also, most currently available Android devices contain a TEE/SE, except some (usually low-budget) models.
The Apple iPod Touch lacks a TEE/SE, therefore it is not supported.
Access App Flavors
The Access App is delivered in two flavors:
Integration
- Intended for testing and development.
- Can be run on emulators / simulators.
- Permits self-signed certificates for TLS.
- Does not do certificate hostname verification.
- Provides increased logging (showing the network requests and responses for example).
Production:
- For Google Play Store / Apple app store distribution to end users.
- Cannot be run on emulators / simulators.
- Requires a valid certificate chain / Root-CA signed certificates for TLS.
- Preforms hostname validation on TLS certificates.
Publication
For a description of the steps that are required to sign the app per platform, refer to Prepare Android publication or Prepare iOS Publication.
- TEE: Trusted Execution Environment refers to cryptographic hardware for secure storage and execution of cryptographic related operations. As opposed to a TPM (Trusted Platform Module) a TEE is not physically isolated from the main chipset. SE: Secure Enclave - a tamper-proof secure storage.↩