Once the application has an active FIDO registration with the Nevis Mobile Authentication backend, it can make use of FIDO transaction confirmation operations. The FIDO transaction confirmation is technically the same as a FIDO authentication, but with additional information regarding the details of the transaction.
Transaction confirmation allows the user to authorize transactions on his mobile phone. Transactions can consist of simple text messages, which the user can confirm with his mobile authentication credentials. This is useful for any kind of operation where trusted, verified user consent is required.
Transaction confirmations are often used in a banking environment, where the user must explicitly confirm financial transactions. In this context, the user sees a text describing the transaction. This transaction message text is shown without any modification during the transaction, to ensure the user that this exact message will be signed with his credentials. This is according to the FIDO specification: What You See is What You Sign → WYSIWYS.
For a detailed description, see Out-of-Band Transaction Confirmation.
The application only supports text-based transaction confirmation.
You can format the transaction confirmation text with a limited set of supported HTML tags. To enable text formatting, enclose the transaction confirmation text in the HTML tags
The following tags and formatting options are supported:
- line break:
- underline :
<html>Confirm payment of <br><strong>200 CHF</strong><br> to John Doe</html>
The Access App sanitizes the supplied transaction confirmation text. That is, the app removes all unsupported tags as well as any attributes from the text before display.
Using custom fonts can lead to issues if a formatting option is not supported by the supplied font type. Therefore, Nevis recommends using the mobile OS default fonts.