Skip to main content
Version: 8.2411.x.x RR

Overview

This chapter describes services intended to be used in out-of-band scenarios. Because the FIDO specification does not include such scenarios, the services described in this chapter are not standard FIDO services but proprietary nevisFIDO functionality.

The available out-of-band services are:

  • Dispatch Target Service: This service manages dispatch target entities. Register the target entities as dispatch targets a priori, to be able to involve out-of-band clients in an operation.
  • Dispatch Token Service: This service generates tokens and dispatches them to the dispatch targets. Use the Redeem Token Service to redeem such a token later on. The redemption of the token triggers a standard FIDO operation.
  • Redeem Token Service: Use this service to redeem tokens previously generated and dispatched by the Dispatch Token Service. Redeeming a token triggers a FIDO operation, executed by the client redeeming the token.
  • Create Token Service: Use this service to create tokens that will be redeemed later.
caution

Do not use the Create Token Service for out-of-band scenarios. Instead, use the Dispatch Token Service.

In out-of-band scenarios, always access the services in the following (pseudo) order:

  1. Dispatch Target Service: Create a dispatch target.
  2. Dispatch Target Service: Query dispatch targets.
  3. Dispatch Token Service: Generate and dispatch a token to a dispatch target.
  4. Redeem Token Service: Redeem a token (that has been dispatched).

After the redemption of the token, a standard FIDO operation is triggered. The flow continues according to the FIDO specification.

The following diagram shows how the above-mentioned services should be used together.

title="Out of Band Concept Flow
  1. The Mobile Client registers itself as a dispatch target.
  2. The Laptop Client queries dispatch targets.
  3. The Laptop Client chooses a desired dispatch target.
  4. The Laptop Client requests a dispatch to the chosen dispatch target.
  5. Nevis generates a token.
  6. Nevis encrypts the token.
  7. Nevis dispatches the token to the chosen dispatch target.
  8. The Mobile Client receives the dispatched token.
  9. The Mobile Client decrypts the token.
  10. The Mobile Client redeems the token.
  11. Nevis triggers a FIDO operation based on the token.
  12. The Mobile Client proceeds to complete the FIDO operation.
  13. The Laptop Client monitors the status of the operation.