![background image](http://html1.mh-extra.com/html/uic/bezel-5/bezel-5_programmers-manual_3278495117.webp)
UIC Bezel5 Programmer’s Manual
Page.117/166
UDN PM098 Rev. 1.0
Copyright © 2013, Uniform Industrial Corp. All Rights Reserved
6. Authentication and Card Data Encryption ???
Question: Is this applicable to Bezel5 only? Does it apply to Bezel5?
The Bezel5 can be configured as a secure reader to protect the card holder’s privacy. Once the
Bezel5 enters into the secure reader mode, the output card data is encrypted. And the
administration commands for changing the status or settings of the reader need to be
authenticated.
6.1.
Data Security and Key Management
The Bezel5 security arrangement involves a cryptography system for supporting end-to-end
encryption.
1.
Card Data Encryption:
It uses the symmetric-key encryption, Triple DES (TDES)/or AES, with the Derived Unique
Key Per Transaction (DUKPT) key management, as well as the RSA mode, to protect the
card data.
2.
Authentication for the administration command:
All of the administration commands must be authenticated before their executions. A
challenge-Response mechanism is involved in the process.
3.
Google Wallet merchant data update:
In order to simplify the merchant data update in the field site, the UIC680 will pre-load a
TDES injection key. The current data of the merchant key and the merchant id are updated
through the application which sends out the merchant data which is protected by the
injection key.
Here is the brief summary:
1.
The payment card data and the Google Wallet application data are going to be encrypted
either by the TDES, AES or RSA mode.
2.
The reader leverages the DUKPT for the key management scheme which is used for card
data security.
3.
The number of card readings is extended to two millions by arranging two key slots.
4.
The encrypted output data of the USB HID report is in binary format.
The reader encryption is enabled as default by the factory. It requires an authentication if the user