![background image](http://html1.mh-extra.com/html/uic/bezel-5/bezel-5_programmers-manual_3278495150.webp)
UIC Bezel5 Programmer’s Manual
Page.150/166
UDN PM098 Rev. 1.0
Copyright © 2013, Uniform Industrial Corp. All Rights Reserved
7.4.
Google Wallet Merchant Key Update
The Google Wallet merchant key is protected by a pre-loaded injection key by using TDES crypto
algorithm. Since the key is always encrypted, the authentication is not required. The reader will use
the SHA1 value for verification purpose.
Request SHA1 checksum of
TDES-INJECTION-KEY
[Merchant
Secret ]
Return SHA1 checksum
TDES-INJECTION-KEY
[Merchant Secret ]
The Host
Application
The Reader
The reader only accepts the merchant key to follow the Google MIFARE key packet format. In
general, Google will generate the new key which is protected by the merchant defined symmetry
key (TDES key). The normal procedure is that the encrypted data is sent to the merchant. Once the
merchant application receives the data, it will convert the data to the suitable coding format
according to the reader’s command to be sent to the reader. Then the reader will use the
pre-loaded symmetry key to decrypt the merchant key and install it.
The symmetry key is able to be updated after the unit is deployed to the field site. The details of the
symmetry key update process are not described in this section. Please refer to the Bezel5 command
authentication section for more information.
In the meantime, the reader will perform SHA1 on the whole encrypted merchant key data block
and store the value in the nonvolatile memory. The application can verify the checksum to assure
the key is installed properly.
The format of the packaged merchant key is
<len_enc_X>, the length of enc_X, (1 byte)
<enc_X>, the encrypted list of merchant secrets, (n bytes)