Mobile Access Data In Disengage Flow
Xesar provided access data is previously encrypted and cannot be read by the mobile device. To prevent the replay of your mobile key there is a BLE Mobile Disengage Sequence that needs to be followed. Within this flow, the access data is wrapped and encrypted with AES-CCM (AEAD) for the transmission to EVVA Components. The AEAD is using the random generated challenge valid only for the current connection and a mobile device key (MOBDK) that is specifically derived for the mobile device and a specific mobile group.
Interfaces
Section titled “Interfaces”| Interface | Annotations |
|---|---|
| BLE Advertisement | See documentation of the EVVA component manufacturer specific advertisement. |
| Mobile Identification Medium Service | See GATT service description |
| BLE Mobile Disengage Sequence | See the flow sequence of a mobile disengage |
Specification
Section titled “Specification”| AEAD | IV | ADATA | CT | MAC | |||
|---|---|---|---|---|---|---|---|
| Content | Version | Flags | Mobile Device Identifier (MOBID) | Mobile Device Group Identifier (MOBGID) | Access Data | ||
| Length in Bytes | 13 | 4 | 4 | 32 | 32 | 605 | 16 |
| Annotations | Challenge as generated by the EVVA component | See Structure of the version | See Structure of the flags | Random oder SHA256(UUID v4) | Random oder SHA256(UUID v4) | Xesar provided, encrypted access data | Message Authentication Code generated by the AEAD (AES-CCM) |
Structure of the version
Section titled “Structure of the version”| Major | Minor | Patch | |
|---|---|---|---|
| Length in Bytes | 1 | 1 | 2 |
| This specification (decimal) | 2 | 0 | 0 |
| HEX (to be interpreted big-endian) | 0x02 | 0x00 | 0x00 00 |
Structure of the flags
Section titled “Structure of the flags”| Office Mode | RFU | |
|---|---|---|
| Length in Bits | 1 | 31 |
| Annotations |
|