SpringBlue template (NFC)

This feature is restricted and subject to a specific license agreement and fees. Please contact SpringCard for detailed information and pricing options.

Overview

SpringBlue is a turnkey identification solution developed by SpringCard to send a credential to a reader from virtually any recent mobile phone:

  • Android smartphones featuring HCE (host card emulation) are handled as contactless cards thanks to the SpringBlue HCE template. This is this chapter's subject.
  • For all other smartphones (running either Android, iOs or Windows), the credential could be pushed over BLE (Bluetooth v4/v5 Low Energy). This part is documented in Reading SpringBlue BLE Tokens,

Merchants and service providers are identified by a unique SiteId (on 4 bytes). Every user "belonging" to this merchant or service provider is identified by a unique UserId (on 8 bytes).

The SpringBlue BLE template retrieves the UserId for a given SiteId.

A security scheme, based on two secret keys and AES computation, allows to verify that the credential comes from a trusted source.

Configuration

Register t0: select the SpringBlue BLE template

Register 03t0 (1 byte) selects the template. Set it to B0 to select this template.

Register t1: output format

Register 03t1 defines the output format. Refer to Template engine : Data Output Format.

Register t2: output prefix

Register 03t2 defines the output prefix. Refer to Template engine : Output Prefix.

Register t3: Location of data

Register 03t3 defines the SiteId on 4 Bytes.

Bytes Content Notes / Valid range
0-3 SiteId MSB first (Byte 0) and LSB last (Byte 3)

Register t4: Options

If register 03t4 is set, the reader adds a token to its output to tell the receiver what kind of object has been read.

Bytes Bits Meaning
0 7-4 RFU
3-2 Position of the “card type” token in the output
00: Before the PFX constant
01: After the PFX constant, but before the actual data
10: After the actual data
11: RFU
0-1 Add a “card type” token to the output
00: Do not add the “card type” token
01: Add a B0 as “card type” token
10: Add a S as “card type” token
11: Add 00

Register t5: Authentication keys

Register 03t5 contains the two site's secret keys on 32 Bytes

Bytes Content Notes / Valid range
0-15 SOIK : Site's ObjectID Key 16 bytes
16-31 MSUK : Master Key to protect Site's UserIDs 16 bytes