Alert EnterpriseWiki

Wavelynx — Google Wallet issuance

google walletandroid22 steps6 actorsVerified
22
Verifiedoverall flow status
22/ 22 verified
0%
steps cited
0 of 22 · plus flow-level
Triggers
  • Partner submits provisioning request via Wavelynx Wallet API
  • End-user taps 'Add to Google Wallet' on the AE-supplied surface
TLSmTLSJWEKMS-wrapx-api-keyPartnerpartnerWavelynxWavelynxserviceGoogle Cloud KMSkmsNXP MIFARE2GOmediatorGoogle WalletGoogle WalletwalletEnd-user devicedevice1POST /provisioning (display, role, photo, group_id)Crosses trust boundary2Create digitization referenceCrosses trust boundary3digitization reference + correlationId4Persist credential record (status PENDING)5201 Created (vuid + Google add-to-wallet link)6User initiates Add to Google Wallet7Add-to-Wallet request (digitization reference)8GET fetchCardPayload / fetchCardMetadata (by correlationId)Crosses trust boundary9Decrypt master keyset for partner site10Master keyset (memory only, not persisted)11Diversify per-credential key, JWE-encrypt12Assemble bundle — DESFire EV2 profile, JWE-wrapped keys, pa…13Encrypted payload14Credential payload15Deliver and provision pass on device16Provisioning confirmation17Status update18POST cardStatusChanged (status ACTIVE)Crosses trust boundary19Update credential status → ACTIVE20Webhook (status ACTIVE)Crosses trust boundary21200 OK (synchronous response to NXP)22200 OK (webhook acknowledged)
Hover steps or envelopes to inspect.
Trust boundary
Source
  • src/wallet-api-data-flow-architecture-v1.0.12.pdf §6.2 Issuance flow
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.