There are several preconfigured values that you must change, for security reasons,
after a fresh installation. You must set a new password for the universal user (customer ID
100) and configure the password in the configuration accordingly.
The encrypted password hash for preferences is used by the portal, and that
encrypted value is placed in the MOB_PREFERENCES table in the database. The first hash is
made from any plain text password, while the second (encrypted) hash is built from the chosen
value for the first hash. Both hashes have specific places in the database.
Keys are used in Mobiliser to secure communication
between hosts (HTTPS) and to encrypt sensitive information, for example, credit card data.
By default, Mobiliser does not contain any keys; you must create
them as part of the overall installation
For credit card payments, the default Mobiliser
configuration uses asymmetric encryption to secure credit card and bank account information in
the front end, and a dummy payment handler implementation in the back end to decrypt credit
Each new secure element that is issued by the SAP Mobile Platform
operator can be identified by a unique ID, and requires a specific keyset. The secure
element unique ID is stored in a structure called Card Production Life Cycle (CPLC) data,
which uniquely identifies each secure element and is stored into each secure element prior
By default, encrypting communications between the MER and the point of sale, on
device charging requires two root keys—Mer Private chargeKey (MPcK) and Mer Private readKey
(MPrK)—that are installed into each MER, and generate a specific and separate keyset for
each merchant. The keys, which are 192 bits in size, are used by 3-DES algorithms
A standalone SAP Mobile Platform Server includes a default configuration that
is appropriate for workloads that do not require high transaction rates. A server that is
running with the default settings is generally limited to development and proof-of-concept
Any customer (consumer, merchant, agent, or system user) credentials are stored, in a
hashed format, in MOB_CUSTOMER_CREDENTIALS.
SAP Mobile Platform supports different hashing algorithms. The
STR_CREDENTIAL is always prefixed with the hashing algorithm in curly brackets, for example,