USER MANUAL SecureMag Encrypted MagStripe Reader
Contents
1. F 46 09 Shift On G 47 0A Shift On H 48 OB Shift On I 49 0C Shift On J 4A 0D Shift On K 4B OE Shift On L 4C OF Shift On M 4D 10 Shift On N 4E 11 Shift On O 4F 12 Shift On P 50 13 Shift On Q 51 14 Shift On R 52 15 Shift On S 53 16 Shift On T 54 17 Shift On U 55 18 Shift On V 56 19 Shift On W 57 1A Shift On X 58 1B Shift On Y 59 1C Shift On Z 5A 1D Shift On 5B 2F 5C 31 5D 30 A 5E 23 Shift On B 5F 2D Shift On 60 35 a 61 04 b 62 05 c 63 06 d 64 07 e 65 08 f 66 09 g 67 0A h 68 0B i 69 0C j 6A 0D k 6B OE l 6C OF m 6D 10 n 6E 11 o 6F 12 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 68 of 72 SecureMag User Manual p 70 13 q 71 14 r 72 15 S 73 16 t 74 17 u 75 18 V 76 19 wW 77 1A X 78 1B y 79 1C Z 7A ID 7B 2F Shift On 7C 31 Shift On 7D 30 Shift On 7E 35 Shift On DEL 7F 2A F1 81 MI 3A F2 82 f2 3B F3 83 f3 3C F4 84 f4 3D F5 85 f5 3E F6 86 f6 3F F7 87 f7 40 F8 88 f8 41 F9 89 M9 42 F10 8A Va 43 F11 8B Mb 44 F12 8C Mc 45 Home 8D home 4A End SE end 4D SF right 4F c 90 left 50 T 9 up 52 l 92 down 51 PgUp 93 pgup 4B PgDn 94 pgdn 4E Tab 95 tab 2B bTab 96 btab 2B Sh2. Track3SuffixI 39 Track 3 Suffix 0 No suffix for track 3 6 char D max Set50 3C Set50 set MSR reg eeprom map SwapTIT3ID 3D Swap T1 T3 0x00 0x5A Ox5A Swap T1 and T3 Will not be reset by 53 18 PinKeyID 3E 0x00 0x5A 0x5A PinKey Can only set at level 1 Won t reset by 53 18 BaudID 4 Baud Rate P 297 9600 bps 2 is 1200 7 is s 38 400 bps 9 is 115 2 kbps DataID 42 Data Bit 0 8 Bits required in secure S mode ParityID 43 Data Parity 0 0 747 None S HandID 44 Hand Shake 0 0 1 Software Xon Xoff hand S shake StopID 45 Stop Bit 0 0 017 1 Bit S XOnID 47 XOn Character DCI 0x11 as XOn S XOffID 48 XOff Character DC3 0x13 as XOff S PrePANID 49 PAN to not 4 0 6 leading PAN digits to mask display PostPANID 4A PAN to not 4 0 4 of trailing PAN digits to e mask display MaskCharID 4B mask the PAN 20 7E any printable character e with this character CrypTypeID 4C encryption type 1 1 2 T 3DES 2 AES T e OutputModel 4D Std OPOS or 0 0 1 Standard mode D JPOS SerialNumber 4E device serial any 8 10 bytes 8 10 hex serial number r D DispExpDatel 50 mask or display 0 0 1 1 don t mask expiration e D expiration date date SessionID 54 8 byte hex not None always init to all FF e stored in EEPROM Mod10ID 55 include mod10 0 0 2 d
3. Buffered Mode Enabled DTEnableSen 1B DT Enable Tr 3 Data Editing Control dID Send 0x30 Disable Data Edit 0x31 Data Edit Match mode 0x33 Data Edit Unmatch mode DecodingMeth 1D Decoding P 607737 Reading Direction odID Direction 0x30 Raw Data Decoding in Both Directions 0x31 Decoding in Both directions 0x32 Moving Stripe Along Head in Direction of Encoding 0x33 Moving Stripe Along Head Against Direction of Encoding ReviewID 1F Review All None Settings TerminatorID 21 Terminator CR Enter CR for RS232 Enter for KB FmVerID 22 Firmware Version USBHIDFmt 23 USB HID Fmt 0 0 1 ID TECH Format D ForeignKBID 24 Foreign KB 0 0 9 Foreign Keyboard CustSetID 00 00 07 0 POS X Level 3 Non CC send same as Levell 1 Level3 No empty pkt when not enough sampling bits 2 Enhanced Secured Output will have SN after hash Track1PrefixI 34 Track 1 Prefix 0 No prefix for track 1 6 char D max Track2PrefixI 35 Track 2 Prefix 0 No prefix for track 2 6 char D max Track3PrefixI 36 Track 3 Prefix 0 No prefix for track 3 6 char D max TracklSuffixI 37 Track Suffix 0 No suffix for track 1 6 char D max Track2SuffixI 38 Track 2 Suffix 0 No suffix for track 2 6 char D max Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 62 of 72 SecureMag User Manual
4. Track 1 decrypted B4266841088889999 BUSH JR GEORGE W MR 0809101100001 100000000046000000 Track 2 decrypted 4266841088889999 080910110000046 0 Track 3 decrypted 33333333337676760707077676763333333333767676070707767676333333333376767 607070776767633333333337676760707 2 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 53 of 72 SecureMag User Manual Track 1 decrypted data in hex including padding zeros but there are no pad bytes here 2542343236363834313038383838393939395E42555348204A522F47454F52474520572 E4D525E303830393130313130303030313130303030303030303034363030303030303F 21 Track 2 decrypted data in hex including padding zeros 3B343236363834313038383838393939393D3038303931303131303030303034363F300 000000000 Track 3 decrypted data in hex including padding zeros 3B333333333333333333333736373637363037303730373736373637363333333333333 333333337363736373630373037303737363736373633333333333333333333373637363 73630373037303737363736373633333333333333333333373637363736303730373F32 0000000000 10 6 4 Security Level 4 Decryption Enhanced Encryption Format 02A001803F48236B03FF252A343236362A2A2A2A2A2A2A2A393939395E42555348 204A4522F47454F52474520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2 A393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A6D7D5B204D3579694 E148F3FB2565544D35825EA89BA30C966D34363 15 1 BF592F995EDA86B94A47EBF
5. 7503 Report Size 9101 Output Constant 9506 Report Count 75 08 Report Size 1500 Logical Minimum 25 66 Logical Maximum 102 0507 Usage Page key Code 1900 Usage Minimum 29 66 Usage Maximum 102 8100 Input Data Array 062D Usage Page ID TECH FF 9501 Report Count 26 FF Logical maximum 255 00 1501 Logical Minimum 7508 Report Size 8 0920 Usage Setup data byte 9508 Report Count 8 B202 Feature Data Var Abs 01 C0 End Collection 10 2 Level I and level 2 POS Mode Data Output Format In POS mode use the special envelope to send out card data envelope is in the following format Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 37 of 72 SecureMag User Manual Right Shift Left Shift Right Ctrl Left Ctrl Read Error Track x ID Track x Error Track x Data Length Track x Data Card Track x LEC code Track x data LRC Reader will send out card data in Alt mode if its ASCII code less than H 20 Byte NO Name Right Shift Left Shift Right Ctrl Left Ctrl Read Error 1 Read Error 2 Track x ID Track x Error Track x Length 1 Track x Length 2 0 Track Data no extra Track ID for raw data Vl InI Icu A WI NR Oo 10 Track len 1 Card Track x LRC 10 T
6. e Level 1 By default readers from the factory are configured to have this security level There is no encryption process no key serial number transmitted with decoded data The reader functions as a non encrypting reader and the decoded track data is sent out in default mode e Level 2 Key Serial Number and Base Derivation Key have been injected but the encryption process is not yet activated The reader will send out decoded track data in default format Setting the encryption type to TDES and AES will change the reader to security level 3 e Level 3 Both Key Serial Number and Base Derivation Keys are injected and encryption mode is turned on For payment cards both encrypted data and masked clear text data are sent out Users can select the data masking of the PAN area the encrypted data format cannot be modified Users can choose whether to send hashed data and whether to reveal the card expiration date e Level 4 When the reader is at Security Level 4 a correctly executed Authentication Sequence is required before the reader sends out data for a card swipe Commands that require security must be sent with a four byte Message Authentication Code MAC at the end Note that data supplied to MAC algorithm should NOT be converted to ASCII Hex rather it should be supplied in its raw binary form Calculating MAC requires knowledge of current DUKPT KSN this could be retrieved using Get DUKPT KSN and Counter command Copyright 2010 20
7. 0920 Usage Tk1 Decode Status 0921 Usage Tk2 Decode Status 09 22 Usage Tk3 Decode Status 0928 Usage Tkl Data Length 0929 Usage Tk2 Data Length 092A Usage Tk3 Data Length U 09 38 sage Card Encode Type 9507 Report Count 8102 Input Data Var Abs Bit Field 0930 Usage Total Sending Length 9502 Report Count 2 8202 Input Data Var Abs Bit Field 01 0931 Usage Output Data 9610 Report Count 512 16 02 8202 Input Data Var Abs Bit Field 01 09 20 Usage Command Message 9508 Report Count B2 02 Feature Data Var Abs Buffered Bytes 01 CO End Collection Report Descriptor USB KB Interface Value Description 0501 Usage Page Generic Desktop 0906 Usage Keyboard A101 Collection Application 0507 Usage Page Key Codes 19 EO Usage Minimum 29 E7 Usage Maximum 1500 Logical Minimum 2501 Logical Maximum Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 36 of 72 SecureMag User Manual 7501 Report Size 9508 Report Count 8102 Input Data Variable Absolute 9501 Report Count 1 7508 Report Size 8101 Input Constant 9505 Report Count 7501 Report Size 0508 Usage Page LED 1901 Usage Minimum 2905 Usage maximum 9102 Output Data Variable Absolute 9501 Report Count
8. 8 bytes Security level 4 only Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 41 of 72 SecureMag User Manual Track 1 hashed 20 bytes each if encrypted and hash track 1 allowed Track 2 hashed 20 bytes each if encrypted and hash track 2 allowed Track 3 hashed 20 bytes each if encrypted and hash track 3 allowed KSN 10 bytes CheckLRC CheckSum ETX Where lt STX gt 02h lt ETX gt 03h Note 1 Card Encode Type Card Type will be 8x for enhanced encryption format and Ox for original encryption format Value Encode Type Description 00h 80h ISO ABA format Olh 8lh AAMVA format 03h 83h Other 04h 84h Raw un decoded format For Type 04 or 84 Raw data format all tracks are encrypted and no mask data is sent No track indicator 01 02 or 03 in front of each track Track indicator 01 02 and 03 will still exist for non encrypted mode Note 2 Track 1 3 status byte Field 4 Bit 0 1 track 1 decoded data present Bit 1 1 track 2 decoded data present Bit 2 1 track 3 decoded data present Bit 3 1 track 1 sampling data present Bit 4 1 track 2 sampling data present Bit 5 1 track 3 sampling data present Bit 6 7 Reserved for future use Note 3 Clear mask data sent status Field 8 Clear mask data sent status and field 9 Encrypted Hash data sent status will only be sent out in enhanced encryptio
9. Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 60 of 72 SecureMag User Manual Control Key Output 0x38 Not send start end sentinel and send all data on Track 2 not error notification Alt Key Output 0x39 Send start end sentinel and send all data on Track 2 not send error notification Alt Key Output 0x3a Not send start end sentinel and only send account number on Track 2 not send error notification Alt Key Output Ox3b Send start end sentinel and only send account number on Track 2 not send error notification Alt Key Output 0x3c Not send start end sentinel and send all data on Track 2 send error notification default Alt Key Output 0x3d Send start end sentinel and send all data on Track 2 send error notification Alt Key Output 0x3e Not send start end sentinel and only send account number on Track 2 send error notification Alt Key Output Ox3f Send start end sentinel and only send account number on Track 2 send error notification Alt Key Output MSRReadingI D MSR Reading 1 s 0 2 Enable Disable MSR Reading 0x30 MSR Reading Disabled 0x31 MSR Reading Auto Mode Enabled 0x32 MSR Reading Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 61 of 72 SecureMag User Manual
10. DF6434CB3A075DDD18F616E21F1E2038BC3 AD5F96C1387177BD89409DA2E92A 684543E007087F8694A EA8D3DB36BA 10BC4D4B2771C622FEC8271 A6E021 AA564 4EDS59ECO9CABF19F36B422CA2016B48A7241B2DA9584ED4415B4F30637734CF 5031 AF475DAF27C 188A 1A771264011BAA090E91893BC2A52EDD56F8E6E9554BC 0C5207C04E3C21B6DA2A48F2257DC6946DBFBC87F3189E5C8B954BF7303D01E4 43155911E4137AEAD52441567AA1D50924A7597EC9D758ABAF3A8E82BF81 A2E3 418AC88F65EIDB7EDAD10973F99DFC8463FF6DF113B6226C4898A9D355057ECA F11A5598F02CA31688861C157CICE2E0F72CE0F3BB598A614EAABB16299490119 0000000003D67C03 Clear Masked Data Track 1 99 4266 9999 BUSH JR GEORGE W MR 7F kk ke ak ak sk sie se sie sk sie se fe ak ak fe ake ak oe eoe ak K 2 2 k 2k Track 2 426 6 RH EHH 99 QOH HH HH I HE HED Key Value 89 52 50 33 61 75 51 5C 41 20 CF 45 F4 1A BF 1C KSN 62 99 49 01 19 00 00 00 00 03 Session ID AA AA AA AA AA AA AA AA Decrypted Data in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 4266841088889999 080910110000046 0 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 54 of 72 SecureMag User Manual 333333333337676760707077676763333333333767676070707767676333333333376767 607070776767633333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572 E4D525E303830393130313130303030313130303030303030303034363030303030303F 21 3B343236363834313038383838393939393D
11. It s encrypted using the key derived from the current DUKPT key Session ID Optional 8 bytes Session ID encrypted using the key derived from the current DUKPT key Deactivate Authenticated Mode Command This command is used to exit Authenticated Mode Host needs to send the first 7 bytes of Challenge 2 from the response of Activate Authenticated Mode command and the Increment Flag 0x00 indicates no increment 0x01 indicates increment of the KSN encrypted with current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt If device decrypts Challenge 2 successfully the device will exit Authenticated Mode The KSN will increase if the Increment flag is set to 0x01 If device cannot decrypt Challenge 2 successfully it will stay in Authenticated Mode until timeout occurs or when customer swipes a card The KSN is incremented every time the authenticated mode is exited by timeout or card swipe action When the authenticated mode is exited by Deactivate Authenticated Mode command the KSN will increment when the increment flag is set to 0x01 Command Structure Host gt Device lt STX gt lt S gt lt 83h gt lt 08h gt lt Deactivation Data gt lt ETX gt lt LRC gt Device gt Host lt ACK gt success lt NAK gt fail lt Deactivation data gt 8 bytes response to Challenge 2 It contains 7 bytes of Challenge 2 with 1 byte of Increment Flag encrypted by the specified variant of current DUKPT Key
12. TECH Format Format FmtOptionID 16 UIC Mag Tek H 59 Refer to MiniMag RS232 User s Manual TrackSepID 17 Track CR Enter CR for RS232 Enter for KB Separator any character supported Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 59 of 72 SecureMag User Manual except 00 which means none SendOptionID Send Option 07 0x3f Sentinel and Account number control Sentinel and Account number control 0x30 Not send start end sentinel and send all data on Track 2 not error notification Control Key Output 0x31 Send start end sentinel and send all data on Track 2 not send error notification Control Key Output 0x32 Not send start end sentinel and only send account number on Track 2 not send error notification Control Key Output 0x33 Send start end sentinel and only send account number on Track 2 not send error notification Control Key Output 0x34 Not send start end sentinel and send all data on Track 2 send error notification default Control Key Output 0x35 Send start end sentinel and send all data on Track 2 send error notification Control Key Output 0x36 Not send start end sentinel and only send account number on Track 2 send error notification Control Key Output 0x37 Send start end sentinel and only send account number on Track 2 send error notification
13. aei am herren er eb dite Ur aeos aA eur 18 T OPOSJPOS C OBI usi rere orti ti tape i Paetos a dds 18 7 6 Arm Disarm to Read Command noo tret t eer neto qui tk ded AMAN CS 18 7 7 Read Buffered MSR Data Command i scicccseseccisennssesssansandsevetssavecnesendedacsnsideherents 19 7 8 Read MSR Options Comrmaand asieieesecessassen in saiua eben esaet in ea ated aa eda ana da 19 7 9 Set MSR Options Corand euius eset aane ertet tk ddu bee ch rano ea nada ka lakes 20 7 9 1 Besp Voluftie acoso tuiie ul n Lu e aestate M Pueri terere Ia cu Mai died 20 P92 Change to Default Settings a c neta nire e boke eere Uii ed eludere nad eb afe 20 7 9 3 MSR Reading Sell ipsas ed rese rtm eere ee bir idi Eia Care Re im NoD bu epe 20 7 9 4 Decoding Method Settings x oie ete eerte toon reed tede ines REN ina iara 20 TI Terminator Setting ao nct dere tonic ditat beet si macer ena NDS MM eue 21 T5 Preamble Settini neeo e eaaeo EE E E use ERO E i d 21 TI Postmble Settings enn ne a Hi ee hes aaea 21 TUN Track n Prefix Seting sic scnetsssceteidinaiatetthesederouaceigedntantiaaiedeth qaos REN iE akese 21 VII FE PACKER SUID Sting oitenta ere Doi sai e E eia Ne DAR VM ea 22 TD NOS sono MER P 22 7 9 11 Track Separator Selection uidere Cine Have Tore than meodk ted kV eo opea epe EE HI leks arde 23 7 9 12 Start End Sentinel and Track 2 Account Number Only ssss 23 B OSBOUIDPOdIUteS ansiedad RMSperie et d EORR cr letus
14. bytes of Authenticated mode timeout duration and eight bytes Session ID encrypted with the result of current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt The Authenticated mode timeout duration specifies the maximum time in seconds which the reader would remain in Authenticated Mode A value of zero forces the reader to stay in Authenticated Mode until a card swipe or power down occurs The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If Session ID information is included and the command is successful the Session ID will be changed The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response correctly If the device cannot decrypt Challenge Reply command Activate Authenticated Mode fails and DUKPT KSN advances Command Structure Host gt Device lt STX gt lt S gt lt 82h gt lt 08h gt lt Activation Data gt lt ETX gt lt LRC gt Device gt Host lt ACK gt success Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 56 of 72 SecureMag User Manual lt NAK gt fail Activation Data 8 or 16 bytes structured as Challenge 1 Response Session ID gt Challenge 1 Response 6 bytes of Challenge 1 random data with 2 bytes of Authenticated mode timeout duration
15. exte Fred ipe Roda Dude Pe ERA PRG 24 8 1 Encryption Management su eeoo idt eret ko Pese Codes yet ded ee sogedbedlanedenanaate 25 8 2 Check Card Bottes dette eaea feta tdeo e uar os Lade eed epo Pa O 25 8 3 MSR Dat Maslking s ucceseetectkt eo p obere tr aces grep obey dena ra 363 ee eoe vede deos cn 25 9 Wenig the Demo Programs asse putei coste ri ent de EHE R UR Cete pela daxabecencsuatccteseaniane 27 Ole Manual Commands 4e teretes eue eee D o seb thanedanes ai Fare e dope ond dee pate 28 9 2 Decryption cue o erts rea don eddie as Pals sod ur func deu ead k e a eu dr du debe RAN 29 9 3 Reader Operations tuc escapar ete erc e brit eet avs a crei e edges ated 31 I0 Data Porti aote WE ite eR eio na tutes ele EVER Oen dt ce AER one RNV ete de i eU 32 10 1 Level 1 and level 2 Standard Mode Data Output Format sss 32 10 1 1 USB HID Data Porat ssepe toten Risse nes ainiai iinei aieiaa 33 10 1 2 Descriptor Tables oos doen Dres tr a erdt ttes a erede debel Eaa 34 10 2 Level 1 and level 2 POS Mode Data Output Format eese 37 10 3 DUKPT Level 3 Data Output Enhanced Format esses 40 10 4 DUKPT Level 3 Data Output Original Format eene 43 10 5 DUKPT Level 4 Data Output Original Format eese 44 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 5 of 72 SecureMag User Manual 10 6 Decryption Ex
16. format is as follows Command lt STX gt lt S gt lt FuncSETBLOCKI1 gt lt FuncBLOCKn gt lt ETX gt lt LRC gt Response lt ACK gt or lt NAK gt for wrong command invalid funcID length and value Each function setting block lt FuncSETBLOCK gt has following format lt FuncID gt lt Len gt lt FuncData gt Where lt FuncID gt is one byte identifying the setting s for the function lt Len gt is the length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the sending command for this function Get Setting Command Where This command will send current setting to application Command lt STX gt lt R gt lt FuncID gt lt ETX gt LRC 1 gt Response lt ACK gt lt STX gt lt FuncID gt Len lt FuncData gt lt ETX gt LRC 2 gt lt FuncID gt lt Len gt and lt FuncData gt definition are same as described above Characters Hex Value Description lt STX gt 02 Start of Text lt ETX gt 03 End of Text lt ACK gt 06 Acknowledge lt NAK gt 15 for Negative Acknowledge Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 14 of 72 SecureMag User Manual RS232 and USB HID interface FD for USB KB interface lt UnknownID gt 16 Warning Unsupported ID in setting lt AlreadyInPOS gt 17 Warning Reader
17. gt TDES 0x33 DES 0x0B lt KEY bytes gt TDES 0x20 DES 0x10 lt RESPONSE CODE gt 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KEY bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2 F 77 6F 68 4D 7A SA 42 5 1 7A 49 35 4D 6B 5A 42 5 1 54 45 7A 4D 54 56 43 4E 45 5 1 34 4E 54 68 42 5 1 6A 4 E 42 4 D 30 5 1 33 52 44 55 35 4D 7A 4 E 42 6C 51 3D 3D 0D 0A 03 2D Response 06 02 46 46 OD 0A 03 LRC Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 17 of 72 SecureMag User Manual 7 4 Reader Reset Command 02 49 03 48 The reader supports a reset reader command This allows the host to return the reader to its default state Response is as follows 06 7 5 OPOS JPOS Command There are three forms of the command 02 4D 01 30 03 7D Enter Standard Mode Exit OPOS Mode 02 4D 01 31 03 7C Enter OPOS Mode 02 4D 01 32 03 7F Enter JPOS Mode Response is as follows 17 Reader already in OPOS Mode 15 Command failure wrong length or wrong parameter 06 Success 7 6 Arm Disarm to Read Command Arm to read 02 50 01 30 03 LRC This command enables the MSR to be ready for a card swipe in buffered mode Any previously read data will be erased and reader will wait for the next swipe As the user swipes a card the data will be saved but will not be sent to
18. lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt lt STX gt 02h lt ETX gt 03h lt LenL gt lt LenH gt is a two byte length of Card Data lt CheckLRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is a one byte Sum value calculated for all Card data Card Data format is ISO ABA Data Output Format e card encoding type 0 ISO ABA 4 for Raw Mode e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 unencrypted length 1 byte 0 for no track1 data e track 2 unencrypted length 1 byte 0 for no track2 data e track 3 unencrypted length 1 byte 0 for no track3 data e ifcard encoding type high bit set m mask and clear sent track status Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 44 of 72 SecureMag User Manual W encrypt and hash sent track status Non ISO ABA Data Output Format In this mode tracks are encrypted separately rather than as a group track 1 masked Omitted if in Raw mode track 2 masked Omitted 1f in Raw mode track 3 data Omitted if in Raw mode track 1 encrypted track 2 encrypted sessionID encrypted track 1 hashed track 2 hashed track 3 hashed optional DUKPT serial number AES TDES encrypted data AES TDES encrypted data AES TDES encrypted data 20 bytes SHA1 Xor 20 bytes SHA1 Xor 20 bytes SHA1 Xor 10 bytes e card encoding ty
19. not affect this value n not directly settable d feature only for reader with data editing feature e feature only for reader with encrypt feature Most function ID settings that relate to the content of formatting of the track output do not work in secure mode Exceptions to this are Preamble and Postamble in keyboard mode only It is currently not possible to mix security with OPOS and JPOS support Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 65 of 72 SecureMag User Manual Appendix B Key Code Table in USB Keyboard Interface For most characters Shift On and Without Shift will be reverse 1f Caps Lock is on Firmware needs to check current Caps Lock status before sending out data For Function code B1 to BA if Num Lock is not set then set it and clear it after finishing sending out code For Function code BB to C2 C9 to CC if Num Lock is set then clear it and set it after finishing sending out code Keystroke Hex Functional USB KB Code Value Code Ctrl 2 00 1F Ctrl On Ctrl A 01 04 Ctrl On Ctrl B 02 05 Ctrl On Ctrl C 03 06 Ctrl On Ctrl D 04 07 Ctrl On Ctrl E 05 08 Ctrl On Ctrl F 06 09 Ctrl On Ctrl G 07 0A Ctrl On BS 08 bs 2A Tab 09 tab 2B Ctrl J 0A 0D Ctrl On Ctrl K OB OE Ctrl On Ctrl L 0C OF Ctrl On Enter 0D Venter 28 Ctrl N OE 11 Ct
20. not display Expiration Date Exp date Masked Default 53500131 Display Expiration Data Reader Serial Number 4E Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 47 of 72 SecureMag User Manual The serial number will be set to the same as S N in unit s label The length is 8 to 10 characters User can read out the S N with 52 4E command 10 6 Decryption Example Key for all examples is 0123456789ABCDEFFEDCBA9876543210 10 6 1 Security Level 3 Decryption Original Encryption Format Decryption of a three track ABA card with the original encryption format SecureMag Reader with default settings Original encryption format can be recognized because the high bit of the fourth byte underlined 00 is 0 027D01003F48236B252A343236362A2A2A2A2A2A2A2A393939395E42555348204A 522F47454F52474520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A24A3939 39393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B3333333333333333333337 363736373630373037303737363736373633333333333333333333373637363736303730 373037373637363736333333333333333333333736373637363037303730373736373637 3633333333333333333333373637363736303730373F32863E9E3DA28E455B28F7736 B77E47A64EDDA3 BF03A06E44F3 1D1818COBCD7A353FB1AD70EFD30FFC3DA08 A4FBC9372E57E8B40848BAEAA3FE724B3550E2F4B223E6BF264BEAE9E39142B6 48CDB5 1FB8DAF8EA5B63913D29419B67582FCCCE9B372660F03668CC453216D9 449C6B67EF33418AC8
21. sending command to MSR Overview of SecureMag Demo Screenshot of RS232 Demo Software SecureMag RS232 Demo ver 4 0 General Setting MSR Security Port Help Manual Command Reader Output eg 53 18 Set Default Configuration eg 52 22 Read Firmware Version Send Command Decrypt Input Key for Decryption Exit Command Output Decrypted Data The demo software is similar for each interface with exception of interface specific settings Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 27 of 72 9 1 Manual Command The demo software allows users to manually input and send commands to the device Type the Command Data in the field and the command will be sent Command will be sent out in the following structure lt STX gt Command Data lt ETX gt lt LRC gt where lt STX gt 02h lt ETX gt 03h lt Command_Data gt Please refer to Appendix A for a complete list of commands lt LRC gt is a one byte Xor value calculated for the above data block from lt STX gt to lt ETX gt eg 02 53 18 03 4A Set Default Configuration eg 02 52 22 03 71 Read Firmware Version Press Send Command the input and output would be shown in the lower text box Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 28 of 72 9 2 Decryption The encrypted data will show in the Manual Command Encry
22. shown below ISO ABA Data Output Format e card encoding type 0 ISO ABA 4 for Raw Mode e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 unencrypted length 1 byte 0 for no track1 data e track 2 unencrypted length 1 byte 0 for no track2 data e track 3 unencrypted length 1 byte 0 for no track3 data e track 1 masked Omitted 1f in Raw mode Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 43 of 72 SecureMag User Manual e track 2 masked Omitted 1f in Raw mode e track 3 data Omitted if in Raw mode e track 1 encrypted AES TDES encrypted data e track 2 encrypted AES TDES encrypted data e track 3 encrypted Only used in Raw mode e track 1 hashed 20 bytes SHA1 Xor e track 2 hashed 20 bytes SHA1 Xor e DUKPT serial number 10 bytes Non ISO ABA Data Output Format e card encoding type 1 AAMVA 3 Others e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 length 1 byte 0 for no track data e track 2 length 1 byte 0 for no track2 data e track 3 length 1 byte 0 for no track3 data e track data e track 2 data e track 3 data 10 5 DUKPT Level 4 Data Output Original Format For ISO card both clear and encrypted data are sent For other card only clear data are sent A card swipe returns the following data Card data is sent out in format of lt STX gt lt LenL gt lt LenH gt
23. status length track 1 length track 2 length track 3 02 9801 80 3F 48 23 6B 03BF Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 51 of 72 SecureMag User Manual The above broken down and interpreted 02 STX character 98 low byte of total length 01 high byte of total length 80 card type byte interpretation new format ABA card 3F 3 tracks of data all good 48 length of track 1 23 length of track 2 6B length of track 3 03 tracks 1 and 2 have masked clear data BF bit 7 1 KSN included Bit 6 0 no Session ID included so not level 4 encryption Bit 571 track 3 hash data present Bit 4 1 track 2 hash data present Bit 3 1 track 1 hash data present Bit 2 1 track 3 encrypted data present Bit 1 1 track 2 encrypted data present Bit 0 1 track 1 encrypted data present Track 1 data masked length 0x48 252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F5247452 0572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A3F2A Track 1 masked data in ASCII 4266 eexeiees0999 BUSH JR GEORGE W JM R A E kk ke ok ak sk sie se sie sk ak se fe ak ose o o oe ak ak 2 2 2 2 2k Track 2 data in hex masked length 0x23 3B343236362A2A2A2A2A2A2A24393939393D2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A3F2A Track2 masked data in ASCII 4266 ee 999 RH RRR RD ok In this example there is no Track 3 data either clear or masked encrypted and hashed
24. the host The reader holds the data until receiving the next Arm to Read or MSR Reset command Disarm to read 02 50 01 32 03 LRC This command will disable MSR read and clear any magnetic data in buffered mode The reader enters to a disarmed state and will ignore MSR data Response is as follows 06 Other possible response statuses NAK NAK NAK NAK P command length must be 1 P command must be 0x30 or 0x32 Reader not configured for buffered mode Reader not configured for magstripe read Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 18 of 72 SecureMag User Manual NAK for keyboard interface is FD non KB mode NAK is 15 7 7 Read Buffered MSR Data Command 02 51 01 Track Selection Option 03 LRC The Track Select Option byte is defined as follows 0 Any Track e Track 1 2 Track 2 3 Track 1 and Track 2 4 Track 3 5 Track 1 and Track 3 6 Track 2 and Track 3 T Track 1 Track 2 and Track 3 8 Track 1 and or Track 2 9 Track 2 and or Track 3 This command requests card data information for the buffered mode The selected MSR data is sent to the host with or without envelope format according to the operation mode setting This command does not erase the data Response is as follows 06 02 Len H Len L MSR Data 03 LRC Other possible response statuses 18 Q command length must be 1 18 Reader no
25. 038383838393939395E42555348204A522F47454F52474520572 E4D525E303830393130313130303030313130303030303030303034363030303030303F 213B343236363834313038383838393939393D3038303931303131303030303034363F3 0AAAAAAAAAAAAAAAAO0000000000 10 6 3 Security Level 3 Decryption Enhanced Encryption Format Example of decryption of a three track ABA card with the enhanced encryption format SecureMag Reader with default settings except enhanced encryption structure format Enhanced encryption Format this can be recognized because the high bit of the fourth byte underlined 80 is 1 029801803F48236B03BF252A343236362A2A2A2A2A2A2A2A393939395E42555348 204A4522F47454F52474520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2 A393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2ADAT7F2A52BD3F6DD 8B96CS50FC39C7E6AF22F06ED 1 F033 BEOFB23D6BD33DC5A1F8085 12F7AE18D47 A60CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC8815FF87797AE3A7 BEAB3B10A3FBC230FBFB941FAC9E8264998 1 AE79F2632156E775 A06AEDAFAF6 F0A184318C5209E55AD44A9CCF6A78AC240F791B63284E15B4019102BA6C50581 4B5858 16CA3C2D2F42A99B1B9773EF1B116E005B7CD8681860D174E6AD3 16A0E CDBC687115FC89360AEE7E430140A7B791589CCAADB6D6872B78433C3A25DA9 DDAE83F12FEFAB530CE405B701131D2FBAAD970248A4560009334 18AC88F65E1 DB7ED4D10973F99DFC8463FF6DF113B6226C4898A9D355057ECAF11A5598F02C A31688861C157C1CE2E0F72CE0F3BB598A614EAABB16299490119000000000206E 203 STX Length LSB MSB card type track
26. 11 International Technologies amp Systems Corp All rights reserved Page 24 of 72 SecureMag User Manual Default reader properties are configured to have security level 1 no encryption In order to output encrypted data the reader has to be key injected with encryption feature enabled Once the reader has been configured to security level 2 3 or 4 it cannot be reverted back to a lower security level 8 1 Encryption Management The Encrypted swipe read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN 8 2 Check Card Format e ISO ABA American Banking Association Card card type 0 Encoding method Track1 is 7 bits encoding Trackl is 7 bits encoding Track2 is 5 bits encoding Track3 is 5 bits encoding Track1 is 7 bits encoding Track2 is 5 bits encoding Track2 is 5 bits encoding Additional check Track1 2 byte is B There is only one in track 2 and the position of is between 13 20 character so account number length is 12 19 digits Total length of track 2 is above 19 characters e AAMVA American Association of Motor Vehicle Administration Card Encoding method Track1 is 7 b
27. 11 International Technologies amp Systems Corp All rights reserved Page 71 of 72 SecureMag User Manual 13 Ctrl S Alt 019 14 Ctrl T Alt 020 15 Ctrl U Alt 021 16 Ctrl V Alt 022 17 Ctrl W Alt 023 18 Ctrl X Alt 024 19 Ctrl Y Alt 025 1A Ctrl Z Alt 026 1B ESC Alt 027 1C Ctrl Alt 028 1D Ctrl Alt 029 1E Ctrl 6 Alt 030 1F Ctrl Alt 03 1 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 72 of 72
28. 2 ETX 0x03 ACK 0x06 NAK 0x15 BASE64 Data encoded with base64 algorithm LRC Xor d all the data before LRC Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 16 of 72 SecureMag User Manual A successful key loading process includes the following steps e Get Key status Command Data lt FF gt lt 13 gt lt 01 gt lt 02 gt lt LRC gt Response Data lt FF gt lt 00 gt lt 01 gt lt 04 gt lt LRC gt For Example Command 02 46 46 2F 78 4D 42 4 1 75 38 3D 0D 0A 03 LRC Response 06 02 46 46 OD 0A 03 LRC e Load KSN Command Data lt FF gt lt 0A gt lt 11 gt lt KSN gt lt KSN bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt lt LRC gt lt KSN gt TDES 0x32 DES 0x0A lt KSN bytes 16 bytes ASCII for KSN lt RESPONSE CODE gt 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KSN bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2 F 77 6F 52 4D 6B 5S A 47 52 6B 59 35 4 F 44 63 32 4 E 54 5 1 7A 4D 6A 4 5 77 52 54 43 69 0D 0A 03 5D Response 06 02 46 46 OD 0A 03 LRC e Load Encryption Key Command Data lt FF gt lt 0A gt lt LENGTH gt lt KEY gt lt KEY bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt lt LRC gt LENGTH TDES 0x21 DES 0x11 lt KEY
29. 3038303931303131303030303034363F300 000000000 3B333333333333333333333736373637363037303730373736373637363333333333333 333333337363736373630373037303737363736373633333333333333333333373637363 73630373037303737363736373633333333333333333333373637363736303730373F32 0000000000 10 7 Level 4 Activate Authentication Sequence The security level changes from 3 to 4 when the device enters authentication mode successfully Once the security level is changed to level 3 or 4 it cannot go back to a lower level Activate Authentication Mode Command When the reader is in security level 4 it would only transmit the card data when it is in Authenticated Mode Authentication Mode Request When sending the authentication request the user also needs to specify a time limit for the reader to wait for the activation challenge reply command The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If the reader times out while waiting for the activation challenge reply the authentication failed Device Response When authentication mode is requested the device responds with two challenges Challenge 1 and challenge 2 The challenges are encrypted using the current DUKPT key exclusive or ed with lt FOFO FOFO FOFO FOFO FOFO FOFO FOFO FOFO gt The decrypted challenge 1 contains 6 bytes of random number followed
30. 4 5C Num Lock On Num_5 B6 num5 5D Num Lock On Num 6 B7 num6 5E Num Lock On Num_7 B8 num7 5F Num Lock On Num 8 B9 num8s 60 Num Lock On Num_9 BA num9 61 Num Lock On Num_ Home BB num_home SF Num PageUp BC Num pgup 61 Num PageDown BD num_pgdn 5B Num End BE iium end 59 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 70 of 72 SecureMag User Manual Num 1 BF Mum up 60 Num C0 num right SB Num Cl num_down 5A Num C2 num left 5C Print_Scrn C3 prt_sc 46 System_Request C4 sysrq 9A Scroll Lock C5 scroll 47 Pause C6 menu 76 Break C7 break Caps Lock C8 caps_lock 39 Num C9 num_ 54 Num CA num_ 55 Num CB num_ 56 Num CC num 57 Num CD num 63 Num Lock On Num DEL CE num del 63 Num INS CF Mum ins 62 Delay 100ms DO delay Delay 100 ms Table of Ctrl or Alt output for non printable characters ASCII Code Control Code Alt Code SendOptionID Bit 3 0 Bit 3 1 00 Ctrl 2 Alt 000 01 Ctrl A Alt 001 02 Ctrl B Alt 002 03 Ctrl C Alt 003 04 Ctrl D Alt 004 05 Ctrl E Alt 005 06 Ctrl F Alt 006 07 Ctrl G Alt 007 08 BS Alt 008 09 Tab Alt 009 OA Ctrl J Alt 010 OB Ctrl K Alt 011 0C Ctil L Alt 012 OD Enter Alt 013 OE Ctrl N Alt 014 OF Ctrl O Alt 015 10 Ctrl P Alt 016 11 Ctrl Q Alt 017 12 Ctrl R Alt 018 Copyright 2010 20
31. 4520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A243939 39393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B3333333333333333333337 363736373630373037303737363736373633333333333333333333373637363736303730 373037373637363736333333333333333333333736373637363037303730373736373637 3633333333333333333333373637363736303730373F32ED9DB728814F150D177F769 B0441C52B2B1994C83D058F1DDA5DAA6753CF0F61BB7690C7E8A276D3D60651 3DI1F8B79423C70594A0849CBBAC7B5A8DAC2B1A21BI IFIC47EFA4F12ACO7D59A 79E9369372D3F906A7F6C6D2B9076BCF05B334441 FAEC8B4EFBEB9DD20EBF97 B29D910C415FCEA8DA8FEB977534341 8AC88F65E1DB7ED4D10973F99DFC8463F F6DF113B6226C4898A9D35505 7ECAF11A5598F02CA3 162994901 1900000000044B 6F03 Masked Data Track 1 99 4266 9999 BUSH JR GEORGE Track 3 3333333333767676070707776767633333333337676760707077677676333333333376767 607070776767633333333337676760707 2 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 50 of 72 SecureMag User Manual Key Value 8A 92 F6 74 00 BF 25 2E 57 9A A9 01 FF 27 48 41 KSN 62 99 49 01 19 00 00 00 00 04 Session ID AA AA AA AA AA AA AA AA Decrypted Data in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 1 4266841088889999 080910110000046 0 333333333337676760707077676763333333333767676070707767676333333333376767 607070776767633333333337676760707 2 Decrypted Data in Hex 2542343236363834313
32. 8F65E1DB7ED4D10973F99DFC8463FF6DF113B6226C4898A 9D355057ECAF11A5598F02CA3162994901190000000001399F03 STX Length LSB MSB card type track status length track 1 length track 2 length track 3 02 7D01 00 3F 48 23 6B The above broken down and interpreted 02 STX character 7D low byte of total length 01 high byte of total length 00 card type byte interpretation old format ABA card 3F 3 tracks of data all good 48 length of track 1 23 length of track 2 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 48 of 72 SecureMag User Manual 6B length of track 3 Track 1 data masked length 0x48 252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F5247452 0572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A2A2A3F2A Track 2 data in hex masked length 0x23 3B343236362A2A2A2A2A2A2A24393939393D2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A3F2A Track 3 data unencrypted length 0x6B 3B333333333333333333333736373637363037303730373736373637363333333333333 333333337363736373630373037303737363736373633333333333333333333373637363 73630373037303737363736373633333333333333333333373637363736303730373F32 Track 1 amp 2 encrypted length 0x48 0x23 rounded up to 8 bytes 0x6B gt 0x70 112 decimal 863E9E3DA28E455B28F7736B77E47A64EDDA3BF03A06EA44F31D1818COBCD7A3 5 3FBIAD70EFD30FFC3DA08A4FBC9372E57E8B40848BAEAA3FE724B3550E2F4B2 2 3E6BF264BEAE9E39142B648CDB51FB8DAF8EA
33. CK STX Copyright String ETX LRC Response Example mixed hex and ASCII 06 02Copyright c 2010 ID TECH 03 7 7 2 Version Report Command 02 39 03 38 Response is as follows ACK STX lt Version String gt ETX LRC Response Example mixed hex and ASCII 06 02ID TECH TM3 SecureMag RS232 Reader V 3 19 03 LRC 7 3 Key Loading Command Note This command is normally only used by a key loading facility The Encrypted swipe read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN KSN and Device Key loading commands and responses protocol When DUKPT key management is used it is necessary to load Key Serial Number KSN and Initially Loaded Device Key before transaction The encryption key is TDES with 128 bit keys or AES encryption with double length keys 128 bit keys including parity KSN and Device Key loading commands and responses protocol Command lt STX gt lt F gt lt F gt lt Command Data BASE64 gt lt 0x0D gt lt 0x0A gt lt ETX gt lt LRC gt Response lt ACK NAK gt lt STX gt lt F gt lt F gt lt Respond Data BASE64 gt lt 0x0D gt lt 0x0A gt lt ETX gt lt LRC gt STX 0x0
34. Get Reader Status Command Command Structure Host gt Device lt STX gt lt R gt lt 83h gt lt ETX gt lt LRC gt Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 57 of 72 SecureMag User Manual Device gt Host lt ACK gt lt STX gt lt 83h gt lt 02h gt lt Current Reader Status gt lt Pre conditon gt lt ETX gt lt LRC gt success lt NAK gt fail Current Reader Status 2 bytes data with one byte of lt Reader State gt and one byte of lt Pre Condition gt Reader State indicates the current state of the reader 0x00 The reader is waiting for Activate Authentication Mode Command The command must be sent before the card can be read 0x01 The authentication request has been sent the reader is waiting for the Activation Challenge Reply Command 0x02 The reader is waiting for a card swipe Pre condition specifies how the reader goes to its current state as follows 0x00 The reader has no card swipes and has not been authenticated since it was powered up 0x01 Authentication Mode was activated successfully The reader processed a valid Activation Challenge Reply command 0x02 The reader receives a good card swipe 0x03 The reader receives a bad card swipe or the card is invalid 0x04 Authentication Activation Failed 0x05 Authentication Deactivation Failed 0x06 Authentication Activation Timed Out The Host fails to send an Activation Challenge Reply c
35. IDT CH Value through Innovation USER MANUAL SecureMag Encrypted MagStripe Reader USB RS232 and PS2 Interface C re 80096504 001 Rev D 06 27 11 SecureMag User Manual FCC WARNING STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his expense FCC COMPLIANCE STATEMENT This device complies with Part 15 of the FCC Rules Operation of this device is subject to the following conditions this device may not cause harmful interference and this device must accept any interference received including interference that may cause undesired operation CANADIAN DOC STATEMENT This digital apparatus does not exceed the Class B limits for radio noise for digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le pr sent appareil num rique n met pas de bruits radio lectriques d passant les
36. S5B63913D29419B67582FCCCE9B 3 72660F03668CC453216D9449C6B67EF3 Track 1 hashed 3418AC88F65E1DB7ED4D10973F99DFC8463FF6DF Track 2 hashed 113B6226C4898A9D355057ECAF1 1A5598F02CA3 1 KSN 62994901190000000001 LRC checksum and ETX 39 9F 03 Masked Data Track 1 data masked in ASCII 4266 Xeexeiees0999 BUSH JR GEORGE W RAV EF k 2 ak ak kk oe sk oie ak oie sk sie se fe ak ooi ak oe ak K 2 2 k 2k Track 2 data masked in ASCII Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 49 of 72 SecureMag User Manual Track 3 data unencrypted in ASCII 333333333337676760707077676763333333333767676070707767676333333333376767 607070776767633333333337676760707 2 Key Value F8 2A 7A 0D 7C 67 46 F1 96 189A FB 54 2C 65 A3 KSN 62 99 49 01 19 00 00 00 00 01 Decrypted Data in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 1 4266841088889999 080910110000046 0 333333333337676760707077676763333333333767676070707767676333333333376767 607070776767633333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572 E4D525E303830393130313130303030313130303030303030303034363030303030303F 213B343236363834313038383838393939393D3038303931303131303030303034363F3 00000000000 10 6 2 Security Level 4 Decryption Original Encryption Format 028501003F48236B252A343236362A2A2A2A2A2A2A2A393939395E42555348204A 522F47454F5247
37. ace e RS232 o Baud Rate 1200 2400 4800 9600 19200 38400 56700 115200 Data bits 8 Stop bits 1 or 2 Parity off odd even mark or space Supports RTS CTS hardware and Xon Xoff software handshaking OO000 e USB o Complies with USB 2 0 specification e PS2 Keyboard o IBM PS2 interface compatible Card Size e Supports cards that meets the ISO 7810 and 7811 1 7 standards Dimension e 3 94 inches length by 1 38 inches width and 1 18 inches height Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 11 of 72 SecureMag User Manual Interface cable and connector e RS232 interface Oo O O O e USB OOO IDT standard RS232 Interface Cable DB 9 Female connector with 2mm power jack in the housing Standard cable length is 6 feet Pin Out Table J1 Color Signal P1 CASE GND SHELL 2 White TXD 2 3 Green RXD 3 4 Yellow VCC from power jack 5 Brown RTS StF 6 Grey CTS 4 7 Black GND 5 J1 is the connector to PCB end and P1 is DB 9 end RTS and CTS are not used unless hardware handshaking support is enabled by Function ID 0x44 Handshake IDT standard USB interface cable Series A plug Standard cable length is 6 feet Pin Out Table J1 Color Signal P1 1 CASE_GND SHELL 3 GRN DATA 3 5 Red V IN 1 6 White DATA 2 7 BLK GND 4 e Keyboard wedge O O IDT sta
38. already in OPOS mode lt R gt 52 Review Setting lt S gt 53 Send Setting lt LRC gt Xor d all the data before LRC Reader Command Summary ASCII HEX Name Use Copyright Report Requests reader s copyright notice 4 8 9 keys 9 0 1 T 4 Reader Reset Reset the reader Software reset does not resend startup string OPOS JPOS Command Command to enter OPOS or JPOS mode D P Arm Disarm to Read Arm to Capture Buffer Mode MSR Read Buffered Data Read Stored MSR Data Read MSR Options Read various reader optional settings Set MSR Options Set various reader optional functions Notation used throughout the document Bold boldface font indicates default setting value 2 single quotation indicates ASCII characters for example 2 is 32 in hex Number a null terminated character string lt Len gt angle brackets indicate a specific character or character string in a command or response Hex the hex character 53 is 5 in ASCII or 83 in decimal Sometimes hex characters are represented with an attached to the end for example 53h 302 is a way to show that the following number is in hex It is used by the configuration program 7 1 Get Copyright Information 02 38 03 39 A 31 byte Copyright Notice will be returned Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 15 of 72 SecureMag User Manual Response is as follows A
39. alue 01 iConfiguration 00 Attributes 80 Bus power no remove wakeup Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 34 of 72 SecureMag User Manual Power 32 100 mA Interface Descriptor Field Value Description Length 09 Des type 04 Interface No 00 Alternator Setting 00 EP 01 Interface Class 03 HID Sub Class 01 Interface Protocol 01 iInterface 00 HID Descriptor Field Value Description Length 09 Des type 21 HID bcdHID 1101 Control Code 00 numDescriptors 01 Number of Class Descriptors to follow DescriptorType 22 Report Descriptor Descriptor Length 3700 HID ID TECH format 3D 00 HID Other format 5200 HID Keyboard format End Pointer Descriptor Field Value Description Length 07 Des Type 05 End Point EP Addr 83 EP3 In Attributes 03 Interrupt MaxPacketSize 40 00 bInterval 01 Report Descriptor USB HID Setting Value Description Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 35 of 72 SecureMag User Manual 0600 Usage Page MSR FF 0901 Usage Decoding Reader Device A101 Collection Application 1500 Logical Minimum 26 FF Logical Maximum 00 7508 Report Size
40. ample udo evi ido Miete sf autetn fau tou EU rid 48 10 6 1 Security Level 3 Decryption Original Encryption Format 48 10 6 2 Security Level 4 Decryption Original Encryption Format 50 10 6 3 Security Level 3 Decryption Enhanced Encryption Format 51 10 6 4 Security Level 4 Decryption Enhanced Encryption Format 54 10 7 Level 4 Activate Authentication Sequence sse 55 Appendix A Setting Parameters and Values scccccseseecsssssssecseccssecssncseascsscssacereess 59 Appendix B Key Code Table in USB Keyboard Interface sss 66 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 6 of 72 SecureMag User Manual 1 Introduction ID TECH SecureMag reader delivers superior reading performance with the ability to encrypt sensitive card data The data encryption process prevents card holder information from being accessed when the data is stored or in transit so the data remains secure from end to end The reader fully supports TDES and AES data encryption using DUKPT key management method The SecureMag is offered in USB RS232 as well as PS2 interfaces 2 Features and Benefits Bi directional card reading Reads encoded data that meets ANSI ISO AAMVA standards and some custom formats such as ISO track 1 format on track 2 or 3 Reads up to three track
41. an be special characters for identifying a specific reading station to format a message header expected by the receiving host or any other character string Up to fifteen ASCII characters can be defined 02 53 D2 lt Len gt lt Preamble gt 03 LRC Where Len the number of bytes of preamble string Preamble string length string NOTE String length is one byte maximum fifteen lt OFh gt 7 9 7 Postamble Setting The postamble serves the same purpose as the preamble except it is added to the end of the data string after any terminator characters 02 53 D3 lt Len gt lt Postamble gt 03 LRC Where Len the number of bytes of postamble string Postamble string length string NOTE String length is one byte maximum fifteen lt OFh gt 7 9 8 Track n Prefix Setting Characters can be added to the beginning of a track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 21 of 72 SecureMag User Manual 02 53 lt n gt lt Len gt lt Prefix gt 03 LRC Where n is 34h for track 1 35h for track 2 and 36h for track 3 Len the number of bytes of prefix string Prefix string length string NOTE String length is one byte maximum six 7 9 9 Track x Suffix Setting Characters can be added to th
42. by the last two bytes of KSN The two bytes of KSN may be compared with the last two bytes of the clear text KSN sent in the message to authenticate the reader The user should complete the Activate Authentication sequence using Activation Challenge Reply command Command Structure Host gt Device Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 55 of 72 SecureMag User Manual lt STX gt lt R gt lt 80h gt lt 02h gt lt Pre Authentication Time Limit gt lt ETX gt lt LRC gt Device gt Host lt ACK gt lt STX gt lt Device Response Data gt lt ETX gt lt LRC gt success lt NAK gt fail Pre Authentication Time Limit 2 bytes of time in seconds Device Response Data 26 bytes data consists of lt Current Key Serial Number gt lt Challenge 1 gt lt Challenge 2 gt Current Key Serial Number 10 bytes data with Initial Key Serial Number in the leftmost 59 bits and Encryption Counter in the rightmost 21 bits Challenge 1 8 bytes challenge used to activate authentication Encrypted using the key derived from the current DUKPT key Challenge 2 8 bytes challenge used to deactivate authentication Encrypted using the key derived from the current DUKPT key Activation Challenge Reply Command This command serves as the second part of an Activate Authentication sequence The host sends the first 6 bytes of Challenge 1 from the response of Activate Authenticated Mode command two
43. ces 10 1 Level 1 and level 2 Standard Mode Data Output Format USB HID Output Format Card data is only sent to the host on the Interrupt In pipe using an Input Report The reader will send only one Input Report per card swipe If the host requests data from the reader when no data is available the reader will send a NAK to the host to indicate that it has nothing to send Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 32 of 72 SecureMag User Manual 10 1 1 USB HID Data Format Other Mode Reader Data Structure Offset Usage Name 0 T1 decode status 1 T2 decode status 2 T3 decode status 3 T1 data length 4 T2 data length 5 T3 data length 6 Card encode type 7 116 T1 data 117 226 T2 data 227 336 T3 data Notes T1 T2 or T3 decode status 0 for no error for error T1 T2 or T3 Data Length Each byte value indicates how many bytes of decoded card data are in the track data field This value will be zero if there was no data on the track or if there was an error decoding the track Card Encode Type Value Encode Type Description 0 ISO ABA ISO ABA encode format 1 AAMVA AAMVA encode format 3 Other The card has a non standard format For example ISO ABA track 1 format on track 2 4 Raw The card data is sent in Raw encrypted format All tracks are encrypted and no mask data is sent T1 T2 or T3 data The length of each track data field is fixed at 110 bytes but the length
44. d 8 or ISO JIS II 110 OPOS Raw Data Output 111 JIS I JIS II B12 Reserved for future use Decode flag will set to 1 B3 B4 and B5 all set to 1 in OPOS raw data mode Track ID Track ID is a byte of ID it will be 1 2 and 3 for track 1 2 and 3 it is not accurate to use start sentinel to identify track Track x Error Track x error is a byte of flags it will be in format of 0 0 1 b4 b3 b2 b1 bO bO 1 Start sentinel error 0 Not start sentinel error bl 1 End sentinel error 0 Not end sentinel error b2 1 Parity error 0 Not parity error b3 1 LRC error 0 Not LRC error b4 1 Other error 0 Not other error Track x Error is set to 0x20 in OPOS raw data mode Track Length Assume actual Track x Data Length is hex code xy the Track x data length for OPOS mode output will be hex code 3x 3y Track x data length does not include the byte of Track x data LRC it is lt 30 gt lt 30 gt in case of read error on track x Track Data Card Track x LRC code is track x card data Track x LRC Track x data LRC is a LRC to check track x data communication XOR all characters start from Track x ID to Track x data LRC should be 0 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 39 of 72 SecureMag User Manual 10 3 DUKPT Level 3 Data Output Enhanced Format This mode is used when all tracks must be encrypted or encrypted OPOS support is requi
45. d Track 2 unencrypted Length This one byte value is the length of the original Track data It indicates the number of bytes in the Track masked data field It should be used to separate Track 1 and Track 2 data after decrypting Track encrypted data field Track 3 unencrypted Length This one byte value indicates the number of bytes in Track 3 masked data field Track 1 and Track 2 masked Track data masked with the MaskCharID default is The first PrePANID up to 6 for BIN default is 4 and last PostPANID up to 4 default is 4 characters can be in the clear unencrypted The expiration date is masked by default but can be optionally displayed Track 1 and Track 2 encrypted This field is the encrypted Track data using either TDES CBC or AES CBC with initial vector of 0 If the original data is not a multiple of 8 bytes for TDES ora multiple of 16 bytes for AES the reader right pads the data with 0 The key management scheme is DUKPT and the key used for encrypting data is called the Data Key Data Key is generated by first taking the DUKPT Derived Key exclusive or ed with 0000000000FF0000 0000000000FF0000 to get the resulting intermediate variant key The left side of the intermediate variant key is then TDES encrypted with the entire 16 byte variant as the key After the same steps are preformed for the right side of the key combine the two key parts to create the Data Key How to get Encrypted Data Length Track 1 and Track 2 da
46. data is below Track 1 encrypted length 0x48 rounded up to 8 bytes 0x48 72 decimal DA7F2A52BD3F6DD8B96C50FC39C7E6AF22F06ED1F033BEOFB23D6BD33DC5A1 F8 08512F7AE18D47A60CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC88 15FF87797AE3A7BE Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 52 of 72 SecureMag User Manual Track 2 encrypted length 0x32 rounded up to 8 bytes 0x38 56 decimal AB3BI10A3FBC230FBFB941FAC9E82649981A E79F2632156E775A06AEDAFAF6FO0 A 184318C5209E55AD Track 3 encrypted length Ox6B rounded up to 8 bytes 20x70 64 decimal 44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42 A99B1B9773EFIBI16E005B7CD8681860D174E6AD316A0ECDBC687115FC89360A EE7E430140A7B791589CCAADB6D6872B78433C3A25DA9DDAES83FI2FEFABS530 CE 405B701131D2FBAAD970248A45600093 Track 1 data hashed length 20 bytes 3418AC88F65EIDB7ED4D10973F99DFC8463FF6DF Track 2 data hashed length 20 bytes 113B6226C4898A9D355057ECAF11A5598F02CA31 Track 3 data hashed length 20 bytes 688861C157C1CE2E0F72CEOF3BB598A614EAABBI KSN length 10 bytes 62994901190000000002 LCR check sum and ETX 06E203 Clear Masked Data in ASCII Track 1 99 4266 9999 BUSH JR GEORGE W MR k ak ak ak sk sie se sie ak sie se fe ak oo o oe oe ak K 2 k k 2k Track 2 426 6 HEH EHH 99 QO HH k k k kkk k kk HED Key Value 1A 99 4C 3E 09 D9 AC EF 3E A9 BD 43 81 EF A3 34 KSN 62 99 49 01 19 00 00 00 00 02 Decrypted Data
47. e end of track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined 02 53 lt n gt lt Len gt lt Suffix gt 03 LRC Where n is 37h for track 1 38h for track 2 and 39h for track 3 Len the number of bytes of suffix string Suffix string length string NOTE String length is one byte maximum six 7 9 10 Track Selection There are up to three tracks of encoded data on a magnetic stripe This option selects the tracks that will be read and decoded 02 53 13 01 Track Selection Settings 03 LRC Track Selection Settings 0 Any Track 1 Require Track 1 Only 2 Require Track 2 Only 3 Require Track 1 amp Track 2 4 Require Track 3 Only 5 Require Track 1 amp Track 3 Require Track 2 amp Track 3 7 Require All Three Tracks 8 Any Track 1 amp 2 9 Any Track 2 amp 3 Note If any of the required multiple tracks fail to read for any reason no data for any track will be sent Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 22 of 72 SecureMag User Manual 7 9 11 Track Separator Selection This option allows the user to select the character to be used to separate data decoded by a multiple track reader 02 53 17 01 Track Separator 03 LRC Track Separator is one ASCII Character The default value is CR Oh mea
48. eck Character MAC Message Authentication Code MSR Magnetic Stripe Reader OLE Object Linking and Embedding OPOS OLE for Retail Point Of Sale OTP One Time Programmable PAN Primary account number PCI Payment Card Industry PID USB Product ID POS Point of Sale PPMSR Serial Port Power Magstripe Reader P N Part Number PS 2 IBM Personal System 2 Keyboard Interface RTS Request To Send SPI Serial Peripheral Interface T1 T2 T3 Track 1 data Track 2 data Track 3 data TDES Triple Data Encryption Standard VID USB Vendor ID Note many unusual words used in this document are defined in the Function ID table on page Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 8 of 72 SecureMag User Manual 4 Applicable Documents ISO 7810 1985 Identification Cards Physical ISO 7811 1 through 6 Identification Cards Track 1 through 3 ISO 7816 1 through 4 Identification Cards Integrated circuit cards with contacts ISO 4909 Magnetic stripe content for track 3 ISO 7812 Identification Cards Identification for issuers Part 1 amp 2 ISO 7813 Identification Cards Financial Transaction Cards ANSI X 94 Retail Financial Services Symmetric Key Management Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 9 of 72 SecureMag User Manual 5 Operation A card may be swiped through the reader slot when the LED is green The magne
49. ettings 02 53 18 03 LRC This command does not have any lt FuncData gt It returns all non security settings for all groups to their default values 7 9 3 MSR Reading Settings 02 53 1A 01 lt MSR Reading Settings gt 03 LRC MSR Reading Settings 0 MSR Reading Disabled 1 MSR Reading Enabled 7 9 4 Decoding Method Settings 02 53 1D 01 lt Decoding Method Settings gt 03 LRC Decoding Method Settings 0 Raw Data Decoding in Both Directions 1 Decoding in Both Directions 2 Moving stripe along head in direction of encoding 3 Moving stripe along head against direction of encoding Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 20 of 72 SecureMag User Manual With the bi directional method the user can swipe the card in either direction and still read the data encoded on the magnetic stripe Otherwise the card can only be swiped in one specified direction to read the card Raw Decoding just sends the card s magnetic data in groups of 4 bits per character No checking is done except to verify track has or does not have magnetic data 7 9 5 Terminator Setting Terminator characters are used to end a string of data in some applications 02 53 21 01 Terminator Settings 03 LRC Terminator Settings Any one character 00h is none default is CR 0Dh 7 9 6 Preamble Setting Characters can be added to the beginning of a string of data These c
50. for enhanced encryption format only Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 40 of 72 SecureMag User Manual Command 53 86 01 Mask Option Mask Option Default 0x07 bit0 1 tk1 mask data allow to send when encrypted bitl 1 tk2 mask data allow to send when encrypted bit2 1 tk3 mask data allow to send when encrypted When mask option bit is set if data is encrypted but not forced encrypted the mask data will be sent If mask option is not set the mask data will not be sent under the same condition Settings for OPOS 1 Assume reader is under default setting Encrypt Structure 0 2 Setto new Encrypt Structure 1 53 850131 The OPOS driver application may also send following command when change Decode Raw format Set raw or decode data format 531D 0130 RAW data format 53 1D 01 31 Decoded format Card data is sent out in the following format lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt 0 STX 1 Data Length low byte 2 Data Length high byte 3 Card Encode Type 4 Track 1 3 Status 5 Track 1 data length 6 Track 2 data length 7 Track 3 data length 8 Clear masked data sent status 9 Encrypted Hash data sent status 10 Track 1 clear mask data Track 2 clear mask data Track 3 clear mask data Track 1 encrypted data Track 2 encrypted data Track 3 encrypted data Session ID
51. gainst or not Purchaser s sole and exclusive remedy for defective equipment which does not conform to the requirements of sales is to have such equipment replaced or repaired by ID TECH For limited warranty service during the warranty period please contact ID TECH to obtain a Return Material Authorization RMA number amp instructions for returning the product THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE THERE ARE NO OTHER WARRANTIES OR GUARANTEES EXPRESS OR IMPLIED OTHER THAN THOSE HEREIN STATED THIS PRODUCT IS SOLD AS IS IN NO EVENT SHALL ID TECH BE LIABLE FOR CLAIMS BASED UPON BREACH OF EXPRESS OR IMPLIED WARRANTY OF NEGLIGENCE OF ANY OTHER DAMAGES WHETHER DIRECT IMMEDIATE FORESEEABLE CONSEQUENTIAL OR SPECIAL OR FOR ANY EXPENSE INCURRED BY REASON OF THE USE OR MISUSE SALE OR FABRICATIONS OF PRODUCTS WHICH DO NOT CONFORM TO THE TERMS AND CONDITIONS OF THE CONTRACT The information contained herein is provided to the user as a convenience While every effort has been made to ensure accuracy ID TECH is not responsible for damages that might occur because of errors or omissions including any loss of profit or other commercial damage nor for any infringements or patents or other rights of third parties that may result from its use The specifications described herein were current at the time of publication but are subject to change at any time without prior notice ID TECH a
52. ift On Esc 97 esc 29 Enter 98 enter 28 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 69 of 72 SecureMag User Manual Num Enter 99 Num enter 58 Delete 9A Mel 4C Insert 9B ins 49 Backspace 9C bs 2A SPACE 9D sp 2C Pause 9C ps 48 Ctrl OF ctrl 2F Ctrl On Ctrl AO ctr2 30 Ctrl On Ctrl Al ctr3 31 Ctrl On Left_Ctrl_Break A2 V ctr bk Clear Ctrl Flag Left Ctrl Make A3 V ctrl mk Set Ctrl Flag for following char s Left Shift Break A4 V shift bk Clear Shift Flag Left Shift Make A5 V shift mk Set Shift Flag for following char s Left Windows A6 V windows E3 left GUI Left Alt Break AT V alt bk Clear Alt Flag Left Alt Make A8 V alt mk Set Alt Flag for following char s Right Ctrl Break A9 X ctr bk Clear Ctrl Flag Right Ctrl Make AA r ctrl mk Set Ctrl Flag for following char s Right Shift Break AB X shift bk Clear Shift Flag Right Shift Make AC X shift mk Set Shift Flag for following char s Right Windows AD Y windows E7 right GUI Right Alt Break AE X alt bk Clear Alt Flag Right Alt Make AF XY alt mk Set Alt Flag for following char s Num Lock B0 num lock 23 Num 0 Bl num0 62 Num Lock On Num 1 B2 num1 59 Num Lock On Num 2 B3 num2 5A Num Lock On Num 3 B4 num3 5B Num Lock On Num 4 B5 num
53. ion format Revised to include more detailed explanations on the command format and security features C 05 02 2011 Edited original and enhanced encryption Jenny W output format Added more info in Section 10 Data Output D 06 27 2011 Updated setting parameters table Jenny W Added prefix postfix support in USBKB and PS2 encrypted output Added 19 bytes ISO card account number support Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 4 of 72 SecureMag User Manual Table of Contents Lo Introduction nda seis a sues e torret a trt rebar Ede E M tont a Often Radical 7 2 lt Features and Bene DES osse osas sutateussonogsdetand dete ret ve ipe suo tbt teria rv opea Nd eia E eaten 7 Jy Terms and ADDPeviatiofiSa uc nite erp Rs nn a aee aes 8 4 Applicable MOCUMICIS coc asiiasicsvalhcis cosa ptensahanunsts iovelausvesatedandiadiatelsi vecnenaelardasshilebuases 9 Du OBOIMIOtisaeiechm Vat ME Mitten bau UEM Top ECC Fani terea ona a 10 Do CE ACH Ut ficu su od eee ud antabuse a e a be Spas t tola puel stood ier ein Liebe 11 Je Gomiband PROCESS n n EUN e e a L NEA eR ULLAM od 14 Td Get Copyright Infofmadtlotna ocurre tee ete eroi i Pads de uivncsswodurhasicdabent 15 7 2 Version Report Conitridtido aolet bs sun cord rdee te ende Ct iUe pedea eir RA o PALME qe de 16 Ta Key Loading Command erc etes tora tro itti Oa efe uias in ia iade ies 16 TX Reader Reset Command
54. its encoding Track2 is 5 bits encoding Track3 is 7 bits encoding e Others Customer card 8 3 MSR Data Masking For ABA Card Data Card Type 0 For cards need to be encrypted both encrypted data and clear text data are sent Masked Area Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 25 of 72 SecureMag User Manual The data format of each masked track is ASCII The clear data include start and end sentinels separators first N last M digits of the PAN card holder name for Track1 The rest of the characters should be masked using mask character Set PrePANCIrData N PostPANCIrData M MaskChar Mask Character N and M are configurable and default to 4 first and 4 last digits They follow the current PCI constraints requirements N 6 M 4 maximum Mask character default value is e Set PrePANCIrDataID N parameter range 00h 06h default value 04h e Set PostPANCIrDataID M parameter range 00h 04h default value 04h e MaskCharID Mask Character parameter range 20h 7Eh default value 2Ah e DisplayExpirationDataID parameter range 0 1 default value 0 Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 26 of 72 SecureMag User Manual 9 Using the Demo Program ID TECH SecureMag Demo is provided to demonstrate features of the Encrypted MSR It supports decrypting the encrypted data and
55. limites applicables aux appareils num riques de las classe A prescrites dans le R glement sur le brouillage radio lectrique dict par les minist re des Communications du Canada CE STANDARDS An independent laboratory performed testing for compliance to CE requirements The unit under test was found compliant to Class B Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 2 of 72 SecureMag User Manual LIMITED WARRANTY ID TECH warrants to the original purchaser for a period of 12 months from the date of invoice that this product is in good working order and free from defects in material and workmanship under normal use and service ID TECH s obligation under this warranty is limited to at its option replacing repairing or giving credit for any product that returned to the factory of origin with the warranty period and with transportation charges and insurance prepaid and which is after examination disclosed to ID TECH s satisfaction to be defective The expense of removal and reinstallation of any item or items of equipment is not included in this warranty No person firm or corporation is authorized to assume for ID TECH any other liabilities in connection with the sales of any product In no event shall ID TECH be liable for any special incidental or consequential damages to purchaser or any third party caused by any defective item of equipment whether that defect is warranted a
56. n format Field 8 Clear masked data sent status byte Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 42 of 72 SecureMag User Manual Bit 0 1 track 1 clear mask data present Bit 1 1 track 2 clear mask data present Bit 2 1 track 3 clear mask data present Bit 3 0 reserved for future use Bit 4 0 reserved for future use Bit 5 0 reserved for future use Note 4 Encrypted Hash data sent status Field 9 Encrypted data sent status Bit 0 1 track 1 encrypted data present Bit 1 1 track 2 encrypted data present Bit 2 1 track 3 encrypted data present Bit 3 1 track 1 hash data present Bit 4 1 track 2 hash data present Bit 5 1 track 3 hash data present Bit 6 1 session ID present Bit 7 1 KSN present 10 4 DUKPT Level 3 Data Output Original Format For ISO cards both masked clear and encrypted data are sent no clear data will be sent For other cards only clear data is sent A card swipe returns the following data Card data is sent out in format of lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt lt STX gt 02h lt ETX gt 03h lt LenL gt lt LenH gt is a two byte length of Card Data lt CheckLRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is a one byte Sum value calculated for all Card data Card Data card data format is
57. nd Value through Innovation are trademarks of International Technologies amp Systems Corporation USB Universal Serial Bus specification is copyright by Compaq Computer Corporation Intel Corporation Microsoft Corporation and NEC Corporation Windows is registered trademarks of Microsoft Corporation ID TECH 10721 Walker Street Cypress CA 90630 714 761 6368 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 3 of 72 SecureMag User Manual Revision History Revision Date Description By A 05 05 2010 Initial Release Jenny W Al 06 14 2010 Added RS232 interface Jenny W A2 06 16 2010 General edits and modified Appendix A Jenny W A3 06 25 2010 Updated reader command summary Jenny W A4 06 28 2010 Updated reader command Jenny W Added Set Reader Options and Get Reader Options command A5 06 29 2010 Added level 4 security features to demo Jenny W software section A6 07 21 2010 Modified commands for Key Loading Jenny W Removed commands for Enter Quit Key Loading mode as they are no longer being supported A7 09 07 2010 Added original and enhanced security Bruce K structures and descriptions A8 09 07 2010 Added PS2 interface Jimmy W A9 09 10 2010 Updated demo software screenshots Jenny W Revised data format information General edits B 09 24 2010 Added decryption example for level 3 and Jenny W 4 original and enhanced encrypt
58. ndard Keyboard Wedge cable Y cable with dual PS 2 6 pin mini DIN connectors male side is connected to PC female side connected to KB Standard cable length is 6 feet Pin Out Table J1 Color Signal J2 J3 1 CASE GND SHELL SHELL 2 White P CLK 5 3 Green P DATA 1 4 Yellow VCC 4 4 5 Brown K CLK 5 6 Grey K DATA 1 7 Black GND 3 3 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 12 of 72 SecureMag User Manual PS 2 Connector J Jd 6 Pin 6 Pin Hale Female V QV 3 aes oe 4 1 2 LED indicator e 2mmx5mm Green Red dual color under firmware control Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 13 of 72 SecureMag User Manual 7 Command Process Command requests and responses are sent to and received from the device For USB interface devices the commands are sent to the device using HID class specific request Set Report 21 09 The response to a command is retrieved from the device using HID class specific request Get Report A1 01 These requests are sent over the default control pipe For RS232 interface devices please see the commands listed below Function ID Table The complete table of Function ID used in command response are listed in Appendix A Setting Command The setting data command is a collection of many function setting blocks and its
59. ns no track separator 7 9 12 Start End Sentinel and Track 2 Account Number Only The SecureMag can be set to either send or not send the Start End sentinel and to send either the Track 2 account number only or all the encoded data on Track 2 The Track 2 account number setting doesn t affect the output of Track 1 and Track 3 02 53 19 01 lt SendOption gt 03 LRC lt SendOption gt 0 Don t send start end sentinel and send all data on Track 2 1 Send start end sentinel and send all data on Track 2 2 Don t send start end sentinel and send account on Track 2 3 Send start end sentinel and send account number on Track 2 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 23 of 72 SecureMag User Manual 8 Security Features The reader features configurable security settings Before encryption can be enabled Key Serial Number KSN and Base Derivation Key BDK must be loaded before encrypted transactions can take place The keys are to be injected by certified key injection facility There are five security levels available on the reader as specified in the followings e Level 0 Security Level 0 is a special case where all DUKPT keys have been used and is set automatically when it runs out of DUKPT keys The lifetime of DUKPT keys is 1 million Once the key s end of life time is reached user should inject DUKPT keys again before doing any more transactions
60. of valid data in each field is determined by the track data length field that corresponds to the track number The track data includes all data string starting with the start sentinel and ending with the end sentinel ID TECH Reader Data Structure Offset Usage Name DNnNBWNK c T1 decode status T2 decode status T3 decode status T1 data length T2 data length T3 data length Card encode type Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 33 of 72 SecureMag User Manual 7 8 Total Output Length 9 512 Output Data In this approach the reader will keep all of the ID TECH data editing and other features like preamble postamble etc The output data is always 512 bytes the Total Output Length field indicates the valid data length in the output data 10 1 2 Descriptor Tables Device Descriptor Field Value Description Length 12 Des type 01 bcd USB 00 02 USB 2 0 Device Class 00 Unused Sub Class 00 Unused Device Protocol 00 Unused Max Packet Size 08 VID 0A CD PID 20 10 HID ID TECH Structure 20 20 HID Other Structure 20 30 HID Keyboard BCD Device Release 00 01 i Manufacture 01 i Product 02 i Serial Number 00 Configuration 01 Configuration Descriptor Field Value Description Length 09 Des type 02 Total Length 22 00 No Interface 01 Configuration V
61. ommand within the time specified in the Activate Authentication Mode command 0x07 Swipe Timed Out The user fails to swipe a card within the time specified in the Activation Challenge Reply command Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 58 of 72 SecureMag User Manual Appendix A Setting Parameters and Values Following is a table of default setting and available settings value within parentheses for each function ID Function ID Hex Description Default Description Setting HTypeID 10 Terminal Type 0 PC AT Scan Code Set 2 1 k 0 2 4 6 _ 3 PC AT with external Keyboard and PC AT without External Keyboard BeepID 11 Beep Setting 2 04 Beep volume high and frequency high ChaDelayID 12 Character 0 0 5 2 ms inter character delay k Delay 6 6 for 0 mS delay TrackSelectID 13 Track Selection 0 0 9 Any Track 0 any 1 7 bit 1 0x30 Any tk1 bit 2 tk2 bit 3 tk3 8 Track tk1 2 9 tk2 3 0x31 Track 1 Only 0x32 Track 2 Only 0x33 Track 1 amp Track 2 0x34 Track 3 Only 0x35 Track 1 amp Track 3 0x36 Track 2 amp Track 3 0x37 AII Three Tracks 0x38 Track 1 Or Track 2 0x39 Track 2 Or Track 3 PollingInterval 14 Polling Interval 1 1 255 USB HID Polling Interval u ID DataFmtID 15 Data Output 0 0 27 ID
62. on t include mod 10 1 e check digit display mod10 2 display wrong mod10 DesKeyID 56 DES Key 0 internal use only r Value e AesKeyID 57 AES Key 0 internal use only r Value e Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 63 of 72 SecureMag User Manual KeyManageTy 58 DUKPT 0 117 0 fixed key peID HashOptID 5C 3 07 7 Send tk1 2 hash bit 0 1 send tk1 hash bit 1 1 send tk2 hash bit2 1 send tk3 hash HexCaseID 5D 0 0 17 LRCID 60 LRC character 0 0 1 Without LRC in output T17BStartID 61 Track 7 Bit oe 9 as Track 1 7 Bit Start Start Char Sentinel T16BStartID 62 T16B Start as Track 1 6 Bit Start Sentinel T15BStartID 63 T15B Start res as Track 1 5 Bit Start Sentinel T27BStartID 64 Track 2 7 Bit oe as Track 2 7 Bit Start Start Char Sentinel T25BStartID 65 T25BStart P as Track 2 5 Bit Start Sentinel T37BStartID 66 Track 3 7 Bit oe 9 as Track 3 7 Bit Start Start Char Sentinel T36BStartID 67 T36BStart YP P as Track 3 6 Bit Start Sentinel T35BStartID 68 T35BStart re as Track 3 5 Bit Start Sentinel T1lEndID 69 Track End Ud as End Sentinel Sentinel T2EndID 6A Track 2 End as End Sentinel Sentinel T3EndID 6B Track 3 End 2A as End Sentinel Sentinel TIERRSTAR 6C Track 1 error
63. pe 1 AAMVA 3 Others e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 length 1 byte 0 for no track1 data e track 2 length 1 byte 0 for no track2 data e track 3 length 1 byte 0 for no track3 data e track data e track 2 data e track 3 data Except for USBKB and PS2 interfaces track formatting preamble prefix separator etc is not supported in a reader set to send encrypted track data The track data is always sent in the same format that is with no special formatting so that the program doing the decoding can know where is data field is located For USBKB and PS2 interfaces preamble and postamble will be available in the encrypted track data Offset to the fields can be determined by adding the field lengths using the track data for the track field lengths Fields are packed in the next available location T1 T2 or T3 Data Length Each byte value indicates how many bytes of decoded card data are in the track data field This value will be zero if there was no data on the track or if there was an error decoding the track The encrypted section is padded with zeros to the block size of the encryption type 8 bytes for TDES and 16 bytes for AES The hashed data may optionally be omitted and also track 3 may be hashed and included Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 45 of 72 SecureMag User Manual Description Track 1 an
64. pted Data textbox after a card is swiped By default the cursor is in Manual Command Encrypted Data textbox 021201001F482300 4266 3939 BUSH JR GEORGE W MA en eh 4255 egg aene BEC64528C27E CSO40B 0FB6242E 06E 26FD 7288E B6688AD 427EDECFS0559F 8D 4BE 1E3453F 7C745EE 48FE 18 8308 461F80B5DFEBBDD5F3477CC50595569CDEECO3F9C637668300332C1 1 4BFB0954B 701084CD 10413846 28FB753E 3338204DE 182006950CF 765E 73BF634B 3246BASD 7B90E 9025D 47EB 144D3DBF5DAB743010DASC 77E1F4D5410042582446738 74D 28B 31 208FD 8D 034330CB0441 262994901 1 300000000370CC804 To get the decrypted data press the Decrypt button and the decrypted card data will be displayed in the lower box The default initial key is 0123456789ABCDEFFEDCBA9876543210 If the reader is programmed with a user defined key load the same key to the demo software by pressing the Input Initial Key button Type the initial key in the box and press OK when finished Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 29 of 72 SecureMag User Manual INPUT INITIAL KEY jor 2345678948 CDEFFEDCBA9876543210 o 234567894BCDEFFEDCBA9876543210 Cancel The Key Value KSN and Decrypted Data will be shown in the command output decrypted data textbox Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 30 of 72 SecureMag User Manual 9 3 Reader Operations The demo sof
65. rack len Track x LRC 10 Track len 1 0x0D 10 Track len 2 Track x ID Repeat Track The data format is independent with MSR setting No Track x data if track x sampling data does not exist OPOS header Only HID KB interface has Right Shift Left Shift Right Ctrl Left Ctrl under POS mode Read Error Read Error 1 byte bits MB LB 0 B6 B5 B4 B3 B2 B1 B0 BO Track 1 sampling data exists 0 Track 1 sampling data does not exist Bl Track 2 sampling data exists 0 Track 2 sampling data does not exist B2 Track 3 sampling data exists 0 Track 3 sampling data does not exist B4 Track 2 decode success 0 Track 2 decode fail B5 Track 3 decode success 0 Track 3 decode fail 1 1 1 B3 1 Track 1 decode success 0 Track 1 decode fail 1 1 B6 0 if bO to b5 are all 1 otherwise 1 make it printable Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 38 of 72 SecureMag User Manual Read Error byte 2 MB LB 0 1 B12 Bll B10 B9 B8 B7 B7 1 Track 4 sampling data exists 0 Track 4 sampling data does not exist B8 1 Track 4 JIS II decode success 0 Track4 JIS II decode fail B9 B10 B11 000 ISO Card 7 5 or 7 5 5 encoding 001 Old CADL Card 6 5 6 encoding no longer included 010 AAMVA Card 7 5 7 encoding 011 JIS I Card 8 5 8 encoding 100 JIS II car
66. red or when the tracks must be encrypted separately or when cards other than type 0 ABA bank cards must be encrypted or when track 3 must be encrypted This format is the standard encryption format but not yet the default encryption format l Encryption Output Format Setting Command 53 85 01 Encryption Format gt Encryption Format 00h Original Encryption Format Olh Enhanced Encryption Format Encryption Option Setting for enhanced encryption format only Command 53 84 01 Encryption Option Encryption Option default 08h bit0 1 track 1 force encrypt bitl 1 track 2 force encrypt bit2 1 track 3 force encrypt bit3 1 track 3 force encrypt when card type is 0 Note 1 When force encrypt is set this track will always be encrypted regardless of card type No clear mask text will be sent 2 If and only if in enhanced encryption format each track is encrypted separately Encrypted data length will round up to 8 or 16 bytes 3 When force encrypt is not set the data will be encrypted in original encryption format that is only track 1 and track 2 of type 0 cards ABA bank cards will be encrypted Hash Option Setting Command 53 5C 01 Hash Option Hash Option 0 7 Bit0 1 track hash will be sent if data is encrypted Bitl 1 track2 hash will be sent if data is encrypted Bit2 1 track3 hash will be sent if data is encrypted 4 Mask Option Setting
67. rl On Ctrl O OF 12 Ctrl On Ctrl P 10 13 Ctrl On Ctrl Q 11 14 Ctrl On Ctrl R 12 15 Ctrl On Ctrl S 13 16 Ctrl On Ctrl T 14 17 Ctrl On Ctrl U 15 18 Ctrl On Ctrl V 16 19 Ctrl On Ctrl W 17 1A Ctrl On Ctrl X 18 1B Ctrl On Ctrl Y 19 1C Ctrl On Ctrl Z 1A 1D Ctrl On ESC 1B esc 29 Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 66 of 72 SecureMag User Manual Ctrl 1C 31 Ctrl On Ctrl 1D 30 Ctrl On Ctrl 6 1E 23 Ctrl On Ctrl 1F 2D Ctrl On SPACE 20 2C 21 1E Shift On 22 34 Shift On 23 20 Shift On 24 21 Shift On 25 22 Shift On amp 26 24 Shift On 27 34 28 26 Shift On 29 27 Shift On 2A 25 Shift On 2B 2E Shift On 2C 36 2D 2D 2E 37 2F 38 0 30 27 Shift On 1 31 1E Shift On 2 32 1F Shift On 3 33 20 Shift On 4 34 21 Shift On 5 35 22 Shift On 6 36 23 Shift On 7 37 24 Shift On 8 38 25 Shift On 9 39 26 Shift On 3A 33 Shift On 3B 33 lt 3C 36 Shift On 3D 2E gt 3E 37 Shift On 3F 38 Shift On 40 1F A 41 04 Shift On B 42 05 Shift On C 43 06 Shift On D 44 07 Shift On E 45 08 Shift On Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 67 of 72 SecureMag User Manual
68. s of card data A LED and a beeper on the reader provide status of the reading operations Compatible with USB specification Revision 2 0 USB interface Compatible with HID specification Version 1 1 USB interface Uses standard Windows HID driver for communications no third party device driver is required USB interface Provides clear text confirmation data including card holder s name and a portion of the PAN as part of the Masked Track Data User friendly configuration software for device configuration Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 7 of 72 SecureMag User Manual 3 Terms and Abbreviations AAMVA American Association of Motor Vehicle Administration ABA American Banking Association AES Advanced Encryption Standard ASIC Application Specific Integrated Circuit BPI Bits per Inch CADL California Drivers License Format obsolescent CE European Safety and Emission approval authority COM serial communication CTS Clear To Send CDC USB to serial driver Communication Device Class DES Data Encryption Standard DUKPT Derived Unique Key Per Transaction DMV Department of Motor Vehicle GND Signal Ground HID Human Interface Device IPS Inches per Second ISO International Organization for Standardization JIS Japanese Industrial Standard JPOS Java for Retail Point Of Sale KB Keyboard KSN Key Serial Number LED Light Emitting Diode LRC Longitudinal Redundancy Ch
69. start sentinel if track 1 error TID code report T2bERRSTAR 6D Track 2 error P start sentinel if track 2 error TID code report T3ERRSTAR 6E Track 3 error o start sentinel if track 3 error TID code report SecureLrcID 6F Secured output 1 0 1 1 to send LRC in secured format Lrc output data option T28BStartID 72 JIS T12 SS ES 0 T38BStartID 73 JIS T3 SS ES 0 SPISettingID 75 0 EquipFwID 77 feature option 0 3 10 12 Reader firmware setting configuration Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 64 of 72 SecureMag User Manual SyncCheckID 7B check for track 0 0 2 check leading amp trailing sync bits sync bits on track data if poorly encoded card MagTSecureL 7D P 0 3 p vlID SecurityLevell 7E n D r MagTCryptID 7F 1 07 37 p PrefixID D2 Preamble 0 No Preamble 15 char max PostfixID D3 Postamble 0 No Postamble 15 char max Note not all function ID are present in different hardware version of the SecureMag the last column above has some codes feature not currently supported exists for compatibility s feature available on in the RS232 serial version of the reader u feature available only in the USB version k feature available on in the keyboard version p feature available only in the SPI version r reset all does
70. t configured for buffered mode NAK Already armed NAK for keyboard interface is FD non KB mode NAK is 15 7 8 Read MSR Options Command 02 52 IF 03 LRC Response format The current setting data block is a collection of many function setting blocks lt FuncSETBLOCK gt as follows lt STX gt lt FuncSETBLOCK1 gt lt FuncSETBLOCKn gt lt ETX gt lt CheckSum gt Each function setting block lt FuncSETBLOCK gt has the following format lt FuncID gt lt Len gt lt FuncData gt Where Copyright 2010 2011 International Technologies amp Systems Corp All rights reserved Page 19 of 72 SecureMag User Manual lt FuncID gt is one byte identifying the setting s for the function Len is a one byte length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the sending command for this function FuncSETBLOCK are in the order of their Function ID lt FuncID gt 7 9 Set MSR Options Command The default value is listed in bold 7 9 1 Beep Volume The beep volume and frequency can be each adjusted to two different levels or turned off 02 53 11 01 lt Beep Settings gt 03 LRC Beep Settings 0 for beep volume off 1 for beep volume high low frequency 2 for beep volume high high frequency 3 for beep volume low high frequency 4 for beep volume low low frequency 7 9 2 Change to Default S
71. ta are encrypted as a single block In order to get the number of bytes for encrypted data field we need to get Track 1 and Track 2 unencrypted length first The field length is always a multiple of 8 bytes for TDES or multiple of 16 bytes for AES This value will be zero if there was no data on both tracks or if there was an error decoding both tracks Once the encrypted data is decrypted all padding 0 need to be removed The number of bytes of decoded track 1 data is indicated by track 1 unencrypted length field The remaining bytes are track 2 data the length of which is indicated by track 2 unencrypted length filed Track 1 2 and 3 hashed SecureMag reader uses SHA 1 to generate hashed data for both track 1 track 2 and track 3 unencrypted data It is 20 bytes long for each track This is provided Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 46 of 72 SecureMag User Manual with two purposes in mind One is for the host to ensure data integrity by comparing this field with a SHA 1 hash of the decrypted Track data prevent unexpected noise in data transmission The other purpose is to enable the host to store a token of card data for future use without keeping the sensitive card holder data This token may be used for comparison with the stored hash data to determine if they are from the same card Some Additional notes 4 28 2011 l Decode status bits in track status b
72. tic stripe must face toward the magnetic read head and may be swiped in either direction After a card is swiped the LED will turn off temporarily until the decode process is completed If there are no errors decoding the card data then the LED will turn green If there are any errors decoding the card data the LED will turn red for less than one second to indicate that an error occurred and then turn green The reader LED will be off during the data transfer and is ready to read another card when the LED returns to green A red LED indicates an error and the beeper will also provide error indications The beeper will beep for each correctly read track of data on the magstripe card Depending on the security level configured the card data might be displayed in clear or encrypted mode Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 10 of 72 SecureMag User Manual 6 Specification Power Consumption 5VDC 10 e Maximum operating current consumption less than 50mA e RS232 interface external power adaptor supplies power through RS232 cable e USB interface from host interface No external power adaptor needed Swipe speed e 3 to 65 inches per second e Bi directional Indicators e Tri color LED o Red indicates bad read o LED off while reading and decoding o Green indicates good read and ready to read e Beeper o A beep sound indicates good read Communication Interf
73. tware can be used to display the card data and send reader commands To view the card data on screen place the cursor in the manual command reader output text box and swipe the card To send a reader command type the appropriate command in the text box and press the Send Command button General Setting Provide options such as reader default settings firmware version beeper options and buffered mode options For USB demo software there are options to set the reader to USB KB or USB HID mode MSR Security The security is enabled by selecting TDES or AES Once the encryption is enabled the reader cannot be changed back to non encrypted mode Port Settings RS232 interface select Com port and open close port USB KB interface set KB polling interval and select language settings Help Provides version information of the demo software Copyright O 2010 2011 International Technologies amp Systems Corp All rights reserved Page 31 of 72 SecureMag User Manual 10 Data Format The USB version of the reader can be operated in two different modes HID ID TECH mode herein referred to as HID mode Product ID 2010 HID with Keyboard Emulation herein referred to as KB mode Product ID 2030 When the reader is operated in the HID mode it behaves like a vendor defined HID device A direct communication path can be established between the host application and the reader without interference from other HID devi
74. yte is set as 0 for no error either decode success or no sampling data or to 1 for error has sampling data but fail to decode Please be aware that track status byte in secured output is different from track status bytes in OPOS head called read error and read error2 OPOS header will only be used in OPOS mode security level 1 and level 2 and secure output only used in level 3 or level 4 For USB HID Secure Output the output format is same as Secure Output structure No HID header is added But the total length is the HID standard 537 bytes Unused bytes will be filled with 0x00 This applied to secure Level 3 and Level 4 output whether or not the data is encrypted Examples for field 8 Clear mask data sent status and field 9 Encrypted Hash data sent status These two bytes are omitted in original structure In the enhanced encrypt structure these two byte are used to indicate the presence of each track s Clear or Masked data Encrypted data and hash data Example field 8 0x03 00000011 field 9 OxBF 10111111 T1 Mask data present Encrypted data present Hash present T2 Mask data present Encrypted data present Hash present T3 No Mask data Encrypted data present Hash present KSN present Session ID not present Additional Settings Send LRC in secured mode 6F 536F0131 tosend LRC in secure mode Default 536F0130 Remove LRC in secure mode Display Expiration Data 50 53500130 Do
Download Pdf Manuals
Related Search