USER MANUAL SecureHead™ Encrypted
Contents
1. INCLUDES finclude spi drv h MACROS define LEN 512 DEFINITION we Uchar data SPI_IPNT Temp buffer to store SPI data Uchar data Command OUTbuf MAX LEN Command output buffer Uchar data Command INbuf MAX LEN Command input buffer Uintl6 data spilength received command length Uintl6 data Command Length output command length DECLARATION void main void Uintl6 data i j Internal counter spi master init 0 0 1 32 SPI master mode initialize to CPOL 0 0 SSDIS 1 bitrate Fper 32 Enable spi interrupt Turn on SPI interrupt in system SPI SS 0 Disable SPI slave during power on to prevent indeterminate state do keep polling FREUE Other subroutine to handle other tasks if IN If DAV pin is high level SPI slave has data ready SPI SS 1 To Generate a falling edge Not useful for clock phase 0 but clock phase 1 needs this falling edge delayl0us Wait for high level get steady 55 0 Pull chip select pin low ready to start SPI communication spilength 0 Initialize Command buf pointer while DAV IN Keep polling DAV pin till it turns low level Polling inverval is 40us in this demo code spi Sendout 0Oxff Send out any data to get SPI slave input delay 4005 in this subroutine too Command INbuf spilength SPI IPNT Save data into Com2. tms 3 3 Master Input Slave Output MISO The MISO signal is the serial data output sent from for the device it s also the data line that is received by the host When the device is not active Chip Select is high the MISO becomes high impedance disconnected The MISO signal would be in an indeterminate state after the device is power cycled or reset for a maximum of 1 second This signal should be ignored during this time 3 4 Master Output Slave Input MOSI The MOSI signal 1 the serial data input for the device and serial data output for the host This signal 15 sent from the host master to the device slave The signal might not be required once some device parameters such as the device key has been set and saved Set the signal to be high if it is not being used Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 11 of 64 User Manual SecureHead SPI Interface 3 5 Data Available Output DAV The DAV signal is low where there is no data to be transmitted When the DAV signal is high it indicates that there is data available for output The host and then sends out the clock signal to read the data After all the data is transmitted the device would set the DAV signal low again The signal can be used for the host to determine if the device has data ready to transmit However the signal should be ignored right after 1 second maximum the power cycle or reset
3. 3 6 Chip Select SPI interface allows connecting several SPI devices while master selects each of them with NCS Chip Select Active Low The device would only respond to SPCK and MOSI signals after a NCS is pulled low NCS needs to be low the whole time when the host is communicating with the particular device The Chip Select signal should be connected to ground if is not used by the host Special case in the situation of clock phase 1 NCS needs to generate a falling edge for each command Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 13 of 64 User Manual SecureHead SPI Interface The NCS is pulled low when the host is communicating with the device 5 osi 150 uv 2 000000000ms 1 500 00 2 42 Mode 5 Source X Y O XI DO RS X1 x2 Normal None v 1 88000ms 120 000us 3 7 Voltage Input and Ground The VIN signal is the power input for the device and has an operating range of 2 7 to 3 6 volts DC The GND signal is logic ground The head case GND signal is chassis ground which is connected to the head case For optimum ESD protection this signal should be connected to earth ground 3 6 Communication When the host has a frame to send it simply clocks it out When the device has a frame to send it raises its data available DAV signal and waits for the host to clock in the frame The host normally clocks out IDLE characters to clock in
4. EEPROM SPI INTERFACE Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 9 of 64 User Manual SecureHead SPI Interface 3 SPI OPERATION This section describes the SPI Serial Peripheral Interface the SPI bus interface timing communication protocol timeouts and data output format The below table shows the signals used in the SPI interface The connector is a Molex 51021 0800 PIN SIGNAL DESCRIPTION 1 SPCK Serial Clock Input 2 MISO Master Input Slave Output 3 MOSI Master Output Slave Input 4 DAV Data Available output 5 NCS Chip Select Active Low 6 VIN Voltage Input 7 GND Logic Ground 8 Head Case Chassis Ground GND 3 1 SPI Data Transmission A serial peripheral interface SPI is an interface that enables the serial exchange of data between two devices one called a master and the other called a slave The host master generates the clock signal SPCK to trigger data exchange on the SPI bus During each SPI clock cycle the data is transmitted in both directions at the same time full duplex transmission onthe MOSI line the master sends a bit and the slave reads it on the MISO line the slave sends a bit and the master reads it The SPI bus transmits data in an 8 bit data groups sending data one bit at a time from MSB to LSB An example of bit transmission for byte and byte B would be A bit 7 A bit
5. SPI RATIO 32 break FCLK PERIPH 32 case 64 5 SPI RATIO 64 break FCLK PERIPH 64 case 128 SPCON SPI RATIO 128 break FCLK PERIPH 128 default return FALSE return TRUE KKK KKK KX XK KX KKK Ck ok ek k k k NAME spi master init PARAMS cpol Uchar CPOL value cpha Uchar CPHA value ssdis Uchar SSDIS value speed Uchar spi speed ratio transmission Vs Fper return none eren e e s nique as et rum n pe qus e am pe ey aa e Si i pe oet ted ims m eum imm nd i tc s ae SEDE Mta ines ms alag ami m A PURPOSE Initialize the spi module in master mode EXAMPLE spi master init 0 0 1 32 init spi in mater mode with CPOL 0 0 K SSDIS 1 and bitrate Fper 32 Nee pn RUM ci codi ua pet ipe id ik i fq Mu MI Di dip id dii cue vd Vid inp xen yl i S S AS QAI uii pd nd Ai NOTE void spi master init Uchar data 1 Uchar data cpha Uchar data 55415 Uchar data speed SPCON 0 Initialize SPCON Serial Peripheral Control Register SPCON MSK SPCON MSTR Serial Peripheral Master Set to configure the SPI as a Master SPI SS 1 Initialize chip
6. 20 890 0 008 3 510 138 REFER TO SHEET 1 FDR HEAD DETAIL 7 45 7 75 o 293 0 505 Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 7 of 64 User Manual SecureHead SPI Interface Mounting Options 1 Wing spring mounting this is the standard mounting option and can be used on most swipe readers The protrusion of the head for the surface of the spring is 3 50 mm ails PIN 1 CONNECTOR MOLEX 51021 0800 The mechanical interface is an eight pin male Molex Connector 51021 0800 for option 1 and 2 Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 8 of 64 User Manual SecureHead SPI Interface Hardware design 3 3 V system U1 15 RESETN 15 Tm ATEST x 0 1uf 18 ES 19 TO CNT PO 0 LL DAV 37 T2 CAP PO 1 33 38 SMIO PO0 3 BEEP TDO P1 2 E SMCLK PO 2 LEDG TCK P1 3 1 1 LEDR TDI P2 2 i HDA2 2 HDA1 XGPIO TMS P2 4 HDB1 i 3 HDA2 JTAG EN i HDB2 T 4 HEP HDC1 i 5 20 i DES i 6 HDC1 XGPIO1 i 40 dei MagHead Connection i m P HH 10 TAvss 42 44 PCLK P1 0 2 9 46 PDATA P1 1 d KCLK P2 0 45 KDATA P2 1 21 E SO 9 XGPIO2 22 E SPCK 48 VODs XGPio4 2 5 XGPlOS 28 95 nos DVDD3 2 XGPIO6 JH AVDD3 28 SPCK 2 4 7 29 SI D tuf hur v 30 SO 553 NCS P2 3 31 NCS VSS4 11 TriMag III TriMag
7. 4 12 Review Security Level lt STX gt lt R gt lt 7Eh gt lt ETX gt lt CheckSum gt This command is to get the current security level Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 24 of 64 User Manual SecureHead SPI Interface 4 13 Encrypt External Data Command This command encrypts the data passed to the SecureHead and sends back the encrypted data to the host The command is valid when the security level is set to 3 and 4 Command Host gt Device lt STX gt lt 41h gt lt Length lt Data To Be Encrypted gt lt ETX gt lt CheckSum gt Where lt Length gt is the 2 byte length of Data To Be Encrypted gt in hex represented as lt Length_L gt and lt Lengh H gt Device gt Host lt ACK gt lt STX gt lt Length gt lt Encrypted Data gt SessionID lt KSN gt lt ETX gt lt LRC gt success lt gt fail Where Length is the 2 byte length of lt Encrypted Data gt SessionID lt KSN gt in hex represented as Length L gt and Length gt SessionID is only used at security level 4 it is part of the encrypted data No data in this field at security level 3 lt gt is a 10 bytes string in the case of fix key management use serial number plus two bytes null characters instead of KSN After each successful response the KSN will increment automatically 4 14 Encrypted Output for Decoded Data 4 14 1 Encrypt Functions When a
8. lt Len gt the number of bytes of preamble string lt Preamble gt string length string NOTE String length is one byte maximum fifteen 0Fh 4 8 3 Postamble Setting The postamble serves the same purpose as the preamble except it is added to the end of the data string after any terminator characters lt STX gt lt S gt lt D3h gt lt Len gt lt Postamble gt lt ET X gt lt CheckSum gt Where lt Len gt the number of bytes of postamble string lt Postamble gt string length string NOTE String length is one byte maximum fifteen lt 0OFh gt 4 8 4 Track n Prefix Setting Characters can be added to the beginning of a track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined lt STX gt lt S gt lt n gt lt Len gt lt Prefix gt lt ETX gt lt CheckSum gt Where lt n gt 34h for track 1 35h for track 2 and 36h for track 3 lt Len gt the number of bytes of prefix string lt Prefix gt string length string NOTE String length is one byte maximum six 4 8 5 Track n Suffix Setting Characters can be added to the end of track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined Copyright 2010 2011 International Technologies amp Systems Corporation All rights
9. Postal Code Class Restrictions Endorsements Sex Height Weight Hair Color Eye Color ID DIO Reserved Space Error Correction Security laja l Go Go Go Gof Re l l rea End Sentinel Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 44 of 64 User Manual SecureHead SPI Interface Linear Redundancy Check LRC Character Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 45 of 64 User Manual SecureHead SPI Interface APPENDIX C OTHER MODE CARD DATA OUTPUT There is an optional data output format supported by SecureHead in order to be compatible with specific software requirement 01h 01h lt 1 Ah gt 02h 00h Left 8 bytes Device Serial Number lt 6 Byte Random data 30h 31h 264 bytes of Sampling data Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 46 of 64 User Manual SecureHead SPI Interface APPENDIX D GUIDE TO ENCRYPTING AND DECRYPTING DATA The encryption method used by SecureHead is called Cipher block Chaining CBC With this method each block of data is XOR ed with the previous data block before being encrypted The encryption of each block depen
10. for ISO for AAMVA ES end sentinel all tracks Track Separator Carriage Return Terminator Carriage Return Language US English Magnetic Track Basic Raw Data Format Track 1 lt 01 gt lt T1 Raw Data gt lt CR gt Track 2 lt 02 gt lt T2 Raw Data gt lt CR gt Track 3 lt 03 gt lt T3 Raw Data gt lt CR gt Where The length of T1 Raw Data T2 Raw Data T3 Raw Data is 0x60 for each field Pad with 0 if the original data length doesn t reach 0x60 Language US English Definitions Start or End Sentinel Characters in encoding format which come before the first data character start and after the last data character end indicating the beginning and end respectively of data Track Separator A designated character which separates data tracks Terminator A designated character which comes at the end of the last track of data to separate card reads Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 30 of 64 User Manual SecureHead SPI Interface 4 14 8 DUKPT Level 3 Data Output Original Format For ISO cards both masked clear and encrypted data are sent no clear data will be sent For other cards only clear data is sent A card swipe returns the following data Card data is sent out in format of lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt lt STX gt 02h lt ETX gt 03h lt LenL gt
11. is one byte length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the sending command for this function FuncSETBLOCK are in the order of their Function D lt FuncID gt 4 6 Review Firmware Version lt STX gt lt R gt lt 22h gt lt ETX gt lt CheckSum gt This command is to get device firmware version 4 7 Review Serial Number lt STX gt lt R gt lt 4Eh gt lt ETX gt lt CheckSum gt This command is to get device serial number 4 8 Message Formatting Selections Only for Security Level 1 amp 2 4 8 1 Terminator Setting Terminator characters are used to end a string of data in some applications lt STX gt lt S gt lt 21h gt lt 01h gt lt Terminator Settings gt lt ETX gt lt CheckSum gt Terminator Settings Any one character 00h is none default is CR 0Dh Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 18 of 64 User Manual SecureHead SPI Interface 4 8 2 Preamble Setting Characters can be added to the beginning of a string of data These can be special characters for identifying a specific reading station to format a message header expected by the receiving host or any other character string Up to fifteen ASCII characters can be defined lt STX gt lt S gt lt D2h gt lt Len gt lt Preamble gt lt ETX gt lt CheckSum gt Where
12. 08512F7AE18D47A460CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC88 15 87797 7 Track 2 encrypted length 0x32 rounded up to 8 bytes 0 38 56 decimal AB3BI0A3FBC230FBFB941FAC9E82649981AE79F2632156E775A06AEDAFAF6F0A 184318 5209 55 Track 3 encrypted length Ox6B rounded up to 8 bytes 0 70 64 decimal 44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42 A99BIB9773EFIBI16E005B7CD8681860D174E6AD316A0ECDBC687115FC89360A EE7E430140A7B791589CCAADB6D6872B78433C3A25DA9DDAES83FI2FEFABS530CE 405B701131D2FBAAD970248A45600093 Track 1 data hashed length 20 bytes 3418AC88F65EIDB7EDAD10973F99DFC8463FF6DF Track 2 data hashed length 20 bytes 113B6226C4898A9D355057ECAF11A5598F02CA31 Track 3 data hashed length 20 bytes 688861C157CICE2E0F72CEOF3BB598A614EAABBI KSN length 10 bytes 62994901190000000002 LCR check sum and ETX 06E203 Clear Masked Data in ASCII Track 2 42 66 HEE HH 9090 Q A HH k kkk k kk ED k Key Value 1A 99 4C 3E 09 D9 AC EF 3E A9 BD 43 81 EF A334 KSN 62 99 49 01 19 00 00 00 00 02 Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 54 of 64 User Manual SecureHead SPI Interface Decrypted Data Track 1 decrypted B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 Track 2 decrypted 4266841088889999 080910110000046 0 Track 3 decrypted 3333333333767676070707767676333333333376767607070776767633333333337676760707
13. 2 2 2 2 2 2 2A2A2A3F2A3B343236362A2A2A2A2A2A2A24393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A3F2A3B33333333333333333333373637363736303730373037373637363736333333333333333333 33373637363 736303 730373037373 637363 73633333333333333333333373637363736303730373037373 63736373633 333333333333333333373637363736303730373F32ED9DB7288 14F150D177F769B0441C 52B2B1994C83D058FIDDA5DAA6753CFOF61BB7690C7E8A276D3D606513D1F8B79423C70594A0 849CBB4C7B5A8DAC2B1A21B11F1C47EF4F12AC07D59A79E9369372D3F906A7 F6C6D2B9076BC F05B334441FAEC8B4EFBEB9DD20EBF97B29D910C415FCEA8DA8FEB9775343418AC88F65E1D B7ED4D10973F99DFC8463 FF6DF1 13B6226C4898A9D355057ECAF1 1A5598F02CA3 162994901190 0000000044B6F03 Masked Data Track 3 333333333337676760707077676763333333333 7676760707077676763333333333767676070707767676 33333333337676760707 2 Key Value 8A 92 F6 74 00 BF 25 2E 57 9A A9 01 FF 27 48 41 KSN 62 99 49 01 19 00 00 00 00 04 Session ID AA AA AA AA AA AA AA AA Decrypted Data in ASCII 4266841088889999 05 JR GEORGE W MR 0809101100001100000000046000000 1 4266841088889999 080910110000046 0 3333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572E4D525E30383 0393130313130303030313130303030303030303034363030303030303F213B343236363834313038383 83839393939303038303931303131303030303034363
14. During that processing time it will not respond to a new command The typical delay for the reader to respond to a command is 20ms the maximum delay for the reader to respond can be as much as 40ms Caution must therefore be taken to maintain a minimum delay between two commands A minimum delay of 20us is required between each character send to SecureHead through SPI interface 4 3 Default Settings The SecureHead reader is shipped from the factory with the default settings already programmed In the following sections the default settings are shown in boldface For a table of default settings see Appendix A 4 4 General Selections This group of configuration settings defines the basic operating parameters of SecureHead 4 4 1 SPI Clock Phase and Polarity Settings The clock phase and polarity of SPI interface can be adjusted Both the host and device must be set to the same SPI setting in order to communicate correctly STX S 79h 01h SPI Settings gt lt ETX gt lt CheckSum gt SPI Settings Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 16 of 64 User Manual SecureHead SPI Interface 0 Clock phase 0 and Polarity 0 data are read on the clock s rising edge and data are changed on a falling edge 1 Clock phase 0 and Polarity 1 data are read on clock s falling edge and data are changed on a rising edge 2 Clock phase 1 and P
15. em a vig ui nti p jute Ont Ga s dom ijs e Vus quis ad MS iun us tap ius M van iit e I Jte za atin ht com is ZR ea od NOTE Interrupt void spi isp void IRQ_SPI if Spif_set Quit if data transfer hasn t been completed transmit completed 1 Set software complete flag SPI IPNT SPDAT Store SPI input data in SPI IPNT SPDAT Serial Peripheral Data Register return Copyright 2010 2011 International Technologies amp Systems Corporation rights reserved Page 62 of 64 User Manual SecureHead SPI Interface KKK KX KX XX ok Kok ek ek eee NAME spi set speed PARAMS ratio spi clock ratio XTAL return Uchar status PURPOSE Configure the baud rate of the spi set CR2 CR1 CRO NOTE This function is only used in spi master mode called by spi master init XXX CK KX CK XX KX Uchar spi set speed Uchar data ratio switch ratio Set SPCON register case 2 SPCON SPI RATIO 2 break FCLK PERIPH 2 case 4 SPCON SPI RATIO 4 break PERIPH 4 case 8 SPCON SPI RATIO 8 break FCLK PERIPH 8 case 16 5 SPI RATIO 16 break FCLK PERIPH 16 case 32 5
16. 0000000000 Security Level 3 Decryption Enhanced Encryption Format Example of decryption of a three track ABA card with the enhanced encryption format SecureHead Reader with default settings except enhanced encryption structure format Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 52 of 64 User Manual SecureHead SPI Interface Enhanced encryption Format this can be recognized because the high bit of the fourth byte underlined 80 is 1 029801803F48236B03BF252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454 F52474520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A3F2ADA7F2A52BD3F6DD8B96C50FC39C7E6AF22F06EDI1F033BEOFB23D6BD33DC5A1 F808512F7AE18D47A60CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC8815FF87797 AE 3A7BEAB3B10A3FBC230FBFB941FAC9E8264998 1 AE79F2632156E775A06AEDAFAF6F0A184318 C5209E55 ADA44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42A9 9B1B9773EFIBI16E005B7CD8681860D174E6AD316A0ECDBC687115FC89360AEE7E430140A7B7 91589CCAADB6D6872B78433C3A25DA9DDAE83F 12FEFAB530CE405B701131D2FBAAD970248 A456000933418AC88F65E1DB7ED4D10973F99DFC8463 FF6DF 1 13B6226C4898A9D355057ECAF 11 A5598F02CA3 168886 1C157C1CE2EOF72CEOF3BB598A614EAABB 162994901 19000000000206E203 STX Length LSB MSB card type track status length track 1 length track 2 length track 3 02 9801 80
17. 2010 2011 International Technologies amp Systems Corporation rights reserved Page 2 of 64 User Manual SecureHead SPI Interface Revision History Revision Date Description of Changes By A 01 19 2010 Initial Release Jenny W 1 02 23 2010 Added fixed key encryption security level 4 and Jenny W authentication process B 06 03 2010 Revised section 2 5 Data Available Output and 2 6 Jenny W Chip Select 3 1 setup command structure Modified Appendix A default settings Removed California Driver License card format Added Encrypt External Data command Changed default device key General edits to improve consistency throughout the document Bl 07 21 2010 Added commands for DUKPT key loading Jenny W Added level 3 and 4 Raw data output format B2 07 29 2010 Added IDLE character for each response Jenny W B3 08 06 2010 Added additional commands Jenny W Review Serial Number Select Key Management Type Review KSN Review Security Level Revised check card format Added read head specification and dimension B4 08 27 2010 Added the following interface support Jenny W USB C 10 25 2010 Separated the SPI and non SPI interface Jenny W Revised read status command Added decryption examples 11 12 2010 General revision throughout the document Jenny W D 05 06 2011 Added SecureHead mounting option with drawing Jenny W to indicate track 1 location Edited original and enhanc
18. Systems Corporation rights reserved Page 64 of 64
19. a frame from the device Since the device typically loads its one transmit buffer with IDLE byte when it has nothing to transmit the first 1 byte clocked out from the device after the DAV signal is asserted could be IDLE bytes instead of a valid byte If this is the case simply discard this byte To detect whether the device has a frame to send the host can either monitor the DAV signal or optionally periodically clock in up to two bytes from the device to see if the device has sent a valid data Up to two bytes should be clocked in instead of just one because the first byte could be IDLE byte that was loaded into the device s transmit buffers before the device had anything to send The host should look at each byte it clocks in to see if it is a valid byte If a valid byte is found then the subsequent bytes will contain the frame Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 14 of 64 User Manual SecureHead SPI Interface 4 CONFIGURATION The SecureHead reader must be appropriately configured to your application Configuration settings enable the reader to work with the host system Once programmed these configuration settings are stored in the reader s non volatile memory so they are not affected by the cycling of power 4 1 Setup Commands Structure Commands sent to SecureHead a Setting Command lt STX gt lt S gt lt FuncID gt lt Len gt lt FuncData gt lt ETX g
20. and Encryption Counter Session ID 54 Set current Session ID Key Management Type 58 Select Key Management Type ID Feasible settings of these new functions are listed below Characters Default Setting Description PrePANID 04h 00h 06h Allowed clear text from start of PAN Command format 02 53 49 01 04 03 LRC PostPANID 04h 00h 04h Allowed clear text from end of PAN Command format 02 53 4A 01 04 03 LRC MaskCharID 177 20h 7Eh Command format 02 53 4B 01 3A 03 LRC DisplayExpirationDataID 0 0 Display expiration data as mask data 1 Display expiration data as clear data EncryptionID 0 0 Clear Text 1 Triple DES 2 AES Command format 02 53 4C 01 31 03 LRC SecurityLevelID T 5 9 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 26 of 64 User Manual SecureHead SPI Interface Command format 02 52 7E 03 LRC Device Serial Number ID 00 00 00 00 00 10 bytes number 00 00 00 00 00 Command format Set Serial Number 02 53 01 4E 09 08 37 36 35 34 33 32 31 3003 LRC Get Serial Number 02 52 AE 03 LRC KSN and Counter ID 00 00 00 00 00 This field includes the Initial Key 00 00 00 00 00 Serial Number in the leftmost 59 bits and a value for the Encryption Counter in the right most 21 bits Get DUKPT KSN and Counter 02 52 51 03 LRC Session I
21. as it would be in an indeterminate state In the case when the DAV signal is not used the host would need to poll the device periodically to determine if it has data to transmit The host needs to toggle SCL to get card data from MISO The first non IDLE byte indicates the start of valid card data IDLE is FF For more details please refer to the communication protocol section of this document The last signal shown in the below graph is the DAV signal AX 2 000000000ms 5 Mode 45 Source X Y a gt X2 2 Normal None v 202 000ms 200 000ms After the command is received and the response is ready the DAV would be set to high for the host to receive response After the response is received the DAV would be low indicating there is no more data to be transmitted Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 12 of 64 User Manual SecureHead SPI Interface About 20ms after receiving command response is ready and DAV set to high For some specific commands the delay will be longer AX 2 000000000ms 2 Mode 2 Source J vi 2 None S 8000s Bm lius About 20us after the last byte of response 1 read out by host DAV is pulled low So if user polls DAV i _ E check whether there are data available we aal using 100us polling interval as AX 2 000000000ms 42 Mode gt Source D yi 2 None am
22. before encrypted transactions can take place The keys are to be injected by certified key injection facility There are five security levels available when using the DUKPT key management Level 0 Security Level 0 is a special case where all DUKPT keys have been used and is set automatically when it runs out of DUKPT keys The lifetime of DUKPT keys is 1 million Once the key s end of life time is reached user should inject DUKPT keys again before doing any more transactions Level By default readers from the factory are configured to have this security level There is no encryption process no key serial number transmitted with decoded data The reader functions as a non encrypting reader and the decoded track data is sent out in default mode e Level 2 Key Serial Number and Base Derivation Key have been injected but the encryption process is not yet activated The reader will send out decoded track data in default format Setting the encryption type to TDES and AES will change the reader to security level 3 e Level 3 Both Key Serial Number and Base Derivation Keys are injected and encryption mode is turned on For payment cards both encrypted data and masked clear text data are sent out Users can select the data masking of the PAN area the encrypted data format cannot be modified Users can choose whether to send hashed data and whether to reveal the card expiration date When the encryption is turned on level 3 is the default
23. each if encrypted and hash track 1 allowed Track 2 hashed 20 bytes each if encrypted and hash track 2 allowed Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved _ J G Lh gt LA LA Page 34 of 64 User Manual SecureHead SPI Interface Track 3 hashed 20 bytes each if encrypted and hash track 3 allowed KSN 10 bytes CheckLRC CheckSum ETX Where lt STX gt 02h lt gt 03h Note 1 Card Encode Type Card Type will be 8x for enhanced encryption format and Ox for original encryption format Value Encode Type Description 00h 80h ISO ABA format 01h 81h AAMVA format 03h 83h Other 04h 84h Raw un decoded format For Type 04 or 84 Raw data format all tracks are encrypted and no mask data is sent No track indicator 01 02 or 03 in front of each track Track indicator 017 027 and 03 will still exist for non encrypted mode Note 2 Track 1 3 status byte Field 4 Bit 0 1 track 1 decoded data present Bit 1 1 track 2 decoded data present Bit 2 1 track 3 decoded data present Bit 3 1 track 1 sampling data present Bit 4 1 track 2 sampling data present Bit 5 1 track 3 sampling data present Bit 6 7 Reserved for future use Note 3 Clear mask data sent status Field 8 Clear mask data sent status and field 9 Encrypted Hash data sent status will only be sent out in enhanced encryptio
24. 01 08 SPI Clock Setting Refer General Selections for SPI Clock Setting valid data is from 00h to 03h Command Response 01 00 02 01 00 4 16 2 Set Get Device Number Set Get eight byte device serial number Command Set Device Serial Number 01 00 0B 00 01 01 8 bytes of Device Serial Number gt Get Device Serial Number 01 00 03 00 00 01 Command Response Set Device Serial Number 01 00 02 01 00 Get Device Serial Number 01 00 0A 01 00 lt 8 bytes of Device Serial Number gt 4 16 3 Enable Disable Encryption Enable or Disable the SecureHead Encryption output in other mode non ID TECH protocol If encryption is disabled original data will be sent out to the host If it enabled encrypted data will be send out to the host Command 01 00 04 00 01 02 01 Enable Encryption 01 00 04 00 01 02 00 Disable Encryption Command Response 01 00 02 01 00 4 16 4 Get Challenge Host gets 8 bytes random number from SecureHead in order to do external authentication Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 40 of 64 User Manual SecureHead SPI Interface Command 01 00 03 00 00 04 Command Response 01 00 0A 01 00 lt 8 bytes of Challenge Data gt 4 16 5 External Authenticate SecureHead will use this command to authenticate the host by comparing the decrypted data from the host with its random data Command Format 01 00 06 00 05 First four bytes of decry
25. 07767676 33333333337676760707 2 Track 1 decrypted data in hex including padding zeros but there are no pad bytes here 2542343236363834313038383838393939395 42555348204 522 47454 52474520572 40525 30383 0393130313130303030313130303030303030303034363030303030303F21 Track 2 decrypted data in hex including padding zeros 3B343236363834313038383838393939393D3038303931303131303030303034363F300000000000 Track 3 decrypted data in hex including padding zeros 3B3333333333333333333337363736373630373037303737363736373633333333333333333333373637 3637363037303730373736373637363333333333333333333337363736373630373037303737363736373 633333333333333333333373637363736303730373F320000000000 Security Level 4 decryption Enhanced Encryption Format 02A001803F48236B03FF252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454 F52474520572EAD525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A3F2A6D7D5B204D3579694E148F3FB2565544D35825EA89BA30C966D34363151BF592F9 95EDA86B94A47EBFDF6434CB3A075DDD18F616E21F1E2038BC3AD5F96C1387177BD89409DA2 E92A684543E007087F8694AEA8D3DB36BA10BC4D4B2771C622FEC8271A6E021AA5644ED559E C09CABFI9F36B422CA2016B48A7241B2DA9584ED4415B4F30637734CF5031AFA75DAF27C188A 1A771264011BAA090E91893BC2A52EDD56F8E6E9554BC0C5207C04E3C21B6DA2A48F2257DC69 46DBFBC87F3189E5C8B954BF7303D01E443155911E4137AEAD52441567AA1D50924A7597EC9D 758ABAF3ASES2BF81 A2E3418AC88F65EIDB7
26. 0x0A gt lt ETX gt lt LRC gt STX 0x02 ETX 0x03 ACK 0x06 NAK 0x15 BASE64 Data encoded with base64 algorithm LRC Xor d all the data before LRC except STX A successful key loading process includes the following steps e Get Key status Command Data lt FF gt lt 13 gt lt 01 gt lt 02 gt lt LRC gt Response Data lt FF gt lt 00 gt lt 01 gt lt 04 gt lt LRC gt For Example Command 02 46 46 2F 78 4D 42 41 75 38 3D 0D 0A 03 LRC Response 06 02 46 46 OD 0A 03 LRC e Load KSN Command Data lt FF gt lt 0A gt lt 11 gt lt KSN gt lt KSN bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt lt LRC gt lt KSN gt 0x32 lt KSN bytes gt 0x10 bytes ASCII for KSN Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 22 of 64 User Manual SecureHead SPI Interface RESPONSE CODE gt 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KSN bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2F 77 6F 52 4D 6B 5A 47 52 6B 59 35 4 F 44 63 32 4 E 54 5 1 7A 4D 6A 45 77 52 54 43 69 0D 0A 03 5D Response 06 02 46 46 OD 0A 03 LRC e Load Encryption Key Command Data lt FF gt lt 0A gt lt LENGTH gt lt KEY gt lt KEY bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt
27. 14 6 MSR Data Masking For cards need to be encrypted both encrypted data and clear text data are sent Masked Area The data format of each masked track is ASCII The clear data include start and end sentinels separators first N last M digits of the PAN card holder name for Track1 The rest of the characters should be masked using mask character Set PrePANCIrData PostPANCIrData M MaskChar Mask Character N and M are configurable and default to 4 first and 4 last digits They follow the current PCI constraints requirements N 6 M 4 maximum Mask character default value is e Set PrePANCIrDataID N parameter range 00h 06h default value 04h Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 29 of 64 User Manual SecureHead SPI Interface Set PostPANCIrDataID M parameter range 00h 04h default value 04h e MaskCharID Mask Character parameter range 20h 7Eh default value 2Ah DisplayExpirationDataID parameter range 0 1 default value 0 4 14 7 Level 1 and 2 Data Output Format Magnetic Track Basic Decoded Data Format Track 1 lt SS1 gt lt T1 Data gt lt ES gt lt Track Separator gt Track 2 lt 552 gt lt 2 Data gt lt ES gt lt Track Separator gt Track 3 lt 553 gt lt 3 Data gt lt ES gt lt Terminator gt Where 551 start sentinel track 1 SS2 start sentinel track 2 SS3 start sentinel track 3
28. 2327C3C758CS5BF82542 DEEDD8D6AF88019149A 702FF2D43BD4A D6003 1 FA450720B00 D7808 Track 1 hashed E15F3D5B29AE712C64A1212E9AF6F483BD40798A Track 2 hashed 9FF2DDE77D046620B55BCE94A4D5534CF57E7E07 Copyright 2010 2011 International Technologies amp Systems Corporation rights reserved Page 57 of 64 User Manual SecureHead SPI Interface KSN 629949011A0000000001 LRC checksum and ETX 87 1D 03 Key Value 8A 60 A3 EB 80 87 63 52 B8 F5 05 CD A8 3C 33 70 KSN 62 99 49 01 1A 00 00 00 00 01 Decrypted Raw Data 01D67C81020408 102D448 1020408 102042890A350854A2FB3EE4BA3D4065B67A9C39 1 F582A42B9 9A858A90AF60852B14AA628A 028FC210842C18421084030092040B51581F24B5607440481116 Security Level 4 Original Encryption Format 028F00041B331A0070756B86COB670DAAA78EEA454F5A7BAFB5CDA91BA9AS5B62BBA49F67CD2 1484D3138DB3468C80F3468688AE61E3FB25FEEB630B81717CC405F8A73430FCAFEF98CACEDE 76AB7AACOD9090E2B25F7E77F7888306B57CB67A9BEI15F3D5B29AE712C64A1212E9AF6F483B D40798A9FF2DDE77D046620B55BCE94A4D5534CF57E7E07629949011A0000000002DD5D03 Key Value 06 A9 B3 23 2A 69 B4 57 61 76 5 CB A3 3337 KSN 62 99 49 01 1A 00 00 00 00 02 Session ID AA AA AA AA AA AA AA AA Decrypted Data 01D67C81020408 102D448 1020408 102042890A350854A2FB3EE4BA3D4065B67A9C39 1 F582A42B9 9A858A90AF60852B14AA628A 028FC210842C18421084030092040B51581F24B5607440481116 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserv
29. 3F 48 23 6B 03BF The above broken down and interpreted 02 STX character 98 low byte of total length 01 high byte of total length 80 card type byte interpretation new format ABA card 3F 3 tracks of data all good 48 length of track 1 23 length of track 2 6B length of track 3 03 tracks 1 and 2 have masked clear data BF bit 7 1 KSN included Bit 6 0 Session ID included so not level 4 encryption Bit 5 1 1rack 3 hash data present Bit 4 1 track 2 hash data present Bit 3 1 track 1 hash data present Bit 2 1 track 3 encrypted data present Bit 1 1 track 2 encrypted data present Bit 071 track 1 encrypted data present Track 1 data masked length 0x48 252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F52474520572E4D525E2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 Track 1 masked data ASCII Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 53 of 64 User Manual SecureHead SPI Interface Track 2 data in hex masked length 0x23 3B343236362A2A2A2A2A2A2A24393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2ASF2A Track2 masked data in ASCII In this example there is no Track 3 data either clear or masked encrypted and hashed data is below Track 1 encrypted length 0x48 rounded up to 8 bytes 0x48 72 decimal DA7F2A52BD3F6DD8B96C50FC39C7E6AF22F06EDI F033BEOFB23D6BD33DC5A1F8
30. 6 A bit 0 B bit 7 B bit 6 B bit O 3 2 Clock Polarity and Phase The clock polarity and phase can be configured with respect to the data The serial clock input frequency can go up to 400k bps e When clock polarity 0 the base value of the clock is 0 o For clock phase 0 data are read on the clock s rising edge low gt high transition and data are changed on a falling edge high gt low transition o For clock phase 1 data are read on the clock s falling edge and data are changed on a rising edge e When clock polarity 1 the base value of the clock is 1 Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 10 of 64 User Manual SecureHead SPI Interface o For clock phase 0 data are read on clock s falling edge and data are changed on a rising edge o For clock phase 1 data are read on clock s rising edge and data are changed on a falling edge The signal is required to read card data from the device See SPI clock phase and polarity property in section 3 for commands to configure clock phase and polarity The device defaults to clock phase 0 and clock polarity 0 The following picture shows an example of clock polarity 0 and clock phase 0 The data is read on the rising edge of the clock and is changed on the falling edge On MOSI line the host sends out data 00000010 which is 02h 181 20007 Stop PT Mode 5 Source S 2 None
31. B67EF33418AC88F65EIDB7EDA4D10973F99DF C8463FF6DF113B6226C4898A9D355057ECAF11A5598F02CA3162994901190000000001399F03 STX Length LSB MSB card type track status length track 1 length track 2 length track 3 02 7D01 00 3F 48 23 6B The above broken down and interpreted 02 STX character 7D low byte of total length 01 high byte of total length 00 card type byte interpretation old format ABA card 3F 3 tracks of data all good 48 length of track 1 23 length of track 2 6B length of track 3 Track 1 data masked length 0x48 252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F52474520572E4D525E2 A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A Track 2 data in hex masked length 0x23 3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 50 of 64 User Manual SecureHead SPI Interface Track 3 data unencrypted length 0x6B 3B3333333333333333333337363736373630373037303737363736373633333333333333333333373637 3637363037303730373736373637363333333333333333333337363736373630373037303737363736373 633333333333333333333373637363736303730373F32 Track 1 amp 2 encrypted length 0x48 0x23 rounded up to 8 bytes 0x6B gt 0x70 112 decimal 863E9E3DA28E455B28F7736B77E47A64EDDA3BF03A06EA44F31D1818COBCD7A35 3FB1AD70EFD30FFC3 DA08A4FBC9372E57E8B40848BAEA A3FE724B3550E2F4B22 3E6BF264
32. BEAE9E39142B648CDB5 1 FB8DAF8EA5B63913D29419B67582FCCCE9B3 72660F03668CC4532 16D9449C6B67EF3 Track 1 hashed 3418AC88F65E1DB7ED4D10973F99DFC8463FF6DF Track 2 hashed 113B6226C4898A9D355057ECAF11A5598F02CA31 KSN 62994901190000000001 LRC checksum and ETX 39 9F 03 Masked Data Track 1 data masked in ASCII Track 2 data masked in ASCII Track 3 data unencrypted in ASCII 333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707 2 Key Value F8 2A 7A 0D 7C 67 46 F1 96 189A FB 54 2C 65 A3 KSN 62 99 49 01 19 00 00 00 00 01 Decrypted Data in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 4266841088889999 080910110000046 0 3333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572E4D525E30383 0393130313130303030313130303030303030303034363030303030303F213B343236363834313038383 838393939393D3038303931303131303030303034363F300000000000 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 51 of 64 User Manual SecureHead SPI Interface Security Level 4 Decryption Original Encryption Format 028501003F48236B252A343236362A2A2A2A2A2A2A24393939395E42555348204A522F47454F 524 74520572 40525 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
33. D 00 00 00 00 00 This Session ID is an eight bytes 00 00 00 string which contains any hex data This filed is used by the host to uniquely identify the present transaction Its primary purpose is to prevent replays It is only be used at Security Level 4 After a card is read the Session ID will be encrypted along with the card data a supplied as part of the transaction message The clear text version of this will never be transmitted New Session ID stays in effect until one of the following ocurrs 1 Another Set Session ID command is received 2 The reader is powered down 3 The reader is put into Suspend mode Key Management Type Fixed key management by default ID 0 Fixed Key 1 DUKPT Key 4 14 3 Security Management This reader is intended to be a secure reader Security features include e Can include Device Serial Number e Can encrypt track 1 and track 2 data for all bank cards Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 27 of 64 User Manual SecureHead SPI Interface e Provides clear text confirmation data including holder s name and a portion of the PAN as part of the Masked Track Data e Optional display expiration data Security Level is settable The reader features configurable security settings Before encryption can be enabled Key Serial Number KSN and Base Derivation Key BDK must be loaded
34. D67C81020408102D4481020408102042890A350854A2FB3EE4BA3D4065B67A9C391F582A42B9 9A858A90AF60852B14AA628A0D 028FC210842C18421084030092040B51581F24B56074404811160D Original Raw Data Backward Direction 01A28CAA51A9420DEA12A342B33A84A835F13872BCDBA4C0578BAA4EF9BE8A542158A12284081 020408102456810204081027CD60D 02D11024045C0D5A49F03515A0409201804210843068421087E20D Note 1 There is track number before each track Track 1 is 01 Track 2 is 02 Track 3 is 03 2 There is track separator after each track 0D Example of decryption of a two track ABA card with the original encryption format For both Fix amp DUKPT key management SecureHead Reader with default settings Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Original Encryption Format original encryption format this can be recognized because the high bit of the fourth byte underlined 00 is 0 028700041B331A0027D2E435CEE303F007E977B598B7E3C57C76F4445E309F6916C0321A0F915B6 E490813498839049FE5204762327C3C758C5BF82542DEEDD8D6AF 88019149A702FF2D43BDA4AD6 0031FA450720B00D7808E15F3D5B29AE712C64A1212E9AF6F483BD40798A9FF2DDE77D046620B 55BCE94A4D5534CF57E7E07629949011A0000000001871D03 STX Length LSB MSB card type track status length track 1 length track 2 length track 3 02 8700 04 1B 33 1A 00 Track 1 amp 2 encrypted length 0x33 0x1A rounded up to 8 bytes 0x4D gt 0x50 80 decimal 27D2E435CEE303F007E977B598B7E3C57C76F4445E309F6916C032 1 AOF915B6E4908 13498839049 FE520476
35. EDAD10973F99DFC8463FF6DF113B6226C4898A9D 355057ECAF11A5598F02CA31688861C157C1CE2E0F72CE0F3BB598A614EAABB16299490119000 0000003D67C03 Clear Masked Data Track 2 54266 X 0000 Key Value 89 52 50 33 61 75 51 5C 41 20 CF 45 FA 1A BF 1C KSN 62 99 49 01 19 00 00 00 00 03 Session ID AA AA AA AA AA AA AA AA Copyright 2010 2011 International Technologies amp Systems Corporation rights reserved Page 55 of 64 User Manual SecureHead SPI Interface Decrypted Data in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101100001 100000000046000000 4266841088889999 08091011000004620 333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A 522FA7454F52474520572E4D525E30383 0393130313130303030313130303030303030303034363030303030303F21 3B343236363834313038383838393939393D3038303931303131303030303034363F300000000000 3B3333333333333333333337363736373630373037303737363736373633333333333333333333373637 3637363037303730373736373637363333333333333333333337363736373630373037303737363736373 633333333333333333333373637363736303730373F320000000000 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 56 of 64 User Manual SecureHead SPI Interface APPENDIX G EXAMPLE OF IDTECH RAW DATA DECRYPTION Original Raw Data Forward Direction 01
36. Format Data Format Encrypt Method Decode data Encrypt Text Encrypt Text Encrypt Text IDT L1 L2 Decode IDT Raw Data Other Raw Data Format Format Data Format Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 49 of 64 User Manual SecureHead SPI Interface APPENDIX F EXAMPLE OF DECODED DATA DECRYPTION Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Security Level 3 Decryption Original Encryption Format Example of decryption of a three track ABA card with the original encryption format SecureHead Reader with default settings Original encryption structure 1f your structure starts original encryption format this can be recognized because the high bit of the fourth byte underlined 00 is 0 027D01003F48236B252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F524 74520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A 2A2A2A3F2A3B343236362A2A2A2A2A2A2A24393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A3F2A3B33333333333333333333373637363736303730373037373637363736333333333333333333 3337363736373630373037303737363736373633333333333333333333373637363736303730373037373 63736373633333333333333333333373637363736303730373F32863E9E3DA28E455B28F7736B77E47 AG6AEDDA3BF03A06EA44F31D1818COBCD7A353FB1 AD70EFD30FFC3DA08A4FBC9372E57E8BA408 48BAEAA3FE724B3550E2FA4B223E6BF264BEAE9E39142B648CDB51FB8DAF8EA5B63913D29419 B67582FCCCE9B372660F03668CC453216D9449C6
37. IDT CH Value through Innovation USER MANUAL SecureHead Encrypted Magnetic Read Head SPI Interface Cere 80101502 001 D 05 06 2011 User Manual SecureHead SPI Interface Agency Approved Specifications for subpart B of part 15 of FCC rule for a Class A computing device Limited Warranty ID TECH warrants to the original purchaser for a period of 12 months from the date of invoice that this product is in good working order and free from defects in material and workmanship under normal use and service ID TECH s obligation under this warranty is limited to at its option replacing repairing or giving credit for any product which has within the warranty period been returned to the factory of origin transportation charges and insurance prepaid and which is after examination disclosed to ID TECH s satisfaction to be thus defective The expense of removal and reinstallation of any item or items of equipment is not included in this warranty No person firm or corporation 1 authorized to assume for ID TECH any other liabilities in connection with the sales of any product In no event shall ID TECH be liable for any special incidental or consequential damages to Purchaser or any third party caused by any defective item of equipment whether that defect is warranted against or not Purchaser s sole and exclusive remedy for defective equipment which does not conform to the requirements of sales is to have such equipment replaced o
38. ISO stands for International Standards Organization Track 1 Field ID Contents Length Character a Start Sentinel 1 b Format Code 1 Account Number 12 or 19 d Separator 1 Cardholder Name variable f Separator 1 g Expiration date 4 h Optional Discretionary data variable i End Sentinel 1 1 Linear Redundancy Check 1 LRC Character Track 2 a Start Sentinel 1 b Account Number 12 or 19 Separator 1 Expiration date 4 Optional discretionary data variable f End Sentinel 1 g Linear Redundancy Check 1 LRC Character Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 43 of 64 User Manual SecureHead SPI Interface AAMVA Driver s License Format Track 1 Start Sentinel 1 State or Province 2 City 13 Name 35 Address 29 End Sentinel 1 ga Linear Redundancy Check LRC Character Track 2 Start Sentinel ANSI User Code ANSI User ID Jurisdiction ID DL Expiration date 4 l Ka AR Birth Date Remainder of Jurisdiction ID DL gt End Sentinel I Linear Redundancy Check 1 LRC Character Track 3 Start Sentinel Template Version Security Version
39. ON The SPI SecureHead magnetic stripe reader can read 1 2 3 tracks of magnetic stripe information When connected to the host the SecureHead is completely compatible with SPI Specification The raw data or decoded data send to host through the SPI The SecureHead supports both unencrypted and encrypted data output When the encryption is not turned on the decoded data can be formatted with preamble postamble and terminator characters to match the format expected by the host Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 5 of 64 User Manual SecureHead SPI Interface 2 SPECIFICATIONS General Card Speed Electrical Power Supply I O Voltage Range Current ESD Environment Operating Temperature Storage Temperature Humidity Mechanical Weight 3 to 75 ips 7 6 to 190 5 cm s 3 0 to 3 6 VDC 2 7 to 3 6 VDC Active Power Supply Current Standby Power supply Current Sleep Power supply Current 4 discharge to head can 0 C to 55 40 C to 70 10 to 90 non condensing 5 67 grams 5 mA 1 5 mA 120 uA Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 6 of 64 User Manual SecureHead SPI Interface Dimension 9030 0 AZIMUTH TRACK Z LOCATION 30 12 0 315 0 004 12 20 48 Ld p HOLES 42 6040 10 1 577 0 004 ban 70 000
40. T VIE ARI UA aso Eis Rs EPI H T TT REPRE Key Management Secure Level 2 N Enable encryption Y N Decode Method Secure Level 3 Pass authentication gt N G Encrypt Methord Error Status Data ISO ABA ISO ABA N N Y N Reload DUKPT Error Status MEY 1240 MEY STOL 1X9 91T Clear Text Clear Text Clear Text Other RAW IDT Level 1 and 2 IDT Raw Decode data Data Output Y 1X9 JAD ISO ABA AES Decript Clear Text TDES Decript ISO ABA ISO ABA Non ISO ABA 15 IS output L3output AYGA output format TDES Decript AES Decript Clear Text 14 Non ISO ABA ISO ABA 14 output format output output format AES Descript TDES Descript AES Descript TDES Descript Raw data format Raw data format Raw data format Raw data format Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 48 of 64 User Manual SecureHead SPI Interface Fixed Key Exist Encrypt Enable Load Fixed Key Clear Text 12 Decode Data Format AES Descript TDES Descript Clear Text Clear Text IDT Raw Data Other Raw
41. aiting for Activate Authentication Mode Command The command must be sent before the card can be read Olh The authentication request has been sent the reader is waiting for the Activation Challenge Reply Command 02h The reader is waiting for a card swipe Pre condition specifies how the reader goes to its current state as follows 00h The reader has no card swipes and has not been authenticated since it was powered up Olh Authentication Mode was activated successfully The reader processed a valid Activation Challenge Reply command 02h The reader receives a good card swipe 03h The reader receives a bad card swipe or the card is invalid 04h Authentication Activation Failed 05h Authentication Deactivation Failed 06h Authentication Activation Timed Out The Host fails to send an Activation Challenge Reply command within the time specified in the Activate Authentication Mode command 07h Swipe Timed Out The user fails to swipe a card within the time specified in the Activation Challenge Reply command Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 39 of 64 User Manual SecureHead SPI Interface 4 16 Other Command Protocol Settings 4 16 1 SPI Clock Phase and Polarity Settings The clock phase and polarity of SPI interface can be adjusted Both the host and device must be set to the same SPI setting in order to communicate correctly Command 01 00 04 00
42. ation request the user also needs to specify a time limit for the reader to wait for the activation challenge reply command The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If the reader times out while waiting for the activation challenge reply the authentication failed Device Response When authentication mode is requested the device responds with two challenges Challenge 1 and challenge 2 The challenges are encrypted using the current DUKPT key exclusive or ed with lt FOFO FOFO FOFO FOFO FOFO FOFO FOFO 0 gt The decrypted challenge 1 contains 6 bytes of random number followed by the last two bytes of KSN The two bytes of KSN may be compared with the last two bytes of the clear text KSN sent in Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 36 of 64 User Manual SecureHead SPI Interface the message to authenticate the reader The user should complete the Activate Authentication sequence using Activation Challenge Reply command Command Structure Host gt Device lt STX gt lt R gt lt 80h gt lt 02h gt lt Pre Authentication Time Limit gt lt ETX gt lt CheckSum gt Device gt Host lt ACK gt lt STX gt lt Device Response Data gt lt ETX gt lt CheckSum gt success lt NAK gt fail Pre Authenti
43. card is swiped through the Reader the track data will be TDEA Triple Data Encryption Algorithm aka Triple DES or AES Advanced Encryption Standard encrypted using Fixed key management or DUKPT Derived Unique Key Per Transaction key management DUKPT key management uses a base derivation key to encrypt a key serial number that produces an initial encryption key which is injected into the Reader prior to deployment After each transaction the encryption key is modified per the DUKPT algorithm so that each transaction uses a unique key Thus the data will be encrypted with a different encryption key for each transaction 4 14 2 Security Related Function ID Security Related Function IDs are listed below Their functions are described in other sections Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 25 of 64 User Manual SecureHead SPI Interface Characters Hex Value Description PrePANID 49 First N Digits in PAN which can be clear data PostPANID 4A Last M Digits in PAN which can be clear data MaskCharID 4B Character used to mask PAN EncryptionID 4C Security Algorithm SecurityLevelID 7E Security Level Read Only Device Serial Number ID 4E Device Serial Number Can be write once After that can only be read DisplayExpirationDataID 50 Display expiration data as mask data or clear data KSN and Counter ID 51 Review the Key Serial Number
44. cation Time Limit 2 bytes of time in seconds Device Response Data 26 bytes data consists of Current Key Serial Number gt Challenge 17 Challenge 27 Current Key Serial Number 10 bytes data with Initial Key Serial Number in the leftmost 59 bits and Encryption Counter in the rightmost 21 bits Challenge 1 8 bytes challenge used to activate authentication Encrypted using the key derived from the current DUKPT key Challenge 2 8 bytes challenge used to deactivate authentication Encrypted using the key derived from the current DUKPT key Activation Challenge Reply Command This command serves as the second part of an Activate Authentication sequence The host sends the first 6 bytes of Challenge 1 from the response of Activate Authenticated Mode command two bytes of Authenticated mode timeout duration and eight bytes Session ID encrypted with the result of current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt The Authenticated mode timeout duration specifies the maximum time in seconds which the reader would remain in Authenticated Mode A value of zero forces the reader to stay in Authenticated Mode until a card swipe or power down occurs The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour Session ID information is included If the command is successf
45. ce Description Track 1 Track 2 and Track 3 Unencrypted Length This one byte value is the length of the original Track data It indicates the number of bytes in the Track masked data field It should be used to separate Track 1 Track 2 and Track 3data after decrypting Track encrypted data field Track 3 Unencrypted Length This one byte value indicates the number of bytes in Track 3 data field Track 1 and Track 2 Masked Track data masked with the MaskCharID default is The first PrePANID up to 6 for BIN default is 4 and last PostPANID up to 4 default is 4 characters can be in the clear unencrypted Track 1 Track 2 and Track 3 Encrypted This field is the encrypted Track data using either TDES CBC or AES CBC with initial vector of 0 If the original data is not a multiple of 8 bytes for TDES or a multiple of 16 bytes for AES the reader right pads the data with 0 The key management scheme is DUKPT or Fixed key For DUKPT the key used for encrypting data is called the Data Key Data Key is generated by first taking the DUKPT Derived Key exclusive or ed with 0000000000FF0000 0000000000FF0000 to get the resulting intermediate variant key The left side of the intermediate variant key is then TDES encrypted with the entire 16 byte variant as the key After the same steps are preformed for the right side of the key combine the two key parts to create the Data Key Encrypted Data Length Track 1 and Track 2 data are e
46. ds on all the previous blocks As a result each encrypted data block would need to be decrypted sequentially To encrypt the data first generate an 8 byte random initialization vector which is XOR ed with the first data block before it is encrypted Then the data is encrypted with the device key using TDES algorithm The result is again XOR ed with the next 8 byte data block before it is encrypted The process repeats until all the data blocks have been encrypted The host can decrypt the cipher text from the beginning of the block when the data is received However it must keep track of both the encrypted and clear text data Or alternatively the data can be decrypted backward form that last data block to the first so that the decrypted data can replace the original data as the decryption is in process To decrypt the data using reverse method first decrypt the last 8 byte of data using TDES decryption Then perform an XOR operation with result and the preceding data block to get the last data block in clear text Continue to decrypt the next previous block with the same method till it reaches the first block For the first data block the operation can be skipped since it is XOR ing with 00h bytes Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 47 of 64 User Manual SecureHead SPI Interface APPENDIX E KEY MANAGEMENT FLOW CHART TORRENS UND a
47. ed Page 58 of 64 User Manual SecureHead SPI Interface APPENDIX H EXAMPLE OF SPI MASTER CHIP CONTROLING HN XXX XX Ck XXX KX KKK XXX KX XX Kok NK ek eee NAME Spi drv h Copyright c 2003 ID TECH RELEASE cc03 demo spi 0 0 1 REVISION lala PURPOSE spi lib header file CK Ck kk koe AA ke ke koe ok ek ek ee ex ifndef spi H define spi DRV H E INCI DES DEFINITION Pin define define IN P3 4 SPI chip has data ready define SPI 55 1 1 SPI chip select pin 5 In Master mode the baud rate be selected from a baud rate generator which is controlled by three bits in the SPCON register SPR2 SPR1 and SPRO The Master clock is chosen from one of seven clock rates resulting from the division of the internal clock by 2 4 8 16 32 04 or 128 define SPI RATIO 2 0x00 FCLK PERIPH 2 define SPI RATIO 4 0x01 4 define SPI RATIO 8 0x02 FCLK PERIPH 8 define SPI RATIO 16 0x03 FCLK PERIPH 16 define SPI RATIO 32 0x80 FCLK PERIPH 32 define SPI RATIO 64 0x81 FCLK PERIPH 64 define SPI RATIO 128 0x82 FCLK PERIPH 128 define SPI RATIO INVALID 0x83 No BRG MACROS x SPIF Serial Peri
48. ed encryption output format Changed device serial number length from 8 byte to 10 byte Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 3 of 64 User Manual SecureHead SPI Interface Table of Contents 1 INTRODUCTION 5 25 A LIONS 6 3 SPORE RATION c ntis sri 10 3 1 SPI Data ENT I TT S 10 342 Clock Polarity And Phase coo us 10 3 3 Master Input Slave Output MISO 11 3 4 Master Output Slave Input MOST 11 3 5 Data Available Output 12 3 6 Chip HRS NA v RR 13 3 7 Input amd Ground usce re 14 3 8 ROMANIA eT 14 4 CONFIGURATION 15 4 1 Set p Commands a 15 4 2 Communication c 16 4 3 deudas 16 4 4 General Selections taedio 16 4 5 PREVIEW SSH INOS AE a 18 4 6 Review Firmware met EA a NP otto va 18 4 7 Review Sernal INU GT drea 18 4 8 Message Formatting Selections Only for Security Level 1 amp 2 18 4 9 Magnetic Track Selections Only for Security Level 1 20 4 10 SECUFIDY ata Tor INIM e P PN et ber
49. eit datei tanus 21 4 11 Review KSN DUKPT Key management only 24 4 12 Review Security Level ode d pea a iR Rino e DeL gta et S 24 413 Encrypt External Data oc 25 414 Encrypted Output for Decoded Data sss 25 4 15 Level 4 Activate Authentication Fs ern etude d 36 416 Other Command Protocol Seti Os a scs de tee uide i soda rtl er DeL AR d ee EN 40 APPENDIX A DEFAULT SETTING 4 4 2 202 0 0000 0000000000000000000 00000000 42 Default Seting oie vedete IECUR 42 APPENDIX B MAGNETIC STRIPE STANDARD 2 6 43 ISO CreditCard TT uisi tanus si dudo dei ah dt UR 43 AAMVA Driver s License 44 APPENDIX C OTHER MODE CARD DATA OUTPUT 46 APPENDIX D GUIDE TO ENCRYPTING AND DECRYPTING DATA mm 47 APPENDIX E KEY MANAGEMENT FLOW 000 nennen nennen 48 APPENDIX EXAMPLE OF DECODED DATA DECRYPTION eene 50 APPENDIX G EXAMPLE OF IDTECH RAW DATA DECRYPTION 1 rnm 57 APPENDIX EXAMPLE OF SPI MASTER CHIP CONTROLING 2 29 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 4 of 64 User Manual SecureHead SPI Interface 1 INTRODUCTI
50. hentication process again until it s succeed before any security related featured can be changed Commands Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 23 of 64 User Manual SecureHead SPI Interface 1 Retrieve Encrypted Challenge Command Host gt Device lt STX gt lt R gt lt 74h gt lt ETX gt lt CheckSum gt Device gt Host lt ACK gt lt STX gt lt 8 bytes of TDES encrypted random data gt lt ET X gt lt CheckSum gt success lt NAK gt fail 2 Send External Authenticate Command Host gt Device lt STX gt lt S gt lt 74h gt lt 08h gt lt 8 bytes of original random data gt lt ETX gt lt CheckSum gt Device gt Host lt gt success lt gt fail 4 10 4 Encryption Settings Enable or disable the SecureHead Encryption output in ID TECH protocol If encryption is disabled original data will be sent out to the host If it enabled encrypted data will be send out to the host lt STX gt lt S gt lt 4Ch gt lt 01h gt lt Encryption Settings gt lt ETX gt lt CheckSum gt Encryption Settings 0 Encryption Disabled 1 Enable TDES Encryption 2 Enable AES Encryption Not for Raw Data Decoding in Both Directions send out in other mode 4 11 Review KSN DUKPT Key management only lt 5 gt lt gt lt 51 gt lt gt lt gt This command is to get DUKPT key serial number and counter
51. l 3 Data Output Original Format only change lt DUKPT serial number gt to device serial number plus two NULL bytes This 4 14 10 DUKPT Level 3 Data Output Enhanced Format mode is used when all tracks must be encrypted or encrypted OPOS support is required or when the tracks must be encrypted separately or when cards other than type 0 ABA bank cards must be encrypted or when track 3 must be encrypted This format is the standard encryption format but not yet the default encryption format 16 Encryption Output Format Setting Command 53 85 01 Encryption Format gt Encryption Format 0 Original Encryption Format Enhanced Encryption Format Encryption Option Setting for enhanced encryption format only Command 53 84 01 Encryption Option gt Encryption Option default 08h 610 1 track 1 force encrypt bitl 1 track 2 force encrypt bit2 1 track 3 force encrypt bit3 1 track 3 force encrypt when card type 15 0 Note 1 When force encrypt is set this track will always be encrypted regardless of card type No clear mask text will be sent 2 If and only if in enhanced encryption format each track is encrypted separately Encrypted data length will round up to 8 or 16 bytes 3 When force encrypt is not set the data will be encrypted in original encryption format that is only track 1 and track 2 of type 0 cards ABA bank cards will be encrypted Copyright O 2010 2011 Inte
52. le Spi drv c KKK KK kc KKK eee Copyright c 2004 ID TECH inc RK KK KKK e A e e e E A e KKK ek eee CREATION DATE 2004 1 10 JKKK OK OK KKK I K k K k Gk ck Gk ck Gk ck kk ok ok ok ok ok ck ko ko kk PURPOSE spi library low level functions init receive and send functions and global variables declarations to use with user software application fe TN GL ES include spi drv h MACROS DEFINITION Uchar transmit completed 0 0 by default extern Uchar data SPI IPNT DECLARATION Here are some global flags to use with spi library These global flags arec used to communicate with higher level functions user application Here the globals variables to communicate with spi interrupt routine KKK KX CK XK KX KKK Kok RC KG E e ko ko ke k ok AA XX NAME spi isp PARAMS none return none PURPOSE spi interruption program for serial transmission Master and Slave mode
53. lt LRC gt lt LENGTH gt 0x21 lt KEY gt 0x33 lt KEY bytes gt 0x20 bytes ASCII for KEY lt RESPONSE CODE gt 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KEY bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2F 77 6F 68 4D 7A 5 A 42 5 1 7A 49 35 4D 6B 5 A 42 5 1 54 45 7A 4D 5 4 56 43 4E 45 5 1 34 4 E 54 68 42 5 1 6A 4E 42 4D 30 5 1 33 52 44 55 35 4D 7A E 42 6C 51 3D 3D OD 0A 03 2D Response 06 02 46 46 OD 0A 03 LRC 4 10 3 External Authenticate Command Fixed Key Only Before a security related command is executed an authentication process is required to make sure the device key used is correct For example authentication is needed whenever the encryption is enabled disabled or the device key is changed Once the authentication process is finished successfully the same process would not be needed again until the device is restarted e First the host would get a data block which is generated by encrypting a random 8 byte data using TDES algorithm e The host then decrypts the data block using TDES algorithm using the current device key e The host initiates an External Authenticate Command to verify the decrypted 8 bytes of random data e The device checks to see if the data matches the random data generated If the data are the same authentication process is successful If it fails the host must start the aut
54. lt LenH gt is a two byte length of Card Data lt CheckLRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is one byte Sum value calculated for all Card data Card Data card data format is shown below ISO ABA Data Output Format e card encoding type 0 ISO ABA 4 for Raw Mode e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 unencrypted length 1 byte 0 for no track1 data e track 2 unencrypted length 1 byte 0 for no track2 data e track 3 unencrypted length 1 byte 0 for no track3 data e track 1 masked Omitted if in Raw mode e track 2 masked Omitted if in Raw mode e track 3 data Omitted if in Raw mode e track 1 encrypted AES TDES encrypted data e track 2 encrypted AES TDES encrypted data e track 3 encrypted Only used in Raw mode e track 1 hashed 20 bytes SHA1 Xor e track 2 hashed 20 bytes SHA1 Xor e DUKPT serial number 10 bytes Non ISO ABA Data Output Format e card encoding type 1 AAMVA 3 Others e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track length 1 byte 0 for no track1 data e track 2 length 1 byte 0 for no track2 data e track 3 length 1 byte 0 for no track3 data e track data e track 2 data e track 3 data Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 31 of 64 User Manual SecureHead SPI Interfa
55. mand buf if spilength MAX LEN Quit while loop if read the end of input buffer break SPI SS 1 Read out all the data from SPI slave set chip select pin to idle high for i 0 i lt spilength 1 Send out data from UART port put byte Command INbuf i Copyright 2010 2011 International Technologies amp Systems Corporation rights reserved Page 60 of 64 User Manual SecureHead SPI Interface TE IA AIT SA Other subroutine to handle other tasks if SPIMasterCommandReady If SPI master wants to send a command to SPI slave SPI SS 1 To Generate a falling edge Not useful for clock phase 0 but clock phase 1 needs this falling edge delayl0us Wait for high level get steady 55 0 Pull chip select pin low ready to start SPI communication for j 0 j lt Command Length Send out whole command string spi Sendout Command OUTbuf j 1 _SPI_SS 1 Read out all the data from SPI slave set chip select pin to idle high BeepOn Long Send out one beep to indicate command finished A Ea Other subroutine to handle other tasks while TRUE Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 61 of 64 User Manual SecureHead SPI Interface CR KK kk CK KOC I AA AO Modu
56. ment flag is set to O1h If device cannot decrypt Challenge 2 successfully it will stay in Authenticated Mode until timeout occurs or when customer swipes a card The KSN is incremented every time the authenticated mode is exited by timeout or card swipe action When the authenticated mode is exited by Deactivate Authenticated Mode command the KSN will increment when the increment flag is set to O1h Command Structure Host gt Device lt 5 gt lt 5 gt lt 81 gt lt 08 for TDES or 10h for AES gt lt Deactivation Data gt lt ETX gt lt CheckSum gt Device gt Host lt gt success lt gt fail lt Deactivation data 8 bytes response to Challenge 2 It contains 7 bytes of Challenge 2 with 1 byte of Increment Flag encrypted by the specified variant of current DUKPT Key Get Reader Status Command Command Structure Host gt Device lt STX gt lt R gt lt 83h gt lt ETX gt lt CheckSum gt Device gt Host Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 38 of 64 User Manual SecureHead SPI Interface lt ACK gt lt STX gt lt 83h gt lt 02h gt lt Current Reader Status gt lt Pre conditon gt lt ETX gt lt CheckSum gt success lt gt fail Current Reader Status 2 bytes data with one byte of lt Reader State gt and one byte of lt Pre Condition gt Reader State indicates the current state of the reader 00h The reader is w
57. n format Field 8 Clear masked data sent status byte Bit 0 1 track 1 clear mask data present Bit 1 1 track 2 clear mask data present Bit 2 1 track 3 clear mask data present Bit 3 0 reserved for future use Bit 4 0 reserved for future use Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 35 of 64 User Manual SecureHead SPI Interface Bit 5 0 reserved for future use Note 4 Encrypted Hash data sent status Field 9 Encrypted data sent status Bit 0 1 track 1 encrypted data present Bit 1 1 track 2 encrypted data present Bit 2 1 track 3 encrypted data present Bit3 1 track 1 hash data present Bit 4 1 track 2 hash data present Bit 5 1 track 3 hash data present Bit 6 1 session ID present Bit 7 1 KSN present 4 14 11 Fix Key Management Data Output Enhanced Format Same as 4 14 10 DUKPT Level 3 Data Output Enhanced Format only change lt KSN gt to device serial number plus two NULL bytes 4 15 Level 4 Activate Authentication Sequence The security level changes from 3 to 4 when the device enters authentication mode successfully Once the security level is changed to level 3 or 4 it cannot go back to a lower level Activate Authentication Mode Command When the reader is in security level 4 it would only transmit the card data when it is in Authenticated Mode Authentication Mode Request When sending the authentic
58. ncrypted as a single block In order to get the number of bytes for encrypted data field we need to get Track 1 and Track 2 unencrypted length first The field length is always a multiple of 8 bytes for TDES or multiple of 16 bytes for AES This value will be zero if there was no data on both tracks or if there was an error decoding both tracks Once the encrypted data 15 decrypted all padding 0 need to be removed The number of bytes of decoded track 1 data is indicated by track 1 unencrypted length field The remaining bytes are track 2 data the length of which is indicated by track 2 unencrypted length filed Track 1 and Track 2 Hashed SecureHead reader uses SHA 1 to generate hashed data for both track 1 and track 2 unencrypted data It is 20 bytes long for each track This is provided with two purposes in mind Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 32 of 64 User Manual SecureHead SPI Interface One is for the host to ensure data integrity by comparing this field with a SHA 1 hash of the decrypted Track data prevent unexpected noise in data transmission The other purpose is to enable the host to store a token of card data for future use without keeping the sensitive card holder data This token may be used for comparison with the stored hash data to determine if they are from the same card 4 14 9 Fixed Key Level 3 Data Output Original Format Same as 4 14 8 DUKPT Leve
59. no track separator Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 20 of 64 User Manual SecureHead SPI Interface 4 9 3 Start End Sentinel and Track 2 Account Number Only The SecureHead can be set to either send or not send the Start End sentinel and to send either the Track 2 account number only or all the encoded data on Track 2 The Track 2 account number setting doesn t affect the output of Track 1 and Track 3 lt STX gt lt S gt lt 19h gt lt 0 1h gt lt SendOption gt lt ETX gt lt CheckSum gt SendOption 0 Don t send start end sentinel and send all data on Track 2 1 Send start end sentinel and send all data on Track 2 2 Don t send start end sentinel and send account on Track 2 3 Send start end sentinel and send account number on Track 2 4 10 Security Settings 4 10 1 Select Key Management Type lt STX gt lt S gt lt 58h gt lt 01h gt lt Key Management Type gt lt ETX gt lt CheckSum gt Key Management Type 0 Fix key management 1 DUKPT Key management 4 10 2 Load Device key Command The Encrypted swipe read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and
60. olarity 0 data are read clock s falling edge and data are changed on a rising edge 3 Clock phase 1 and Polarity 1 data are read on clock s rising edge and data are changed on a falling edge 4 4 2 Change to Default Settings lt STX gt lt S gt lt 18h gt lt ETX gt lt CheckSum gt This command does not have any lt FuncData gt It returns all settings for all groups to their default values 4 4 3 MSR Reading Settings Enable or Disable the SecureHead If the reader is disabled no data will be sent out to the host lt STX gt lt S gt lt 1Ah gt lt 01h gt lt MSR Reading Settings gt lt ETX gt lt CheckSum gt MSR Reading Settings 0 MSR Reading Disabled 1 MSR Reading Enabled 4 4 4 Decoding Method Settings The SecureHead can support four kinds of decoded directions lt STX gt lt S gt lt 1Dh gt lt 01h gt lt Decoding Method Settings gt lt ETX gt lt CheckSum gt Decoding Method Settings 0 Raw Data Decoding in Both Directions send out in ID TECH mode 1 Decoding in Both Directions If the encryption feature is enabled the key management method used is DUKPT 2 Moving stripe along head in direction of encoding If the encryption feature is enabled the key management method used is DUKPT 3 Moving stripe along head against direction of encoding If the encryption feature is enabled the key management method used is DUKPT 4 Raw Data Decoding in Both Directions
61. pheral data transfer flag Cleared by hardware to indicate data transfer is in progress or has been approved by a clearing sequence Set by hardware to indicate that the data transfer has been completed define Spif set SPSCR amp MSK SPSCR SPIF MSK SPSCR SPIF If equal the data transfer has been completed DECLARATION kf Uchar spi set speed Uchar data ratio void spi master init Uchar data cpol Uchar data cpha Uchar data ssdis Uchar data speed void spi Sendout Uchar data inchar endif SPI DRV Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 59 of 64 User Manual SecureHead SPI Interface TCR KR KX KOC XNXX KKK XNXX KX XX AA Module main c IK k k k XX Copyright c 2004 ID TECH inc RK KK KK e e I kc ko kk ek eee 2004 1 10 J EEK KK K k K K Ak K K ok ok ok oko ko ko ROR ok PURPOSE spi library low level functions init receive and send functions and global variables declarations to use with user software application
62. pted random data from Get Challenge Command Response 01 00 02 01 00 Success 01 00 02 01 01 Fail 4 16 6 Load Security Key The sixteen bytes key is used encryption and its default value is 0000 0000 0000 0000 0000 0000 0000 0000 For security purpose key injection only allowed after successful external authentication and will be loaded by two components each with 16 bytes of key Those two components will be XORed to generate key for encryption Command Format 01 00 13 00 04 01 16 bytes of First Key Component gt 01 00 13 00 04 02 16 bytes of Second Key Component gt Command Response 01 00 02 01 00 Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 41 of 64 User Manual SecureHead SPI Interface APPENDIX A DEFAULT SETTING TABLE Default Setting Table MSR Reading Enable Decoding Method Both Swiping Direction Decode mode Track Separator Settings CR Terminator Settings CR Preamble Settings None Postamble Settings None Track Selected Settings Any Track Sentinel and T2 Account No Send Sentinels and all T2 data Data Edit Setting Disabled Track Prefix None Track Suffix None Copyright O 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 42 of 64 User Manual SecureHead SPI Interface APPENDIX B MAGNETIC STRIPE STANDARD FORMATS ISO Credit Card Format
63. r repaired by ID TECH For limited warranty service during the warranty period please contact ID TECH to obtain a Return Material Authorization RMA number amp instructions for returning the product THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE THERE ARE NO OTHER WARRANTIES OR GUARANTEES EXPRESS OR IMPLIED OTHER THAN THOSE HEREIN STATED THIS PRODUCT IS SOLD AS IS IN NO EVENT SHALL ID TECH BE LIABLE FOR CLAIMS BASED UPON BREACH OF EXPRESS OR IMPLIED WARRANTY OF NEGLIGENCE OF ANY OTHER DAMAGES WHETHER DIRECT IMMEDIATE FORESEEABLE CONSEQUENTIAL OR SPECIAL OR FOR ANY EXPENSE INCURRED BY REASON OF THE USE OR MISUSE SALE OR FABRICATIONS OF PRODUCTS WHICH DO NOT CONFORM TO THE TERMS AND CONDITIONS OF THE CONTRACT 2010 International Technologies amp Systems Corporation The information contained herein is provided to the user as a convenience While every effort has been made to ensure accuracy ID TECH is not responsible for damages that might occur because of errors or omissions including any loss of profit or other commercial damage The specifications described herein were current at the time of publication but are subject to change at any time without prior notice ID TECH is a registered trademark of International Technologies amp Systems Corporation SecureHead and Value through Innovation are trademarks of International Technologies amp Systems Corporation Copyright O
64. reserved Page 19 of 64 User Manual SecureHead SPI Interface lt STX gt lt S gt lt n gt lt Len gt lt Suffix gt lt ETX gt lt CheckSum gt Where lt n gt 37h for track 1 38h for track 2 and 39h for track 3 lt Len gt the number of bytes of suffix string lt Suffix gt string length string NOTE String length is one byte maximum six 4 9 Magnetic Track Selections Only for Security Level 1 amp 2 4 9 1 Track Selection There are up to three tracks of encoded data on a magnetic stripe This option selects the tracks that will be read and decoded lt STX gt lt S gt lt 13h gt lt 01h gt lt Track_ Selection Settings gt lt ETX gt lt CheckSum gt Track Selection Settings 0 Any Track 1 Require Track 1 Only 2 Require Track 2 Only 3 Require Track 1 amp Track 2 4 Require Track 3 Only 5 Require Track 1 amp Track 3 6 Require Track 2 amp Track 3 7 Require Three Tracks 8 Any Track 1 amp 2 9 Any Track 2 amp 3 Note If any of the required multiple tracks fail to read for any reason no data for any track will be sent 4 9 2 Track Separator Selection This option allows the user to select the character to be used to separate data decoded by a multiple track reader lt STX gt lt S gt lt 17h gt lt 01h gt lt Track_Separator gt lt ETX gt lt CheckSum gt lt Track_Separator gt is one ASCII Character The default value is CR Oh means
65. rnational Technologies amp Systems Corporation rights reserved Page 33 of 64 User Manual SecureHead SPI Interface 3 Hash Option Setting Command 53 5C 01 Hash Option Hash Option 0 7 Bit0 1 track1 hash will be sent 1f data 15 encrypted 1 track2 hash will be sent if data is encrypted Bit2 1 track3 hash will be sent 1f data 15 encrypted 4 Mask Option Setting for enhanced encryption format only Command 53 86 01 Mask Option Mask Option Default 0x07 bit0 1 tk1 mask data allow to send when encrypted bitl 1 tk2 mask data allow to send when encrypted bit2 1 tk3 mask data allow to send when encrypted When mask option bit is set if data is encrypted but not forced encrypted the mask data will be sent If mask option is not set the mask data will not be sent under the same condition Card data is sent out in the following format lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt STX Data Length low byte Data Length high byte Card Encode Type Track 1 3 Status Track 1 data length Track 2 data length Track 3 data length Clear masked data sent status Encrypted Hash data sent status 4 Track 1 clear mask data Track 2 clear mask data Track 3 clear mask data Track 1 encrypted data Track 2 encrypted data Track 3 encrypted data Session ID 8 bytes Security level 4 only Track 1 hashed 20 bytes
66. security level e Level 4 When the reader is at Security Level 4 a correctly executed Authentication Sequence is required before the reader sends out data for each card swipe 4 14 4 Encryption Management Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 28 of 64 User Manual SecureHead SPI Interface The Encrypted swipe read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN 4 14 5 Check Card Format ISO ABA American Banking Association Card Encoding method is 7 bits encoding is 7 bits encoding Track2 is 5 bits encoding Track3 is 5 bits encoding is 7 bits encoding Track2 is 5 bits encoding Track2 is 5 bits encoding Additional check Track1 2 byte is B There is only one in track 2 and the position of is between 13 20 character Total length of track 2 should above 21 characters AAMVA American Association of Motor Vehicle Administration Card Encoding method is 7 bits encoding Track2 is 5 bits encoding Track3 is 7 bits encoding e Others Customer card 4
67. select pin to idle high level Spi set speed speed Set SPI master speed to Fper 32 if cpol SPCON MSK SPCON CPOL Cleared to have the SCK set to 0 in idle state if cpha SPCON MSK SPCON CPHA Cleared to have the data sampled when the SCK leaves the idle state if 55415 SPCON MSK SPCON SSDIS Set to disable chip select in both Master and Slave modes Select manually control CS pin SPCON MSK SPCON SPEN Set to enable the SPI interface ko kc ko ke AA NAME spi Sendout PARAMS inchar the character want to send out return none PURPOSE Send out one character Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 63 of 64 User Manual SecureHead SPI Interface NOTE This function is use only in spi master mode void spi Sendout Uchar data inchar Uchar data m SPDAT inchar send a data put the data into SPDAT register while transmit completed wait for transmition complete interrupt complete flag transmit completed will be set in SPI interrupt subroutine transmit completed 0 clear software transmit end flag 4 Delay 40us then poll for DAV pin status or send out next byte do delaylOus while m Copyright O 2010 2011 International Technologies amp
68. send out in other mode If the encryption feature is enabled the key management method used is fixed key With the bi directional method the user can swipe the card in either direction and still read the data encoded on the magnetic stripe Otherwise the card can only be swiped in one specified direction to read the card Raw Decoding just sends the card s magnetic data in groups of 4 bits per character The head reads from the first byte of each track starting from the most significant bit The data starts to being collected when the first 1 bit is detected No checking is done except to verify track has or does not have magnetic data Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 17 of 64 User Manual SecureHead SPI Interface 4 5 Review Settings lt STX gt lt R gt lt 1Fh gt lt ETX gt lt CheckSum gt This command does not have any lt FuncData gt It activates the review settings command SecureHead sends back an lt ACK gt and lt Response gt lt Response gt format The current setting data block is a collection of many function setting blocks lt FuncSETBLOCK gt as follows lt STX gt lt FuncSETBLOCK1 gt lt FuncSETBLOCKn gt lt ETX gt lt CheckSum gt Each function setting block lt FuncSETBLOCK gt has the following format lt FuncID gt lt Len gt lt FuncData gt Where lt FuncID gt is one byte identifying the setting s for the function Len
69. t lt CheckSum gt b Read Status Command lt STX gt lt R gt lt FuncID gt lt ETX gt lt CheckSum gt c Special Function Command lt STX gt lt FuncID gt lt Len gt lt FuncData gt lt ETX gt lt CheckSum gt Response from SecureHead a Setting Command Host SecureHead Setting Command gt lt ACK gt if OK or lt lt gt if Error b Read Status Command Host SecureHead Read Status Command gt lt lt gt and Response if OK Or lt lt gt if Error c Special Function Command Host SecureHead Special Function Command gt lt gt and Response if OK Or lt lt gt if Error Copyright O 2010 2011 International Technologies amp Systems Corporation rights reserved Page 15 of 64 User Manual SecureHead SPI Interface Where lt STX gt 02h lt 5 gt Indicates setting commands 53h lt R gt Indicates read status commands 52h lt FuncID gt One byte Function ID identifies the particular function or settings affected lt Len gt One byte length count for the following data block lt FuncData gt lt FuncData gt data block for the function lt ETX gt 03h lt CheckSum gt Check Sum The overall Modulo 2 Exclusive OR sum from lt STX gt to lt CheckSum gt should be zero lt ACK gt 06h lt NAK gt 15h 4 2 Communication Timing The SecureHead takes time to process a command
70. the Encryption Key associated with the current DUKPT KSN Fixed Key Management The load device key command loads a sixteen bytes key to the device This key is used to encrypt the card data using triple DES or AES encryption algorithm For triple DES if the first 8 bytes of key equals to the second 8 bytes of the key then the encryption algorithm becomes the single DES encryption Default value of device key in hex is 0000 0000 0000 0000 0000 0000 0000 0000 Load Device Key Command Host gt Device Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 21 of 64 User Manual SecureHead SPI Interface lt STX gt lt S gt lt 76h gt lt 10h gt lt 16 bytes Device key gt lt ETX gt lt CheckSum gt Device gt Host lt gt success lt gt fail DUKPT Key Management When DUKPT key management is used it is necessary to load Key Serial Number KSN and Initially Loaded Device Key before transaction The encryption key is TDES with 128 bit keys or AES encryption with double length keys 128 bit keys including parity DUKPT Key injection can only be done once KSN and Device Key loading commands and responses protocol Command lt STX gt lt F gt lt F gt lt Command Data BASE64 gt lt 0x0D gt lt 0x0A gt lt ETX gt lt LRC gt Response lt ACK NAK gt lt STX gt lt F gt lt F gt lt Respond Data BASE64 gt lt 0x0D gt lt
71. ul the Session ID will be changed The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response correctly If the device cannot decrypt Challenge Reply command Activate Authenticated Mode fails and DUKPT KSN advances Command Structure Host gt Device lt STX gt lt S gt lt 82h gt lt 10h gt lt Activation Data gt lt ETX gt lt CheckSum gt Copyright 2010 2011 International Technologies amp Systems Corporation All rights reserved Page 37 of 64 User Manual SecureHead SPI Interface Device gt Host lt gt success lt gt fail Activation Data 16 bytes structured as Challenge 1 Response Session ID gt Challenge 1 Response 6 bytes of Challenge 1 random data with 2 bytes of Authenticated mode timeout duration It s encrypted using the key derived from the current DUKPT key Session ID 8 bytes Session ID encrypted using the key derived from the current DUKPT key Deactivate Authenticated Mode Command This command is used to exit Authenticated Mode Host needs to send the first 7 bytes of Challenge 2 from the response of Activate Authenticated Mode command and the Increment Flag 00h indicates no increment 01h indicates increment of the KSN encrypted with current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt If device decrypts Challenge 2 successfully the device will exit Authenticated Mode The KSN will increase if the Incre
Download Pdf Manuals
Related Search