manualshive.com logo in svg

ACS ACR1255U-J1, Reference Manual

The ACS ACR1255U-J1 is a high-quality contactless NFC smart card reader that is perfect for various applications. For further information on how to use this device, refer to the Reference Manual available for free download on our website. Get your manual now at manualshive.com.

Share
Download
background image

 

ACR1255U-J1 – Reference Manual

 

[email protected] 

Version V1.01 

www.acs.com.hk 

Page 17 of 73

 

 

 

5.3.  Authentication 

Before any sensitive data can be loaded into ACR1255U-J1, the data processing server must be 
authenticated by ACR1255U-J1 for the privilege to modify the secured data inside reader. In 
ACR1255U-J1, a mutual authentication method is being used. 

An authentication request is always initiated by either the data processing server or the bridging 
device, which will then trigger ACR1255U-J1 to return a sequence of 16 bytes of random numbers 
(RND_A[0:15]). The random numbers are encrypted with the Customer Master Key currently stored in 
ACR1255U-J1 using the AES-128 CBC ciphering mode before being sent out from ACR1255U-J1. 
The bridging device must pass this sequence of encrypted random numbers to the data processing 
server, which will then undergo  AES-128 CBC cipher mode decryption using the Customer Master 
Key that is being used in the data processing server (which should be the same as the one that is 
being used in ACR1255U-J1 and should be kept securely by the customer). The 16 bytes of 
decrypted random numbers from ACR1255U-J1 is then padded to the end of another 16 bytes of 
random numbers generated by the data processing server (RND_B[0:15]). The final sequence of 32 
bytes of random numbers (RND_C[0:31]), that is: 

RND_C[0:31] = RND_B[0:15] + RND_A[0:15], 

will undergo decryption operation with the Customer Master Key being used in the server and the final 
output data is sent to ACR1255U-J1 through the bridging device using an authentication response 
message. 

When ACR1255U-J1 receives the authentication response message, the message data will undergo 
an encryption operation using its own Customer Master Key and will be converted back to the normal 
32 bytes of random numbers. In theory, the first 16 bytes of random numbers should be equal to 
RND_B[0:15] and are generated by the data processing server while the other 16 bytes should be 
equal to RND_A[0:15] and are originally generated by ACR1255U-J1. 

ACR1255U-J1 will first compare if RND_A[0:15] is the same as the original version. If it is the same, 
then the data processing server is authenticated by ACR1255U-J1. ACR1255U-J1 will then encrypt 
RND_B[0:15] obtained using the Customer Master Key and the feedback to the data processing 
server through the bridging device using the answer to the authentication response message. 

Upon receiving the answer to the authentication response message, the data processing server will 
decrypt the data contained in the message and check if the 16 bytes of random numbers are all equal 
to those originally generated RND_B[0:15]. If they are the same, then ACR1255U-J1 is authenticated 
by the server. At this moment, the whole authentication process is completed and sensitive data can 
be injected into ACR1255U-J1. 

After successful authentication, a 16-byte Session Key is generated in both ACR1255U-J1 and the 
data processing server. The Session Key (SK[0:15]) is obtained by padding the first 8 bytes of RND_B 
at the end of the first 8 bytes of RND_A, that is: 

SK[0:15] = RND_A[0:7] + RND_B[0:7] 

All sensitive data leaving out of the Secured Data Processing Server must be encrypted with this 
Session Key using the AES-128 CBC ciphering mode. Thus, even if the encrypted data may be 
captured in the bridging mobile device, it is still very difficult to retrieve the original sensitive data 
without any prior knowledge of the Customer Master Key. 

Summary of Contents for ACR1255U-J1

Page 1: ...Subject to change without prior notice info acs com hk www acs com hk Reference Manual V1 01 ACR1255U J1 Bluetooth NFC Reader...

Page 2: ...ion 17 5 4 Communication Profile 19 5 5 Frame Format 19 5 5 1 Data Frame Format 19 5 6 Bluetooth Communication Protocol 20 5 6 1 Card Power On 21 5 6 2 Card Power Off 22 5 6 3 Get Slot Status 23 5 6 4...

Page 3: ...60 6 6 9 Read Automatic PICC Polling 62 6 6 10 Set PICC Operating Parameter 63 6 6 11 Read PICC Operating Parameter 64 6 6 12 Set Auto PPS 65 6 6 13 Read Auto PPS 66 6 6 14 Antenna Field Control 67 6...

Page 4: ...1 01 www acs com hk Page 4 of 73 Table 8 Summary of Mutual Authentication Commands 29 Table 9 Mutual Authentication Error codes 33 Table 10 MIFARE Classic 1K Memory Map 43 Table 11 MIFARE Classic 4K M...

Page 5: ...tware programmer from being responsible with smart card operations technical details which in many cases are not relevant to the implementation of a smart card system 1 1 Symbols and Abbreviations Abb...

Page 6: ...Built in anti collision feature only one tag is accessed at any time o NFC Support Card reader writer mode Card emulation mode o Supports AES 128 encryption algorithm Application Programming Interfac...

Page 7: ...hk Version V1 01 www acs com hk Page 7 of 73 3 0 System Block Diagram Figure 1 ACR1255U J1 Architecture ACR1255U J1 NFC Antenna MCU Bluetooth Mobile device or Computer LEDs Buzzer Bluetooth Module Swi...

Page 8: ...he protocol between ACR1255U J1 and other devices follow the CCID protocol All communications for NFC are PC SC compliant Figure 2 ACR1255U J1 USB Communication Architecture ACR1255U J1 PCSC NFC Inter...

Page 9: ...01 www acs com hk Page 9 of 73 Bluetooth Smart protocol stack architecture is as follows GAP Peripheral Role Profile SIM Access Profile GAP Peripheral Bond Manager GAP GATT SMP ATT L2CAP HCI Link Laye...

Page 10: ...years Table 2 Estimated Battery Lifespan 4 2 Bluetooth Interface ACR1255U J1 uses Bluetooth Smart as the medium to pair the device with computers and mobile devices 4 3 USB Interface The micro USB por...

Page 11: ...rd Polling ACR1255U J1 automatically polls the contactless cards that are within the field ISO 14443 4 Type A ISO 14443 Type B FeliCa Topaz MIFARE and NFC tags are supported 4 5 User Interface 4 5 1 K...

Page 12: ...of 73 Figure 4 Keys on ACR1255U J1 4 5 2 Mode Selection Switch ACR1255U J1 has three modes USB Off and Bluetooth User can select one mode at a time as a data transmission interface Symbol Switch Activ...

Page 13: ...d paired device Fast Slow flash Powered on Searching for devices to be paired with On Bluetooth device is paired with the reader Card is present Red LED2 Off Battery is fully charged Reader is powered...

Page 14: ...The voltage of the battery is greater than3 5V and no USB powered is being supplied Slow flash Low battery On Battery is charging 4 5 4 Buzzer ACR1255U J1 has a buzzer that is used to notify user of c...

Page 15: ...etooth Connection Flow The program flow of the Bluetooth connection is shown below Figure 6 Bluetooth Connection Flow Yes No Bluetooth Start Reset Power up Successful Connection No Enable Service Disc...

Page 16: ...ided into three groups sufficient battery 3 78 V low battery 3 78 V and 3 68 V and no battery 3 68 V Finally to provide more reader information to the user a customized Device Information service is a...

Page 17: ...ponse message the message data will undergo an encryption operation using its own Customer Master Key and will be converted back to the normal 32 bytes of random numbers In theory the first 16 bytes o...

Page 18: ...l generate another 16 bytes of random numbers RND_B 0 15 RND_A 0 15 will be padded to the end of RND_B 0 15 to form a sequence of 32 byte random numbers RND_C 0 31 RND_B 0 15 RND_A 0 15 All the 32 byt...

Page 19: ...n The device to be paired with will need to send a PIN to complete the authentication process By default the PIN value is 000000 5 4 Communication Profile The communication profile should be Start byt...

Page 20: ...o the paired device using the Bluetooth interface with a predefined protocol The protocol is similar to the formats of the CCID Command Pipe and Response Pipe Command Mode Supported Sender Description...

Page 21: ...ot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdM...

Page 22: ...geType 1 63h 1 Length 2 0000h Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data For...

Page 23: ...length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Descrip...

Page 24: ...mdMessageType 1 6Fh 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format...

Page 25: ...tus Command This command is used to check on the card status Offset Field Size Value Description 0 CmdMessageType 1 50h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 02h Ca...

Page 26: ...ware error status Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 51h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 01h Checksum error 02h Timeo...

Page 27: ...e command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 83h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check...

Page 28: ...ication request Request command E0 00 00 45 00 Response command E1 00 00 45 00 Data 16 bytes Where Data 16 bytes of random numbers Example Request SPH_to_RDR_ReqAuth 6B 00 05 00 00 00 CB E0 00 00 45 0...

Page 29: ...The 16 byte Session Key SK 0 15 is generated in both ACR1255U J1 and the data processing server It is obtained by padding the first 8 bytes of RND_B at the end of the first 8 bytes of RND_A i e SK 0 1...

Page 30: ...f extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status 6 wChecksum 1 wChecksum...

Page 31: ...e Value Description Encrypted 0 bMessageType 1 6Bh No 1 LEN1 LEN2 wLength 2 0025h The Number of extra bytes in the abAuthData field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB...

Page 32: ...r of extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status No 6 wCheckSum 1 No...

Page 33: ...ed Reader RDR_to_SPH_ACK Error handling This message will also include the error code whenever appropriate Offset Field Size Value Description Encrypted 0 bMessageType 1 51h Error handling response he...

Page 34: ...resource manager context between the calling application and a smart card contained by a specific reader If no card exists in the specified reader an error is returned Refer to http msdn microsoft co...

Page 35: ...om hk Version V1 01 www acs com hk Page 35 of 73 6 1 7 APDU Flow Figure 8 ACR1255U J1 APDU Flow SCardEstablishContext SCardListReaders Reader present SCardConnect Connection successful SCardTransmit S...

Page 36: ...acs com hk Version V1 01 www acs com hk Page 36 of 73 6 1 8 Escape Command Flow Figure 9 ACR1255U J1 Escape Command Flow SCardEstablishContext SCardListReaders Reader present SCardConnect SCardControl...

Page 37: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N 80h T1 Category indicator byte 80 means A status indicator may be present in an optio...

Page 38: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N XX T1 Historical Bytes ISO 14443 A The historical bytes from ATS response Refer to th...

Page 39: ...ual info acs com hk Version V1 01 www acs com hk Page 39 of 73 Example 2 ATR for EZ link 3B 88 80 01 1C 2D 94 11 F7 71 85 00 BEh Application Data of ATQB 1C 2D 94 11h Protocol Information of ATQB F7 7...

Page 40: ...Get ATS of a ISO 14443 A card ATS 2 bytes Response Data Out Result ATS SW1 SW2 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Warning 62h 82h End of UI...

Page 41: ...yte 00h Key is loaded into the reader volatile memory Other Reserved Key Number 1 byte 00h 01h Non volatile memory for storing keys The keys are permanently stored in the reader and will be retained i...

Page 42: ...total of 16 sectors and each sector consists of four consecutive blocks e g Sector 00h consists of blocks 00h 01h 02h and 03h sector 01h consists of blocks 04h 05h 06h and 07h the last sector 0Fh cons...

Page 43: ...with a TYPE A key number 00h For PC SC V2 07 APDU FF 86 00 00 05 01 00 04 60 00h Sectors Total 16 sectors Each sector consists of 4 consecutive blocks Data Blocks 3 blocks 16 bytes per block Trailer...

Page 44: ...tor 38 E0h EEh EFh Sector 39 F0h FEh FFh Byte Number 0 1 2 3 Page Serial Number SN0 SN1 SN2 BCC0 0 Serial Number SN3 SN4 SN5 SN6 1 Internal Lock BCC1 Internal Lock0 Lock1 2 OTP OPT0 OPT1 OTP2 OTP3 3 D...

Page 45: ...for MIFARE Classic 4K Multiple Blocks Mode 15 consecutive blocks Example 1 10h 16 bytes Starting block only Single Block Mode Example 2 40h 64 bytes From the starting block to starting block 3 Multip...

Page 46: ...E Classic 4K Multiple Blocks Mode 15 consecutive blocks Block Data Multiple of 16 2 bytes or 6 bytes The data to be written into the binary block blocks Example 1 10h 16 bytes The starting block only...

Page 47: ...will then be converted to a value block 01h Increment the value of the value block by the VB_Value This command is only valid for value block 02h Decrement the value of the value block by the VB_Valu...

Page 48: ...4h Where Block Number 1 byte The value block to be accessed Read Value Block Response Format 4 2 bytes Response Data Out Result Value MSB LSB SW1 SW2 Where Value 4 bytes The value returned from the ca...

Page 49: ...be in the same sector Copy Value Block Response Format 2 bytes Response Data Out Result SW1 SW2 Copy Value Block Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed succ...

Page 50: ...7816 4 Response Format Data 2 bytes Response Data Out Result Response Data SW1 SW2 Common ISO 7816 4 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Erro...

Page 51: ...cs com hk Version V1 01 www acs com hk Page 51 of 73 Example Read 8 bytes from an ISO 14443 4 Type B PICC ST19XR08E APDU 80 B2 80 00 08h Class 80h INS B2h P1 80h P2 00h Lc None Data In None Le 08h Ans...

Page 52: ...ommands are implemented by using PC_to_RDR_Escape Command Format Offset Field Size Value Description 0 bMessageType 1 6Bh 1 dwLength 4 Size of abData field of this message 5 bSlot 1 Identifies the slo...

Page 53: ...2 Lc Get Firmware Version E0h 00h 00h 18h 00h Get Firmware Version Response Format 5 bytes Firmware Message Length Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of bytes to receiv...

Page 54: ...ber Format 5 bytes Command Class INS P1 P2 Lc Get Serial Number E0h 00h 00h 47h 00h Get Serial Number Response Format N bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of byte...

Page 55: ...LED Control Format 6 bytes Command Class INS P1 P2 Lc Data In LED Control E0h 00h 00h 29h 01h LED Status LED Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h...

Page 56: ...tus LED Status Format 5 bytes Command Class INS P1 P2 Lc LED Status E0h 00h 00h 29h 00h LED Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h LED Status LE...

Page 57: ...r controlling the buzzer output Buzzer Control Format 6 bytes Command Class INS P1 P2 Lc Data In Buzzer Control E0h 00h 00h 28h 01h Buzzer On Duration Where Buzzer On Duration 1 byte 00h Turn OFF 01 t...

Page 58: ...ior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the PICC Polling Status 1 Enable 0 Disable Bit 2 PICC Activation Status LED To show the activation status of th...

Page 59: ...or Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Behaviors Behavior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the P...

Page 60: ...current in power saving mode Note The setting will be saved into non volatile memory Set Automatic PICC Polling Format 6 bytes Command Class INS P1 P2 Lc Data In Set Automatic PICC Polling E0h 00h 00h...

Page 61: ...wever the response time of PICC Polling will become longer The Idle Current Consumption in Power Saving Mode is about 60 mA while the Idle Current Consumption in Non Power Saving mode is about 130mA N...

Page 62: ...Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Polling Setting Polling Setting 1 byte Polling Setting Mode Description Bit 0 Automatic PICC Polling 1 Enable 0 Disable Bit 1 Turn off Antenna Fi...

Page 63: ...h 00h 20h 01h Operation Parameter Set the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte...

Page 64: ...E0h 00h 00h 20h 00h Read the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte Operating P...

Page 65: ...Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmission Speed Max Rx Speed 1 byte Maximum Receiving Speed Current Tx Speed 1 byte Current Transmissi...

Page 66: ...Auto PPS Response Format 9 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 04h Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmiss...

Page 67: ...Control Format 6 bytes Command Class INS P1 P2 Lc Data In Antenna Field Control E0h 00h 00h 25h 01h Status Antenna Field Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1...

Page 68: ...Status E0h 00h 00h 25h 00h Read Antenna Field Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Status Where Status 1 byte 00h PICC Power Off 01h PICC Idle...

Page 69: ...ight Set the Card Emulation Format 6 bytes Command Class INS P1 P2 Lc Data In Set the Card Emulation E0h 00h 00h 99h 06h 98h 01h CardType 1Ah 01h RegValue Where CardType 1 byte 01h MIFARE Ultralight e...

Page 70: ...0 seconds This command is used to set the time interval before entering sleep mode Set Sleep Time Interval Format 5 bytes Command Class INS P1 P2 Lc Set Sleep Time Interval E0h 00h 00h 48h Time Set Sl...

Page 71: ...18 Change Tx Power command Set Tx Power Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 49h Tx Power Set Tx Power Response Format 5 bytes Response Class INS P1 P2 Le Data Out Result...

Page 72: ...Read Tx Power Value Read Tx Power Value Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 50h 00h Read Tx Power Value Response Format 6 bytes Response Class INS P1 P2 Le Data Out Resu...

Page 73: ...s Example 2 MIFARE DESFire Frame Level Chaining ISO 7816 wrapping mode In this example the application has to do the Frame Level Chaining To get the version of the DESFIRE card Step 1 Send an APDU 90...

Reviews:

No comments

Related manuals for ACR1255U-J1

Datalogic Star Device Set Up preview
Star
Brand: Datalogic Pages: 5
Caliber RMD 212 Manual preview
RMD 212
Brand: Caliber Pages: 16
Alpine CDA-137EBT Owner'S Manual preview
CDA-137EBT
Brand: Alpine Pages: 56
Agri-Fab 45-0288 Repair Parts preview
45-0288
Brand: Agri-Fab Pages: 1
Postech MS3391-L User Manual preview
MS3391-L
Brand: Postech Pages: 41
Pepperl+Fuchs OHV210-F229-B15 Manual preview
OHV210-F229-B15
Brand: Pepperl+Fuchs Pages: 67
Exar Stretch VRC7000 Series Installer'S Manual preview
Stretch VRC7000 Series
Brand: Exar Pages: 8
XY-AUTO FD9212ah Operating Manual preview
FD9212ah
Brand: XY-AUTO Pages: 23
Kia K100T Instruction Manual preview
K100T
Brand: Kia Pages: 26
Datalogic PowerScan PM9100 Series Quick Reference Manual preview
PowerScan PM9100 Series
Brand: Datalogic Pages: 40
Aritech ATS1190 Installation Sheet preview
ATS1190
Brand: Aritech Pages: 22
Panasonic ANPD050-02 Brochure & Specs preview
ANPD050-02
Brand: Panasonic Pages: 12
Boss Snowplow WBS28080 Owner'S Manual preview
WBS28080
Brand: Boss Snowplow Pages: 7
Askey WLH3010 User Manual preview
WLH3010
Brand: Askey Pages: 58
SICK Advanced CLV650 Operating Instructions Manual preview
Advanced CLV650
Brand: SICK Pages: 124
Harman Kardon DRIVE+PLAY 2 Quick Start Manual preview
DRIVE+PLAY 2
Brand: Harman Kardon Pages: 16
JVC KW-HDR81BT Installation Manual preview
KW-HDR81BT
Brand: JVC Pages: 4
JVC KW-AVX826U Product Highlights preview
KW-AVX826U
Brand: JVC Pages: 2

Brands by name

Popular brands

Load more brands