manualshive.com logo in svg

ACS ACR1255U-J1, Reference Manual

The ACS ACR1255U-J1 is a high-quality contactless NFC smart card reader that is perfect for various applications. For further information on how to use this device, refer to the Reference Manual available for free download on our website. Get your manual now at manualshive.com.

Share
Download
background image

 

ACR1255U-J1 – Reference Manual

 

[email protected] 

Version V1.01 

www.acs.com.hk 

Page 29 of 73

 

 

 

5.7.  Mutual Authentication and Encryption Protocol 

In Bluetooth mode, the communication protocol in 

Section 5.6

 will be encrypted and transmitted after 

a successful mutual authentication. 

5.7.1. 

Bluetooth Authentication Program Flow 

As illustrated in 

Section  5.3

, mutual authentication is being used to avoid man-in-the-middle attack. 

The summary of the commands used in mutual authentication is in the following table: 

Sequence  Command  Mode Supported 

Sender 

Description 

6Bh 

Connected 

Paired device 

SPH_to_RDR_ReqAuth 

83h 

Connected 

Reader 

RDR_to_SPH_AuthRsp1 

6Bh 

Connected 

Paired device 

SPH_to_RDR_AuthRsp 

83h 

Connected 

Reader 

RDR_to_SPH_AuthRsp2 

Table 8

: Summary of Mutual Authentication Commands 

 

The  16-byte Session Key, SK[0:15,]  is generated in both ACR1255U-J1 and the  data processing 
server. It is obtained by padding the first 8 bytes of RND_B at the end of the first 8 bytes of RND_A, 
i.e. 

SK[0:15] = RND_A[0:7] + RND_B[0:7] 

5.7.2. 

SPH_to_RDR_ReqAuth 

This command will request ACR1255U-J1 to perform authentication with the paired key-generating 
device.  

For more information on the authentication process, please refer to 

Section 5.3

.

 

Offset 

Field 

Size 

Value 

Description 

Encrypted 

bMessageType 

6Bh 

 

No 

LEN1 LEN2 (wLength) 

0005h 

The Number of extra 
bytes in Data field, and is 
expressed in two bytes 
long, and LEN1 is MSB 
while LEN2 is LSB; 

Slot Number 

00h 

 

Sequence 

00h 

 

Parameter 

00h 

Slot Status 

wChecksum 

CBh 

CSUM means the XOR 
values of all bytes in the 
command 

Data 

E0 00 00 45 00h   

No 

 

The response to this message is RDR_to_SPH_AuthRsp1 if the received command message is error-
free. Otherwise, the response message will be RDR_to_SPH_ACK to provide the error information. 

 

Summary of Contents for ACR1255U-J1

Page 1: ...Subject to change without prior notice info acs com hk www acs com hk Reference Manual V1 01 ACR1255U J1 Bluetooth NFC Reader...

Page 2: ...ion 17 5 4 Communication Profile 19 5 5 Frame Format 19 5 5 1 Data Frame Format 19 5 6 Bluetooth Communication Protocol 20 5 6 1 Card Power On 21 5 6 2 Card Power Off 22 5 6 3 Get Slot Status 23 5 6 4...

Page 3: ...60 6 6 9 Read Automatic PICC Polling 62 6 6 10 Set PICC Operating Parameter 63 6 6 11 Read PICC Operating Parameter 64 6 6 12 Set Auto PPS 65 6 6 13 Read Auto PPS 66 6 6 14 Antenna Field Control 67 6...

Page 4: ...1 01 www acs com hk Page 4 of 73 Table 8 Summary of Mutual Authentication Commands 29 Table 9 Mutual Authentication Error codes 33 Table 10 MIFARE Classic 1K Memory Map 43 Table 11 MIFARE Classic 4K M...

Page 5: ...tware programmer from being responsible with smart card operations technical details which in many cases are not relevant to the implementation of a smart card system 1 1 Symbols and Abbreviations Abb...

Page 6: ...Built in anti collision feature only one tag is accessed at any time o NFC Support Card reader writer mode Card emulation mode o Supports AES 128 encryption algorithm Application Programming Interfac...

Page 7: ...hk Version V1 01 www acs com hk Page 7 of 73 3 0 System Block Diagram Figure 1 ACR1255U J1 Architecture ACR1255U J1 NFC Antenna MCU Bluetooth Mobile device or Computer LEDs Buzzer Bluetooth Module Swi...

Page 8: ...he protocol between ACR1255U J1 and other devices follow the CCID protocol All communications for NFC are PC SC compliant Figure 2 ACR1255U J1 USB Communication Architecture ACR1255U J1 PCSC NFC Inter...

Page 9: ...01 www acs com hk Page 9 of 73 Bluetooth Smart protocol stack architecture is as follows GAP Peripheral Role Profile SIM Access Profile GAP Peripheral Bond Manager GAP GATT SMP ATT L2CAP HCI Link Laye...

Page 10: ...years Table 2 Estimated Battery Lifespan 4 2 Bluetooth Interface ACR1255U J1 uses Bluetooth Smart as the medium to pair the device with computers and mobile devices 4 3 USB Interface The micro USB por...

Page 11: ...rd Polling ACR1255U J1 automatically polls the contactless cards that are within the field ISO 14443 4 Type A ISO 14443 Type B FeliCa Topaz MIFARE and NFC tags are supported 4 5 User Interface 4 5 1 K...

Page 12: ...of 73 Figure 4 Keys on ACR1255U J1 4 5 2 Mode Selection Switch ACR1255U J1 has three modes USB Off and Bluetooth User can select one mode at a time as a data transmission interface Symbol Switch Activ...

Page 13: ...d paired device Fast Slow flash Powered on Searching for devices to be paired with On Bluetooth device is paired with the reader Card is present Red LED2 Off Battery is fully charged Reader is powered...

Page 14: ...The voltage of the battery is greater than3 5V and no USB powered is being supplied Slow flash Low battery On Battery is charging 4 5 4 Buzzer ACR1255U J1 has a buzzer that is used to notify user of c...

Page 15: ...etooth Connection Flow The program flow of the Bluetooth connection is shown below Figure 6 Bluetooth Connection Flow Yes No Bluetooth Start Reset Power up Successful Connection No Enable Service Disc...

Page 16: ...ided into three groups sufficient battery 3 78 V low battery 3 78 V and 3 68 V and no battery 3 68 V Finally to provide more reader information to the user a customized Device Information service is a...

Page 17: ...ponse message the message data will undergo an encryption operation using its own Customer Master Key and will be converted back to the normal 32 bytes of random numbers In theory the first 16 bytes o...

Page 18: ...l generate another 16 bytes of random numbers RND_B 0 15 RND_A 0 15 will be padded to the end of RND_B 0 15 to form a sequence of 32 byte random numbers RND_C 0 31 RND_B 0 15 RND_A 0 15 All the 32 byt...

Page 19: ...n The device to be paired with will need to send a PIN to complete the authentication process By default the PIN value is 000000 5 4 Communication Profile The communication profile should be Start byt...

Page 20: ...o the paired device using the Bluetooth interface with a predefined protocol The protocol is similar to the formats of the CCID Command Pipe and Response Pipe Command Mode Supported Sender Description...

Page 21: ...ot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdM...

Page 22: ...geType 1 63h 1 Length 2 0000h Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data For...

Page 23: ...length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Descrip...

Page 24: ...mdMessageType 1 6Fh 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format...

Page 25: ...tus Command This command is used to check on the card status Offset Field Size Value Description 0 CmdMessageType 1 50h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 02h Ca...

Page 26: ...ware error status Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 51h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 01h Checksum error 02h Timeo...

Page 27: ...e command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 83h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check...

Page 28: ...ication request Request command E0 00 00 45 00 Response command E1 00 00 45 00 Data 16 bytes Where Data 16 bytes of random numbers Example Request SPH_to_RDR_ReqAuth 6B 00 05 00 00 00 CB E0 00 00 45 0...

Page 29: ...The 16 byte Session Key SK 0 15 is generated in both ACR1255U J1 and the data processing server It is obtained by padding the first 8 bytes of RND_B at the end of the first 8 bytes of RND_A i e SK 0 1...

Page 30: ...f extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status 6 wChecksum 1 wChecksum...

Page 31: ...e Value Description Encrypted 0 bMessageType 1 6Bh No 1 LEN1 LEN2 wLength 2 0025h The Number of extra bytes in the abAuthData field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB...

Page 32: ...r of extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status No 6 wCheckSum 1 No...

Page 33: ...ed Reader RDR_to_SPH_ACK Error handling This message will also include the error code whenever appropriate Offset Field Size Value Description Encrypted 0 bMessageType 1 51h Error handling response he...

Page 34: ...resource manager context between the calling application and a smart card contained by a specific reader If no card exists in the specified reader an error is returned Refer to http msdn microsoft co...

Page 35: ...om hk Version V1 01 www acs com hk Page 35 of 73 6 1 7 APDU Flow Figure 8 ACR1255U J1 APDU Flow SCardEstablishContext SCardListReaders Reader present SCardConnect Connection successful SCardTransmit S...

Page 36: ...acs com hk Version V1 01 www acs com hk Page 36 of 73 6 1 8 Escape Command Flow Figure 9 ACR1255U J1 Escape Command Flow SCardEstablishContext SCardListReaders Reader present SCardConnect SCardControl...

Page 37: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N 80h T1 Category indicator byte 80 means A status indicator may be present in an optio...

Page 38: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N XX T1 Historical Bytes ISO 14443 A The historical bytes from ATS response Refer to th...

Page 39: ...ual info acs com hk Version V1 01 www acs com hk Page 39 of 73 Example 2 ATR for EZ link 3B 88 80 01 1C 2D 94 11 F7 71 85 00 BEh Application Data of ATQB 1C 2D 94 11h Protocol Information of ATQB F7 7...

Page 40: ...Get ATS of a ISO 14443 A card ATS 2 bytes Response Data Out Result ATS SW1 SW2 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Warning 62h 82h End of UI...

Page 41: ...yte 00h Key is loaded into the reader volatile memory Other Reserved Key Number 1 byte 00h 01h Non volatile memory for storing keys The keys are permanently stored in the reader and will be retained i...

Page 42: ...total of 16 sectors and each sector consists of four consecutive blocks e g Sector 00h consists of blocks 00h 01h 02h and 03h sector 01h consists of blocks 04h 05h 06h and 07h the last sector 0Fh cons...

Page 43: ...with a TYPE A key number 00h For PC SC V2 07 APDU FF 86 00 00 05 01 00 04 60 00h Sectors Total 16 sectors Each sector consists of 4 consecutive blocks Data Blocks 3 blocks 16 bytes per block Trailer...

Page 44: ...tor 38 E0h EEh EFh Sector 39 F0h FEh FFh Byte Number 0 1 2 3 Page Serial Number SN0 SN1 SN2 BCC0 0 Serial Number SN3 SN4 SN5 SN6 1 Internal Lock BCC1 Internal Lock0 Lock1 2 OTP OPT0 OPT1 OTP2 OTP3 3 D...

Page 45: ...for MIFARE Classic 4K Multiple Blocks Mode 15 consecutive blocks Example 1 10h 16 bytes Starting block only Single Block Mode Example 2 40h 64 bytes From the starting block to starting block 3 Multip...

Page 46: ...E Classic 4K Multiple Blocks Mode 15 consecutive blocks Block Data Multiple of 16 2 bytes or 6 bytes The data to be written into the binary block blocks Example 1 10h 16 bytes The starting block only...

Page 47: ...will then be converted to a value block 01h Increment the value of the value block by the VB_Value This command is only valid for value block 02h Decrement the value of the value block by the VB_Valu...

Page 48: ...4h Where Block Number 1 byte The value block to be accessed Read Value Block Response Format 4 2 bytes Response Data Out Result Value MSB LSB SW1 SW2 Where Value 4 bytes The value returned from the ca...

Page 49: ...be in the same sector Copy Value Block Response Format 2 bytes Response Data Out Result SW1 SW2 Copy Value Block Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed succ...

Page 50: ...7816 4 Response Format Data 2 bytes Response Data Out Result Response Data SW1 SW2 Common ISO 7816 4 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Erro...

Page 51: ...cs com hk Version V1 01 www acs com hk Page 51 of 73 Example Read 8 bytes from an ISO 14443 4 Type B PICC ST19XR08E APDU 80 B2 80 00 08h Class 80h INS B2h P1 80h P2 00h Lc None Data In None Le 08h Ans...

Page 52: ...ommands are implemented by using PC_to_RDR_Escape Command Format Offset Field Size Value Description 0 bMessageType 1 6Bh 1 dwLength 4 Size of abData field of this message 5 bSlot 1 Identifies the slo...

Page 53: ...2 Lc Get Firmware Version E0h 00h 00h 18h 00h Get Firmware Version Response Format 5 bytes Firmware Message Length Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of bytes to receiv...

Page 54: ...ber Format 5 bytes Command Class INS P1 P2 Lc Get Serial Number E0h 00h 00h 47h 00h Get Serial Number Response Format N bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of byte...

Page 55: ...LED Control Format 6 bytes Command Class INS P1 P2 Lc Data In LED Control E0h 00h 00h 29h 01h LED Status LED Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h...

Page 56: ...tus LED Status Format 5 bytes Command Class INS P1 P2 Lc LED Status E0h 00h 00h 29h 00h LED Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h LED Status LE...

Page 57: ...r controlling the buzzer output Buzzer Control Format 6 bytes Command Class INS P1 P2 Lc Data In Buzzer Control E0h 00h 00h 28h 01h Buzzer On Duration Where Buzzer On Duration 1 byte 00h Turn OFF 01 t...

Page 58: ...ior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the PICC Polling Status 1 Enable 0 Disable Bit 2 PICC Activation Status LED To show the activation status of th...

Page 59: ...or Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Behaviors Behavior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the P...

Page 60: ...current in power saving mode Note The setting will be saved into non volatile memory Set Automatic PICC Polling Format 6 bytes Command Class INS P1 P2 Lc Data In Set Automatic PICC Polling E0h 00h 00h...

Page 61: ...wever the response time of PICC Polling will become longer The Idle Current Consumption in Power Saving Mode is about 60 mA while the Idle Current Consumption in Non Power Saving mode is about 130mA N...

Page 62: ...Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Polling Setting Polling Setting 1 byte Polling Setting Mode Description Bit 0 Automatic PICC Polling 1 Enable 0 Disable Bit 1 Turn off Antenna Fi...

Page 63: ...h 00h 20h 01h Operation Parameter Set the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte...

Page 64: ...E0h 00h 00h 20h 00h Read the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte Operating P...

Page 65: ...Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmission Speed Max Rx Speed 1 byte Maximum Receiving Speed Current Tx Speed 1 byte Current Transmissi...

Page 66: ...Auto PPS Response Format 9 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 04h Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmiss...

Page 67: ...Control Format 6 bytes Command Class INS P1 P2 Lc Data In Antenna Field Control E0h 00h 00h 25h 01h Status Antenna Field Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1...

Page 68: ...Status E0h 00h 00h 25h 00h Read Antenna Field Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Status Where Status 1 byte 00h PICC Power Off 01h PICC Idle...

Page 69: ...ight Set the Card Emulation Format 6 bytes Command Class INS P1 P2 Lc Data In Set the Card Emulation E0h 00h 00h 99h 06h 98h 01h CardType 1Ah 01h RegValue Where CardType 1 byte 01h MIFARE Ultralight e...

Page 70: ...0 seconds This command is used to set the time interval before entering sleep mode Set Sleep Time Interval Format 5 bytes Command Class INS P1 P2 Lc Set Sleep Time Interval E0h 00h 00h 48h Time Set Sl...

Page 71: ...18 Change Tx Power command Set Tx Power Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 49h Tx Power Set Tx Power Response Format 5 bytes Response Class INS P1 P2 Le Data Out Result...

Page 72: ...Read Tx Power Value Read Tx Power Value Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 50h 00h Read Tx Power Value Response Format 6 bytes Response Class INS P1 P2 Le Data Out Resu...

Page 73: ...s Example 2 MIFARE DESFire Frame Level Chaining ISO 7816 wrapping mode In this example the application has to do the Frame Level Chaining To get the version of the DESFIRE card Step 1 Send an APDU 90...

Reviews:

No comments

Related manuals for ACR1255U-J1

Panasonic CQC1101U - AUTO RADIO/CD DECK Manual De Instrucciones preview
CQC1101U - AUTO RADIO/CD DECK
Brand: Panasonic Pages: 2
Panasonic CQ-VW100W Installation Instructions Manual preview
CQ-VW100W
Brand: Panasonic Pages: 18
H&S 2117 Operator'S Manual preview
2117
Brand: H&S Pages: 32
Franklin WP5600 User Manual preview
WP5600
Brand: Franklin Pages: 51
Boss Audio Systems BV7332B User Manual preview
BV7332B
Brand: Boss Audio Systems Pages: 21
Prestigio PER3052 User Manual preview
PER3052
Brand: Prestigio Pages: 6
Aurora Design AAC/MP3 User'S Operation Manual preview
AAC/MP3
Brand: Aurora Design Pages: 6
Gearmore PDC400 Operation, Service & Parts Manual preview
PDC400
Brand: Gearmore Pages: 36
Datavideo CAP-2 Instruction Manual preview
CAP-2
Brand: Datavideo Pages: 36
Farenheit TID-90PKG Owner'S Manual preview
TID-90PKG
Brand: Farenheit Pages: 53
Advantech PCIE-1805 User Manual preview
PCIE-1805
Brand: Advantech Pages: 42
Conrad 1426915 Operating Instructions Manual preview
1426915
Brand: Conrad Pages: 12
Dual iplug XDM6820 Installation & Owner'S Manual preview
iplug XDM6820
Brand: Dual Pages: 20
Radio Shack TRS-80 CR-510 Operation Manual preview
TRS-80 CR-510
Brand: Radio Shack Pages: 64
Boss Audio Systems CDC-3000A Owner'S Manual preview
CDC-3000A
Brand: Boss Audio Systems Pages: 7
Hama 00124153 MoveData Operating Instructions Manual preview
00124153 MoveData
Brand: Hama Pages: 54
IEI Technology PICOe-PV-D510 User Manual preview
PICOe-PV-D510
Brand: IEI Technology Pages: 141
Gigabyte GC-WB1733D-I Installation Manual preview
GC-WB1733D-I
Brand: Gigabyte Pages: 14

Brands by name

Popular brands

Load more brands