manualshive.com logo in svg

ACS ACR1255U-J1, Reference Manual

The ACS ACR1255U-J1 is a high-quality contactless NFC smart card reader that is perfect for various applications. For further information on how to use this device, refer to the Reference Manual available for free download on our website. Get your manual now at manualshive.com.

Share
Download
background image

 

ACR1255U-J1 – Reference Manual

 

[email protected] 

Version V1.01 

www.acs.com.hk 

Page 31 of 73

 

 

 

5.7.4. 

SPH_to_RDR_AuthRsp 

This command is the second phase of the authentication process. After the device has initiated the 
SPH_to_RDR_ReqAuth command to the ACR1255U-J1, the reader will then provide an 
RDR_to_SPH_AuthRsp1 message if there’s no error. 

The RDR_to_SPH_AuthRsp1 will contain a sequence of 16-byte random  numbers encrypted using 
the Customer Master Key. The paired key-generating device should decrypt it using the correct 
Customer Master Key and pads it to the end of the 16-byte of random numbers. The overall 32-byte 
random numbers will be decrypted using the Customer Master Key and returned  to ACR1255U-J1 
using this command in order to have a successful authentication.  

Offset 

Field 

Size 

Value 

Description 

Encrypted 

bMessageType 

6Bh 

No 

LEN1 LEN2 

(wLength) 

0025h 

The Number of extra 
bytes in the abAuthData 
field, and is expressed in 
two bytes long, and 
LEN1 is MSB while 
LEN2 is LSB; 

No 

Slot Number 

00h 

No 

Sequence 

00h 

No 

Parameter 

00h 

Slot Status 

No 

wCheckSum 

 

wCheckSum means the 
XOR values of all bytes 
in the command  

No 

abAuthData 

37 

E0 00 00 46 

00 + 32 bytes 

random 
number 

abAuthData[0:15] – 16 
bytes of random number 
generated by the data 
processing server 

abAuthData[16:31] – 16 
bytes of decrypted 
random number 
received from 
ACR1255U-J1 

All the 32 bytes of data 
underwent a decryption 
process with the 
Customer Master Key 
using AES128 CBC 
cipher mode. 

“E0 00 00 46 00” does 
not need to be 
decrypted. 

Yes 

 

The response to this message is RDR_to_SPH_AuthRsp2 if the command message received is error-
free and the random number generated returned by paired device is correct. Otherwise, the response 
message will be RDR_to_SPH_ACK to provide the error information. 

Summary of Contents for ACR1255U-J1

Page 1: ...Subject to change without prior notice info acs com hk www acs com hk Reference Manual V1 01 ACR1255U J1 Bluetooth NFC Reader...

Page 2: ...ion 17 5 4 Communication Profile 19 5 5 Frame Format 19 5 5 1 Data Frame Format 19 5 6 Bluetooth Communication Protocol 20 5 6 1 Card Power On 21 5 6 2 Card Power Off 22 5 6 3 Get Slot Status 23 5 6 4...

Page 3: ...60 6 6 9 Read Automatic PICC Polling 62 6 6 10 Set PICC Operating Parameter 63 6 6 11 Read PICC Operating Parameter 64 6 6 12 Set Auto PPS 65 6 6 13 Read Auto PPS 66 6 6 14 Antenna Field Control 67 6...

Page 4: ...1 01 www acs com hk Page 4 of 73 Table 8 Summary of Mutual Authentication Commands 29 Table 9 Mutual Authentication Error codes 33 Table 10 MIFARE Classic 1K Memory Map 43 Table 11 MIFARE Classic 4K M...

Page 5: ...tware programmer from being responsible with smart card operations technical details which in many cases are not relevant to the implementation of a smart card system 1 1 Symbols and Abbreviations Abb...

Page 6: ...Built in anti collision feature only one tag is accessed at any time o NFC Support Card reader writer mode Card emulation mode o Supports AES 128 encryption algorithm Application Programming Interfac...

Page 7: ...hk Version V1 01 www acs com hk Page 7 of 73 3 0 System Block Diagram Figure 1 ACR1255U J1 Architecture ACR1255U J1 NFC Antenna MCU Bluetooth Mobile device or Computer LEDs Buzzer Bluetooth Module Swi...

Page 8: ...he protocol between ACR1255U J1 and other devices follow the CCID protocol All communications for NFC are PC SC compliant Figure 2 ACR1255U J1 USB Communication Architecture ACR1255U J1 PCSC NFC Inter...

Page 9: ...01 www acs com hk Page 9 of 73 Bluetooth Smart protocol stack architecture is as follows GAP Peripheral Role Profile SIM Access Profile GAP Peripheral Bond Manager GAP GATT SMP ATT L2CAP HCI Link Laye...

Page 10: ...years Table 2 Estimated Battery Lifespan 4 2 Bluetooth Interface ACR1255U J1 uses Bluetooth Smart as the medium to pair the device with computers and mobile devices 4 3 USB Interface The micro USB por...

Page 11: ...rd Polling ACR1255U J1 automatically polls the contactless cards that are within the field ISO 14443 4 Type A ISO 14443 Type B FeliCa Topaz MIFARE and NFC tags are supported 4 5 User Interface 4 5 1 K...

Page 12: ...of 73 Figure 4 Keys on ACR1255U J1 4 5 2 Mode Selection Switch ACR1255U J1 has three modes USB Off and Bluetooth User can select one mode at a time as a data transmission interface Symbol Switch Activ...

Page 13: ...d paired device Fast Slow flash Powered on Searching for devices to be paired with On Bluetooth device is paired with the reader Card is present Red LED2 Off Battery is fully charged Reader is powered...

Page 14: ...The voltage of the battery is greater than3 5V and no USB powered is being supplied Slow flash Low battery On Battery is charging 4 5 4 Buzzer ACR1255U J1 has a buzzer that is used to notify user of c...

Page 15: ...etooth Connection Flow The program flow of the Bluetooth connection is shown below Figure 6 Bluetooth Connection Flow Yes No Bluetooth Start Reset Power up Successful Connection No Enable Service Disc...

Page 16: ...ided into three groups sufficient battery 3 78 V low battery 3 78 V and 3 68 V and no battery 3 68 V Finally to provide more reader information to the user a customized Device Information service is a...

Page 17: ...ponse message the message data will undergo an encryption operation using its own Customer Master Key and will be converted back to the normal 32 bytes of random numbers In theory the first 16 bytes o...

Page 18: ...l generate another 16 bytes of random numbers RND_B 0 15 RND_A 0 15 will be padded to the end of RND_B 0 15 to form a sequence of 32 byte random numbers RND_C 0 31 RND_B 0 15 RND_A 0 15 All the 32 byt...

Page 19: ...n The device to be paired with will need to send a PIN to complete the authentication process By default the PIN value is 000000 5 4 Communication Profile The communication profile should be Start byt...

Page 20: ...o the paired device using the Bluetooth interface with a predefined protocol The protocol is similar to the formats of the CCID Command Pipe and Response Pipe Command Mode Supported Sender Description...

Page 21: ...ot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdM...

Page 22: ...geType 1 63h 1 Length 2 0000h Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data For...

Page 23: ...length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 00h Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format Offset Field Size Value Descrip...

Page 24: ...mdMessageType 1 6Fh 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check means the XOR values of all bytes in the command 7 Data N Data Response Data Format...

Page 25: ...tus Command This command is used to check on the card status Offset Field Size Value Description 0 CmdMessageType 1 50h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 02h Ca...

Page 26: ...ware error status Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 51h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 Status 01h Checksum error 02h Timeo...

Page 27: ...e command 7 Data N Data Response Data Format Offset Field Size Value Description 0 CmdMessageType 1 83h 1 Length 2 Data length 3 Slot 1 00h 4 Seq 1 00h Sequence 5 Param 1 00h Parameter 6 Check 1 Check...

Page 28: ...ication request Request command E0 00 00 45 00 Response command E1 00 00 45 00 Data 16 bytes Where Data 16 bytes of random numbers Example Request SPH_to_RDR_ReqAuth 6B 00 05 00 00 00 CB E0 00 00 45 0...

Page 29: ...The 16 byte Session Key SK 0 15 is generated in both ACR1255U J1 and the data processing server It is obtained by padding the first 8 bytes of RND_B at the end of the first 8 bytes of RND_A i e SK 0 1...

Page 30: ...f extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status 6 wChecksum 1 wChecksum...

Page 31: ...e Value Description Encrypted 0 bMessageType 1 6Bh No 1 LEN1 LEN2 wLength 2 0025h The Number of extra bytes in the abAuthData field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB...

Page 32: ...r of extra bytes in abRndNum field and is expressed in two bytes long and LEN1 is MSB while LEN2 is LSB No 3 Slot Number 1 00h No 4 Sequence 1 00h No 5 Parameter 1 00h Slot Status No 6 wCheckSum 1 No...

Page 33: ...ed Reader RDR_to_SPH_ACK Error handling This message will also include the error code whenever appropriate Offset Field Size Value Description Encrypted 0 bMessageType 1 51h Error handling response he...

Page 34: ...resource manager context between the calling application and a smart card contained by a specific reader If no card exists in the specified reader an error is returned Refer to http msdn microsoft co...

Page 35: ...om hk Version V1 01 www acs com hk Page 35 of 73 6 1 7 APDU Flow Figure 8 ACR1255U J1 APDU Flow SCardEstablishContext SCardListReaders Reader present SCardConnect Connection successful SCardTransmit S...

Page 36: ...acs com hk Version V1 01 www acs com hk Page 36 of 73 6 1 8 Escape Command Flow Figure 9 ACR1255U J1 Escape Command Flow SCardEstablishContext SCardListReaders Reader present SCardConnect SCardControl...

Page 37: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N 80h T1 Category indicator byte 80 means A status indicator may be present in an optio...

Page 38: ...nibble 0 means T 0 3 01h TD2 Higher nibble 0 means no TA3 TB3 TC3 TD3 following Lower nibble 1 means T 1 4 to 3 N XX T1 Historical Bytes ISO 14443 A The historical bytes from ATS response Refer to th...

Page 39: ...ual info acs com hk Version V1 01 www acs com hk Page 39 of 73 Example 2 ATR for EZ link 3B 88 80 01 1C 2D 94 11 F7 71 85 00 BEh Application Data of ATQB 1C 2D 94 11h Protocol Information of ATQB F7 7...

Page 40: ...Get ATS of a ISO 14443 A card ATS 2 bytes Response Data Out Result ATS SW1 SW2 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Warning 62h 82h End of UI...

Page 41: ...yte 00h Key is loaded into the reader volatile memory Other Reserved Key Number 1 byte 00h 01h Non volatile memory for storing keys The keys are permanently stored in the reader and will be retained i...

Page 42: ...total of 16 sectors and each sector consists of four consecutive blocks e g Sector 00h consists of blocks 00h 01h 02h and 03h sector 01h consists of blocks 04h 05h 06h and 07h the last sector 0Fh cons...

Page 43: ...with a TYPE A key number 00h For PC SC V2 07 APDU FF 86 00 00 05 01 00 04 60 00h Sectors Total 16 sectors Each sector consists of 4 consecutive blocks Data Blocks 3 blocks 16 bytes per block Trailer...

Page 44: ...tor 38 E0h EEh EFh Sector 39 F0h FEh FFh Byte Number 0 1 2 3 Page Serial Number SN0 SN1 SN2 BCC0 0 Serial Number SN3 SN4 SN5 SN6 1 Internal Lock BCC1 Internal Lock0 Lock1 2 OTP OPT0 OPT1 OTP2 OTP3 3 D...

Page 45: ...for MIFARE Classic 4K Multiple Blocks Mode 15 consecutive blocks Example 1 10h 16 bytes Starting block only Single Block Mode Example 2 40h 64 bytes From the starting block to starting block 3 Multip...

Page 46: ...E Classic 4K Multiple Blocks Mode 15 consecutive blocks Block Data Multiple of 16 2 bytes or 6 bytes The data to be written into the binary block blocks Example 1 10h 16 bytes The starting block only...

Page 47: ...will then be converted to a value block 01h Increment the value of the value block by the VB_Value This command is only valid for value block 02h Decrement the value of the value block by the VB_Valu...

Page 48: ...4h Where Block Number 1 byte The value block to be accessed Read Value Block Response Format 4 2 bytes Response Data Out Result Value MSB LSB SW1 SW2 Where Value 4 bytes The value returned from the ca...

Page 49: ...be in the same sector Copy Value Block Response Format 2 bytes Response Data Out Result SW1 SW2 Copy Value Block Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed succ...

Page 50: ...7816 4 Response Format Data 2 bytes Response Data Out Result Response Data SW1 SW2 Common ISO 7816 4 Response Codes Results SW1 SW2 Meaning Success 90h 00h The operation is completed successfully Erro...

Page 51: ...cs com hk Version V1 01 www acs com hk Page 51 of 73 Example Read 8 bytes from an ISO 14443 4 Type B PICC ST19XR08E APDU 80 B2 80 00 08h Class 80h INS B2h P1 80h P2 00h Lc None Data In None Le 08h Ans...

Page 52: ...ommands are implemented by using PC_to_RDR_Escape Command Format Offset Field Size Value Description 0 bMessageType 1 6Bh 1 dwLength 4 Size of abData field of this message 5 bSlot 1 Identifies the slo...

Page 53: ...2 Lc Get Firmware Version E0h 00h 00h 18h 00h Get Firmware Version Response Format 5 bytes Firmware Message Length Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of bytes to receiv...

Page 54: ...ber Format 5 bytes Command Class INS P1 P2 Lc Get Serial Number E0h 00h 00h 47h 00h Get Serial Number Response Format N bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h Number of byte...

Page 55: ...LED Control Format 6 bytes Command Class INS P1 P2 Lc Data In LED Control E0h 00h 00h 29h 01h LED Status LED Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h...

Page 56: ...tus LED Status Format 5 bytes Command Class INS P1 P2 Lc LED Status E0h 00h 00h 29h 00h LED Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h LED Status LE...

Page 57: ...r controlling the buzzer output Buzzer Control Format 6 bytes Command Class INS P1 P2 Lc Data In Buzzer Control E0h 00h 00h 28h 01h Buzzer On Duration Where Buzzer On Duration 1 byte 00h Turn OFF 01 t...

Page 58: ...ior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the PICC Polling Status 1 Enable 0 Disable Bit 2 PICC Activation Status LED To show the activation status of th...

Page 59: ...or Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Behaviors Behavior 1 byte Behavior Mode Description Bit 0 RFU RFU Bit 1 PICC Polling Status LED To show the P...

Page 60: ...current in power saving mode Note The setting will be saved into non volatile memory Set Automatic PICC Polling Format 6 bytes Command Class INS P1 P2 Lc Data In Set Automatic PICC Polling E0h 00h 00h...

Page 61: ...wever the response time of PICC Polling will become longer The Idle Current Consumption in Power Saving Mode is about 60 mA while the Idle Current Consumption in Non Power Saving mode is about 130mA N...

Page 62: ...Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Polling Setting Polling Setting 1 byte Polling Setting Mode Description Bit 0 Automatic PICC Polling 1 Enable 0 Disable Bit 1 Turn off Antenna Fi...

Page 63: ...h 00h 20h 01h Operation Parameter Set the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte...

Page 64: ...E0h 00h 00h 20h 00h Read the PICC Operating Parameter Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Operation Parameter Operating Parameter 1 byte Operating P...

Page 65: ...Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmission Speed Max Rx Speed 1 byte Maximum Receiving Speed Current Tx Speed 1 byte Current Transmissi...

Page 66: ...Auto PPS Response Format 9 bytes Response Class INS P1 P2 Le Data Out Result E1 00h 00h 00h 04h Max Tx Speed Current Tx Speed Max Rx Speed Current Rx Speed Where Max Tx Speed 1 byte Maximum Transmiss...

Page 67: ...Control Format 6 bytes Command Class INS P1 P2 Lc Data In Antenna Field Control E0h 00h 00h 25h 01h Status Antenna Field Control Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1...

Page 68: ...Status E0h 00h 00h 25h 00h Read Antenna Field Status Response Format 6 bytes Response Class INS P1 P2 Le Data Out Result E1h 00h 00h 00h 01h Status Where Status 1 byte 00h PICC Power Off 01h PICC Idle...

Page 69: ...ight Set the Card Emulation Format 6 bytes Command Class INS P1 P2 Lc Data In Set the Card Emulation E0h 00h 00h 99h 06h 98h 01h CardType 1Ah 01h RegValue Where CardType 1 byte 01h MIFARE Ultralight e...

Page 70: ...0 seconds This command is used to set the time interval before entering sleep mode Set Sleep Time Interval Format 5 bytes Command Class INS P1 P2 Lc Set Sleep Time Interval E0h 00h 00h 48h Time Set Sl...

Page 71: ...18 Change Tx Power command Set Tx Power Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 49h Tx Power Set Tx Power Response Format 5 bytes Response Class INS P1 P2 Le Data Out Result...

Page 72: ...Read Tx Power Value Read Tx Power Value Format 5 bytes Command Class INS P1 P2 Lc Set Tx power E0h 00h 00h 50h 00h Read Tx Power Value Response Format 6 bytes Response Class INS P1 P2 Le Data Out Resu...

Page 73: ...s Example 2 MIFARE DESFire Frame Level Chaining ISO 7816 wrapping mode In this example the application has to do the Frame Level Chaining To get the version of the DESFIRE card Step 1 Send an APDU 90...

Reviews:

No comments

Related manuals for ACR1255U-J1

EarthWay 2170 Operating Instructions Manual preview
2170
Brand: EarthWay Pages: 8
DAQ system PCI-DIO02 User Manual preview
PCI-DIO02
Brand: DAQ system Pages: 33
SaMASZ SAHARA 100 Operator'S Manual preview
SAHARA 100
Brand: SaMASZ Pages: 19
Sunrich Tech C-430 User Manual preview
C-430
Brand: Sunrich Tech Pages: 4
Force America SSC3100 Operation And Calibration Manual preview
SSC3100
Brand: Force America Pages: 24
impro XTT909-1-0-GB-XX Installation Manual preview
XTT909-1-0-GB-XX
Brand: impro Pages: 8
ICP DAS USA VXC-1x8U Series User Manual preview
VXC-1x8U Series
Brand: ICP DAS USA Pages: 40
ICP DAS USA PEX-D24 User Manual preview
PEX-D24
Brand: ICP DAS USA Pages: 42
ICP DAS USA PISO-1730U User Manual preview
PISO-1730U
Brand: ICP DAS USA Pages: 38
ICP DAS USA PIO-D96 User Manual preview
PIO-D96
Brand: ICP DAS USA Pages: 55
ICP DAS USA PCI-1002L User Manual preview
PCI-1002L
Brand: ICP DAS USA Pages: 70
ICP DAS USA PCI-1202 Series Hardware User Manual preview
PCI-1202 Series
Brand: ICP DAS USA Pages: 103
ICP DAS USA PISO-CPM100U-D User Manual preview
PISO-CPM100U-D
Brand: ICP DAS USA Pages: 129
ICP DAS USA PCI-1202L User Manual preview
PCI-1202L
Brand: ICP DAS USA Pages: 123
H&S 310 Operator'S Manual preview
310
Brand: H&S Pages: 32
Baracoda D-Fly User Manual preview
D-Fly
Brand: Baracoda Pages: 18
Atid AT388 User Manual preview
AT388
Brand: Atid Pages: 49
Sony CA350X - Xplod Radio / Cassette Player Operating Instructions Manual preview
CA350X - Xplod Radio / Cassette Player
Brand: Sony Pages: 36

Brands by name

Popular brands

Load more brands