ACR3901U-S1 – Reference Manual
Version 1.09
www.acs.com.hk
Page 36 of 96
6.1.6.5.
SPH_to_RDR_DataReq
This command is sent from the paired device to the ACR3901U-S1 after the mutual authentication
process.
In Bluetooth mode, the communication protocol from
to
encrypted and transmitted after a successful mutual authentication.
Offset
Field
Size
Value
Description
Encrypted
0
bMessageType
1
72h
-
No
1
LEN1 LEN2
(wLength)
2
-
Number of extra bytes starting
from the next field for this
message. It is expressed in
two bytes long. LEN1 is LSB
while LEN2 is MSB.
No
3
abEncryptedData
N*16
-
Each 16 bytes of data will be
encrypted with the Session
Key using AES128 CBC cipher
mode
Yes
3 + N*16
wChecksum
1
-
CSUM means the XOR values
of all bytes in the command
No
abEncryptedData is N*16 bytes long. This is the encrypted data of (Ident P
Checksum), wherein each byte will be encrypted with the Session Key which is generated after
mutual authentication using the AES128 CBC cipher mode.
The initial vector is 16bytes of 00h in AES-128 CBC cipher mode.
For original data with data length < N*16, simply pad FFh in the end and make it a 16*N byte long
before encrypting.
HID Frame
Length (bytes)
Description
Identifiers
1
Commands
The real data is
decrypted using
abEncryptedData
and remove the
dummy data
Length
2
Length {Checksum}
Payload
0-N
Data
Checksum
1
XOR {Identifiers,Length,Payload}
Example:
After a successful Mutual Authentication, paired device sends a power on command to the reader, the
command will be:
72 11 00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Where:
Command header: 72
Encrypted data of the power on command (16 bytes): XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX
The response to this message is the RDR_to_SPH_DataRsp if the command message received is
error free.
abEncryptedData
is the encrypted data of the Communication Protocol. Each 16 bytes of data is
encrypted with the Session Key using the AES-128 CBC cipher mode.