Identiv uTrust 3720F Reference Manual Download Page 26

Page: 26 / 87

Document Version 1.00

Last revised on

Page 26 of 87

2020-04-10

Reference Manual for uTrust 3720F and uTrust 3721F Readers

5.3.3.2.

ATR for ISO/IEC 14443-4 user tokens

The credential exposes its ATS or application information which is mapped to an ATR. The table

describes how this mapping is done.

Byte#

Value

Designation

Description

0x3B

Initial header

0x8n

n indicates the number of historical bytes in following ATR

0x80

TD1

upper nibble 8 indicates no TA2, TB2, TC2
lower nibble 0 means T=0

0x01

TD2

upper nibble 0 indicates no TA3, TB3, TC3
lower nibble 1 means T=1

4...3+n

Historical

bytes

application
information

Type A: the historical bytes from the ATS (up to 15 bytes) Type
B (8 bytes):

●

Byte 0 through 3: application data from ATQB,

●

Byte 4 through 6: protocol info byte from ATQB,

●

Byte 7: highest nibble is the MBLI (maximum buffer
length index) from ATTRIB, lowest nibble is 0x0

4+n

TCK

XOR of all previous bytes

Example of the ATR built for an ISO14443-4 credential:

Type A

Type B

Summary of Contents for uTrust 3720F

Page 1: ...Reference Manual for uTrust 3720F Contactless Reader and uTrust 3721F Contactless Reader w Keyboard Interface For Part 905592 and 905593 Document Version 1 00 Last Revised On 2020 04 10...

Page 2: ...about the hardware and software features of the uTrust 3720 F Contactless Reader and uTrust 3721 F Contactless Reader with keyboard interface Audience This document is intended for system integrators...

Page 3: ...F key features 13 3 3 uTrust 372x F ordering information 14 3 4 Available accessories 14 3 5 uTrust 372x F customization options 14 3 6 Contactless communication principles and uTrust 372x F usage re...

Page 4: ...PDU_MIFARE_AUTHENTICATE 35 6 2 5 PAPDU_MIFARE_READ_SECTOR 36 6 2 6 PAPDU_MIFARE_READ_SECTOR_EX 37 6 2 7 PAPDU_MIFARE_WRITE_SECTOR 37 6 2 8 PAPDU_MIFARE_VALUE_BLK_OLD 38 6 2 9 PAPDU_MIFARE_VALUE_BLK_NE...

Page 5: ...Specific for Keyboard Interface 64 6 3 5 1 READER_CONTROL_KEYBOARD_SLOT 64 6 3 6 my d Move Specific Commands 65 6 3 6 1 Access 65 6 3 6 2 Set Password 65 6 3 6 3 Compatibility Write 65 6 3 6 4 Write...

Page 6: ...Trust 3720F and uTrust 3721F Readers 6 4 2 5 Load MIFARE ULC Authentication Keys into Reader 81 7 Annexes 82 7 1 Annex A Status words table 82 7 2 Annex B Sample code using escape commands 83 7 3 Anne...

Page 7: ...following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This equipm...

Page 8: ...MAY NOT combine or distribute the source code provided with Open Source Software or with software developed using Open Source Software in a manner that subjects the source code or any portion thereof...

Page 9: ...n detail interfaces and supported commands available for developers using uTrust 372x F in their applications 2 2 Target audience This document describes the technical implementation of uTrust 372x F...

Page 10: ...Hz MIFARE The ISO14443 Type A with extensions for security NXP NA Not applicable NAD Node Address Nibble Group of 4 bits 1 digit of the hexadecimal representation of a byte Example 0xA3 is represented...

Page 11: ...4 Transmission protocol ISO IEC 14443 4 2001 E ISO IEC ISO IEC 15693 3 Identification cards Contactless integrated circuit s cards Vicinity cards Part 3 Anticollision and transmission protocol ISO IE...

Page 12: ...oup CCID Specification for Integrated Circuit s Cards Interface Devices 1 1 USB IF USB Universal Serial Bus Specification 2 0 USB IF 2 6 Conventions for Bits and Bytes Bits are represented by lower ca...

Page 13: ...igned to offer best in class interoperability 3 2 uTrust 372x F key features 13 56MHz contactless reader o ISO14443 Type A B o ISO15693 NFC Forum Tag Type 5 o MIFARETM o FELICATM o Topaz NFC Forum Tag...

Page 14: ...ompatible reader with keyboard interface that supports HF only uTrust 3721 F LF 905593 2 PC SC compatible reader with keyboard interface that supports LF only 3 4 Available accessories The reader has...

Page 15: ...n current appears in the antenna thus providing power to the integrated circuit The generated current is proportional to the magnetic flux going through the antenna of the user credential 3 6 2 Data e...

Page 16: ...r and the credential is sensitive to the geometry of the system reader credential Parameters like the geometry and especially the relative size of the reader s and credential s antennas directly influ...

Page 17: ...velopers on the host uTrust 3721 F handles the communication protocol related to the token or card and has some capabilities to handle some application logic like authentication reading a specific blo...

Page 18: ...ds this peripheral is not present in LF only variants LF analog circuitry to handle communication with LF cards this peripheral is not present in HF only variants The controller embeds flash memory th...

Page 19: ...stems Windows macOS X and Linux With current Windows versions starting with Windows Vista and macOS this driver is already included in the basic installation With the diverse Linux derivatives there m...

Page 20: ...ter long with USB type A plug Default color White and grey Drawing with dimensions of the uTrust 372x F can be found in annex 4 2 2 LED behavior uTrust 372x F is equipped with one bicolor LED Its defa...

Page 21: ...ting humidity range Up to 95 RH non condensing Certifications and compliances USB CE FCC WHQL WEEE RoHS3 REACH 4 2 3 2 USB Parameter Value Description DC characteristics High bus powered uTrust 372x F...

Page 22: ...ite NFC forum tag type 1 2 3 4 5 iClass UID support my d move SLE 66RxxP my d move NFC SLE 66RxxPN SLE 66RxxS SLE 55RxxE NFC enabled Smart Phones and Tablets3 ISO 14443A and B compliant Yes ISO 15693...

Page 23: ...this reader as well which is available through Windows Update or on the Identiv support pages 5 2 Utilities The following utilities are available PCSC Diagnostics This is a simple tool to check that t...

Page 24: ...o identify the storage card properly it s Standard and Card name describing bytes must be interpreted according to the Part 3 Supplemental Document maintained by PC SC Credentials using technology lik...

Page 25: ...t Version 1 00 Last revised on Page 25 of 87 2020 04 10 Reference Manual for uTrust 3720F and uTrust 3721F Readers Example of the ATR built for contactless storage tokens MIFARE Classic 4K MIFARE Ultr...

Page 26: ...torical bytes in following ATR 2 0x80 TD1 upper nibble 8 indicates no TA2 TB2 TC2 lower nibble 0 means T 0 3 0x01 TD2 upper nibble 0 indicates no TA3 TB3 TC3 lower nibble 1 means T 1 4 3 n Historical...

Page 27: ...1 0x8n T0 n indicates the number of historical bytes in following ATR 2 0x80 TD1 upper nibble 8 indicates no TA2 TB2 TC2 lower nibble 0 means T 0 3 0x01 TD2 upper nibble 0 indicates no TA3 TB3 TC3 low...

Page 28: ...T0 n indicates the number of historical bytes in following ATR 2 0x80 TD1 upper nibble 8 indicates no TA2 TB2 TC2 lower nibble 0 means T 0 3 0x01 TD2 upper nibble 0 indicates no TA3 TB3 TC3 lower nib...

Page 29: ...CCID messages are supported for the contact interface when received through bulk out endpoint PC_to_RDR_IccPowerOn PC_to_RDR_IccPowerOff PC_to_RDR_GetSlotStatus PC_to_RDR_XfrBlock PC_to_RDR_GetParame...

Page 30: ...is error code is returned if the initial character of the ATR contains invalid data 5 4 1 3 5 BAD_ATR_TCK This error code is returned if the check character of the ATR contains is invalid 5 4 1 3 6 IC...

Page 31: ...Word Requested bytes of UID SW1 SW2 Setting P1 0x00 and Le 0x00 can be used to request the full UID or PUPI is sent back For ISO14443A single 4 bytes or double 7 bytes or triple 10 bytes shall be ret...

Page 32: ...Data Status Word Reader Response SW1 SW2 Example 1 To issue the READER_GETIFDTYPE 0x12 escape command this pseudo APDU would be used Command APDU FF CC 00 00 01 12 Response 12 56 90 00 if reader is u...

Page 33: ...ad Binary 0xFF 0xB0 Addr MSB Addr LSB xx P1 and P2 represent the block number of the block to be read starting with 0 for sector 0 block 0 continuing with 4 for sector 1 block 0 sector no x 4 block no...

Page 34: ...pdate Binary 0xFF 0xD6 Addr MSB Addr LSB xx data For a description of P1 and P2 see PAPDU_MIFARE_READ_BINARY Lc has got to match the block size of the used card 16 bytes for Mifare Classic 4 bytes for...

Page 35: ...FFFFFFF is FF82006006 FFFFFFFFFFFF 6 2 4 PAPDU_MIFARE_AUTHENTICATE This command is used to authenticate using the key number Refer to section 3 2 2 1 6 of PCSC3 for further details Command APDU Comman...

Page 36: ...cluding the Key block or the entire content of Mifare UL UL C cards Command APDU Command CLA INS P1 P2 P3 Data Read Sector FF B1 Addr MSB Addr LSB 0 Response APDU Data Status Word Mifare classic 48 by...

Page 37: ...12 9000 OK DataOut 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F AA 55 AA 55 AA 55 AA 55 AA 55 AA 55 AA 55 AA 55 00 00 00 00 00 00 FF 07 80 69 FF FF F...

Page 38: ...e Value Description B0 0xC0 Decrement 0xC1 Increment B1 Block number B2 B5 Value LSB first Response APDU Data Status Word SW1 SW2 Example decrement block 4 by 1 key loading and authentication not show...

Page 39: ...re that defines which action should be performed which block the actions pertain to the destination s and which value should be applied for the action Tags for the action include 0xA0 Increment 0xA1 D...

Page 40: ...A 81 Data object XX not supported XX 67 00 Data object XX with unexpected length XX 6A 80 Data object XX with unexpected vale XX 64 00 Data Object XX execution error no response from IFD XX 64 01 Data...

Page 41: ..._PART4_PART3_SWITCH TCL Mifare Switch This command switches the card state between TCL and MIFARE modes Command APDU Command CLA INS P1 P2 P3 Data Part 4 Part 3 Switch FF F8 P1 00 00 P1 0x00 switches...

Page 42: ...00 2 P1 Service Code List Area Code List Response APDU Data Status Word 8 bytes IDm No of Service or areas n Service version or area version list 2 n SW1 SW2 6 2 15 PAPDU_FELICA_REQ_RESPONSE This comm...

Page 43: ...f service P2 specifies the number of blocks When an NFC Forum tag type 3 receives this command it writes the records of the specified service Command APDU Command CLA INS P1 P2 P3 Data FeliCa Write Bl...

Page 44: ...3 bytes of the tag s UID Topaz tags have a 7 bytes long UID which can be fully fetched using the GET_UID APDU described earlier in this manual 6 2 20 PAPDU_NFC_TYPE1_TAG_RALL This command issues a RAL...

Page 45: ...WRITE ERASE FF 56 00 Byte Addr 01 Data Where P2 codes the address of the memory byte in the following way Bit numbers Description b7 b3 Block value between 0x0 and 0xE b2 b0 Byte within the block valu...

Page 46: ...dynamic memory model Please note that this command works only on specific Topaz tags in the dynamic memory model Command APDU Command CLA INS P1 P2 P3 Data TYPE1 Tag READ SEGMENT FF 5A 00 SegAddr 00...

Page 47: ...ess is Bit numbers Description b7 b0 General block 0x00 0xFF Response APDU Data Status Word 8 bytes of data that have been written SW1 SW2 6 2 27 PAPDU_NFC_TYPE1_TAG_WRITE_NE8 This command issues a WR...

Page 48: ...ed EscapeCommandEnable in the registry to a value of 1 When using the Identiv supplied driver this will not be necessary For Windows XP and Windows Vista the key to hold the value for uTrust 3720 F wo...

Page 49: ...e same Escape command again The following Escape commands are supported by uTrust 372x F 6 3 3 Generic Commands Common to uTrust Contactless Interfaces ESCAPE COMMAND ESCAPE CODE READER_GETIFDTYPE 0x1...

Page 50: ...uld be disabled using the escape command READER_LED_CONTROL_BY_FW to see proper LED change when using this IOCTL Input The first byte of the input buffer contains the escape code followed by LED numbe...

Page 51: ...tioned below Field Size in Bytes Field Name Field Description Value Default 1 byMajorVersion Major Version in BCD Based on current firmware version 1 byMinorVersion Minor Version in BCD 1 bySupportedM...

Page 52: ...NULL or current state 6 3 3 5 READER_GENERIC_ESCAPE This Escape command is used to invoke newly defined escape functions and send proprietary commands to the reader It is defined in line with vendor...

Page 53: ...L_POLLING 0xAC CNTLESS_FORCE_BAUDRATE 0xAD CNTLESS_GET_CARD_DETAILS 0xDA CNTLESS_IS_COLLISION_DETECTED 0xE4 CNTLESS_FELICA_PASS_THRU 0xF3 6 3 4 1 CNTLESS_GET_CARD_INFO This Escape command is used to g...

Page 54: ...rate in both directions 0 indicates different baud rates in both directions Example If 0xNN 0x77 the card supports all baud rates namely 106 212 424 and 848 kbps in both directions If 0xNN 0xB3 the ca...

Page 55: ...er shall point to a WORD buffer in case the extension specifier is given and will contain the type value coded as bitmask as Cards Type Bit Mask Lo Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0...

Page 56: ...A 1 Type B 1 B prime 1 B prime Sof 1 i Class 1 FeliCa 212 1 FeliCa 424 1 Topaz The Hi Byte will always be 0x00 RFU The output buffer is Output buffer NULL 6 3 4 5 CNTLESS_CONTROL_PPS This Escape comm...

Page 57: ...01 Switch RF Field ON No Output 0xFF Get current field state 0 RF field is ON 1 RF field is OFF Output No response is returned for set state For Get State 1 byte response is received Output buffer NUL...

Page 58: ...00 106Kbps in both directions 0x01 106Kbps from PICC to PCD 212Kbps from PCD to PICC 0x02 106Kbps from PICC to PCD 424Kbps from PCD to PICC 0x03 106Kbps from PICC to PCD 848Kbps from PCD to PICC 0x10...

Page 59: ...t state of retries 0x00 Retries are enabled 0x01 Retries are disabled Output No response is returned for set state For Get State 1 byte response is received Output buffer NULL or current state 6 3 4 1...

Page 60: ...baud rates specified in B2 B2 b0 b1 b2 b3 b4 b5 b6 b7 b7 e DR 2 supported if bit is set to 1 DR 4 supported if bit is set to 1 DR 8 supported if bit is set to 1 shall be set to 0 1 is RFU DS 2 suppor...

Page 61: ...escape code Byte0 Escape code 0xDA Output Byte Value Description B0 0x00 Type A card 0x01 Type B card 0x04 FeliCa 212 0x08 FeliCa 424 B1 0x00 Memory card 0x01 T CL card 0x02 Dual interface card 0x43...

Page 62: ...B12 Request response command response time parameter B13 Authentication command response time parameter B14 Read command response time parameter B15 Write command response time parameter 6 3 4 13 CNTL...

Page 63: ...to send FeliCa commands to FeliCa cards Input The first byte of input buffer contains the escape code followed by FeliCa command to be sent to the card At least 1 byte of command is required to be se...

Page 64: ...get current status 0x00 Response If the command is successful 5 bytes are returned indicating the status of keyboard slot Byte Offset Keyboard Description Byte 0 0x01 Disabled in SRAM 0x00 Enabled in...

Page 65: ...bytes 0x00 Response Data Status Word SW1 SW2 6 3 6 2 Set Password This APDU changes password of my d move card with the new password value provided Command APDU CLA INS P1 P2 Lc opcode Password Le 0x...

Page 66: ...es 0x00 Respons Data Status Word SW1 SW2 6 3 6 5 Write 1 Block 4 bytes This APDU writes 4 bytes of data to my d move at block specified Command APDU CLA INS P1 P2 Lc opcode Block No Data Le 0xFF 0xFD...

Page 67: ...y d move at block specified Command APDU CLA INS P1 P2 Lc opcode Block No Le 0xFF 0xFD 0x01 0x01 0x02 0x31 1 byte 0x00 Response Data Status Word 8 bytes of data SW1 SW2 6 3 6 8 Decrement This APDU dec...

Page 68: ...al flags byte and the optional UID field must be omitted In all the 15693 card outputs responses the flags byte will be omitted and error code if any shall be sent as SW2 6 3 7 1 Read Single Block Thi...

Page 69: ...x00 0x02 0x22 Block number to lock 1 byte Response Data Status Word SW1 SW2 Example to lock block number 0x0F APDU FF FC 00 00 02 22 0F RESPONSE 90 00 6 3 7 4 Read Multiple Blocks This APDU reads 4 by...

Page 70: ...ck 1 byte Number of blocks 1 1 byte Data to be written to each block 4 number of blocks bytes Response Data Status Word SW1 SW2 Example to write AA AA AA AA BB BB BB BB to 02 consecutive blocks starti...

Page 71: ...W1 SW2 Example to lock AFI APDU FF FC 00 00 01 28 RESPONSE 90 00 6 3 7 8 Write DSFID This APDU writes the DSFID value specified into card s memory Command APDU CLA INS P1 P2 Lc Data Le 0xFF 0xFC 0x00...

Page 72: ...tem information includes UID DSFID AFI memory size and manufacturer information Command APDU CLA INS P1 P2 Lc Data Le 0xFF 0xFC 0x00 0x00 0x02 0x2B 0x00 0x00 Response Data Status Word System Informati...

Page 73: ...add 1 to get number of bytes in block LSB gives the number of blocks 1 add 1 to get number of physical blocks Example to lock AFI APDU FF FC 00 00 02 2B 00 RESPONSE xx xx xx xx xx xx xx xx xx xx xx x...

Page 74: ...e FWT specified in the P1 parameter field while transmitting command and receiving response respectively Command APDU CLA INS P1 P2 Lc Data Le 0xFF 0xFD FWT code Frame Type Number of data bytes Raw Ca...

Page 75: ...721F Readers Response Data Status Word Response from card SW1 SW2 The response from card is returned raw without any processing Reception of any response from the card is considered as success irrespe...

Page 76: ...a malicious user does not gain access to modify the keys stored in reader Command APDU CLA INS P1 P2 Lc Data Le 0xFF 0x00 0x00 0x00 0x09 0x09 Reader PIN 8 bytes Response Data Status Word SW1 SW2 The a...

Page 77: ...store the appropriate keys before attempting to issue Authenticate APDU to respective card type 6 4 2 1 Load Reader Authentication PIN into Reader The reader PIN can be any 8 byte numeric value The fo...

Page 78: ...d can be used to load DESFire authentication keys into the reader Command APDU CLA NS P1 P2 Lc Data Le 0xFF 0x00 0x00 0x00 0x1F 0x07 0x01 DESFire key data as shown below DESFire key data PCD Key Numbe...

Page 79: ...88 12 34 56 78 12 34 56 78 for application with AID C1B1A1 PCD Key Number 01 PICC Key Number 00 APDU FF 00 00 00 1F 07 01 01 A1 B1 C1 00 11 22 33 44 55 66 77 88 12 34 56 78 12 34 56 78 11 22 33 44 55...

Page 80: ...escription 0x00 0x0D SL3 AES Sector Keys 0x00 0x09 Special Keys Refer to NXP 163735 for details PICC Key Block number shall be used to identify the type of key being loaded Up to 14 AES sector keys an...

Page 81: ...ad MIFARE ULC Authentication Keys into Reader The following command can be used to load MIFARE ULC authentication keys into the reader Command APDU CLA NS P1 P2 Lc Data Le 0xFF 0x00 0x00 0x00 0x12 0x0...

Page 82: ...ATION GIVEN 0x65 0x81 MEMORY FAILURE 0x67 0x00 LENGTH INCORRECT 0x68 0x00 CLASS BYTE INCORRECT 0x69 0x82 SECURITY STATUS NOT SATISFIED 0x69 0x83 AUTHENTICATION IS REQUIRED 0x69 0x88 WRONG KEY NUMBER I...

Page 83: ...E byMaxSlots BYTE bySerialNoLength BYTE abySerialNumber 28 ReaderInfoExtended pragma pack define IOCTL_CCID_ESCAPE SCARD_CTL_CODE 0xDAC define READER_GETIFDTYPE 0x12 define READER_LED_CONTROL 0x19 def...

Page 84: ...erName Identiv uTrust 3720 Contactless Reader 0 Identiv uTrust 3721 Contactless Reader 0 NULL ContextHandle 1 ret SCardEstablishContext SCARD_SCOPE_USER NULL NULL ContextHandle if SCARD_S_SUCCESS ret...

Page 85: ...ity printf maxslots t t d n strReaderInfo byMaxSlots printf serial no length t d n strReaderInfo bySerialNoLength printf serial no t t for i 0 i strReaderInfo bySerialNoLength i if strReaderInfo abySe...

Page 86: ...st revised on Page 86 of 87 2020 04 10 Reference Manual for uTrust 3720F and uTrust 3721F Readers 7 3 Annex C Mechanical drawings 7 3 1 Reader without stand NOTE All dimensions on these mechanical dra...

Page 87: ...Document Version 1 00 Last revised on Page 87 of 87 2020 04 10 Reference Manual for uTrust 3720F and uTrust 3721F Readers 7 3 2 Reader with Stand...

Search results

Summary of Contents for uTrust 3720F

Reviews:

Related manuals for uTrust 3720F

Brands by name

Popular brands

Identiv uTrust 3720F, Reference Manual

Search results

Summary of Contents for uTrust 3720F

Reviews:

Related manuals for uTrust 3720F

Brands by name

Popular brands