Copyright © 2010-2020, International Technologies & Systems Corporation. All rights reserved.
Page 17 of 76
User Manual, SecureHead USB and UART Interface
3.10.
Review KSN (DUKPT Key management only)
<STX><R><51h><ETX><CheckSum>
This command is to get DUKPT key serial number and counter.
3.11.
Review Security Level
<STX><R><7Eh><ETX><CheckSum>
This command is to get the current security level.
3.12.
Encrypted Output for Decoded Data
3.12.1.Encrypt Functions
When a card is swiped through the Reader, the track data will be TDEA (Triple Data
Encryption Algorithm, aka, Triple DES) or AES (Advanced Encryption Standard)
encrypted using Fixed key management or DUKPT (Derived Unique Key Per Transaction)
key management. DUKPT key management uses a base derivation key to encrypt a key
serial number that produces an initial encryption key which is injected into the Reader prior
to deployment. After each transaction, the encryption key is modified per the DUKPT
algorithm so that each transaction uses a unique key. Thus, the data will be encrypted with a
different encryption key for each transaction.
3.12.2.Security Related Function ID
Security Related Function IDs are listed below. Their functions are described in other
sections.
Characters
Hex Value
Description
PrePANID
49
First N Digits in PAN which can be
clear data
PostPANID
4A
Last M Digits in PAN which can be
clear data
MaskCharID
4B
Character used to mask PAN
EncryptionID
4C
Security Algorithm
SecurityLevelID
7E
Security Level (Read Only)
Device Serial Number ID 4E
Device Serial Number (Can be write
once. After that, can only be read)
DisplayExpirationDataID 50
Display expiration data as mask
data or clear data
KSN and Counter ID
51
Review the Key Serial Number and