Copyright © 2010-2020, International Technologies & Systems Corporation. All rights reserved.
Page 20 of 76
User Manual, SecureHead USB and UART Interface
•
Level 1
By default, readers from the factory are configured to have this security level. There is
no encryption process, no key serial number transmitted with decoded data. The reader
functions as a non-encrypting reader and the decoded track data is sent out in default
mode.
•
Level 2
Key Serial Number and Base Derivation Key have been injected but the encryption
process is not yet activated. The reader will send out decoded track data in default
format. Setting the encryption type to TDES and AES will change the reader to security
level 3.
•
Level 3
Both Key Serial Number and Base Derivation Keys are injected and encryption mode is
turned on. For payment cards, both encrypted data and masked clear text data are sent
out. Users can select the data masking of the PAN area; the encrypted data format
cannot be modified. Users can choose whether to send hashed data and whether to
reveal the card expiration date. When the encryption is turned on, level 3 is the default
security level.
•
Level 4
When the reader is at Security Level 4, a correctly executed Authentication Sequence is
required before the reader sends out data for each card swipe.
3.12.4.Encryption Management
The Encrypted swipe read supports TDES and AES encryption standards for data encryption.
Encryption can be turned on via a command. TDES is the default.
If the reader is in security level 3, for the encrypted fields, the original data is encrypted using
the TDES/AES CBC mode with an Initialization Vector starting at all binary zeroes and the
Encryption Key associated with the current DUKPT KSN.
3.12.5.Check Card Format
•
ISO/ABA (American Banking Association) Card
Encoding method
Track1 is 7 bits encoding.
Track1 is 7 bits encoding. Track2 is 5 bits encoding. Track3 is 5 bits encoding.
Track1 is 7 bits encoding. Track2 is 5 bits encoding.
Track2 is 5 bits encoding.
Additional check