background image

 

 

 

Copyright © 2010-2020, International Technologies & Systems Corporation.  All rights reserved.  

 

Page 35 of 76 

 

User Manual, SecureHead USB and UART Interface 

 

Bit 5: 1— track 3 sampling data present 

Bit 6, 7 — Reserved for future use 

 

Note 3: Clear/mask data sent status  

 

Field 8 (Clear/mask data sent status) and field 9 (Encrypted/Hash data sent status) will 

only be sent out in enhanced encryption format. 

 

Field 8: Clear/masked data sent status byte: 

 

 

Bit 0: 1 —track 1 clear/mask data present  

 

 

Bit 1: 1— track 2 clear/mask data present 

 

 

Bit 2: 1— track 3 clear/mask data present 

Bit 3: 0— reserved for future use 

 

 

Bit 4: 0— reserved for future use 

 

 

Bit 5: 

0- 

No requirement to use IC (1st digit in Service Code is different from 2 or 6;  

1-Use IC where feasible (1st digit in Service Code is 2 or 6)

 

 

 

 

Note 4: Encrypted/Hash data sent status  

 

 Field 9: Encrypted data sent status 

 

 

Bit 0: 1— track 1 encrypted data present  

 

 

Bit 1: 1— track 2 encrypted data present 

 

 

Bit 2: 1— track 3 encrypted data present 

 

 

Bit 3: 1— track 1 hash data present 

 

 

Bit 4: 1— track 2 hash data present 

 

 

Bit 5: 1— track 3 hash data present 

 

 

Bit 6: 1—session ID present  

 

 

Bit 7: 1—KSN present 

 

 

4.6.

 

Fix Key Management Enhanced Output Data Format 

Same as 4.5 DUKPT Enhanced Level 3 Data Output Format, only change <KSN> to <device 

serial  number> plus two NULL bytes. 

 

4.7.

 

DUKPT Level 4 Data Output Format 

 

For ISO card, both clear and encrypted data are sent. For other card, only clear data are sent. 

A card swipe returns the following data: 

 

Card data is sent out in format of  

<STX><LenL><LenH><Card Data><CheckLRC><CheckSum><ETX> 

 

Summary of Contents for SecureHead

Page 1: ...USER MANUAL SecureHead Encrypted Magnetic Read Head USB and UART Interface 80101505 001 K 19 November2020 ...

Page 2: ... equipment which does not conform to the requirements of sales is to have such equipment replaced or repaired by ID TECH For limited warranty service during the warranty period please contact ID TECH to obtain a Return Material Authorization RMA number instructions for returning the product THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE THERE ...

Page 3: ...21 2011 Added design guidelines for head installation Jenny W C 09 20 2011 Updated USB interface Cable Pin Out Updated power information Yvonne Y D 03 23 2012 Added design guidelines on preloading the spring Added cable length tolerance Jenny W E 02 04 2013 Added the new mask feature in SecureHead firmware v5 00 for UART interface and v 5 03 for USB interface Candy H F 06 05 2013 Update appendix I...

Page 4: ...and level 2 POS Mode Data Output Format 28 4 3 DUKPT Key Management Level 3 Data Output Format 31 4 4 Fixed Key Management Encrypted Output Format 32 4 5 DUKPT Enhanced Level 3 Data Output Format 32 4 6 Fix Key Management Enhanced Output Data Format 35 4 7 DUKPT Level 4 Data Output Format 35 4 8 Level 4 Activate Authentication Sequence 37 4 9 Other Command Protocol Settings 41 Appendix A Setting P...

Page 5: ...o encrypt sensitive card data The data encryption process prevents card holder information from being accessed when the data is stored or in transit so the data remains secure from end to end The reader fully supports TDES and AES data encryption using DUKPT key management method The SecureHead supports SPI UART and USB interface The information about SPI SecureHead can be found in a separate docu...

Page 6: ...ndby Power supply Current 2 mA USB Power 5 0 VDC 10 I O Voltage Range 2 7 to 3 6 VDC Current Active Power Supply Current 7 mA Standby Power supply Current 5 mA ESD 4kV discharge to head can Communication interface UART o Baud Rate 9 600 bits second as default o Data bits 8 o Stop bits 1 o Parity None o Supports Xon Xoff software handshaking USB o Complies with USB 2 0 specification Environment Ope...

Page 7: ...SB o Cable connector Molex 51021 0500 or equivalent o Standard cable length is 125mm 6 4mm o Pin Out Table J1 Color Signal 1 Red VBUS 2 White DATA 3 Green DATA 4 Black GND 5 Violet HEAD_CASE UART o Cable connector Molex 51021 0500 or equivalent o Standard cable length is 125mm 6 4mm o Pin Out Table J1 Color Signal 1 Violet HEAD_CASE 2 White RX 3 Yellow TX 4 Red 3V 5 Black GND ...

Page 8: ...ll rights reserved Page 8 of 76 User Manual SecureHead USB and UARTInterface Dimension Mounting Options 1 Wing spring mounting this is the standard mounting option and can be used on most swipe readers The protrusion of the head for the surface of the spring is 3 50 mm ...

Page 9: ...ms Corporation All rights reserved Page 9 of 76 User Manual SecureHead USB and UARTInterface 2 Head assembly only This option is provided for special applications The mechanical interface is an eight pin male Molex Connector 51021 0800 for option 1 and 2 ...

Page 10: ...der s non volatile memory so they are not affected by the cycling of power 3 1 Setup Commands Structure Commands sent to SecureHead a Setting Command STX S FuncID Len FuncData ETX CheckSum b Read Status Command STX R FuncID ETX CheckSum c Function Command STX FuncID Len FuncData ETX CheckSum Response from SecureHead a Setting Command Host SecureHead Setting Command ACK if OK or NAK if Error b Read...

Page 11: ...o a new command The typical delay for the reader to respond to a command is 20ms the maximum delay for the reader to respond can be as much as 40ms Caution must therefore be taken to maintain a minimum delay between two commands 3 3 Default Settings The SecureHead reader is shipped from the factory with the default settings already programmed In the following sections the default settings are show...

Page 12: ...is enabled the key management method used is fixed key With the bi directional method the user can swipe the card in either direction and still read the data encoded on the magnetic stripe Otherwise the card can only be swiped in one specified direction to read the card Raw Decoding just sends the card s magnetic data in groups of 4 bits per character The head reads from the first byte of each tra...

Page 13: ...ings Any one character 00h is none default is CR 0Dh 3 7 2 Preamble Setting Characters can be added to the beginning of a string of data These can be special characters for identifying a specific reading station to format a message header expected by the receiving host or any other character string Up to fifteen ASCII characters can be defined STX S D2h Len Preamble ETX CheckSum Where Len the numb...

Page 14: ...ffix Setting Characters can be added to the end of track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined STX S n Len Suffix ETX CheckSum Where n 37h for track 1 38h for track 2 and 39h for track 3 Len the number of bytes of suffix string Suffix string length string NOTE String length i...

Page 15: ... send or not send the Start End sentinel and to send either the Track 2 account number only or all the encoded data on Track 2 The Track 2 account number setting doesn t affect the output of Track 1 and Track 3 STX S 19h 01h SendOption ETX CheckSum SendOption 0 Don t send start end sentinel and send all data on Track 2 1 Send start end sentinel and send all data on Track 2 2 Don t send start end s...

Page 16: ...uthentication process is successful If it fails the host must start the authentication process again until it s succeed before any security related featured can be changed Commands 1 Retrieve Encrypted Challenge Command Host Device STX R 74h ETX CheckSum Device Host ACK STX 8 bytes of TDES encrypted random data ETX CheckSum success NAK fail 2 Send External Authenticate Command Host Device STX S 74...

Page 17: ...ey serial number that produces an initial encryption key which is injected into the Reader prior to deployment After each transaction the encryption key is modified per the DUKPT algorithm so that each transaction uses a unique key Thus the data will be encrypted with a different encryption key for each transaction 3 12 2 Security Related Function ID Security Related Function IDs are listed below ...

Page 18: ...A 01 04 03 LRC MaskCharID 20h 7Eh Command format 02 53 4B 01 3A 03 LRC DisplayExpirationDataID 0 0 Display expiration data as mask data 1 Display expiration data as clear data EncryptionID 0 0 Clear Text 1 Triple DES 2 AES Command format 02 53 4C 01 31 03 LRC SecurityLevelID 1 0 3 Command format 02 52 7E 03 LRC Device Serial Number ID 00 00 00 00 00 00 00 00 00 00 10 bytes number Command format Se...

Page 19: ...ult 0 Fixed Key 1 DUKPT Key 3 12 3 Security Management This reader is intended to be a secure reader Security features include Can include Device Serial Number Can encrypt track 1 and track 2 data for all bank cards Provides clear text confirmation data including card holder s name and a portion of the PAN as part of the Masked Track Data Optional display expiration data Security Level is settable...

Page 20: ... masking of the PAN area the encrypted data format cannot be modified Users can choose whether to send hashed data and whether to reveal the card expiration date When the encryption is turned on level 3 is the default security level Level 4 When the reader is at Security Level 4 a correctly executed Authentication Sequence is required before the reader sends out data for each card swipe 3 12 4 Enc...

Page 21: ...nd clear text data are sent Masked Area The data format of each masked track is ASCII The clear data include start and end sentinels separators first N last M digits of the PAN card holder name for Track1 The rest of the characters should be masked using mask character Set PrePANClrData N PostPANClrData M MaskChar Mask Character N and M are configurable and default to 4 first and 4 last digits The...

Page 22: ...ference from other HID devices 4 1 Level 1 and level 2 StandardModeData OutputFormat Magnetic Track Basic Decoded Data Format Track 1 SS1 T1 Data ES Track Separator Track 2 SS2 T2 Data ES Track Separator Track 3 SS3 T3 Data ES Terminator Where SS1 start sentinel track 1 SS2 start sentinel track 2 SS3 start sentinel track 3 for ISO for AAMVA ES end sentinel all tracks Track Separator Carriage Retur...

Page 23: ...ast track of data to separate card reads Card data is only sent to the host on the Interrupt In pipe using an Input Report The reader will send only one Input Report per card swipe If the host requests data from the reader when no data is available the reader will send a NAK to the host to indicate that it has nothing to send Data Format Setting USB HID Data Format default setting Product ID 2010 ...

Page 24: ... approach the reader will keep all of the ID TECH data editing and other features like preamble postamble etc The output data is always 512 bytes the Total Output Length field indicates the valid data length in the output data 4 1 2 Descriptor Tables Device Descriptor Field Value Description Length 12 Des type 01 bcd USB 00 02 USB 2 0 Device Class 00 Unused Sub Class 00 Unused Device Protocol 00 U...

Page 25: ...akeup Power 32 100 mA Interface Descriptor Field Value Description Length 09 Des type 04 Interface No 00 Alternator Setting 00 EP 01 Interface Class 03 HID Sub Class 01 Interface Protocol 01 iInterface 00 HID Descriptor Field Value Description Length 09 Des type 21 HID bcdHID 11 01 Control Code 00 numDescriptors 01 Number of Class Descriptors to follow DescriptorType 22 Report Descriptor Descripto...

Page 26: ...cal Minimum 26 FF 00 Logical Maximum 75 08 Report Size 09 20 Usage Tk1 Decode Status 09 21 Usage Tk2 Decode Status 09 22 Usage Tk3 Decode Status 09 28 Usage Tk1 Data Length 09 29 Usage Tk2 Data Length 09 2A Usage Tk3 Data Length 09 38 Usage Card Encode Type 95 07 Report Count 81 02 Input Data Var Abs Bit Field 09 30 Usage Total Sending Length 95 02 Report Count 2 82 02 01 Input Data Var Abs Bit Fi...

Page 27: ...81 02 Input Data Variable Absolute 95 01 Report Count 1 75 08 Report Size 81 01 Input Constant 95 05 Report Count 75 01 Report Size 05 08 Usage Page LED 19 01 Usage Minimum 29 05 Usage maximum 91 02 Output Data Variable Absolute 95 01 Report Count 75 03 Report Size 91 01 Output Constant 95 06 Report Count 75 08 Report Size 15 00 Logical Minimum 25 66 Logical Maximum 102 05 07 Usage Page key Code 1...

Page 28: ... LEC code Track x data LRC Reader will send out card data in Alt mode if its ASCII code less than H 20 Byte NO Name 0 Right Shift 1 Left Shift 2 Right Ctrl 3 Left Ctrl 4 Read Error 1 5 Read Error 2 6 Track x ID 7 Track x Error 8 Track x Length 1 9 Track x Length 2 10 Track Data no extra Track ID for raw data 10 Track len 1 Card Track x LRC 10 Track len Track x LRC 10 Track len 1 0x0D 10 Track len ...

Page 29: ...encoding 001 Old CADL Card 6 5 6 encoding no longer included 010 AAMVA Card 7 5 7 encoding 011 JIS I Card 8 5 8 encoding 100 JIS II card 8 or ISO JIS II 110 OPOS Raw Data Output 111 JIS I JIS II B12 Reserved for future use Decode flag will set to 1 B3 B4 and B5 all set to 1 in OPOS raw data mode Track ID Track ID is a byte of ID it will be 1 2 and 3 for track 1 2 and 3 it is not accurate to use st...

Page 30: ...ights reserved Page 30 of 76 User Manual SecureHead USB and UARTInterface Track Data Card Track x LRC code is track x card data Track x LRC Track x data LRC is a LRC to check track x data communication XOR all characters start from Track x ID to Track x data LRC should be 0 ...

Page 31: ...ype 0 ISO ABA 4 for Raw Mode track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling track 1 unencrypted length 1 byte 0 for no track1 data track 2 unencrypted length 1 byte 0 for no track2 data track 3 unencrypted length 1 byte 0 for no track3 data track 1 masked Omitted if in Raw mode track 2 masked Omitted if in Raw mode track 3 data Omitted if in Raw mode track 1 encrypted AES TDES encr...

Page 32: ...Encryption Format 1 Enhanced Encryption Format 2 Encryption Option Setting for enhanced encryption format only Command 53 84 01 Encryption Option Encryption Option default 08h bit0 1 track 1 force encrypt bit1 1 track 2 force encrypt bit2 1 track 3 force encrypt bit3 1 track 3 force encrypt when card type is 0 bit4 1 new mask feature see note 4 below Note 1 When force encrypt is set this track wil...

Page 33: ... be encrypted without mask 3 Hash Option Setting Command 53 5C 01 Hash Option Hash Option 0 7 Bit0 1 track1 hash will be sent if data is encrypted Bit1 1 track2 hash will be sent if data is encrypted Bit2 1 track3 hash will be sent if data is encrypted 4 Mask Option Setting for enhanced encryption format only Command 53 86 01 Mask Option Mask Option Default 0x07 bit0 1 tk1 mask data allow to send ...

Page 34: ...ck 3 hashed 20 bytes each if encrypted and hash track 3 allowed KSN 10 bytes CheckLRC CheckSum ETX Where STX 02h ETX 03h Note 1 Card Encode Type Card Type will be 8x for enhanced encryption format and 0x for original encryption format Value Encode Type Description 00h 80h ISO ABA format 01h 81h AAMVA format 03h 83h Other 04h 84h Raw un decoded format For Type 04 or 84 Raw data format all tracks ar...

Page 35: ...t in Service Code is different from 2 or 6 1 Use IC where feasible 1st digit in Service Code is 2 or 6 Note 4 Encrypted Hash data sent status Field 9 Encrypted data sent status Bit 0 1 track 1 encrypted data present Bit 1 1 track 2 encrypted data present Bit 2 1 track 3 encrypted data present Bit 3 1 track 1 hash data present Bit 4 1 track 2 hash data present Bit 5 1 track 3 hash data present Bit ...

Page 36: ...mitted if in Raw mode track 3 data Omitted if in Raw mode track 1 encrypted AES TDES encrypted data track 2 encrypted AES TDES encrypted data track 3 encrypted Only used in Raw mode sessionID encrypted AES TDES encrypted data track 1 hashed 20 bytes SHA1 Xor track 2 hashed 20 bytes SHA1 Xor DUKPTserial number 10 bytes Non ISO ABA Data Output Format card encoding type 1 AAMVA 3 Others track status ...

Page 37: ...he two key parts to create the Data Key Encrypted Data Length Track 1 and Track 2 data are encrypted as a single block In order to get the number of bytes for encrypted data field we need to get Track 1 and Track 2 unencrypted length first The field length is always a multiple of 8 bytes for TDES or multiple of 16 bytes for AES This value will be zero if there was no data on both tracks or if ther...

Page 38: ...evice responds with two challenges Challenge 1 and challenge 2 The challenges are encrypted using the current DUKPTkey exclusive or ed with F0F0 F0F0 F0F0 F0F0 F0F0 F0F0 F0F0 F0F0 The decrypted challenge 1 contains 6 bytes of random number followed by the last two bytes of KSN The two bytes of KSN may be compared with the last two bytes of the clear text KSN sent in the message to authenticate the...

Page 39: ...henticated Mode succeeds if the device decrypts Challenge Reply response correctly If the device cannot decrypt Challenge Reply command Activate Authenticated Mode fails and DUKPTKSN advances Command Structure Host Device STX S 82h 10h Activation Data ETX CheckSum Device Host ACK success NAK fail Activation Data 16 bytes structured as Challenge 1 Response Session ID Challenge 1 Response 6 bytes of...

Page 40: ...KPTKey Get Reader Status Command Command Structure Host Device STX R 83h ETX CheckSum Device Host ACK STX 83h 02h Current Reader Status Pre conditon ETX CheckSum success NAK fail Current Reader Status 2 bytes data with one byte of Reader State and one byte of Pre Condition Reader State indicates the current state of the reader 00h The reader is waiting for Activate Authentication Mode Command The ...

Page 41: ...ied in the Activation Challenge Reply command 4 9 Other CommandProtocolSettings 4 9 1 Set Get Device Serial Number Set Get eight byte device serial number Command Set Device Serial Number 01 00 0B 00 01 01 8 bytes of Device Serial Number Get Device Serial Number 01 00 03 00 00 01 Command Response Set Device Serial Number 01 00 02 01 00 Get Device Serial Number 01 00 0A 01 00 8 bytes of Device Seri...

Page 42: ...t with its random data Command Format 01 00 06 00 05 First four bytes of decrypted random data from Get Challenge Command Response 01 00 02 01 00 Success 01 00 02 01 01 Fail 4 9 5 Load Security Key The sixteen bytes key is used encryption and its default value is 0000 0000 0000 0000 0000 0000 0000 0000 For security purpose key injection only allowed after successful external authentication and wil...

Page 43: ...n 0 0 9 Any Track 0 any 1 7 bit 1 tk1 bit 2 tk2 bit 3 tk3 8 tk1 2 9 tk2 3 PollingInterv alID 14 Polling Interval 1 1 255 USB HID Polling Interval u DataFmtID 15 Data Output Format 0 0 2 ID TECH Format FmtOptionID 16 UIC Mag Tek H 59 Refer to MiniMag RS232 User s Manual TrackSepID 17 Track Separator CR Enter 0 for Port Powered IV CR for RS232 Enter for KB any character supported except 00 which mea...

Page 44: ... for track 2 6 char max Track3Prefix ID 36 Track 3 Prefix 0 No prefix for track 3 6 char max Track1Suffix ID 37 Track 1 Suffix 0 No suffix for track 1 6 char max Track2Suffix ID 38 Track 2 Suffix 0 No suffix for track 2 6 char max Track3Suffix ID 39 Track 3 Suffix 0 No suffix for track 3 6 char max LZ1ID 3C 0xD LZ2ID 3D 0xD LZ3ID 3E 0xD LZ4ID 3F 0xD EpVerID 40 None BaudID 41 Baud Rate 5 2 9 9600 b...

Page 45: ...serial any 8 bytes 8 hex digit serial number r DispExpDate ID 50 mask or display expiration date 0 0 1 1 don t mask expiration date CapsCaseID 51 None DataSeqID 52 None StartCharID 53 None SessionID 54 8 byte hex not stored in EEPROM None always init to all FF Mod10ID 55 include mod10 check digit 0 0 2 don t include mod10 1 display mod10 2 display wrong mod10 DesKeyID 56 DES Key Value 0 internal u...

Page 46: ...rt Powered IV as Track 3 7 Bit Start Sentinel T36BStartID 67 T36BStart for Port Powered IV as Track 3 6 Bit Start Sentinel T35BStartID 68 T35BStart for Port Powered IV as Track 3 5 Bit Start Sentinel T1EndID 69 Track 1 End Sentinel as End Sentinel T2EndID 6A Track 2 End Sentinel as End Sentinel T3EndID 6B Track 3 End Sentinel as End Sentinel T1ERRSTA RTID 6C Track 1 error code start sentinel if tr...

Page 47: ...d Unused entries in this table were left for completeness even though unused in the SecureMag reader to avoid conflicting definitions between products Note not all function ID are present in different hardware version of the SecureMag the last column above has some codes feature not currently supported exists for compatibility s feature available on in the RS232 serial version of the reader u feat...

Page 48: ...to CC if Num Lock is set then clear it and set it after finishing sending out code Keystroke Hex Value Functional Code USB KB Code Ctrl 2 00 1F Ctrl On Ctrl A 01 04 Ctrl On Ctrl B 02 05 Ctrl On Ctrl C 03 06 Ctrl On Ctrl D 04 07 Ctrl On Ctrl E 05 08 Ctrl On Ctrl F 06 09 Ctrl On Ctrl G 07 0A Ctrl On BS 08 bs 2A Tab 09 tab 2B Ctrl J 0A 0D Ctrl On Ctrl K 0B 0E Ctrl On Ctrl L 0C 0F Ctrl On Enter 0D ent...

Page 49: ... 23 20 Shift On 24 21 Shift On 25 22 Shift On 26 24 Shift On 27 34 28 26 Shift On 29 27 Shift On 2A 25 Shift On 2B 2E Shift On 2C 36 2D 2D 2E 37 2F 38 0 30 27 Shift On 1 31 1E Shift On 2 32 1F Shift On 3 33 20 Shift On 4 34 21 Shift On 5 35 22 Shift On 6 36 23 Shift On 7 37 24 Shift On 8 38 25 Shift On 9 39 26 Shift On 3A 33 Shift On 3B 33 3C 36 Shift On 3D 2E 3E 37 Shift On 3F 38 Shift On 40 1F A...

Page 50: ...Shift On K 4B 0E Shift On L 4C 0F Shift On M 4D 10 Shift On N 4E 11 Shift On O 4F 12 Shift On P 50 13 Shift On Q 51 14 Shift On R 52 15 Shift On S 53 16 Shift On T 54 17 Shift On U 55 18 Shift On V 56 19 Shift On W 57 1A Shift On X 58 1B Shift On Y 59 1C Shift On Z 5A 1D Shift On 5B 2F 5C 31 5D 30 5E 23 Shift On _ 5F 2D Shift On 60 35 a 61 04 b 62 05 c 63 06 d 64 07 e 65 08 f 66 09 g 67 0A h 68 0B...

Page 51: ...75 18 v 76 19 w 77 1A x 78 1B y 79 1C z 7A 1D 7B 2F Shift On 7C 31 Shift On 7D 30 Shift On 7E 35 Shift On DEL 7F 2A F1 81 f1 3A F2 82 f2 3B F3 83 f3 3C F4 84 f4 3D F5 85 f5 3E F6 86 f6 3F F7 87 f7 40 F8 88 f8 41 F9 89 f9 42 F10 8A fa 43 F11 8B fb 44 F12 8C fc 45 Home 8D home 4A End 8E end 4D 8F right 4F 90 left 50 91 up 52 92 down 51 PgUp 93 pgup 4B PgDn 94 pgdn 4E Tab 95 tab 2B bTab 96 btab 2B Sh...

Page 52: ...t_Break A7 l_alt_bk Clear Alt Flag Left_Alt_Make A8 l_alt_mk Set Alt Flag for following char s Right_Ctrl_Break A9 r_ctrl_bk Clear Ctrl Flag Right_Ctrl_Make AA r_ctrl_mk Set Ctrl Flag for following char s Right_Shift_Break AB r_shift_bk Clear Shift Flag Right_Shift_Make AC r_shift_mk Set Shift Flag for following char s Right_Windows AD r_windows E7 right GUI Right_Alt_Break AE r_alt_bk Clear Alt F...

Page 53: ...aps_lock 39 Num_ C9 num_ 54 Num_ CA num_ 55 Num_ CB num_ 56 Num_ CC num_ 57 Num_ CD num_ 63 Num Lock On Num_DEL CE num_del 63 Num_INS CF num_ins 62 Delay_100ms D0 delay Delay 100 ms Table of Ctrl or Alt output for non printable characters ASCII Code Control Code Alt Code SendOptionID Bit 3 0 Bit 3 1 00 Ctrl 2 Alt 000 01 Ctrl A Alt 001 02 Ctrl B Alt 002 03 Ctrl C Alt 003 04 Ctrl D Alt 004 05 Ctrl E...

Page 54: ...ser Manual SecureHead USB and UARTInterface 11 Ctrl Q Alt 017 12 Ctrl R Alt 018 13 Ctrl S Alt 019 14 Ctrl T Alt 020 15 Ctrl U Alt 021 16 Ctrl V Alt 022 17 Ctrl W Alt 023 18 Ctrl X Alt 024 19 Ctrl Y Alt 025 1A Ctrl Z Alt 026 1B ESC Alt 027 1C Ctrl Alt 028 1D Ctrl Alt 029 1E Ctrl 6 Alt 030 1F Ctrl Alt 031 ...

Page 55: ...ault Setting Table DefaultSetting Table MSR Reading Enable Decoding Method Both Swiping Direction Decode mode Track Separator Settings CR Terminator Settings CR Preamble Settings None Postamble Settings None Track Selected Settings Any Track Sentinel and T2 Account No Send Sentinels and all T2 data Data Edit Setting Disabled Track Prefix None Track Suffix None ...

Page 56: ...rack 1 Field ID Character Contents Length a Start Sentinel 1 b Format Code B 1 c Account Number 12 or 19 d Separator 1 e Cardholder Name variable f Separator 1 g Expiration date 4 h Optional Discretionary data variable i End Sentinel 1 j Linear Redundancy Check LRC Character 1 Track 2 a Start Sentinel 1 b Account Number 12 or 19 c Separator 1 d Expiration date YYMM 4 e Optional discretionary data ...

Page 57: ... LRC Character 1 Track 2 a Start Sentinel 1 b ANSI User Code 1 c ANSI User ID 5 d Jurisdiction ID DL 14 e Expiration date 4 f Birth Date 8 g Remainder of Jurisdiction ID DL 5 h End Sentinel 1 I Linear Redundancy Check LRC Character 1 Track 3 a Start Sentinel 1 b Template Version 1 c Security Version 1 d Postal Code 11 e Class 2 f Restrictions 10 g Endorsements 4 h Sex 1 I Height 3 j Weight 3 k Hai...

Page 58: ...Copyright 2010 2020 International Technologies Systems Corporation All rights reserved Page 58 of 76 User Manual SecureHead USB and UARTInterface r Linear Redundancy Check LRC Character 1 ...

Page 59: ...nual SecureHead USB and UARTInterface Appendix E Other Mode Card Data Output There is an optional data output format supported by SecureHead in order to be compatible with specific software requirement 01h 01h 1Ah 02h 00h Left 8 bytes Device Serial Number 6 Byte Random data 30h 31h 264 bytes of Sampling data ...

Page 60: ...DES algorithm The result is again XOR ed with the next 8 byte data block before it is encrypted The process repeats until all the data blocks have been encrypted The host can decrypt the cipher text from the beginning of the block when the data is received However it must keep track of both the encrypted and clear text data Or alternatively the data can be decrypted backward form that last data bl...

Page 61: ...Copyright 2010 2020 International Technologies Systems Corporation All rights reserved Page 61 of 76 User Manual SecureHead USB and UARTInterface Appendix G Key Management Flow Chart ...

Page 62: ...Copyright 2010 2020 International Technologies Systems Corporation All rights reserved Page 62 of 76 User Manual SecureHead USB and UARTInterface ...

Page 63: ...63037303730373736373637363333333333333333333337363736373630 373037303737363736373633333333333333333333373637363736303730373F32863E9E3DA28E455 B28F7736B77E47A64EDDA3BF03A06E44F31D1818C0BCD7A353FB1AD70EFD30FFC3DA08A4 FBC9372E57E8B40848BAEAA3FE724B3550E2F4B223E6BF264BEAE9E39142B648CDB51FB8D AF8EA5B63913D29419B67582FCCCE9B372660F03668CC453216D9449C6B67EF33418AC88F65 E1DB7ED4D10973F99DFC8463FF6DF113B62...

Page 64: ...DFC8463FF6DF Track 2 hashed 113B6226C4898A9D355057ECAF11A5598F02CA31 KSN 62994901190000000001 LRC checksum and ETX 39 9F 03 Masked Data Track 1 data masked in ASCII 4266 9999 BUSH JR GEORGE W MR Track 2 data masked in ASCII 4266 9999 Track 3 data unencrypted in ASCII 3333333333767676070707767676333333333376767607070776767633333333337676760707077676 7633333333337676760707 2 Key Value F8 2A 7A 0D 7C...

Page 65: ...3F99DFC8463FF6DF113B6226C4898A9D355057ECAF11 A5598F02CA31629949011900000000044B6F03 Masked Data Track 1 4266 9999 BUSH JR GEORGE W MR Track 2 4266 9999 Track 3 3333333333767676070707767676333333333376767607070776767633333333337676760707077676 7633333333337676760707 2 Key Value 8A 92 F6 74 00 BF 25 2E 57 9A A9 01 FF 27 48 41 KSN 62 99 49 01 19 00 00 00 00 04 Session ID AA AA AA AA AA AA AA AA Decry...

Page 66: ...AB530CE405 B701131D2FBAAD970248A456000933418AC88F65E1DB7ED4D10973F99DFC8463FF6DF113B6 226C4898A9D355057ECAF11A5598F02CA31688861C157C1CE2E0F72CE0F3BB598A614EAABB 16299490119000000000206E203 STX Length LSB MSB card type track status length track 1 length track 2 length track 3 02 9801 80 3F 48 23 6B 03BF The above broken down and interpreted 02 STX character 98 low byte of total length 01 high byte ...

Page 67: ...A7BE Track 2 encrypted length 0x32 rounded up to 8 bytes 0x38 56 decimal AB3B10A3FBC230FBFB941FAC9E82649981AE79F2632156E775A06AEDAFAF6F0A 184318C5209E55AD Track 3 encrypted length 0x6B rounded up to 8 bytes 0x70 64 decimal 44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42 A99B1B9773EF1B116E005B7CD8681860D174E6AD316A0ECDBC687115FC89360A EE7E430140A7B791589CCAADB6D6872B78433C3A25DA9DD...

Page 68: ...303730373037373637363736333333333333333333333736 3736373630373037303737363736373633333333333333333333373637363736303730373037373637 36373633333333333333333333373637363736303730373F320000000000 Security Level 4 decryption Enhanced Encryption Format 02A001803F48236B03FF252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47 454F52474520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A...

Page 69: ...0000046 0 3333333333767676070707767676333333333376767607070776767633333333337676760707077676 7633333333337676760707 2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572E4D525E303 830393130313130303030313130303030303030303034363030303030303F21 3B343236363834313038383838393939393D3038303931303131303030303034363F300000000000 3B3333333333333333333337363736373...

Page 70: ...both Fix DUKPT key management SecureHead Reader with default settings Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Original Encryption Format original encryption format this can be recognized because the high bit of the fourth byte underlined 00 is 0 028700041B331A0027D2E435CEE303F007E977B598B7E3C57C76F4445E309F6916C0321A0F915 B6E490813498839049FE5204762327C3C758C5BF82542DEEDD8D6AF8801...

Page 71: ...607440481116 Security Level 4 Original Encryption Format 028F00041B331A0070756B86C0B670DAAA78EEA454F5A7BAFB5CDA91BA9A5B62BB49F67C D21484D3138DB3468C80F3468688AE61E3FB25FEEB630B81717CC405F8A73430FCAFEF98C4 CEDE76AB7AAC0D9090E2B25F7E77F7888306B57CB67A9BE15F3D5B29AE712C64A1212E9AF 6F483BD40798A9FF2DDE77D046620B55BCE94A4D5534CF57E7E07629949011A0000000002DD 5D03 Key Value 06 A9 B3 23 2A 69 B4 57 61 76 ...

Page 72: ...7583A8C34F7DF 352C51A889ECF92501100BDCCAC1E421E9DE65DDF9765A160B5A2E3D6F3F9206850519325D DCA759B0309E347BBE669231D7A87E95EB11D4CA74B4D6E1979CF2660309A30F88D6299490 167000000006D7B1903 Key Value 84 CE 46 37 87 F6 84 E6 9E 30 3E 3B 12 CB 10 AE KSN 62 99 49 01 67 00 00 00 00 6D Decrypted Data B4761739001010010 VISA ACQUIRER TESTCARD 10 10122011143800780000000 E 4761739001010010 10122011143878089 1 25...

Page 73: ...xtremely important to follow these instructions to achieve the best performance for ID TECH magnetic reading components that are designed into your product s Track Locations ISO 7810 and ISO 7811 standards define the specification for all standard magnetic stripe cards The location of each magnetic head s track s centerline is shown below in Figure 11 ID TECH s heads are installed in spring mounts...

Page 74: ... on reading reliability Note that electrostatic discharge can be an issue for MagStripe readers When using metal for the reference surface wear plate integrators should either ground the plate or use conductive plastic to help minimize ESD 2 ID TECH uses wear resistant 30 glass filled plastics in applications where stainless steel is impractical such as insert readers In this type of reader the fo...

Page 75: ...f the centerline of the magnetic head s gap this gap is located at the apex of the head s radius The remaining portion of the rails slot width can be wider but never smaller also remember that it is best to have the reference surface wear plate extend for a minimum of 1 5 inches from the magnetic head s gap 1 Magnetic heads need to be able to rotate on a gimbal refer to Figure 3 for an example to ...

Page 76: ...be 0 040 inches wide at a minimum of 0 5 inches on both sides of the magnetic head s gap There must also be a smooth transition leading up to the 0 040 inch wide area of the slot both entering and exiting the magnetic head Figure 3 3 When designing insert style readers make sure the magnetic media on cards can be inserted completely past the read head so the reader registers the stop sentinel on t...

Reviews: