Appendix B - Examples
eDynamo| Secure Card Reader Authenticator | Programmer’s Manual (COMMANDS)
Page 209 of 245 (
D998200115-17
)
B.1.7
Example: Authentication (MSR Only)
In this example, the device is already in
. The script puts the device
into Authenticated Mode, leaves it in that mode for a time, then deactivates it.
; This example demonstrates the Authentication Sequence.
; It is not scripted, some of the data is deliberately randomized.
This
; makes it impossible for a simple script to produce the correct
results.
; As an example it shows all the steps in authentication and
deactivation.
; It assumes the device is at Security Level 4, with the DUKPT KSN
; counter set to 2.
09 00 ; Get current KSN (should be FFFF9876543210E00002)
; Send the Activate Authenticated Mode command (4 minutes)
10 02 00F0
Request : CMND=10, LEN=02, DATA=00 F0
Response : RC= 00, LEN=1A, DATA=FF FF 98 76 54 32 10 E0 00 03 AA
AA AA AA AA AA AA AA DD DD DD DD DD DD DD DD
|------- Current KSN -------| |--
-- Challenge 1 ----| |---- Challenge 2 ----|
Response : RC= 00, LEN=1A, DATA=FF FF 98 76 54 32 10 E0 00 03 BE
5C 98 35 17 7E 45 2A A7 2D 2D B2 36 BF 29 D2
; Challenge 1 Encrypted: BE5C9835177E452A
; Challenge 2 Encrypted: A72D2DB236BF29D2
; Note that the KSN now ends with a counter of 3!
; Decrypt Challenge 1 using variant of Current Encryption Key
; (Current Encryption Key XOR with F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0)
;
; Current Key 0DF3D9422ACA561A 47676D07AD6BAD05
; XOR F0F0F0F0F0F0F0F0 F0F0F0F0F0F0F0F0
; = FD0329B2DA3AA6EA B7979DF75D9B5DF5
;
; BE5C9835177E452A TDES Decrypt with FD0329B2DA3AA6EA
B7979DF75D9B5DF5 = 7549AB6EB4840003
;
; Note that the final two bytes of the result = 0003, matching the
KSN as
; transmitted in the clear. This provides Authentication to the
host that
; the device is what it claims to be (proves key knowledge).
;
; Decrypt Challenge 2 using Current Encryption Key variant as above
; A72D2DB236BF29D2 TDES Decrypt with FD0329B2DA3AA6EA
B7979DF75D9B5DF5 = 34DB9230698281B4
;
;