Money Controls SCH2 Technical Manual Download Page 18 | Manualshive

Page: 18 / 61

background image

SCH2 Technical Manual TSP016.doc Issue 3.0 – January 2005



Money Controls 2005. All rights reserved.

Page 18 of 61

11. Encryption Mechanism

A 64-bit encryption mechanism is used to ensure that an illegal attempt to dispense coins from
SCH2 is a hugely difficult task. The key to this mechanism is a secret algorithm, not published in
this document, which may be obtained from Money Controls after suitable approval procedures
have been gone through.

To show the procedure for dispensing a coin an example is shown here with a ‘trivial’ encryption
mechanism but the overall procedure is the same. Byte values between brackets are shown in
hex.

First of all we pump the random number generator of the hopper by sending 8 bytes of random
data to it…

Command = Pump RNG

Transmitted data :

[ 34 ] [ A2 ] [ D7 ] [ 0F ] [ 35 ] [ 17 ] [ 55 ] [ 94 ]

Received data :

ACK

This is not an essential step but is useful to broaden the spectrum of cipher keys that are
transmitted along the serial bus and which may be ‘recorded’ by a hacker. As the host machine
is likely to be an AWP machine with a sophisticated random number generator, way beyond the
capability of the hopper microcontroller, we may as well make use of it. Note that the pump
value does not pre-set or ‘seed’ the RNG as that would defeat the security mechanism, but only
scrambles it further. The exact details of the scrambling algorithm will not be documented.

Then we request a key cipher key…

Command = Request cipher key

Transmitted data :

<none>

Received data :

[ E5 ] [ 88 ] [ 13 ] [ 07 ] [ 46 ] [ FE ] [ 29 ] [ 05 ]

A new cipher key must always be requested prior to dispensing coins. There is no point using
an old copy as it changes after every dispense command. The ‘Request cipher key’ command
itself can be repeated in the event of a communication error and the cipher key will be re-
transmitted rather than regenerated.

Now we combine the cipher key with the number of coins to pay out ( in this example 20 coins
or the value 14 hex ) by tagging it onto the end of the data block…

Non-encrypted data [ E5 ] [ 88 ] [ 13 ] [ 07 ] [ 46 ] [ FE ] [ 29 ] [ 05 ] [ 14 ]

In this case we will assume that the CMF ( Cryptographic Mapping Function ) is simply inverting
all the bytes ( new data = FF - old data ).

Performing this calculation on each of the bytes we obtain…

Encrypted data [ 1A ] [ 77 ] [ EC ] [ F8 ] [ B9 ] [ 01 ] [ D6 ] [ FA ] [ 14 ]

Note that the number of coins to pay out is unencrypted but its value is used in the real CMF.

Now we send that data to the hopper to pay out a coin…

Continued…

«
...
16
17
18
19
20
...
»

Summary of Contents for SCH2

Page 1: ...ithin this document Money Controls Ltd shall not incur any penalties arising out of the adherence to interpretation of or reliance on this standard Money Controls Ltd will provide full support for thi...

Page 2: ...2 Auxiliary Connector Type 15 10 21 Auxiliary Connector Pinout 15 10 3 Operation 15 10 4 Address Selection 16 10 5 Level Sense Connector 17 11 Encryption Mechanism 18 11 1 PIN Number Mechanism 20 12...

Page 3: ...29 Appendix G 59 30 Appendix H 60 30 1 Baseplate Dimensions 60 Figures Figure 1 Hopper Dimensions 7 Figure 2 SCH2 Connector 14 Figure 3 SCH2 Auxiliary Connector 15 Figure 4 Level Sense Connector 17 Fi...

Page 4: ...H2 Connector Added Un Encryption note in sections 8 and 10 5 Issue 2 3 25 th November 2003 Added section 10 5 Level Sense Connector Ammended coin sizes in section 5 3 Issue 2 4 13 th January 2003 Appe...

Page 5: ...but positioned so that it is external to any fire enclosure area within the main enclosure 4 Mechanical Description Each disc contains a number of holes in which the coins are held The disc is driven...

Page 6: ...to pay out coins in the diameter range 16 25 31 0mm and within the thickness range 1 25 3 20mm However each coin needs to be qualified on an individual coin basis For further information on qualificat...

Page 7: ...SCH2 Technical Manual TSP016 doc Issue 3 0 January 2005 Money Controls 2005 All rights reserved Page 7 of 61 6 Overall Dimensions Figure 1 Hopper Dimensions...

Page 8: ......

Page 9: ...Insert 3 x M3 5 screws DO NOT tighten Dismantle the hopper Place base over the back and push far back as possible Tighten the screws to fit the base in position 7 4 Dismantling the hopper Gently pull...

Page 10: ...omplexity of the dispense coins instruction Another benefit of multi drop serial is the ability to connect several coin hoppers to the same wiring harness or bus This greatly simplifies the cabling wi...

Page 11: ...t optos are randomly pulsed If a blockage is seen while driving the opto or a short circuit seen while not driving the opto then an alarm condition is generated During pay out if a short circuit is se...

Page 12: ...addresses default to those determined by the wiring harness but they can be changed in software to any 8 bit value User memory 10 bytes of non volatile memory are available for unrestricted use by th...

Page 13: ...ication Protocol Generic Specification for an explanation of the protocol and its implementation on any platform This product is configured as cctalk b96 p0 v24 a5 d0 c8 m0 x8 i1 r3 In other words 960...

Page 14: ...ess select 3 MSB 2 Address select 2 3 Address select 1 LSB 4 Vs 5 Vs 6 0V 7 0V 8 DATA ccTalk 9 N C 10 N C Operation can be achieved with just 3 wires 24V to pin 4 GND to pin 6 Bi directional serial da...

Page 15: ...ate Common 2 High Level Link 4 Low Level Link 6 Link Common 10 3 Operation To notify the hopper software that level plate sensors are fitted the link pins should be connected as follows Mode Connectio...

Page 16: ...Connect to Vs Pins 4 5 Address select 3 Address select 2 Address select 1 Serial Address 3 X 4 X 5 X X 6 X 7 X X 8 X X 9 X X X 10 A number of mating connectors on a multi drop bus cable may each be w...

Page 17: ...k 6 Link Common Operation To notify the hopper software that level plate sensors are fitted the link pins should be connected as follows Mode Connections High level plates only pin 2 to pin 4 Low leve...

Page 18: ...apability of the hopper microcontroller we may as well make use of it Note that the pump value does not pre set or seed the RNG as that would defeat the security mechanism but only scrambles it furthe...

Page 19: ...lso prove fruitless as there are astronomical odds against a successful code match Money Controls is realistic enough to appreciate that eventually the CMF may fall into the wrong hands whether though...

Page 20: ...n on any of the hoppers It is simple to manage though and the master PIN number is unlikely to be forgotten 3 Scramble the PIN number and store in the user memory This is quite a clever idea because i...

Page 21: ...return an ACK but will not actually change the PIN number to any other value This is a use once command As soon as a PIN number is programmed the Dispense hopper coins command will fail until this PI...

Page 22: ...t coins unpaid x 1 byte Hopper dispense count x 3 bytes Hopper life dispense count x 3 bytes along with their corresponding checksums The Last payout coins paid and Last payout coins unpaid bytes can...

Page 23: ...less of the value it was holding This is because it is assumed the host machine has dealt with the last payout sequence and taken appropriate action It is not desirable to flag unpaid coins during the...

Page 24: ...ut coins unpaid 0 6 ZERO Hopper dispense count 0 4 4 Hopper life dispense count N N 3 N 4 Coins remaining 6 In this more complicated example the hopper dispense count and the hopper life dispense coun...

Page 25: ...values Flags Refer to the Flag Action Table within the Test hopper command description Note that the Power up flag is set to indicate the power supply really was lost and the hopper defaults to multi...

Page 26: ...value payout timeout default value maximum current measured ZERO See Appendix A for default values Flags Refer to the Flag Action Table within the Test hopper command description Note that the Power...

Page 27: ...ues are in decimal Enable hopper TX 3 1 1 164 165 178 RX 1 0 3 0 252 ACK Request cipher key TX 3 0 1 160 92 RX 1 8 3 0 key 1 key 2 key 3 key 4 key 5 key 6 key 7 key 8 checksum The data bytes returned...

Page 28: ...0 baud comms is working fine Request equipment category id returns Payout Otherwise you will probably be trying to dispense a coin from an acceptor Request variable set connector address physical posi...

Page 29: ...n Write data block if good host copy exists then correct counter else Request hopper status check to see if there are residual coins after last payout If so then take the decision to pay out the balan...

Page 30: ...heck error flags are clear If error flags set then Resolve from the following error conditions Coin jam if max current exceeded Hopper empty if payout timeout Opto fraud attempt if any opto error flag...

Page 31: ...6 Read opto states Header 219 Enter new PIN number Header 218 Enter PIN number Header 217 Request payout high low status Header 216 Request data storage availability Header 215 Read data block Header...

Page 32: ...ll ccTalk message packet See the ccTalk generic specification for more details Header 252 Address clash Transmitted data none Received message variable delay slave address byte Only a single byte is r...

Page 33: ...current measured Measured with the same units as current limit The current is sampled and averaged as the motor is running and should be used as an approximate guide only This measurement can be clea...

Page 34: ...l number Transmitted data none Received data serial 1 LSB serial 2 serial 3 MSB This is a 24 bit binary serial number Prototype units return 78 97 188 in decimal 4E 61 BC in hex 12 345 678 If you work...

Page 35: ...andled automatically by the software and is performed a lot faster than polling serially Header 219 Enter new PIN number Transmitted data PIN1 PIN2 PIN3 PIN4 Received data ACK A factory fresh hopper h...

Page 36: ...of the level sensor level status Bit mask Bit 0 Low level sensor status 1 lower than low level trigger Bit 1 High level sensor status 1 higher than or equal to high level trigger Bit 2 not used Bit 3...

Page 37: ...ved data data 1 data 2 data 8 block number 0 to 3 Provides read access to the NV Memory Refer to Appendix D for details of the memory map Header 214 Write data block Transmitted data block number data...

Page 38: ...d PIN number enable etc prior to dispensing further coins When the motor is not running this command returns the payout coins remaining value without performing a reset Header 171 Request hopper coin...

Page 39: ...ess selection via PCB links B5 Address selection via switch B6 Address may be changed with serial commands volatile B7 Address may be changed with serial commands non volatile 4A hex Address stored in...

Page 40: ...he event counter must be read with the Request hopper status command and compared with the last known value For the payout to occur as intended the following conditions have to be met Valid ccTalk mes...

Page 41: ...ins unpaid The number of coins which failed to be paid out in the last Dispense hopper coins command This counter is cleared during a payout As soon as a dispense hopper coins command is received the...

Page 42: ...listed in Appendix A are normally optimal Variable set changes are volatile Any custom values are lost at power down or reset Software Design Note Future products may see some additional information s...

Page 43: ...ked permanently during payout 1 blocked B6 Power up detected 1 power up B7 Payout disabled 1 disabled The Payout timeout occurred flag is cleared prior to each dispense operation Once it has been set...

Page 44: ...random 1 random 2 random 3 random 4 random 5 random 6 random 7 random 8 Received data ACK This command pumps the random number generator of the hopper with extra random variables to make prediction o...

Page 45: ...would increase the ignored bytes by 20 Likewise a message with 15 or less would not do anything to the counter a message with 16 by 16 and a message with 252 by 252 rx bad checksums Number of messages...

Page 46: ...following recommendations are made Only operate one serial hopper at a time Never initiate a second payout sequence when one is already in progress Consider the use of signal conditioning on the seria...

Page 47: ...le Make sure the ccTalk data line has an appropriate load resistor at the host end typically 1K to 10K pull up to 5V Do not place too many peripherals on the bus consider the loading effects of each c...

Page 48: ...sion Table 5 Electrical Specification Electrical Specification Supply Voltage 24V Typical Operating Current No Load 0 35A Typical Operating Current Max Load 0 9A Surge Current Start Up and Reverse 3 6...

Page 49: ...specification EN50081 1 1992 20 22 IMMUNITY This product is compliant with EMC test specification EN50082 1 1997 20 23 SAFETY This product is compliant with EN60950 1992 Amdt A1 A2 1993 A3 1995 Safet...

Page 50: ...free the coin OR ii Push the coin back in using another coin Remove any debris from the disk bed assembly Clean the exit window opto with a clean dry cloth Re assemble as described Refill and test the...

Page 51: ...333 s 30 10s SUPVOLTS 0 2 N 0 127 Volts 188 24V 23 2 Limits The value of CURLMT cannot be set lower than 6 which corresponds to 0 35A otherwise the unit will not operate properly If a value smaller th...

Page 52: ...ave EEPROM data save time 17 ms Ifuse Absolute maximum trip current 5 A Tlevdeb Level sensor debounce time 2 s Comms reply delay Simple poll 2 ms Comms reply delay Enter PIN number correct 2 ms Comms...

Page 53: ...s 2005 All rights reserved Page 53 of 61 25 Appendix C 25 1 ccTalk Interface Circuit This is the ccTalk electronic interface circuit on SCH2 There are many options for the host interface circuit but w...

Page 54: ...Read Only 3 1 Black Box Recorder D Read Only User data 10 bytes of user data are available to the host machine for any kind of storage requirement The data can be ASCII test or binary data there is no...

Page 55: ...addition of all counter bytes and the checksum byte is zero If the software detects a checksum fail then the corresponding checksum error flag is set refer to the Test hopper command and the black bo...

Page 56: ...ader 192 Request build code X X Header 252 Address clash X X Header 172 Emergency stop X X Header 251 Address change X X Header 171 Request hopper coin X X Header 250 Address random X X Header 169 Req...

Page 57: ...4 01 00 Hopper status 02 04 01 00 Hopper status 02 03 02 00 Hopper status 02 03 02 00 Hopper status 02 02 03 00 Hopper status 02 02 03 00 Hopper status 02 01 04 00 Hopper status 02 01 04 00 Hopper sta...

Page 58: ...Hopper status 01 07 03 00 Hopper status 01 07 03 00 Hopper status 01 07 03 00 Hopper status 01 07 03 00 Hopper status 01 01 02 07 Partial result ignore Hopper status 01 00 03 07 Paid 3 coins 7 remaini...

Page 59: ...ounter or NAK Where variable 8 bytes of data This data can be 1 1 1 1 1 1 1 1 1 2 3 4 5 6 7 8 or any 8 random bytes of data NOTE The competition tend to only require 3 bytes of data to be sent which i...

Page 60: ...SCH2 Technical Manual TSP016 doc Issue 3 0 January 2005 Money Controls 2005 All rights reserved Page 60 of 61 30 Appendix H 30 1 Baseplate Dimensions Figure 6 Baseplate Dimensions...

Page 61: ...ed only to assist the reader in the use of this product and therefore Money Controls shall not be liable for any loss or damage whatsoever arising form the use of any information or particulars in or...

Reviews:

No comments

Related manuals for SCH2

Brand: IBEST Pages: 4

Brand: Stuart Pages: 28

Brand: Anly Pages: 2

Brand: Vetus Pages: 2

Brand: Quick Pages: 64

Brand: Tektronix Pages: 160

Brand: Triton Pages: 6

Brand: PRO Intellect Technology Pages: 36

Brand: ipf electronic Pages: 8

Brand: ChemoMetec Pages: 76

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands