background image

           

Enter Password 3 (the input of corresponding KEY component 3)

Input

 

PSW3

: 

 

 

 

 

3.4 The input of Authentication KEY

Authentication key is set by administrator by entering key components from PINPAD’s 

keyboard; no change is allowed after it is set. The entry of authentication key requires 

correspond password validation. Please refer to chapter 3.3 for the password entry screens. 

 

Once you    passed the password validation, the screen for key component input will appear,   

see the figure below

 

 

 

Enter AuthKEY component 1

 

Authkey compone 
nt1:(32 Hex)

 

 

 

 

 

 

 

Enter AuthKEY component 2

 

 

Authkey compone 
nt2:(32 Hex)

 

 

 

 

 

 

Enter AuthKEY component 3

 

Authkey compone 
nt3:(32 Hex)

 

 

 

 

 

 

 

After all KEY components are entered, you will be asked to enter then again for 

confirmation. 

Input again: 
(32 Hex)

 

 

 

 

 

 

 

Only if the two inputs are identical, the PINPAD will save the setting.   

 

 

 

Summary of Contents for NL-PP60

Page 1: ......

Page 2: ...The input of Master KEY Fixed KEY initial DUKPT KEY 12 3 6 PIN Entry 13 3 7 Attack Warning Message 14 4 NL PP60 command interfaces and setting 15 4 1 Reset PINPAD 15 4 1 1Command Format 15 4 1 2 Comma...

Page 3: ...password is encrypted using ANSI X9 8 standard 36 4 13 1 Command Format 36 4 13 2 Command Description 37 4 14 PIN Entry Method Two New account user entered password is encrypted using ANSI X9 8 Stand...

Page 4: ...ird party developers for secondary software development 2 Getting started 2 1 Introduction NL PP60 is a PIN Entry Device use the RS232 communication protocol security handler theft protection crust an...

Page 5: ...ling smooth lining comfort handling z 32 bit ARM core CPU large capacity memory z Multiple security systems ensuring KEY safety Support DES TDES AES128 256 extensible SHA 1 SHA 256 extensible RSA DSA...

Page 6: ...functional keys Dimension 141mm L 84 5mm W 38mm H Weight 400g Temperature 0 40 Operating environmental Humidity 30 90 Non condensing Temperature 250 55 Environmental Storage environmental Humidity 20...

Page 7: ...r end head connects to POS PC or other terminal Please see the figure below The POS End two kinds of interface a PS2 interface NL PP60 spiral cable PS2 interface male connector PIN definition RXD NC G...

Page 8: ...r of the spiral cable s PINPAD End 1 0 socket Color definition TXD red VCC green GND black GND black RXD white The serial port definition above is for the PINPAD End for example RXD means the receivin...

Page 9: ...onnect the PINPAD to specified devices only Connecting with unlicensed device may have potential safety hazard and may void your warrant PP60A connecting with NL 8200 POS 8200POS PP60A PP60B connectin...

Page 10: ...er terminals as long as they are in compliance with the PS2 RJ11 interface requirements described in chapter 2 3 2 1 Prepare a POS 2 Connect PINPAD to POS using the spiral cable 3 Turn on the POS 4 Th...

Page 11: ...based on requirements Each directory can be set with independent password which is used for controlling the key component entry of directory master KEY fixed KEY initial DUKPT KEY Authentication KEY...

Page 12: ...Please refer to chapter 3 3 for the password entry screens Once you passed the password validation the screen for key component input will appear see the figure below Enter AuthKEY component 1 Authke...

Page 13: ...press F2 then press 0 If you want to enter 1AB2 the press order is 1 F2 0 F2 1 2 Press F1 to return to number input mode from letter input mode 3 5 The input of Master KEY Fixed KEY initial DUKPT KEY...

Page 14: ...guidance of KEY component input please sees 3 4 3 6 PIN Entry The screen for PIN Entry is shown below PLS Input PIN The entered PIN will be displayed in the second line as According to user defined in...

Page 15: ...message below Dangerxxxxxxxxx xxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx is a 24 characters warning code it is the important information for the vendor to judge the attacking method So if the warning me...

Page 16: ...it 1 byte Or The head of responding 1byte data length 1 byte 0x01 error code 1byte verification bit 1 byte For normal responding head of request and responding are the same for wrong responding the he...

Page 17: ...ectory 4 2 1 Command Format Sending data CMD LEN DATA EDC 0xd6 0x01 Dir Verification Responding data CMD LEN EDC 0xd6 0x00 Verification Or responding data package CMD LEN DATA EDC 0x56 0x01 Error Code...

Page 18: ...other directory or using the reset command 4 3 UID setting 4 3 1 Command Interface Sending data CMD LEN DATA EDC 0x94 0x16 UID 16 bytes Verification UID User ID 16 bytes in plaintext which is used fo...

Page 19: ...and Interface Sending data CMD LEN ID EDC 0x95 0x01 PSW Serial number Verification ID The serial number of PSW can only be 0x01 0x02 or 0x03 these respectively identifies the PSW of the first second a...

Page 20: ...ust set the PSW in a secure environment Without the PSW the input of PED Master KEY and Authentication Key component cannot be functional Once a PSW is set it cannot be changed within the PED s lifecy...

Page 21: ...ring sensitive service authentication Error Code 0x01 Sending Data Length Field Error 0x0d EDC Error 0xff Exceptions 4 5 2 Command Description This command is a necessary step before sensitive service...

Page 22: ...f download KEY all the KEY is 16 bytes MkeyID and Mode collective make the decision about the serial number and type of download KEY Evaluate to MkeyID Mode Authcode and the download KEY type have the...

Page 23: ...ode 8 bytes Using the authentication Code is calculated by subdirectory s authentication KEY When Mode 0x83 is the subdirectory s authentication KEY Authcode is not exist Calculate method of authentic...

Page 24: ...ld random number and UID together with 0x00 to form a 8 bits data block 00 82 01 01 02 03 04 05 06 07 08 88 88 88 88 88 88 88 88 11 11 11 11 11 11 11 11 00 00 00 00 00 The detailed calculation process...

Page 25: ...8EB4656BC8 The final calculation result becomes the authentication code B5107E8EB4656BC8 which is filled into the command s authcode field Responding data CMD LEN AuthCode EDC 0x80 0x08 AuthCode Verif...

Page 26: ...hen the result becomes the Authentication Code When PINPAD received the command it firstly use this data for external authentication if successful it will install or update the KEY designated in the c...

Page 27: ...Hex Re enter component Input again 32 Hex Enter PSW2 Input PSW2 Enter component 2 Or Re enter component 2 Enter PSW3 Enter component 3 Or Input PSW3 Authkey compone nt2 32 Hex Authkey compone nt3 32 H...

Page 28: ...s 0 If you want to enter 1AB2 the press order is 1 F2 0 F2 1 2 Press F1 to return to number input mode from letter input mode 4 7 Issue NL PP66 4 7 1Command Format Sending data CMD LEN DATA EDC 0xd4 0...

Page 29: ...e Verification The content of hold field and sending order s keep file is the same Or responding data package CMD LEN DATA EDC 0x54 0x01 Error Code Verification Code error 0x01 Sending Data Length Fie...

Page 30: ...ct serial number ID also called barcode Every serial number in the PINPAD is managed by the user when initial to lead in ID 8 bytes Equipment serial number every serial number in the PINPAD is one and...

Page 31: ...erification MkeyID 1byte The Master KEY PIN encryption key MAC encryption key number is used to decrypt of working KEY WkeyID 1byte Setting updata the serial number of working KEY Key 16bytes The cont...

Page 32: ...DUKPT KEY commands Or responding data package CMD LEN DATA EDC 0x01 0x01 Error Code Verification Code error 0x01 Sending data length field Error 0x08 Auth Code Error 0x0b Sensitive service operation f...

Page 33: ...ly the 59 bits in the left side is effective the 21 bits in the right must be 0 Authcode 8 bytes Using Sub Init Key to counting counting method please see Master KEY authentication KEY fixed KEY DUKPT...

Page 34: ...4 10 2 Command Description If you successfully set the KSN the DUKPT KEY in current directory will be deleted If KSN s right most 21 bits are not 0 you cannot download such directory s DUKPT KEY In a...

Page 35: ...xff Exceptions 4 11 2 Command Description In DUKPT system current KSN is used to do the synchronization between Host and terminal current KEY Every time enter the PIN the KSN will change once So befor...

Page 36: ...KEY command Responding data CMD LEN AuthCode EDC 0x82 0x08 Verify Code 0x82 Authcode 8 bytes Using PIN MAC to counting counting method please see main KEY authentication KEY fixed KEY DUKPT KEY comma...

Page 37: ...encrypted using ANSI X9 8 standard 4 13 1 Command Format Sending data CMD LEN DATA EDC 0x83 0x12 Min Max Card number Verification Card number 16 bytes the 12 bytes in the right side is the valid card...

Page 38: ...or 0xff Exceptions 4 13 2 Command Description User gets promoted from the LCD for entering account password PIN After the PIN is entered and the confirm key is pressed the PINPAD will use the Card Num...

Page 39: ...ess the keys to enter PIN support 0 9 number button the PIN has been Each key press for the PIN Entry will give a Beep as a reminder If you want to delete the last entered character press backspace if...

Page 40: ...a is CMD LEN DATA EDC 0x04 0x01 Error Code Verification Error Code 0x01 Sending Data Length Field Error 0x08 Auth Error Code 0x0b Sensitive service operation frequency protect is exceeded or UID is no...

Page 41: ...ion Key When entering account password user cannot cannel that operation only main host can send command to cancel PIN Entry For protecting against exhaustion PIN attack the number of PIN Entry attemp...

Page 42: ...ry press enter After the Entry completes the LCD backlight and green LED will turn off The user can choose the function of re enter the PIN see below If you want to delete the last entered character p...

Page 43: ...cryption DUKPT Key s such field is invalid Len Calculating the length of data for MAC encryption calculating Must be in multiples of 8 Data Len length byte The data needs the MAC KEY Mode single byte...

Page 44: ...ration frequency protect is exceeded or UID is not sett or authentication timeoutis reached PED is locked 0x0d EDC Error 0x61 The selected MAC encryption key does not exist 0x62 Mode Error 0x81 Mode E...

Page 45: ...he source of AuthCode 8 byte the authentication code is calculated by using subdirectory s authentication key download method please see Master KEY authentication KEY fixed KEY DUKPT KEY command Respo...

Page 46: ...ld length Error 0x08 Auth Code Error 0x0d EDC Error 0xd1 No this Log record 4 17 2 Command Description PINPAD s random number needs to be retrieved before this executing this command for generating Au...

Page 47: ...and destroy them together 5 2 Maintenance Instruction Normally PINPAD does not require special maintenance but keeping its surface clean Use dry towels to clean the PINPAD Avoid water drops into the P...

Page 48: ...ace of prying z Key missing z Cable damages 5 3 2 Brittle paper Identification At the back of the PINPAD there is a quadrate mall hole which is for the buzzer There are also two brittle papers at the...

Page 49: ...ode 0x0b when downloading the Work Key All retries result in the same Error Code A PINPAD has a limit on the download frequency of Work Key if the limit is exceeded Work Key download will be suspended...

Reviews: