Advanced Card Systems Ltd. ACR3901T-W1 Скачать руководство пользователя

Страница: 1 / 100

Subject to change without prior notice

[email protected]

www.acs.com.hk

Reference Manual V1.02

ACR3901T-W1

ACS Secure Bluetooth

Contact Card Reader

Содержание ACR3901T-W1

Страница 1: ...Subject to change without prior notice info acs com hk www acs com hk Reference Manual V1 02 ACR3901T W1 ACS Secure Bluetooth Contact Card Reader...

Страница 2: ...g API Updated Section 6 1 3 Authentication Updated Section 6 1 5 Bluetooth Communication Protocol Updated Section 6 1 5 1 Card Power On Updated Section 6 1 5 2 Card Power Off Updated Section 6 1 5 3 G...

Страница 3: ...ds 12 5 5 5 Card Tearing Protection 12 6 0 Software Design 13 6 1 Bluetooth Communication Protocol 13 6 1 1 Bluetooth Connection Program Flow 13 6 1 2 Profile Selection 14 6 1 3 Authentication 16 6 1...

Страница 4: ...Memory Card SLE 4404 89 7 2 9 Memory Card AT88SC101 AT88SC102 AT88SC1003 93 Appendix A Error Codes 100 List of Figures Figure 1 ACR3901T W1 Architecture 8 Figure 2 Bluetooth Connection Flow 13 Figure...

Страница 5: ...00 Universal Serial Bus Common Class Specification 1 0 December 16 1997 Universal Serial Bus Device Class Smart Card CCID Specification for Integrated Circuit s Cards Interface Devices Revision 1 1 Ap...

Страница 6: ...PS Protocol and Parameters Selection Features Short Circuit Protection Supports AES 128 encryption algorithm Application Programming Interface o Supports PC SC o Supports CT API through wrapper on top...

Страница 7: ...the default parameters F 372 D 1 For the meaning of the aforementioned parameters please refer to ISO 7816 3 3 2 Memory based Smart Cards ACR3901T W1 works with several memory based smart cards such a...

Страница 8: ...Page 8 of 100 4 0 System Block Diagram Figure 1 ACR3901T W1 Architecture ACR3901T W1 Battery Charge Management IC MCU Bluetooth External devices e g computer or mobile phone LEDs SAM card Rechargeable...

Страница 9: ...ry life The battery life is dependent on the usage of the device Below is an estimate of the battery life depending on the various work conditions Mode Estimated Battery Life Working Mode 4 days 1 Sta...

Страница 10: ...on 1 VBUS 5 V power supply for the reader 2 D Differential signal transmits data between ACR3901T W1 and computer 3 D Differential signal transmits data between ACR3901T W1 and computer 4 GND Referenc...

Страница 11: ...ere Red LED Battery status Blue LED Card and reader status under Bluetooth mode Green LED Card and reader status under USB mode Color LED Activity Status Red On The battery is charging will turn OFF a...

Страница 12: ...cludes both the memory cards and MCU based cards For MCU based cards the reader allows to select the preferred protocol T 0 or T 1 However this selection is only accepted and carried out by the reader...

Страница 13: ...Protocol 6 1 1 Bluetooth Connection Program Flow The program flow of a Bluetooth connection is shown below Figure 2 Bluetooth Connection Flow Yes No Bluetooth Start Reset Power up Successful Connecti...

Страница 14: ...fy the paired device through a specific pipe To simplify the battery levels are divided into three groups Below is a table summarizing the battery level and its corresponding return value Status Volta...

Страница 15: ...UMBER_OF_PIPES 10 define PIPE_GAP_DEVICE_NAME_SET is used to change the device name at runtime by the application controller So that in Bluetooth mode the advertising name will be in the format of ACR...

Страница 16: ...bridging device for simplicity and better illustration Figure 4 Authentication Procedure After successful authentication a 16 byte Session Key is generated in both ACR3901T W1 and the data server Def...

Страница 17: ...ntication was introduced to avoid man in the middle attacks through the Bluetooth communication channel After a successful mutual authentication the Bluetooth Frame Format in Table 6 will be encrypted...

Страница 18: ...thenticated Paired device Peripheral Commands 70h Connected Authenticated Paired device SPH_to_RDR_ReqAuth 71h Connected Authenticated Paired device SPH_to_RDR_AuthRsp Table 8 Command Code Summary Com...

Страница 19: ...r of extra bytes starting from the next field for this message and is expressed in two bytes long and LEN1 is LSB while LEN2 is MS 3 N byte ATR N Card Answer To Reset 3 N CSUM wChecksum 1 CSUM means t...

Страница 20: ...d Size Value Description 0 bMessageType 1 13h 1 LEN1 LEN2 wLength 2 0100h Number of extra bytes starting from the next field for this message and is expressed in two bytes long and LEN1 is LSB while L...

Страница 21: ...XOR values of all bytes in the command Response Data Format Error Offset Field Size Value Description 0 bMessageType 1 94h 1 LEN1 LEN2 wLength 2 0200h Number of extra bytes starting from the next fie...

Страница 22: ...ssageType 1 11h 1 LEN1 LEN2 wLength 2 Number of extra bytes starting from the next field for this message and is expressed in two bytes long and LEN1 is LSB while LEN2 is MSB 3 APDU Response N APDU Fo...

Страница 23: ...1 is LSB while LEN2 is MSB Maximum length is 263 3 Data Param 1 Parameter Short APDU level 00h default Extended APDU level 00h the command APDU begins and ends with this command 01h the command APDU b...

Страница 24: ...and ends the response APDU 03h this Data field continues the response APDU and another block is to follow 10h empty Data field continuation of the command APDU is expected in the next Command 4 APDU...

Страница 25: ...eans the XOR values of all bytes in the command Example Sends 600 bytes data to the card 1 Command 67 07 01 01 261 bytes data checksum Response 17 02 00 10 checksum 2 Command 67 07 01 03 261 bytes dat...

Страница 26: ...m 1 CSUM means the XOR values of all bytes in the command Response Data Format Offset Field Size Value Description 0 bMessageType 1 15h Escape Response Header 1 LEN1 LEN2 wLength 2 Number of extra byt...

Страница 27: ...l info acs com hk Version 1 02 www acs com hk Page 27 of 100 Offset Field Size Value Description 3 Error Code bErrorCode 1 Error Code Refer to Appendix A 4 CSUM wChecksum 1 CSUM means the XOR values o...

Страница 28: ...ucture for protocol T 0 01h Structure for protocol T 1 4 ProtocolDataStructure N Protocol Data Structure 4 N CSUM wChecksum 1 CSUM means the XOR values of all bytes in the command Response Data Format...

Страница 29: ...WI for T 0 used to define WWT 8 bClockStop 1 ICC Clock Stop Support 00h Stopping the Clock is not allowed 01h Stop with Clock signal Low 02h Stop with Clock signal High 03h Stop with Clock either High...

Страница 30: ...allowed 01h Stop with Clock signal Low 02h Stop with Clock signal High 03h Stop with Clock either High or Low 9 bIFSC 1 Size of negotiated IFSC 10 bNadValue 1 00h Only support NAD 00h Example T0 prot...

Страница 31: ...e 10 Summary of Mutual Authentication Commands 6 1 6 1 SPH_to_RDR_ReqAuth This command will request the ACR3901T W1 to perform authentication with the paired key generating device After a successful a...

Страница 32: ...ld Size Value Description Encrypted 0 bMessageType 1 20h No 1 LEN1 LEN2 wLength 2 1100h Number of extra bytes starting from the next field for this message and is expressed in two bytes long and LEN1...

Страница 33: ...W1 using this command in order to have a successful authentication For more information on the authentication process please refer to Authentication Offset Field Size Value Description Encrypted 0 bM...

Страница 34: ...Encrypted 0 bMessageType 1 21h No 1 LEN1 LEN2 wLength 2 1100h Number of extra bytes starting from the next field for this message and is expressed in two bytes long and LEN1 is LSB while LEN2 is MSB...

Страница 35: ...um wherein each byte will be encrypted with the Session Key which is generated after mutual authentication using the AES128 CBC cipher mode The initial vector is 16bytes of 00h in AES 128 CBC cipher m...

Страница 36: ...ill be encrypted and transmitted after a successful mutual authentication Offset Field Size Value Description Encrypted 0 bMessageType 1 22h No 1 LEN1 LEN2 wLength 2 The number of extra bytes starting...

Страница 37: ...nds sent to ACR3901T W1 have to be sent synchronously e g bMaxCCIDBusySlots is equal to 01h for ACR3901T W1 The ACR3901T W1 supported CCID features are indicated in its Class Descriptor Offset Field S...

Страница 38: ...ding to parameters Automatic baud rate change according to frequency and FI DI parameters Short and Extended APDU level exchange 44 dwMaxCCIDMessageLength 4 Maximum message length accepted by ACR3901T...

Страница 39: ...message and the data returned is the Answer to Reset ATR data 6 2 1 2 PC_to_RDR_IccPowerOff This command deactivates the card slot Offset Field Size Value Description 0 bMessageType 1 63h 1 dwLength 4...

Страница 40: ...command APDU begins with this command and continues in the next PC_to_RDR_XfrBlock 0002h the abData field continues a command APDU and ends the APDU command 0003h the abData field continues a command...

Страница 41: ...wLength 4 Size of extra bytes of this message 5 bSlot 1 Identifies the slot number for this command 6 bSeq 1 Sequence number for command 7 bProtocolNum 1 Specifies what protocol data structure follows...

Страница 42: ...escription 10 bmFindexDindex 1 B7 4 FI Index into the table 7 in ISO IEC 7816 3 1997 selecting a clock rate conversion factor B3 0 DI Index into the table 8 in ISO IEC 7816 3 1997 selecting a baud rat...

Страница 43: ...tures Offset Field Size Value Description 0 bMessageType 1 6Bh 1 dwLength 4 Size of abData field of this message 5 bSlot 1 Identifies the slot number for this command 6 bSeq 1 Sequence number for comm...

Страница 44: ...1 9 bChainParameter 1 Short APDU level RFU 00h Extended APDU level 00h the response APDU begins and ends in this command 01h the response APDU begins with this command and is to continue 02h this abDa...

Страница 45: ...rs and PC_to_RDR_SetParameters messages Offset Field Size Value Description 0 bMessageType 1 82h 1 dwLength 4 Size of extra bytes of this message 5 bSlot 1 Same value as in Bulk OUT message 6 bSeq 1 S...

Страница 46: ...ue Description 0 bMessageType 1 83h 1 dwLength 4 Size of extra bytes of this message 5 bSlot 1 Same value as in Bulk OUT message 6 bSeq 1 Same value as in Bulk OUT message 7 bStatus 1 Slot status regi...

Страница 47: ...ique serial number of the reader Command Format Offset Field Size Value Description 0 abData1 CommandCode 1 02h Command Code of Get Serial Number 1 Len CommandLength 1 00h Number of extra bytes of dat...

Страница 48: ...th mode only Command Format Offset Field Size Value Description 0 abData1 CommandCode 1 03h Command Code of Get Random Number 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response...

Страница 49: ...of Get Firmware Version 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2 ResponseCode 1 84h Response Code of Get Firmware...

Страница 50: ...mmand Code of Rewrite Master Key 1 Len CommandLength 1 20h Number of extra bytes of data 2 Data 32 Combine the random number KeyRstRnd 0 15 encrypted by original Customer Master Key 16 byte of new Cus...

Страница 51: ...ld Size Value Description 0 abData1 CommandCode 1 0Dh Command Code of Sleep Mode Option 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h 60 seconds Default 01h 90 seconds 02h 120 s...

Страница 52: ...ion 0 abData1 CommandCode 1 0Eh Command Code of Get Device Address 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2 Respon...

Страница 53: ...mand Code of Set Tx Power 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h 18 dBm Default Distance 4 meters 01h 12 dBm Distance 7 meters 02h 6 dBm Distance 16 meters 03h 0 dBm Dist...

Страница 54: ...dCode 1 09h Command Code of Read Tx Power 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2 ResponseCode 1 89h Response Cod...

Страница 55: ...ize Value Description 0 abData1 CommandCode 1 1Ah Command Code of Set Card Reset Simulation Option 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h Disable 01h Enable Response Form...

Страница 56: ...Size Value Description 0 abData1 CommandCode 1 1Ah Command Code of Get Card Reset Simulation Option 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size V...

Страница 57: ...1 CommandCode 1 18h Command Code of Set Card Response Time Interval 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h 0s 01h 500 ms 02h 1000 ms 03h 1500 ms Default 04h 2000 ms 05h 2...

Страница 58: ...ion 0 abData1 CommandCode 1 19h Command Code of Get Card Response Time Interval 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 a...

Страница 59: ...cription 0 abData1 CommandCode 1 1Bh Command Code of Check button status 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2...

Страница 60: ...1 Generate random number Customer Master Key Reset Request 0F 00 Customer Master Key Reset Command Response 8F 10 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 2 Encrypt the random number and new cu...

Страница 61: ...ommand Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 01h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 9...

Страница 62: ...address location of the memory card MEM_L Length of data to be read from the memory card Response Data Format abData field in the RDR_to_PC_DataBlock BYTE 1 BYTE N SW1 SW2 Where BYTE x Data read from...

Страница 63: ...ACR3901T W1 Reference Manual info acs com hk Version 1 02 www acs com hk Page 63 of 100 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 64: ...field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 02h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7...

Страница 65: ...kilobit iic card where is the MSB of the 17 bit addressing Byte Address Memory address location of the memory card MEM_L Length of data to be read from the memory card Response Data Format abData fie...

Страница 66: ...Page 66 of 100 Byte Address Memory address location of the memory card MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format abData f...

Страница 67: ...ormat abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 03h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if...

Страница 68: ...ddress location of the memory card MEM_L Length of data to be written to the memory card MEM_D Data to be written to the memory card Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW...

Страница 69: ...7 2 3 5 INITIALIZE_AUTHENTICATION Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Q 0 Q 1 Q 7 FFh 84h 00h 00h 08h Where Q 0 Q 1 Q 7 Host random number 8 bytes Respon...

Страница 70: ...DU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 04h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 4 2 READ_MEMORY_CARD Command Format abDa...

Страница 71: ...e memory address location of the memory card 1000 0000b for writing fuse MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format abData...

Страница 72: ...5 INITIALIZE_AUTHENTICATION Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Q 0 Q 1 Q 7 FFh 84h 00h 00h 08h Where Byte Address Memory address location of the memory...

Страница 73: ...ACR3901T W1 Reference Manual info acs com hk Version 1 02 www acs com hk Page 73 of 100 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 74: ...ld in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 05h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 5...

Страница 75: ...d is locked exceeded the maximum number of retries Other values indicate that the last verification has failed DUMMY Two bytes dummy data read from the card SW1 SW2 90 00h if no error 7 2 5 4 READ_PRO...

Страница 76: ...TE x in the response data 0 byte is write protected 1 byte can be written 7 2 5 5 WRITE_MEMORY_CARD Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS Byte Address MEM_L Byte 1...

Страница 77: ...g at Byte Address BYTE 1 is compared with the data at Byte Address BYTE N is compared with the data at Byte Address N 1 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 S...

Страница 78: ...Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 ErrorCnt 90h Where SW1 90h SW2 ErrorCnt Error Counter FFh indicates successful verification 00h indicates that the password is locked or ex...

Страница 79: ...C specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 06h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 S...

Страница 80: ...r 07h indicates that the last verification is correct 00h indicates that the password is locked exceeded the maximum number of retries Other values indicate that the last verification has failed DUMMY...

Страница 81: ...location of the memory card MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Whe...

Страница 82: ...2 card the following actions are executed 1 Search a 1 bit in the presentation error counter and write the bit to 0 2 Present the specified code to the card 3 Try to erase the presentation error count...

Страница 83: ...d The current secret code must have been presented to the card with the PRESENT_CODE command prior to the execution of this command Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CL...

Страница 84: ...specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 07h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2...

Страница 85: ...to the card Backup bit is enabled to prevent data loss when card tearing occurs d Write with carry and backup enabled SLE 4436 SLE 5536 and SLE 6636 only The byte value specified in the command is wri...

Страница 86: ...RDR_XfrBlock Pseudo APDU CLA INS P1 P2 MEM_L CODE ADDR Byte 1 Byte 2 Byte 3 FFh 20h 00h 00h 04h 09h Where ADDR Byte address of the presentation counter in the card CODE Three bytes secret code PIN Res...

Страница 87: ...g 80h Key 1 with cipher block chaining SLE 5536 and SLE 6636 only 81h Key 2 with cipher block chaining SLE 5536 and SLE 6636 only CLK_CNT Number of CLK pulses to be supplied to the card for the comput...

Страница 88: ...ACR3901T W1 Reference Manual info acs com hk Version 1 02 www acs com hk Page 88 of 100 the first authentication bit read from the card SW1 SW2 90 00h if no error...

Страница 89: ...SC specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01 08h Response Data Format abData field in the RDR_to_PC_DataBlock SW1...

Страница 90: ...yte Address Memory address location of the memory card MEM_L Length of data to be written to the memory card BYTE Byte value to be written to the card Response Data Format abData field in the RDR_to_P...

Страница 91: ...r counter The User Error Counter can be erased when the submitted code is correct Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS Error Counter LEN Byte Address MEM_L CODE By...

Страница 92: ...t to 0 3 Erase the presentation error counter Please note that Memory Error Counter cannot be erased Command Format abData field in the PC_to_RDR_XfrBlock Response Data Format abData field in the RDR_...

Страница 93: ...refer to PC SC specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 09h Response Data Format abData field in the RDR_to_PC_Da...

Страница 94: ...e Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 9 4 ERASE_NON_APPLICATION_ZONE This command is used to erase the data in Non Application Zones The EE...

Страница 95: ...6 AT88SC1003 To erase the data in Application Zone 3 The following actions are executed for this command 1 Present the specified code to the card a Erase the presentation error counter The data in cor...

Страница 96: ...d in the following cases 1 AT88SC101 To erase the data in Application Zone with EC Function Enabled 2 AT88SC102 To erase the data in Application Zone 2 with EC2 Function Enabled 3 AT88SC1003 To erase...

Страница 97: ...FY_SECURITY_CODE This command is used to submit Security Code 2 bytes to the inserted card Security Code is to enable the memory access of the card The following actions are executed 1 Present the spe...

Страница 98: ...mmand Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS Error Counter LEN Byte Address MEM_L CODE Fuse Bit Addr High Fuse Bit Addr Low State of FUS Pin State of RST Pin FFh 05h 00h 00h...

Страница 99: ...ACR3901T W1 Reference Manual info acs com hk Version 1 02 www acs com hk Page 99 of 100 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 100: ...9h Exceeded max authentication retry failure 0Ah T1 Card operation error Table 11 Error Code Android is a trademark of Google Inc Atmel is a registered trademark of Atmel Corporation or its subsidiari...

Результаты поиска

Содержание ACR3901T-W1

Отзывы:

Похожие инструкции для ACR3901T-W1

Бренды по названию

Популярные бренды

Advanced Card Systems Ltd. ACR3901T-W1, Справочное руководство

Результаты поиска

Содержание ACR3901T-W1

Отзывы:

Похожие инструкции для ACR3901T-W1

Бренды по названию

Популярные бренды