Advanced Card Systems ACR3901U-S1 Скачать руководство пользователя страница 91

Страница: 91 / 96

ACR3901U-S1 – Reference Manual

[email protected]

Version 1.09

www.acs.com.hk

Page 91 of 96

Response Data Format (

abData

field in the

RDR_to_PC_DataBlock

)

SW1

SW2

Where:

SW1 SW2

= 90 00h if no error

7.2.9.5.

ERASE_APPLICATION_ZONE_WITH_ERASE

This command can be used in the following cases:

1. AT88SC101: To erase the data in Application Zone with EC Function Disabled.

2. AT88SC102: To erase the data in Application Zone 1.

3. AT88SC102: To erase the data in Application Zone 2 with EC2 Function Disabled.

4. AT88SC1003: To erase the data in Application Zone 1.

5. AT88SC1003: To erase the data in Application Zone 2 with EC2 Function Disabled.

6. AT88SC1003: To erase the data in Application Zone 3.

The following actions are executed for this command:

1. Present the specified code to the card.

a. Erase the presentation error counter. The data in corresponding Application Zone can be

erased when the submitted code is correct.

Command Format (

abData

field in the

PC_to_RDR_XfrBlock

)

Pseudo-APDU

CLA

INS

Error

Counter LEN

Byte

Address

MEM_L

CODE

Byte 1

Byte 2

…

Byte N

FFh

20h

00h

Where:

Error Counter LEN

Length of presentation error counter in bits. The value should be 00h
always.

Byte Address

Byte address of the Application Zone Key in the card. Please refer to
the table below for the correct value.

Byte

Address

LEN

AT88SC101: Erase Application Zone with
EC function disabled

96h

04h

AT88SC102: Erase Application Zone 1

56h

06h

AT88SC102: Erase Application Zone 2 with
EC2 function disabled

9Ch

04h

AT88SC1003: Erase Application Zone 1

36h

06h

AT88SC1003: Erase Application Zone 2
with EC2 function disabled

5Ch

04h

Содержание ACR3901U-S1

Страница 1: ...Subject to change without prior notice info acs com hk www acs com hk Reference Manual V1 10 ACR3901U S1 ACS Secure Bluetooth Contact Card Reader...

Страница 2: ...pdated Section 6 5 5 4 Rewrite Master Key Command Updated Section 6 6 Mutual Authentication Table 1 02 2016 09 16 Updated Product Photo Updated Product Marketing Name Updated command examples with inc...

Страница 3: ...oth Communication Protocol Added Section 6 5 5 APDU2 Command From FW v1 20 and later Updated Section 7 1 4 PC_to_RDR_XfrBlock Updated Section 7 2 1 RDR_to_PC_DataBlock 1 07 2018 12 17 Updated Formatti...

Страница 4: ...5 5 5 Card Tearing Protection 13 6 0 Software Design 14 6 1 Bluetooth Communication Protocol 14 6 1 1 Bluetooth Connection Program Flow 14 6 1 2 Profile Selection 15 6 1 3 Authentication 17 6 1 4 Fram...

Страница 5: ...01U S1 Architecture 9 Figure 2 Bluetooth Connection Flow 14 Figure 3 nRFgo Studio GATT Setting Interface 15 Figure 4 Authentication Procedure 17 List of Tables Table 1 Symbols and Abbreviations 6 Tabl...

Страница 6: ...o referred to as the USB specification April 27 2000 Universal Serial Bus Common Class Specification 1 0 December 16 1997 Universal Serial Bus Device Class Smart Card CCID Specification for Integrated...

Страница 7: ...s Selection Features Short Circuit Protection Supports AES 128 encryption algorithm Application Programming Interface o Supports PC SC o Supports CT API through wrapper on top of PC SC Built in Periph...

Страница 8: ...the default parameters F 372 D 1 For the meaning of the aforementioned parameters please refer to ISO 7816 3 3 2 Memory based Smart Cards ACR3901U S1 works with several memory based smart cards such a...

Страница 9: ...k Version 1 09 www acs com hk Page 9 of 96 4 0 System Block Diagram Figure 1 ACR3901U S1 Architecture ACR3901U S1 Power Management MCU Bluetooth Mobile device or Computer LEDs Full sized Card Recharge...

Страница 10: ...n Bluetooth mode run 10 operations per day with 1 minute operation run 2 In Bluetooth mode set sleep time as 60 seconds and wake up once per day 5 2 Bluetooth Interface ACR3901U S1 uses Bluetooth Low...

Страница 11: ...data packet size is 64 bytes Bulk IN For response to be sent from ACR3901U S1 to host data packet size is 64 bytes Interrupt IN For card status message to be sent from ACR3901U S1 to host data packet...

Страница 12: ...and PC On Card is connected and powered on Table 5 Status LED Note When red blue and green LEDs are OFF the reader is powered off Both blue and green LEDs will light for 1 second and then will turn o...

Страница 13: ...type regardless of the protocol type selected by the application 5 5 4 Interface for Microcontroller based Cards For microcontroller based smart cards only the contacts C1 VCC C2 RST C3 CLK C5 GND and...

Страница 14: ...Protocol 6 1 1 Bluetooth Connection Program Flow The program flow of a Bluetooth connection is shown below Figure 2 Bluetooth Connection Flow Yes No Bluetooth Start Reset Power up Successful Connectio...

Страница 15: ...he paired device through a specific pipe To simplify the battery levels are divided into three groups below is a table summarizing the battery level and its corresponding return value Status Voltage R...

Страница 16: ...NUMBER_OF_PIPES 10 define PIPE_GAP_DEVICE_NAME_SET is used to change the device name at runtime by the application controller So that in Bluetooth mode the advertising name will be in the format of AC...

Страница 17: ...g device for simplicity and better illustration Figure 4 Authentication Procedure After successful authentication a 16 byte Session Key is generated in both ACR3901U S1 and the data server Default Cus...

Страница 18: ...ntication was introduced to avoid man in the middle attack through the Bluetooth communication channel After a successful mutual authentication the Bluetooth Frame Format in Table 7 will be encrypted...

Страница 19: ...nticated Paired device Peripheral Commands 70h Connected Authenticated Paired device SPH_to_RDR_ReqAuth 71h Connected Authenticated Paired device SPH_to_RDR_AuthRsp Table 9 Command Code Summary Comman...

Страница 20: ...er of extra bytes starting from the next field for this message It is expressed in two bytes long LEN1 is LSB while LEN2 is MSB 3 N byte ATR N Card Answer To Reset 3 N CSUM wChecksum 1 CSUM means the...

Страница 21: ...Size Value Description 0 bMessageType 1 13h 1 LEN1 LEN2 wLength 2 0100h Number of extra bytes starting from the next field for this message It is expressed in two bytes long LEN1 is LSB while LEN2 is...

Страница 22: ...XOR values of all bytes in the command Response Data Format Error Offset Field Size Value Description 0 bMessageType 1 94h 1 LEN1 LEN2 wLength 2 0200h Number of extra bytes starting from the next fiel...

Страница 23: ...sageType 1 11h 1 LEN1 LEN2 wLength 2 Number of extra bytes starting from the next field for this message It is expressed in two bytes long LEN1 is LSB while LEN2 is MSB 3 APDU Response N APDU Format D...

Страница 24: ...1 is LSB while LEN2 is MSB Maximum length is 263 3 Data Param 1 Parameter Short APDU level 00h default Extended APDU level 00h the command APDU begins and ends with this command 01h the command APDU b...

Страница 25: ...and ends the response APDU 03h this Data field continues the response APDU and another block is to follow 10h empty Data field continuation of the command APDU is expected in the next Command 4 APDU...

Страница 26: ...eans the XOR values of all bytes in the command Example Sends 600 bytes data to the card 1 Command 67 07 01 01 261 bytes data checksum Response 17 02 00 10 checksum 2 Command 67 07 01 03 261 bytes dat...

Страница 27: ...m 1 CSUM means the XOR values of all bytes in the command Response Data Format Offset Field Size Value Description 0 bMessageType 1 15h Escape Response Header 1 LEN1 LEN2 wLength 2 Number of extra byt...

Страница 28: ...al info acs com hk Version 1 09 www acs com hk Page 28 of 96 Offset Field Size Value Description 3 Error Code bErrorCode 1 Error Code Refer to Appendix A 4 CSUM wChecksum 1 CSUM means the XOR values o...

Страница 29: ...l bytes in the command Response Data Format Offset Field Size Value Description 0 bMessageType 1 16h Escape Response Header 1 LEN1 LEN2 wLength 2 Number of extra bytes starting from the next field for...

Страница 30: ...ength 0900h Offset Field Size Value Description 4 bmFindexDindex 1 B7 4 FI Index into the table 7 in ISO IEC 7816 3 1997 selecting a clock rate conversion factor B3 0 DI Index into the table 8 in ISO...

Страница 31: ...ersion 1 09 www acs com hk Page 31 of 96 Example T0 protocol Request 61 07 00 00 11 00 00 0A 00 7D Response 16 07 00 00 11 00 00 0A 00 0A Example T1 protocol Request 61 09 00 01 96 10 00 45 00 FE 00 5...

Страница 32: ...H_AuthRsp2 22h Authenticated Reader RDR_to_SPH_DataRsp Table 11 Summary of Mutual Authentication Commands 6 1 6 1 SPH_to_RDR_ReqAuth This command will request ACR3901U S1 to perform authentication wit...

Страница 33: ...ield Size Value Description Encrypted 0 bMessageType 1 20h No 1 LEN1 LEN2 wLength 2 1100h Number of extra bytes starting from the next field for this message It is expressed in two bytes long LEN1 is...

Страница 34: ...1U S1 using this command in order to have a successful authentication For more information on the authentication process please refer to Authentication Offset Field Size Value Description Encrypted 0...

Страница 35: ...on Encrypted 0 bMessageType 1 21h No 1 LEN1 LEN2 wLength 2 1100h Number of extra bytes starting from the next field for this message It is expressed in two bytes long LEN1 is LSB while LEN2 is MSB No...

Страница 36: ...wherein each byte will be encrypted with the Session Key which is generated after mutual authentication using the AES128 CBC cipher mode The initial vector is 16bytes of 00h in AES 128 CBC cipher mod...

Страница 37: ...will be encrypted and transmitted after a successful mutual authentication Offset Field Size Value Description Encrypted 0 bMessageType 1 22h No 1 LEN1 LEN2 wLength 2 The Number of extra bytes starti...

Страница 38: ...s sent to ACR3901U S1 have to be sent synchronously e g bMaxCCIDBusySlots is equal to 01h for ACR3901U S1 The ACR3901U S1 supported CCID features are indicated in its Class Descriptor Offset Field Siz...

Страница 39: ...rs Automatic baud rate change according to frequency and FI DI parameters TPDU level change with ACR3901U S1 44 dwMaxCCIDMessageLength 4 Maximum message length accepted by ACR3901U S1 is 271 bytes 48...

Страница 40: ...essage and the data returned is the Answer to Reset ATR data 6 2 1 2 PC_to_RDR_IccPowerOff This command deactivates the card slot Offset Field Size Value Description 0 bMessageType 1 63h 1 dwLength 4...

Страница 41: ...this command 0001h the command APDU begins with this command and continues in the next PC_to_RDR_XfrBlock 0002h the abData field continues a command APDU and ends the APDU command 0003h the abData fi...

Страница 42: ..._to_PC_Parameters message 6 2 1 7 PC_to_RDR_SetParameters This command sets slot parameters Offset Field Size Value Description 0 bMessageType 1 61h 1 dwLength 4 Size of extra bytes of this message 5...

Страница 43: ...I for T 0 used to define WWT 14 bClockStop 1 ICC Clock Stop Support 00h Stopping the Clock is not allowed 01h Stop with Clock signal Low 02h Stop with Clock signal High 03h Stop with Clock either High...

Страница 44: ...otiated IFSC 16 bNadValue 1 00h Only support NAD 00h The response to this message is the RDR_to_PC_Parameters message 6 2 1 8 PC_to_RDR_Escape This command accesses extended features Offset Field Size...

Страница 45: ...9 bChainParameter 1 Short APDU level RFU 00h Extended APDU level 00h the response APDU begins and ends in this command 01h the response APDU begins with this command and is to continue 02h this abDat...

Страница 46: ...rs and PC_to_RDR_SetParameters messages Offset Field Size Value Description 0 bMessageType 1 82h 1 dwLength 4 Size of extra bytes of this message 5 bSlot 1 Same value as in Bulk OUT message 6 bSeq 1 S...

Страница 47: ...e Description 0 bMessageType 1 83h 1 dwLength 4 Size of extra bytes of this message 5 bSlot 1 Same value as in Bulk OUT message 6 bSeq 1 Same value as in Bulk OUT message 7 bStatus 1 Slot status regis...

Страница 48: ...e serial number of the reader Command Format Offset Field Size Value Description 0 abData1 CommandCode 1 02h Command Code of Write Serial Number 1 Len CommandLength 1 00h Number of extra bytes of data...

Страница 49: ...e for Bluetooth Mode Only Command Format Offset Field Size Value Description 0 abData1 CommandCode 1 03h Command Code of Get Random Number 1 Len CommandLength 1 00h Number of extra bytes of data 2 Dat...

Страница 50: ...and Code of Get Firmware Version 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2 ResponseCode 1 84h Response Code of Get...

Страница 51: ...Command Code of Rewrite Master Key 1 Len CommandLength 1 20h Number of extra bytes of data 2 Data 32 Combine the random number KeyRstRnd 0 15 encrypted by original Customer Master Key 16 byte of new...

Страница 52: ...Field Size Value Description 0 abData1 CommandCode 1 0Dh Command Code of Sleep Mode Option 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h 60 seconds Default 01h 90 seconds 02h 1...

Страница 53: ...escription 0 abData1 CommandCode 1 0Eh Command Code of Get Device Address 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2...

Страница 54: ...and Code of Set Tx Power 1 Len CommandLength 1 01h Number of extra bytes of data 2 Data 1 00h 18 dBm Default Distance 4 meters 01h 12 dBm Distance 7 meters 02h 6 dBm Distance 16 meters 03h 0 dBm Dista...

Страница 55: ...dCode 1 09h Command Code of Read Tx Power 1 Len CommandLength 1 00h Number of extra bytes of data 2 Data 0 Response Format Offset Field Size Value Description 0 abData2 ResponseCode 1 89h Response Cod...

Страница 56: ...Generate random number Customer Master Key Reset Request 0F 00 Customer Master Key Reset Command Response 8F 10 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 2 Encrypt the random number and new cus...

Страница 57: ...Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 01h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2...

Страница 58: ...address location of the memory card MEM_L Length of data to be read from the memory card Response Data Format abData field in the RDR_to_PC_DataBlock BYTE 1 BYTE N SW1 SW2 Where BYTE x Data read from...

Страница 59: ...ACR3901U S1 Reference Manual info acs com hk Version 1 09 www acs com hk Page 59 of 96 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 60: ...ta field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 02h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 61: ...kilobit iic card where is the MSB of the 17 bit addressing Byte Address Memory address location of the memory card MEM_L Length of data to be read from the memory card Response Data Format abData fie...

Страница 62: ...Page 62 of 96 Byte Address Memory address location of the memory card MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format abData fi...

Страница 63: ...rmat abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 03h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if...

Страница 64: ...ddress location of the memory card MEM_L Length of data to be written to the memory card MEM_D Data to be written to the memory card Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW...

Страница 65: ...7 2 3 5 INITIALIZE_AUTHENTICATION Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Q 0 Q 1 Q 7 FFh 84h 00h 00h 08h Where Q 0 Q 1 Q 7 Host random number 8 bytes Respon...

Страница 66: ...ock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 04h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 4 2 READ_MEMORY_CARD Comman...

Страница 67: ...A2A1A0b is the memory address location of the memory card 1000 0000b for writing fuse MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data F...

Страница 68: ...5 INITIALIZE_AUTHENTICATION Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Q 0 Q 1 Q 7 FFh 84h 00h 00h 08h Where Byte Address Memory address location of the memory...

Страница 69: ...ACR3901U S1 Reference Manual info acs com hk Version 1 09 www acs com hk Page 69 of 96 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error...

Страница 70: ...d in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 05h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 5 2...

Страница 71: ...is locked exceeded the maximum number of retries Other values indicate that the last verification has failed DUMMY Two bytes dummy data read from the card SW1 SW2 90 00h if no error 7 2 5 4 READ_PROT...

Страница 72: ...E x in the response data 0 byte is write protected 1 byte can be written 7 2 5 5 WRITE_MEMORY_CARD Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS Byte Address MEM_L Byte 1 B...

Страница 73: ...g at Byte Address BYTE 1 is compared with the data at Byte Address BYTE N is compared with the data at Byte Address N 1 Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 S...

Страница 74: ...Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 ErrorCnt 90h Where SW1 90h SW2 ErrorCnt Error Counter FFh indicates successful verification 00h indicates that the password is locked or ex...

Страница 75: ...a field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 06h Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7...

Страница 76: ...tion is correct 00h indicates that the password is locked exceeded the maximum number of retries Other values indicate that the last verification has failed DUMMY Three bytes dummy data read from the...

Страница 77: ...location of the memory card MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Whe...

Страница 78: ...card the following actions are executed 1 Search a 1 bit in the presentation error counter and write the bit to 0 2 Present the specified code to the card 3 Try to erase the presentation error counte...

Страница 79: ...d The current secret code must have been presented to the card with the PRESENT_CODE command prior to the execution of this command Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CL...

Страница 80: ...e refer to PC SC specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01h 07h Response Data Format abData field in the RDR_to_PC_...

Страница 81: ...or writing personalization data and counter values to the card Backup bit is enabled to prevent data loss when card tearing occurs d Write with carry and backup enabled SLE 4436 SLE 5536 and SLE 6636...

Страница 82: ...r and write the bit to 0 2 Present the specified code to the card The ACR3901U S1 does not try to erase the presentation counter after the code submission This must be done by the application software...

Страница 83: ...wo bytes of authentication data calculated by the card Step 1 Send Authentication Certificate to the Card Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 MEM_L CODE KEY...

Страница 84: ...Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 MEM_L FFh C0h 00h 00h 02h Response Data Format abData field in the RDR_to_PC_DataBlock CERT SW1 SW2 Where CERT 16 bits...

Страница 85: ...SC specifications Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 P2 Lc Card Type FFh A4h 00h 00h 01 08h Response Data Format abData field in the RDR_to_PC_DataBlock SW1...

Страница 86: ...yte Address Memory address location of the memory card MEM_L Length of data to be written to the memory card BYTE Byte value to be written to the card Response Data Format abData field in the RDR_to_P...

Страница 87: ...r counter The User Error Counter can be erased when the submitted code is correct Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS Error Counter LEN Byte Address MEM_L CODE By...

Страница 88: ...to 0 3 Erase the presentation error counter Please note that Memory Error Counter cannot be erased Command Format abData field in the PC_to_RDR_XfrBlock Response Data Format abData field in the RDR_t...

Страница 89: ...a Format abData field in the RDR_to_PC_DataBlock SW1 SW2 Where SW1 SW2 90 00h if no error 7 2 9 2 READ_MEMORY_CARD Command Format abData field in the PC_to_RDR_XfrBlock Pseudo APDU CLA INS P1 Byte Add...

Страница 90: ...s The EEPROM memory is organized into 16 bit words Although erases are performed on single bit the ERASE operation clears an entire word in the memory Therefore performing an ERASE on any bit in the w...

Страница 91: ...tions are executed for this command 1 Present the specified code to the card a Erase the presentation error counter The data in corresponding Application Zone can be erased when the submitted code is...

Страница 92: ...To erase the data in Application Zone with EC Function Enabled 2 AT88SC102 To erase the data in Application Zone 2 with EC2 Function Enabled 3 AT88SC1003 To erase the data in Application Zone 2 with...

Страница 93: ...FY_SECURITY_CODE This command is used to submit Security Code 2 bytes to the inserted card Security Code is to enable the memory access of the card The following actions are executed 1 Present the spe...

Страница 94: ...w the fuse of the inserted card The fuse can be EC_EN Fuse EC2EN Fuse Issuer Fuse or Manufacturer s Fuse Note The blowing of fuse is an irreversible process Command Format abData field in the PC_to_RD...

Страница 95: ...anufacturer Fuse 05h 80h 01h EC_EN Fuse 05h C9h 01h Issuer Fuse 05h E0h 01h AT88SC102 Manufacturer Fuse 05h B0h 01h EC2EN Fuse 05h F9h 01h Issuer Fuse 06h 10h 01h AT88SC1003 Manufacturer Fuse 03h F8h...

Страница 96: ...h Exceeded max authentication retry failure 0Ah T1 Card operation error Table 12 Error Code Android is a trademark of Google LLC Atmel is a registered trademark of Atmel Corporation or its subsidiarie...

Результаты поиска

Содержание ACR3901U-S1

Отзывы:

Похожие инструкции для ACR3901U-S1

Бренды по названию

Популярные бренды

Advanced Card Systems ACR3901U-S1, Справочное руководство

Результаты поиска

Содержание ACR3901U-S1

Отзывы:

Похожие инструкции для ACR3901U-S1

Бренды по названию

Популярные бренды