Copyright © 2010-2020, International Technologies & Systems Corporation. All rights reserved.
Page 32 of 76
User Manual, SecureHead USB and UART Interface
4.4.
Fixed Key Management Encrypted Output Format
Same as 4.3 DUKPT Key Management Level 3 Data Output Format, only change <DUKPT serial
number> to <device serial number> plus two NULL bytes.
4.5.
DUKPT Enhanced Level 3 Data Output Format
This mode is used when all tracks must be encrypted, or encrypted OPOS support is required, or
when the tracks must be encrypted separately or when cards other than type 0 (ABA bank cards)
must be encrypted or when track 3 must be encrypted. This format is the standard encryption
format, but not yet the default encryption format.
1.
Encryption Output Format Setting:
Command: 53 85 01 <Encryption Format>
Encryption Format:
‘0’: Original Encryption Format
‘1’: Enhanced Encryption Format
2.
Encryption Option Setting: (for enhanced encryption format only)
Command: 53 84 01 <Encryption Option>
Encryption Option: (
default 08h
)
bit0: 1 – track 1 force encrypt
bit1: 1 – track 2 force encrypt
bit2: 1 – track 3 force encrypt
bit3: 1 – track 3 force encrypt when card type is 0
bit4: 1 – new mask feature: see note 4) below
Note:
1)When force encrypt is set, this track will always be encrypted, regardless of card type. No
clear/mask text will be sent.
2) If and only if in enhanced encryption format, each track is encrypted separately.
Encrypted data length will round up to 8 or 16 bytes.
3) When force encrypt is not set, the data will be encrypted in original encryption format,
that is, only track 1 and track 2 of type 0 cards (ABA bank cards) will be encrypted.
4) When new mask feature (bit 4) is set
a) Mask data can be sent even if set to “force encrypt” (bit0-3 is set);
b) If bank card and track 3 is ISO-4909 with PAN format, T3 will be encrypted and has
mask data.
Typical settings: