4 - Command Set
DynaPro Go| Handheld PIN Pad Device with MSR/Contact/Contactless | Programmer’s Manual (COMMANDS)
Page 37 of 247 (
D998200136-31
)
4
Command Set
4.1
About Big Block Data and TLV Format
There are some cases where command data (host to device) or response data (device to host) requires
special treatment. For example, some commands require the host or device to transmit large blocks of
data that exceed the maximum packet size of the chosen data transport layer; other commands require
transmitted data to be encrypted and/or encoded, fully received, then decrypted and/or decoded as a single
piece. For commands and responses that require these sorts of special treatment, the usage information in
this document indicates that the command or response uses
big block
data buffers.
The device provides support for transmitting big block data by implementing two reports: For feature
reports that require big block data transmission, the host should first call
to transmit the relevant data to the device, then invoke the desired command. In
cases where the device sends big block data to the host, the host should invoke the desired command, then
the device sends one or more instances of
Report 0x29 - Send Big Block Data to Host
. The host must
then assemble / parse / decrypt / decode the data.
Big block data is frequently encoded using an industry standard Tag-Length-Value (TLV) format. For
detailed information about parsing EMV response data in TLV format, see
EMV Integrated Circuit
Card Specifications for Payment Systems 4.3, Part IV, Annex B Rules for BER-TLV Data
Objects.
For a detailed example of parsing TLV data, see
Appendix A.2 How to Parse Encrypted Big
Block EMV Data From An SRED Device
. For details about the specific tags used by a given
command, see the usage information for the command.
4.2
About Message Authentication Codes (“MAC-AMK” or “MAC-MSR”)
“MAC” is an abbreviation of Message Authentication Code, which is a string of bytes included in a
message that can be used to provide reasonable assurance that the message originated from a trusted
source and has not been modified. All messages in this document (including commands, responses, and
command payloads) that are tagged “MAC-AMK” or “MAC-MSR” must include the device’s unique
serial number and a four-byte MAC.
The sections in this document about all commands, responses, and data formats that include a MAC are
tagged with “MAC-AMK” or “MAC-MSR” in the section title. All of these sections specify how to
generate and use the MAC, including which key and variant to use, which data elements to use, and how
the resulting MAC is included in the message. The key used to calculate the MAC is usually either the
MSR key or the AMK key, and the variant is always
Message Authentication, Request or Both Ways
.
The choice of key depends on several factors, including the type of message, whether its related processes
use encryption, and which encryption keys those processes use.
In all cases, the MAC is produced by following
ISO 9797-1 Information Technology – Security
Techniques – Message Authentication Codes
, using Padding Method 1, Initial Transformation 1,
Output Transformation 3, Algorithm 3, DEA, with two 56 bit-keys (K and K'). That method produces an
8-byte MAC value, and the most significant 32 bits of that value serve as the MAC the device or host will
include with the message.
The host and device stage many MACed messages using big block data buffers (detailed in section
About Big Block Data and TLV Format
). In cases where the MACed message uses TLV data object
F9
, which is designed specifically for transmitting MACed messages, the message being sent as big block
data follows this general format (interpret hexadecimal as binary values, ignore whitespace and
/*comments*/, replace <angle bracketed values> with actual values):
