ACS ACR3901U-S1 Reference Manual
  1. Manuals
  2. Brands
  3. ACS Manuals
  4. Card Reader
  5. ACR3901U-S1
  6. Reference manual

ACS ACR3901U-S1 Reference Manual

Hide thumbs Also See for ACR3901U-S1:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
ACR3901U-S1
Bluetooth
®
Contact Card Reader
Reference Manual V1.01
Subject to change without prior notice
info@acs.com.hk
www.acs.com.hk

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ACR3901U-S1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ACS ACR3901U-S1

Summary of Contents for ACS ACR3901U-S1

  • Page 1 ACR3901U-S1 Bluetooth ® Contact Card Reader Reference Manual V1.01 Subject to change without prior notice info@acs.com.hk www.acs.com.hk...

  • Page 2: Table Of Contents

    6.6.6. RDR_to_SPH_DataRsp ....................38 7.0. USB Communication Protocol ................39 7.1. CCID Bulk-OUT Messages ....................41 7.1.1. PC_to_RDR_IccPowerOn ................... 41 7.1.2. PC_to_RDR_IccPowerOff ................... 41 7.1.3. PC_to_RDR_GetSlotStatus ..................41 Page 2 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 3 AUTHENTICATE_MEMORY_CARD (SLE 4436, SLE 5536 and SLE 6636) ..... 74 8.8. Memory Card – SLE 4404 ....................76 8.8.1. SELECT_CARD_TYPE ....................76 8.8.2. READ_MEMORY_CARD .................... 76 8.8.3. WRITE_MEMORY_CARD ..................77 Page 3 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 4 Table 4 : Mode Selection Switch ......................10 Table 5 : Status LED ..........................11 Table 6 : ACR3901U-S1 Service Handles and UUID Information List ..........15 Table 7 : Bluetooth Frame Format ......................19 Table 8 : Encrypted Frame Format after Mutual Authentication ............19 Table 9 : Command Code Summary ....................

  • Page 5: Introduction

    1.0. Introduction ACR3901U-S1 Bluetooth Contact Card Reader acts as an interface for the communication between a computer/mobile device and a smart card. Different types of smart cards have different commands and different communication protocols which, in most cases, prevent direct communication between a smart card and a computer/mobile device.

  • Page 6: Features

    PC/SC CCID EMV™ 2000 Level 1 Bluetooth® Smart Microsoft WHQL ® RoHS 2 REACH Applicable under PC-linked mode PC/SC and CCID support are not applicable Same as above Page 6 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 7: Smart Card Support

    3.1. MCU Cards ACR3901U-S1 is a PC/SC compliant smart card reader that supports ISO 7816 Class A, B and C (5 V, 3 V, and 1.8 V) smart cards. It also works with MCU cards following either the T=0 and T=1 protocol.

  • Page 8: System Block Diagram

    4.0. System Block Diagram ACR3901U-S1 Full-sized Power LEDs Card Management Re-chargeable battery Bluetooth module Bluetooth Mobile device or Computer Computer Figure 1: ACR3901U-S1 Architecture Page 8 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 9: Hardware Design

    ACR3901U-S1 is using a rechargeable Lithium-ion battery which has a capacity of 320 mAh. 5.1.1. Battery charging Once the battery of ACR3901U-S1 runs out, it may be charged in any of the following modes: OFF, USB, Bluetooth; as long as it is connected to a power outlet. 5.1.2.

  • Page 10: Endpoints

    Interrupt IN (data packet size is 8 bytes) 5.4. User Interface 5.4.1. Mode Selection Switch ACR3901U-S1 has three modes: USB, Off and Bluetooth. User can select one mode at a time as a data transmission interface. Symbol Switch Active Mode...

  • Page 11: Smart Card Interface

    Bluetooth module. 5.5. Smart Card Interface The interface between the ACR3901U-S1 and the inserted smart card follows the specification of ISO 7816-3 with certain restrictions or enhancements to increase the practical functionality of ACR3901U- 5.5.1.

  • Page 12: Interface For Microcontroller-Based Cards

    5.5.5. Card Tearing Protection The ACR3901U-S1 provides a mechanism to protect the inserted card when it is suddenly withdrawn while it is powered up. The power supply to the card and the signal lines between theACR3901U-S1 and the card is immediately deactivated when the card is being removed. However, as a rule to avoid any electrical damage, a card should only be removed from the reader while it is powered down.

  • Page 13: Software Design

    The program flow of a Bluetooth connection is shown below: Bluetooth Start (Reset/Power up) Connect Success? Enable Service Authentication Authenticate Success? Smart card operation with security channel Disconnect? Reset Power Off Figure 2: Bluetooth Connection Flow Page 13 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 14: Profile Selection

    6.2. Profile Selection ACR3901U-S1 is a smart card reader that is designed to use Bluetooth technology as an interface to transmit data. A customized service called Commands Communication with three pipes is used: one pipe is used for command request, second pipe is for command response, and the third pipe is used to notify the paired device about the card and sleep mode status.

  • Page 15: Table 6: Acr3901U-S1 Service Handles And Uuid Information List

    Send (Reader → Paired device) 8002 Receive 8003 (Paired device →Reader) CardStatus 8004 BatteryLevel 2A19 Manufacturer 2A29 FW_Version 2A26 ModelNumber 2A24 SerialNumber 2A25 Table 6: ACR3901U-S1 Service Handles and UUID Information List Page 15 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 16: Authentication

    RND_A[0:15] and are originally generated by ACR3901U-S1. ACR3901U-S1 will first compare if RND_A[0:15] is the same as the original version. If it is the same, then the data processing server is authenticated by ACR3901U-S1. ACR3901U-S1 will then encrypt RND_B[0:15] obtained using the Customer Master Key and the feedback to the data processing server through the bridging device using the answer to the authentication response message.

  • Page 17: Figure 4: Authentication Procedure

    6. The final output data from the encryption process will be transferred to ACR3901U-S1 through the authentication response message. 7. In ACR3901U-S1, a decryption process will be performed on the received data to recover the 32 bytes of random number. ACR3901U-S1 will check the result RND_A[0:15] to see if they are the same as the original ones.
  • Page 18 16-byte Session Key is created by padding the first 8 bytes of RND_A to the end of the first 8 bytes of RND_B. Page 18 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk...

  • Page 19: Frame Format

    16*N bytes (N>0) Checksum XOR {Identifiers, Length, Payload} XOR {Header, Len, Encrypted(Identifiers, Length, Payload, Check byte Checksum)} Table 8: Encrypted Frame Format after Mutual Authentication Page 19 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 20: Bluetooth Communication Protocol

    6.5. Bluetooth Communication Protocol ACR3901U-S1 communicates to the paired device using the Bluetooth interface with a predefined protocol. The protocol is similar to the formats of the CCID Command Pipe and Response Pipe. Command Mode supported Sender Description Authenticated Paired device...

  • Page 21: Card Power On

    14 00 3B BE 11 00 00 41 01 38 00 00 00 00 12 34 56 78 01 90 00 73 ATR = 3B BE 11 00 00 41 01 38 00 00 00 00 12 34 56 78 01 Page 21 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 22: Card Power Off

    LEN1 is LSB while LEN2 is MSB CSUM means the XOR values of all CSUM (wChecksum) bytes in the command. Example: Request = 01 00 62 Response = 01 00 12 Page 22 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 23: Get Card Presence

    03 = Card present and active CSUM means the XOR values of all CSUM (wChecksum) bytes in the command. Example: Request = 01 00 64 Response = 02 00 03 15 Page 23 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 24: Apdu Command

    Example: Request = 06 00 80 84 00 00 08 65 Response = 0B 00 C1 7A 3B AA D6 5A FA CE 90 00 18 Page 24 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 25: Escape Command

    Len (CommandLength) message, and is expressed in one byte long. Data 0 =< N <= 255 CSUM means the XOR values of CSUM (wChecksum) all bytes in the command. Page 25 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 26 Response = 0D 00 82 0A FF FF FF FF FF FF FF FF FF FF 90 Serial Number: FF FF FF FF FF FF FF FF FF FF Page 26 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 27 03 00 03 00 6B Response = 13 00 83 10 F2 8F B7 EF BA 43 C4 6B 85 D8 51 7B 84 08 C3 25 FB Page 27 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 28 CSUM (wChecksum) of all bytes in the command. Example: Request = 03 00 04 00 6C Response = 08 00 84 05 56 30 2E 30 31 D5 Page 28 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 29 00h = Success Data 01h = Fail CSUM means the XOR values CSUM (wChecksum) of all bytes in the command. Example: Refer to Section 6.5.6 for more details. Page 29 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 30 CSUM means CSUM (wChecksum) values of all bytes in the command. Example: Request to set 90s = 04 00 0D 01 Response = 04 00 8D 01 00 Page 30 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 31 Example: Request = 03 00 0E 00 Response = 09 00 8E 06 AA BB CC DD EE FF Device address: AA BB CC DD EE FF Page 31 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 32: Customer Master Key Reset Request

    Number of extra bytes of data abData2 16 bytes of random number Data (KeyRSTRnd[0:15]) generated by the reader CSUM means the XOR values CSUM (wChecksum) of all bytes in the command Page 32 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 33 Where XX = encrypted KeyRstRnd[0:15] ZZ = encrypted NewMasterKey[0:15] 4. Rewrite Master Key Command Response = 04 00 87 01 YY Where: YY = 00h (Success) = 01h (Fail) Page 33 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 34: Mutual Authentication And Encryption Protocol

    After successful authentication, a 16-byte Session Key is generated in both ACR3901U-S1 and the data processing server. The Session Key (SK[0:15]) is obtained by padding the first 8 bytes of RND_B at the end of the first 8 bytes of RND_A, that is:...

  • Page 35: Sph_To_Rdr_Reqauth

    RDR_to_SPH_DataRsp (22h) 6.6.1. SPH_to_RDR_ReqAuth This command will request ACR3901U-S1 to perform authentication with the paired key-generating device. After a successful authentication, the Customer Master Key can be modified by the paired key-generating device. For more information on the authentication process, please refer to Section 6.3...

  • Page 36: Sph_To_Rdr_Authrsp

    Customer Master Key and pads it to the end of the 16-byte of random numbers. The overall 32-byte random numbers will be decrypted using the Customer Master Key and return it to the ACR3901U-S1 using this command in order to have a successful authentication.

  • Page 37: Rdr_To_Sph_Authrsp2

    6.6.5. SPH_to_RDR_DataReq This command is sent from the paired device to the ACR3901U-S1 after the mutual authentication process. In Bluetooth mode, the communication protocol from Section 6.5.1 to 6.5.5 will be encrypted and transmitted after a successful mutual authentication.

  • Page 38: Rdr_To_Sph_Datarsp

    N*16 with the Customer Master Key using AES128 CBC cipher mode. CSUM means the XOR values wChecksum of all bytes in the command. Page 38 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 39: Usb Communication Protocol

    CCID, has been released within the industry defining such a protocol for the USB chip-card interface devices. CCID covers all the protocols required for operating smart cards. The configurations and usage of USB endpoints on ACR3901U-S1 shall follow CCID Rev 1.0 Section An overview is summarized below: 1.
  • Page 40 Automatic baud rate change according to frequency and FI,DI parameters • TPDU level change with ACR3901U- Maximum message length accepted by dwMaxCCIDMessageLength ACR3901U-S1 is 271 bytes. bClassGetResponse Insignificant for TPDU level exchanges. bClassEnvelope Insignificant for TPDU level exchanges. wLCDLayout No LCD.

  • Page 41: Ccid Bulk-Out Messages

    Size of extra bytes of this message. Identifies the slot number for this bSlot command. bSeq Sequence number for command. abRFU Reserved for future use. The response to this message is the RDR_to_PC_SlotStatus message. Page 41 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 42: Pc_To_Rdr_Xfrblock

    Size of extra bytes of this message. Identifies the slot number for this BSlot command. BSeq Sequence number for command. AbRFU Reserved for future use. The response to this message is the RDR_to_PC_Parameters message. Page 42 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 43: Pc_To_Rdr_Setparameters

    Add 0 to 254 etu to the bGuardTimeT0 normal guardtime of 12 etu. FFh is the same as 00h. bWaitingIntegerT0 WI for T=0 used to define WWT Page 43 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 44 03h = Stop with Clock either High or Low bIFSC Size of negotiated IFSC bNadValue Only support NAD = 00h The response to this message is the RDR_to_PC_Parameters message. Page 44 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 45: Ccid Bulk-In Messages

    7.2. CCID Bulk-IN Messages 7.2.1. RDR_to_PC_DataBlock This message is sent by ACR3901U-S1 in response to PC_to_RDR_IccPowerOn, and PC_to_RDR_XfrBlock messages. Offset Field Size Value Description Indicates that a data block is being sent bMessageType from the CCID. dwLength Size of extra bytes of this message.

  • Page 46: Rdr_To_Pc_Parameters

    80h = Structure for 2-wire protocol 81h = Structure for 3-wire protocol 82h = Structure for I2C protocol Byte Protocol Data Structure as summarized abProtocolDataStructure array in CCID Rev 1.0 Section 5.2.3 Page 46 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 47: Memory Card Command Set

    = 03h for 8-byte page write = 04h for 16-byte page write = 05h for 32-byte page write = 06h for 64-byte page write = 07h for 128-byte page write Page 47 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 48 Memory address location of the memory card MEM_L Length of data to be written to the memory card Byte x Data to be written to the memory card Page 48 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 49 Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 49 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 50: Memory Card - 32, 64, 128, 256, 512, And 1024 Kilobit I2C Card

    = 03h for 8-byte page write = 04h for 16-byte page write = 05h for 32-byte page write = 06h for 64-byte page write = 07h for 128-byte page write Page 50 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 51: Read_Memory_Card

    = D0h for 32 kilobit, 64 kilobit, 128 kilobit, 256 kilobit, 512 kilobit iic card = 1101 000*b for 1024 kilobit iic card, where * is the MSB of the 17 bit addressing Page 51 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 52 Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 52 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 53: Memory Card - Atmel At88Sc153

    = B3h for reading zone 11b = B4h for reading fuse Byte Address Memory address location of the memory card MEM_L Length of data to be read from the memory card Page 53 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 54: Write_Memory_Card

    Length of data to be written to the memory card MEM_D Data to be written to the memory card Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 54 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 55: Verify_Password

    Other values indicate the current verification has failed. 8.3.5. INITIALIZE_AUTHENTICATION Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU Q(0) Q(1) … Q(7) Where: Q(0),Q(1)…Q(7) Host random number, 8 bytes Page 55 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 56: Verify_Authentication

    Pseudo-APDU Ch(0) Ch(1) … Ch(7) Where: Ch(0),Ch(1)…Ch(7) Host challenge, 8 bytes Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 56 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 57: Memory Card - Atmel At88C1608

    Byte Address b is the memory address location of the memory card = 1000 0000b for reading fuse MEM_L Length of data to be read from the memory card Page 57 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 58: Write_Memory_Card

    Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 58 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 59: Verify_Password

    Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU Q(0) Q(1) … Q(7) Where: Byte Address Memory address location of the memory card Q(0),Q(1)…Q(7) Host random number, 8 bytes Page 59 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 60: Verify_Authentication

    Memory address location of the memory card Q1(0),Q1(1)…Q1(7) Host challenge, 8 bytes Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 60 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 61: Memory Card - Sle4418/Sle4428/Sle5518/Sle5528

    Response Data Format (abData field in the RDR_to_PC_DataBlock) BYTE 1 … … BYTE N Where: BYTE x Data read from memory card SW1, SW2 = 90 00h if no error Page 61 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 62: Read_Presentation_Error_Counter_Memory_Card

    MEM_L = 1 + INT( (number of bits - 1)/8 ) For example, to read 8 protection bits starting from memory 0010h, the following pseudo-APDU should be issued: FF B2 00 10 01h Page 62 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 63: Write_Memory_Card

    Length of data to be written to the memory card Byte x Data to be written to the memory card Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 63 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 64: Write_Protection_Memory_Card

    3. Try to erase the presentation error counter. Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU CODE MEM_L Byte 1 Byte 2 Where: CODE Two bytes secret code (PIN) Page 64 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...
  • Page 65 = Error Counter. FFh indicates successful verification. 00h indicates that the password is locked (or exceeded the maximum number of retries). Other values indicate that current verification has failed. Page 65 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 66: Memory Card - Sle4432/Sle4442/Sle5532/Sle5542

    Response Data Format (abData field in the RDR_to_PC_DataBlock) BYTE 1 … … BYTE N Where: BYTE x Data read from memory card SW1, SW2 = 90 00h if no error Page 66 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 67: Read_Presentation_Error_Counter_Memory_Card (Sle 4442 And Sle 5542) 67 8.6.4. Read_Protection_Bits

    Response Data Format (abData field in the RDR_to_PC_DataBlock) PROT 1 PROT 2 PROT 3 PROT 4 Where: PROT y Bytes containing the protection bits from protection memory SW1, SW2 = 90 00h if no error Page 67 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 68: Write_Memory_Card

    Byte Address = 000A b (00h to 1Fh) is the protection memory address location of the memory card MEM_L Length of data to be written to the memory card Page 68 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 69: Present_Code_Memory_Card (Sle 4442 And Sle 5542)

    = Error Counter. 07h indicates that the verification is correct. 00h indicates the password is locked (exceeded the maximum number of retries). Other values indicate that the current verification has failed. Page 69 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 70: Change_Code_Memory_Card (Sle 4442 And Sle 5542)

    Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU CODE MEM_L Byte Byte Byte Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 70 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 71: Memory Card - Sle 4406/Sle 4436/Sle 5536/Sle 6636

    Response Data Format (abData field in the RDR_to_PC_DataBlock) BYTE 1 … … BYTE N Where: BYTE x Data read from memory card SW1, SW2 = 90 00h if no error Page 71 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 72: Write_One_Byte_Memory_Card

    02h: Write with backup enabled (SLE 4436, SLE 5536 and SLE 6636 only) 03h: Write with carry and with backup enabled (SLE 4436, SLE 5536 and SLE 6636 only) BYTE Byte value to be written to the card Page 72 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 73: Present_Code_Memory_Card

    1. Search a '1' bit in the presentation counter and write the bit to '0'. 2. Present the specified code to the card. The ACR3901U-S1 does not try to erase the presentation counter after the code submission. This must be done by the application software through a separate ‘Write with carry' command.

  • Page 74: Authenticate_Memory_Card (Sle 4436, Sle 5536 And Sle 6636)

    AUTHENTICATE_MEMORY_CARD (SLE 4436, SLE 5536 and SLE 6636) To read a card authentication certificate from a SLE 5536 or SLE 6636 card, the ACR3901U-S1 executes the following actions: 1. Select Key 1 or Key 2 in the card as specified in the command.
  • Page 75 16 bits of authentication data computed by the card. The LSB of BYTE 1 is the first authentication bit read from the card. SW1 SW2 = 90 00h if no error Page 75 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 76: Memory Card - Sle 4404

    Response Data Format (abData field in the RDR_to_PC_DataBlock) BYTE 1 … … BYTE N Where: BYTE x Data read from memory card SW1 SW2 = 90 00h if no error Page 76 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 77: Write_Memory_Card

    Section 8.8.5. Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU Byte Address MEM_L Where: Byte Address = Memory byte address location of the scratch pad Typical value is 02h Page 77 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 78: Verify_User_Code

    Note: After SW1SW2 = 9000h has been received, read back the User Error Counter to check if the VERIFY_USER_CODE is correct. If User Error Counter is erased and is equal to “FFh,” the previous verification is successful. Page 78 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 79: Verify_Memory_Code

    Note: After SW1SW2 = 9000h has been received, read back the Application Area can check if the VERIFY_MEMORY_CODE is correct. If all data in Application Area is erased and is equal to “FFh,” the previous verification is successful. Page 79 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 80: Memory Card - At88Sc101/At88Sc102/At88Sc1003

    Response Data Format (abData field in the RDR_to_PC_DataBlock) BYTE 1 … … BYTE N Where: BYTE x Data read from memory card SW1 SW2 = 90 00h if no error Page 80 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 81: Write_Memory_Card

    3. VERIFY_SECURITY_CODE commands as specified in Section 8.9.7. Command Format (abData field in the PC_to_RDR_XfrBlock) Pseudo-APDU Byte Address MEM_L Where: Byte Address Memory byte address location of the word to be erased Page 81 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 82: Erase_Application_Zone_With_Erase

    AT88SC102: Erase Application Zone 2 with EC2 function disabled AT88SC1003: Erase Application Zone 1 AT88SC1003: Erase Application Zone 2 with EC2 function disabled AT88SC1003: Erase Application Zone 3 Page 82 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 83: Erase_Application_Zone_With_Write_And_Erase

    Length of presentation error counter in bits. The value should be 80h always. Byte Address Byte address of the Application Zone Key in the card Byte Address AT88SC101 AT88SC102 AT88SC1003 CODE 4 bytes Erase Key Page 83 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 84: Verify_Security_Code

    Note: After SW1SW2 = 9000h has been received, read back the Security Code Attempts Counter (SCAC) to check whether the VERIFY_USER_CODE is correct. If SCAC is erased and is equal to “FFh,” the previous verification is successful. Page 84 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 85: Blown_Fuse

    EC2EN Fuse Issuer Fuse Manufacturer Fuse AT88SC1003 EC2EN Fuse Issuer Fuse Response Data Format (abData field in the RDR_to_PC_DataBlock) Where: SW1 SW2 = 90 00h if no error Page 85 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 86: Other Commands Access Via Pc_To_Rdr_Xfrblock

    C_TYPE The card types supported by the ACR3901U-S1. This data field is a bitmap with each bit representing a particular card type. A bit set to '1' means the corresponding card type is supported by the reader and can be selected with the SELECT_CARD_TYPE command.

  • Page 87: Table 11: Supported Card Types

    Infineon SLE 4406, SLE 4436 and SLE 5536 Infineon SLE 4404 Atmel AT88SC101, AT88SC102 and AT88SC1003 MCU-based cards with T=0 communication protocol MCU-based cards with T=1 communication protocol Table 11: Supported Card Types Page 87 of 88 ACR3901U-S1 – Reference Manual info@acs.com.hk www.acs.com.hk Version 1.01...

  • Page 88: Table 12: Error Code

    Appendix B. Error Codes The following table summarizes all the error codes for ACR3901U-S1: Error Code Description Invalid checksum Invalid data length Invalid command format Invalid command / Unknown command ID Card operation error Authentication is required / Authentication error...

Table of Contents