Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Newland NL-PP60
Summary of Contents for Newland NL-PP60
-
Page 2: Table Of Contents
2.1 Introduction.........................3 2.2 comprehend NL-PP60......................3 2.2.1 Unpacking ........................3 2.2.2 Appearance.......................4 2.2.3 NL-PP60 detailed description of functions ..............4 2.3 Each interface’s function and PIN definition ..............5 2.3.1 PP60 configuration table ..................5 2.3.2 Spiral Cable for the PINPAD ...................6 2.3.3 Device connection....................8 2.4 How to use the PINPAD .....................9... - Page 3 4.8 Read the NL-PP60 hardware and software version number ..........29 4.8.1Command Format ....................29 4.8.2Command Description ....................30 4.9 Distribute PIN encrypt/MAC encryption’s work KEY .............30 4.9.1 Command Format....................30 4.9.2 Command Description ...................31 4.10 Setting KSN of DUPKT KEY..................32 4.10.1 Command format ....................32 4.10.2 Command Description ..................33...
-
Page 4: Manual Introduction
1.Manual introduction NL-PP60 is a KEYPINPADPINPAD that is approved by PCI SSC appointed lab. It is good at innovative design, superior performance, compact and lightweight, and with high information security.. In order to meet the information security requirements for PIN Entry Device from the financial industry, Newland NL-PP660 KEYPINPAD uses new design that prevents explore and attack. -
Page 5: Appearance
2.2.2 Appearance The front side description The back side description 2.2.3 NL-PP60 detailed description of functions Main features: PCI PED Approval Compact Appearance, cabinet modeling, smooth lining, comfort handling 32 bit ARM core CPU, large-capacity memory Multiple security systems ensuring KEY safety;... -
Page 6: Each Interface's Function And Pin Definition
Technical specifications Specifications Parameters description 32-bit, ARM core, RISC command Storage 32KB ROM Memory、256KB EEPROM; 100KB internal RAM; Communication RS232 serial port, 9600bps, (1.8.1, No-verification) Interface RJ11, PS2(optional) DC 4.5V ~ DC5.5V;200mA(Max) Power Display 122*32 LCD. LED backlight Keyboard 10 letter/number keys, five functional keys Dimension 141mm(L)×84.5mm(W)×38mm(H)... -
Page 7: Spiral Cable For The Pinpad
Please see the figure below: 一、The POS End (two kinds of interface) PS2 interface ⑤ ⑥ ④ ③ ① ② NL-PP60 spiral cable PS2 interface (male connector) PIN definition: ①: RXD ②: NC ③:GND ④: 5V ⑤: TXD ⑥: NC... - Page 8 PIN definition 1: TXD 2: VCC 3:NC 4: NC 5: GND 6: RXD 二、The PINPAD End 1、The lining order of the spiral cable’s PINPAD End (1.0 socket): Color definition: TXD:red VCC:green GND:black GND:black RXD:white The serial port definition above is for the PINPAD End, for example, RXD means the receiving end of the PINPAD.
-
Page 9: Device Connection
2.3.3 Device connection Please connect the PINPAD to specified devices only. Connecting with unlicensed device may have potential safety hazard, and may void your warrant. 一、PP60A connecting with NL-8200 POS 8200POS PP60A 二、PP60B connecting with NL-8510 POS 8510POS PP60B... -
Page 10: How To Use The Pinpad
4)、There is PINPAD’SLCD, which displays the following information NEWLAND CO,LTD. NL-PP60 001004 5)、If the left sideLED on the PINPAD is redthen it means the power is connected 6)、If the PINPAD is waiting for keyboard input, the right side green LED will... -
Page 11: Operation And Prompts
3.Operation and Prompts 3.1 startup screen NEWLAND CO,LTD. NL-PP60 001004 3.2 LED indicator light and LCD backlight control When using the keyboard, for example: entering password, entering Key Component, and entering PIN. Before entering the operational interface, both of the LED indicator and LCD backlight will turn on;... -
Page 12: The Input Of Authentication Key
Enter Password 3 (the input of corresponding KEY component 3): Input PSW3: 3.4 The input of Authentication KEY Authentication key is set by administrator by entering key components from PINPAD’s keyboard; no change is allowed after it is set. The entry of authentication key requires correspond password validation. -
Page 13: The Input Of Master Key/Fixed Key/Initial Dukpt Key
Keyboard guidance for Key Components input: Enter the KEY component need to use the hex rules, so 16-byte KEY component needs 32 characters. Number keys, backspace (cancel entered character), Cancel Key (cancel all entered characters), Enter (confirm the input) are available for KEY component input. -
Page 14: Pin Entry
After all KEY components are entered, you will be asked to enter then again for confirmation. Input again: (32 Hex) Only if the two inputs are identical, the PINPAD will save the setting. For the keyboard guidance of KEY component input, please sees 3.4 3.6 PIN Entry The screen for PIN Entry is shown below: PLS Input... -
Page 15: Attack Warning Message
3.7 Attack Warning Message If PED detected a attack, its LCD will display the message below Dangerxxxxxxxxx xxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx is a 24 characters warning code; it is the important information for the vendor to judge the attacking method. So if the warning message appeared, please keep the PINPAD and wait for professional for analysis. -
Page 16: Nl-Pp60 Command Interfaces And Setting
4.NL-PP60 command interfaces and setting Command interface communication protocol: The following protocol must be used for PINPAD to communicate with POS or other serial port device: Request To Send: The head of request [1byte] + data length [1 byte] + data […] + verification bit [1 byte] Responding To Send: The head of responding [1byte] + data length [1 byte] + data […] +... -
Page 17: Command Description
OR responding data package DATA 0x55 0x01 Error Code Verification Error Code 0x01 Sending Data Length Field Error 0x0d EDC Error 0xff Exception 4.1.2 Command Description Reset the PINPAD to the boot-up state. Back to the root directory, all authentication states are disabled. -
Page 18: Command Description
4.2.2 Command Description Choose the designated operational directory. The purpose of directory partition is for insolating different applications. Each sensitive service operation is done in its own subdirectory, so it is controlled by its subdirectory’s authentication KEY. This command is for choosing current directory for all further operations. -
Page 19: 2Command Description
4.3.2Command Description Before using the PINPAD, you must set the UID in a secure environment. Without the UID, all the sensitive services cannot be accessed. When a UID has been set, it cannot be changed. In the process of sensitive services’ authentication, UID will be involved in the calculation of Authentication Code, and it will be used in both direction’s authentication between the sending host and the PED, therefore attack by replacing the PED cannot be successful. -
Page 20: Command Description
4.4.2 Command Description Each device has 3 PSWs, which are 8 bits number. It follows the component number, they are called PSW1. PSW2. PSW3. PSW is used as password authentication before the input of Master KEY and Authentication Key component. PSW1 controls the first component input permission;... -
Page 21: Random Number
4.5 Random Number 4.5.1 Command Format Sending data: 0xd0 0x00 Verification Responding data: DATA 0xd0 0x08 Random number(8 Verification bytes) Or responding data package: DATA 0x50 0x01 Error Code Verification Random number: the random number is created by PINPAD, using in the sensitive service calculation of authentication code during sensitive service authentication. -
Page 22: Download Master Key/Authentication Key/Fixed Key/Dukpt Key
4.6 Download Master KEY/authentication KEY/Fixed KEY/DUKPT KEY 4.6.1 Command format Sending data: DATA 0x80 MkeyID Mode CNO. AuthCode(8 bytes) Verification Len=0x03 or 0x0b, when download the authentication KEY, Authcode is not exist, Len=0x03. In other circumstances, Authcode is exist, Len=0x0b MkeyID (Single byte): Specify the current directory which serial number want to download Master... - Page 23 CNO: length of field is 1 byte, can evaluate from 0x01~0x03, which can be used to input component’s serial number of Master KEY/authentication KEY/fixed KEY/DUKPT initial KEY. It respective denote the enter component’s first part, second part and the third part. When PINPAD receive the 0x01 of CNO, it will clean the old KEY component and re-start to save the new KEY component;...
- Page 24 En(K ODATA ODATA ODATA De(K …… En(K En(K En(K En(K IDATA IDATA IDATA IDATA Authcode For Example: The command of downloading Master Key is“80 0b 00 82 01 AuthCode(8byte) EDC”. The random number retrieved is 01 02 03 04 05 06 07 08. The UID is 88 88 88 88 88 88 88 88 11 11 11 11 11 11 11 11 Subdirectory authentication key is 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10.
- Page 25 En (3F207200BC5F72A1):Using the Left Key “01 23 45 67 89 ab cd ef” to encrypt; the result is F146875A695526C9. Using F146875A695526C9 to XOR the last 8-bits data block “11 11 11 00 00 00 00 00”; the result is E057965A695526C9. En (E057965A695526C9):Using the Left Key “01 23 45 67 89 ab cd ef”...
-
Page 26: Command Description
0x53 KEY Saving Error 0x65 Mode Error or can not find corresponding Authentication Key 0x76 Keyboard Input Timeout 0x92 Hardware DES Error 0xe2 Wrong PSW 0xe3 KSN does not exist or is not the initial value; cannot download DUKPT initial 0xff Exceptions 4.6.2 Command Description... - Page 27 Enter component 1: Authkey compone key component1: nt1:(32 Hex) (32 Hex) Re-enter component: Input again: (32 Hex) Enter PSW2: Input PSW2: Enter component 2: Authkey compone key component2: nt2:(32 Hex) (32 Hex) Re-enter component 2: Input again: (32 Hex) Enter PSW3: Input PSW3:...
-
Page 28: Issue Nl-Pp66
Re-enter component 3: Input again: (32 Hex) Download successful. KEY component input keyboard instruction: Enter the KEY component need to use the hex rules, so 16-byte KEY component needs 32 characters. Number keys, backspace (cancel entered character), Cancel Key (cancel all entered characters), Enter (confirm the input) are available for KEY component input. -
Page 29: Command Description
0x0d EDC Error 0x31 Dir invalid, excess the PINPAD’s directory partition number limit. 0x92 Hardware DES Error 0xff Exceptions 4.7.2 Command Description Issuing NL-PP60 related command order is shown below: Reset PINPAD and Select Directory read random number Issues NL-PP60... -
Page 30: Read The Nl-Pp60 Hardware And Software Version Number
4.8 Read the NL-PP60 hardware and software version number 4.8.1Command Format Sending data: 0x90 0x00 Verification Responding data: DATA 0x90 0x32 Version(50 bytes) Verification Version (50 bytes) includes the following sub-field: NL826Vxx+SN+ID+Ax+No+Firm NL826Vxx (8 bytes) is the product number, xx is the serial number, security module version number. -
Page 31: 2Command Description
Error Code 0x01 Sending the error data field 0x0d EDC error 0xff Exceptions 4.8.2Command Description Read the information of NL-PP66 like: version number, this can be used for the management of PINPAD. 4.9 Distribute PIN encrypt/MAC encryption’s work KEY 4.9.1 Command Format Sending data: DATA 0x81... -
Page 32: Command Description
AuthCode (8byte): Using the authentication Code calculated by DispAuthKey. For the calculation method please refer to: download Master KEY/authentication KEY/fixed KEY/DUKPT KEY commands. Responding data AuthCode 0x81 0x08 Auth Code Verification AuthCode: (8byte): Using the authentication Code calculated by DispAuthKey. For the calculation method please refer to: download Master KEY/authentication KEY/fixed KEY/DUKPT KEY commands. -
Page 33: Setting Ksn Of Dupkt Key
Related command sequence: Choose catalog Random Number Download working encryption key 4.10 Setting KSN of DUPKT KEY 4.10.1 Command format Sending data Data 0x96 0x12 KSN(10bytes) Authcode(8 bytes) Verification KSN (10 bytes): Initial serial number of downloading. (DUKPT of ANSI x9.24). Only the 59 bits in the left side is effective, the 21 bits in the right must be 0 Authcode (8 bytes): Using Sub Init Key to counting, counting method please see Master KEY/authentication KEY/fixed KEY/DUKPT KEY command. -
Page 34: Command Description
Error Code 0x01 Sending the error data field 0x08 Wrong Verify Code 0x0b Sensitive service operation frequency is limited set or UID is not set or authentication timeout is exceeded, PED is locked. 0x0d EDC Error 0xe3 KSN save Error 0xff Exceptions 4.10.2 Command Description... -
Page 35: Command Description
If KSN setting success, responding data: Data 0X97 0x0a Verification KSN (10 bytes): The KSN of current PINPAD (DUKPT of ANSI x9.24) Or responding the wrong information: DATA 0x15 0x01 Error Code Verification Error Code: 0x01 Sending data Length field Error 0x0d EDC Error 0xe3... - Page 36 PKeyMODE (signed char): PIN Encrypt Key Mode Bit7 must be 1, means TDES counting mode Bit6-0: =0x01 PIN encryption key (MK/SK system) =0x05 PIN encryption key (fixed encryption key mode) =0x06 DUKPT-PIN encryption key Max (2 bytes): retained field Authcode (8 bytes): Using PIN/MAC to counting, counting method please see main KEY/authentication KEY/fixed KEY/DUKPT KEY command.
-
Page 37: Command Description
4.12.2 Command Description Before using this command, the get random number command needs to be sent first and the received data needs to be encrypted by PIN/MAC encryption key; this result will be used as authentication data. After the PINPAD received the command, such data will be used in authentication;... -
Page 38: Command Description
Error Code 0x01 Sending Data Length Field Error 0x08 Auth Code Error 0x0b Sensitive service operation frequency is limited set or UID is not set or authentication timeout is exceeded, PED is locked. 0x0d EDC Error 0x61 The selected PIN encryption key does not exist 0x71 PIN encryption key have not been selected 0x74... - Page 39 The command order is listed below: Select Random Number Choose PIN encryption key PIN Entry Cancel PIN Entry Entries the interface of PIN Entry, the LCD backlighting and the green LED indicator light will be on., he interface of PIN Entry is shown below: PLS Input PIN: This time user can press the keys to enter PIN (support 0-9 number button), the PIN has been...
-
Page 40: Pin Entry Method Two (New Account User Entered Password Is Encrypted Using Ansi X9.8 Standard)
4.14 PIN Entry Method Two (New account user entered password is encrypted using ANSI X9.8 Standard) 4.14.1 Command Format Sending data DATA 0x84 0x12 Card number Verification Detail please sees PIN input way one Responding data DATA 0x84 0x08 The result of encryption (8bytes) Verification Or responding data is DATA... -
Page 41: Command Description
4.14.2 Command Description The same as chapter 4.1.13.2, user gets promoted from the LCD for entering account password (PIN). After the PIN is entered and the confirm key is pressed, the PINPAD will use the Card Number data received from main host to generate PIN Block according to ANSI X9.8 Standard, and then encrypt the PIN Block using PIN encryption Key. -
Page 42: Cancel Pin Entry
This time user can press the button to enter PIN (support 0-9 number button), the PIN has been entered will display in the second line as *, see below PLS Input PIN: **** Each key press for the PIN Entry will give a Beep as a reminder. If you want to delete the last entered character, press backspace;... -
Page 43: Command Description
Error Code 0x01 Sending Data Length field Error 0x0d EDC Error 4.15.2 Command Description When PINPAD is in the state of PIN Entry, use this command the cancel it. 4.16 MAC Encryption 4.16.1 Command Format Sending data DATA 0x85 Len+0x0a WKeyID Mode Data... -
Page 44: Command Description
Responding data DATA 0x85 0x10 8-bits MAC AuthCode Verification AuthCode (8bytes): using PIN/MAC to encrypt the authentication KEY, for calculation method please see Master KEY/authentication KEY/fixed KEY/DUKPT KEY commands Or responding data package DATA 0x05 0x01 Error Code Verification Error Code 0x01 Sending data length field Error 0x08... -
Page 45: Operational Record Reading
4.17 Operational Record Reading 4.17.1 Command Format Sending data DATA 0xda 0x0c Operation Operation Auth_Code Verification Migration record records numbers Operation record serial number (2 byte, high byte first, then low byte).Operation record serial number begins with 0, increase by degrees. Operation record serial number is the location of user read the record Operation record number: 2 byte, high byte first, then low byte. -
Page 46: Command Description
Every byte uses the BCD code, for example: 15:20:25 on March 21, 2006, is 0x20 0x06 0x03 0x21 0x15 0x20 0x25 AuthCode (8bytes): the verify code is counted by subdirectory authentication key, download method please see Master KEY/authentication KEY/fixed KEY/DUKPT KEY command Or the responding data package DATA 0x5a... -
Page 47: Attentions
PINPAD in an environment that is out of the limit may cause permanent damage. For software driver development or operation of the PINPAD please refer to <<NL-PP60 software development interface instruction>>, wrong commands may cause damage to the PINPAD The unused or destroyed PINPAD, must do the destroy register, and destroy them together. -
Page 48: Brittle Paper Identification
Unknown devices are added to the PINPAD Abnormal on the casing surface. The gap between upper and lower casing is abnormally large; casing broken or distortion. Casing has trace of prying.. Key missing. Cable damages. 5.3.2 Brittle paper Identification At the back of the PINPAD, there is a quadrate mall hole, which is for the buzzer. There are also two brittle papers at the back to protect from unauthorized opening of the PINPAD. -
Page 49: Trouble Shooting
6.Trouble Shooting 1. Q: Why is the directory selection failed? A: The PINPAD’s initial state has no subdirectories but only root directory; if you select a directory other than Dir0, you will get a fail response. You need to the PINPAD issue command to initialize the PINPAD before selecting a directory.
Need help?
Do you have a question about the NL-PP60 and is the answer not in the manual?
Questions and answers