Introduction; Definitions Of Terms; Table 1: Definitions Of Terms - ACS ACR3x mobile Reference Manual

1.0. Introduction

The ACR3x Mobile Card Reader serves as an interface for the communication between a mobile
device and a magnetic/contact/contactless card. Different types of cards have different commands
and communication protocols, and the ACR3x establishes a uniform interface from the mobile device
to the card.
The ACR3x is connected to the mobile device through a 3.5 mm audio jack interface. Through this,
the ACR3x will read information from the cards through the decoder on the reader which will be sent
to the mobile device, such as smartphone or tablet. Furthermore, as a way to enhance security, the
card information is encrypted using the AES-128 encryption algorithm before it will be sent to the
backend server.
This document describes the hardware and software design of the ACR3x and the list of commands it
uses to communicate with the mobile device.

1.1. Definitions of Terms

Abbreviation
ACS Secret Key
AES
AES Key
Custom ID
Customer Master Key
Device ID
Master Reset
MReset Session Key
Session Key
TDES
ACR3x – Reference Manual
Version 1.03
Key used to perform Master Reset authentication. This key cannot be
modified through command messages and is hard coded in the
firmware. This key must be kept securely by ACS only.
Advanced Encryption Standard
The key used to encrypt the magnetic stripe track data using AES-128
CBC cipher mode. This key can be modified by the customer.
10 bytes of identification code set by customer. This ID can be
modified by the customer.
The key being kept by the customer to perform authentication with
ACR3x before the injection of AES Key, new Customer Master Key,
Custom ID and DUKPT option, as well as performing DUKPT
initialization. This key can be modified by the customer
8 bytes of unique identification code of the MCU used in ACR3x.
Customer can use this ID to derive the Custom ID or DUKPT
initialization data. This ID cannot be modified by any means and is
hard coded inside the MCU by the MCU manufacturer.
This term is equivalent to factory reset. By performing a Master Reset,
all the data stored in the flash memory will be erased and set to
default values
Key being created uniquely after each success mutual authentication
for Master Reset
Key being created uniquely after each success mutual authentication
for sensitive data injection
Triple Data Encryption Standard

Table 1: Definitions of Terms

Description
Page 5 of 77
info@acs.com.hk
www.acs.com.hk