1. Manuals
  2. Brands
  3. ACS Manuals
  4. Card Reader
  5. ACR3x mobile
  6. Reference manual

Figure 5: Authentication Procedure - ACS ACR3x mobile Reference Manual

Hide thumbs Also See for ACR3x mobile:
Table of Contents

Advertisement

output data is sent to ACR3x through the bridging device using an authentication response message.
When ACR3x receives the authentication response message, the message data will undergo a
decryption operation using its own Customer Master Key and will be converted back to the normal 32
bytes of random numbers. In theory, the first 16 bytes of random numbers should be equal to
RND_B[0:15] and are generated by the data processing server while the other 16 bytes should be
equal to RND_A[0:15] and are originally generated by ACR3x.
ACR3x will first compare if RND_A[0:15] is the same as the original version. If it is the same, then the
data processing server is authenticated by ACR3x. ACR3x will then encrypt RND_B[0:15] obtained
using the Customer Master Key and the feedback to the data processing server through the bridging
device using the answer to the authentication response message.
Upon receiving the answer to the authentication response message, the data processing server will
decrypt the data contained in the message and check if the 16 bytes of random numbers are all equal
to those originally generated RND_B[0:15]. If they are the same, then ACR3x is authenticated by the
server. At this moment, the whole authentication process is completed and sensitive data can be
injected into ACR3x.
After successful authentication, a 16-byte Session Key is generated in both ACR3x and the data
processing server. The Session Key (SK[0:15]) is obtained by padding the first 8 bytes of RND_A at
the end of the first 8 bytes of RND_B, that is:
SK[0:15] = RND_B[0:7] + RND_A[0:7]
All sensitive data leaving out of the Secured Data Processing Server must be encrypted with this
Session Key using the AES-128 CBC ciphering mode. Thus, even if the encrypted data may be
captured in the bridging mobile device, it is still very difficult to retrieve the original sensitive data
without any prior knowledge of the Customer Master Key.
For better pictorial illustration, please refer to figure below (The picture below has omitted the bridging
device for simplicity and better illustration):
4
5
10
ACR3x – Reference Manual
Version 1.03
1.
Send authentication
request message
3.
Answer to the request
message
6.
Send authentication
response message
9.
Answer to the
authentication response
message

Figure 5: Authentication Procedure

Transmitted
through the
bridging device
2
7
8
Page 70 of 77
info@acs.com.hk
www.acs.com.hk

Advertisement

Table of Contents
loading

Related Manuals for ACS ACR3x mobile

Related Content for ACS ACR3x mobile

Table of Contents