ID Tech SecureMag User Manual
  1. Manuals
  2. Brands
  3. ID Tech Manuals
  4. Card Reader
  5. SecureMag
  6. User manual

ID Tech SecureMag User Manual

Encrypted magstrip reader
Hide thumbs Also See for SecureMag:
Table of Contents

Advertisement

Quick Links

Download this manual
SecureMag
Encrypted MagStrip Reader
User Manual
USB, RS232 and PS2 Interface
80096504-001
4 October 2019
ID TECH
10721 Walker Street, Cypress, CA 90630-4720
Tel: (714) 761-6368 Fax (714) 761-8880
www.idtechproducts.com support@idtechproducts.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecureMag and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ID Tech SecureMag

Summary of Contents for ID Tech SecureMag

  • Page 1 SecureMag Encrypted MagStrip Reader User Manual USB, RS232 and PS2 Interface 80096504-001 4 October 2019 ID TECH 10721 Walker Street, Cypress, CA 90630-4720 Tel: (714) 761-6368 Fax (714) 761-8880 www.idtechproducts.com support@idtechproducts.com...
  • Page 2 SecureMag Encrypted MagStrip Reader User Manual FCC WARNING STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
  • Page 3 SecureMag Encrypted MagStrip Reader User Manual FCC warning statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
  • Page 4 SecureMag Encrypted MagStrip Reader User Manual LIMITED WARRANTY ID TECH warrants to the original purchaser for a period of 12 months from the date of invoice that this product is in good working order and free from defects in material and workmanship under normal use and service.

  • Page 5: Table Of Contents

    8.1. Encryption Management ..............................19 8.2. Check Card Format ................................20 8.3. MSR Data Market .................................. 20 9. DEMO PROGRAM ................................... 21 9.1. Overview of SecureMag Demo ............................21 9.1.1. Manual Command ........................................21 9.2. Decryption ....................................22 9.3. Reader Operations................................. 24 10.
  • Page 6 11.1. Decryption Example ................................42 11.1.1. Security Level 3 Decryption - Original Encryption Format ......................42 11.2. SecureMag Reader with Default Settings ........................42 11.2.1. Security Level 4 Decryption - Original Encryption Format ......................44 11.2.2. Security Level 3 Decryption - Enhanced Encryption Format ......................45 11.3.

  • Page 7: Introduction

    ID TECH’s SecureMag prevents card holder information from being accessed when data is in-transit or stored resulting in secure end to end transactions. The SecureMag reader delivers superior reading performance with its ability to encrypt sensitive card data. The reader fully supports TDES and AES data encryption using DUKPT Key management method.

  • Page 8: Specifications

    SecureMag Encrypted MagStrip Reader User Manual 4. Specifications Power Consumption 5VDC +/- 10% Maximum operating consumption is less than 50mA RS232 interface: external power adaptor that supplies power through RS232 cable. USB interface: Is from host interface and no external power adaptor needed.

  • Page 9: Keyboard Wedge

    SecureMag Encrypted MagStrip Reader User Manual ** RTS and CTS are not used unless hardware handshaking support is enabled by Function ID 0x44 (Handshake) IDT standard USB interface cable • Series “A” plug • Standard cable length is 6 feet •...

  • Page 10: Operations

    SecureMag Encrypted MagStrip Reader User Manual 5. Operations The magnetic stripe must be facing towards the magnetic read head and may be swiped in either direction. A card may be swiped through the reader slot when the LED is green. After swiped, the LED will blank until the decoding process is completed.

  • Page 11: Get Setting

    SecureMag Encrypted MagStrip Reader User Manual 6.3. Get Setting The Get Setting command retrieves the reader’s current settings. Command <STX> <R> <FuncID> <ETX> <LRC 1> Response <ACK> <STX> <FuncID> <Len> <FuncData> <ETX> <LRC 2> <FuncID>, <Len> and <FuncData> retrieves the reader’s current settings.

  • Page 12: Get Copyright Information

    Response: ACK STX<Version String> ETX LRC Response mixed with Hex and ASCII: \06\02ID TECH TM3 SecureMag RS232 Reader V 3.19\03\LRC 6.6. Reader Reset Command The reader supports a reset reader command and this command allows the host to return the reader to its default state.

  • Page 13: Disarm To Read

    SecureMag Encrypted MagStrip Reader User Manual Any previously read data will be erased and reader will wait for the next swipe. • As the user swipes a card, the data will be saved but not be sent to the host.

  • Page 14: Read Msr Options Command

    SecureMag Encrypted MagStrip Reader User Manual Response: 06 02 <Len_H> <Len_L> <MSR Data> 03 LRC Other possible response statuses: 18 'Q' command length must be 1 • 18 Reader not configured for buffered mode • NAK Already armed • NAK for keyboard interface is FD, non-KB mode NAK is 15 6.10.
  • Page 15 SecureMag Encrypted MagStrip Reader User Manual Change to Default Settings: 02 53 18 03 LRC This command does not have any <FuncData>. It returns all non-security settings for all groups to their default values. Page | 15...

  • Page 16: Msr Reading Settings

    SecureMag Encrypted MagStrip Reader User Manual 7. MSR Reading Settings: 02 53 1A 01<MSR Reading Settings> 03 LRC ‘0’ MSR Reading Disabled ‘1’ MSR Reading Enabled 7.1. Decoding Method Settings 02 53 1D 01<Decoding Method Settings> 03 LRC Decoding Method Settings: ‘0’...

  • Page 17: Postamble Setting

    SecureMag Encrypted MagStrip Reader User Manual 7.4. Postamble Setting The Postamble serves the same purpose as the Preamble, except it is added to the end of the data string, after any terminator characters. 02 53 D3 <Len><Postamble> 03 LRC Where:...

  • Page 18: Track Selection

    7.9. Start and End Sentinel (Track 2 Account Number Only) The SecureMag can be set to Send or Not Send, the Start or End sentinel, and to send either the Track 2 account number only, or all the encoded data on Track 2. (The Track 2 account number setting doesn’t affect the output of Track 1 and Track 3.)

  • Page 19: Security Features

    SecureMag Encrypted MagStrip Reader User Manual 8. Security Features The reader features configurable security settings. Before encryption can be enabled, Key Serial Number (KSN) and Base Derivation Key (BDK) must be loaded before encrypted transactions can take place. The keys are to be injected by certified key injection facility.

  • Page 20: Check Card Format

    SecureMag Encrypted MagStrip Reader User Manual If the reader is in Security Level 3, for the encrypted fields, the original data is encrypted using the TDES/AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN.

  • Page 21: Demo Program

    DisplayExpirationDataID, parameter range ‘0’~’1’, default value ‘0’ • 9. Demo Program ID TECH SecureMag Demo is provided to demonstrate features of the Encrypted MSR. It supports decrypting the encrypted data and sending command to MSR. 9.1. Overview of SecureMag Demo The demo software is similar for each interface with exception of interface- specific settings.

  • Page 22: Decryption

    SecureMag Encrypted MagStrip Reader User Manual <LRC> is a 1-byte Xor value calculated for the above data block from <STX> to <ETX>. For example, 02 53 18 03 4A, Set Default Configuration. For example, 02 52 22 03 71, Read Firmware Version.
  • Page 23 SecureMag Encrypted MagStrip Reader User Manual The default initial key is 0123456789ABCDEFFEDCBA9876543210. 1. Click Input Initial Key to load the key into demo software. (Only if reader is programmed with the user-defined key.) 2. Re-type the key into the Confirm Key text box.

  • Page 24: Reader Operations

    SecureMag Encrypted MagStrip Reader User Manual 9.3. Reader Operations The demo software can be used to display the card data and send reader commands. To view the card data on screen, place the cursor in the Manual Command/ Reader Output text box and swipe the card.

  • Page 25: Data Format

    SecureMag Encrypted MagStrip Reader User Manual 10. Data Format The USB version of the reader can be operated in two different modes: HID ID TECH mode (HID Mode), Product ID: 2010 • HID with Keyboard Emulation (KB Mode), Product ID: 2030 •...
  • Page 26 7,8 Total Output Length 9-HIDSIZE* Output Data In this approach, the reader will keep all the ID TECH data editing and features like Preamble, Postamble, and other data. The output data is HIDSIZE* bytes; the Total Output Length field indicates the valid data length in the output data.

  • Page 27: Descriptor Tables

    SecureMag Encrypted MagStrip Reader User Manual 10.1.2. Descriptor Tables Device Descriptor: Field Value Description Length Des Type 00 02 bcd USB USB 2.0 Device Class Unused Sub Class Unused Device Protocol Unused Max Packet Size 0A CD 20 10 HID ID TECH Structure...
  • Page 28 SecureMag Encrypted MagStrip Reader User Manual HID Descriptor: Field Value Description Length Des Type 11 01 bscHID Control Code numDescriptors Number of Class Descriptors to follow. DescriptorType Reporter Descriptor 37 00 Descriptor Length HID ID Tech Format 3D 00 HID Other Format...
  • Page 29 SecureMag Encrypted MagStrip Reader User Manual 95 08 Report Count B2 02 01 Feature (Data,Var, Abs, Buffered Bytes) End Collection Reader Descriptors: Value Description 05 01 Usage Page (Generic Desktop) 09 06 Usage (Keyboard) A1 01 Collection (Application) 05 07...

  • Page 30: Level One And Level Two Pos Mode Data Output Format

    SecureMag Encrypted MagStrip Reader User Manual 10.2. Level One and Level Two POS Mode Data Output Format In POS mode, use the special envelope to send out card data, envelope is in the following format: [Right Shift, Left Shift, Right Ctrl, Left Ctrl,] Read Error, Track x ID;...
  • Page 31 SecureMag Encrypted MagStrip Reader User Manual 1: Track 1 sampling data exists (0: Track 1 sampling data does not exist) 1: Track 2 sampling data exists (0: Track 2 sampling data does not exist) 1: Track 3 sampling data exists (0: Track 3 sampling data does not exist)

  • Page 32: Dukpt Level Four Data Output Original Format

    SecureMag Encrypted MagStrip Reader User Manual Track x data length does not include the byte of "Track x data LRC", it is <30> <30> in case of read error on track x. Track Data “Card Track x LRC code” is track x card data.

  • Page 33: Level 4 Data Output Original Format

    SecureMag Encrypted MagStrip Reader User Manual Non-ISO/ABA Data Output Format: card encoding (1: AAMVA, 3: Others) type track status (bit 0,1,2:T1,2,3 decode, bit 3,4,5:T1,2,3 sampling) track 1 unencrypted data length (1-byte, 0 for no track1 data) track 2 unencrypted data length (1-byte, 0 for no track2 data)

  • Page 34: Dukpt Level 3 Data Output Enhanced Format

    SecureMag Encrypted MagStrip Reader User Manual track 1&2 encrypted (AES/TDES encrypted data) • sessionID encrypted (AES/TDES encrypted data) • track 1 hashed (20-bytes SHA1-Xor) • track 2 hashed (20-bytes SHA1-Xor) • track 3 hashed (optional) (20-bytes SHA1-Xor) • DUKPT serial number (10-bytes) •...
  • Page 35 SecureMag Encrypted MagStrip Reader User Manual bit1: 1 – track 2 force encrypt bit2: 1 – track 3 force encrypt bit3: 1 – track 3 force encrypt when card type is 0 bit4: 1 – new mask feature: see note 4) below Note: 1.
  • Page 36 SecureMag Encrypted MagStrip Reader User Manual Command: 53 86 01 <Mask Option> Mask Option: (Default: 0x07) Bit0: 1 – tk1 mask data allow to send when encrypted Bit1: 1 – tk2 mask data allow to send when encrypted Bit2: 1 – tk3 mask data allow to send when encrypted When mask option bit is set –...
  • Page 37 SecureMag Encrypted MagStrip Reader User Manual Track 2 clear/mask data Track 3 clear/mask data Track 1 encrypted data Track 2 encrypted data Track 3 encrypted data Session ID (8 bytes) (Security Level 4 only) Track 1 hashed (20 bytes each) (if encrypted and hash track 1 allowed)
  • Page 38 SecureMag Encrypted MagStrip Reader User Manual Card Type will be 8x for enhanced encryption format and 0x for original encryption format Value Encode Type Description 00h / 80h ISO/ABA format 01h / 81h AAMVA format 03h / 83h Other 04h / 84h Raw;...

  • Page 39: Additional Description

    SecureMag Encrypted MagStrip Reader User Manual Field 9: Encrypted data sent status Bit 0: 1— track 1 encrypted data present Bit 1: 1— track 2 encrypted data present Bit 2: 1— track 3 encrypted data present Bit 3: 1— track 1 hash data present Bit 4: 1—...

  • Page 40: How To Get Encrypted Data Length

    Please refer to section 11.1 Decryption Samples for detailed samples. Track 1, 2, and 3 hashed SecureMag reader uses SHA-1 to generate hashed data for both track 1, track 2 and track 3 unencrypted data. It is 20 bytes long for each track.
  • Page 41 SecureMag Encrypted MagStrip Reader User Manual Track Status (bit 0, 1, 2: T 1 , 2, 3 decode; bit 3, 4, 5: T 1, 2, 3 sampling) Sampling Decoding Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0...

  • Page 42: Additional Settings

    SecureMag Encrypted MagStrip Reader User Manual 11. Additional Settings Send LRC in secured mode (6F) 53 6F 01 31 // to send LRC in secure mode (Default) 53 6F 01 30 // Remove LRC in secure mode Display Expiration Data (50)
  • Page 43 SecureMag Encrypted MagStrip Reader User Manual The above broken down and interpreted —STX character —low byte of total length —high byte of total length —card type byte (interpretation old format ABA card) —3 tracks of data all good —track 1 clear/mask data length —track 2 clear/mask data length...

  • Page 44: Security Level 4 Decryption - Original Encryption Format

    SecureMag Encrypted MagStrip Reader User Manual Masked Data: Track 1 data masked in ASCII %*4266********9999^BUSH JR/GEORGE W.MR^*******************************?* Track 2 data masked in ASCII ;4266********9999=***************?* Track 3 data unencrypted in ASCII ;333333333376767607070776767633333333337676760707077676763333333333767 67607070776767633333333337676760707?2 Key Value F8 2A 7A 0D 7C 67 46 F1 96 18 9A FB 54 2C 65 A3...

  • Page 45: Security Level 3 Decryption - Enhanced Encryption Format

    SecureMag Encrypted MagStrip Reader User Manual Masked Data Track 1 %*4266********9999^BUSH JR/GEORGE W.MR^*******************************?* Track 2 ;4266********9999=***************?* Track 3 ;333333333376767607070776767633333333337676760707077676763333333333767 67607070776767633333333337676760707?2 Key Value 8A 92 F6 74 00 BF 25 2E 57 9A A9 01 FF 27 48 41 62 99 49 01 19 00 00 00 00 04...
  • Page 46 SecureMag Encrypted MagStrip Reader User Manual 19102BA6C505814B585816CA3C2D2F42A99B1B9773EF1B116E005B7CD8681860D174E6 AD316A0ECDBC687115FC89360AEE7E430140A7B791589CCAADB6D6872B78433C3A25DA 9DDAE83F12FEFAB530CE405B701131D2FBAAD970248A456000933418AC88F65E1DB7ED 4D10973F99DFC8463FF6DF113B6226C4898A9D355057ECAF11A5598F02CA31688861C1 57C1CE2E0F72CE0F3BB598A614EAABB16299490119000000000206E203 STX, Length (LSB, MSB), card type, track status, length track 1, length track 2, length track 3 02 9801 80 3F 48-23-6B 03BF The above broken down and interpreted: —STX character...
  • Page 47 SecureMag Encrypted MagStrip Reader User Manual DA7F2A52BD3F6DD8B96C50FC39C7E6AF22F06ED1F033BE0FB23D6BD33DC5A1F808512F 7AE18D47A60CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC8815FF87797AE3 A7BE Track 2 encrypted length 0x23 rounded up to 8 bytes =0x28 (40 decimal) AB3B10A3FBC230FBFB941FAC9E82649981AE79F2632156E775A06AEDAFAF6F0A184318 C5209E55AD Track 3 encrypted length 0x6B rounded up to 8 bytes =0x70 (112 decimal) 44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42 A99B1B9773EF1B116E005B7CD8681860D174E6AD316A0ECDBC687115FC89360A EE7E430140A7B791589CCAADB6D6872B78433C3A25DA9DDAE83F12FEFAB530CE405B70...

  • Page 48: Decrypted Data

    SecureMag Encrypted MagStrip Reader User Manual 11.3. Decrypted Data Track 1 decrypted %B4266841088889999^BUSH JR/GEORGE W.MR^0809101100001100000000046000000?! Track 2 decrypted ;4266841088889999=080910110000046?0 Track 3 decrypted ;333333333376767607070776767633333333337676760707077676763333333333767 67607070776767633333333337676760707?2 Track 1 decrypted data in hex including padding zeros (but there are no pad bytes here)

  • Page 49: Level 4 Activate Authentication Sequence

    SecureMag Encrypted MagStrip Reader User Manual Clear/Masked Data Track 1 %*4266********9999^BUSH JR/GEORGE W.MR^*******************************?* Track 2 ;4266********9999=***************?* Key Value 89 52 50 33 61 75 51 5C 41 20 CF 45 F4 1A BF 1C 62 99 49 01 19 00 00 00 00 03...

  • Page 50: Device Response

    SecureMag Encrypted MagStrip Reader User Manual The minimum timeout duration required is 120 seconds. If the specified time is less than the minimum, 120 seconds would be used for timeout duration. The maximum time allowed is 3600 seconds (one hour). If the reader times out while waiting for the Activation Challenge Reply, the authentication failed.

  • Page 51: Activation Data

    SecureMag Encrypted MagStrip Reader User Manual Authenticated Mode timeout duration, and 8-bytes Session ID encrypted with the result of current DUKPT Key exclusive- or’ed with <3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C>. The Authenticated Mode timeout specifies the maximum time (in seconds) in which a reader would remain in Authenticated Mode.

  • Page 52: Get Reader Status Command

    SecureMag Encrypted MagStrip Reader User Manual The KSN is incremented every time the Authenticated Mode is exited by a timeout or card swipe. When the Authenticated Mode is exited by the Deactivate Authenticated Mode command, the KSN will increase when the increment flag is set to 0x01.

  • Page 53: Appendix A: Mounting Dimension Information

    SecureMag Encrypted MagStrip Reader User Manual Pre-condition: Specifies how the reader goes to its current state as follows 0x00: The reader has no card swipes and has not been authenticated since it was powered up. 0x01: Authentication Mode was activated successfully. The reader processed a valid Activation...

  • Page 54: Appendix B: Setting Configuration Parameters And Values

    SecureMag Encrypted MagStrip Reader User Manual 13. Appendix B: Setting Configuration Parameters and Values Not all Function IDs are present in different hardware versions of the SecureMag. The codes in this list reflect the last row in the table below: The ‘-‘...

  • Page 55: Appendix B: Setting Configuration Parameters And Values

    SecureMag Encrypted MagStrip Reader User Manual 14. Appendix B: Setting Configuration Parameters and Values The following is a table of default setting and available settings (value within parentheses) for each Function ID. Function ID Description Default Setting Description '0' (‘0’~’2’,'4'~'6')
  • Page 56 SecureMag Encrypted MagStrip Reader User Manual send error notification. Control Key Output. 0x33 - Sends start/end sentinel and only sends account number on Track 2, does not send error notification. Control Key Output. 0x34 - Not send start/end sentinel and send all data on Track 2, send error notification(default).
  • Page 57 SecureMag Encrypted MagStrip Reader User Manual 2, and sends error notification. Alt Key Output. 0x3e – Does not send start/end sentinel, only sends account number on Track 2, and sends error notification. Alt Key Output. 0x3f - Sends start/end sentinel,...
  • Page 58 SecureMag Encrypted MagStrip Reader User Manual 0 (any string) Track2PrefixID Track 2 Prefix No prefix for track 2, 6- character max 0 (any string) Track3PrefixID Track 3 Prefix No prefix for track 3, 6- character max 0 (any string) Track1SuffixID...
  • Page 59 SecureMag Encrypted MagStrip Reader User Manual send tk2 hash; bit2:1 send tk3 hash. ‘0’ send in lower case; HexCaseID, '1' (‘0’-‘1’) ‘1’ send in upper case ‘0’ (‘0’~’1’) LRCID track LRC ‘0’ send without track LRC in output; ‘1’ with track LRC ‘%’...
  • Page 60 SecureMag Encrypted MagStrip Reader User Manual 8 encrypt trk 3 if card EncryptOptID encryption type 0; (0-F) options, enhanced only EncryptStrID encrypt structure ‘0’ original; ‘1’ enhanced MaskOptID clear / mask data bit 0 send clear/mask trk1 bit 1 options...

  • Page 61: Appendix C: Key Code Table In Usb Keyboard Interface

    SecureMag Encrypted MagStrip Reader User Manual 15. Appendix C: Key Code Table in USB Keyboard Interface Check if “Cap Locks” is on before sending out code because most characters will be in reverse if it is For Function code B1 to BA set "Num Lock", send out the code, and then clear it.
  • Page 62 SecureMag Encrypted MagStrip Reader User Manual 22 Shift On & 24 Shift On 26 Shift On 27 Shift On 25 Shift On 2E Shift On 27 Shift On 1E Shift On 1F Shift On 20 Shift On 21 Shift On...
  • Page 63 SecureMag Encrypted MagStrip Reader User Manual 1A Shift On 1B Shift On 1C Shift On 1D Shift On 23 Shift On 2D Shift On 2F Shift On 31 Shift On 30 Shift On 35 Shift On Page | 63...
  • Page 64 SecureMag Encrypted MagStrip Reader User Manual \home Home \end → \right ← \left ↑ ↓ \down \pgup PgUp \pgdn PgDn \tab \btab bTab 2B Shift On \esc \enter Enter \num_enter Num_Enter \del Delete \ins Insert Backspace SPACE Pause \ctr1 Ctrl+[...

  • Page 65: Appendix C: Ctrl Or Alt Output

    SecureMag Encrypted MagStrip Reader User Manual \num_pgup Num_PageUp \num_pgdn Num_PageDown \num_end Num_End \num_up Num_↑ \num_right Num_→ \num_down Num_↓ \num_left Num_← \prt_sc Print_Scrn \sysrq System_Request \scroll Scroll_Lock \menu Pause \break Break \caps_lock Caps_Lock \num_/ Num_/ \num_* Num_* \num_- Num_- \num_+ Num_+ \num_.

  • Page 66: Appendix C: Terms And Abbreviations

    SecureMag Encrypted MagStrip Reader User Manual Ctrl-U Alt-021 Ctrl-V Alt-022 Ctrl-W Alt-023 Ctrl-X Alt-024 Ctrl-Y Alt-025 Ctrl-Z Alt-026 Alt-027 Ctrl-\ Alt-028 Ctrl-] Alt-029 Ctrl-6 Alt-030 Ctrl-- Alt-031 15.2. Appendix C: Terms and Abbreviations AAMVA American Association of Motor Vehicle Administration...
  • Page 67 SecureMag Encrypted MagStrip Reader User Manual PS/2 IBM Personal System/2 Keyboard Interface Request to Send Serial Peripheral Interface T1, T2, T3 Track 1 data, Track 2 data, Track 3 data TDES Triple Data Encryption Standard USB Vendor ID Page | 67...

Table of Contents