Table of Contents
Summary of Contents for IDTECH SecureHead SPI
- Page 1 USER MANUAL SecureHead™ Encrypted Magnetic Read Head With TriMagIV ASIC SPI Interface 80101502-002 Rev J 28 September 2020 ID TECH 10721 Walker Street, Cypress, CA 90630-4720 Tel: (714) 761-6368 Fax (714) 761-8880 www.idtechproducts.com...
- Page 2 ID TECH SecureHead SPI with TMIV User Manual Copyright © 2020 ID TECH. All rights reserved. This document, as well as the software and hardware described in it, is furnished under license and may be used or copied online in accordance with the terms of such license. The content of this document is furnished for information use only, is subject to change without notice, and should not be construed as a commitment by ID TECH.
- Page 3 ID TECH SecureHead SPI with TMIV User Manual Revision History Date Description of Changes 10/15/2015 Initial Release • 09/21/2016 Added discussion of Samsung Pay decoding in 4.4.3. • Added firmware upgradability to Introduction. • 11/01/2016 Added Firmware Upgrade appendix. •...
- Page 4 ID TECH SecureHead SPI with TMIV User Manual Table of Contents 1. INTRODUCTION ................................7 2. SPECIFICATIONS ................................7 2.1. Dimensions ....................................8 2.2. Mounting Options: ................................. 9 2.3. Head assembly only: T ................................. 9 3. SPI OPERATION ................................10 3.1.
- Page 5 ID TECH SecureHead SPI with TMIV User Manual 4.14.3. Encrypt External Data Command ................................23 4.15. Encrypted Output for Decoded Data .......................... 24 4.15.1. Encrypt Functions ......................................24 4.15.2. Security Related Function ID ..................................24 4.16. Security Management ..............................26 4.16.1.
- Page 6 ID TECH SecureHead SPI with TMIV User Manual 8.2.2. Track2 ............................................38 8.2.3. Track3 ............................................38 9. APPENDIX C: OTHER MODE CARD DATA OUTPUT ....................39 10. APPENDIX D: GUIDE TO ENCRYPTING AND DECRYPTING DATA ................. 39 11. APPENDIX E: KEY MANAGEMENT FLOW CHART ....................40 12.
- Page 7 ID TECH SecureHead SPI with TMIV User Manual 1. Introduction The SPI SecureHead™ magnetic stripe reader can read 1, 2, or 3 tracks of magnetic stripe information. When connected to the host, the SecureHead is completely compatible with SPI (Serial Peripheral Interface).
- Page 8 ID TECH SecureHead SPI with TMIV User Manual 2.1. Dimensions Page | 8...
- Page 9 ID TECH SecureHead SPI with TMIV User Manual 2.2. Mounting Options: Wing spring mounting: This is the standard mounting option and can be used on most swipe readers. The protrusion of the head from the surface of the spring is 3.50 mm.
- Page 10 ID TECH SecureHead SPI with TMIV User Manual 3. SPI Operation This section describes SPI (Serial Peripheral Interface), the SPI bus interface timing, communication protocol, timeouts, and data output format. The following table shows the signals used in the SPI interface.
- Page 11 ID TECH SecureHead SPI with TMIV User Manual changed on a rising edge. o For clock phase = 1, data are read on clock's rising edge and data are changed on a falling edge. The signal is required to read card data from the device. The device default uses clock phase = 0 and clock polarity = 0.
- Page 12 ID TECH SecureHead SPI with TMIV User Manual 3.4. Master Output, Slave Input (MOSI) The MOSI signal is the serial data input for the device and serial data output for the host. This signal is sent from the host (master) to the device (slave). The signal might not be required after some device parameters such as the device key has been set and saved.
- Page 13 ID TECH SecureHead SPI with TMIV User Manual After the command is received and the response is ready, the DAV would be set too high for the host to receive response. After the response is received, the DAV would be low, indicating there is no more data to be transmitted.
- Page 14 ID TECH SecureHead SPI with TMIV User Manual When the user swipes a card, no delay is required. Following is the waveform for MSR output: 3.7. Voltage Input and Ground The VIN signal is the power input for the device and has an operating range of 3.0 to 3.6 volts DC. The GND signal is logic ground.
- Page 15 ID TECH SecureHead SPI with TMIV User Manual 4. Configuration The SecureHead reader must be appropriately configured to your application. Configuration settings enable the reader to work with the host system. Once programmed, these configuration settings are stored in the reader’s non-volatile memory (so they are not affected by the cycling of power).
- Page 16 ID TECH SecureHead SPI with TMIV User Manual Special Function Command SecureHead Special Function Command <ACK> and <Response> if OK <NAK> if Error Where: <STX> 02h <S> Indicates setting commands. 53h <R> Indicates read status commands. 52h <FuncID>...
- Page 17 ID TECH SecureHead SPI with TMIV User Manual 4.4. General Selections This group of configuration settings defines the basic operating parameters of SecureHead. 4.5. Change to Default Settings Command: <STX><S><18h><ETX><CheckSum> This command does not have any <FuncData>. It returns all settings for all groups to their default values.
- Page 18 ID TECH SecureHead SPI with TMIV User Manual 4.7.1. Samsung Pay Encoding/Decoding Special track decoding considerations apply to Samsung Pay interactions. Samsung Pay/MST (LoopPay) sends out a magnetic signal to a magnetic head. So MCUs may receive identical magnetic signals on all tracks. However, Samsung Pay devices send out Track1 and Track2 data consecutively, making it possible to disambiguate the tracks.
- Page 19 ID TECH SecureHead SPI with TMIV User Manual 4.10. Review Serial Number Command: <STX><R><4Eh><ETX><CheckSum> This command gets the device serial number. 4.11. Message Formatting Selections (Only for Security Level 1 & 2) 4.11.1. Terminator Setting Terminator characters are used to end a string of data in some applications.
- Page 20 ID TECH SecureHead SPI with TMIV User Manual 4.11.4. Track n Prefix Setting Characters can be added to the beginning of a track data. These can be special characters to identify the specific track to the receiving host, or any other character string. Up to six ASCII characters can be defined.
- Page 21 ID TECH SecureHead SPI with TMIV User Manual “7” Require All Three Tracks • “8” Any Track1 & 2 • “9” Any Track2 & 3 • Note: If any of the required multiple tracks fail to read for any reason, no data for any track will be sent.
- Page 22 ID TECH SecureHead SPI with TMIV User Manual 1. First, the host would get a data block which is generated by encrypting a random 8-byte data using TDES algorithm. 2. The host then decrypts the data block using TDES algorithm using the current device key.
- Page 23 ID TECH SecureHead SPI with TMIV User Manual 4.14.1. Review KSN (DUKPT Key management only) Command: <STX><R><51h><ETX><CheckSum> This command gets the DUKPT key serial number and counter. 4.14.2. Review Security Level Command: <STX><R><7Eh><ETX><CheckSum> This command gets the current security level.
- Page 24 ID TECH SecureHead SPI with TMIV User Manual 4.15. Encrypted Output for Decoded Data 4.15.1. Encrypt Functions When a card is swiped through the Reader, the track data will be encrypted via TDES (Triple Data Encryption Algorithm, aka, Triple DES) or AES (Advanced Encryption Standard) using Fixed key management or DUKPT (Derived Unique Key Per Transaction) key management.
- Page 25 ID TECH SecureHead SPI with TMIV User Manual The example below lists possible settings of these new functions. Characters Default Setting Description PrePANID 00h ~ 06h Allowed clear text from start of PAN Command format: 02 53 49 01 04 03 LRC...
- Page 26 ID TECH SecureHead SPI with TMIV User Manual 4.16. Security Management This reader is intended to be a secure reader. Security features include: • Can include Device Serial Number • Can encrypt Track1 and Track2 data for all bank cards •...
- Page 27 ID TECH SecureHead SPI with TMIV User Manual 5. Encryption Management The Encrypted swipe read supports TDES and AES encryption standards for data encryption. Encryption can be turned on via a command. TDES is the default. If the reader is at or above security Level 3, for the encrypted fields, the original data is encrypted using the TDES/AES CBC mode with an Initialization Vector of all binary zeroes and the Encryption Key associated with the current DUKPT KSN.
- Page 28 ID TECH SecureHead SPI with TMIV User Manual N and M are configurable and default to 4 first and 4 last digits. They follow the current PCI constraints requirements (N 6, M 4 maximum). Mask character default value is ‘*’.
- Page 29 ID TECH SecureHead SPI with TMIV User Manual 6.2.3. Definitions Start or End Sentinel: Characters in encoding format which come before the first data character (start) and after the last data character (end), indicating the beginning and end, respectively, of data.
- Page 30 ID TECH SecureHead SPI with TMIV User Manual Track3 hashed (20 bytes each) (if encrypted and hash Track3 allowed) KSN (10 bytes) CheckLRC CheckSum ETX Where: <STX> = 02h • <ETX> = 03h • Description (see also Appendix F for a real-world example): 6.3.1.
- Page 31 ID TECH SecureHead SPI with TMIV User Manual 6.3.2. Card Encode Type Value Encode Type Description 80 ISO 7813/ISO 4909/ABA format 81 AAMVA format 83 Other 84 Raw; un-decoded format All tracks are encrypted and no mask data is sent. No track indicator ‘01’, ‘02’...
- Page 32 ID TECH SecureHead SPI with TMIV User Manual 6.6. Clear/Masked Data sent status Bit 0 1: Track1 clear/mask data present Bit 1 1: Track2 clear/mask data present Bit 2 1: Track3 clear/mask data present Bit 3 1: fixed key 0: DUKPT Key Management...
- Page 33 ID TECH SecureHead SPI with TMIV User Manual 6.9. Track Hashed Data SecureHead reader uses SHA-1 to generate hashed data for both Track1, Track2 and Track3 unencrypted data. It is 20 bytes long for each track. This is provided with two purposes in mind: One is for the host to ensure data integrity by comparing this field with a SHA-1 hash of the decrypted Track data, prevent unexpected noise in data transmission.
- Page 34 ID TECH SecureHead SPI with TMIV User Manual 6.10. Mask Option Setting (for enhanced encryption format only) Command: 53 86 01 <Mask Option> Mask Option: (Default: 0x07) bit0: 1: Track1 mask data allow to send when encrypted bit1: 1: Track2 mask data allow to send when encrypted...
- Page 35 ID TECH SecureHead SPI with TMIV User Manual 6.13. Note 3: Clear/mask data sent status Field 8 (Clear/mask data sent status) and field 9 (Encrypted/Hash data sent status) will only be sent out in enhanced encryption format. Field 8: Clear/masked data sent status byte:...
- Page 36 ID TECH SecureHead SPI with TMIV User Manual 7. Appendix A: Default Setting Table MSR Reading Enabled Decoding Method Both Swiping Direction Decode mode Track Separator Settings Terminator Settings Preamble Settings None Postamble Settings None Track Selected Settings Any Track...
-
Page 37: 8.1.2. Track2
ID TECH SecureHead SPI with TMIV User Manual 8. Appendix B: Magnetic Stripe Standard Formats 8.1. ISO Credit Card Format ISO stands for International Standards Organization 8.1.1. Track1 Field ID Character Contents Length Start Sentinel Format Code “B” Account Number 12 or 19 Separator “^”... -
Page 38: Table Of Contents
ID TECH SecureHead SPI with TMIV User Manual 8.2.2. Track2 Field ID Character Contents Length Start Sentinel ANSI User Code ANSI User ID Jurisdiction ID/DL Expiration date Birth Date Remainder of Jurisdiction ID/DL End Sentinel Linear Redundancy Check (LRC) Character 8.2.3. -
Page 39: Height
ID TECH SecureHead SPI with TMIV User Manual 9. APPENDIX C: Other Mode Card Data Output There is an optional data output format supported by SecureHead to be compatible with specific software requirements. <01h> <01h> <1Ah> <02h> <00h> <Left 8 bytes Device Serial Number> <6 Byte Random data>... -
Page 40: Endorsements
ID TECH SecureHead SPI with TMIV User Manual 11. APPENDIX E: Key Management Flow Chart Page | 40... -
Page 41: Ansi User Id
ID TECH SecureHead SPI with TMIV User Manual 12. APPENDIX F: Example of Decoded Data Decryption Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Security Level 3 Decryption - Enhanced Encryption Format Example of decryption of a three track ABA card with the enhanced encryption format. SecureHead Reader with default settings except enhanced encryption structure format. -
Page 42: Error Correction
ID TECH SecureHead SPI with TMIV User Manual Bit 1=1: Track2 encrypted data present Bit 0=1: Track1 encrypted data present Track1 data masked (length 0x48) 252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454F5247452057 2E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A 3F2A Track1 masked data in ASCII %*4266********9999^BUSH JR/GEORGE W.MR^*******************************?* Track2 data in hex masked (length 0x23) - Page 43 ID TECH SecureHead SPI with TMIV User Manual Track1: %*4266********9999^BUSH JR/GEORGE W.MR^*******************************?* Track2: ;4266********9999=***************?* Key Value: 1A 99 4C 3E 09 D9 AC EF 3E A9 BD 43 81 EF A3 34 KSN: 62 99 49 01 19 00 00 00 00 02...
-
Page 44: Birth Date
ID TECH SecureHead SPI with TMIV User Manual 13. APPENDIX G: Example Of ID TECH Raw Data Decryption Original Raw Data Forward Direction 01D67C81020408102D4481020408102042890A350854A2FB3EE4BA3D4065B67A9C391F 582A42B9 9A858A90AF60852B14AA628A0D 028FC210842C18421084030092040B51581F24B56074404811160D Original Raw Data Backward Direction 01A28CAA51A9420DEA12A342B33A84A835F13872BCDB4C0578BA4EF9BE8A542158A122 84081020408102456810204081027CD60D02D11024045C0D5A49F03515A04092018042 10843068421087E20D Note: There is track number before each track. Track1 is 01, Track2 is 02, Track3 is 03. - Page 45 ID TECH SecureHead SPI with TMIV User Manual KSN 629949011A0000000001 LRC, checksum and ETX 87 1D 03 Key Value: 8A 60 A3 EB 80 87 63 52 B8 F5 05 CD A8 3C 33 70 KSN: 62 99 49 01 1A 00 00 00 00 01...
-
Page 46: Restrictions
ID TECH SecureHead SPI with TMIV User Manual 14. APPENDIX H: Example oF SPI Master Chip Controlling /*H************************************************************************** * NAME: spi_drv.h * Copyright (c) 2003 ID TECH. * RELEASE: cc03-demo-spi-0_0_1 * REVISION: 1.1.1.1 * PURPOSE: * spi lib header file... -
Page 47: Postal Code
ID TECH SecureHead SPI with TMIV User Manual * spi library low level functions (init, receive and send functions) * and global variables declarations to use with user software application *****************************************************************************/ I N C L U D E S */ #include "spi_drv.h"... - Page 48 ID TECH SecureHead SPI with TMIV User Manual _SPI_SS = 1; // Read out all the data from SPI slave, set chip select pin to idle for(i = 0; i < spilength; i++){ // Send out data from UART port.
- Page 49 ID TECH SecureHead SPI with TMIV User Manual _SPI_SS = 1; // Read out all the data from SPI slave, set BeepOn_Long(); // Send out one beep to indicate command finished. // ..... Other subroutine to handle other while( TRUE );...
-
Page 50: Jurisdiction Id/Dl
ID TECH SecureHead SPI with TMIV User Manual SPI_RATIO_4; break; FCLK PERIPH/4 case SPCON SPI_RATIO_8; break; // FCLK PERIPH/8 case 16:SPCON |= SPI_RATIO_16; break; // FCLK PERIPH/16 case 32:SPCON |= SPI_RATIO_32; break; // FCLK PERIPH/32 case 64:SPCON |= SPI_RATIO_64; break; // FCLK PERIPH/64 case 128:SPCON |= SPI_RATIO_128;... - Page 51 ID TECH SecureHead SPI with TMIV User Manual 15. APPENDIX I: Magnetic Heads Mechanical Design Guidelines This installation guide is specifically to be used when installing ID TECH’s magnetic heads with spring mounts. 1. ISO 7810 and ISO 7811 standards define the specification for all “standard”...
-
Page 52: Reserved Space
ID TECH SecureHead SPI with TMIV User Manual The center line of head should be parallel to the reference surface 4. The card thickness must be considered when designing the rail and head mounting. The distance between the head (located on the crown of the head) and opposing wall of card slot must be positioned so that it has a minimum of 0.010... - Page 53 ID TECH SecureHead SPI with TMIV User Manual 8. The bottom of slot and the slot walls should not have any discontinuities and must be flat (no deformation is allowed). The portion of the slot wall, about 10mm on each side of the magnetic head’s crown, should not have draft and must be perpendicular to the bottom of slot (reference surface).
- Page 54 ID TECH SecureHead SPI with TMIV User Manual thick will result in a 0.14+/- 0.03 mm bow. The bumps should by cylindrical and their crown parallel with the slot wall opposite to the head crown; this will ensure that when the head is mounted into the rail, its crown will be parallel to the slot surface and will make good contact with the magnetic stripe on the card.
- Page 55 ID TECH SecureHead SPI with TMIV User Manual ID TECH can provide samples of a rail and magnetic head for design reference. Order these through your local sales representative using the following part numbers: 90mm rail 80006248-001 and • Standard wing spring head 80027236-001 •...
- Page 56 ID TECH SecureHead SPI with TMIV User Manual 16. APPENDIX J: Firmware Upgrade ID TECH TM4 SPI SecureHead firmware can be updated through the SPI communication port. ID TECH can provide Windows-based utility software, FWUpdate.exe, and an RS-232 to SPI converter board for reference.
- Page 57 ID TECH SecureHead SPI with TMIV User Manual 16.4. Example Following is an example when loading firmware with ID TECH FWUpdate software. Step 1: Review current firmware version: 02 52 22 88 03 f9 06 02 49 44 20 54 45 ..ID TEC 250ms...