Table of Contents
Advertisement
4.15. Encrypted Output for Decoded Data
4.15.1. Encrypt Functions
When a card is swiped through the Reader, the track data will be encrypted via TDES (Triple Data
Encryption Algorithm, aka, Triple DES) or AES (Advanced Encryption Standard) using Fixed key
management or DUKPT (Derived Unique Key Per Transaction) key management. DUKPT key
management uses a base derivation key to encrypt a key serial number that produces an initial
encryption key (IPEK), which is injected into the Reader prior to deployment. After each transaction,
the encryption key is modified per the DUKPT algorithm so that each transaction uses a unique key.
Thus, the data will be encrypted with a different encryption key for each transaction, as a safeguard
against replay attacks. DUKPT is described by ANSI X9.24-1:2009; for details, refer to that spec.
4.15.2. Security Related Function ID
Security Related Function IDs are listed below. Their functions are described in other sections.
Characters
PrePANID
PostPANID
MaskCharID
EncryptionID
SecurityLevelID
Device Serial Number ID
DisplayExpirationDataID
KSN and Counter ID
Session ID
Key Management Type
ID
ID TECH SecureHead SPI with TMIV User Manual
Hex Value
Description
49
First N Digits in PAN which can be
clear data
4A
Last M Digits in PAN which can be
clear data
4B
Character used to mask PAN
4C
Security Algorithm
7E
Security Level (Read Only)
4E
Device Serial Number (Can be write
once. After that, can only be read)
50
Display expiration data as mask
data or clear data
51
Review the Key Serial Number and
Encryption Counter
54
Set current Session ID
58
Select Key Management Type
Page | 24
Advertisement
Table of Contents
Need help?
Do you have a question about the SecureHead SPI and is the answer not in the manual?