IDTECH SecureHead User Manual
  1. Manuals
  2. Brands
  3. IDTECH Manuals
  4. Control Unit
  5. SecureHead
  6. User manual

IDTECH SecureHead User Manual

Encrypted magnetic read head, spi interface with fpc
Hide thumbs Also See for SecureHead:
Table of Contents

Advertisement

Quick Links

Download this manual
USER MANUAL
SecureHead™
Encrypted Magnetic Read Head
SPI Interface with FPC
80101515-001-C
28 December 2020

Advertisement

Table of Contents
loading

Related Manuals for IDTECH SecureHead

Summary of Contents for IDTECH SecureHead

  • Page 1 USER MANUAL SecureHead™ Encrypted Magnetic Read Head SPI Interface with FPC 80101515-001-C 28 December 2020...
  • Page 2 The specifications described herein were current at the time of publication, but are subject to change at any time without prior notice. ID TECH is a registered trademark of International Technologies & Systems Corporation. SecureHead and Value through Innovation are trademarks of International Technologies & Systems Corporation.
  • Page 3 User Manual, SecureHead SPI Interface Revision History Revision Date Description of Changes 10/01/2013 Initial Release Candy H 11/19/2020 Updated Appendix I 12/28/2020 Removed commands related to Fixed Keys. Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 3 of 67...

  • Page 4: Table Of Contents

    9. APPENDIX E: KEY MANAGEMENT FLOW CH ART ......................... 44 10. APPENDIX F: EXAMPLE OF DEC ODED DATA DECRYPTION....................46 11. APPENDIX G: EXAM PLE OF IDTECH RAW DATA DECRYPTION ................... 53 12. APPENDIX H: EXAM PLE OF SPI MASTER CHIP CONTROLI NG ....................55 13.

  • Page 5: Introduction

    User Manual, SecureHead SPI Interface 1. INTRODUCTION The SPI SecureHead™ magnetic stripe reader can read 1, 2, or 3 tracks of magnetic stripe information. When connected to the host, the SecureHead is completely compatible with SPI Specification. The raw data or decoded data send to host through the SPI.

  • Page 6: Specifications

    User Manual, SecureHead SPI Interface 2. SPECIFICATIONS General 1.1.Card Speed 5 to 60 inches per second Electrical • Operating voltage: 3V or 5V • Maximum support current: 7mA • Units will withstand electrostatic discharge of 4KV anywhere on the unit without damage, 8KV through air.
  • Page 7 User Manual, SecureHead SPI Interface Dimension: PINOUT: SPI Interface PIN # SIGNAL MISO MOSI SPCK Head Case GND Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 7 of 67...
  • Page 8 User Manual, SecureHead SPI Interface Mounting Options: Wing spring mounting is the standard mounting option and can be used on most swipe readers. The protrusion of the head for the surface of the spring is 3.50 mm. Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.

  • Page 9: Spi Operation

    SecureHead SPI Interface with FPC User Manual 3. SPI OPERATION This section describes the SPI (Serial Peripheral Interface), the SPI bus interface timing, communication protocol, timeouts, and data output format. 3.1. SPI Data Transmission A serial peripheral interface (SPI) is an interface that enables the serial exchange of data between two devices, one called a master and the other called a slave.

  • Page 10: Master Input, Slave Output (Miso)

    SecureHead SPI Interface with FPC User Manual 3.3. Master Input, Slave Output (MISO) The MISO signal is the serial data output sent from for the device, it’s also the data line that is received by the host. When the device is not active (Chip Select is high), the MISO becomes high impedance (disconnected).

  • Page 11: Data Available Output (Dav)

    SecureHead SPI Interface with FPC User Manual 3.5. Data Available Output (DAV) The DAV signal is low where there is no data to be transmitted. When the DAV signal is high, it indicates that there is data available for output. The host and then sends out the clock signal to read the data.

  • Page 12: Chip Select

    SecureHead SPI Interface with FPC User Manual About 20ms after receiving command, response is ready and DAV set to high. For some specific commands, the delay will be longer. About 20us after the last byte of response is read out by host, DAV is pulled low. So if user polls DAV status to check whether there are data available, we suggest using 100us polling interval.

  • Page 13: Voltage Input And Ground

    SecureHead SPI Interface with FPC User Manual The NCS is pulled low when the host is communicating with the device. 3.7. Voltage Input and Ground The VIN signal is the power input for the device and has an operating range of 3.0 to 3.6 volts DC.

  • Page 14: Configuration

    SecureHead SPI Interface with FPC User Manual 4. CONFIGURATION The SecureHead reader must be appropriately configured to your application. Configuration settings enable the reader to work with the host system. Once programmed, these configuration settings are stored in the reader’s non-volatile memory (so they are not affected by the cycling of power).

  • Page 15: Communication Timing

    If the terminal tries to talk to SecureHead during this period, SecureHead may not be functional until restart. SecureHead also takes time to process a command. During that processing time, it will not respond to a new command.

  • Page 16: General Selections

    This command does not have any <FuncData>. It returns all settings for all groups to their default values. 4.1.3. MSR Reading Settings Enable or Disable the SecureHead. If the reader is disabled, no data will be sent out to the host. <STX><S><1Ah><01h><MSR Reading Settings><ETX><CheckSum> MSR Reading Settings: “0”...

  • Page 17: Review Settings

    4.4. Review Settings <STX><R><1Fh><ETX><CheckSum> This command does not have any <FuncData>. It activates the review settings command. SecureHead sends back an <ACK> and <Response>. <Response> format: The current setting data block is a collection of many function-setting blocks <FuncSETBLOCK> as follows: <STX><FuncSETBLOCK1>…<FuncSETBLOCKn><ETX><CheckSum>...

  • Page 18: Message Formatting Selections (Only For Security Level 1 & 2)

    SecureHead SPI Interface with FPC User Manual 4.7. Message Formatting Selections (Only for Security Level 1 & 2) 4.1.5. Terminator Setting Terminator characters are used to end a string of data in some applications. <STX><S><21h><01h><Terminator Settings><ETX><CheckSum> <Terminator Settings>: Any one character, 00h is none; default is CR (0Dh).

  • Page 19: Magnetic Track Selections (Only For Security Level 1 & 2)

    SecureHead SPI Interface with FPC User Manual <Len> = the number of bytes of prefix string <Prefix> = {string length}{string} NOTE: String length is one byte, maximum six. 4.1.9. Track n Suffix Setting Characters can be added to the end of track data. These can be special characters to identify the specific track to the receiving host, or any other character string.

  • Page 20: Review Ksn (Dukpt Key Management Only)

    4.1.12. Start/End Sentinel and Track 2 Account Number Only The SecureHead can be set to either send, or not send, the Start/End sentinel, and to send either the Track 2 account number only, or all the encoded data on Track 2. (The Track 2 account number setting doesn’t affect the output of Track 1 and Track 3.)

  • Page 21: Review Security Level

    This command is to get the current security level. 4.11. Encrypt External Data Command This command encrypts the data passed to the SecureHead and sends back the encrypted data to the host. The command is valid when the security level is set to 3 and 4.
  • Page 22 SecureHead SPI Interface with FPC User Manual 4.1.14. Security Related Function ID Security Related Function IDs are listed below. Their functions are described in other sections. Characters Hex Value Description PrePANID First N Digits in PAN which can be clear data...
  • Page 23 SecureHead SPI Interface with FPC User Manual EncryptionID ‘0’ ‘0’ Clear Text ‘1’ Triple DES ‘2’ AES Command format: 02 53 4C 01 31 03 LRC SecurityLevelID ‘1’ ‘0’ ~ ‘3’ Command format: 02 52 7E 03 LRC Device Serial Number ID 00, 00, 00, 00, 00,...
  • Page 24 SecureHead SPI Interface with FPC User Manual 4.1.15. Security Management This reader is intended to be a secure reader. Security features include: • Can include Device Serial Number • Can encrypt track 1 and track 2 data for all bank cards •...
  • Page 25 SecureHead SPI Interface with FPC User Manual When the reader is at Security Level 4, a correctly executed Authentication Sequence is required before the reader sends out data for each card swipe. 4.1.16. Encryption Management The Encrypted swipe read supports TDES and AES encryption standards for data encryption.
  • Page 26 SecureHead SPI Interface with FPC User Manual N and M are configurable and default to 4 first and 4 last digits. They follow the current PCI constraints requirements (N 6, M 4 maximum). Mask character default value is ‘*’. • Set PrePANClrDataID (N), parameter range 00h ~ 06h, default value 04h •...
  • Page 27 SecureHead SPI Interface with FPC User Manual Start or End Sentinel: Characters in encoding format which come before the first data character (start) and after the last data character (end), indicating the beginning and end, respectively, of data. Track Separator: A designated character which separates data tracks.
  • Page 28 SecureHead SPI Interface with FPC User Manual track 1 length (1 byte, 0 for no track1 data)  track 2 length (1 byte, 0 for no track2 data)  track 3 length (1 byte, 0 for no track3 data) ...
  • Page 29 2 data, the length of which is indicated by track 2 unencrypted length filed. Track 1 and Track 2 Hashed SecureHead reader uses SHA-1 to generate hashed data for both track 1 and track 2 unencrypted data. It is 20 bytes long for each track. This is provided with two purposes in mind: One is for the host to ensure data integrity by comparing this field with a SHA-1 hash of the decrypted Track data, prevent unexpected noise in data transmission.
  • Page 30 SecureHead SPI Interface with FPC User Manual Note: 1) When force encrypt is set, this track will always be encrypted, regardless of card type. No clear/mask text will be sent. 2) If and only if in enhanced encryption format, each track is encrypted separately. Encrypted data length will round up to 8 or 16 bytes.
  • Page 31 SecureHead SPI Interface with FPC User Manual Track 3 clear/mask data Track 1 encrypted data Track 2 encrypted data Track 3 encrypted data Session ID (8 bytes) (Security level 4 only) Track 1 hashed (20 bytes each) (if encrypted and hash track 1 allowed)

  • Page 32: Level 4 Activate Authentication Sequence

    SecureHead SPI Interface with FPC User Manual Field 8: Clear/masked data sent status byte: Bit 0: 1 —track 1 clear/mask data present Bit 1: 1— track 2 clear/mask data present Bit 2: 1— track 3 clear/mask data present Bit 3: 0— reserved for future use Bit 4: 0—...
  • Page 33 SecureHead SPI Interface with FPC User Manual When authentication mode is requested, the device responds with two challenges: Challenge 1 and challenge 2. The challenges are encrypted using the current DUKPT key exclusive- or’ed with <F0F0 F0F0 F0F0 F0F0 F0F0 F0F0 F0F0 F0F0>.
  • Page 34 SecureHead SPI Interface with FPC User Manual The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response correctly. If the device cannot decrypt Challenge Reply command, Activate Authenticated Mode fails and DUKPT KSN advances. Command Structure Host -> Device: <STX><S><82h><10h><Activation Data><ETX><CheckSum>...
  • Page 35 SecureHead SPI Interface with FPC User Manual Get Reader Status Command Command Structure Host -> Device: <STX><R><83h><ETX><CheckSum> Device -> Host: <ACK><STX><83h><02h><Current Reader Status><Pre-conditon><ETX><CheckSum> (success) <NAK> (fail) Current Reader Status: 2-bytes data with one byte of <Reader State> and one byte of <Pre- Condition>...

  • Page 36: Other Command Protocol Settings

    Get Device Serial Number: 01 00 0A 01 00 < 8 bytes of Device Serial Number > 4.1.26. Enable/Disable Encryption Enable or Disable the SecureHead Encryption output in other mode (non-ID TECH protocol). If encryption is disabled, original data will be sent out to the host. If it enabled, encrypted data will be...
  • Page 37 Command Response 01 00 0A 01 00 <8 bytes of Challenge Data> 4.1.28. External Authenticate SecureHead will use this command to authenticate the host by comparing the decrypted data from the host with its random data. Command Format: 01 00 06 00 05 <First four bytes of decrypted random data from Get Challenge>...

  • Page 38: Appendix A. Default Setting Table

    SecureHead SPI Interface with FPC User Manual 5. APPENDIX A. DEFAULT SETTING TABLE 5.1. Default Setting Table MSR Reading Enable Decoding Method Both Swiping Direction Decode mode Track Separator Settings Terminator Settings Preamble Settings None Postamble Settings None Track Selected Settings...

  • Page 39: Appendix B: Magnetic Stripe Standard Formats

    SecureHead SPI Interface with FPC User Manual 6. APPENDIX B: MAGNETIC STRIPE STANDARD FORMATS 6.1. ISO Credit Card Format ISO stands for International Standards Organization Track 1 Field ID Contents Length Character Start Sentinel Format Code “B” Account Number 12 or 19 Separator “^”...

  • Page 40: Aamva Driver's License Format

    SecureHead SPI Interface with FPC User Manual 6.2. AAMVA Driver’s License Format Track 1 Start Sentinel State or Province City Name Address End Sentinel Linear Redundancy Check (LRC) Character Track 2 Start Sentinel ANSI User Code ANSI User ID Jurisdiction ID/DL...
  • Page 41 SecureHead SPI Interface with FPC User Manual Linear Redundancy Check (LRC) Character Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 41 of 67...

  • Page 42: Appendix C: Other Mode Card Data Output

    SecureHead SPI Interface with FPC User Manual 7. APPENDIX C: OTHER MODE CARD DATA OUTPUT There is an optional data output format supported by SecureHead in order to be compatible with specific software requirement. <01h> <01h> <1Ah> <02h> <00h> <Left 8 bytes Device Serial Number> <6 Byte Random data>...

  • Page 43: Appendix D: Guide To Encrypting And Decrypting Data

    8. APPENDIX D: GUIDE TO ENCRYPTING AND DECRYPTING DATA The encryption method used by SecureHead is called Cipher-block Chaining (CBC). With this method, each block of data is XOR’ed with the previous data block before being encrypted. The encryption of each block depends on all the previous blocks.

  • Page 44: Appendix E: Key Management Flow Chart

    User Manual, SecureHead SPI Interface 9. APPENDIX E: KEY MANAGEMENT FLOW CHART Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 44 of 67...
  • Page 45 User Manual, SecureHead SPI Interface Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 45 of 67...

  • Page 46: Appendix F: Example Of Decoded Data Decryption

    SecureHead SPI Interface with FPC User Manual 10. APPENDIX F: EXAMPLE OF DECODED DATA DECRYPTION Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Security Level 3 Decryption - Original Encryption Format Example of decryption of a three track ABA card with the original encryption format.
  • Page 47 SecureHead SPI Interface with FPC User Manual Track 3 data unencrypted (length 0x6B) 3B3333333333333333333337363736373630373037303737363736373633333333333333333333373637 3637363037303730373736373637363333333333333333333337363736373630373037303737363736373 633333333333333333333373637363736303730373F32 Track 1 & 2 encrypted length 0x48+0x23 rounded up to 8 bytes =0x6B -> 0x70 (112 decimal) 863E9E3DA28E455B28F7736B77E47A64EDDA3BF03A06E44F31D1818C0BCD7A35 3FB1AD70EFD30FFC3DA08A4FBC9372E57E8B40848BAEAA3FE724B3550E2F4B22 3E6BF264BEAE9E39142B648CDB51FB8DAF8EA5B63913D29419B67582FCCCE9B3 72660F03668CC453216D9449C6B67EF3 Track 1 hashed...
  • Page 48 Security Level 3 Decryption - Enhanced Encryption Format Example of decryption of a three track ABA card with the enhanced encryption format. SecureHead Reader with default settings except enhanced encryption structure format. Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.
  • Page 49 SecureHead SPI Interface with FPC User Manual Enhanced encryption Format (this can be recognized because the high bit of the fourth byte underlined (80) is 1. 029801803F48236B03BF252A343236362A2A2A2A2A2A2A2A393939395E42555348204A522F47454 F52474520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2 A2A2A2A3F2ADA7F2A52BD3F6DD8B96C50FC39C7E6AF22F06ED1F033BE0FB23D6BD33DC5A1 F808512F7AE18D47A60CC3F4559B1B093563BE7E07459072ABF8FAAB5338C6CC8815FF87797AE 3A7BEAB3B10A3FBC230FBFB941FAC9E82649981AE79F2632156E775A06AEDAFAF6F0A184318 C5209E55AD44A9CCF6A78AC240F791B63284E15B4019102BA6C505814B585816CA3C2D2F42A9 9B1B9773EF1B116E005B7CD8681860D174E6AD316A0ECDBC687115FC89360AEE7E430140A7B7 91589CCAADB6D6872B78433C3A25DA9DDAE83F12FEFAB530CE405B701131D2FBAAD970248 A456000933418AC88F65E1DB7ED4D10973F99DFC8463FF6DF113B6226C4898A9D355057ECAF11 A5598F02CA31688861C157C1CE2E0F72CE0F3BB598A614EAABB16299490119000000000206E203 STX, Length(LSB, MSB), card type, track status, length track 1, length track 2, length track 3...
  • Page 50 SecureHead SPI Interface with FPC User Manual Track 2 data in hex masked (length 0x23) 3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A Track2 masked data in ASCII ;4266********9999=***************?* In this example there is no Track 3 data either clear or masked (encrypted and hashed data is below)
  • Page 51 SecureHead SPI Interface with FPC User Manual Decrypted Data: Track 1 decrypted %B4266841088889999^BUSH JR/GEORGE W.MR^0809101100001100000000046000000?! Track 2 decrypted ;4266841088889999=080910110000046?0 Track 3 decrypted ;333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707?2 Track 1 decrypted data in hex including padding zeros (but there are no pad bytes here)
  • Page 52 SecureHead SPI Interface with FPC User Manual Decrypted Data in ASCII: %B4266841088889999^BUSH JR/GEORGE W.MR^0809101100001100000000046000000?! ;4266841088889999=080910110000046?0 ;333333333376767607070776767633333333337676760707077676763333333333767676070707767676 33333333337676760707?2 Decrypted Data in Hex 2542343236363834313038383838393939395E42555348204A522F47454F52474520572E4D525E30383 0393130313130303030313130303030303030303034363030303030303F21 3B343236363834313038383838393939393D3038303931303131303030303034363F300000000000 3B3333333333333333333337363736373630373037303737363736373633333333333333333333373637 3637363037303730373736373637363333333333333333333337363736373630373037303737363736373 633333333333333333333373637363736303730373F320000000000 Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved. Page 52 of 67...

  • Page 53: Appendix G: Example Of Idtech Raw Data Decryption

    SecureHead SPI Interface with FPC User Manual 11. APPENDIX G: EXAMPLE OF IDTECH RAW DATA DECRYPTION Original Raw Data Forward Direction: 01D67C81020408102D4481020408102042890A350854A2FB3EE4BA3D4065B67A9C391F582A42B9 9A858A90AF60852B14AA628A0D 028FC210842C18421084030092040B51581F24B56074404811160D Original Raw Data Backward Direction: 01A28CAA51A9420DEA12A342B33A84A835F13872BCDB4C0578BA4EF9BE8A542158A12284081 020408102456810204081027CD60D 02D11024045C0D5A49F03515A0409201804210843068421087E20D Note: 1. There is track number before each track. Track 1 is 01, Track 2 is 02, Track 3 is 03.
  • Page 54 SecureHead SPI Interface with FPC User Manual 629949011A0000000001 LRC, checksum and ETX 87 1D 03 Key Value: 8A 60 A3 EB 80 87 63 52 B8 F5 05 CD A8 3C 33 70 KSN: 62 99 49 01 1A 00 00 00 00 01...

  • Page 55: Appendix H: Example Of Spi Master Chip Controling

    SecureHead SPI Interface with FPC User Manual 12. APPENDIX H: EXAMPLE OF SPI MASTER CHIP CONTROLING /*H************************************************************************** * NAME: spi_drv.h * Copyright (c) 2003 ID TECH. * RELEASE: cc03-demo-spi-0_0_1 * REVISION: 1.1.1.1 * PURPOSE: * spi lib header file *****************************************************************************/...
  • Page 56 SecureHead SPI Interface with FPC User Manual /*C************************************************************************** * Module: main.c /**************************************************************************** * Copyright (c) 2004 ID TECH inc., /**************************************************************************** * CREATION_DATE: 2004.1.10 /**************************************************************************** * PURPOSE: * spi library low level functions (init, receive and send functions) * and global variables declarations to use with user software application...
  • Page 57 SecureHead SPI Interface with FPC User Manual // ..... Other subroutine to handle other tasks if(SPIMasterCommandReady){ // If SPI master wants to send a command to SPI slave _SPI_SS = 1; // To Generate a falling edge. Not useful for clock phase 0, but clock phase 1 needs this falling edge.
  • Page 58 SecureHead SPI Interface with FPC User Manual /*C************************************************************************** * Module: spi_drv.c /**************************************************************************** * Copyright (c) 2004 ID TECH inc., /**************************************************************************** * CREATION_DATE: 2004.1.10 /**************************************************************************** * PURPOSE: * spi library low level functions (init, receive and send functions) * and global variables declarations to use with user software application...
  • Page 59 SecureHead SPI Interface with FPC User Manual /*F************************************************************************** * NAME: spi_set_speed * PARAMS: ratio: spi clock ratio/XTAL * return: Uchar: status * PURPOSE: * Configure the baud rate of the spi, set CR2, CR1, CR0 * NOTE: * This function is only used in spi master mode, called by spi_master_init...
  • Page 60 SecureHead SPI Interface with FPC User Manual * NOTE: * This function is use only in spi master mode *****************************************************************************/ void spi_Sendout(Uchar data inchar){ Uchar data m; SPDAT = inchar; // send a data, put the data into SPDAT register while(!transmit_completed);// wait for transmition complete (interrupt complete), flag...

  • Page 61: Appendix I: Magnetic Heads Mechanical Design Guidelines

    SecureHead SPI Interface with FPC User Manual 13. APPENDIX I: MAGNETIC HEADS MECHANICAL DESIGN GUIDELINES This section defines the design specifications ID TECH customers require to install magnetic readers and heads to the correct dimensions and other specific requirements that ensure maximum life and reading reliability. ID TECH has spent years testing magnetic heads with our electronics to determine the best dimensions and characteristics.

  • Page 62: Reference Surface/Wear-Plate

    SecureHead SPI Interface with FPC User Manual Figure 2: Standard Magnetic head assembly showing tolerances of Azimuth Reference Surface/Wear-Plate The reference surface is an important element for the proper design of all credit card readers because all dimensions for installing magnetic heads are measured from that surface. There are important considerations to understand when...

  • Page 63: Card Reader Rails/Slot And Magnetic Head Protrusion

    SecureHead SPI Interface with FPC User Manual Card Reader Rails/Slot and Magnetic Head Protrusion When designing a card reader, engineers must consider the thickness of the media used. Magnetic media comes in various thicknesses, but most readers use cards that are nominally 0.030 inches thick +/- 10% .
  • Page 64 SecureHead SPI Interface with FPC User Manual 2. If the rails are designed without using an ID TECH rail, the minimum slot width should be 0.040 inches wide, at a minimum of 0.5 inches on both sides of the magnetic head’s gap. There must also be a smooth transition leading up to the 0.040-inch-wide area of the slot both entering and exiting the magnetic head.

Table of Contents