Review Security Level; Encrypt External Data Command; Encrypted Output For Decoded Data; Encrypt Functions - IDTECH SecureHead User Manual

4.10. Review Security Level

<STX><R><7Eh><ETX><CheckSum>
This command is to get the current security level.

4.11. Encrypt External Data Command

This command encrypts the data passed to the SecureHead and sends back the encrypted data to the
host. The command is valid when the security level is set to 3 and 4.
Command:
Host->Device:
<STX><41h><Length<Data To Be Encrypted><ETX><CheckSum>
Where
<Length> is the 2-byte length of <Data To Be Encrypted> in hex, represented as <Length_L>
and <Lengh_H>
Device->Host:
<ACK><STX><Length><Encrypted Data>[SessionID]<KSN><ETX><LRC> (success)
<NAK> (fail)
Where
<Length> is the 2-byte length of <Encrypted Data>[SessionID]<KSN> in hex, represented as
<Length_L> and <Length_H>
[SessionID] is only used at security level 4, it is part of the encrypted data. No data in this field
at security level 3.
<KSN> is a 10 bytes string, in the case of fix key management, use serial number plus two
bytes null characters instead of KSN.
After each successful response, KSN will increment automatically.

4.12. Encrypted Output for Decoded Data

Encrypt Functions

4.12.1.
When a card is swiped through the Reader, the track data will be TDEA (Triple Data
Encryption Algorithm, aka, Triple DES) or AES (Advanced Encryption Standard)
encrypted using Fixed key management or DUKPT (Derived Unique Key Per Transaction)
key management. DUKPT key management uses a base derivation key to encrypt a key
serial number that produces an initial encryption key which is injected into the Reader prior
to deployment. After each transaction, the encryption key is modified per the DUKPT
algorithm so that each transaction uses a unique key. Thus, the data will be encrypted with a
different encryption key for each transaction.
Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.
SecureHead SPI Interface with FPC User Manual
Page 21 of 67