1. Manuals
  2. Brands
  3. IDTECH Manuals
  4. Control Unit
  5. SecureHead
  6. User manual

IDTECH SecureHead User Manual page 24

Encrypted magnetic read head, spi interface with fpc
Hide thumbs Also See for SecureHead:
Table of Contents

Advertisement

SecureHead SPI Interface with FPC User Manual
4.1.15. Security Management
This reader is intended to be a secure reader. Security features include:
• Can include Device Serial Number
• Can encrypt track 1 and track 2 data for all bank cards
• Provides clear text confirmation data including card holder's name and a portion of
the PAN as part of the Masked Track Data
• Optional display expiration data
• Security Level is settable
The reader features configurable security settings. Before encryption can be enabled, Key
Serial Number (KSN) and Base Derivation Key (BDK) must be loaded before encrypted
transactions can take place. The keys are to be injected by certified key injection facility.
There are five security levels available when using the DUKPT key management:
• Level 0
Security Level 0 is a special case where all DUKPT keys have been used and is set
automatically when it runs out of DUKPT keys. The lifetime of DUKPT keys is 1
million. Once the key's end of life time is reached, user should inject DUKPT keys
again before doing any more transactions.
• Level 1
By default, readers from the factory are configured to have this security level. There is
no encryption process, no key serial number transmitted with decoded data. The reader
functions as a non-encrypting reader and the decoded track data is sent out in default
mode.
• Level 2
Key Serial Number and Base Derivation Key have been injected but the encryption
process is not yet activated. The reader will send out decoded track data in default
format. Setting the encryption type to TDES and AES will change the reader to security
level 3.
• Level 3
Both Key Serial Number and Base Derivation Keys are injected and encryption mode is
turned on. For payment cards, both encrypted data and masked clear text data are sent
out. Users can select the data masking of the PAN area; the encrypted data format
cannot be modified. Users can choose whether to send hashed data and whether to
reveal the card expiration date. When the encryption is turned on, level 3 is the default
security level.
• Level 4
Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.
Page 24 of 67

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecureHead and is the answer not in the manual?

Subscribe to Our Youtube Channel

Related Manuals for IDTECH SecureHead

Table of Contents