Level 4 Activate Authentication Sequence - IDTECH SecureHead User Manual

Field 8: Clear/masked data sent status byte:
Bit 0: 1 —track 1 clear/mask data present
Bit 1: 1— track 2 clear/mask data present
Bit 2: 1— track 3 clear/mask data present
Bit 3: 0— reserved for future use
Bit 4: 0— reserved for future use
Bit 5: 0— reserved for future use
Note 4: Encrypted/Hash data sent status
Field 9: Encrypted data sent status
Bit 0: 1— track 1 encrypted data present
Bit 1: 1— track 2 encrypted data present
Bit 2: 1— track 3 encrypted data present
Bit 3: 1— track 1 hash data present
Bit 4: 1— track 2 hash data present
Bit 5: 1— track 3 hash data present
Bit 6: 1—session ID present
Bit 7: 1—KSN present
4.1.23.
Same as 4.14.10 DUKPT Level 3 Data Output Enhanced Format, only change <KSN> to
<device serial number> plus two NULL bytes.

4.13. Level 4 Activate Authentication Sequence

The security level changes from 3 to 4 when the device enters authentication mode successfully.
Once the security level is changed to level 3 or 4, it cannot go back to a lower level.
Activate Authentication Mode Command
When the reader is in security level 4, it would only transmit the card data when it is in
Authenticated Mode.
Authentication Mode Request
When sending the authentication request, the user also needs to specify a time limit for the reader
to wait for the activation challenge reply command. The minimum timeout duration required is 120
seconds. If the specified time is less than the minimum, 120 seconds would be used for timeout
duration. The maximum time allowed is 3600 seconds (one hour). If the reader times out while
waiting for the activation challenge reply, the authentication failed.
Device Response
Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.
SecureHead SPI Interface with FPC User Manual
Fix Key Management Data Output Enhanced Format
Page 32 of 67