1. Manuals
  2. Brands
  3. IDTECH Manuals
  4. Control Unit
  5. SecureHead
  6. User manual

IDTECH SecureHead User Manual page 34

Encrypted magnetic read head, spi interface with fpc
Hide thumbs Also See for SecureHead:
Table of Contents

Advertisement

SecureHead SPI Interface with FPC User Manual
The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response
correctly. If the device cannot decrypt Challenge Reply command, Activate Authenticated Mode
fails and DUKPT KSN advances.
Command Structure
Host -> Device:
<STX><S><82h><10h><Activation Data><ETX><CheckSum>
Device -> Host:
<ACK> (success)
<NAK> (fail)
Activation Data: 16 bytes, structured as <Challenge 1 Response> <Session ID>
Challenge 1 Response: 6 bytes of Challenge 1 random data with 2 bytes of Authenticated mode
timeout duration. It's encrypted using the key derived from the current DUKPT key.
Session ID: 8 bytes Session ID, encrypted using the key derived from the current DUKPT key.
Deactivate Authenticated Mode Command
This command is used to exit Authenticated Mode. Host needs to send the first 7 bytes of
Challenge 2 (from the response of Activate Authenticated Mode command) and the Increment Flag
(00h indicates no increment, 01h indicates increment of the KSN) encrypted with current DUKPT
Key exclusive- or'ed with <3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C>.
If device decrypts Challenge 2 successfully, the device will exit Authenticated Mode. The KSN
will increase if the Increment flag is set to 01h. If device cannot decrypt Challenge 2 successfully,
it will stay in Authenticated Mode until timeout occurs or when customer swipes a card.
The KSN is incremented every time the authenticated mode is exited by timeout or card swipe
action. When the authenticated mode is exited by Deactivate Authenticated Mode command, the
KSN will increment when the increment flag is set to 01h.
Command Structure
Host -> Device:
<STX><S><81h><08h for TDES or 10h for AES><Deactivation Data><ETX><CheckSum>
Device -> Host:
<ACK> (success)
<NAK> (fail)
<Deactivation data>: 8-bytes response to Challenge 2. It contains 7 bytes of Challenge 2 with 1
byte of Increment Flag, encrypted by the specified variant of current DUKPT Key
Copyright © 2010-2013, International Technologies & Systems Corporation. All rights reserved.
Page 34 of 67

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecureHead and is the answer not in the manual?

Related Manuals for IDTECH SecureHead

Table of Contents