Appendix D Contact Smart Card L1 Session (Dynapro L1 Only); Overview; Create L1 Session - Magtek IPAD Programmer's Reference Manual
Pin encryption devices
Hide thumbs
Also See for IPAD:
- Installation and operation manual (24 pages) ,
- Programmer's manual (38 pages)
Table of Contents
Advertisement
Appendix D - Contact Smart Card L1 Session (DynaPro L1 Only)
ISO PIN BLOCK – ISO 9564
TLV – ASN.1 and ITU-T X.690
Appendix D
D.1
Overview
DynaPro L1 has enabled host to communicate with Contact Smart Card in Application Protocol Data Unit
(APDU) layer.
D.2
Create L1 Session
The secure communication start with create a secure session. Host request challenge and session from
device, then confirm host has the right to do the secure communication.
The host must follow these steps to create L1 session:
1) Request an authentication token and session key from the device using requestChallengeAndSession.
2) Decrypt the received token with the Acquirer Master key
3) Transform the token and encrypt it with the Acquirer Master key
4) Calculate 8-byte CMAC for the message
5) Using requestConfirmSession to create communicate session
// predefined key deriving mask
byte[] amkDerivedSessionCMAC_Mask = { 0x5e, 0x55, 0x00, 0xb7, 0x89,
0xc4, 0x76, 0xf3, 0x6d, 0xac, 0xdc, 0x90, 0x13, 0x2a, 0xbd, 0x16,
0x29, 0x2a, 0xaa, 0xce, 0xe2, 0x90, 0xb4, 0xee };
byte[] derivedSessionCMAC_Mask = { 0xab, 0x54, 0x65, 0x7d, 0xff, 0x33,
0x31, 0xf7, 0xad, 0x22, 0x93, 0x11, 0x62, 0x48, 0xc5, 0xf3, 0x33,
0x31, 0x0b, 0x6e, 0x68, 0x25, 0xcc, 0xa3 };
byte[] amkDerivedSessionMask = { 0x12, 0x10, 0x74, 0x10, 0x26, 0x75,
0x03, 0x08, 0x06, 0x04, 0x28, 0x08, 0x04, 0x02, 0x10, 0x10, 0x26,
0x75, 0x11, 0x08, 0x01, 0x11, 0x03, 0x91 };
// if your AMK is 16 bytes, extend AMK to 24 bytes before derive key.
// to extend AMK, append left 8 bytes to the end.
bAMKSessionKey = bitXor(AMK, amkDerivedSessionMask);
bAMKCMACKey = bitXor(AMK, amkDerivedSessionCMAC_Mask);
// Get Challenge And Session, a 46 bytes data will save to buffer.
byte[] buffer = ipad.requestChallengeAndSession();
// bytes 2-5 is encrypted partial serial number, byte 6-9 is encrypted
// random number, bytes 10-33 is encrypted session key, (see 99875585)
byte[] iv = {0,0,0,0,0,0,0,0};
byte[] token = SubArray(buffer, 2,32)
TDES_Decrypt_CBC(bAMKSessionKey, iv, token, 32, SessionInfo, 32);
// session info
IPAD, DynaPro, DynaPro Go, and DynaPro Mini| PIN Encryption Devices | Programmer's Reference (Microsoft Windows Store)
Page 69
Contact Smart Card L1 Session (DynaPro L1 Only)
Advertisement
Table of Contents
Need help?
Do you have a question about the IPAD and is the answer not in the manual?
Questions and answers