How it Works
ACS
Loading...
AET63
User Manual
26 pgs772.75 Kb0
Table of contents
Loading...

ACS AET63 User Manual

Download
Page 1
AET63 BioTRUSTKey
Reference Manual
Subject to change without prior notice
info@acs.com.hk
www.acs.com.hk
Page 2

Table of Contents

6.1.1. Normal Command (Length < 255 bytes).......................................................................8
6.1.2. Extended Command.....................................................................................................9
6.2.1. No Transmission Error with Normal Response (Length < 255 bytes)..........................9
6.2.2. No Transmission Error with Extended Response.......................................................10
6.2.3. Transmission error......................................................................................................11
7.1.1. GET_ACR_STAT........................................................................................................13
7.1.2. SELECT_CARD_TYPE ..............................................................................................14
7.1.3. RESET........................................................................................................................14
7.1.4. SET_NOTIFICATION..................................................................................................14
7.1.5. SET_OPTION .............................................................................................................15
7.2.1. EEPROM_READ_DATA.............................................................................................16
7.2.2. EEPROM_WRITE_DATA...........................................................................................16
7.3.1. TFM_COMMAND........................................................................................................17
7.3.2. TFM_RESET...............................................................................................................17
7.3.3. TFM_SMARTCARD....................................................................................................18
7.3.4. TFM_OPEN_SECURE_SESSION .............................................................................19
7.4.1. RESET........................................................................................................................20
7.4.2. POWER_OFF .............................................................................................................20
7.4.3. EXCHANGE_APDU....................................................................................................20
7.4.4. EXCHANGE_T1_FRAME...........................................................................................21
7.5.1. ACTIVATE_SAM.........................................................................................................22
7.5.2. DEACTIVATE_SAM....................................................................................................22
7.5.3. EXCHANGE_SAM_APDU..........................................................................................23
7.5.4. EXCHANGE_SAM_T1_FRAME.................................................................................24
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 2 of 26
info@acs.com.hk
www.acs.com.hk
Page 3

1.0. Introduction

The AET63 BioTRUSTKey provides an interface for communication between a computer, a smart card, and TFM (Trusted Fingerprint Module). Because different types of smart cards have their own sets of communication protocols and commands, direct communication between a smart card and a computer is prevented in most cases. The BioTRUSTKey establishes a uniform interface between a computer and a smart card for a wide variety of cards. By taking care of card specifics, it relieves the program developer of having to study details of smart card operation – which are, in many cases, not relevant to the implementation of a smart card-based system.
The AET63 BioTRUSTKey is connected to the computer through USB interface. The reader accepts commands from the computer, carries out the specified function at the smart card and/or TFM, and returns the requested data or status information.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 3 of 26
info@acs.com.hk
www.acs.com.hk
Page 4

2.0. Supported Card Types

The AET63 can operate MCU card with T=0 and T=1 protocol. The table presented in Appendix A explains which card type selection value must be specified for the various card types supported by the reader.

2.1. Microcontroller-Based Smart Cards (Asynchronous Interface)

The AET63 supports EEPROM microcontroller-based cards with internal programming voltage (VPP) generation and the following programming parameters transmitted in the ATR:
PI1 = 0 or 5 I = 25 or 50
The AET63 performs the Protocol and Parameters Selection (PPS) procedure as specified in ISO7816-3:1997.
When the card ATR indicates the specific operation mode (TA
present; bit b5 of TA2 must be 0) and
2
that particular mode is not supported by the AET63, the reader will reset the card to set it to negotiable mode. If the card cannot be set to negotiable mode, the reader will reject the card.
When the card ATR indicates the negotiable mode (TA
not present) and communication parameters
2
other than the default parameters, the AET63 will execute the PPS and try to use the communication parameters that the card suggested in its ATR. If the card does not accept the PPS, the reader will use the default parameters (F=372, D=1).
For the meaning of the aforementioned parameters, please refer to ISO7816, part 3.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 4 of 26
info@acs.com.hk
www.acs.com.hk
Page 5

3.0. Smart Card Interface

The interface between the AET63 and the inserted smart card follows the specifications of ISO7816-3 with certain restrictions or enhancements to increase the practical functionality of the AET63.

3.1. Smart Card Power Supply VCC (C1)

The current consumption of the inserted card must not be higher than 50mA.

3.2. Programming Voltage VPP (C6)

According to ISO 7816-3, the smart card contact C6 (VPP) supplies the programming voltage to the smart card. Since all common smart cards in the market are EEPROM based and do not require the provision of an external programming voltage, the contact C6 (VPP) has been implemented as a normal control signal in the AET63. The electrical specifications of this contact are identical to those of the signal RST (at contact C2).

3.3. Card Type Selection

The controlling PC has to always select the card type through the proper command sent to the AET63 prior to activating the inserted MCU card.
For MCU-based cards, the reader allows selection of the preferred protocol, T=0 or T=1. However, this selection is only accepted and carried out by the reader through the PPS when the card inserted in the reader supports both protocol types. Whenever an MCU-based card supports only one protocol type, T=0 or selected by the application.
T=1, the reader automatically uses that protocol type, regardless of the protocol type

3.4. Interface for Microcontroller-based Cards

For microcontroller-based smart cards only the contacts C1 (VCC), C2 (RST), C3 (CLK), C5 (GND) and C7 (I/O) are used. A frequency of 4 MHz is applied to the CLK signal (C3).

3.5. Card Tearing Protection

The AET63 provides a mechanism to protect the inserted card when it is suddenly withdrawn while it is powered up. The power supply to the card and the signal lines between the AET63 and the card are immediately deactivated when the card is being removed. As a general rule, however, to avoid any electrical damage, a card should only be removed from the reader while it is powered do wn.
NOTE: The AET63 does never by itself switch on the power supply to the inserted card. This must explicitly be done by the controlling computer through the proper command sent to the reader.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 5 of 26
info@acs.com.hk
www.acs.com.hk
Page 6

4.0. Power Supply

The AET63 requires a voltage of 5V DC, 100mA, regulated, power supply. The AET63 gets the power supply from PC (through the cable supplied along with each type of reader).
Status LEDs
Two green LED on the front of the reader indicates the activation status of the smart card interface and the status of power supply of the device:
First Green LED Indicates power supply to the device, i.e., the device is receiving power from
the computer. As long as the device is connected to the PC, this LED light is on.
Second Green LED Indicates that a smart card is present in the device, i.e., the smart card is
activated. As long as there is a smart card inserted in the device, this light is on.
NOTE: This is applicable if you are using the PCSC device installer for AET63
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 6 of 26
info@acs.com.hk
www.acs.com.hk
Page 7

5.0. USB Interface

The AET63 is connected to a computer through a USB following the USB standard.

5.1. Communication Parameters

The AET63 is connected to a computer through USB as specified in the USB Specification. The AET63 is working in low speed mode, i.e. 1.5 Mbps.
USB Interface Wiring
Pin Signal Function
1 V 2 D- Differential signal transmits data between AET63 and PC. 3 D+ Differential signal transmits data between AET63 and PC. 4 GND Reference voltage level for power supply
NOTE: In order for the AET63 to function properly through USB interface, either ACS proprietary device drive or ACS PC/SC device driver has to be installed. Please refer to the Device Driver Installation Guide for more detail.
+5V power supply for the reader
BUS
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 7 of 26
info@acs.com.hk
www.acs.com.hk
Page 8

6.0. Communication Protocol

In the normal operation, the AET63 acts as a slave device with regard to the communication between a computer and the reader. The communication is carried out in the form of successive command­response exchanges. The computer transmits a command to the reader and receives a response from the reader after the command has been executed. A new command can be transmitted to the AET63 only after the response to the previous command has been received.
There are two cases where the reader transmits data without having received a command from the computer, namely, the Reset Message of the reader and the Card Status Message.

6.1. Command

6.1.1. Normal Command (Length < 255 bytes)

A command consists of four protocol bytes and a variable number of data bytes and has the following structure:
Byte 1 2 3 4 ... N+3 (0<N<255) N+4
Header Instruction Data length =
Data Checksum
N
Header 01H to indicate the start of a standard command.
02
to indicate the start of an encrypted command (support from firmware 0.67
H
onwards, only used in PTVerifySC
(*)
and PTVerifySCAll
(*)
)
Instruction The instruction code of the command to be carried out by the AET63 Data Length Number of subsequent data bytes.(0 < N < 255) Data Data contents of the command.
For a READ command, for example, the data bytes would specify the start address and the number of bytes to be read. For a WRITE command, the data bytes would specify the start address and the data to be written to the card.
The data bytes can represent values to be written to a card and/or command parameters such as an address, a counter, etc.
Checksum The checksum is computed by XORing all command bytes including header,
instruction, data length and all data bytes.
Note (*) : Please refer to “BioTRUSTKey API Manual.doc” for the descriptions of PTVerifySC
and PTVerifySCAll.
The following example shows the structure of a command with instruction code = 91 bytes with the values 11
, 22H and 33H, respectively:
H
and three data
H
Byte 1 2 3 4 5 6 7
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
01
91
H
03
H
11
H
Document Title Here
22
H
33
H
93 H
H
Page 8 of 26
info@acs.com.hk
www.acs.com.hk
Page 9

6.1.2. Extended Command

A command consists of six protocol bytes and a variable number of data bytes and has the following structure:
Byte 1 2 3 4 5 6 ... N+5
N+6
(N>0)
Header Instruction Data Length = N Data Checksum
FFH Data Length N
Header 01H to indicate the start of a standard command.
02
to indicate the start of an encrypted command (support from firmware 0.67
H
onwards, only used in PTVerifySC
(*)
and PTVerifySCAll
(*)
)
Instruction The instruction code of the command to be carried out by the AET63. Data Length Number of subsequent data bytes, and is encoded in 3 bytes. The first byte is FF
.
H
The second byte and the third byte represent data length N.
Data Data contents of the command.
For a READ command, for example, the data bytes would specify the start address and the number of bytes to be read. For a WRITE command, the data bytes would specify the start address and the data to be written to the card.
The data bytes can represent values to be written to a card and/or command parameters such as an address, a counter, etc.
Checksum The checksum is computed by XORing all command bytes including header,
instruction, data length and all data bytes.
Note (*) : Please refer to “BioTRUSTKey API Manual.doc” for the descriptions of PTVerifySC
and PTVerifySCAll.

6.2. Response

The response from the AET63 to any command depends on whether the command has been received by the reader without error (e.g., checksum error).

6.2.1. No Transmission Error with Normal Response (Length < 255 bytes)

The response by the AET63 to a correctly received command consists of three protocol bytes, two status bytes and a variable number of data bytes and has the following structure:
Byte 1 2 3 4 5 ... N+4
Header SW1 SW2 Data length = N Data Checksum
Header 01H to indicate the start of the normal response.
02
to indicate the start of an encrypted response (support from firmware 0.67
H
onwards, only used in PTVerifySC
(*)
and PTVerifySCAll
SW1 Indicates the command execution status:
90 60
= command successfully executed
H
= error in command data; command cannot be executed
H
(0<N<255)
(*)
)
N+5
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 9 of 26
info@acs.com.hk
www.acs.com.hk
Page 10
67 H = error detected in command execution FF
= status message initiated by the reader
H
SW2 Further qualification of the command execution status.
A table listing the possible values of the status bytes SW1 and SW2 and the corresponding meaning is given in Appendix B.
Data Length Number of subsequent data bytes (0 < N < 255) Data Data contents of the command.
For a READ_DATA command, for example, the data bytes would contain the contents of the memory addresses read from the card. The data bytes can represent values read from the card and/or status information.
Checksum The checksum is computed by XORing all response bytes including header, status
bytes, data length and all data bytes.
Note (*) : Please refer to “BioTRUSTKey API Manual.doc” for the descriptions of PTVerifySC
and PTVerifySCAll.
The following example shows the structure of the response to a command which has successfully been executed and which returns three data bytes with the values 11
, 22H and 33H, respectively:
H
Byte 1 2 3 4 5 6 7 8
01
90 H 00 H 03 H 11 H 22 H 33 H 92 H
H

6.2.2. No Transmission Error with Extended Response

The response by the AET63 to a correctly received command consists of three protocol bytes, two status bytes and a variable number of data bytes and has the following structure:
Byte 1 2 3 4 5 6 7 ... N+6
Header SW1 SW2 Data length = N Data Checksum
FFH Data Length N
Header 01H to indicate the start of the normal response.
02
to indicate the start of an encrypted response (support from firmware 0.67
H
onwards, only used in PTVerifySC
(*)
and PTVerifySCAll
SW1 Indicates the command execution status:
90 60 67 FF
= command successfully executed
H
= error in command data; command cannot be executed
H
= error detected in command execution
H
= status message initiated by the reader
H
SW2 Further qualification of the command execution status.
(*)
(N>0)
)
N+7
Data Length Number of subsequent data bytes, and is encoded in 3 bytes. The first byte is FF
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
A table listing the possible values of the status bytes SW1 and SW2 and the corresponding meaning is given in Appendix B.
.
H
The second byte and the third byte represent data length N.
Page 10 of 26
Document Title Here
info@acs.com.hk
www.acs.com.hk
Page 11
Data Data contents of the command.
For a READ_DATA command, for example, the data bytes would contain the contents of the memory addresses read from the card. The data bytes can represent values read from the card and/or status information.
Checksum The checksum is computed by XORing all response bytes including header, status
bytes, data length and all data bytes.
Note (*) : Please refer to “BioTRUSTKey API Manual.doc” for the descriptions of PTVerifySC
and PTVerifySCAll.

6.2.3. Transmission error

If the receiving party of a command (i.e., the AET63) or a response (i.e., the computer) detects an error in the data length or the checksum of a command, it disregards the received data and sends a "NOT ACKNOWLEDGE" message to the transmitting party upon completion of the faulty transmission. The "NOT ACKNOWLEDGE" message consists of two bytes:
Byte 1 2
05 H
05
H
If the AET63 responds with a 'NOT ACKNOWLEDGE' message to a command from the computer, the computer would normally transmit the command again. If the computer detects a transmission error in a response from the AET63, it can send the 'NOT ACKNOWLEDGE' to the reader upon which the reader will transmit the most recent response again.

6.3. Card Status Message

When a card is being inserted into the reader or an inserted card is being removed from the reader while the reader is idle, i.e., not executing a command, the reader transmits a Card Status Message to notify the host computer of the change in the card insertion status.
In a system where these unsolicited messages from the reader to the computer are not desired, they can be disabled with the SET_NOTIFICATION command. Please note that the setting made with this command is volatile and will be lost with the next reader reset or power up. By default, the Card Status Message will be transmitted by the reader after a reset.
The Card Status Messages have the following structure and conten ts:
Card Status Message for Card Insertion
Byte 1 2 3 4 5
Header SW1 SW2 Data
length
01 H FF H 01 H 00 H FF
Card Status Message for Card Removal
Byte 1 2 3 4 5
Header SW1 SW2 Data
length
Checksum
H
Checksum
A card status message is transmitted only once for every card insertion or removal event. The reader does not expect an acknowledge signal from the computer. After transmitting a status message, the reader waits for the next command from the computer.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
01 H FF H 02 H 00 H FC
H
Document Title Here
Page 11 of 26
info@acs.com.hk
www.acs.com.hk
Page 12
NOTE: If the card is being removed from the reader while a card command is being executed, the
reader will transmit a normal response to the computer with the response status bytes indicating the card removal during command execution (see Appendix B: Response Status Codes).

6.4. Transmission Protocol

The start of a command (to the reader) or a response (from the reader, including the Reset Message and Card Status Messages) is indicated by the respective party through the transmission of the single byte Start-of-Text (STX) character with the value 02
The end of a command or response is indicated through the single byte End-of-Text (ETX) character with the value 03
.
H
Within the command and response transmission only ASCII characters representing the hexadecimal (hex) digits 0...F are used. Each byte of a command or response is split into its upper and lower halfbyte (nibble). For each halfbyte is transmitted the ASCII character representing the respective hex digit value. For example, to transmit the data byte 3A namely, 33
(ASCII code for '3') followed by 41H (ASCII code for 'A'):
H
Data byte value 3A
H
Transmitted values 33 H = '3' 41H = 'A'
.
H
, two bytes are actually sent on the interface,
H
The following example shows the transmission of a command with instruction code A2 byte with the value 3D
. The command has the following structure:
H
and one data
H
Byte 1 2 3 4 5
Header Instructio
n
Data
length
Data Checksum
01H A2H 01H 3DH 9FH
This command is transmitted on the serial interface in 12 bytes as follows:
Byte 1 2 3 4 5 6 7 8 9 10 11 12
STX '0' '1' 'A' '2' '0' '1' '3' 'D' '9' 'F' ETX
02H 30H 31H 41H 32H 30H 31H 33H 44H 39H 46H 03H
For the representation of the hex halfbyte values as the corresponding ASCII characters in commands, the AET63 accepts both upper case characters 'A' ... 'F' (41 characters 'a' ... 'f' (61
... 66H):
H
... 46H) and lower case
H
Byte 1 2 3 4 5 6 7 8 9 10 11 12
STX '0' '1' 'A' '2' '0' '1' '3' 'D' '9' 'F' ETX
... is equivalent to:
In its response messages, the AET63 uses upper case characters 'A' ... 'F'.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
02H 30H 31H 41H 32H 30H 31H 33H 44H 39H 46H 03H
Byte 1 2 3 4 5 6 7 8 9 10 11 12
STX '0' '1' 'a' '2' '0' '1' '3' 'd' '9' 'f' ETX
02H 30H 31H 61H 32H 30H 31H 33H 64H 39H 66H 03H
Document Title Here
info@acs.com.hk
www.acs.com.hk
Page 12 of 26
Page 13

7.0. COMMANDS

The commands executed by the AET63 can generally be divided into two categories, namely, Control Commands and Card Commands.
Control Commands manage the internal operation of the AET63. They do not directly affect the card inserted in the reader and are therefore independent of the selected card type.
Card Commands are directed toward the card inserted in the AET63. The structure of these commands and the data transmitted in the commands and responses depend on the selected card type.

7.1. Control Commands

7.1.1. GET_ACR_STAT

This command returns relevant information about the particular AET63 model and the current operating status, such as, the firmware revision number, the maximum data length of a command and response, the supported card types, and whether a card is inserted and powered up.
Command format
Instruction
Data length
Code
01 H 00 H
Response data format
INTERNAL MAX_C MAX_R C_TYPE C_SEL C_STAT
INTERNAL 10 bytes data for internal use only MAX_C The maximum number of command data bytes. MAX_R The maximum number of data bytes that can be requested to be transmitted in a
response.
C_TYPE The card types supported by the AET63. This data field is a bitmap with each bit
representing a particular card type. A bit set to '1' means the corresponding card type is supported by the reader and can be selected with the SELECT_CARD_TYPE command. The bit assignment is as follows:
byte 1 2
card type 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
C_SEL The currently selected card type as specified in a previous SELECT_CARD_TYPE
C_STAT Indicates whether a card is physically inserted in the reader and whether the card is
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
See Appendix A for the correspondence between these bits and the respective card types.
command. A value of 00
means that no card type has been selected.
H
powered up:
00
: no card inserted
H
01
: card inserted, not powered up
H
03
: card powered up
H
Page 13 of 26
Document Title Here
info@acs.com.hk
www.acs.com.hk
Page 14

7.1.2. SELECT_CARD_TYPE

This command sets the required card type. The firmware in the AET63 adjusts the communication protocol between reader and the inserted card according to the selected card type.
Command format
Instruction Code Data length Data
TYPE
02 H 01 H
TYPE See Appendix A for the value to be specified in this command for a particular card to
be used.
Response data format
No response data

7.1.3. RESET

This section describes the RESET command only for the case when no card type is selected or when the card type 00 each individual card type.
is selected. For all other cases, please refer to the specific section described for
H
Command format
Instruction
Data length
Code
80 H 00
H
Response data format
ATR
ATR The answer-to-reset string returned by the card. The return status code for this command is 90 00
the inserted card is a T=1 card, and 90 10 status code is 60 20
.
H
H
when the inserted card is a T=0 card, 90 01H when
H
when the inserted card is a memory card; otherwise the

7.1.4. SET_NOTIFICATION

This command disables / enables the Card Status Messages transmitted by the reader to notify the host computer of the insertion or removal of a card.
Command format
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Instruction
Data length Data
Code
NOTIFY
06 H 01 H
Document Title Here
Page 14 of 26
info@acs.com.hk
www.acs.com.hk
Page 15
NOTIFY Specifies whether the Card Status Message shall be transmitted to notify the host
computer of card insertion / removal 01
: transmit Card Status Message
H
02
: do not transmit Card Status Message
H
Response data format
No response data

7.1.5. SET_OPTION

This command selects the options for the reader.
Command format
Instruction
Data length Data
Code
Option
07 H 01 H
Option Bit 0 (LSB bit): Select for PPS mode
Specifies reader Ù card communication speed 0 : baud rate to/from the card is from 9600 bps to 96000 bps (default) 1 : baud rate to/from the card is at 9600 bps only
Bit 2 : Select smart card file type for storing fingerprint template
0 : transparent file type (default) 1 : record file type
Bit 4 : Select for EMV mode
Specifies whether the reader is in EMV mode 0 : reader not in EMV mode (default) 1 : reader in EMV mode
Bit 7 : Select for TFM mode
Response data format
No response data
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Specifies whether to access TFM in intercept or transparent mode 0 : Intercept mode (default) 1 : Transparent mode Reserved
Document Title Here
Page 15 of 26
info@acs.com.hk
www.acs.com.hk
Page 16

7.2. EEPROM Commands

7.2.1. EEPROM_READ_DATA

This command is used to read the specified number of bytes from the specified address of the EEPROM.
Command format
Instruction
Code
ADDR LEN
9A H 03
ADDR Byte address of first byte to be read from the EEPROM. The high byte of the address
is specified as the first byte of ADDR.
LEN Number N of data bytes to be read from the EEPROM
(0 < N MAX_R)
Response data format
BYTE 1 BYTE 2 BYTE
BYTE x Data bytes read from the EEPROM memory
Data length Data
H
... ... BYTE
3
N

7.2.2. EEPROM_WRITE_DATA

This command is used to write the specified data bytes to the specified address of the EEPROM. Note: The EEPROM used in AET63 is 24C512, with a page size of 64 bytes. The page write and
page alignment are not done in the firmware, and these should be done in the driver or application.
Command format
Instruction
Code
LEN ADDR BYTE 1 ... ... BYTE N
9B H
LEN Number of data bytes to be written to the EEPROM, N, + 2 ADDR Byte address in the EEPROM of the first byte to be written. The high byte of the
address is specified as the first byte of ADDR.
BYTE x Byte values to be written to the EEPROM starting at address ADDR. BYTE 1 is
written to address ADDR; BYTE N is written to address ADDR+N-1.
Response data format
No response data
Data length Data
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 16 of 26
info@acs.com.hk
www.acs.com.hk
Page 17

7.3. TFM (Trusted Fingerprint Module) Commands

7.3.1. TFM_COMMAND

This command is used to send the command to the TFM.
Command format
Instruction
Code
LEN TFM Command
9C H ………
LEN Number N of command to be sent to the TFM
(0 < N MAX_R)
DATA The TFM command (please refer to TFM API Documentation)
Response data format
BYTE 1 BYTE 2 BYTE
BYTE x Data bytes returned by the TFM (please refer to TFM API Documentation)
Data length Data
... ... BYTE
3
N

7.3.2. TFM_RESET

This command resets the TFM and then waits for the ATR returned from the TFM.
Command format
Instruction
Code
9D H 00
Response data format
ATR Answer-To-Reset as transmitted by the TFM. Please refer to the TFM
Communication Protocol for the ATR format.
Data length
ATR
H
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 17 of 26
info@acs.com.hk
www.acs.com.hk
Page 18

7.3.3. TFM_SMARTCARD 3. TFM_SMARTCARD

This is used to get list of APDUs from the EEPROM and then send the APDUs to the smart card. The
This is used to get list of APDUs from the EEPROM and then send the APDUs to the smart card. The list of APDUs selects the correct file in the smart card for the enrollment or verification of the
list of APDUs selects the correct file in the smart card for the enrollment or verification of the fingerprint template.
fingerprint template.
Command format Command format
Instruction
Data length Data
Code
LEN ADDR
9E H 02
H
ADDR Address of the EEPROM stores the list of APDUs. Please refer to the “Application
Notes for Handling Fingerprint Template in AET63” for detailed information
Address 0x0000
Address 0x0100
Address 0x0200
Address 0x0300
Address 0x0400
Address 0x0500
Address 0x0600
Address 0x0700
Address 0x0800
Address 0x0900
Enroll (256 bytes max)
RECORD 0
Verify (256 bytes max)
Enroll (256 bytes max)
RECORD 1
Verify (256 bytes max)
Enroll (256 bytes max)
RECORD 2
Verify (256 bytes max)
Enroll (256 bytes max)
RECORD 3
Verify (256 bytes max)
Enroll (256 bytes max)
RECORD 4
Verify (256 bytes max)
Response data format
No response data
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Address 0x7F00
Key Encryption Key (24 bytes)
Document Title Here
Page 18 of 26
info@acs.com.hk
www.acs.com.hk
Page 19

7.3.4. TFM_OPEN_SECURE_SESSION

This command sends 24 bytes of random number to AET63. The random number is used to general the session key.
Command format
Instruction
Data length Data
Code
LEN …..
9F H 18
…..
H
Data 24 bytes of random number to generate the session key
Response data format
No response data
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 19 of 26
info@acs.com.hk
www.acs.com.hk
Page 20

7.4. MCU-based Card

7.4.1. RESET

This command powers up the card inserted in the card reader and performs a card reset. If the card is powered up when the command is being issued, only a reset of the card is carried out. The power supply to the card is not switched off.
Command format
Instruction
Data length
Code
80 H 00
H
Response data format
ATR
ATR Answer-To-Reset as transmitted by the card according to ISO7816-3. NOTE: The ATR is only returned in the AET63 response if the communication protocol of the card is
compatible with the reader, i.e., if the card can be processed by the AET63. Otherwise, the AET63 returns an error status and deactivates the smart card interface.

7.4.2. POWER_OFF

This command powers off the card inserted in the card reader.
Command format
Instruction Code Data length
81 H 00
H
Response data format
No response data

7.4.3. EXCHANGE_APDU

To exchange an APDU (Application Protocol Data Unit) command/response pair between the MCU card inserted in the AET63 and the host computer.
Command format
Instructi
on Code
LEN CLA INS P1 P2 Lc BYTE 1 ...2 ... BYT
A0 H
LEN Length of APDU command data, N, + 6 (0 < N ≤ MAX_R) CLA APDU instruction class byte INS APDU instruction
Data
length
Data
Le
E N
Page 20 of 26
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
info@acs.com.hk
www.acs.com.hk
Page 21
P1 APDU parameter byte 1 P2 APDU parameter byte 2 Lc APDU command data length BYTE x APDU command data Le Expected APDU response data length (Le = 0 means no data is expected from the
card)
NOTE With the T=0 communication protocol it is not possible to transmit data to the card
and from the card in a single command-response pair. Hence, only either
Lc or Le can be greater than 0 in an EXCHANGE_APDU command when a T=0 card is in the reader. If both parameters have a value greater than 0, the AET63 does not execute the command and returns an error status.
Response data format
BYT
E 1
... ... BYT
E N
SW1 SW2
BYTE x Response data from card (if any) SW1, SW2 Status code returned by the card.

7.4.4. EXCHANGE_T1_FRAME

To exchange an APDU (Application Protocol Data Unit) command/response pair between the MCU card inserted in the AET63 and the host computer using T1 protocol.
Command format
Instruction
Code
LEN T1 BLOCK FRAME
A1 H
LEN Length of APDU command data, N DATA T1 Block frame to be sent to the card
Data length Data
Response data format
BYTE x Response T1 Block from card (if any)
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
BYTE 1 ... ... BYTE
N
Document Title Here
Page 21 of 26
info@acs.com.hk
www.acs.com.hk
Page 22

7.5. Security Application Module (SAM)

Note: The commands in this section ACITIVATE_SAM, DEACTIVATE_SAM,
EXCHANGE_SAM_APDU and EXCHANGE_SAM_T1_FRAME can only be used in SAM reader.

7.5.1. ACTIVATE_SAM

This command is used to power up and reset the specified SAM and transmit the SAM's ATR in the response.
Command format
Instruction
Data length Data
Code
SM#
88 H 01
H
SM# Must be 0; reserve for future use
Response data format
ATR
ATR Answer-To-Reset as transmitted by the card according to ISO7816-3. NOTE The ATR is only returned in the AET63 response if the communication protocol of the
SAM is compatible with the reader, i.e., if the SAM can be processed by the AET63. Otherwise, the AET63 returns an error status and deactivates the SAM.

7.5.2. DEACTIVATE_SAM

This command powers off the SAM
Command format
Response data format
No response data
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Instruction Code Data length
89 H 00
H
Document Title Here
Page 22 of 26
info@acs.com.hk
www.acs.com.hk
Page 23

7.5.3. EXCHANGE_SAM_APDU

To exchange an APDU (Application Protocol Data Unit) command/response pair between the SAM card inserted in the AET63 and the host computer.
Command format
Instruction
Code
LEN CLA INS P1 P2 Lc BYTE 1 ...2 ... BYT
Data
length
Data
Le
E N
B0 H
LEN ength of APDU command data, N, + 6 (0 < N ≤ MAX_R) CLA APDU instruction class byte INS APDU instruction P1 APDU parameter byte 1 P2 APDU parameter byte 2 Lc APDU command data length BYTE x APDU command data Le Expected APDU response data length (Le = 0 menas no data is expected from the
card)
NOTE With the T=0 communication protocol it is not possible to transmit data to the card
and from the card in a single command-response pair. Hence, only either
Lc or Le can be greater than 0 in an EXCHANGE_SAM_APDU command when a T=0 card is in the reader. If both parameters have a value greater than 0, the AET63 does not execute the command and returns an error status.
Response data format
BYTE 1 ... ... BYTE N SW1 SW2
BYTE x Response data from card (if any) SW1, SW2 Status code returned by the card.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 23 of 26
info@acs.com.hk
www.acs.com.hk
Page 24

7.5.4. EXCHANGE_SAM_T1_FRAME

To exchange an APDU (Application Protocol Data Unit) command/response pair between the SAM card inserted in the AET63 and the host computer using T1 protocol.
Command format
Instruction
Code
Data
length
LEN T1 BLOCK
B1 H
LEN Length of APDU command data, N DATA T1 Block frame to be sent to the card
Response data format
BYTE 1 ... ... BYTE
BYTE x Response T1 Block from card (if any)
Data
FRAME
N
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 24 of 26
info@acs.com.hk
www.acs.com.hk
Page 25

Appendix A. Supported Card Types

The following table summarizes which values must be specified in the SET_CARD_TYPE command for a particular card type to be used, and how the bits in the response to the GET_ACR_STAT command correspond with the respective card types.
Cyber-mouse Card
Type Code
Card Type
00H Auto-select T=0 or T=1 communication protocol 0CH MCU-based cards with T=0 communication protocol 0DH MCU-based cards with T=1 communication protocol C0H SAM cards with T=0 communication protocol (SAM Reader only) D0H SAM cards with T=1 communication protocol (SAM Reader only)
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 25 of 26
info@acs.com.hk
www.acs.com.hk
Page 26

Appendix B. Response Status Codes

The following table summarizes the possible status code bytes SW1, SW2 returned by the AET63:
SW1 SW2 Status
90 00 OK – command successfully executed 90 01 OK – using T=1 protocol (only in response to the RESET command) 90 10 OK – synchronous protocol is used (only in response to the RESET
command). The exact card type should be selected by using the
SELECT_CARD_TYPE command. 60 01 No card type selected 60 02 No card in reader 60 03 Wrong card type specified 60 04 Card not powered up;
This status code is also returned in a response if the card was
temporarily removed during a card access. 60 05 Invalid Instruction Code 60 20 Card failure 60 22 Short circuit at card connector 62 01 Secret code verify failed 67 01 Command incompatible with card type 67 02 Card address error 67 03 Data length error 67 04 Invalid length of response (with READ command) 67 05 Secret code locked 67 12 APDU command aborted (only MCU-based card using T=1 protocol);
the command abortion may be caused by a card internal failure.
AET63 Reference Manual
Document Title Here
Document Title Here
Version 2.2
Document Title Here
Page 26 of 26
info@acs.com.hk
www.acs.com.hk
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use