IDTECH SecureMag User Manual

USER MANUAL

SecureMag

USB, RS232 and PS2 Interface

80096504-001 RevM 9/16/2015

Encrypted

MagStripe Reader

SecureMag User Manual

FCC WARNING STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his expense.

FCC COMPLIANCE STATEMENT This device complies with Part 15 of the FCC Rules. Operation of this device is subject to the following conditions: this device may not cause harmful interference and this device must accept any interference received, including interference that may cause undesired operation.

CANADIAN DOC STATEMENT This digital apparatus does not exceed the Class B limits for radio noise for digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites

applicables aux appareils numériques de las classe A prescrites dans le Réglement sur le brouillage radioélectrique édicté par les ministère des Communications du Canada.

CE STANDARDS An independent laboratory performed testing for compliance to CE requirements. The unit under test was found compliant to Class B.

Page 2 of 74

SecureMag User Manual

LIMITED WARRANTY ID TECH warrants to the original purchaser for a period of 12 months from the date of invoice that this product is in good working order and free from defects in material and

workmanship under normal use and service. ID TECH’s obligation under this warranty is

limited to, at its option, replacing, repairing, or giving credit for any product that returned to the factory of origin with the warranty period and with transportation charges and

insurance prepaid, and which is, after examination, disclosed to ID TECH’s satisfaction to

be defective. The expense of removal and reinstallation of any item or items of equipment is not included in this warranty. No person, firm, or corporation is authorized to assume for ID TECH any other liabilities in connection with the sales of any product. In no event shall ID TECH be liable for any special, incidental or consequential damages to purchaser or any third party caused by any defective item of equipment, whether that defect is warranted against or not. Purchaser’s sole and exclusive remedy for defective equipment, which does not conform to the requirements of sales, is to have such equipment replaced or repaired by ID TECH. For limited warranty service during the warranty period, please contact ID TECH to obtain a Return Material Authorization (RMA) number & instructions for returning the product.

THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE. THERE ARE NO OTHER WARRANTIES OR GUARANTEES, EXPRESS OR IMPLIED, OTHER THAN THOSE HEREIN STATED. THIS PRODUCT IS SOLD AS IS. IN NO EVENT SHALL ID TECH BE LIABLE FOR CLAIMS BASED UPON BREACH OF EXPRESS OR IMPLIED WARRANTY OF NEGLIGENCE OF ANY OTHER DAMAGES WHETHER DIRECT, IMMEDIATE, FORESEEABLE, CONSEQUENTIAL OR SPECIAL OR FOR ANY EXPENSE INCURRED BY REASON OF THE USE OR MISUSE, SALE OR FABRICATIONS OF PRODUCTS WHICH DO NOT CONFORM TO THE TERMS AND CONDITIONS OF THE CONTRACT.

The information contained herein is provided to the user as a convenience. While every effort has been made to ensure accuracy, ID TECH is not responsible for damages that might occur because of errors or omissions, including any loss of profit or other commercial damage, nor for any infringements or patents or other rights of third parties that may result from its use. The specifications described herein were current at the time of publication, but are subject to change at any time without prior notice.

ID TECH and Value through Innovation are trademarks of International Technologies & Systems Corporation. USB (Universal Serial Bus) specification is copyright by Compaq Computer Corporation, Intel Corporation, Microsoft Corporation, and NEC Corporation. Windows is registered trademarks of Microsoft Corporation.

ID TECH 10721 Walker Street Cypress, CA 90630 (714) 761-6368

Page 3 of 74

SecureMag User Manual

Revision

Date

Description

By

A

05/05/2010

Initial Release

Jenny W

A1

06/14/2010

Added RS232 interface

Jenny W

A2

06/16/2010

General edits and modified Appendix A

Jenny W

A3

06/25/2010

Updated reader command summary

Jenny W

A4

06/28/2010

Updated reader command.

- Added Set Reader Options and Get Reader Options command

Jenny W A5

06/29/2010

Added level 4 security features to demo software section

Jenny W

A6

07/21/2010

- Modified commands for Key Loading

- Removed commands for Enter/Quit Key Loading mode as they are no longer being supported

Jenny W

A7

09/07/2010

Added original and enhanced security structures and descriptions

Bruce K A8

09/07/2010

Added PS2 interface

Jimmy W

A9

09/10/2010

- Updated demo software screenshots.

- Revised data format information.

- General edits.

Jenny W

B

09/24/2010

- Added decryption example for level 3 and 4 original and enhanced encryption format.

- Revised to include more detailed explanations on the command format and security features

Jenny W

C

05/02/2011

- Edited original and enhanced encryption output format

- Added more info in Section 10 Data Output.

Jenny W

D

06/27/2011

- Updated setting parameters table

- Added prefix, postfix support in USBKB and PS2 encrypted output.

- Added 19 bytes ISO card account number support

Jenny W

E

01/13/2012

Many updates to the configuration parameters Appendix A

Bruce K

F

06/07/2012

Added additional information on the track status byte

Jenny W G

08/20/2012

Added suggestion on having 1 second delay

Jenny W

Revision History

Page 4 of 74

SecureMag User Manual

between Setting Commands and Get Settings Commands

H

02/04/2013

Added the new mask feature in SecureMag firmware v5.00 for serial interface and v 5.03 for USB interface

Candy H J

06/06/2013

Remove key loading command

Candy H

K

03/26/2014

Update HIDSIZE definition Clarify data length in enhanced format to be “Track 1 unencrypted data length”

Jimmy W Candy H L

06/19/2014

Update the track length on page 53

Candy H

M

9/16/2015

Correct Section 10.5 Encryption Output Format Setting to correct Hex value

Jason H

Page 5 of 74

SecureMag User Manual

Table of Contents

1. Introduction ...................................................................................................... 8

2. Features and Benefits ......................................................................................... 8

3. Terms and Abbreviations ................................................................................... 9

4. Applicable Documents ..................................................................................... 10

5. Operation ....................................................................................................... 11

6. Specification ................................................................................................... 12

7. Command Process ........................................................................................... 15

7.1 Get Copyright Information .......................................................................... 17

7.2 Version Report Command ........................................................................... 17

7.3 Reader Reset Command .............................................................................. 17

7.4 OPOS/JPOS Command ............................................................................... 17

7.5 Arm/Disarm to Read Command ................................................................... 17

7.6 Read Buffered MSR Data Command ............................................................ 18

7.7 Read MSR Options Command ..................................................................... 19

7.8 Set MSR Options Command ........................................................................ 19

7.8.1. Beep Volume ....................................................................................................19

7.8.2. Change to Default Settings ...............................................................................19

7.8.3. MSR Reading Settings ......................................................................................20

7.8.4. Decoding Method Settings ................................................................................20

7.8.5. Terminator Setting ............................................................................................20

7.8.6. Preamble Setting ...............................................................................................20

7.8.7. Postamble Setting..............................................................................................21

7.8.8. Track n Prefix Setting .......................................................................................21

7.8.9. Track x Suffix Setting .......................................................................................21

7.8.10. Track Selection .................................................................................................21

7.8.11. Track Separator Selection .................................................................................22

7.8.12. Start/End Sentinel and Track 2 Account Number Only ....................................22

8. Security Features ............................................................................................. 23

8.1 Encryption Management ...................................................................................24

8.2 Check Card Format ...........................................................................................24

8.3 MSR Data Masking...........................................................................................24

9. Using the Demo Program ................................................................................. 26

9.1 Manual Command ...................................................................................... 27

9.2 Decryption ................................................................................................. 28

9.3 Reader Operations ................................ ...................................................... 30

10. Data Format ................................................................ ................................ .... 31

10.1 Level 1 and level 2 Standard Mode Data Output Format .............................. 31

10.1.1. USB HID Data Format ......................................................................... 32

10.1.2. Descriptor Tables ................................................................................. 33

10.2 Level 1 and level 2 POS Mode Data Output Format .................................... 36

10.3 DUKPT Level 3 Data Output Original Format ........................................... 39

Page 6 of 74

SecureMag User Manual

10.4 DUKPT Level 4 Data Output Original Format ........................................... 40

10.5 DUKPT Level 3 Data Output Enhanced Format ......................................... 41

10.6 Additional Description ............................................................................. 45

10.7 Decryption Example ................................................................................ 48

10.7.1. Security Level 3 Decryption - Original Encryption Format ....................... 48

10.7.2. Security Level 4 Decryption - Original Encryption Format ....................... 51

10.7.3. Security Level 3 Decryption - Enhanced Encryption Format .................... 51

10.7.4. Security Level 4 Decryption – Enhanced Encryption Format .................... 54

10.8 Level 4 Activate Authentication Sequence ................................................. 55

Appendix A Setting Configuration Parameters and Values ...................................... 60

Appendix B Key Code Table in USB Keyboard Interface ....................................... 68

Page 7 of 74

SecureMag User Manual

1. Introduction

ID TECH SecureMag reader delivers superior reading performance with the ability to encrypt sensitive card data. The data encryption process prevents card holder information from being accessed when the data is stored or in transit, so the data remains secure from end to end. The reader fully supports TDES and AES data encryption using DUKPT key management method. The SecureMag is offered in USB, RS232 as well as PS2 interfaces.

2. Features and Benefits

 Bi-directional card reading  Reads encoded data that meets ANSI/ISO/AAMVA standards and some

custom formats such as ISO track 1 format on track 2 or 3

 Reads up to three tracks of card data  A LED and a beeper on the reader provide status of the reading operations  Compatible with USB specification Revision 2.0 (USB interface)  Compatible with HID specification Version 1.1 (USB interface)  Uses standard Windows HID driver for communications; no third party

device driver is required (USB interface)

 Provides clear text confirmation data including card holder’s name and a

portion of the PAN as part of the Masked Track Data

 User friendly configuration software for device configuration

Page 8 of 74

SecureMag User Manual

3. Terms and Abbreviations

AAMVA American Association of Motor Vehicle Administration ABA American Banking Association AES Advanced Encryption Standard ASIC Application Specific Integrated Circuit

BPI Bits per Inch

CADL California Drivers License Format (obsolescent)

CE European Safety and Emission approval authority COM Serial Communication CTS Clear-To-Send CDC USB to serial driver (Communication Device Class) DES Data Encryption Standard

DUKPT Derived Unique Key Per Transaction DMV Department of Motor Vehicle

GND Signal Ground HID Human Interface Device

IPS Inches per Second ISO International Organization for Standardization JIS Japanese Industrial Standard JPOS Java for Retail Point Of Sale KB Keyboard KSN Key Serial Number LED Light Emitting Diode LRC Longitudinal Redundancy Check Character.

MAC Message Authentication Code MSR Magnetic Stripe Reader OLE Object Linking and Embedding OPOS OLE for Retail Point Of Sale OTP One Time Programmable

PAN Primary account number PCI Payment Card Industry PID USB Product ID POS Point of Sale PPMSR Serial Port Power Magstripe Reader P/N Part Number PS/2 IBM Personal System/2 Keyboard Interface RTS Request To Send SPI Serial Peripheral Interface T1, T2, T3 Track 1 data, Track 2 data, Track 3 data TDES Triple Data Encryption Standard VID USB Vendor ID Note: many unusual words used in this document are defined in the Function ID table on page.

Page 9 of 74

SecureMag User Manual

4. Applicable Documents

ISO 7810 – 1985 Identification Cards – Physical ISO 7811 - 1 through 6 Identification Cards - Track 1 through 3 ISO 7816 - 1 through 4 Identification Cards - Integrated circuit cards with contacts ISO 4909 Magnetic stripe content for track 3 ISO 7812 Identification Cards – Identification for issuers Part 1 & 2 ISO 7813 Identification Cards – Financial Transaction Cards ANSI X.94 Retail Financial Services Symmetric Key Management

Page 10 of 74

SecureMag User Manual

5. Operation

A card may be swiped through the reader slot when the LED is green. The magnetic stripe must face toward the magnetic read head and may be swiped in either direction. After a card is swiped, the LED will turn off temporarily until the decode process is completed. If there are no errors decoding the card data then the LED will turn green. If there are any errors decoding the card data, the LED will turn red for less than one second to indicate that an error occurred and then turn green.

The reader LED will be off during the data transfer and is ready to read another card when the LED returns to green. A red LED indicates an error and the beeper will also provide error indications. The beeper will beep for each correctly read track of data on the magstripe card. Depending on the security level configured, the card data might be displayed in clear or encrypted mode.

Page 11 of 74

SecureMag User Manual

6. Specification

Power Consumption

 5VDC +/- 10%  Maximum operating current consumption less than 50mA  RS232 interface – external power adaptor supplies power through RS232 cable  USB interface – from host interface. No external power adaptor needed.

Swipe speed

 3 to 65 inches per second  Bi-directional

Indicators

 Tri-color LED

o Red indicates bad read o LED off while reading and decoding o Green indicates good read, and ready to read

 Beeper

o A beep sound indicates good read

Communication Interface

 RS232

o Baud Rate – 1200, 2400, 4800, 9600, 19200, 38400, 56700, 115200 o Data bits – 8 o Stop bits – 1 or 2 o Parity – off, odd, even, mark or space o Supports RTS/CTS hardware and Xon-Xoff software handshaking

 USB

o Complies with USB 2.0 specification

 PS2 Keyboard

o IBM PS2 interface compatible

Card Size

 Supports cards that meets the ISO 7810 and 7811 1-7 standards

Dimension

 3.94 inches (length) by 1.38 inches (width) and 1.18 inches (height).

Page 12 of 74

SecureMag User Manual

J1*

Color

Signal

P1*

1 - CASE_GND

SHELL

2

White

TXD

2

3

Green

RXD

3

4

Yellow

VCC

from power jack

5

Brown

RTS

8**

6

Grey

CTS

4**

7

Black

GND

5

J1

Color

Signal

P1

1 - CASE_GND

SHELL

3

GRN

+DATA

3

5

Red

V_IN

1

6

White

-DATA

2

7

BLK

GND

4

J1

Color

Signal

J2

J3

1 - CASE_GND

SHELL

2

White

P-CLK

5

-- 3 Green

P-DATA

1

--

4

Yellow

VCC

4 4 5

Brown

K-CLK

-- 5 6

Grey

K-DATA

-- 1 7

Black

GND

3

Interface cable and connector

 RS232 interface

o IDT standard RS232 Interface Cable o DB-9 Female connector with 2mm power jack in the housing o Standard cable length is 6 feet o Pin Out Table

*J1 is the connector to PCB end and P1 is DB-9 end

** RTS and CTS are not used unless hardware handshaking support is enabled by Function ID 0x44 (Handshake)

 USB

o IDT standard USB interface cable o Series “A” plug o Standard cable length is 6 feet o Pin Out Table

 Keyboard wedge

o IDT standard Keyboard Wedge cable o Y cable with dual PS/2 6-pin mini-DIN connectors; male side is connected

to PC, female side connected to KB.

o Standard cable length is 6 feet o Pin Out Table

Page 13 of 74

SecureMag User Manual

PS/2 Connector

LED indicator

 2mmx5mm, Green/Red dual color under firmware control

Page 14 of 74

SecureMag User Manual

Characters

Hex Value

Description

<STX>

02

Start of Text

7. Command Process

Command requests and responses are sent to and received from the device. For USB interface devices, the commands are sent to the device using HID class specific request

Set_Report (21 09 …). The response to a command is retrieved from the device using HID class specific request Get_Report (A1 01 …). These requests are sent over the

default control pipe. For RS232 interface devices, please see the commands listed below.

Function ID Table The complete table of Function ID used in command/response are listed in Appendix A.

It’s recommended to have at least one second delay between Setting Commands and Get Settings Commands.

Setting Command

The setting data command is a collection of many function setting blocks and its format is as follows. Command: <STX><S><FuncSETBLOCK1>…<FuncBLOCKn><ETX><LRC> Response: <ACK> or <NAK> for wrong command (invalid funcID, length and value)

Each function-setting block <FuncSETBLOCK> has following format:

Where: <FuncID> is one byte identifying the setting(s) for the function. <Len> is the length count for the following function-setting block <FuncData>. <FuncData> is the current setting for this function. It has the same format as in the sending command for this function.

Get Setting Command

This command will send current setting to application. Command: <STX> <R> <FuncID> <ETX> <LRC 1> Response: <ACK> <STX> <FuncID> <Len> <FuncData> <ETX> <LRC 2>

<FuncID>, <Len> and <FuncData> definition are same as described above.

Where:

Page 15 of 74

SecureMag User Manual

<ETX>

03

End of Text

<ACK>

06

Acknowledge

<NAK>

15 for RS232 and USB HID interface; FD for USB KB interface

Negative Acknowledge

16

Warning: Unsupported ID in setting

17

Warning: Reader already in OPOS mode

<R>

52

Review Setting

<S>

53

Send Setting

<LRC>

-

Xor’d all the data before LRC.

ASCII

HEX

Name

Use

‘8’

38

Copyright Report

Requests reader’s copyright notice

‘9’

39

Version Report

Requests version string

‘F”

46

Key Loading

Special command to load encryption keys

‘I’

49

Reader Reset

Reset the reader. Software reset does not resend startup string

‘M’

4D

OPOS/ JPOS Command

Command to enter OPOS or JPOS mode

‘P’

50

Arm/Disarm to Read

Arm to Capture Buffer Mode MSR

‘Q’

51

Read Buffered Data

Read Stored MSR Data

‘R’

52

Read MSR Options

Read various reader optional settings

‘S’

53

Set MSR Options

Set various reader optional functions

Reader Command Summary

Notation used throughout the document: Bold: boldface font indicates default setting value

‘2’: single quotation indicates ASCII characters, for example, ‘2’ is 32 in hex “Number”: a null terminated character string

<Len>: angle brackets indicate a specific character or character string in a command or response

Hex: the hex character 53 is ‘5’ in ASCII or 83 in decimal. Sometimes hex characters are

represented with an h attached to the end, for example, 53h. \02: is a way to show that the following number is in hex. It is used by the configuration program.

Page 16 of 74

SecureMag User Manual

7.1 Get Copyright Information

02 38 03 39 A ‘31-byte’ Copyright Notice will be returned. Response is as follows:

ACK STX <Copyright String> ETX LRC

7.2 Version Report Command

02 39 03 38

Response is as follows:

ACK STX<Version String> ETX LRC Response Example mixed hex and ASCII: \06\02ID TECH TM3 SecureMag RS232 Reader V 3.19\03\LRC

7.3 Reader Reset Command

02 49 03 48 The reader supports a reset reader command. This allows the host to return the

reader to its default state. Response is as follows:

06

7.4 OPOS/JPOS Command

There are three forms of the command: 02 4D 01 30 03 7D Enter Standard Mode (Exit OPOS Mode) 02 4D 01 31 03 7C Enter OPOS Mode 02 4D 01 32 03 7F Enter JPOS Mode

Response is as follows:

17 Reader already in OPOS Mode 15 Command failure (wrong length or wrong parameter) 06 Success

7.5 Arm/Disarm to Read Command

Arm to read:

02 50 01 30 03 LRC This command enables the MSR to be ready for a card swipe in buffered mode.

Page 17 of 74

SecureMag User Manual

Any previously read data will be erased and reader will wait for the next swipe. As the user swipes a card, the data will be saved, but will not be sent to the host.

The reader holds the data until receiving the next “Arm to Read” or “MSR Reset”

command.

Disarm to read:

02 50 01 32 03 LRC This command will disable MSR read and clear any magnetic data in buffered

mode. The reader enters to a disarmed state and will ignore MSR data. Response is as follows:

06

Other possible response statuses: NAK 'P' command length must be 1 NAK 'P' command must be 0x30 or 0x32 NAK Reader not configured for buffered mode NAK Reader not configured for magstripe read

NAK for keyboard interface is FD, non-KB mode NAK is 15

7.6 Read Buffered MSR Data Command

02 51 01 <Track Selection Option> 03 LRC The <Track Select Option> byte is defined as follows:

‘0’ Any Track ‘1’ Track 1 ‘2’ Track 2 ‘3’ Track 1 and Track 2 ‘4’ Track 3 ‘5’ Track 1 and Track 3 ‘6’ Track 2 and Track 3 ‘7’ Track 1, Track 2 and Track 3 ‘8’ Track 1 and/ or Track 2 ‘9’ Track 2 and/ or Track 3

This command requests card data information for the buffered mode. The selected MSR data is sent to the host with or without envelope format,

according to the operation mode setting. This command does not erase the data. Response is as follows:

06 02 <Len_H> <Len_L> <MSR Data> 03 LRC

Page 18 of 74

SecureMag User Manual

Other possible response statuses: 18 'Q' command length must be 1 18 Reader not configured for buffered mode NAK Already armed

NAK for keyboard interface is FD, non-KB mode NAK is 15

7.7 Read MSR Options Command

02 52 1F 03 LRC

<Response> format: The current setting data block is a collection of many function-setting blocks <FuncSETBLOCK> as follows: <STX><FuncSETBLOCK1>…<FuncSETBLOCKn><ETX><CheckSum> Each function-setting block <FuncSETBLOCK> has the following format: <FuncID><Len><FuncData> Where: <FuncID> is one byte identifying the setting(s) for the function. <Len> is a one byte length count for the following function-setting block <FuncData> <FuncData> is the current setting for this function. It has the same format as in the sending command for this function. <FuncSETBLOCK> are in the order of their Function ID<FuncID>

7.8 Set MSR Options Command

The default value is listed in bold.

7.8.1. Beep Volume

The beep volume and frequency can be each adjusted to two different levels, or turned off.

02 53 11 01 <Beep Settings>03 LRC

Beep Settings:

‘0’ for beep volume off ‘1’ for beep volume high, low frequency

‘2’ for beep volume high, high frequency

‘3’ for beep volume low, high frequency ‘4’ for beep volume low, low frequency

7.8.2. Change to Default Settings

02 53 18 03 LRC

Page 19 of 74

SecureMag User Manual

This command does not have any <FuncData>. It returns all non-security settings for all groups to their default values.

7.8.3. MSR Reading Settings

02 53 1A 01<MSR Reading Settings> 03 LRC MSR Reading Settings:

‘0’ MSR Reading Disabled

‘1’ MSR Reading Enabled

7.8.4. Decoding Method Settings

02 53 1D 01<Decoding Method Settings> 03 LRC

Decoding Method Settings:

‘0’ Raw Data Decoding in Both Directions

‘1’ Decoding in Both Directions

‘2’ Moving stripe along head in direction of encoding

‘3’ Moving stripe along head against direction of encoding

With the bi-directional method, the user can swipe the card in either direction and still read the data encoded on the magnetic stripe. Otherwise, the card can only be swiped in one specified direction to read the card. Raw Decoding just sends the card’s magnetic data in groups of 4 bits per character. No checking is done except to verify track has or does not have magnetic data.

7.8.5. Terminator Setting

Terminator characters are used to end a string of data in some applications.

02 53 21 01 <Terminator Settings> 03 LRC

<Terminator Settings> Any one character, 00h is none; default is CR (0Dh).

7.8.6. Preamble Setting

Characters can be added to the beginning of a string of data. These can be special characters for identifying a specific reading station, to format a message header expected by the receiving host, or any other character string. Up to fifteen ASCII characters can be defined.

02 53 D2 <Len><Preamble> 03 LRC

Where: Len = the number of bytes of preamble string Preamble = {string length}{string}

Page 20 of 74

SecureMag User Manual

NOTE: String length is one byte, maximum fifteen <0Fh>.

7.8.7. Postamble Setting

The postamble serves the same purpose as the preamble, except it is added to the end of the data string, after any terminator characters.

02 53 D3 <Len><Postamble> 03 LRC

Where: Len = the number of bytes of postamble string Postamble = {string length}{string} NOTE: String length is one byte, maximum fifteen <0Fh>.

7.8.8. Track n Prefix Setting

Characters can be added to the beginning of a track data. These can be special characters to identify the specific track to the receiving host, or any other character string. Up to six ASCII characters can be defined.

02 53 <n><Len><Prefix> 03 LRC

Where: n is 34h for track 1; 35h for track 2 and 36h for track 3 Len = the number of bytes of prefix string Prefix = {string length}{string}

NOTE: String length is one byte, maximum six.

7.8.9. Track x Suffix Setting

Characters can be added to the end of track data. These can be special characters to identify the specific track to the receiving host, or any other character string. Up to six ASCII characters can be defined.

02 53 <n><Len><Suffix> 03 LRC

Where: n is 37h for track 1; 38h for track 2 and 39h for track 3 Len = the number of bytes of suffix string Suffix = {string length}{string}

NOTE: String length is one byte, maximum six.

7.8.10. Track Selection

There are up to three tracks of encoded data on a magnetic stripe.

Page 21 of 74

SecureMag User Manual

This option selects the tracks that will be read and decoded.

02 53 13 01 <Track_Selection Settings> 03 LRC

<Track_Selection Settings>

‘0’ Any Track

‘1’ Require Track 1 Only ‘2’ Require Track 2 Only ‘3’ Require Track 1 & Track 2 ‘4’ Require Track 3 Only ‘5’ Require Track 1 & Track 3 ‘6’ Require Track 2 & Track 3 ‘7’ Require All Three Tracks ‘8’ Any Track 1 & 2 ‘9’ Any Track 2 & 3

Note: If any of the required multiple tracks fail to read for any reason, no data for any track will be sent.

7.8.11. Track Separator Selection

This option allows the user to select the character to be used to separate data decoded by a multiple-track reader.

02 53 17 01 <Track_Separator> 03 LRC

<Track_Separator> is one ASCII Character.

The default value is CR, 0h means no track separator.

7.8.12. Start/End Sentinel and Track 2 Account Number Only

The SecureMag can be set to either send, or not send, the Start/End sentinel, and to send either the Track 2 account number only, or all the encoded data on Track

2. (The Track 2 account number setting doesn’t affect the output of Track 1 and

Track 3.)

02 53 19 01 <SendOption> 03 LRC

<SendOption> ‘0’ Don’t send start/end sentinel and send all data on Track 2

‘1’ Send start/end sentinel and send all data on Track 2

‘2’ Don’t send start/end sentinel and send account # on Track 2 ‘3’ Send start/end sentinel and send account number on Track 2

Page 22 of 74

SecureMag User Manual

8. Security Features

The reader features configurable security settings. Before encryption can be enabled, Key Serial Number (KSN) and Base Derivation Key (BDK) must be loaded before encrypted transactions can take place. The keys are to be injected by certified key injection facility.

There are five security levels available on the reader as specified in the followings:

 Level 0

Security Level 0 is a special case where all DUKPT keys have been used and

is set automatically when it runs out of DUKPT keys. The lifetime of DUKPT

keys is 1 million. Once the key’s end of life time is reached, user should

inject DUKPT keys again before doing any more transactions.

 Level 1

By default, readers from the factory are configured to have this security

level. There is no encryption process, no key serial number transmitted

with decoded data. The reader functions as a non-encrypting reader and

the decoded track data is sent out in default mode.

 Level 2

Key Serial Number and Base Derivation Key have been injected but the

encryption process is not yet activated. The reader will send out decoded

track data in default format. Setting the encryption type to TDES and AES

will change the reader to security level 3.

 Level 3

Both Key Serial Number and Base Derivation Keys are injected and

encryption mode is turned on. For payment cards, both encrypted data and

masked clear text data are sent out. Users can select the data masking of

the PAN area; the encrypted data format cannot be modified. Users can

choose whether to send hashed data and whether to reveal the card

expiration date.

 Level 4

When the reader is at Security Level 4, a correctly executed

Authentication Sequence is required before the reader sends out data for a

card swipe. Commands that require security must be sent with a four byte

Message Authentication Code (MAC) at the end. Note that data supplied

to MAC algorithm should NOT be converted to ASCII-Hex, rather it

should be supplied in its raw binary form. Calculating MAC requires

knowledge of current DUKPT KSN, this could be retrieved using Get

DUKPT KSN and Counter command.

Page 23 of 74

IDTECH SecureMag User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual