MagTek Bluetooth MagneSafe V5 Swipe Reader User Manual

Bluetooth MagneSafe V5

Swipe Reader

TECHNICAL REFERENCE MANUAL

PART NUMBER 99875398-3

APRIL 2011

REGISTERED TO ISO 9001:2008

1710 Apollo Court

Seal Beach, CA 90740

Phone: (562) 546-6400

FAX: (562) 546-6301

Technical Support: (651) 415-6800

www.magtek.com

Copyright© 2001-2011

Rev Number

Date

Notes

1.01

24 Apr 2009

Initial Release

2.01

10 Feb 2010

Added Encrypted Bulk Data command; added reference to
doc #99875388 to USB section; updated Specifications table

3.01

19 April 2011

Updated MP flags property

MagTek®, Inc.

Printed in the United States of Americ a

Information in this document is subject to change without notice. No part of this document may be
reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose,
without the express written permission of MagTek, Inc.

MagTek® is a registered trademark of MagTek, Inc.
MagnePrint® is a registered trademark of MagTek, Inc.
MagneSafe™ is a trademark of MagTek, Inc.
Magensa™ is a trademark of MagTek, Inc.

REVISIONS

ii

LIMITED WARRANTY

MagTek warrants that the products sold pursuant to this Agreement will perform in accordance with MagTek’s
published specifications. This warranty shall be provided only for a period of one year from the date of the
shipment of the product from MagTek (the “Warranty Period”). This warranty shall apply only to the “Buyer”
(the original purchaser, unless that entity resells the product as authorized by MagTek, in which event this
warranty shall apply only to the first repurchaser).

During the Warranty Period, should this product fail to conform to MagTek’s specifications, MagTek will, at its
option, repair or replace this product at no additional charge except as set forth below. Repair parts and
replacement products will be furnished on an exchange basis and will be either reconditioned or new. All replaced
parts and products become the property of MagTek. This limited warranty does not include service to repair
damage to the product resulting from accident, disaster, unreasonable use, misuse, abuse, negligence, or
modification of the product not authorized by MagTek. MagTek reserves the right to examine the alleged
defective goods to determine whether the warranty is applicable.

Without limiting the generality of the foregoing, MagTek specifically disclaims any liability or warranty for
goods resold in other than MagTek’s original packages, and for goods modified, altered, or treated without
authorization by MagTek.

Service may be obtained by delivering the product during the warranty period to MagTek (1710 Apollo Court,
Seal Beach, CA 90740). If this product is delivered by mail or by an equivalent shipping carrier, the customer
agrees to insure the product or assume the risk of loss or damage in transit, to prepay shipping charges to the
warranty service location, and to use the original shipping container or equivalent. MagTek will return the
product, prepaid, via a three (3) day shipping service. A Return Material Authorization (“RMA”) number must
accompany all returns. Buyers may obtain an RMA number by contacting Technical Support at (888) 624-8350.

EACH BUYER UNDERSTANDS THAT THIS MAGTEK PRODUCT IS
OFFERED AS IS.

MAGTEK MAKES NO OTHER WARRANTY , EXPRESS OR

IMPLIED, AND MAGTEK DISCLAIMS ANY WARRANTY OF ANY OTHER
KIND, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.

IF THIS PRODUCT DOES NOT CONFORM TO MAGTEK’S SPECIFICATIONS, THE SOLE REMEDY
SHALL BE REPAIR OR REPLACEMENT AS PROVIDED ABOVE. MAGTEK’S LIABILITY, IF ANY,
SHALL IN NO EVENT EXCEED THE TOTAL AMOUNT PAID TO MAGTEK UNDER THIS
AGREEMENT. IN NO EVENT WILL MAGTEK BE LIABLE TO THE BUYER FOR ANY DAMAGES,
INCLUDING ANY LOST PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR CONSEQUENTIAL
DAMAGES ARISING OUT OF THE USE OF, OR INABILITY TO USE, SUCH PRODUCT, EVEN IF
MAGTEK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY
ANY OTHER PARTY.

LIMITATION ON LIABILITY
EXCEPT AS PROVIDED IN THE SECTIONS RELATING TO MAGTEK’S LIMITED WARRANTY,

MAGTEK’S LIABILITY UNDER THIS AGREEMENT IS LIMITED TO THE CONTRACT PRICE OF THIS
PRODUCT.

MAGTEK MAKES NO OTHER WARRANTIES WITH RESPECT TO THE PRODUCT, EXPRESSED OR
IMPLIED, EXCEPT AS MAY BE STATED IN THIS AGREEMENT, AND MAGTEK DISCLAIMS ANY
IMPLIED WARRANTY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

MAGTEK SHALL NOT BE LIABLE FOR CONTINGENT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES TO PERSONS OR PROPERTY. MAGTEK FURTHER LIMITS ITS LIABILITY OF ANY KIND
WITH RESPECT TO THE PRODUCT, INCLUDING ANY NEGLIGENCE ON ITS PART, TO THE
CONTRACT PRICE FOR THE GOODS.

MAGTEK’S SOLE LIABILITY AND BUYER’S EXCLUSIVE REMEDIES ARE STATED IN THIS SECTION
AND IN THE SECTION RELATING TO MAGTEK’S LIMITED WARRANTY.

iii

FCC WARNING STATEMENT

This equipment has been tested and was found to comply with the limits for a Class B digital device pursuant to
Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference
when the equipment is operated in a residential environment. This equipment generates, uses, and can radiate
radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference with radio communications. However, there is no guarantee that interference will not occur
in a particular installation.

FCC COMPLIANCE STATEMENT

This device complies with Part 15 of the FCC Rules. Operation of this device is subject to the following two
conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference
received, including interference that may cause undesired operation.

CANADIAN DOC STATEMENT

This digital apparatus does not exceed the Class B limits for radio noise from digital apparatus set out in the
Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux
appareils numériques de la classe B prescrites dans le Réglement sur le brouillage radioélectrique édicté par le
ministère des Communications du Canada.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numériqué de la classe B est conformé à la norme NMB-003 du Canada.

CE STANDARDS

Testing for compliance with CE requirements was performed by an independent laboratory. The unit under test
was found compliant with s tandards established for Class B devices.

UL/CSA

This product is recognized per Underwriter Laboratories and Canadian Underwriter Laboratories 1950.

RoHS STATEMENT

When ordered as RoHS compliant, this product meets the Electrical and Electronic Equipment (EEE) Reduction
of Hazardous Substances (RoHS) European Directive 2002/95/EC. The marking is clearly recognizable, either as
written words like “Pb-free”, “lead-free”, or as another clear symbol ( ).

BLUETOOTH WARNING STATEMENTS

The reader contains Bluetooth Transmitter Module FCC ID: T9JRN41-1.

CAUTION 1: The radiated output power of the Bluetooth reader is far below the FCC radio frequency exposure

limits. Nevertheless, the Bluetooth reader should be used in such a manner that the potential for
human contact during normal operation is minimized. To avoid the possibility of exceeding the
FCC radio frequency exposure limits, you should keep a distance of at least 20 cm between you
(or any other person in the vicinity) and the antenna that is built into the Bluetooth reader.

CAUTION 2: This device has been evaluated for and shown compliant with the FCC RF exposure limits under

portable exposure conditions (antennae are within 20 cm of a person's body) when installed in
certain specific OEM configurations.

iv

TABLE OF CONTENTS

SECTION 1. FEATURES AND SPECIFICATIONS .................................................................................... 1

FEATURES ............................................................................................................................................... 2

HARDWARE CONFIGURATION ............................................................................................................. 2

ACCESSORIES ........................................................................................................................................ 2

REFERENCE DOCUMENTS ................................................................................................................... 2

SPECIFICATIONS .................................................................................................................................... 3

SECTION 2. INSTALLATION ...................................................................................................................... 5

BLUETOOTH CONNECTION .................................................................................................................. 5

SECTION 3. OPERATION ........................................................................................................................... 7

ACTIVE INTERFACE ............................................................................................................................... 7

USER SWITCH ......................................................................................................................................... 7

LED INDICATOR ...................................................................................................................................... 7

CARD READ ............................................................................................................................................. 8

READER STATES .................................................................................................................................... 8

CHARGING THE BLUETOOTH READER BATTERY ........................................................................... 10

SECTION 4. SECURITY ............................................................................................................................ 11

SECURITY LEVEL 3 .............................................................................................................................. 11

SECURITY LEVEL 4 .............................................................................................................................. 11

COMMANDS AND SECURITY LEVELS ................................................................................................ 12

SECTION 5. COMMUNICATIONS ............................................................................................................ 13

CARD DATA ........................................................................................................................................... 13

Masked Track Data ............................................................................................................................ 15

Track 1 Masked Data ......................................................................................................................... 15

Track 2 Masked Data ......................................................................................................................... 16

Track 3 Masked Data ......................................................................................................................... 16

Reader Encryption Status................................................................................................................... 17

Encrypted Track Data ......................................................................................................................... 17

Track 1 Encrypted Data ...................................................................................................................... 18

Track 2 Encrypted Data ...................................................................................................................... 18

Track 3 Encrypted Data ...................................................................................................................... 18

MagnePrint Status .............................................................................................................................. 18

Encrypted MagnePrint Data ............................................................................................................... 19

Device Serial Number ......................................................................................................................... 19

Encrypted Session ID ......................................................................................................................... 19

DUKPT Key Serial Number ................................................................................................................ 19

Encryption Counter ............................................................................................................................. 19

Clear Text CRC .................................................................................................................................. 20

Encrypted CRC ................................................................................................................................... 20

Format Code ....................................................................................................................................... 20

PROGRAMMABLE CONFIGURATION OPTIONS ................................................................................ 20

COMMANDS .......................................................................................................................................... 20

PRIVILEGED COM M ANDS .................................................................................................................... 21

COMMAND NUMBER ............................................................................................................................ 22

DATA LENGTH ....................................................................................................................................... 22

DATA ...................................................................................................................................................... 22

RESULT CODE ...................................................................................................................................... 22

GET AND SET PROPERTY COMMANDS ............................................................................................ 23

Property ID.......................................................................................................................................... 23

SOFTWARE ID PROPERTY .................................................................................................................. 24

DEVICE SERIAL NU M PR OPERTY ...................................................................................................... 25

TRACK ID ENABLE PRO P ERTY ........................................................................................................... 26

ISO TRACK MASK PROPERTY ............................................................................................................ 26

AAMVA TRACK MASK PROPERTY ...................................................................................................... 27

ACTIVITY TIMEOUT PERIOD PROPERTY........................................................................................... 28

BLUETOOTH DISCONNECT MESSAGE PROPERTY ......................................................................... 28

v

STAY POWERED AFTER SWIPE PROPERTY .................................................................................... 29

INTERFACE TYPE PROPERTY ............................................................................................................ 29

TRACK DATA SEND FLAGS PROPERTY ............................................................................................ 29

MP FLAGS PROPERTY ......................................................................................................................... 30

CRC FLAG PROPERTY ......................................................................................................................... 31

PRE CARD STRING PROPERTY .......................................................................................................... 31

POST CARD STRING PROPERTY ....................................................................................................... 32

PRE TRACK STRING PROPERTY ........................................................................................................ 33

POST TRACK STRING PROPERTY ..................................................................................................... 33

TERMINATION STRING PROPERTY ................................................................................................... 34

FS PROPERTY ...................................................................................................................................... 34

SS TK1 ISO ABA PROPERTY ............................................................................................................... 35

SS TK2 ISO ABA PROPERTY ............................................................................................................... 35

SS TK3 ISO ABA PROPERTY ............................................................................................................... 35

SS TK3 AAMVA PROPERTY ................................................................................................................. 36

SS TK2 7BITS PRO P ERTY ................................................................................................................... 36

SS TK3 7BITS PROPERTY ................................................................................................................... 36

ES PROPERTY ...................................................................................................................................... 37

FORMAT CODE PR OP ERTY ................................................................................................................ 37

ES TRACK 1 PROPERTY ...................................................................................................................... 37

ES TRACK 2 PROPERTY ...................................................................................................................... 38

ES TRACK 3 PROPERTY ...................................................................................................................... 38

SEND ENCRYPTION COUNTER .......................................................................................................... 38

MASK OTHER CARDS .......................................................................................................................... 39

SEND CLEAR AAMVA CARD DATA PROPERTY ................................................................................ 39

RESET DEVICE COMMAND ................................................................................................................. 40

DUKPT OPERATION ............................................................................................................................. 40

Get DUKPT KSN and Counter ........................................................................................................... 41

SET SESSION ID COMMAND ............................................................................................................... 41

ACTIVATE AUTHENTICATED MODE COMMAND ............................................................................... 42

ACTIVATION CHALLENGE REPLY COMMAND .................................................................................. 43

DEACTIVATE AUTHENTICATED MODE COMMAND .......................................................................... 44

GET READER STATE COMMAND ........................................................................................................ 45

SET SECURITY LEVEL COMMAND ..................................................................................................... 46

GET ENCRYPTION COUNTER COMMAND ......................................................................................... 47

RELINQUISH INTERFACE COMMAND ................................................................................................ 48

POWER DOWN COMMAND .................................................................................................................. 49

GET BATTERY STATUS COMMAND ................................................................................................... 49

ENCRYPT BULK DATA COMMAND ..................................................................................................... 50

APPENDIX A. GUIDE ON DECRYPTING DATA...................................................................................... 51

APPENDIX B. INSTALLING BLUETOOTH WITH WINDOWS DRIVER .................................................. 53

APPENDIX C. INSTALLING BLUETOOTH WITH KENSINGTON DRIVER ............................................ 57

APPENDIX D. COMMAND EXAMPLES ................................................................................................... 67

APPENDIX E. IDENTIFYI N G ISO/AB A AN D AAM VA CARDS ............................................................... 79

ISO/ABA FINANCIAL CARDS ................................................................................................................ 79

AAMVA DRIVER LICENSES .................................................................................................................. 79

TABLES AND FIGURES

Figure 1-1. Bluetooth MagneSafe Swipe Reader ...................................................................................... viii

Table 1-2. Specifications .............................................................................................................................. 3

vi

vii

Figure 1-1. Bluetooth MagneSafe Swipe Reader

viii

SECTION 1. FEATURES AND SPECIFICATIONS

The Bluetooth MagneSafe Swipe Reader is a compact, handheld magneti c st ri pe card read er that
conforms to ISO standards. In addition to reading multiple tracks of data from a card, this
Reader also includes MagnePrint technology and data encryption. The MagnePrint data will be
included with the track data on each transaction. In order to maximize card security, this Reader
incorporates data encryption to protect the card contents and the MagnePrint information. The
Reader is compatible with any device having a host Bluetooth interface. A card is read by
sliding it, stripe down and facing away from the LED side, through the slot either forward or
backward.

An LED (Light Emitting Diode) indicator on the Reader panel provides the operator with
continuous status of the Reader operations.

When a card is swiped through the Reader, the track data and MagnePrint information will be
TDEA (Triple Data Encryption Algorithm, aka Triple DES) encrypted using DUKPT (Derived
Unique Key Per Transaction) key management. This method of key management uses a base
derivation key to encrypt a key serial number that produces an initial encryption key which is
injected into the Reader prior to deployment. After each transaction, the encryption key is
modified per the DUKPT algorithm so that each transaction uses a unique key. Thus, the data
will be encrypted with a different encryption key for each transaction.

1

Bluetooth MagneSafe V5 Swipe Reader

Part

Number

FEATURES

Major features of the Bluetooth Swipe Reader are as follows:

• Powered by a rechargeable battery; recharging can be provided via a standard USB cable (for

recharging only)

• Compatible with any device that supports Bluetooth virtual serial port profile (SPP)

• Bi-directional card reading

• Reads encoded data that meets ANSI/ISO/AAMVA standards and some custom formats such

as ISO track 1 format on track 2 or 3

• Reads up to three tracks of card data

• Red/Green/Amber LED for status

• Non-volatile memory for property storage

• Supplies 54 byte MagnePrint™ value

• Contains a unique, non-changeable device serial number which allows tracking each reader

• Encrypts all track data and the MagnePrint value

• Provides clear text confirmation data including card holder’s name, expiration date, and a

portion of the PAN as part of the Masked Track Data

• Mutual Authentication Mode for use with Magensa®

HARDWARE CONFIGURATION

The hardware configuration is as follows:

Part Number Tracks Style Interface Cable

21073021 1, 2, 3 BT90 Bluetooth N/R*

* No cable is required to operate the reader but one of the

cables listed below can be used to charge the battery.

ACCESSORIES

The accessories are as follows:

Description Notes

21051515 USB-A TO USB-Mini-B Gray, 750mm Cable For battery charging Bluetooth readers
21051516 USB-A TO USB-Mini-B Gray, 1200mm Coiled Cable For battery charging Bluetooth readers
51300010 Bluetooth USB 2.0 Adapter For interface to PC

REFERENCE DOCUMENTS

ANS X9.24-2004 Retail Financial Services Symmetric Key Management Part 1: Using
Symmetric Techniques

2

Section 1. Features and Specifications

Reference Standards

ISO 7810 and ISO 7811; AAMVA*

Power Input

USB port or 5 VDC for battery charging

Time to Charge Battery

About 4.5 hours (from a fully discharged state)

Recording Method

Two-frequency coherent phase (F2F)

Message Format

ASCII

Card Speed

4 to 60 ips (10.1 to 152.4 cm/s)

Card Swipes per Full Charge

Over 500 swipes

ELECTRICAL

Current

100mA maximum during charge

MECHANICAL – BT90 Bluetooth

Length 3.49” (88.65mm)
Height 1.17” (29.72mm)

Weight

1.4 oz. (39.7 gr)

Cable length

n/a

Connector

USB Mini B 5-pin

ENVIRONMENTAL

Temperature

0 °C to 45 °C ((32 °F to 113 °F)

-20 °C to 60 °C (-4 °F to 140 °F)

Humidity

Operating

10% to 90% noncondensing

Storage

10% to 90% noncondensing

SPECIFICATIONS

Table 1-2 lists the specifications for the Bluetooth MagneSafe Reader. Figure 1-2 shows the
dimensions of the Reader.

Table 1-2. Specifications

Dimensions

Operating
Storage

* ISO (International Standards Organization) and AAMVA (American Association of Motor

Vehicle Administrators ).

Width 0.90” (22.86mm)

3

Bluetooth MagneSafe V5 Swipe Reader

4

SECTION 2. INSTALLATION

This section describes the cable connection and the Windows setup.

BLUETOOTH CONNECTION

On hosts with the Windows operating system, the Bluetooth reader appears as a virtual COM
port. Use the Windows Bluetooth installation utility or, if using another Bluetooth adapter,
follow the directions for that device.

See Appendix B or Appendix C for connection information.

5

Bluetooth MagneSafe V5 Swipe Reader

6

SECTION 3. OPERATION

ACTIVE INTERFACE

This reader communicates either via the Bluetooth interface or via the USB interface. When it
first powers up, if the USB cable is attached, it is receptive to commands on both interfaces.
Once it receives a command on one interface, that interface becomes the Active Interface and the
other interface is disabled. The Active Interface stays active until the reader is disconnected
from the USB cable or a Relinquis h Interfac e command is received. A Relinquish Interface
command causes both interfaces to be receptive to commands again.

If the reader is connected to a USB cable and the Active Interface is Bluetooth, any event that
would cause the reader to power down if it were not connected to the USB cable will have the
same effect as a Relinquish Interface command.

The intention here is to allow the user to communicate with the reader using whichever interface
is convenient while giving the user a method to enable the other interface at any time. For a
more detailed description of the USB interface, please refer to the USB MagneSafe V5
Swipe and Insert Reader Technical Reference Manual (99875388).

USER SWITCH

The User Switch, or Power Switch, is located on the side of the reader. Pressing the User Switch
when the reader is off will turn the reader on. The reader will stay on for a predetermined
amount of time (the default is 120 seconds) or until the completion of a card read transaction.
Pressing the User Switch briefly when the reader is on will extend the Activity Timer to its full
period, avoiding having the reader turn off due to inactivity.

If the power is already on, pressing the User Switch and holding it for three seconds will turn the
reader off.

LED INDICATOR

The LED indicator will be either off, red, green, or amber. When the reader is not powered, the
LED will be off.

When the Bluetooth reader is first turned on, the LED will flash amber and then go to solid green
unless the battery power is too low, in which case it will be red for two seconds then turn solid
green. When the reader shows a solid green, the reader is either awaiting Authentication (if
configured to require Authentication), or armed to read (if configured NOT to require
Authentication). When the Bluetooth reader is attached to a USB cable or other 5 volt power
source, the battery will begin charging. The LED will slowly blink amber while the battery is
charging and then turn solid amber when the battery is fully charged.

If enabled to operate with authentication (Security Level 4) and when the host completes
Authentication successfully, the LED will blink green; the reader is now armed to read a card. If
the host fails an Authentication sequence, the LED will turn solid red and stay red until either the
host completes Authentication successfully or the reader is powered down.

7

Bluetooth MagneSafe V5 Swipe Reader

When a card is being swiped, the LED will turn off temporarily until the swipe is completed. If
there are no errors after decoding the card data, then the LED will turn green for approximately
two seconds to indicate a successful read and remain green for two seconds to indicate a
successful read and then turns off as the reader powers down.. If there are any errors after
decoding the card data, the LED will turn red for approximately two seconds to indicate that an
error occurred and then turn solid green to indicate that the card can be swiped again for another
try; the retries can go on indefinitely until a good read or until power goes off.

After a card swipe, when data should be transmitted on the Bluetooth connection, if the
connection is not available, the green LED will blink rapidly (10 times a second) until the
connection becomes available (when data is transmitted), the user holds the user switch down for
three seconds, the reader times out, or the battery power is too low. If the connection is
established the data is transmitted and the LED goes green or red to indicate transmission of
good or bad data.

CARD READ

A card may be swiped through the Reader slot when the LED is solid green or flashing green.
The magnetic stripe must face toward the head (as indicated by a card image on the top of the
reader) and may be swiped in either direction. If there is data encoded on the card, the reader
will attempt to read the data, encrypt it, and then send the encrypted results to the host. After the
results are sent to the host, the reader will automatically turn off.

READER STATES

This reader may be operated so that it requires Mutual Authentication with a Host in order to
transmit card data to the Host. When this mode of operation is required, the application software
(not necessarily the Authenticating Host) may need to know the state of the reader at any given
moment. This can be done using the Get Reader State Command. The application may retrieve
this state at any time to get a clear definition of the reader’s operation at any given moment.

For convenience, this manual refers to states with the notation State:Antecedent (e.g.,
WaitActAuth:BadSwipe). State definitions can be found at the definition of the Get Reader
State Command.

In most cases, the application could also track the state by inference. As the application interacts
with the reader, most state transitions are marked by commands and responses exchanged with
the reader. The exception to this concept is the transition from WaitActRply:x to
WaitActAuth:TOAuth. This state transition occurs as the result of a timeout and the transition is
not reported to the Host. As the reader was waiting for the Host to send the Activation
Challenge Reply command and the Host set the time limit that the reader should wait, the Host
should be aware that a timeout could occur. If the reader does time out and the Host sends the
Activation Challenge Reply command, the reader will return RC = 07 (Sequence error).

8

Section 3. Operation

Examples of Host/Application/Reader interaction and state transitions:

Example 1 – Power Up followed by Authentication and good swipe:

1. Reader Powers Up (State = WaitActAuth:PU). The application should send

the Get Reader State Command to discover the current state of the reader.

2. Host sends valid Activate Authenticated Mode command (State =>

WaitActRply:PU). Reader responds with RC = 0x00 inferring the transition
to the WaitActRply:PU state.

3. Host sends valid Activation Challenge Reply command (State =>

WaitSwipe:PU). Reader responds with RC = 0x00 inferring the transition to
the WaitSwipe:PU state.

4. User Swipes a card correctly (State => WaitActAuth:GoodSwipe). Reader

sends the card data to the Host inferring the transition to the
WaitActAuth:GoodSwipe state.

Example 2 – Reader times out waiting for swipe:

1. Reader waiting (State = WaitActAuth:GoodSwipe). This is after a good

swipe. The application may send the Get Reader State Command to discover
the current state of the reader.

2. Host sends valid Activate Authenticated Mode command (State =>

WaitActRply:GoodSwipe). Reader responds with RC = 0x00 inferring the
transition to the WaitActRply:GoodSwipe state.

3. Host sends valid Activation Challenge Reply command (State =>

WaitSwipe:GoodSwipe). Reader responds with RC = 0x00 inferring the
transition to the WaitSwipe:GoodSwipe state.

4. Timer expires (State => WaitActAuth:TOSwipe). Reader sends “card data” to

the Host with no data, just a report about the Time Out (see Reader

Encryption Status); the Host infers the transition to WaitActAuth:TOSwipe

state.

Example 3 – Host sends invalid Activation Challenge Reply command:

1. Reader Waiting (State = WaitActAuth:GoodSwipe). This is after a good

swipe. Application may send the Get Reader State Command to discover the
current state of the reader.

2. Host sends valid Activate Authenticated Mode command (State =>

WaitActRply:GoodSwipe). Reader responds with RC=0x00 inferring the
transition to the WaitActRply:GoodSwipe state.

3. Host sends invalid Activation Challenge Reply command (State =>

WaitActAuth:FailAuth). Reader responds with RC = 0x02 or 0x04 inferring
the transition to the WaitActAuth:FailAuth state.

9

Bluetooth MagneSafe V5 Swipe Reader

Example 4 – Host waits too long sending the Activation Challenge Reply command:

1. Reader Waiting (State = WaitActAuth:GoodSwipe). This is after a good

swipe. Application may send the Get Reader State Command to discover the
current state of the reader.

2. Host sends valid Activate Authenticated Mode command (State =>

WaitActRply:GoodSwipe). Reader responds with RC=0x00 inferring the
transition to the WaitActRply:GoodSwipe state.

3. Reader times out waiting for Host to send Activation Challenge Reply

command (State => WaitActAuth:TOAuth). Host doesn’t know because the
reader cannot/does not send any message.

4. Host finally sends Activation Challenge Reply command (State remains

WaitActAuth:TOAuth). Reader responds with RC=0x07 inferring the
previous transition to WaitActAuth:TOAuth state.

CHARGING THE BLUETOOTH READER BATTERY

As mentioned above (LED Indicator), the Bluetooth reader may indicate low battery at power up.
The first time this happens there will probably be sufficient battery available for several more
card swipes, but the battery should be charged soon. If the low battery warning is ignored and
the battery gets too low, the reader will refuse to power up until it has been charged.

Charge the reader by connecting it to any USB port on a running system or a compatible 5VDC
source. For best results, allow the battery to charge fully (until the LED goes to steady amber)
before using the reader again.

10

SECTION 4. SECURITY

This reader is a secure reader. Security features include:

• Supplies 54 byte MagnePrint value

• Includes Device Serial Number

• Encrypts all track data and the MagnePrint value

• Provides clear text confirmation data including card holder’s name, expiration date, and a

portion of the PAN as part of the Masked Track Data

• Supports Mutual Authentication Mode for use with Magensa

• Offers selectable levels of Security

The reader supports two Security Levels. The Security Level can be increased by command, but
can never be decreased.

SECURITY LEVEL 3

Security Level 3 enables encryption of track data, MagnePrint data, and the Session ID.
MagnePrint data is always included and it is always encrypted. The format for the data is
detailed later in this document. At Security Level 3, many commands require security—most
notably, the Set Property command. Transition to Security Level 4 requires security.

SECURITY LEVEL 4

When the reader is at Security Level 4, a correctly executed Authentication Sequence is required
before the reader will emit data from a card swipe. Correctly executing the Authentication
Sequence also causes the Green LED to blink, alerting the user to the fact that the reader is being
controlled by a Host with knowledge of the keys—that is, an Authentic Host.

Commands that require security must be sent with a four byte Message Authentication Code
(MAC) appended to the end. The MAC is calculated as specified in ANSI X9.24 Part 1 – 2004,
Annex A. Note that data supplied to the MAC algorithm should NOT be converted to the
ASCII-Hex, rather it should be supplied in its raw binary form. The MAC key to be used is as
specified in the same document (“Request PIN Entry 2” bullet 2). Calculating the MAC requires
knowledge of the current DUKPT KSN, this could be retrieved using the Get DUKPT KSN and
Counter command. For each command processed successfully, the DUKPT Key is advanced.

11

Bluetooth MagneSafe V5 Swipe Reader

Command

Level 3

Level 4

Get Property

Y

Y

Set Property

S

S

Reset

X*

X*

Get DUKPT SN and Counter

Y

Y

Set Session ID

Y

Y

Activate Authenticated Mode

Y

Y

Activation Challenge Reply

Y

Y

Deactivate Authenticated Mode

Y

Y

Get Reader State

Y

Y

Set Security Level

S

S

Get Encryption Counter

Y

Y

Relinquish Interface

Y

Y

Power Down

Y

Y

Get Battery Status

Y

Y

COMMANDS AND SECURITY LEVELS

The following table shows how security levels affect the various commands. “Y” means the
command can run. “N” means the command is prohibited. “S” means the command is protected
(requires MACing). “X” means other (notes to follow).

* The Reset command has special behavior. When an Authentication sequence has

failed, only a correctly MACed Reset command can be used to reset the reader. This
is to prevent a dictionary attack on the keys and to minimize a denial of service attack.

12

SECTION 5. COMMUNICATIONS

CARD DATA

The details about how the card data and commands are structured follow later in this section.
Windows applications that communicate with this reader can be easily developed.

The reader will send only one swipe message per card swipe. When a card is swiped, the swipe
message will be sent even if the data is not decodable. If no data is detected on a track then
nothing will be transmitted for that track. If an error is detected on a track, the ASCII character
“E” will be sent in place of the track data to indicate an error. The LED will come on for about
two seconds and another swipe will be allowed. Data from the bad swipe is still transmitted.

A Swipe Message is composed of readable ASCII characters. It includes:

• Structural ASCII characters intended to give clues to the structure of the rest of the data.

• Simple ASCII fields that convey the ASCII representation of:

Masked Track Data
Device Serial Number
Format Code

• Binary fields that use sets of two ASCII characters representing hexadecimal digits to

convey the binary value of each byte in the field. The Binary fields are:

Reader Encryption Status
Encrypted Track Data
MagnePrint Status
Encrypted MagnePrint Data
Encrypted Session ID
DUKPT Key Serial Number
Clear Text CRC
Encrypted CRC

For the encrypted fields, the original binary bytes are encrypted using the DES CBC mode with
an Initialization Vector starting at all binary zeroes and the PIN Encryption Key associated with
the current DUKPT KSN. This is done in segments of 8 bytes. If the last segment of the original
data is less than eight bytes long (track data only), the last bytes of the block will be set to binary
zeroes before encrypting. When decrypting track data, the End Sentinel can be used to find the
actual end of the data (ignoring the final zeroes). Each byte of encrypted data is then converted
to two bytes of ASCII data representing the Hexadecimal value of the encrypted byte (many of
the encrypted bytes will not have values in the ASCII character range).

13

Bluetooth MagneSafe V5 Swipe Reader

Label

Property

ID

P-Value

Description

Default

0x1E

P30

Pre card string

0 (0x00)

0x1F

P31

Post card string

0 (0x00)

0x20

P32

Pre track string

0 (0x00)

0x21

P33

Post track string

0 (0x00)

(0x0D)

0x23

P35

Programmable field separator

“|” (0x7C)

Tk1 SS

0x24

ISO/ABA start sentinel

“%” (0x25)

Tk2-SS

0x25

ISO/ABA 5-bit start sentinel

“;” (0x3B)

Tk3-SS

0x26

ISO/ABA start sentinel

“+” (0x2B)

Tk3-SS

AAMVA

AAMVA start sentinel

“#” (0x23)

1 start sentinel)

7 bit start sentinel (ISO/ABA Track
1 start sentinel)

“&”(0x26)

0x2B

0x2F

End Sentinel (for all tracks)

Track 3 Specific End Sentinel

“?” (0x3F)

“?” (0x3F)

The card data format for all programmable configuration options is as follows:

[P30]
[P32] [Tk1 SS] [Tk1 Masked Data] [ES ] [P3 3 ]
[P32] [Tk2 SS] [Tk2 Masked Data] [ES] [P3 3]
[P32] [Tk3 SS] [Tk3 Masked Data] [ES ] [P3 3 ]
[P31]
[P35] [Reader Encryption Status]
[P35] [Tk1 Encrypted Data (including TK1 SS and ES)]
[P35] [Tk2 Encrypted Data (including TK2 SS and ES)]
[P35] [Tk3 Encrypted Data (including TK3 SS and ES)]
[P35] [MagnePrint Status]
[P35] [Encrypted MagnePrint data]
[P35] [Device serial number]
[P35] [Encrypted Session ID]
[P35] [DUKPT serial number/counter]
[P35] [Encryption Counter] (optional, off by default)
[P35] [Clear Text CRC]
[P35] [Encrypted CRC]
[P35] [Format Code]
[P34]

The characters and fields are described in the list below. The Property ID (e.g., P13) is the
decimal value of the property ID in the command list (see Pre Card String).

Tk2-SS 7 bit 0x28
Tk3-SS 7 bit 0x29

Track 1, Track 2 and Track 3 Encrypted Data includes the Start and End Sentinel that were
decoded from the card.

14

ES

0x22 P34 Terminating string

0x27

0x2D
0x2E

7 bit start sentinel (ISO/ABA Track

Track 1 Specific End Sentinel
Track 2 Specific End Sentinel

C/R

“@”(0x40)

“?” (0x3F)
“?” (0x3F)

Section 5. Communications

All fields with the format P## are programmable configuration property numbers. They are
described in detail later in this document.

Masked Track Data

If decodable track data exists for a given track, it is located in the Masked Track Data field that
corresponds to the track number. The length of each Masked Track Data field is fixed at 112
bytes, but the length of valid data in each field is determined by the Masked Track Data Length
field that corresponds to the track number. Masked Track Data located in positions greater than
indicated in the Masked Track Data Length field are undefined and should be ignored.

The Masked Track Data is decoded and converted to ASCII and then it is “masked.” The
Masked Track Data includes all data starting with the start sentinel and ending with the end
sentinel. Much of the data is “masked;” a specified mask character is sent instead of the actual
character read from the track. Which characters are masked depends on the format of the card.
Only ISO/ABA (Financial Cards with Format Code B) and AAMVA cards are selectively
masked; all other card types are either wholly masked or wholly clear. There is a separate
masking property for ISO/ABA cards and AAMVA cards. See the ISO Track Masking property
and the AAMVA Track Masking property for more information. Refer to Appendix E for a
description of how ISO/ABA and AAMVA cards are identified.

Each of these properties allows the application to specify masking details for the Primary
Account Number and Driver’s License / ID Number (DL/ID#), the masking character to be used,
and whether a correction should be applied to make the Mod 10 (Luhn algorithm) digit at the end
of the number be correct.

Track 1 Masked Data

This Simple ASCII field contains the Masked Track Data for track 1. All characters are
transmitted.

For an ISO/ABA card, the PAN is masked as follows:

The specified number of initial characters is sent unmasked. The specified number of
trailing characters is sent unmasked. If Mod 10 correction is specified, all but one of the
intermediate characters of the PAN are set to zero; one of them will be set such that the
last digit of the PAN calculates an accurate Mod 10 check of the rest of the PAN as
transmitted. If the Mod 10 correction is not specified, all of the intermediate characters
of the PAN are set to the specified mask character.

The Card Holder’s name and the Expiration Date are transmitted unmasked.

All Field Separators are sent unmasked.

All other characters are set to the specified mask character.

For an AAMVA card, the specified mask character is substituted for each of the characters read
from the card.

15

Bluetooth MagneSafe V5 Swipe Reader

Track 2 Masked Data

This Simple ASCII field contains the Masked Track Data for track 2.

For an ISO/ABA card, the PAN is masked as follows:

• The specified number of initial characters is sent unmasked. The specified

number of trailing characters is sent unmasked. If Mod 10 correction is specified,
all but one of the intermediate characters of the PAN are set to zero; one of them
will be set such that the last digit of the PAN calculates an accurate Mod 10 check
of the rest of the PAN as transmitted. If the Mod 10 correction is not specified,
all of the intermediate characters of the PAN are set to the specified mask
character.

• The Expiration Date is transmitted unmasked.

• All Field Separators are sent unmasked.

• All other characters are set to the specified mask character.

For an AAMVA card, the DL/ID# is masked as follows:

• The specified number of initial characters are sent unmasked. The specified

number of trailing characters are sent unmasked. If Mod 10 correction is
specified, all but one of the intermediate characters of the DL/ID#PAN are set to
zero; one of them will be set such that the last digit of the DL/ID# calculates an
accurate Mod 10 check of the rest of the DL/ID# as transmitted. If the Mod 10
correction is not specified, all of the intermediate characters of the DL/ID# are set
to the specified mask character.

• The Expiration Date and Birth Date are transmitted unmasked.

• All other characters are set to the specified mask character.

Track 3 Masked Data

This Simple ASCII field contains the Masked Track Data for track 3.

For an ISO card, the PAN is masked as follows:

• The specified number of initial characters are sent unmasked. The specified

number of trailing characters are sent unmasked. If Mod 10 correction is
specified, all but one of the intermediate characters of the PAN are set to zero;
one of them will be set such that the last digit of the PAN calculates an accurate
Mod 10 check of the rest of the PAN as transmitted. If the Mod 10 correction is
not specified, all of the intermediate characters of the PAN are set to the specified
mask character.

• All Field Separators are sent unmasked.

• All other characters are set to the specified mask character.

For an AAMVA card, the specified mask character is substituted for each of the characters read
from the card.

16

Section 5. Communications

Reader Encryption Status

This two byte Binary field contains the Encryption Status. The Reader Encryption Status is sent
in big endian byte order. Byte 1 is the least significant byte. Byte 1 LSB is status bit 0. Byte 2
MSB is status bit 15. The Reader Encryption status is defined as follows:

Bit 0 = DUKPT Keys exhausted
Bit 1 = Initial DUKPT key Injected
Bit 2 = Encryption Enabled
Bit 3 = Authentication Required
Bit 4 = Timed Out waiting for user to swipe card
Bits 5–7 = Unassigned (always set to Zero)
Bit 8 = Encryption Counter Expired
Bits 9–15 = Unassigned (always set to Zero)

Notes:

1. Encryption will only be performed when Encryption Enabled and Initial DUKPT key

Injected are set. Otherwise, data that are normally encrypted are sent in the clear in
ASCII HEX format; the DUKPT Serial Number/counter will not be sent.

2. When DUKPT Keys Exhausted is set, the reader will no longer read cards and after a

card swipe, the reader response will be sent as follows:
[P30]
[P31]
[P35] [Reader Encryption Status]
[P35]
[P35]
[P35]
[P35]
[P35]
[P35] [Device serial number]
[P35] [Encrypted Session ID]
[P35] [DUKPT serial number/counter]
[P35] [Encryption Counter] (optional, off by default)
[P35] [Clear Text CRC]
[P35] [Encrypted CRC]
[P35] [Format Code]
[P34]

Encrypted Track Data

If decodable track data exists for a given track, it is located in the Track x Encrypted Data field
that corresponds to the track number. The length of each Encrypted Data field is fixed at 112
bytes, but the length of valid data in each field is determined by the corresponding Encrypted
Data Length field that corresponds to the track number. Data located in positions greater than
the encrypted track data length field indicates are undefined and should be ignored. The HID
specification requires that reports be fixed in size, but the number of bytes encoded on a card
may vary. Therefore, the Input Report always contains the maximum amount of bytes that can
be encoded on the card and the number of valid bytes in each track is indicated by the Encrypted
Data Length field.

17

Bluetooth MagneSafe V5 Swipe Reader

Nibble 1 2 3 4 5 6 7 8

Value A 1 0 5 0 0 0 0

Bit 7 6 5 4 3 2 1 0

15

14

13

12

11

10 9 8

23

22

21

20

19

18

17

16

31

30

29

28

27

26

25

24

Value

1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0

Usage*

R R R R R R R M R R R R R R R R 0 0 D 0 F L N S 0 0 0 0 0 0 0

0

The encrypted data from each track is decoded and converted to ASCII, and then it is encrypted.
The encrypted track data includes all data starting with the start sentinel and ending with the end
sentinel. The encryption begins with the first 8 bytes of the clear text track data. The 8-byte
result of this encryption is placed in the Encrypted Data buffer for the corresponding track. The
process continues using the CBC (Cipher Block Chaining) method with the encrypted 8 bytes
XORed with the next 8 bytes of clear text. That result is placed in next 8 bytes of the Encrypted
Data buffer and the process continues until all clear text bytes have been encrypted. If the final
block of clear text contains fewer than 8 bytes, it is padded with binary zeros to fill up the 8
bytes. After this final clear text block is XORed with the prior 8 bytes of encrypted data, it is
encrypted and placed in the Encrypted Data buffer. No Initial Vector is used in the process.

Decrypting the data must be done in 8 byte blocks, ignoring any final unused bytes in the last
block. See Appendix A for more information.

Track 1 Encrypted Data

This Binary field contains the encrypted track data for track 1.

Track 2 Encrypted Data

This Binary field contains the encrypted track data for track 2.

Track 3 Encrypted Data

This Binary field contains the encrypted track data for track 3.

MagnePrint Status

This Binary field represents 32 bits of MagnePrint status information. Each character represents
4 bits (hexadecimal notation). For example, suppose the characters are: “A1050000”:

18

* Usage Legend:

• D = Direction

• F = Too Fast

• L = Too Slow

• M = MagnePrint capable

• N = Too Noisy

• R = Revision

• S = Status

Section 5. Communications

This four-byte field contains the MagnePrint status. The MagnePrint status is in little endian
byte order. Byte 1 is the least significant byte. Byte 1 LSB is status bit 0. Byte 4 MSB is status
bit 31. MagnePrint status is defined as follows:

Bit 0 = This is a MagnePrint-capable product (usage M)
Bits 1-15 = Product revision & mode (usage R)
Bit 16 = STATUS-only state (usage S)
Bit 17 = Noise too high or “move me” away from the noise source (used

only in STATUS) (usage N)
Bit 18 = Swipe too slow (usage L)
Bit 19 = Swipe too fast (usage F)
Bit 20 = Unassigned (always set to Zero)
Bit 21 = Actual Card Swipe Direction (0 = Forward, 1 = Reverse) (usage D)
Bits 22-31 = Unassigned (always set to Zero)

If the Enable/Disable MagnePrint property is set to disable MagnePrint, this field will not be
sent.

Encrypted MagnePrint Data

This 56-byte Binary field contains the MagnePrint data. Only the number of bytes specified in
the MagnePrint data length field are valid. The least significant bit of the first byte of data in this
field corresponds to the first bit of MagnePrint data. If the Enable/Disable MagnePrint property
is set to disable MagnePrint, this field will not be sent.

Device Serial Number

This 16-byte ASCII field contains the device serial number. The device serial number is a NUL
(zero) terminated string. So the maximum length of the device serial number, not including the
null terminator, is 15 bytes. This device serial number can also be retrieved and set with the
device serial number property explained in the property section of this document. This field is
stored in non-volatile memory, so it will persist when the unit is power cycled.

Encrypted Session ID

This 8-byte Binary field contains the encrypted version of the current Session ID. Its primary
purpose is to prevent replays. After a card is read, this property will be encrypted, along with the
card data, and supplied as part of the transaction message. The clear text version of this will
never be transmitted. To avoid replay, the application sets the Session ID property before a
transaction and verifies that the Encrypted Session ID returned with card data decrypts to the
value set.

DUKPT Key Serial Number

This 10 byte Binary field contains the DUKPT Key Serial Number used to encrypt the encrypted
fields in this message. This 80-bit field includes the Initial Key Serial Number in the leftmost 59
bits and a value for the Encryption Counter in the rightmost 21 bits. If no keys are loaded, all
bytes will have the value 0x00.

Encryption Counter

This 3-byte field contains the value of the Encryption Counter at the end of this transaction. See
the Get Encryption Counter command for more information.

19