Uniform PP190 User Manual
PIN Pad PP190
Programme r’s Manual
Personal ID Number Pad
Revision 0
2014-02-06
PIN Pad 190 Programmer’s Manual
2014-02-06
FEDERAL COMMUNICATIONS COMMISSION STATEMENT
This device com plies with Part 15 of the FCC Rules. Operati on is subject to the f ollow ing t wo con dit ions : (1)
this device ma y not cause harmf ul interference, and ( 2) this device m ust accept any i nterference receive d,
including interference that may cause undesired operation.
NOTE
This equipment has been t ested and found to comply with the l imits f or a Class B digital device, pur suant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the eq ui pment is operated in a commerc ial environment. This equipment generates, uses ,
and can radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likel y to cause harmful interf erence in which case the us er will be required to corr ect the
interference at his own expense.
You are cautioned th at any change or modifications to the equipment not expressly appro ve by the party
responsible for compliance could void your authority to operate such equipment.
Page 1
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
NOTICE
The issuer of this manual has made every effor t to provide accurate inf ormation. T he issuer will not be held
liable for any technical and editorial omission or errors made herein; nor for incidental consequential
damages resulting from the furnishing, performance or use of this material. This document contains
proprietary information that is protected by copyright. All rights are reserved. No part of this document may be
photocopied, reproduced, or translated without the prior written consent of the issuer. The information
provided in this manual is subject to change without notice.
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、 大功率
或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改
善至無干擾時方得繼續使用。
前項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電
波輻射性電機設備之干擾。
AGENCY APPROVED
- FCC class B
- CE class B
WARRANTY
This product is served under one-year warranty to the original purchaser. Within the warranty period,
merchandise found t o be d ef ec tive w ou ld be re pa ir ed or r epl aced. This warranty applies t o t he products only
under the normal use of the original purchas er, and in no circum stances covers incid ental or consequent ial
damages through consumers’ misuse or modification of the products.
Page 2
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
Add new function RTC(Real time clock) and new
2014-02-06
Document History
Document Version Apply to FW version Change
0A 190BL00A
190SC00A
190PM00A
0B 190BL00A
190SC00B
190PM00A
0C 190BL00A
190SC00C
190PM00A
0D 190BL00A
190SC00D
190PM00A
0E 190BL00A
190SC00E
190PM00A
First SQA
1. First SQA debug.
1. Second SQA debug.
2. Add new command ”01”、”16”.
3. Add new command “94”、”96”.
4. Add new function “self diagnostic”.
1. Third SQA debug
2. Add new function “Remote key injection” (R00 ~ R02)
1. Fourth SQA debug
2.
command “P18”
0F 190BL00A
190SC00F
190PM00A
1. Fifth SQA debug
a. Modify command 02.
b. Modify command 08.
c. Modify command 72.
d. Modify command Z 2 to response <EOT> at end of
transmit.
e. Modify command Z60.
f. Modify command 70 (PIN Entry Request with
DUKPT) to check exist of DUKPT key early.
Page 3
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Table of Contents
Section 2 PP190 Setup & Diagnostic Menu __________________________________ 7
Start Up Self Test _____________________________________________________________ 7
Call up Diagnostic Menu ______________________________________________________ 7
Diagnostic Menu 1: HW Tests __________________________________________________ 7
Diagnostic Menu 2: Display Info ________________________________________________ 8
Diagnostic Menu 3: Set LCD Backlight ___________________________________________ 8
Diagnostic Menu 4: Set Keypad Beep ____________________________________________ 8
Diagnostic Menu 5: Update Password ___________________________________________ 8
About USB virtual COM port (only applied on USB version) _________________________ 9
Section 3 Message format ______________________________________________ 10
Notation Conventions ________________________________________________________ 10
Message frame summary _____________________________________________________ 11
Section 4 Administration and maintenance messages _______________________ 12
Message 01 Self Test ________________________________________________________ 12
Message 02 Load Master Key _________________________________________________ 14
Symmetric Keys Loading Authentication ________________________________________ 18
Message 04 Check Master Key ________________________________________________ 20
Message 05 Load Serial Number _______________________________________________ 22
Message 06 Get Serial Number ________________________________________________ 23
Message 07 Test DES Implementation __________________________________________ 24
Message 08 Select Master Key ________________________________________________ 25
Message 09 Communication Test ______________________________________________ 26
Message 11 PIN Pad Device Connection Test ____________________________________ 28
Message 13 Adjust COM1 Baud Rate (RS-232 version only) ________________________ 29
Message 16 Remote self-test request ___________________________________________ 31
Message 17 Request random number __________________________________________ 32
Message 18 Get/Set PIN pad system time _______________________________________ 33
Message 19 Query Firmware Version ___________________________________________ 35
Message 1J Turn ON/OFF LCD Backlight ________________________________________ 37
Message 1M Setup Keypad Beeper _____________________________________________ 39
Section 6 Online transaction messages with Master/Session Keys (MK/SK) _____ 41
Message 70 PIN entry request (M K/SK ) _________________________________________ 41
Message 71 Encrypted PIN Block Response _____________________________________ 44
Message 72 PIN Entry Cancel _________________________________________________ 47
Message Z0 Move Display Cursor ______________________________________________ 48
Message Z1 Reset State ______________________________________________________ 49
Message Z2 Display String ____________________________________________________ 50
Message Z3 Display Line Prompts _____________________________________________ 53
Page4
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Z2 / Z3 Authen ticated mode with fixed prompt ___________________________________ 56
Z2 / Z3 PIN entry mode with fixed prompt _______________________________________ 56
Message Z2 Display String with Authentication Code _____________________________ 57
Message Z3 Display Line Prompts with Authentication Code _______________________ 59
Example to use Z2 / Z3 with Authencation Code. _________________________________ 61
Message Z42 Read Key Code ________________________________________________ 62
Message Z43 Read Key Code Response _______________________________________ 63
Message Z50 String Entry Request ___________________________________________ 64
Message Z51 String Entry Response __________________________________________ 66
Message Z60 PIN entry request with external prompt (MK/SK)_____________________ 67
Message Z62 PIN entry request with customized prompt (MK/SK) _________________ 69
Message Z64 Query Key Check Value (KCV) ____________________________________ 72
Message Z65 Key Check Value Response _______________________________________ 73
Message Z66 Message Authentication Code (MAC) Request ______________________ 74
Message Z67 Message Authentication Code (MAC) Response _____________________ 77
Message Z7 Turn ON/OFF CANCEL Message Display _____________________________ 79
Message Z8 Set Idle Prompt __________________________________________________ 80
Section 7 Online transac tion messages with Derived Unique Key per Transaction
(DUKPT) ______________________________________________________________ 81
Message 60 Pre-authorization PIN Entry Request _________________________________ 82
Message 62 Pre-authorization Amount Authorization Request ______________________ 84
Message 70 PIN Entry Request (DUKPT ) ________________________________________ 85
Message 71 Encrypted PIN Block Response _____________________________________ 87
Message 72 PIN Entry Cancel _________________________________________________ 89
Message Z60 PIN entry request with external prompt (DUKPT) ____________________ 90
Message Z62 PIN entry request with customized prompt (DUKPT) _________________ 92
Message 76 PIN Entry Test Request ____________________________________________ 95
Message 7A KSN output format _______________________________________________ 96
Message 90 Load First Initial Key Request ______________________________________ 97
Message 91 Load Initial Key Response _________________________________________ 99
Message 94 Load Second Initial Key Request ___________________________________ 100
Message 96 Select Active Key Set ____________________________________________ 101
Section 8 Remote key injection method __________________________________ 102
Message R00 Load Vender Public Key _________________________________________ 103
Message R01 Update RSA Key _______________________________________________ 106
Message R02 Remote Key Injection ___________________________________________ 112
Section 9 EMV Level 2 transaction messages _____________________________ 117
Message T51 Terminal Configuration Setup ____________________________________ 118
Message T52 Terminal Configuration Setup Response ___________________________ 121
Message T53 Certificate Authority Public Key Setup _____________________________ 122
Page5
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message T54 Certificate Authority Public Key Setup Response ____________________ 125
Message T55 EMV Application Configuration Setup ______________________________ 126
Message T56 EMV Application Configuration Setup Response ____________________ 131
Message T61 Start Transaction _______________________________________________ 132
Message T62 Start Transaction Response ______________________________________ 134
Message T63 Get Transaction Result’s Data ____________________________________ 136
Message T64 Get Transaction Result’s Data Response ___________________________ 137
Message T65 Get Online authorization Data ____________________________________ 138
Message T66 Response of Get Online authorization Data message _________________ 139
Message T71 Send Online Authorized Code ____________________________________ 140
Message T73 Send Issuer Script Command ____________________________________ 142
Message T74 Send Issuer Script Command Response ___________________________ 143
Message T75 Revocation List Setup ___________________________________________ 144
Message T76 Revocation List Setup Response__________________________________ 145
Message T77 Exception List Setup ____________________________________________ 146
Message T78 Exception List Setup Response ___________________________________ 147
Appendix A Key management __________________________________________ 148
Appendix B PIN Block Format _________________________________________ 156
ANSI x9.8 format (MK/SK, DUKPT, and Offline clear text PIN entry) _________________ 156
Appendix C Fixed Prompts for Z2/Z3 authenticated mode ___________________ 157
Appendix D Fixed Prompts for Z2/Z3 PIN entry mode ______________________ 159
Page6
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
Display Test
** A L E R T **
ROM CHKSUM FAILD
** A L E R T **
PED WAS TAMPERED
Password 1?
Password 2?
HW Tests
Update Password
2014-02-06
Section 2 PP190 Setup & Diagnostic Menu
Start Up Self Test
PP190 will perform a series of self-tests during start up, which include:
Internal firmware checksum: PP190 will verify the internal firmware checksum to ensure the integrity
of the firmware progr am. If firmware chec ksum er ror, PP190 wil l show follo wing prom pt and reject
further commands:
Security Memory Integrity: PP190 will verify secret personalization information written in the Battery
Powered Key (BPK) reg ister of the CPU. If BPK ver ification failed (possibly by security breach or
internal battery exhausted,) PP190 will show following prompt and reject further commands:
Call up Diagnostic Menu
Press function ke y [CLR] + [3] (quickly press ‘3 ’ after [CLR] r eleased) of PP190 will call up diagnostic
menu when PP190 in idle st ate. The default 2 passwords for diagnostic menu ar e “87806799” (both
passwords)
DISPLAY ACTION
Diagnostic Menu 1: HW Tests
Page7
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
(Idle prompt) Power on.
Press [CLR]+[3]
Input first setup password and press [ENTER]
Input second setup password and press [ENTER]
Use left button [-] and right button [-] to scroll up and down.
Display Info
Set LCD Backlight
Set Keypad Beep
DISPLAY ACTION
[ENTER] to execute.
Display two pages of test pattern:
First page is turn on all pixels to check if there are any dot
PIN Pad 190 Programmer’s Manual
Keypad Test
Show SerialNum
Show Version
Light Always ON
3 seconds of
Beep ON
Beep OFF
2014-02-06
damage. Press any key or wait 10 sec to continue.
Second page shows PP190 character sets. Press any key or wait
5 sec to leave.
PP190 will echo user’s input key at line 2.
Press [CAN] to l eave this test.
Diagnostic Menu 2: Display Info
DISPLAY ACTION
Display current serial number. Refer to message 06.
Display current firmware version.
Diagnostic Menu 3: Set LCD Backlight
DISPLAY ACTION
First item will set LCD backlight always o n. This setti ng is the
Light Auto OFF
same with message 1J with parameter 1.
Second item will set PP190 enable its backlight in following
situation:
a. Any key is pressed.
b. PIN entry command is working
c. Selecting Menu.
And backlight will automatically turn off after
above operation ends.
Diagnostic Menu 4: Set Keypad Beep
DISPLAY ACTION
Key press with beep.
Diagnostic Menu 5: Update Password
Page8
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
DISPLAY ACTION
Key press without beep.
PIN Pad 190 Programmer’s Manual
Update Password1
password, then press [ENTER] to finish input. If two passwords
Update Password2
2014-02-06
PP190 will show following message:
NEW PASSWD
****
CONFIRM PASSWD
****
User should press 1st password, press [ENTER] to enter 2nd
mismatch the password will not be changed. Password must have
4 characters at least, with maximum 8 characters.
PP190 will show following message:
NEW PASSWD
****
CONFIRM PASSWD
****
(Usage is the same with password 1.)
About USB virtual COM port (only applied on USB version)
PP190 USB vers ion will i den tif y its elf as a virtual COM port for W indows 2000/ XP device e num eration.
When Windows requests PP190’s device driver, please provide a directory name which contains PP190
USB driver, and answer “proceed anyway” when prompted with driver certification questions.
The baud rate of PP190 vir tual COM port is determ ined by the application progr am. When AP calls
Windows API to open COM port, PP190 and W indows virtua l COM port dr iver will a djust its ba ud rate
according to the parameters sent to API function.
Page9
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Section 3 Message format
This chapter details the format of messages exchanged between the host and PIN Pad.
Notation Conventions
The following conventions are used to make the description of messages more readable:
Control Codes
Control codes (non-displayable codes) are represented by two to three capital letters enclosed in angled
brackets “<>“. This PIN Pad uses 12 control codes in total. Their actual code, when referenced, is
represented by two hex di gits enclosed in angled br ackets, <0F> for ex ample. The following ta ble lists
their usage and value in hex codes.
CODE HEX VALUE USAGE
STX 02 Denotes the beginning of a message frame
ETX 03 Denotes the ending of a me s s age frame
EOT 04 Indicates communication session terminated
ACK 06 Acknowledge of message received
SI 0F Denotes the beginning of a message frame
SO 0E Denotes the ending of a me s s age frame
NAK 15 Indicates invalid message received
SUB 1A Message parameter follows
FS 1C Field separator
GS 1D Message ID follows
[LRC]
Each message fram e transmitted is follo wed by an LRC byte to d etect communicati on error. This byte
should be regarded as part of the m es sage f rame but c omes after the end ing de lim iter c haracter . [LRC]
is used to represents this LRC byte in describing message frames.
LRC is calculated as an X ORed valu e of ever y byte after s tart code in the m essage f rame ex cept itself,
that means from the next byte of <STX> or <SI> through the <ETX> or <SO> byte.
[item]
A descriptive item name enclosed in bracket denotes a string or data byte that has no fixed value.
Page10
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message frame su mmary
Data exchanged between PIN Pad and host computer are grouped into “message frames”. Each
message frame has one of the two frame formats listed below:
<STX>[message ID][data]<ETX>[LRC]
<SI>[message ID][data]<SO>[LRC]
Each type of message has a uni que value in its mes sage ID field. In the f ollowing tex ts, we referenc e a
message type by its message ID value, e.g. “message 70”.
Message type
Messages exchanged between the Signature PIN Pad and the HOST can be divided into two categories.
One is for administration and maintenance, in general administrative messages have <SI> packet
header and will return message to HOST by the same message ID.
The other is for various transactions, in gener al transac tion mess ages have <ST X> pack et header, an d
comes in pair. Even number message packets sends command and data to Signature PIN pad, then odd
number message packets returns the result.
Time-out
Whenever the PIN Pad sends a message, a response (<ACK> character for acknowledgement or
<NAK> character if LRC error occurred) from host is expected. If the PIN Pad does not receive a
response within 5 seconds, it will retransmit the last packet. If PIN pad does not receive <ACK> or
<NAK> after two retransm it attempts, it will send <EOT > character and this com munication ses sion will
be terminated.
Transmission Error
The PIN Pad expects the hos t computer to send a NAK whe n the host decides that an inva lid frame is
received. When the PIN Pad receives a NAK, it will retransmit its last message. If the message
retransmitted is invalid again, then a NAK should be sent by host to request for another try. The PIN Pad
will keep on retransmitting until an <ACK> or <EOT> is received.
Packet Error
When PIN pad rece ived a good transmission but invalid packet (wrong mess age id) it will ignore the
packet. If the pack et has acceptabl e message id but have wrong form at. PIN pad will se nd <EOT> as
error message. When in PIN entry functions it will send more detail error code.
Page11
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Section 4 Administration and maintenance messages
Message 01 Self Test
Format: <SI>01[test item]<SO>[LRC]
Message length: Fixed 7 bytes.
Usage: Field maintenance users can issue message 01 to do inter active PIN Pad self -tests.
Test results will be displayed on PIN Pad.
’04’ PIN Pad will detect spe cific patter n of k ey presses as a “correct” pattern, which is
Message element:
“[F1] [MENU] [F2] 1 2 3 4 5 6 7 8 9 [CAN] 0 [ENTER] [CLEAR]
pattern other than above will be treated as fail. Issue message 72 will interrupt this test,
too.
’05’: PIN pad will displa y 2 test pages: First one is a full screen of black dots to check
for damaged dot. Pres s [ENTER] or wait 10 s econ ds t o dis p lay page 2, which is som e
characters. Press [ENTER] again to end this test.
’06’: PIN pad will display its serial number on the LCD display.
’07’: PIN pad will execute a communication test, see next page for message flow.
Field Length Value and description
<SI> 1 <0F>
01 2 Message ID
[Test item] 2 01
02
03
”. Key press
04 Keypad test
05 Display test
06 Check serial number
07 Communication test
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow: (for test item 04 through 06)
HOST Direction PIN Pad
Message 01
(Execute self test)
Page12
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
PIN Pad 190 Programmer’s Manual
2014-02-06
<EOT> (when test done)
Message flow: (for test 07)
HOST Direction PIN Pad
Message 01
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
09 Response Packet
<ACK> (Good LRC)
<NAK> (Bad LRC)
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
09 Request Packet
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
09 Response Packet
<EOT> (when test done)
Page13
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 02 Load Master Key
Format: <SI>02[Key ID][Key value] <FS>[Usage][Mode]<SO>[LRC]
(with clear text key)
<SI>02[Key ID][Key value (ANSI TR31 format)]<SO>[LRC]
(with encrypted key)
Message length: Variable (38 to 94 bytes).
Usage: Load Master Keys into PP190.
PP190 can store 16 master keys; each has a one digit ID. Master keys are di vi de d i n to
three groups of differ ent functions. Refer to Appendix A: Key management
usage and ID definition.
PP190 implements multiple security measures to conform Payment Card Industry (PCI)
security requirem ent. In order to load clear text mas ter keys, two authorized people
with their password are required. Otherwise the user must issue message 02 with
encrypted key value (AN SI T R31 form at). See next entit y “Symmetric Keys Loading
Authentication” for detailed information.
Note: 1. The [key value] field’s format is ASCII string with range ‘0’-‘9’, ‘A’-‘V’, which
represents a hexadecimal byte in two characters, i.e. “1F” represents 0x1F.
2. PP190 requires key loading key (master key #F) to be TDES.
3. Pass key loading authent ication and then loa d new c lear text m aster k ey will er ase
all other master ke ys, to preve nt malicious key substitution. F or more information refer
to “Symmetric Keys Loading Authentication” at page 24.
for key
Page14
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
Clear text format: 32 bytes for double length, 48
31 key usage for clear text
31 key mode for clear text
2014-02-06
Message element:
Request fame (HOST to PP190)
Field Length Value and description
<SI> 1 <0F>
02 2 Message ID
[Key ID] 1 ‘0’ to ‘9’, ‘A’ to ‘F’ (A is not used)
[Key value] Var. Hexadecimal string for key value.
bytes for triple length.
TR31 format: 56 bytes for single length, 72 bytes
for double length, 88 bytes for triple length.
<FS> 1 Field separator.
(Optional, only available in c lear text format frame
if following [Usage] and [Mod e ] e xists)
[Usage] 2 Optional: ANSI TR-
frame. Available value are:
“K0” for key encryption. (id 0 ~ 9, B ~ F)
“P0” for PIN encryption. (id 0 ~ 9)
“M3” for MAC calculation. (id B ~ E)
If omitted, default value is “K0”
[Mode] 1 Optional: ANSI TR-
frame.
Available value are:
‘D’ for decryption only. (K0 keys)
‘E’ for encryption only (P0 / D0 keys)
‘G’ for MAC generation only (M3 keys)
‘V’ for MAC ver ification only (M3 keys)
If omitted, default value is ‘D’.
<SO> 1 <0E>
[LRC] 1 Checksum
Page15
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
loading procedure, send
2014-02-06
Request fame – Error message (HOST to PP190)
Field Length Value and description
<SI> 1 <0F>
02 2 Message ID
? 1
[Err msg] 1 ‘1’: KLK does not exist.
‘2’:
Key value duplicated with other existing key.
‘3’: Internal fail: fail to allocate memory
‘4’: Internal fail: fail to read key structure
‘7’: Fail to decrypt key value.
‘A’: TR31 format error.
‘B’: Insecure key inject. (New key is longe r than
the key used to protect it.)
‘C’: Fail to verify MAC value.
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow:
HOST Direction PIN Pad
Message 02 (request frame)
Verify echo frame.
If verify ok, send <ACK>.
If packet LRC error, send
<NAK>.
If host want to cancel key
‘E’:
Key usage incompatible with key ID.
<ACK> /<NAK>/<EOT>
Processing request.
If format error, send <EOT> and end.
Message 02 (echo of request frame).
Page16
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
<EOT>.
Save key value and send <EOT>
PIN Pad 190 Programmer’s Manual
2014-02-06
Example:
Clear Text
Master key to be loaded: 1919191919191919 5B5B5B5B5B5B5B5B
The Key ID you want to load: 0
The resulting 02 message : <SI>02019191919191919195B5B5B5B5B5B5B5B<SO>[LRC]
Encrypted (ANSI TR-31 2005 Key Variant Binding Method)
Key encrypting key (Mkey #F): 1919191919191919 5B5B5B5B5B5B5B5B
Master key to be loaded (K0): AA55AA55AA55AA55 3434343434343434
Key Block Header (KBH): (ASCII) A0072K0T D 00N 00 00
TDES CBC encrypted key value: 7D2D21FC9ECD3EEC BB0A2615BD8F0560 5722120BDFF2CCAC
Left 4 bytes of MAC value: 319C3198
The Key ID you want to load: 0
The resulting 02 message:
<SI>020A0072K0TD00N00007D2D21FC9ECD3EECBB0A2615BD8F05605722120BDFF2CCAC319C3
918 <SO>[LRC]
Encrypted (ANSI TR-31 2010 Key Derivation Binding Method)
Key condition: Load a double length PIN encryption key to key position #1
Key block protection key (KBPK): 1919191919191919 5B5B5B5B5B5B5B5B
PIN encryption key to be loaded: AA55AA55AA55AA55 3434343434343434
Padded key data: 0080 AA55AA55AA55AA55 3434343434343434 1C2965473CE2
Key Block Header (KBH): (ASCII) B0 080 P0TE00N0000
Derived Key block encryption key (KBEK): DB7F2A99D5647A7D D3EDFE3DA7CF5B21
Derived Key block MAC key (KBMK): 87EE6C0795954446 A34A0BB5F305BCE1
(See Appendix A for detail derive process)
CMAC of (KBH + Padded key data), using KBMK: EA391E5834C1AA0C
(See Appendix A for detail CMAC algorithm)
Use CMAC as IV to do TDES CBC encryption on padded key data, using KBEK:
Encrypted key data: 3C4F5024C59C182F 7165BC870FCB7F63 456AAE07DB736C32
The resulting 02 message:
<0F>021B0080P0TE00N0000 3C4F5024C59C182F 7165BC870FCB7F63 456AAE07DB736C32
EA391E5834C1AA0C<0E>
Page17
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
ENTER PASSWORD 1:
KEY INJECT MODE
Inject MKEY/IPEK
2014-02-06
Symmetric Keys Loading Authentication
In order to make PP190 acc ept clear text key loading frame, the ke y loading authenticat ion must be
processed.
[Enter key loading authentication menu]
Press [CLR]+[2] on the keypad of PP190, then PP190 will show key injection authentication login screen
as following:
(Default password will be sent to authentic owner separately)
The first authorized person come to enter 1
Then PP190 wil l prompt to enter 2
nd
pas sword if 1st password is correct. If 2nd pas sword is correct, to o,
PP190 will enter key loading mode and show following menu:
st
password on keypad and press [ENTER].
Update Password1
Update Password2
Use [F1] and [F4] key to navigate light bar to “Inject MKEY/IPEK”, then press [ENTER]. Then user is free
to load clear text master key by message 02, or load DUKPT initial key by message 90 and 94.
[Timing constraint and message constraint of Key Inject Mode]
According to PCI security requirement, PIN pad cannot stay in Key Inject Mode forever. Thus when
PP190 entered Key Inject Mode , its internal timer will start to countdown, and it s operating system will
monitor specific m essage p ack ets. If an y one of f ollowing criteria is matched, PP190 will exit K ey Inject
Mode and reject message 02(clear text form) and 90, 94 command:
1. When PIN pad idle d for 60 seconds, it will exit Ke y Inject Mode. (Each tim e 02 / 90 / 94 / 08 / 96 is
succeeded, the 60 seconds counter will reset to 60 again.)
2. When PIN pad has bee n in Key Inject Mode for 15 minutes. It will unconditionally ex it Key Inject
Mode.
3. When PIN pad receives messages other than 02 / 90 / 94 / 08 / 86, it will exit Key Inject Mode.
4. When user pressed CAN key on keypad, it will exit key inject mode.
[Master key substitution protecti o n ]
When user entered Key Inject Mode, PIN pad operating system will set up a new “Key Injecting
Session”.
The other master keys loaded in the same session will not erase any other master key.
DUKPT key set 0 and set 1 will not erase each other.
Page18
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
The first injected clear text master key in a new session will erase all other master keys.
PIN Pad 190 Programmer’s Manual
2014-02-06
Example flow to load master keys with security:
In the following example we assume a bank receives a new PP190 and wants to initialize it before deploy.
And want to update some master keys after its deployed. We also assume the master key to be loaded is
position 0 and position F; their values are already stored in a Tamper Resistant Security Module (TRSM)
in a secure way.
1. The bank must generate two passwords, and make two authorized people to keep them separately.
2. Authorized people must enter KEY INJECT AUTH menu and change password 1 and password 2.
3. After password chan ged, connect PIN pad to TR SM, enter KEY INJECT AUTH m enu again and
choose Inject MKEY/IPEK function.
4. Operate TRSM to load master key #F and master key #0.
After step 4 finishes, user can issue other commands to PIN pad (such as message 08 to select key
#0 as active master key) or turn it off and deploy it.
5. To load or update master keys at field site, user should issue encrypted command 02.
Page19
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 04 Check Master Key
Format: <SI>04[key ID][Key Info Query]<SO>[LRC]
Message length: Variable (6 or 7) bytes.
Usage: Host sends this m essage to PIN Pad for checking if the m aster key with an ID of [ke y
ID] has been loa ded or not. Message 04 should be used bef ore loading any master
key. Message 04 can be also used to query key information (key
usage/mode/algorithm) if the designated key is not empty.
Message element:
Request frame (HOST to PIN Pad)
Field Length Value and description
<SI> 1 <0F>
04 2 Message ID
[key ID] 1 Master key ID (0~9, A~G)
[Key Info Query] 1 <Option>, 1: query key information
<SO> 1 <0E>
[LRC] 1 Checksum
Response frame ( PIN Pa d to HOST)
Field Length Value and description
<SI> 1 <0F>
04 2 Message ID
[response code] 1 0 Master key not loaded
F Master key loaded
[Key usage] 2 <Optio n, if key info query filed is set>
“K0”: Key encr ypting key. (Master key
for PIN / MAC / Data key)
“P0”: PIN key
“D0”: Data key
“M1”: MAC key for MAC algorithm 1
“M3”: MAC key for MAC algorithm 3
<FS> 1 <Option, if key info query filed is set>
<1C>, filed separator
[Mode] 2 <Option, if key info query filed is set>
“E”: Encryption use
“D”: Decryption use
<FS> 1 <Option, if key info query filed is set>
<1C>, filed separator
[Algorithm] 2 <Option, if key info query filed is set>
Page20
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
“T”: Triple DES
“D”: Single DES
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow:
HOST Direction PIN Pad
Message 04 (request)
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Check requested memory location
Message 04 (r esponse)
<ACK> (Good echo)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
<EOT>
Page21
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 05 Load Serial Number
Format: <SI>05[string]<SO>[LRC]
Message length: Variable, maximum length is 21 bytes
Usage: Load the PIN Pad with the serial number given in the message frame. PIN Pad will
send the whole message frame back to host as a confirmation of good reception. Host
should then send an <A CK> to conf irm or <EOT > to canc el this s erial n um ber loading
process if the LRC is go od but s erial num ber echo ed i s incorr ect. Follo w the stan dard
<NAK> process if an invalid LRC is detected.
Message element:
Field Length Value and description
<SI> 1 <0F>
05 2 Message ID
[string] 0..16 Alphanumeric string (0~9, A~Z, a~z)
<SO> 1 <0E>
Message flow:
[LRC] 1 Checksum
HOST Direction PIN Pad
Message 05
<ACK> (Good echo)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Message 05 (echo frame)
or <EOT> indicate error.
(Stores serial number)
<EOT>
Page22
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 06 Get Serial Number
Format: <SI>06<SO>[LRC]
<SI>06[string]<SO>[LRC]
Message length: Fixed 5 bytes for requesting message, variable for response message (max 21 bytes.)
Usage: This message is used to get serial number of the PIN Pad. PIN Pad will send the serial
number previousl y loaded or string of 16 ‘0’s as the serial number if it has not been
loaded. Serial number will be displayed on LCD, too.
Message element:
Request frame (HOST to PIN Pad)
Field Length Value and descriptio n
<SI> 1 <0F>
06 2 Message ID
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow:
Response frame ( PIN Pa d to HOST)
Field Length Value and description
<SI> 1 <0F>
06 2 Message ID
[string] 0..16 String for serial number
<SO> 1 <0E>
[LRC] 1 Checksum
HOST Direction PIN Pad
Message 06 (request)
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Message 06 (response frame) or
<EOT> if read error
<ACK> (Good echo)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Page23
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
<EOT>
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 07 Test DES Implementation
Format: <SI>07[master key][clear text][cipher text]<SO>[LRC]
Message length: Fixed 53 bytes.
Usage: This message is used to validat e DES implementation of PIN Pad. Testing result will
be shown on the PIN Pad display and return response code for remote diagnostic.
Message element:
Request frame (HOST to PIN Pad)
Field Length Value and description
<SI> 1 <0F>
07 2 Message ID
[Master key] 16 Master Key used of encoding
(hexadecimal string)
[Clear text] 16 Clear text for encoding
(hexadecimal string)
Message flow:
[Cipher text] 16 Known ci phered text
(hexadecimal string)
<SO> 1 <0E>
[LRC] 1 Checksum
Response frame ( PIN Pa d to HOST)
Field Length Value and description
<SI> 1 <0F>
07 2 Message ID
[response code] 1 0: Test Success
F: Test Failed.
<SO> 1 <0E>
[LRC] 1 Checksum
HOST Direction PIN Pad
Message 07 (request)
<ACK> (Good LRC)
<ACK>/<NAK>/
<EOT>
Page24
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Message 07 (response)
<EOT>
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 08 Select Master Key
Format: <SI>08[KeyID]<SO>[LRC]
Message length: Fixed 6 bytes.
Usage: This message is used to select one of the 10 possible PIN encrypting master keys
previously loaded using message 02. The selected master key will be used in the
following transactions.
Note: Check master key existence before change:
This message does not res pond for check ing master key existenc e. You ma y choose
an empty master key without notice.
TDES capability: If selec ted master ke y is a double length key (32 char acters when
loaded with mess age 02), PP190 will treat all session keys (in MK/SK m essage 70,
Message element:
Message flow:
Z60, Z62) as EDE encrypted by this master key. (See Appendix A
Confirm key existence be fore issue 08: message 0 8 is not resp onsible for check if
[KeyID] has a valid master key, use message 04 before 08.
Field Length Value and description
<SI> 1 <0F>
08 2 Message ID
[KeyID] 1 0~9, one of Master key id.
<SO> 1 <0E>
[LRC] 1 Checksum
HOST Direction PIN Pad
Message 08
<ACK>/<NAK>/<EOT>
)
Error Message:
Error Code Meaning
‘1’ Key index > 9
Page25
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
[Success]
<SI>080<SO>
[Fail]
<SI>08[errCode]<SO>
<EOT>
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 09 Communicati on Test
Format: <SI>09<SO>[LRC]
<SI>09<SUB>PROCESSING<SO>[LRC]
Message length: Fixed 5 bytes for requesting message, fixed 16 bytes for response message.
Usage: This message is used to tes t communication link between HOST and the PIN Pad.
Both HOST and PIN Pa d can initiate communication test. The initiating party shou ld
send the requesting message; the other party should response with the response
message that shoul d be A CKed if rec eived c orrectl y. After ver ifying t hat the res ponse
message is correctly, the initiating party should send back the same response
message and the recei ving party should ack nowledge this message. Tes ting results
are shown on the PIN Pad display.
Message element:
Request frame (HOST to PIN Pad)
Field Length Value and description
<SI> 1 <0F>
09 2 Messa ge ID
<SO> 1 <0E>
[LRC] 1 Checksum
Response frame ( PIN Pa d to HOST)
Field Length Value and description
<SI> 1 <0F>
09 2 Message ID
<SUB> 1 <1A>
[Test string] 10 ASCII string “PROCESSING”
<SO> 1 <0E>
[LRC] 1 Checksum
Result frame (PIN Pad to HOST)
Field Length Value and description
<SI> 1 <0F>
09 2 Message ID
[response code] 1 0: Test Success
F: Test Failed.
<SO> 1 <0E>
[LRC] 1 Checksum
Page26
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message flow:
HOST Direction PIN Pad
Message 09 (request)
<ACK> (Good echo)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Message 09 (response)
<ACK> (Good echo)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Message 09 (response frame)
<ACK> (Good LRC)
<NAK> (Bad LRC)
Message 09 (result frame)
<EOT>
Page27
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 11 PIN Pad Device Connection Test
Format: <SI>11<SO>[LRC]
Message length: Fixed 5 bytes.
Usage: This message is us ed to ensure that the PIN Pad is attached to the HOST working
normally. PIN Pad will response an ACK (or NAK if LRC incorrect) within one second.
Message element:
Field Length Value and description
<SI> 1 <0F>
11 2 Message ID
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow:
HOST Direction PIN Pad
Message 11
<ACK> (Good LRC)
<NAK> (Bad LRC)
(<EOT> after 3 NAKs)
Page28
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
PIN Pad 190 Programmer’s Manual
2014-02-06
Message 13 Adjust COM1 Baud Rate (RS-232 version on ly)
Format: <SI>13[baud code][mode]<SO>[LRC]
Message length: Variable, 6 bytes.
Usage: This message will change the working b aud rate and transmit m ode of PP190 for later
operations. The setting is kept in the battery-powered memory, which will not be
erased until security is breached or the battery exhausted. Baud rate will be changed
after message flow ends.
Note: If [mode] parameter is not specified, the default transmit mode is N, 8, 1.
Message element:
Request frame (HOST to PIN Pad)
Field Length Value and description
<SI> 1 <0F>
13 2 Message ID
[baud code] 1 ASCII character
‘1’ = 1200bps
‘2’ = 2400bps
‘3’ = 4800bps
‘4’ = 9600bps
‘5’ = 19200bps
‘6’ = 38400bps
‘7’ = 57600bps
‘8’ = 115200bps
<SO> 1 <0E>
[LRC] 1 Checksum
Response frame (PI N Pad to HOST)
Field Length Value and description
<SI> 1 <0F>
13 2 Message ID
[status] 1 ASCII character
‘0’ for success
‘1’ for parameter error
<SO> 1 <0E>
[LRC] 1 Checksum
Message flow:
HOST Direction PIN Pad
Message 13 (request)
Page29
Uniform Industrial Corp. Proprietary and Confidential Total 160 pages
Loading...