USER MANUAL Spectrum Air
Contents
1. eee 26 9 4 5 Read Reader Serial Number 52 AE 26 9 4 6 Set Reader Serial Number 53 AE 27 9 4 7 Buffered Mode Arm to Read Command 50 01 201 27 9 4 8 Buffered Mode MSR Reset Command 50 01 3221 27 9 4 9 Buffered Mode Read MSR Data Command 51 01 XX uses 28 9 4 10 MSR Configuration Commands Description sese 28 9 4 11 Set MSR Transmit Mode 53 IA 29 9 4 12 Set MSR Read Direction 53 IDDIE 29 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 4 of 113 ID TECH Spectrum Air User Manual 9 4 13 Set WIS Rr SendOptiomb3 P9 EE 29 9 4 14 Set MSR Data Terminator 53 21 30 9 4 15 Set MSR Data Prefix String 53 Dill 31 9 4 16 Set MSR Data Postfix String 53 DI 31 OT sset rack WEE EEN 31 SOM Mr Micro aa Caco PEN 31 OA T9 Set TR E 39 E iaia dba ix eua ed add cid dua oben d dii ecd idee dio eod deus 31 9 4 20 Set Track Selection 53 191 32 9421 Set Track Separator 53 17 sisi niea ete nane di neta kane RE nl RR Re LR ER Re da aaan 32 9 4 22 Set Lrack n Prefix 53 34 ugeet 32 9 4 23 Set Track n Sutfix 53 37 EE 33 9 5 Magnetic e We TEE 33 9 6 LED A AMG ee NEE 34 9 7 Card Status Notification BO xl 34 9 8 Key ore Command NEIN TET TTD 35 9 9 Set OPOS JPOS Command x kee ute saninin annaa vaan ATA ER XR RENE UAE 36 9 10 Read MSR Options EE 36 10 SECURITY FEATURES E 38 10 1 Eneryption ENEE ooo ve E EE EE aoun2. Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 106 of 113 ID TECH Secure MOIR User Manual Ctrl 1D 30 Ctrl On Ctrl 6 1E 23 Ctrl On Ctrl 1F 2D Ctrl On SPACE 20 2C 21 1E Shift On 22 34 Shift On 23 20 Shift On 24 21 Shift On 25 22 Shift On amp 26 24 Shift On 27 34 28 26 Shift On 29 27 Shift On 2A 25 Shift On t 2B 2E Shift On 2C 36 2D 2D 2E 37 2F 38 0 30 27 Shift On 1 31 1E Shift On 2 32 1F Shift On 3 33 20 Shift On 4 34 21 Shift On 5 35 22 Shift On 6 36 23 Shift On 7 37 24 Shift On 8 38 25 Shift On 9 39 26 Shift On 3A 33 Shift On 3B 33 lt 3C 36 Shift On 3D 2E gt 3E 37 Shift On 3F 38 Shift On 40 1F A 41 04 Shift On B 42 05 Shift On C 43 06 Shift On D 44 07 Shift On E 45 08 Shift On Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 107 of 113 ID TECH Secure MOIR User Manual F 46 09 Shift On G 47 OA Shift On H 48 OB Shift On I 49 OC Shift On J 4A OD Shift On K 4B OE Shift On L 4C OF Shift On M 4D 10 Shift On N 4E 11 Shift On O 4F 12 Shift On P 50 13 Shift On Q 51 14 Shift On
3. Page 48 of 113 ID TECH Spectrum Air User Manual INPUT INITIAL KEY Initial Key o1 2345678946 CDEFFEDCBA9876543210 o 234567894BCDEFFEDCBA9876543210 Confirm key Cancel The Key Value KSN and Decrypted Data will be shown in the command output decrypted data textbox Command Output Decrypted Data Key Value 74 4F 36 87 D2 50 FE 70 48 E0 A4 07 44 OD 5E 96 KSN 00 00 39 02 00 00 01 00 00 13 Decrypted Data XB5150710200107845 PAYPASS MASTERCARD 09091 01 40000279 7 51507102001 07846 09091 01 4000027978 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 49 of 113 ID TECH Spectrum Air User Manual 11 3 Security Level 4 Features and Decryption When the reader is set to security level 4 an authentication process is required to capture and decode the data from a card insertion or removal Activate Authentication Command The ACT AUTH button sends the Activate Authentication Command To enable card track data capture in security level 4 first click on the ACT AUTH button Then go to the Activation Challenge Reply Command Activation Challenge Reply Command Click the ACT REPLY button after an Activate Authentication Command is sent After an lt ACK gt 06h is received the reader is ready to receive a card insertion and or removal acraumH f DEACTRPLY GetStatus Input Key for Decryption EM Copyright 2014 International Technolog
4. 2014 International Technologies amp Systems Corporation All rights reserved Page 95 of 113 ID TECH Spectrum Air User Manual encrypted with the result of current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt The Authenticated mode timeout duration specifies the maximum time in seconds which the reader would remain in Authenticated Mode A value of zero forces the reader to stay in Authenticated Mode until a card insertion and or removal or power down occurs The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If Session ID information is included and the command is successful the Session ID will be changed The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response correctly If the device cannot decrypt Challenge Reply command Activate Authenticated Mode fails and DUKPT KSN advances Command Structure Host Device 60 00 OA lt S gt lt 82h gt lt 08h gt lt Activation Data gt lt LRC gt lt ETX gt Activation Data 8 or 16 bytes structured as lt Challenge 1 Response gt lt Session ID gt Challenge 1 Response 6 bytes of Challenge 1 random data with 2 bytes of Authenticated mode timeout duration It s encrypted using the key derived from the current DUKPT key Session ID Optional 8 bytes Session ID encryp
5. 04 8 44 01 Handshake Setting LRC lt ETX gt The command is used to set the Handshake Flow Control of serial communication between application and Magnetic Stripe Insert reader where Handshake Setting 0 No Handshake 1 Hardware Handshake 2 Software Xon Xoff Handshake The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET STOP BITS The stop bit identifying the end of a data frame can have two different numbers lor 2 bits This command is used to set the number of stop bits in a character frame Set Stop Bits Command 60 00 04 8 45 01 Stop Bits Setting gt lt LRC gt lt ETX gt The default Stop Bits value is 1 bit Stop Bits Setting 0 1 Bit 1 2 Bits The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET XON ID This setting allows the user to select any single character to be used as the XOn ID character lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 47 gt lt 01 XOn ID Character gt lt LRC gt lt ETX gt The XOn ID can be any single ASCII character desired The default value is 0x11 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 80 of 113 ID TECH Spectrum Air User Manual SET XOFF ID This setting
6. R 52 15 Shift On S 53 16 Shift On T 54 17 Shift On U 55 18 Shift On V 56 19 Shift On W 57 1A Shift On X 58 1B Shift On Y 59 1C Shift On Z 5A 1D Shift On 5B 2F 5C 31 5D 30 5E 23 Shift On 5F 2D Shift On i 60 35 a 61 04 b 62 05 c 63 06 d 64 07 e 65 08 f 66 09 g 67 0A h 68 OB i 69 OC j 6A OD k 6B OE l 6C OF m 6D 10 n 6E 11 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 108 of 113 ID TECH Secure MOIR User Manual o 6F 12 p 70 13 q 71 14 r 72 15 S 73 16 t 74 17 u 75 18 V 76 19 W TT 1A x 78 1B y 79 IC Z 7A 1D 7B 2F Shift On 7C 31 Shift On 7D 30 Shift On 7E 35 Shift On DEL 7F 2A F1 81 f1 3A F2 82 f2 3B F3 83 f3 3C F4 84 f4 3D F5 85 M5 3E F6 86 Vo 3F F7 87 f7 40 F8 88 M8 41 F9 89 f9 42 F10 8A Va 43 F11 8B fb 44 F12 8C Mc 45 Home 8D home 4A End SE end 4D SF right 4F 90 left 50 T 91 up 52 l 92 down 51 PgUp 93 pgup 4B PgDn 94 pgdn 4E Tab 95 tab 2B bTab 96 btab 2B Shift On Esc 97 esc 29 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 109 of 113 ID TECH Secure MOIR User Manual Enter 98 Venter 28 Num Enter 99 Aum
7. 1 Card Track x LRC 10 4 Track len Track x LRC 10 Track len 1 OxOD 10 Track len 2 Track x ID Repeat Track The data format is independent with MSR setting No Track x data if track x sampling data does not exist Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 63 of 113 ID TECH Spectrum Air User Manual OPOS header Only HID KB interface has Right Shift Left Shift Right Ctrl Left Ctrl under POS mode Read Error Read Error 1 byte bits MSB LSB 0 B6 B5 B4 B3 B2 Bl BO BO 1 Track 1 sampling data exists 0 Track 1 sampling data does not exist Bl 1 Track 2 sampling data exists 0 Track 2 sampling data does not exist B2 1 Track 3 sampling data exists 0 Track 3 sampling data does not exist B3 1 Track 1 decode success 0 Track 1 decode fail 1 if track doesn t exist B4 1 Track 2 decode success 0 Track 2 decode fail 1 if track doesn t exist B5 1 Track 3 decode success 0 Track 3 decode fail 1 if track doesn t exist B6 0 if bO to b5 are all 1 otherwise 1 make it printable Read Error byte 2 MSB LSB 0 1 B12 Bll B10 B9 B8 B7 B7 0 Track 4 sampling data does not exist B9 B10 B11 000 ISO Card 7 5 or 7 5 5 encoding 010 AAMVA Card 7 5 7 encoding 110 OPOS Raw Data Output B12 0 Reserved for future use Decode flag will set to 1 B3 B
8. 4CFDOECE3CF33449F265542CBA4AE6240F99CDACDO8E92744FFC04C683834EBADO 4C9CB9D2A4BAAAFFE15F7C70169C89288097C4B8BB42C67D33073CFEE68B95DOF 88C6CF82F86BF8E7FE5909D153710399940C9DAD8BD26E929EE98BEBFA9D3C19A ACO47B61ES8ED56BE52DAA7F8B5FFFA013418AC88F65E1DB7ED4D10973F99DFC84 63FF6DF113B6226C4898A9D355057ECAF11A5598F02CA31688861C157CICE2EOF 72CEO0F3BB598A614EAABB1629949011A000BE00003D703 600002B000D203 MOIR protocol example separated into parts and explained Card present detected status 600002B008DA03 Card present and card seated status 600002B00AD803 Card present detected status 600002B008DA03 Actual start of the encrypted transaction 60 length MSB LSB card type track status length track 1 length track 2 length track 3 mask clear status crypt hash status 60 0198 80 3F 48 23 6B O03BF 0198 Total message length in hexadecimal 3F Track 1 3 found and properly decoded Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 54 of 113 ID TECH Spectrum Air User Manual 48 Length of track 1 data is 48h 72 decimal bytes 23 Length of track 2 data is 23h 35 decimal bytes 6B Length of track 3 data is 6Bh 107 decimal bytes 03 indicates tracks 1 and 2 as masked BF Tracks 1 3 are encrypted Tracks 1 3 are hashed the KSN is included Track one masked track data displayed in hexadecimal 252A343236362A2A2A2A
9. 6 char max ID Track2Suffix 38 Track 2 Suffix 0 No suffix for track 2 6 char max ID Track3Suffix 39 Track 3 Suffix 0 No suffix for track 3 6 char max Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 100 of 113 ID TECH Secure MOIR User Manual ID KeyTypeID 3E Key Type 0 0 data key Z pin key EpVerID 40 None BaudID 4 Baud Rate D 2 9 38 400 bps 2 is 1200 5 is 9600 S bps 9 is 115 2 kbps ParityID 43 Data Parity 0 00 47 None S HandID 44 Hand Shake 00 1 Software Xon Xoff hand shake S StopID 45 Stop Bit 0 I 1 bit 1 or 2 stop bits S XOnID 47 XOn Character DCI Ox11 as XOn 0x11 or 0x13 S XOffID 48 XOff Character DC3 0x13 as XOff Ox11 or 0x13 S PrePANID 49 lead PAN to not 4 0 6 leading PAN digits to display mask PostPANID 4A trail PAN to not 4 0 4 of trailing PAN digits to display mask MaskCharID 4B mask the PAN 20 7E any printable character with this character CrypTypeID 4C encryption type 1 0 2 0 none 1 3DES 2 AES r SerialNumbe 4E device serial any 8 10 bytes 8 10 character serial number r rID DispExpDate 50 mask or display 0 0 T 1 don t mask expiration date ID expiration date CapsCaselD S4 N
10. PrefixID D2 Preamble 0 No Preamble 15 char max Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 102 of 113 ID TECH Secure MOIR User Manual PostfixID D3 Postamble 0 No Postamble 15 char max Unused entries in this table were left for completeness even though unused in the MOIR reader to avoid conflicting definitions between products Note not all function ID are present in different hardware version of the MOIR the last column above has some codes feature not currently supported exists for compatibility s feature available on in the RS232 serial version of the reader u feature available only in the USB version k feature available on in the keyboard version r reset all does not affect this value n not directly settable Most function ID settings that relate to the content of formatting of the track output do not work in secure mode Exceptions to this are Preamble and Postamble in keyboard mode only Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 103 of 113 ID TECH Secure MOIR User Manual APPENDIX B STATUS CODE TABLE Return Status and Explanations Code Definition lt BO gt lt XX gt Card status switch no data media
11. detect change notification lt 90 gt lt 00 gt Operation completed successfully all operations lt 81 gt lt 00 gt Time out lt 69 gt lt 00 gt Command not supported lt 29 gt lt 00 gt Unknown ID warning lt 2A gt lt 00 gt Command received correctly but could not be completed lt C0 gt lt XX gt Magnetic card data with envelope 6908 cmd subtype invalid 690E invalid cmd response 6911 Q cmd length must be 1 6913 2nd byte of LED cmd must be 30 39 6915 invalid erasing string 6916 P cmd must be 0x30 or 0x32 691E problem with config command 691F host LED control not enabled 6920 Rdr not config for buff mode 6921 rdr not config for buff mode 6922 rdr not config for buff mode 6923 rdr not config for buff mode 692B already in OPOS JPOS mode 692D invalid session ID length 692E invalid SFR value 692F invalid SFR selection 6930 len must be 1 or securityLevel 3 6931 invalid DUKPT activation challenge 6932 authentication failure 6933 load device key failure 6934 invalid deactivation command 6935 deactivation authorization failed 6936 invalid challenge command 6937 challenge command failure 6938 inform of failure to execute cmd 6939 warn bad command ignored 693A invalid configure string 693B authentication failure Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 104 of 113 ID TECH Secure MOIR User Manual 693C load dev
12. mask clear status crypt hash status 60 01B8 80 3F 48 23 6B OS3FF 01B8 Total message length in hexadecimal 80 Enhanced encryption structure default with ABA card 3F Track 1 3 found and properly decoded 48 Length of track 1 data is 48h 72 decimal bytes 23 Length of track 2 data is 23h 35 decimal bytes 6B Length of track 3 data is 6Bh 107 decimal bytes 03 indicates tracks 1 and 2 as masked FF Tracks 1 3 are encrypted Tracks 1 3 are hashed The KSN is included The Session ID is included Track one encrypted track data displayed in hexadecimal length rounded upto next length evenly divisible by 16 the AES block size DBD7EFAFA49EE84708053F744F288916E851789A445843030809COE253E6900EE AOFFD078D51B9A7840AA5F98CC2DEADB2497DF29D6C848645E8241DA4ED80AA92 ACA5DDOSEOF1F3669CE77D4BE332BDCE2 Track two encrypted track data displayed in hexadecimal length rounded upto next length evenly divisible by 16 the AES block size E1295C13ADF4BE7793FA7FA24128171796A45E39404F4A4DE137B4BA165F6771 9BC633087F11330F4DB2323618CEAAA4 Track three encrypted track data displayed in hexadecimal length rounded upto next length evenly divisible by 16 the AES block size 0DB37773676888FF493D82F8F9757E8148F9CO5ECIBB2D2D54FB8F320C793C1F 3C7D8916C693F97970DFAED98F1ECAC6AF24BBA783BE7EDAIEB897D0CF737C6B 95AF16BD15C6AE99C2C7B99EBO79F2E19877DF3482A0CE5ABD8A8DDFED106CO07 A3244F0C932BF691B07023D671656B2A Session ID encrypted data dis
13. testenexkE tte Ether k i kon read 90 15 1 Level 1 and level 2 POS Mode Data Output Format 90 15 2 Level 5 Data Q tp t F rmat sostenido da iaieiiea 92 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 5 of 113 ID TECH Spectrum Air User Manual 15 3 15 4 15 5 APPENDIX A APPENDIX B APPENDIX C APPENDIX D Level 4 Data Output Format Level 1 and 2 Buffer Mode Output Format Level 4 Activate Authentication Sequence Setting Parameters and Values STATUS CODE TABLE ee Key Code Table in USB Keyboard Interface Envelope Drawing Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 6 of 113 ID TECH Spectrum Air User Manual 1 INTRODUCTION The Spectrum Air outdoor insert reader is designed for installations that might be subjected to harsh environments such as fuel pumps and outdoor kiosks This insert reader meets IP 65 rating with dual head configurations supporting up to 3 tracks of information from ISO and AAMVA encoded cards A card is read by inserting it into and or removing it out of the card slot The Spectrum Air utilizes TriMag III and offers encryption feature for USB and RS232 interface Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 7 of 113 ID TECH Spectrum Air User Manual 2 FEATURES Dual Head Magnetic only insert reader Interface USB KB USB HID
14. 14 81 3F 2E DA EO EF CO 46 OB 08 AB FA D7 95 87 KSN 62 99 49 01 1A 00 OB EO 00 01 Decrypted Data B4266841088889999 BUSH JR GEORGE W MR 0809101 100001 100000000046000000 3426684 1088889999 0809 101 1000004670 333333333337676760707077676763333333333767676070707767676333333333376767607070 716167633333333337676760707 2 Clear Masked Data displayed in ASCII Track 1 4266 Q9994BUSH JR GEORGE Track 2 42 66 t EH k 00E A ee a k ek k k kk DE Key Value 1A 99 4C 3E 09 D9 AC FF 3E A9 BD 43 81 EF A3 34 KSN 62 99 49 01 19 00 00 00 00 02 Decrypted Data displayed in ASCII B4266841088889999 BUSH JR GEORGE W MR 0809101 100001 100000000046000000 3426684 1088889999 0809 101 1000004670 333333333337676760707077676763333333333767676070707767676333333333376767607070 716167633333333337676760707 2 Track 1 decrypted data in hex including padding zeros but there are no pad bytes here 2542343236363834313038383838393939395E42555348204A522F47454F52474 520572E4D525E3038303931303131303030303131303030303030303030343630 30303030303F21 Track 2 decrypted data in hex including padding zeros 3B343236363834313038383838393939393D30383039313031313030303030343 63F300000000000 Track 3 decrypted data in hex including padding zeros 8B33333353833333335333373637363736303 75037303 373037303 139063333333 3333833353333373037303 736303 73037303 7373637303 73033333333333393333 33932373637303736303730373037313631363130339333333333333333333173603 73637363
15. 2 Standard Mode Automatic Transmt eene 13 6 3 un WEE 13 SPC Let E e 15 EE 17 EENEG 19 9 1 Communication Structure 2 tein o ee tien eben Rex ALL MNREREREMRRRRRRSRERMAEREPER KERENER KA REND UME 19 9 1 1 MOIR Protocol for Sending Commands and Receiving Responses saecceccccceecrrreeen 19 9 1 3 gt Sending Command arii uso cioe usua ea D aca s Ra cR AE LU GE Dn ARX LUR AERE OQ LC S GAL 19 E NM reco ci NR TU MT 19 91 22 Example of LRC TEE 20 9 1 2 9 MCOMMUNLC ALON KEE 20 9 2 NGA Protocol for Sending Commands and Receiving Responses 20 9 3 General Reader Commands Description seeeeeeeeseeeeeeeeeeeeeeeeaaeeeeeeaaeeeeenaaes 21 9 3 1 Get Firmware Version Report 39 ipei prior n pem E e pene e E rax diner EE ENEE EEN 22 9 3 2 Revert to Default Settings 53 18 iui eee ennt ntn ek Rn eth RE Rex rax aba ide 22 9 3 3 Host LED Control Command ICT 22 9 3 4 Reader Reset Command TI4o nennen nne nennen nans 23 9 3 5 Get Copyright Information 598 6e eee Oth ecce bb neath beocecie incer recede tik edel dads 23 9 4 Reader Configuration Commands Description ssssssssssessrrreerrrrrrerrrrrenrrnrrensrrrnes 23 9 4 1 Restore Configuration Settings to Default 318 24 9 4 2 Read All Configuration Settings 52 UE eege eo pete pp petet ape n petentes 25 94 3 Bit Setting and Clearing Commands ici scccsewisces icc nieteie ineci cd dc ac 26 9 4 4 Read Specific Configuration Setting 52 nn
16. 60 00 05 52 80 02 00 00 B5 03 OUT 60 00 14 62 99 43 01 14 00 0B CO 00 08 46 BB FOF2 BE SE FOEC 36 36 95 50 14 3B FA 78 05 03 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 51 of 113 ID TECH Spectrum Air User Manual MOIR RS232 Demo Program ver 4 0 Port General Setting MSR Security Help Manual Command Reader Output Reader Output ISO 4BA New Data Output Format 6001 98803F 48236B 03BF 2524 343236363834 24 24 24 24 24 24 24 3939395E 425553482044 522F 47454F524 7452 E92003EB3E53DD8E04123D6B5DD 487407846DB 80B 98CABF341 7D48DC9IDES501 26F 2E 3BS90C626F 3B 2632 F17D443C7B563FBC2492E F62BD 737397D83FD 198C0CB 5863681 C65E 4945466 C48 36 71067944EF 76608080 E5304325D4CFCFB2E 7FA2FBSCFBABADCD 71E 3435541 OF CD 33D C81BB AFSFSCFC5553E 1E215BA5871FDF FEE86741A1bEB DCBASFEAFSE 71101E 764653C 8BB2ECDFESCFFSCABBC 5AE018BBBFB5EB5 75C6E 2DC4444 A83112A51D1FDBAF8EAS3BF82837BA51D5823B27D 3DDC8CC742E 216000720401 BD8234CE 48CFGE 7A8E AG 268D 7D 44485F341 84C88F65E 1DB7ED 4D 1097 3F 99DFC8463FF6DF113B6226C489849D 35505 7E CAF114553 8F02C4316888610157C1CE 2b OF 2CEOF3BB538A614E AABB 162334301 140008 CO000074803 Clear Masked Data eg 53 18 Set Default Configuration eg 52 22 Read Firmware Version Output Format 8 ASCII HEX Send Command Decrypt Input Initial Key Eat Command Output Dectypted Data ACT AUTH ACT RPLY DEACT RPLY Get Status CMD 50 00 13 53
17. Code Set 3 KB interface reader The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt LRC gt lt ETX gt SET READER OPTION lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 11 gt lt 01 gt lt Setting gt lt LRC gt lt ETX gt A single byte setting is defined as follows Bit Position 0 1 BO Card Seated Off Card Seated On Bl Card Removed Off Card Removed On B2 Card In Off Card In On B3 MSR Data Envelope Off MSR Data Envelope On B4 LED Controlled by Reader LED Controlled by Host B5 Magnetic Data Present Off Magnetic Data Present On B6 Standard Decoder Raw Data Decoder B7 Card Out Off Card Out On The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt LRC gt lt ETX gt For RS232 reader the default value is OxAF For HID and HID KB the default is 0x23 The Raw Data Decoder enables raw data to be sent to the host for further processing Two ASCII characters represent each raw data byte The first ASCII character is for the high nibble of the hex code The second ASCII character is for the low nibble of the hex code For example the characters 4 and B represent raw data ABh 0100101 1 If Raw Data Decoder has been set all data will be treated as a bit string and will be sent out in hex format Leading or trailing zeros depending on whether the reader reads on insertion or Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 75 of 113 ID TECH
18. IPS Inches per Second ISO International Organization for Standardization JIS Japanese Industrial Standard JPOS Java for Retail Point of Sale KB Keyboard KSN Key Serial Number LED Light Emitting Diode LRC Longitudinal Redundancy Check Character LSB Least significant Bit mA Milliamperes MAC Message Authentication Code MSB Most significant Bit msec Milliseconds MSR Magnetic Stripe Reader mV Millivolts NACK Non acknowledge NGANext Generation ArchatectureOLEObject Linking and Embedding OPOS OLE for Retail Point of Sale OTP One Time Programmable PAN Primary account number PCA Printed Circuit Board Assembled PCB Printed circuit board bare PCI Payment Card Industry Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 9 of 113 ID TECH Spectrum Air User Manual POH Powered On Hours POS Point of Sale PPMSR Serial Port Power Magstripe Reader P N Part Number PS 2 IBM Personal System 2 Keyboard Interface RoHS Restriction of Hazardous Substances RTS Request To Send SHA 1 Enhance Cryptographic Hash Function SPI Serial Peripheral Interface T1 T2 T3 Track 1 data Track 2 data Track 3 data TDES Triple Data Encryption Standard USB Universal Serial Bus UV Ultra Violet spectrum of light rays Note many unusual words used in this document are defined in the Function ID table on page Formatting to designate certain data types A A single character in ASC
19. International Technologies amp Systems Corporation All rights reserved Page 68 of 113 ID TECH Spectrum Air User Manual e track 1 amp 2 encrypted AES TDES encrypted data e sessionID encrypted AES TDES encrypted data e track 1 hashed optional 20 bytes SHA 1 Xor e track 2 hashed optional 20 bytes SHA 1 Xor e track 3 hashed optional 20 bytes SHA 1 Xor e DUKPT serial number 10 bytes Non ISO ABA Data Output Format e card encoding type 1 AAMVA 3 Others e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 length 1 byte 0 for no track1 data e track 2 length 1 byte O for no track2 data e track 3 length 1 byte 0 for no track3 data e track 1l data e track 2 data e track 3 data Description Track 1 and Track 2 unencrypted Length This one byte value is the length of the original Track data It indicates the number of bytes in the Track masked data field It should be used to separate Track 1 and Track 2 data after decrypting Track encrypted data field Track 3 unencrypted Length This one byte value indicates the number of bytes in Track 3 masked data field Track 1 and Track 2 masked Track data masked with the MaskCharID default is The first PrePANID up to 6 for BIN default is 4 and last PostPANID up to 4 default is 4 characters can be in the clear unencrypted The expiration date is masked by default but can be optionally displayed Track 1 and Track 2 encryp
20. LED to slow flashing Red Set the LED to slow flashing Amber Flashing rate is approximately 25 seconds on and 25 seconds off Regardless of whether the LED is under the command of the host it will still signal certain errors and start up conditions If configured for RS232 and Plug and Play the LED will be amber until the reader has sent its plug and play string to the host or if a USB reader until the enumeration process has completed If there is a problem on first start up with configuring the EEPROM the LED will hang flashing amber In the slow flash mode the reader lights the LED for 12 seconds every 3 seconds To Configure the reader to support host controlled LED commands use the Set Reader Option command section 11 6 RED then GREEN after Power On Self Test Solid AMBER if USB until connected Solid GREEN almost always after good start up in auto mode DARK during track decoding Slow flashing GREEN if MSR read disabled Slow flashing GREEN if reader in buffered mode but not to armed to read RED for 5 second after bad card read indication in auto mode If in auto mode the LED color is determined by track options vs card tracks e RED for 5 second after bad card read in buffered mode when host requests buffered data e Flashing RED if DUKPT key is exhausted a million secure card transactions 9 7 Card Status Notification B0 xx There are six notifications the reader can issue One is an error notification the other
21. O E en Pe Tooococe FEMALE St C END VIEW i END VIEW Wire Connection JI Signal Pl P2 1 Chassis GND SHELL 2 TXD 2 3 RXD 3 4 Vin PIN 5 RTS 8 6 CTS 7 7 GND 5 SLEEVE PCA PIN Assignment P1 Signal 1 CHASSIS GND 2 TXD 3 RXD 4 Vin 5 6 T GND FPC Interface P2 Magnetic Head Description Signal 1 TIA Magnetic head input A track 1 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 17 of 113 ID TECH Spectrum Air User Manual 2 TIB Magnetic head input B track 1 3 T2A Magnetic head input A track 2 4 T2B Magnetic head input B track 2 3 T3A Magnetic head input A track 3 6 T3B Magnetic head input B track 3 7 Chassis GND Power Ground LED Interface LED1 Signal 1 Red 2 GND 3 Green Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 18 of 113 ID TECH Spectrum Air User Manual 9 COMMAND PROCESS 9 1 Communication Structure This section defines the command format for communicating with the reader 9 1 1 MOIR Protocol for Sending Commands and Receiving Responses Every command and response follows the same basic structure HEADER DATA TRAILER The HEADER consists of 60 followed by Command Length the command length is two bytes most significant then least significant byte The DATA often consist
22. Page 86 of 113 ID TECH Spectrum Air User Manual lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 66 gt lt 01 gt lt Track3 7Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 3 6 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 3 start sentinel if the magnetic card s Track 3 data is 6 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 67 gt lt 01 Track3 6Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 3 5 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 3 start sentinel if the magnetic card s Track 3 data is 5 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 68 gt lt 01 gt lt Track3 5Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK END SENTINEL This setting allows the user to select any single character to be output as the track end sentinel lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 69 gt lt 01 gt lt Track End Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET PREAMBLE This setting allows the user to select a character string to be
23. Spectrum Air User Manual withdrawal will not be sent except in KB mode where 4 bytes of trailing zeros are sent AII read track data is sent with no regard to track designation or separation No error checking is performed In all except KB mode a track prefix will be sent to identify which track the raw data is from The track prefix will be 0x01 for track 1 0x02 for track 2 and 0x03 for track 3 The Magnetic Data Present option is only available when the unit has been set to buffered mode After a good read the magnetic stripe data will be sent out with an envelope if MSR Data Envelope is ON lt 60 gt lt Len_H gt Len L Card data indication 1 gt Card data indication 2 Magstripe data lt LRC gt lt ETX gt Otherwise magnetic stripe data will be sent out without an envelope lt Magstripe Data Card data indication 1 gt Cx is an ID to indicate magnetic data Bit Position Value BO B3 Unused B4 0 B5 0 B6 B B7 T lt Card data indication 2 gt flags the current read Bit Positi Sr p BO Track 1 decode fail Track 1 decode success Bl Track 2 decode fail Track 2 decode success B2 Track 3 decode fail Track 3 decode success B3 No Track 1 data Track 1 data exists B4 No Track 2 data Track 2 data exists B5 No Track 3 data Track 3 data exists B6 B7 Unused Note Track x decode flag available only when track x data exist For RS232 interface reader after an insertion or withdrawal a Ma
24. Usage maximum 91 02 Output Data Variable Absolute 95 01 Report Count 75 03 Report Size 9101 Output Constant 95 06 Report Count 75 08 Report Size Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 62 of 113 ID TECH Spectrum Air User Manual 15 00 Logical Minimum 25 66 Logical Maximum 102 05 07 Usage Page key Code 19 00 Usage Minimum 29 66 Usage Maximum 102 81 00 Input Data Array 062D FF Usage Page ID TECH 95 01 Report Count 26 FF00 Logical maximum 255 1501 Logical Minimum 75 08 Report Size 8 09 20 Usage Setup data byte 95 08 Report Count 8 B20201 Feature Data Var Abs CO End Collection 13 2 USB Level 1 and level 2 POS Mode Data Output Format In POS mode use the special envelope to send out card data envelope is in the following format Right Shift Left Shift Right Ctrl Left Ctrl Read Error Track x ID Track x Error Track x Data Length Track x Data Card Track x LRC code Track x data LRC Reader will send out card data in Alt mode if its ASCII code less than H 20 Name Right Shift Left Shift Right Ctrl Left Ctrl Read Error 1 Read Error 2 Track x ID Track x Error Track x Length 1 Track x Length 2 0 Track Data no extra Track ID for raw data ee Ke o Z o wooo 1 ot amp I r Jc 10 Track len
25. added to the beginning of magnetic stripe data If a character string is defined it will be sent out before any track ID or start sentinel If no character string is defined nothing will be sent out ahead of the track ID or start sentinel lt 60 gt lt Command Length gt lt 53 gt lt D2 gt lt Len gt lt Preamble String gt lt LRC gt lt ETX gt Where lt Command Length gt is a two byte length from lt 53 gt to lt Preamble String gt lt Len gt is the number of bytes of the Preamble String but no greater than 0x10 lt Preamble String gt is string length string String length is one byte maximum 15 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET POSTAMBLE This setting allows the user to select a character string to be output at the end of magnetic stripe data If a character string is defined it will be sent out after the terminator ID If no character string is defined nothing will be sent out after the terminator ID Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 87 of 113 ID TECH Spectrum Air User Manual lt 60 gt lt Command Length gt lt 53 gt lt D3 gt lt Len gt lt Postamble String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt Postamble String gt lt Len gt is the number of bytes of Postamble String but no greater than 0x10 Postamble String
26. anioia naiaiae iiaia EINE UNE 39 10 2 Chigek Card Format MR 39 10 3 MSR Data EH su qr deser 39 10 4 Eege EE 40 10 4 1 Data eunt fh 8 40 11 USING THE EIER EE 45 11 1 Manual Command PL 46 11 2 Security RER Oe 48 11 3 Security Level 4 Features and Decryption sucia kic ence Oed o addu ga 50 11 4 EE EE 53 12 Decryption eene ege esu letescte De ebaceia 54 13 USB DATA FORMAT experta rex xe aa DEENEN aaa aa Eaa aE REMANERE 59 13 1 USB Level 1 and level 2 Standard Mode Data Output Format sssse 59 13 1 1 USB HID Data Format ecciesie rni tao iri ti exhi ERES e LEX ERRR DEN NER LER at 60 13 1 2 Descriptor Table52 ii eese Per dE EEN 60 13 2 USB Level 1 and level 2 POS Mode Data Output Format eeeeeeeeeeeeeee 63 13 3 Levelo Data Output Format eiei dont edu eris eot ipo quid tidem rb e 66 13 4 Level Data Output Forma dee E PY aug 68 13 5 Level 4 Activate Authentication Sequence eeeceeeeeeeeeee eene eere rne nnnnan 70 13 6 General ee DEE 73 13 7 RS232 Reader Special Configuration Commands eese 78 13 8 USB HID Keyboard Reader Special Commands eene 81 13 9 USB HID or HID Keyboard Reader Special Commands sssssssessrssserrrrreerrrrreerrrree 82 14 MAGNETIC STRIPE READER CONPIOGURATION eee 86 15 USB HID KB DATA OUTPUT PORNMINT Linie eaae t
27. are sent as encrypted data A card insertion and or removal returns the following data Note if all tracks are bad an empty packet is sent Card data is sent out in format of 60 LenH LenL Card Data LRC CheckSum 03 lt LenL gt lt LenH gt is a two byte length of Card Data lt LRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is a one byte Sum value calculated for all Card data Card Data format is ISO ABA Data Output Enhanced Format card encoding type track status sampling 80 ISO ABA 84 for Raw mode bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 track 1 unencrypted length 1 byte 0 for no track1 data track 2 unencrypted length 1 byte 0 for no track2 data track 3 unencrypted length 1 byte 0 for no track3 data Mask Clear Status 1 byte see definition Field 8 Encrypt Hash Status 1 byte see definition Field 9 track 1 masked track 2 masked track 3 data track 1 encrypted track 2 encrypted track 1 hashed track 2 hashed track 3 hashed optional DUKPT serial number Omitted if in raw mode Omitted if in raw mode Omitted if in raw mode AES TDES encrypted data AES TDES encrypted data 20 bytes SHA1 Xor 20 bytes SHA1 Xor 20 bytes SHA1 Xor 10 bytes ISO ABA Data Output Original Format card encoding type track status sampling 0 ISO ABA 4 for Raw mode bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 e tra
28. assuming the reader is already configured for Security Level 4 and configured for buffered mode Send the Act auth command 52 80 then send the act reply command 53 82 so the reader is now allowed to send a level 4 transaction then send an arm to read command 50 01 30 Depending on the configuration settings of the reader the host can poll the reader to determine if card data has been captured by asking for the reader status 24 and looking at the setting of B4 or asking the reader for the authentication status 52 83 and observing that the current status is 0 and the status antecedent is 2 The host computer can then request the encrypted buffered track data 50 01 30 The buffered data should not need to be re requested but if it is the KSN will be updated one time for each request 9 4 10 MSR Configuration Commands Description All MSR reader Configuration Commands are listed in the following format Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 28 of 113 ID TECH Spectrum Air User Manual 60 Length 53 FuncID Len FuncData LRC 03 Length is a two bytes counter which indicates length of data from 53 to end of Func Data The most significant byte comes first Success Response in all cases 60 00 02 90 00 F2 03 Note Default settings are in BOLD print 9 4 11 Set MSR Transmit Mode 53 1A 60 00 04 53 1A 01 lt MSR Transmit Mode gt LRC 03 The lt MSR Transmi
29. be under the control of the host application If the LED is under the control of the host the following settings are available e Turn the LED off dark e Turn on the LED green red or amber e Set the LED flashing green red or amber e Set the LED slow flashing green red or amber 6 2 Standard Mode Automatic Transmit To read a Magnetic Stripe Card follow these simple steps 1 Insert the card into the reader until it hits a hard stop 2 Withdraw the card in one continuous motion The green LED will go off briefly The reader by default reads the card on insert and on withdrawal and combines these reads but only sends the track data after withdrawal 3 When the card has been fully withdrawn the LED will turn red to indicate a bad read or to green to indicate a good read The track data is automatically sent to the host 6 3 Buffered Mode This is more complicated than standard mode see the suggested steps for buffered more application below When the unit is armed to read in buffer mode decoded data is retained in reader memory and an optional notice is sent to the host to indicate its presence Data is held in memory until the reader receives the next ARM TO READ or MSR RESET command at which point all data in memory will be erased Please refer to the specific Buffered Mode Arm to Read Command 50 01 30 page 27ARM TO READ IN BUFFER MODE MSR RESET IN BUFFER MODE and Copyright 2014 International Technologie
30. by the track data length field that corresponds to the track number The track data includes all data string starting with the start sentinel and ending with the end sentinel and track LRC ID TECH Reader Data Structure This is the format for a non encrypted card when encryption is enabled and the reader is set for the original encryption structure Offset Usage Name 0 STX 1 Data Length low byte 2 Data Length high byte Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 41 of 113 ID TECH Spectrum Air User Manual 3 Card Encode Type not 0 or 4 4 Track 1 3 Status 5 T1 data length 6 T2 data length 7 T3 data length 8 T1 data unencrypted including SS ES and LRC T2 data unencrypted including SS ES and LRC T3 data unencrypted including SS ES and LRC ETX LRC Note track formatting preamble prefix separator etc is not available in a reader set to send encrypted track data The track data is always sent in the same format Enhanced Encryption Format for MOIR This is the default Offset Usage Name If MOIR protocol envelope 0 60 1 Data Length high byte 2 Data Length low byte End MOIR protocol envelope header If NGA protocol envelope 0 STX 1 Data Length low byte 2 Data Length high byte End NGA protocol envelope header Encrypt Hash Status 1 byte see definition and example 0 T1 data masked if card type 0 omitted if card type 4 T2 data masked if card
31. byte in binary 0 for no track data 1 byte in binary 0 for no track2 data 1 byte in binary 0 for no track3 data For ISO card both clear and encrypted data are sent For other card only clear data are sent A card insertion and or removal returns the following data Card data is sent out in format of Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 92 of 113 ID TECH Spectrum Air User Manual MOIR Protocol the default lt 60 gt lt LenH gt lt LenL gt lt Card Data CheckLRC2 ETX NGA Protocol lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt lt STX gt 02h lt ETX gt 03h lt LenL gt lt LenH gt is a two byte length of Card Data lt CheckLRC gt is a one byte Exclusive OR sum calculated for all lt Card Data gt lt CheckSum gt is a one byte Sum value calculated for all lt Card data gt lt Card Data gt format is ISO ABA Data Output Original Encrypted Format card encoding type track status sampling track 1 unencrypted length track 2 unencrypted length track 3 unencrypted length track 1 masked track 2 masked track 3 data track 1 encrypted track 2 encrypted sessionID encrypted track 1 hashed track 2 hashed DUKPT serial number 0 ISO ABA bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1 byte in binary 0 for no track data 1 byte in binary 0 for no track2 data 1 byte in bi
32. bytes ASCII for KSN RESPONSE CODE 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KSN bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2 F 77 6F 52 4D 6B 5 A 47 52 6B 59 35 4 F 44 63 32 4 E 5 4 5 17 AMD 6A 4 5 77 52 54 43 69 0D 0A 03 5D Response 06 02 46 46 OD 0A 03 LRC e Load Encryption Key Command Data lt FF gt lt 0A gt lt LENGTH gt lt KEY gt lt KEY bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt lt LRC gt LENGTH TDES 0x21 DES 0x11 lt KEY gt TDES 0x33 DES 0x0B lt KEY bytes gt TDES 0x20 DES 0x10 RESPONSE CODE 6 bytes data in ASCII format which is converted from the first 3 cipher hex data These cipher data are generated by encrypting KEY bytes and 00 00 00 00 00 00 00 00 For Example Command 02 46 46 2F 77 6F 68 4D 7 A SA 42 5 I 7A 49 35 4D 6B 5 AM25 I S4 45 7 A 4 D5 4 56 43 4 E 4 5 5 1 34 4E 54 68 42 5 L 6A 4E 42 4D 30 5 1 33 52 44 55 35 4DV 7 AMEM2V6CVS 1 3D 3D 0D 0A 03 2D Response 06 02 46 46 OD 0A 03 LRC 9 9 Set OPOS JPOS Command There are three forms of the command 60 00 03 4D 01 30 7D 03 Enter Standard Mode Exit OPOS Mode 60 00 03 4D 01 31 7C 03 Enter OPOS Mode 60 00 03 4D 01 32 7F 03 Enter JPOS Mode raw mode OPOS Response is as follows 692B Reader already in OPOS Mode 6939 Command failur
33. can discover the state of the reader by one of two methods the host can wait for the reader to report that it has mag data buffered from the mag data present status then request that data or the host can poll the reader for the track data 4 Poll for Read Buffered Data 51 01 30 for any track data Or 51 01 3X if one requires specific track data The LED will turn off while the card track data is processed The LED will turn RED for 5 seconds if any of the required tracks were bad or there was data on an optional track that did not decode properly The LED will turn slow flashing green otherwise The LED will hold this setting until the reader is rearmed or put into auto mode Process the data Display proper notification to user 7 Go back to step 2 for next read NM Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 14 of 113 ID TECH Spectrum Air User Manual 7 SPECIFICATION Physical dimensions Environments Operating Temperature Storage Temperature Operating humidity Storage humidity Magnetic Reading Reading direction Life of magnetic heads Media Thickness Swipe Speed ESD Cable Agency Approval Power Input Voltage Vin Maximum Input Power Consumption 120mm x 92mm x 48mm LxWxH with bezel 20 C to 70 C 4 F to 158 F 40 C to 70 C 40 F to 158 F 10 to 90 no condensation allowed 10 to 90 no condensation allowed I
34. five are optional card seated and card unseated notification optional card present and card removed notification and optional buffered magnetic stripe data available Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 34 of 113 ID TECH Spectrum Air User Manual The reader can issue a card notification 60 00 02 BO XX C2 03 if card seated card unseated card present card removed buffered magnetic stripe data available notification Or there is a card that was inserted but was never seated or that was seated and withdrawn but never fully removed from the reader See get reader status on page 19 Each bit in the status byte holds specific information Configuring the reader to send or not send status data is done with the Options configurations setting byte and the Options 2 configuration setting byte 9 8 Key Loading Command Note This command is normally only used by a key loading facility This protocol is completely different from the normal reader protocol The Encrypted read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN KSN and Device Key loading commands and r
35. gt is string length string String length is one byte maximum 15 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt ENVELOPE FOR UNENCRYPTED MAGNETIC STRIPE DATA This command adds the ID TECH envelope to magnetic stripe data before it is sent to the host lt 60 gt lt Len_H gt lt Len_L gt lt card data indication 1 gt lt card data indication 2 gt Track 1 data Track2 data Track 3 data lt LRC gt lt ETX gt card data indication 1 gt lt Cx gt is an ID to indicate magnetic data Bit Position BO B3 Unused set to 0 B4 0 B5 0 B6 B7 lt card data indication 2 gt is to indicate reading status Bit 0 1 BO Track 1 decode fail Track 1 decode success B1 Track 2 decode fail Track 2 decode success B2 Track 3 decode fail Track 3 decode success B3 No Track 1 data Track 1 data exists B4 No Track 2 data Track 2 data exists B5 No Track 3 data Track 3 data exists B6 B7 Unused set to 0 Note The Track x decode flag will be 0 if Track x data does not exist Note The order of magnetic data and switch change notification depends on the order in which they come to the microcontroller This is not fixed SET ARM TO READ IN BUFFER MODE This command sets the reader to read magnetic stripe data and store it in memory 60 00 03 50 01 30 LRC ETX The response will be 60 00 02 90 00 LRC 03 If the reader con
36. lt 27 gt lt Len gt lt Card Removed String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt Card Removed String gt lt Len gt is the number of bytes of the Card Removed String but no greater than 24 Card Removed String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET CARD PRESENT STRING This setting allows the user to select a character string to be output as card present notification When the card front switch changes from off to on this string will be sent out if Card In On and Off bit in ReaderOptID is set lt 60 gt lt Command Length gt lt 53 gt lt 28 gt lt Len gt lt Card Present String LRC ETX In this example lt Command Length gt is a two byte length from lt 53 gt to lt Card Present String gt lt Len gt is the number of bytes of the Card Present String but no greater than 24 Card Present String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET CARD OUT STRING This setting allows the user to select a character string to be output as card out notification When the card front switch changes from on to off this string will be sent out if Card Out On and Off bit in ReaderOptID is set lt 60 gt
37. lt Command Length gt lt 53 gt lt 29 gt lt Len gt lt Card Out String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt Card Out String gt lt Len gt is the number of bytes of the Card Out String but no greater than 24 Card Out String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 0 3 gt SET NO DATA DETECTED STRING This setting allows the user to select a character string to be output as no data notification When mismatch of data edit formula no data on selected tracks no magnetic data after an insertion or withdraw time out this string will be sent out if No Data On and Off bit in ReaderOpt2ID is Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 83 of 113 ID TECH Spectrum Air User Manual set lt 60 gt lt Command Length gt lt 53 gt lt 2A gt lt Len gt lt No Data String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt No Data String gt lt Len gt is the number of bytes of the No Data String but no greater than 24 lt No Data String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET MEDIA DETECTED STRING This s
38. mode Any previously read data will be erased and reader will wait for the next insertion or removal As the user inserts or removes a card the data will be saved but will not be sent to the host The reader holds the data until receiving the next Arm to Read or MSR Reset command A notification will be sent to inform host of magnetic data presence after user card insertion and or removal if the corresponding bit in Reader Option byte has been set See section 11 6 Successful response is as follows 60 00 02 90 00 F2 03 Problem response is as follows EO 00 02 xxxx LRC 03 Other possible response statuses 6912 PB command length must be 1 6916 PB command data must be 0x30 or 0x32 6920 Reader not configured for buffered mode 6922 Reader not configured for magstripe read 9 4 8 Buffered Mode MSR Reset Command 50 01 32 60 00 03 50 01 32 00 03 This command will disable MSR read and clear any magnetic data in buffered mode The reader enters to a disarmed state and will ignore MSR data Successful response is as follows 60 00 02 90 00 F2 03 Problem response is as follows EO 00 02 xxxx LRC 03 Other possible response statuses 6912 PB command length must be 1 6916 D command must be 0x30 or 0x32 6920 Reader not configured for buffered mode 6922 Reader not configured for magstripe read Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 27 of 113 ID TECH Spectrum Ai
39. track error report report error on bad track B3 KB reader only Send std control codes send alt control codes B4 B7 Unused Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 29 of 113 ID TECH Spectrum Air User Manual The MOIR can be set to either send or not send the Start End sentinels and to send either the Track 2 account number only or all the encoded data on Track 2 The Track 2 account number setting does not affect the output of Track 1 and Track 3 30 Do not send Start End sentinel do send all data on all tracks No error notification 31 Send Start End sentinel and all data on all tracks No error notification 32 Do not send Start End sentinel for any track but do send account number on Track 2 only No error notification 33 Send Start End sentinel on Track 1 amp only account number on Track 2 for a credit card or Send Start End sentinel on Tracks 1 and 3 for a standard card No error notification 34 Do not send Start End sentinel but do send all data on all tracks Send the error notification 35 Send Start End sentinel and all data on all tracks Send the error notification 36 Do not send Start End sentinel for any track but do send account number on Track 2 only Send the error notification 37 Send Start End sentinel on Track 1 and account number on Track 2 only for a credit card or Send Start End sentinel on Tracks 1 and 3 for a
40. 03730373F320000000000 Example Security Level 4 decryption Example of decryption of a three track ABA card with the enhanced encryption format with AES This example does not include the card status reports 6001B8803F48236B03FF252A343236362A2A2A2A2A2A2A2A393939395E4255534 8204A522F47454F52474520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A 2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2A39393 9393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2ADBD7EFAFA49EE84708053F744F2 88916E851789A445843030809COE253E6900EEAO0FFD078D51B9A7840AA5F98CC2 DEADB2497DF29D6C848645E8241DA4ED80AA92ACA5DDOOEOF1F3669CE77D4BE332B Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 56 of 113 ID TECH Spectrum Air User Manual DCE2E1295C13ADF4BE7793FA7FA24128171796A45E39404F4A4DE137B4BA165F6 7719BC633087F11330F4DB2323618CEAAA40DB37773676888FF493D82F8F9757E 8148F9CO5ECIBB2D2D54FB8F320C793C1F3C7D8916C693F97970DFAED98Fl1ECAC 6AFP24BBA783BE7EDAIEB897DOCF737C6B95AF16BD15C6AE99C2C7B99EBO79F2E 9877DF3482A0CE5ABD8A8DDFED106C07A3244F0C932BF691B07023D671656B2AA B5A5B65170A895BE90610DA284394723418AC88F65E1DB7ED4D10973F99DFC846 3FF6DF113B6226C4898A9D355057ECAF11A5598F02CA31688861C157ClCE2EO0F7 2CEOF3BB598A614EAABB1629949011A0003A000130003 Actual start of the encrypted transaction 60 length MSB LSB card type track status length track 1 length track 2 length track 3
41. 21 characters e AAMVA American Association of Motor Vehicle Administration Card Encoding method Track is 7 bits encoding Track2 is 5 bits encoding Track3 is 7 bits encoding e Others Customer card 10 3 MSR Data Masking For encrypted ABA cards both encrypted data and clear text data are sent Masked Area The data format of each masked track is ASCII The clear data include start and end sentinels separators first N and last M digits of the PAN and cardholder name for Track1 The rest of the characters should be masked using mask character Set PrePANCIrData N PostPANCIrData M MaskChar Mask Character N and M are configurable and default to 4 first and 4 last digits They follow the current PCI constraints requirements N 6 M 4 maximum Mask character default value is e Set PrePANCIrDataID N parameter range 00h 06h default value 04h e Set PostPANCIrDataID M parameter range 00h 04h default value 04h e MaskCharID Mask Character parameter range 20h 7Eh default value 2Ah Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 39 of 113 ID TECH Spectrum Air User Manual e DisplayExpirationDataID parameter range 0 1 default value 0 10 4 Output Format Generally the output format is the same between the RS232 USB HID and USB HID KB The output that follows is the RS232 reader because it is a subset of the other two reader
42. 2A2A2A2A393939395E42555348204A522F47454F52474 520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A 2A2A2A2A2A3FP2A Track two masked track data displayed in hexadecimal 3B343236362A2A2A2A2A2A2A2A393939393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2 A3F2A Track one encrypted track data displayed in hexadecimal 26B03F2BD327CA087C159DEA3E779774A36B6E89CB5BC85EF92D08FB011520890 99FE2A348DF2BA8D7AFEF16AIF5F2CEA46946A92CDC2AB3B750D1AEF8127995E E6A944E12F9DFA4OE Track two encrypted track data displayed in hexadecimal 46607F06C68E057DA0 5CC3BBB2BD68ECE1D7D8 9A4671423C4F649082106A785A 62D9382968BCF4CF Track three encrypted track data displayed in hexadecimal DOECE3CF33449F265542CB4AE 62 40F9 9CDACDO8E92744FFC04C683834EB4D04C 9CB9D2A4BAAAMFFE15F7C70169C89288097C4B8BB42C67D33073CFEE68B95DOF8 8C6CF82F86BF8E7FE5909D153710399940C9DAD8BD26E929EE98BEBFA9D3C19A ACO47B61ES8ED56BE52DAA7F8BS5FFFAO1 First 20 bytes of track one data hashed 3418AC88F65EIDB7EDA4D10973F99DFC8463FF6DF First 20 bytes of track two data hashed 113B6226C4898A9D355057ECAF11A5598F02CA31 First 20 bytes of track three data hashed 688861C157C1CE2bE0F72CEOF3BB598A614EAABBI KSN 629949011A000BE00003 LRC and ETX D7 03 Card Removed from reader status 600002B000D203 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 55 of 113 ID TECH Spectrum Air User Manual Key Value
43. 3 2D xx Set Card In Slot String To edit the string for the optional notification 60 00 xx 532E xx Set Partial In String To edit the string for the optional notification SET CARD SEATED STRING 60 00 xx 53 2A xx Set No Data String To edit the string for the optional notification This setting allows the user to select a character string to be output as card seated notification When the card seated switch changes from off to on this string will be sent out if Card Seated On and Off bit in ReaderOptID is set lt 60 gt lt Command Length gt lt 53 gt lt 26 gt lt Len gt lt Card Seated String LRC ETX In this example lt Command Length gt is a two byte length from lt 53 gt to lt Card Seated String gt lt Len gt is the number of bytes of the Card Seated String but no greater than 24 Card Seated String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 82 of 113 ID TECH Spectrum Air User Manual SET CARD REMOVED STRING This setting allows the user to select a character string to be output as card removed notification When the card seated switch changes from on to off this string will be sent out if Card Removed On and Off bit in ReaderOptID is set lt 60 gt lt Command Length gt lt 53 gt
44. 3D30383039313031313030303030343 63F3000000000000000000000000000 Track 3 decrypted data in hex including padding zeros 3B333239333323333333932333373637303726303713037303137363730373063333333 333939339339397363136317363031790973023731363173631363333333233333333 33333736373637363037303730373736373637363333333333333333333337363 7363736303730373F320000000000 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 58 of 113 ID TECH Spectrum Air User Manual 13 USB DATA FORMAT The USB version of the reader can operate in two different modes HID ID TECH mode herein referred to as HID mode HID with Keyboard Emulation herein referred to as KB mode When the reader is operated in the HID mode it behaves as a vendor defined HID device A direct communication path can be established between the host application and the reader without interference from other HID devices 13 1 USB Level 1 and level 2 Standard Mode Data Output Format Card data is only sent to the host on the interrupt in pipe using an Input Report The reader will send only one Input Report per card insertion and or removal If the host requests data from the reader when no data is available the reader will send a NAK to the host to indicate that it has nothing to send Data Format Setting USB HID Data Format Product ID 06 40 USB Keyboard Format Product ID 06 20 Secure HID ID TECH Structure Product ID 25 10
45. 4 and B5 all set to 1 in OPOS raw data mode Track ID Track ID is a byte of ID it will be 1 2 and 3 for track 1 2 and 3 it is not accurate to use start sentinel to identify track Track x Error Track x error is a byte of flags Track x Error is set to 0x20 in OPOS raw data mode 0x20 Success 0x30 Insufficient track data 0x21 Bad Start Sentinel 0x24 Character parity error 0x22 Bad End Sentinel 0x28 Bad track LRC or insufficient trailing synch bits Track Length Assume actual Track x Data Length is hex code xy the Track x data length for OPOS mode output will be hex code 3x 3y Track x data length does not include the byte of Track x data LRC it is lt 30 gt lt 30 gt in case of read error on track x Track Data Card Track x LRC code is track x card data Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 64 of 113 ID TECH Spectrum Air User Manual Track x LRC Track x data LRC is a LRC to check track x data communication XOR all characters start from Track x ID to Track x data LRC should be 0 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 65 of 113 ID TECH Spectrum Air User Manual 13 3 Level 3 Data Output Format For ISO card both clear and encrypted data are sent For other card only clear data is sent at the default encryption setting If the reader is in Raw mode all tracks
46. 82 10 BB DC 35 E5 00 5C B3 58 85 D5 96 F2 C3 CA 08 SF 18 03 a 60 00 02 30 00 F2 03 Deactivate Authentication Mode Command Clicking the DEACT RPLY button exits or cancels the authenticated mode Get Status The Get Status button gives the reader activation status and precondition in the format 83h 02h Current Reader Status gt lt Pre condition gt For example 60 00 02 83 02 02 LRC 03 represents Reader Status the reader is waiting for a card insertion and or removal Pre condition authentication mode was activated successfully The reader processed a valid Activation Challenge Reply command Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 52 of 113 ID TECH Spectrum Air User Manual For more details on the authentication process please refer to Section 10 5 of the manual 11 4 Reader Operations The demo software can be used to display the card data and send reader commands To view the card data on screen place the cursor in the manual command reader output text box and insert and or remove the card To send a reader command type the appropriate command in the text box and press the Send Command button General Setting Provide options such as reader default settings firmware version and buffered mode options MSR Security The security is enabled by selecting TDES or AES Once the encryption is enabled the reader cannot be changed back to non encrypted m
47. B11 000 ISO Card 7 5 or 7 5 5 encoding 010 AAMVA Card 7 5 7 encoding 110 OPOS Raw Data Output B12 Reserved for future use Decode flag will set to 1 B3 B4 and B5 all set to 1 in OPOS raw data mode Track ID Track ID is a byte of ID it will be 1 2 and 3 for track 1 2 and 3 it is not accurate to use start sentinel to identify track Track x Error Track x error is a byte of flags it will be in format of 0 0 1 b4 b3 b2 bl bO bO 1 Start sentinel error 0 Not start sentinel error bi 1 End sentinel error 0 Not end sentinel error b2 1 Parity error 0 Not parity error b3 1 LRC error 0 Not a LRC error b4 1 Other error 0 Not other error Track x Error is set to 0x20 in OPOS raw data mode Track Length Assume actual Track x Data Length is hex code xy the Track x data length for OPOS mode output will be hex code 3x 3y Track x data length does not include the byte of Track x data LRC it is lt 30 gt lt 30 gt in case of read error on track x Track Data Card Track x LRC code is track x card data Track x LRC Track x data LRC is a LRC to check track x data communication XOR all characters start from Track x ID to Track x data LRC should be 0 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 91 of 113 ID TECH Spectrum Air User Manual 15 2 Level 3 Data Output Format For ISO card both clear and encrypted data are s
48. Buffered Mode The application program first sends an Arm to Read command to enable the magnetic stripe reading The user inserts and or removes a card the decoded data is stored the readers notifies the host a magstripe read occurred and MSR is disarmed The application program then sends a Read MSR Data command to retrieve the data from the buffer To read a magnetic stripe card just follow these simple steps LED indication describes LED status change when it is under the control of the reader Insert a card magnetic stripe down into the reader until it hits a hard stop note if reader is configured for read on insert the default is on withdrawal it is important to insert the card in one continuous motion to insure proper reading of the data As soon as the reader detects data from magnetic stripe the green LED indicator will go off Withdraw the card in one continuous motion The green LED will go off The reader by default will read the magnetic stripe on both insertion and withdrawal but only report the track data after the card has been withdrawn We call this report on withdrawal If the reader controls the LED the LED will turn red to indicate a bad read or green to indicate a good read meaning it is ready for another transaction Configuring the reader to support auto transmit mode or buffered mode is done with Set MSR Transmit Mode 53 1A page 29 Report on Withdrawal Mode With this reader IDTECH introduce
49. FO FOFO FOFO FOFO gt The decrypted challenge 1 contains 6 bytes of random number followed by the last two bytes of KSN The two bytes of KSN may be compared with the last two bytes of the clear text KSN sent in the message to authenticate the reader The user should complete the Activate Authentication sequence using Activation Challenge Reply command Command Structure Host gt Device 60 00 04 lt R gt lt 80h gt lt 02h gt lt Pre Authentication Time Limit gt lt LRC gt lt ETX gt Device gt Host 60 00 01 lt Device Response Data gt lt LRC gt lt ETX gt success Pre Authentication Time Limit 2 bytes of time in seconds Device Response Data 26 bytes data consists of Current Key Serial Number Challenge 1 gt Challenge 2 Current Key Serial Number 10 bytes data with Initial Key Serial Number in the leftmost 59 bits and Encryption Counter in the rightmost 21 bits Challenge 1 8 bytes challenge used to activate authentication Encrypted using the key derived from the current DUKPT key Challenge 2 8 bytes challenge used to deactivate authentication Encrypted using the key derived from the current DUKPT key Activation Challenge Reply Command This command serves as the second part of an Activate Authentication sequence The host sends the first 6 bytes of Challenge 1 from the response of Activate Authenticated Mode command two bytes of Authenticated mode timeout duration and eight bytes Session ID Copyright
50. Get Reader Authentication Status Command Command Structure Host gt Device 60 00 02 lt R gt lt 83h gt lt LRC gt lt ETX gt Device gt Host 60 00 04 lt 83h gt lt 02h gt lt Current Reader Status gt lt Pre condition gt lt LRC gt lt ET X gt success Current Reader Status 2 bytes data with one byte of lt Reader State gt and one byte of lt Pre Condition gt Reader State indicates the current state of the reader 0x00 The reader is waiting for Activate Authentication Mode Command The command must be sent before the card can be read 0x01 The authentication request has been sent the reader is waiting for the Activation Challenge Reply Command 0x02 The reader is waiting for a card insertion and or removal Pre condition specifies how the reader goes to its current state as follows 0x00 The reader has no card insertion or removals and has not been authenticated since it was powered up 0x01 Authentication Mode was activated successfully The reader processed a valid Activation Challenge Reply command 0x02 The reader receives a good card insertion and or removal 0x03 The reader receives a bad card insertion and or removal or the card is invalid 0x04 Authentication Activation Failed 0x05 Authentication Deactivation Failed 0x06 Authentication Activation Timed Out The Host fails to send an Activation Challenge Reply command within the time specified in the Activate Authentication Mode command Co
51. H Spectrum Air User Manual Encrypted section T1 T2 data encrypted if card type 0 or 4 else omitted T3 data encrypted only if card type 4 Session ID 8 bytes Only if security level 4 amp card type 0 or 4 End encrypted section T1 T3 hashed if card type 0 or 4 20 bytes each KSN 10 bytes only if card type 0 or 4 If MOIR protocol envelope LRC ETX End MOIR protocol envelope header If NGA protocol envelope LRC Check Sum ETX End NGA protocol envelope header Notes Offset to the fields can be determined by adding the field length using the track data for the track field lengths Fields are packed in the next available location T1 T2 or T3 Data Length Each byte value indicates how many bytes of decoded card data are in the track data field This value will be zero if there was no data on the track or if there was an error decoding the track The encrypted section is padded with 0 to the block size of the encryption type 8 bytes for TDES and 16 bytes for AES The hashed data may optionally be omitted Card Encode Type Value Encode Type Description 0 ISO ABA ISO ABA encode format 1 AAMVA AAMVA encode format 3 Other The card has a non standard format For example ISO ABA track 1 format on track 2 4 Raw The card data is sent in Raw encrypted format All tracks are encrypted and no mask data is sent T1 T2 or T3 data The length of each track data field varies by the length of valid data in each field is determined
52. ID Keyboard BCD Device Release 00 01 1 Manufacture 01 1 Product 02 1 Serial Number 00 Configuration 01 Configuration Descriptor Field Value Description Length 09 Des type 02 Total Length 22 00 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 60 of 113 ID TECH Spectrum Air User Manual No Interface 01 Configuration Value 01 iConfiguration 00 Attributes 80 Bus power no remove wakeup Power 32 100 mA Interface Descriptor Field Value Description Length 09 Des type 04 Interface No 00 Alternator Setting 00 EP 01 Interface Class 03 HID Sub Class 01 Interface Protocol 01 iInterface 00 HID Descriptor Field Value Description Length 09 Des type 21 HID bcdHID 1101 Control Code 00 numDescriptors 01 Number of Class Descriptors to follow DescriptorType 22 Report Descriptor Descriptor Length 3700 HID ID TECH format 3D 00 HID Other format 5200 HID Keyboard format End Pointer Descriptor Field Value Description Length 07 Des Type 05 End Point EP Addr 83 EP3 In Attributes 03 Interrupt MaxPacketSize 40 00 bInterval 01 Report Descriptor USB HID Value Description 0600 FF Usage Page MSR 09 01 Usage Decoding Reader Device Al Ol Collection Applica
53. IDT CH Value through Innovation USER MANUAL Spectrum Air Outdoor Dual Headed Magnetic Only Insert Reader USB and RS232 Interface CE FE 80116501 001 C 03 14 2014 ID TECH Spectrum Air User Manual Agency Approved Specifications for subpart B of part 15 of FCC rule for a Class A computing device Limited Warranty ID TECH warrants to the original purchaser for a period of 12 months from the date of invoice that this product is in good working order and free from defects in material and workmanship under normal use and service ID TECH s obligation under this warranty is limited to at its option replacing repairing or giving credit for any product which has within the warranty period been returned to the factory of origin transportation charges and insurance prepaid and which is after examination disclosed to ID TECH s satisfaction to be thus defective The expense of removal and reinstallation of any item or items of equipment is not included in this warranty No person firm or corporation is authorized to assume for ID TECH any other liabilities in connection with the sales of any product In no event shall ID TECH be liable for any special incidental or consequential damages to Purchaser or any third party caused by any defective item of equipment whether that defect is warranted against or not Purchaser s sole and exclusive remedy for defective equipment which does not conform to the requirements of sales is to h
54. II 41h A single character in hexadecimal 41 A single character in a group of hexadecimal digits String ASCII character group if in communication group not NULL terminated Default A default value will be bolded lt ETX gt A communication member one byte in size except the message length 6913 four digit hex numbers are error status indications xxx xxx Square brackets designate optional or repeated data groupings 52 4E Bold square brackets in headings are the key communication bytes for a particular command BO bit positions are all from position 0 to position 7 so if only Bl is set the value of a byte is 02h Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 10 of 113 ID TECH Spectrum Air User Manual 4 RELATED DOCUMENTS ISO 7810 Identification Cards Physical Characteristics 1995 ISO 7811 Identification Cards Recording Technique 1995 AAMVA Best Practices Guidelines for the Use of Magnetic Stripes ISO 4909 Magnetic stripe content for track 3 ISO 7812 Identification Cards Identification for issuers Part 1 amp 2 ISO 7813 Identification Cards Financial Transaction Cards ANSIX9 24 2002 Retail Financial Services Symmetric Key Management USB ORG USB Specification Rev 2 0 Supported Programs Secure MOIR RS232 Demo Program Secure MOIR USB Demo Program Secure MOIR Configuration Program Copyright 2014 International Technologies amp Systems Corpor
55. Len and lt FuncData gt definition are same as described above Where Characters Hex Value Description lt STX gt 02 Start of Text lt ETX gt 03 End of Text lt ACK gt 06 Acknowledge lt NAK gt 15 for Negative Acknowledge RS232 and USB HID interface FD for USB KB interface lt UnknownID gt 16 Warning Unsupported ID in setting lt AlreadyInPOS gt 17 Warning Reader already in OPOS mode lt R gt 52 Review Setting lt S gt 53 Send Setting lt LRC gt Xor d all the data before LRC 9 3 General Reader Commands Description Reader Command Summary Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 21 of 113 ID TECH Spectrum Air User Manual ASCH HEX Name Use Copyright Report Requests reader s copyright notice Firmware Version Report Requests version string 38 f 39 i 24 Get Reader Status Determining card inserted MSR data eee eee 6 9 keys not resend startup string OPOS JPOS Command Command to enter OPOS or JPOS mode Table 1 Reader Command Summary 9 3 Get Firmware Version Report 39 60 00 01 39 58 03 Note An approximately 55 byte version description will be returned The description and length varies somewhat by hardware and version Response is as follows 60 00 35 Version Description LRC 03 Response Example mixed hex and ASCII 60 00 35 ID TECH TM3 Secure Mag Only Inse
56. NEL This setting allows the user to select any single character to be output as the Track 1 start sentinel if the magnetic card s Track 1 data is 5 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 63 gt lt 01 gt lt Track1 5Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 2 7 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 2 start sentinel if the magnetic card s Track 2 data is 7 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 64 gt lt 01 gt lt Track2 7Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 2 5 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 2 start sentinel if the magnetic card s Track 2 data is 5 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 65 gt lt 01 gt lt Track2 5Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 3 7 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 3 start sentinel if the magnetic card s Track 3 data is 7 bit encoded Copyright 2014 International Technologies amp Systems Corporation All rights reserved
57. Secure HID Keyboard Product ID 25 20 When the reader is plugged in the firmware will read the Data Format Setting from non volatile memory and send current Product ID in enumeration After the setting is changed the firmware will save the setting then do enumeration process Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 59 of 113 ID TECH Spectrum Air User Manual 13 1 1 USB HID Data Format ID TECH HID Reader Data Structure Offset Usage Name 0 T1 decode status 1 T2 decode status 2 T3 decode status 3 T1 data length 4 T2 data length 5 T3 data length 6 Card encode type 7 8 Total Output Length 9 HIDSIZE Output Data In this approach the reader will keep all of the ID TECH data editing and other features like preamble postamble etc The output data is always HIDSIZE bytes the Total Output Length field indicates the valid data length in the output data Note HIDSIZE 580 bytes as described in USB enumeration HIDSIZE is subject to change Software should auto adjust in case enumeration changes 13 1 2 Descriptor Tables Device Descriptor Field Value Description Length 12 Des type 01 BCD USB 00 02 USB 2 0 Device Class 00 Unused Sub Class 00 Unused Device Protocol 00 Unused Max Packet Size 08 VID 0A CD PID 06 40 HID ID TECH Structure 06 20 HID Keyboard 25 10 Secure HID ID TECH Structure 25 20 Secure H
58. Spectrum Air reader uses the same demo software as the SecureMOIR reader The demo software is provided to demonstrate features of the Encrypted MSR It supports decrypting the encrypted data and sending command to MSR Overview of Secure MOIR Demo The screenshot may reflect an older version of demo software MOIR RS232 Demo Program ver 4 0 Port General Setting MSR Security Help Manual Command Reader Output eg 53 18 Set Default Configuration eg 52 22 Read Firmware Version Output Format C ASCII HEX i Send Command Decrypt Input Initial Key Exit Command Output Decrypted Data ACT AUTH ACT RPLY DEACT RPLY _ Get Status Mag Only Insert Reader Connected Security Level is 3 TDES Encryption MOIR Envelope The Synchronize button allows the demo program to query the reader determine its security communication setting and synchronize to the readers setting This button does not determine every possible reader feature such as baud rate it assumes the reader is able to communicate with the demo program Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 45 of 113 ID TECH Spectrum Air User Manual When the RS232 demo starts up it attempts to open COM 1 and connect to the reader If this dialog box displays COM 1 was either not installed or already in use Just select the correct port under the port tab and you should be connected to t
59. Track 1 amp Track 3 0x36 Track 2 amp Track 3 0x37 All Three Tracks 0x38 Track 1 amp or Track 2 0x39 Track 2 amp or Track 3 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 94 of 113 ID TECH Spectrum Air User Manual 15 5 Level 4 Activate Authentication Sequence The security level changes from 3 to 4 when the device enters authentication mode successfully Once the security level is changed to level 3 or 4 it cannot go back to a lower level Activate Authentication Mode Command When the reader is in security level 4 it would only transmit the card data when it is in Authenticated Mode Authentication Mode Request When sending the authentication request the user also needs to specify a time limit for the reader to wait for the activation challenge reply command The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If the reader times out while waiting for the activation challenge reply the authentication failed If the timeout time is set to zero then this request has no timeout Device Response When authentication mode is requested the device responds with two challenges Challenge 1 and challenge 2 The challenges are encrypted using the current DUKPT key exclusive or ed with lt FOFO FOFO FOFO FOFO FO
60. USB CDC RS232 IP 65 rating Reads up to 3 tracks of card data Sealed bezel and chassis meaning that unit can allow water ingress but not allow water to seep into the host unit Ideal for gas pumps and outdoor kiosk applications TDES AES encryption DUKPT key management Card seated switch OPOS amp JPOS support Support all software features current SPT MOIR supports l year Warranty Gas pump mounting compatible with UIC Panasonic mounting Mounting Compatible with Panasonic ZU 1870MA8T2 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 8 of 113 ID TECH Spectrum Air User Manual 3 ABBREVIATIONS AAMVA American Association of Motor Vehicle Administration ABA American Banking Association ACK Acknowledge AES Advanced Encryption Standard ASIC Application Specific Integrated Circuit BPI Bits per Inch CADL California Drivers License Format obsolete CE European Safety and Emission approval authority COM RS232 serial communication port CTS Clear To Send CBC Cipher block chaining CDC USB to serial driver Communication Device Class DC Direct Current DES Data Encryption Standard DUKPT Derived Unique Key per Transaction DMV Department of Motor Vehicle ESD Electro Static Discharge ETX End of Transmission FPC Flexible Printed Circuit FCC Federal Communications Commission GND Signal Ground Hex Hexadecimal HID Human Interface Device
61. allows the user to select any single character to be used as the XOff ID character lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 48 gt lt 01 XOff ID Character LRC2 ETX The XOff ID can be any single ASCII character desired The default value is 0x13 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt 13 8 USB HID Keyboard Reader Special Commands The following table is a special command only for keyboard interface reader HEAD DATA NAME USAGE 60 00 04 531201 xx Set Character Delay Set inter character delay time for KB reader Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 81 of 113 ID TECH Spectrum Air User Manual 13 9 USB HID or HID Keyboard Reader Special Commands The following table is a KB or USB HID KB Reader Special commands summary described in this section HEAD NAME USAGE 60 Command 53 26 xx Set Card Seated String To edit the string for the optional notification 53 27 xx Set Card Removed To edit the string for the String optional notification 53 28 xx Set Card Present To edit the string for the String optional notification 60 00 xx 53 29 xx Set Card Out String To edit the string for the optional notification 60 00 xx 53 2B xx Set Media Detected To edit the string for the String optional notification 60 00 xx 53 2C xx Set Magnetic Data To edit the string for the String optional notification 60 00 xx 5
62. ample of LRC Calculation LRC Longitudinal Redundancy Check Calculated by taking Exclusive OR Modulus 2 of all characters preceding it total with LRC is equal to zero For example the following command means Set Send Option to 0x30 value lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 19 gt lt 01 gt lt 30 gt lt 1F gt lt 03 gt lt 1F gt is the LRC character It is derived from the following Characters ffl binary 2 binary 0 60 0110 000 00 0000 0000 04 0000 0100 53 0101 0011 19 0001 1001 01 0000 0001 30 0011 0000 1F 0001 1111 Result of Exclusive OR 9 1 2 3 Communication Timing Maximum delay for the reader to respond to a write configuration command is 20ms Typical delay is 5ms During the command processing time the reader will not respond to a new command The reader will accept a new command as soon as it has responded to the previous command Note Maximum delay between two characters in a command is 100ms During command processing or the reading of a magnetic stripe the reader will not respond to a new command The typical delay for the reader to respond to a setting command is less than 20ms Once communication between the host and the reader has been established sending the appropriate setup commands to the reader from the host application can enter changes into the reader s settings Following are explanations and examples of the proper format and co
63. aracter To set the track3 start sentinel character To set the track3 start sentinel character To set the track3 start sentinel character 60 00 xx Preamble and Postamble Settings 60 00 03 50 01 30 Mode MSR Reset in Buffer Mode To edit the data read from the card To enable reading in the buffer mode To return the reader to its default settings when buffer mode is enabled Read MSR Data in Buffer Arm to Read in Buffer 60 00 03 50 01 32 60 00 03 5 01 xx 60 00 02 53 18 29 03 To set the tracks on the magnetic stripe to be read while in the buffer mode 9 4 1 Restore Configuration Settings to Default 53 18 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 24 of 113 ID TECH Spectrum Air User Manual This command restores most settings to their default value Note Executing this command does not affect the security settings the factory options or the serial number page 27 Command completed successfully response 9000 is as follows 60 00 02 90 00 F2 03 9 4 2 Read All Configuration Settings 52 1F 60 00 02 52 1F 2F 03 This command does not have any lt FuncData gt It retrieves all current settings The MOIR reader sends back a lt Response gt lt Response gt format The current configuration data block is a collection of many Function Setting blocks lt FuncSETBLOCK gt as follows 60 Length lt FuncSETBLOCK1 gt lt FuncSETBLOCKn g
64. at C ae HEX Synchronize Send Command i i Input Initial Key Exit Command Output Dectypted Data ACT AUTH ACT RPLY DEACT RPLY Get Status Key Value BF FC 64 86 50 62 D2 83 EA 34 56 8F OD 7A 78 B KSN 62 99 49 01 14 00 0B EO 00 07 Decrypted Data B4266841088889999 BUSH JR GEORGE w MR 0809101100001100000000046000000 4255841088883333 0808310110000046 0 3333333333757575070707757676333333333375757507070775757633333333337575750707077575763333 333333767676070772 254234323636383431 3038383838393939395E 425553482044522F 47454F 524745205 72E 4D 525E 303830333 13031 313030303031 31 30303030303030303034363030303030303F 21 3B 34323636383431 3038383838393939393D 3038303931 3031 31 303030303034363F 300000000000 3B 3333333333333333333397 3637 3637 3630373037 3037373637 3637 363333333333333333333337 3637 3637 36303730373037373637 3637 363333333333333333333337 3637 3637 363037 3037 3037373637 363736333333 3333333333333337 3637 3637 3630373037 3F 320000000000 To get the decrypted data press the Decrypt button and the decrypted card data will be displayed in the lower box The default initial key is 0123456789ABCDEFFEDCBA9876543210 If the reader is programmed with a user defined key load the same key to the demo software by pressing the Input Initial Key button Type the initial key in the box and press OK when finished Copyright 2014 International Technologies amp Systems Corporation All rights reserved
65. ation All rights reserved Page 11 of 113 ID TECH Spectrum Air User Manual 5 INSTALLATION 5 1 RS232 Interface The reader is plugged into a DB9 connector on the host computer and the 5 volt power supply connected to the DC connector on the backside of the DB9 connector As a standard serial interface the host must be configured to accept the data and perform the appropriate processing For the RS232 interface device the host application s RS 232 parameters baud rate Start Stop characters parity and handshaking method need to match those expected by the reader The reader by default communicates at 38 4K BAUD 8 bit no parity and 1 stop bit The magnetic reader s output can be formatted with terminating characters and special preamble and or postamble character strings to match the data format expected by the host 5 2 USB CDC Interface Plug the reader into a standard USB connector on the host computer The found new hardware screen would pop up Follow the prompts and install the USB CDC driver 80066803 004 Sftw USBCDC inf MM2 SM MOIR HIR Win7 After the USB CDC driver is installed the reader would be a virtual COM device 5 3 USB HID Interface Plug the reader into a standard USB connector on the host computer The reader gets all needed power through the USB connector The host will receive data from the reader as if it is coming from a USB HID device The host must be configured and be running an application ready to ac
66. ation All rights reserved Page 2 of 113 ID TECH Spectrum Air User Manual Revision History Correct Original and Enhanced Encryption Format Added Encryption Field 8 and 9 definitions Updated HID block Size NGA flag added to Status report 2 byte Added Raw track prefix or sync char if KB mode Corrected PID for standard and secure HID HIDKB Revision Date Description of Changes By 50 05 07 2012 Initial draft Jenny W A 08 06 2012 Initial release Jenny W 12 30 2012 Updated Appendix A Bruce K B 5 5 2013 Remove the TTL part CH Remove conformal coated PCA from features C 05 08 2013 enumeration SN and special terminator CRLF Bruce K 3 14 2014 Clarify config 1C setting bits Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 3 of 113 Un RUP ra oo ID TECH Spectrum Air User Manual Table of Contents TINT ROI ER EE 7 PPA TU EE 8 ABBREVIATIONS neg eaaa aaa aaa EMEN aaa a R E aA aa 9 RELATED DOCUMENTS i iriepeecep ipseque dep edpse vega pxe rape deue enge sve tn pedpue deg pino epa due de pague 11 INSTALLATION E 12 5 1 R5232 Br cono reae ea ehe eto a Sen t Mcr A c cde cA t tee 12 5 2 WIS BCDC Interia Ce TERT Lm 12 5 3 USB EHDDIBIOE ERGO indocti ot bna re tet Tee a a dbi o E A 12 5 4 USB HID Rey board Ite nace nia s ub emo doe nub bins an CE ARR RU IU DATUR cashes 12 OPERATION PR T 13 6 1 Operating Procedure ecce eege 13 6
67. ave such equipment replaced or repaired by ID TECH For limited warranty service during the warranty period please contact ID TECH to obtain a Return Material Authorization RMA number amp instructions for returning the product THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE THERE ARE NO OTHER WARRANTIES OR GUARANTEES EXPRESS OR IMPLIED OTHER THAN THOSE HEREIN STATED THIS PRODUCT IS SOLD AS IS IN NO EVENT SHALL ID TECH BE LIABLE FOR CLAIMS BASED UPON BREACH OF EXPRESS OR IMPLIED WARRANTY OF NEGLIGENCE OF ANY OTHER DAMAGES WHETHER DIRECT IMMEDIATE FORESEEABLE CONSEQUENTIAL OR SPECIAL OR FOR ANY EXPENSE INCURRED BY REASON OF THE USE OR MISUSE SALE OR FABRICATIONS OF PRODUCTS WHICH DO NOT CONFORM TO THE TERMS AND CONDITIONS OF THE CONTRACT 2012 International Technologies amp Systems Corporation The information contained herein is provided to the user as a convenience While every effort has been made to ensure accuracy ID TECH is not responsible for damages that might occur because of errors or omissions including any loss of profit or other commercial damage The specifications described herein were current at the time of publication but are subject to change at any time without prior notice ID TECH and Value through Innovation are registered trademarks of International Technologies amp Systems Corporation Copyright 2014 International Technologies amp Systems Corpor
68. cept and process the data from the reader 5 4 USB HID Keyboard Interface Plug the reader into a standard USB connector on the host computer and it should be ready to operate The reader gets all needed power through the USB connector The host will receive data from the reader as if it is coming from a USB keyboard Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 12 of 113 ID TECH Spectrum Air User Manual 6 OPERATION 6 1 Operating Procedure The Spectrum Air is easy to operate Make sure the reader is properly connected and receiving sufficient power The green LED will indicate that it is ready to read After a card is read the green LED will light if the read was good and after a bad card read the red LED will light for half a second Note the LED changes immediately after the MSR is read in auto mode but not until the host requests MSR in buffered mode in normal operation these should be similar The LED will be dark that is off when the MSR is being processed LED INDICATION MEANING LED controlled by reader Solid Amber Reader has not connected properly to the host Solid Green Reader is ready to read a magnetic stripe or is idle Slow Flash Green Reader is in buffered mode but has not been armed to read Red for half second Bad magnetic stripe read Reader is decoding magnetic stripe data By default the LED is under the control of the reader The LED can also
69. ck 1 data is indicated by track 1 unencrypted length field The remaining bytes are track 2 data the length of which is indicated by track 2 unencrypted length filed Track 1 2 and 3 hashed MOIR reader uses SHA 1 to generate hashed data for both track 1 track 2 and track 3 unencrypted data It is 20 bytes long for each track This is provided with two purposes in mind One is for the host to ensure data integrity by comparing this field with a SHA 1 hash of the decrypted Track data prevent unexpected noise in data transmission The other purpose is to enable the host to store a token of card data for future use without keeping the sensitive card holder data This token may be used for comparison with the stored hash data to determine if they are from the same card 13 5 Level 4 Activate Authentication Sequence The security level changes from 3 to 4 when the device enters authentication mode successfully Once the security level is changed to level 3 or 4 it cannot go back to a lower level Activate Authentication Mode Command When the reader is in security level 4 it will only transmit the card data when it is Authenticated Authentication Mode Request When sending the authentication request the user also needs to specify a time limit for the reader to wait for the activation challenge reply command The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeo
70. ck 1 unencrypted length 1 byte 0 for no track data e track 2 unencrypted length 1 byte 0 for no track2 data e track 3 unencrypted length 1 byte 0 for no track3 data e track 1 masked Omitted if in raw mode e track 2 masked Omitted if in raw mode e track 3 data Omitted if in raw mode e track 1 amp 2 encrypted AES TDES encrypted data e track 1 hashed 20 bytes SHA1 Xor e track 2 hashed 20 bytes SHA1 Xor Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 66 of 113 ID TECH Spectrum Air User Manual e track 3 hashed optional 20 bytes SHA1 Xor e DUKPT serial number 10 bytes Non ISO ABA Data Output Format e card encoding type 1 AAMVA 3 Others e track status bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 sampling e track 1 length 1 byte 0 for no track1 data e track 2 length 1 byte O for no track2 data e track 3 length 1 byte O for no track3 data e track 1 data e track 2 data e track 3 data e Note e Field 4 Track 1 3 Status e bit 0 if 1 tk1 decode success or no data on track e bit 1 if 1 tk2 decode success or no data on track e bit 2 if 1 tk3 decode success or no data on track e bit 3 if 1 tk1 has sampling data present e bit 4 if I tk2 has sampling data present e bit5 if 1 tk3 has sampling data present e Bit 6 if 1 reserved for future use e Bit 7 if 1 reserved for future use Field 8 Clear mask data sent s
71. culated for all Card data Card Data format is ISO ABA Data Output Enhanced Format default e card encoding type e track status sampling e track 1 unencrypted length e track 2 unencrypted length e track 3 unencrypted length e Mask Clear Status e Encrypt Hash Status e track 1 masked track 2 masked track 3 data track 1 encrypted track 2 encrypted sessionID encrypted track 1 hashed optional track 2 hashed optional track 3 hashed optional DUKPT serial number ISO ABA Data Output Original Format e card encoding type e track status sampling track 1 unencrypted length track 2 unencrypted length track 3 unencrypted length track 1 masked track 2 masked track 3 data 80 ISO ABA 84 for Raw Mode bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1 byte 0 for no track1 data 1 byte O for no track2 data 1 byte O for no track3 data 1 byte see definition and example 1 byte see definition and example Omitted if in Raw mode Omitted if in Raw mode Omitted if in Raw mode AES TDES encrypted data AES TDES encrypted data AES TDES encrypted data 20 bytes SHA 1 Xor 20 bytes SHA 1 Xor 20 bytes SHA 1 Xor 10 bytes 0 ISO ABA 4 for Raw Mode bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1 byte 0 for no track1 data 1 byte O for no track2 data 1 byte O for no track3 data Omitted if in Raw mode Omitted if in Raw mode Omitted if in Raw mode Copyright 2014
72. de fails and DUKPT KSN advances Command Structure Host gt Device 60 00 0B lt S gt lt 82h gt lt 08h gt lt Activation Data gt lt LRC gt lt ETX gt Device Host 60 00 02 90 00 LRC 03 success EO 00 02 xx xx LRC 03 fail xxxx has the code for the reason for the failure Activation Data 8 or 16 bytes structured as Challenge 1 Response Session ID Challenge 1 Response 6 bytes of Challenge 1 random data with 2 bytes of Authenticated mode timeout duration It s encrypted using the key derived from the current DUKPT key Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 71 of 113 ID TECH Spectrum Air User Manual Session ID Optional 8 bytes Session ID encrypted using the key derived from the current DUKPT key Deactivate Authenticated Mode Command This command is used to exit Authenticated Mode Host needs to send the first 7 bytes of Challenge 2 from the response of Activate Authenticated Mode command and the Increment Flag 0x00 indicates no increment Ox01 indicates increment of the KSN encrypted with current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt If device decrypts Challenge 2 successfully the device will exit Authenticated Mode The KSN will increase if the Increment flag is set to 0x01 If device cannot decrypt Challenge 2 successfully it will stay in Authenticated Mode until timeout occurs or when customer inserts a
73. dless of card type No clear mask text will be sent 2 If and only if in enhanced encryption format each track is encrypted separately Encrypted data length will round up to 8bytes for DES or 16 bytes for AES 3 When force encrypt is not set the data will be encrypted in original encryption format that is only track 1 and track 2 of type 0 cards ABA bank cards will be encrypted 2 Hash Option Setting Command 53 5C 01 Hash Option Hash Option 0 7 Bit0 1 track hash will be sent if data is encrypted Bitl 1 track2 hash will be sent if data is encrypted Bit2 1 track3 hash will be sent if data is encrypted 3 Mask Option Setting for enhanced encryption format only Command 53 86 01 Mask Option Mask Option Default 0x07 bitO 1 tkl mask data allow to send when encrypted bitl 1 tk2 mask data allow to send when encrypted bit2 1 tk3 mask data allow to send when encrypted When mask option bit is set if data is encrypted but not forced encrypted Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 43 of 113 ID TECH Spectrum Air User Manual the mask data will be sent If mask option is not set the mask data will not be sent under the same condition Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 44 of 113 ID TECH Spectrum Air User Manual 11 USING THE DEMO PROGRAM The
74. e wrong length or wrong parameter 9000 Success 9 10 Read MSR Options Command 60 00 02 52 1F 03 LRC Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 36 of 113 ID TECH Spectrum Air User Manual Response format The current setting data block is a collection of many function setting blocks FuncSETBLOCK as follows lt STX gt lt FuncSETBLOCK1 gt lt FuncSETBLOCKn gt lt ETX gt lt CheckSum gt Each function setting block FuncSETBLOCK has the following format lt FuncID gt lt Len gt lt FuncData gt Where lt FuncID gt is one byte identifying the setting s for the function lt Len gt is a one byte length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the sending command for this function FuncSETBLOCK are in the order of their Function D lt FuncID gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 37 of 113 ID TECH Spectrum Air User Manual 10 SECURITY FEATURES The Secure MOIR Reader features configurable security settings Before encryption feature can be enabled Key Serial Number KSN and Base Derivation Key BDK must be loaded before encrypted transactions can take place The keys are to be injected by certified key injection facility There are five security levels available on the reade
75. edia Detected No Data Card In Slot or Incomplete Insertion has been set to ON and the according status was changed Note If the NGA bit is set the encrypted track output will always be in NGA protocol that is New Generation Archetecture or SecureMag protocol H this bit is set and the host has not communicated with the reader the readers output in non secure mode will also be in NGA mode If the host has communicated with the reader the reader will use the protocol that the host used to communicate Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 77 of 113 ID TECH Spectrum Air User Manual 13 7 RS232 Reader Special Configuration Commands The following table is a summary of the RS232 reader special commands to configure the reader communication described in this section HEAD DATA NAME USAGE interface reader character frame 60 00 04 53 4401 xx Set Hand Shake To set handshake method Method 60 00 04 53 45 01 xx Set Stop Bits To set Stop Bits for input character frame 60 00 04 53 4701 xx Set Xon Character To set Xon Character 60 00 04 53 4801 xx Set Xoff Character To set Xoff Character SET BAUD RATE The default baud rate is 38400 bits sec Reader will turn to the setting baud rate after send back a response for this setting command Application should turn to the setting baud rate after receiving the response to ensure the communication between application and
76. ent For other card only clear data are sent A card insertion and or removal returns the following data Card data is sent out in format of lt STX gt lt LenL gt lt LenH gt lt Card Data gt lt CheckLRC gt lt CheckSum gt lt ETX gt lt STX gt 02h lt ETX gt 03h lt LenL gt lt LenH gt is a two byte length of Card Data lt CheckLRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is a one byte Sum value calculated for all Card data Card Data format is ISO ABA Data Output Original Encrypted Format e card encoding type e track status sampling track 1 unencrypted length track 2 unencrypted length track 3 unencrypted length track 1 masked track 2 masked track 3 data track 1 encrypted track 2 encrypted track 1 hashed track 2 hashed DUKPT serial number 0 ISO ABA bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1 byte in binary 0 for no track data 1 byte in binary 0 for no track2 data 1 byte in binary 0 for no track3 data AES TDES encrypted data bytes AES TDES encrypted data bytes 20 bytes SHA1 Xor 20 bytes SHA1 Xor 10 bytes Non ISO ABA Data Output Non Encrypted Format e card encoding type e track status sampling track 1 length track 2 length track 3 length track 1 data track 2 data track 3 data 15 3 Level 4 Data Output Format 1 AAMVA 2 CADL 3 Others bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1
77. enter 58 Delete 9A Mel 4C Insert 9B ins 49 Backspace 9C bs 2A SPACE 9D sp 2C Pause 9C ps 48 Ctrl 9F ctr1 2F Ctrl On Ctrl AO ctr2 30 Ctrl On Ctrl Al ctr3 31 Ctrl On Left Ctrl Break A2 V ctr bk Clear Ctrl Flag Left Ctrl Make A3 V cl mk Set Ctrl Flag for following char s Left Shift Break A4 V shift bk Clear Shift Flag Left Shift Make A3 M shift mk Set Shift Flag for following char s Left Windows A6 M windows E3 left GUI Left Alt Break A7 V alt bk Clear Alt Flag Left Alt Make AN M alt mk Set Alt Flag for following char s Right Ctrl Break A9 WX cl bk Clear Ctrl Flag Right Ctrl Make AA Ww cl mk Set Ctrl Flag for following char s Right Shift Break AB X shift bk Clear Shift Flag Right Shift Make AC Ww shift mk Set Shift Flag for following char s Right Windows AD V windows E7 right GUI Right Alt Break AE WX alt bk Clear Alt Flag Right Alt Make AF Ww alt mk Set Alt Flag for following char s Num Lock BO Mum lock 53 Num O0 Bl num0 62 Num Lock On Num_1 B2 um 59 Num Lock On Num 2 B3 num2 5A Num Lock On Num_3 B4 num3 5B Num Lock On Num_4 B5 num4 5C Num Lock On Num_5 B6 num5 5D Num Lock On Num_6 B7 num6 5E Num Lock On Num_7 B8 num7 5F Num Lock On Num_8 B9 um 60 Num Lock On Num 9 BA num9 61 Num Lock On Num_Home BB num_home 5F Num_PageUp BC num_pgup 61 Num_PageDown BD num_pgdn 5B Copyrig
78. esponses protocol When DUKPT key management is used it is necessary to load Key Serial Number KSN and Initially Loaded Device Key before transaction The encryption key is TDES with 128 bit keys or AES encryption with double length keys 128 bit keys including parity KSN and Device Key loading commands and responses protocol Command lt STX gt lt F gt lt F gt lt Command Data BASE64 gt lt 0x0D gt lt 0x0A gt lt ETX gt lt LRC gt Response lt ACK NAK gt lt STX gt lt F gt lt F gt lt Respond Data BASE64 gt lt 0x0D gt lt 0x0A gt lt ETX gt lt LRC gt STX 0x02 ETX 0x03 ACK 0x06 NAK 0x15 BASE64 Data encoded with base64 algorithm LRC Xor d all the data before LRC except STX A successful key loading process includes the following steps e Get Key status Command Data lt FF gt lt 13 gt lt 01 gt lt 02 gt lt LRC gt Response Data lt FF gt lt 00 gt lt 01 gt lt 04 gt lt LRC gt For Example Command 02 46 46 2F 78 4D 42 4 1 75 38 3D 0D 0A 03 LRC Response 06 02 46 46 OD OA 03 LRC Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 35 of 113 ID TECH Spectrum Air User Manual e Load KSN Command Data lt FF gt lt 0A gt lt 11 gt lt KSN gt lt KSN bytes gt lt LRC gt Response Data lt FF gt lt 00 gt lt 06 gt lt RESPONSE CODE gt lt LRC gt lt KSN gt TDES 0x32 DES 0x0A lt KSN bytes gt 16
79. etic data the reader will respond that the command is not supported The LED will be slow flashing green READ MSR DATA IN BUFFER MODE There are up to three tracks of encoded data on a magnetic stripe This setting selects the tracks to be read in Buffer Mode 60 00 03 51 gt 01 gt Track Select Byte lt LRC gt lt ETX gt Track Selection Settings 30 Any Track 31 Track 1 32 Track 2 33 Track 1 amp Track 2 34 Track 3 35 Track 1 amp Track 3 36 Track 2 amp Track 3 37 All Three Tracks 38 Track 1 amp or Track 2 39 Track 2 amp or Track 3 The data on the selected track s will be sent to the host either in envelope format or not according to the Card Notification Setting or in RAW format The data will not be erased after this command Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 89 of 113 ID TECH Spectrum Air User Manual 15 USB HID KB DATA OUTPUT FORMAT 15 1 Level 1 and level 2 POS Mode Data Output Format In POS mode use the special envelope to send out card data envelope is in the following format Right Shift Left Shift Right Ctrl Left Ctrl Read Error Track x ID Track x Error Track x Data Length Track x Data Card Track x LEC code Track x data LRC Reader will send out card data in Alt mode if its ASCII code less than H 20 ve Ke Z O Name Right Shift Left Shi
80. etting allows the user to select a character string to be output as media detected notification When magnetic data in current read direction disabled by reader this string will be sent out if Media Detected On and Off bit in ReaderOpt2ID is set lt 60 gt lt Command Length gt lt 53 gt lt 2B gt lt Len gt lt Media Detected String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt Media Detected String gt lt Len gt is the number of bytes of the Media Detected String but no greater than 24 lt Media Detected String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET CARD IN SLOT STRING This setting allows the user to select a character string to be output as card in slot notification When the card withdraws from the card seated switch and the card front switch is still on after 2s this string will be sent out if Card In Slot On and Off bit in ReaderOpt2ID is set lt 60 gt lt Command Length gt lt 53 gt lt 2D gt lt Len gt lt Card In Slot String gt lt LRC gt lt ETX gt In this example lt Command Length gt is a two byte length from lt 53 gt to lt Card In Slot String gt lt Len gt is the number of bytes of the Card In Slot String but no greater than 24 lt Card In slot String gt is string length string String length is one byte maxim
81. ft Right Ctrl Left Ctrl Read Error 1 Read Error 2 Track x ID Track x Error Track x Length 1 Track x Length 2 0 Track Data no extra Track ID for raw data wooo 1 otR Bo t c 10 Track len 1 Card Track x LRC 10 Track len Track x LRC 10 Track len 1 OxOD 10 Tracklen 2 Track x ID Repeat Track The data format is independent with MSR setting No Track x data if track x sampling data does not exist OPOS header Only HID KB interface has Right Shift Left Shift Right Ctrl Left Ctrl under POS mode Read Error Read Error 1 byte bits MSB LSB 0 B6 B5 B4 B3 B2 Bl BO BO 1 Track 1 sampling data exists 0 Track 1 sampling data does not exist Bl 1 Track 2 sampling data exists 0 Track 2 sampling data does not exist B2 1 Track 3 sampling data exists 0 Track 3 sampling data does not exist B3 1 Track 1 decode success 0 Track 1 decode fail B4 1 Track 2 decode success 0 Track 2 decode fail Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 90 of 113 ID TECH Spectrum Air User Manual B5 1 Track 3 decode success 0 Track 3 decode fail B6 0 if bO to b5 are all 1 otherwise 1 make it printable Read Error byte 2 MSB LSB 0 1 B12 B11 B10 B9 B8 B7 B7 0 Track 4 sampling data does not exist B8 0 B9 B10
82. ging 31 to 32 which is necessary to change TDES to AES 9 4 4 Read Specific Configuration Setting 52 nn 60 00 02 52 Configuration LRC 03 The Configuration byte corresponds to the byte from a specific configuration value All MSR reader Read Configuration Commands are listed in the following format 60 00 02 52 FuncID LRC 03 For example to read the Card Option configuration send 60 00 02 52 10 20 03 9 4 5 Read Reader Serial Number 52 4E 60 00 02 52 4E 7E 03 Note An 8 to 10 byte string of serial number will be returned Response is as follows 60 00 OB 4E 09 08 Serial Number 8 bytes LRC 03 Serial number can be 8 to 10 characters 60 00 OD 4E OB OA Serial Number 10 bytes LRC 03 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 26 of 113 ID TECH Spectrum Air User Manual 9 4 6 Set Reader Serial Number 53 4E 60 00 0C 53 4E 09 08 Serial Number 8 bytes LRC 03 Serial Number is an eight to ten byte field containing the serial number in ASCII Example 60 00 OC 53 4E 09 08 31 32 33 34 35 36 37 38 78 03 Note the byte following the 4E is serial number length 1 then the serial number length Command completed successfully response 9000 is as follows 60 00 02 90 00 F2 03 9 4 7 Buffered Mode Arm to Read Command 50 01 30 60 00 03 50 01 30 02 03 This command enables the MSR to be ready to capture a card insertion and or removal in buffered
83. gnetic Data Present Notification lt 60 gt lt 00 gt lt 02 gt lt B0 gt lt Card Status gt lt LRC gt lt ETX gt will be issued if the Magnetic Data Present bit has been set to ON and magnetic data in current read direction enabled by reader And a Card Switch Change notification lt 60 gt lt 00 gt lt 02 gt lt B0 gt lt Card Status gt lt LRC gt lt ETX gt will be issued by the reader if Card Seated On Card Removed On Card In On or Card Out On has been set to ON and the card switch have changed For USB_HID_KB interface reader a Magnetic Data String will be issued if the Magnetic Data Present bit has been set to ON and magnetic data in current read direction enabled by reader The default string is Tab Magnetic Data Tab And a card notification string Card Seated String Card Removed String Card Present String or Card Out String will be issued by the reader if Card Seated On Card Removed On Card In On or Card Out On Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 76 of 113 ID TECH Spectrum Air User Manual has been set to ON and the card switch was changed SET READER OPTION 2 lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 2F gt lt 01 gt lt Setting gt lt LRC gt lt ETX gt A single byte setting is defined as follows Bit Position 0 1 BO Media Detected Off Media Detected On Bl No Data Off No Data On B2 No Card in Slot Card in S
84. he reader A check mark next to the port and to open indicates that the port is connected 11 1 Manual Command The demo software allows users to manually input and send commande to the device Type the Command Data in the field and the command will be sent Command will be sent out in the following structure 60 00 lt LenL gt lt Command_Data gt lt LRC gt 03 Command Data Please refer to Appendix A for a complete list of commands lt LRC gt is a one byte Xor value calculated for the above data block from lt STX gt to lt ETX gt e g 60 00 02 53 18 4A 03 Set Default Configuration e g 60 00 02 52 22 71 03 Read Firmware Version Press Send Command the input and output would be shown in the lower text box Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 46 of 113 ID TECH Spectrum Air User Manual o MOIR R5232 Demo Program ver 4 0 Port General Setting MSR Security Help 52 22 2 fe Synchronize Send Command Decrypt Input Initial Key Exit ACT AUTH ACT RPLY DESET RPLY Get Status Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 47 of 113 ID TECH Spectrum Air User Manual 11 2 Security Level 3 Decryption The encrypted data will show in the Manual Command Encrypted Data textbox after a card is inserted and or removed By default the cursor is in Ma
85. hex or 183 decimal 23 01 30 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 25 of 113 ID TECH Spectrum Air User Manual 4C 01 31 4E 09 08 00 00 00 00 00 00 00 00 10 01 20 11 01 8F CD 03 LRC ETX 9 4 3 Bit Setting and Clearing Commands This is a special type of setting command For an S 53 command that is setting only one configuration byte the first byte of the command the S or 53 can be replaced with a 0 31 to clear individual bits or a 1 31 to set individual bits without changing the other bits in that configuration byte These commands allows one to set or clear one or more bits of a configuration setting A command to clear one bit of a configuration setting is O Example 30 30 01 80 will clear the highest bit in configuration byte 10 31 30 01 80 will set the highest bit in configuration byte 10 31 30 01 81 will set the lowest and highest bits of configuration byte 10 This simplifies the setting commands for those not familiar with hexadecimal values there is no need to read the setting before writing the setting and it reduces the chance of changing another setting when setting a bit value Limitations It can only be used on a one byte configuration setting This cannot be used on special fields like the security level that is no 30 7E 01 02 This cannot be used to simultaneously turn some bits on and some bits off so no chan
86. ht 2014 International Technologies amp Systems Corporation All rights reserved Page 110 of 113 ID TECH Secure MOIR User Manual Num End BE Aum end 59 Num f BF ium up 60 Num CO Aum right 5E Num Cl num_down 5A Num C2 num_left 5C Print Scrn C3 Wort sc 46 System Request C4 sysrq 9A Scroll_Lock C5 scroll 47 Pause C6 menu 76 Break C7 break Caps_Lock C8 caps_lock 39 Num_ C9 num_ 54 Num_ CA num_ 55 Num_ CB num_ 56 Num_ CC num_ 57 Num CD num_ 63 Num Lock On Num_DEL CE num_del 63 Num_INS CF num_ins 62 Delay_100ms DO delay Delay 100 ms Table of Ctrl or Alt output for non printable characters ASCII Code Control Code Alt Code SendOptionID Bit 3 0 Bit 3 1 00 Ctrl 2 Alt 000 01 Ctrl A Alt 001 02 Ctrl B Alt 002 03 Ctrl C Alt 003 04 Ctrl D Alt 004 05 Ctrl E Alt 005 06 Ctrl F Alt 006 07 Ctrl G Alt 007 08 BS Alt 008 09 Tab Alt 009 OA Ctrl J Alt 010 OB Ctrl K Alt 011 OC Ctrl L Alt 012 OD Enter Alt 013 OE Ctrl N Alt 014 OF Ctrl O Alt 015 10 Ctrl P Alt 016 11 Ctrl Q Alt 017 12 Ctrl R Alt 018 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 111 of 113 ID TECH Secure MOIR User Manual 13 Ctrl S Alt 019 14 Ctrl T Alt 020 15 Ctrl U Alt 021 16 Ctrl V Alt 022 17 Ctrl W Alt 023 18 Ctrl X Alt 024 19 Ctrl Y Alt 025 1A Ctrl Z A
87. hybrid reader Set Baud Rate Command 60 00 04 8 41 01 Baud Rate Setting LRC ETX The command is used to set the baud rate of serial communication between application and hybrid reader where Baud Rate Setting 2 1 200 bits sec 3 2400 bits sec 4 4800 bits sec 5 9600 bits sec 6 19200 bits sec 7 38400 bits sec 8 57600 bits sec 9 115200 bits sec The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt The response is sent before the BAUD rate is changed Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 78 of 113 ID TECH Spectrum Air User Manual SET DATA PARITY An optional parity bit follows the data bits in the character frame This parity bit is included as a simple means of error handling This command is used to set the data parity method of the transmission Set Data Parity Command 60 00 04 8 43 01 Data Parity Setting LRC ETX The default Data Parity value is None Data Parity Setting 0 None I Even 2 Odd 3 Mark 4 Space The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 79 of 113 ID TECH Spectrum Air User Manual SET HANDSHAKE METHOD 60 00
88. ice key failure 693D deactivation cmd disallowed 693E invalid deactivation cmd len 69XX command not supported Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 105 of 113 ID TECH Secure MOIR User Manual APPENDIX C Key Code Table in USB Keyboard Interface For most characters Shift On and Without Shift will be reverse if Caps Lock is on Firmware needs to check current Caps Lock status before sending out data For Function code B1 to BA if Num Lock is not set then set it and clear it after finishing sending out code For Function code BB to C2 C9 to CC if Num Lock is set then clear it and set it after finishing sending out code Keystroke Hex Functional USB KB Code Value Code Ctrl 2 00 1F Ctrl On Ctrl A 01 04 Ctrl On Ctrl B 02 05 Ctrl On Ctrl C 03 06 Ctrl On Ctrl D 04 07 Ctrl On Ctrl E 05 08 Ctrl On Ctrl F 06 09 Ctrl On Ctrl G 07 OA Ctrl On BS 08 bs 2A Tab 09 tab 2B Cl 0A OD Ctrl On Ctrl K OB OE Ctrl On Ctrl L 0C OF Ctrl On Enter OD Venter 28 Ctrl N OE 11 Ctrl On Ctrl O OF 12 Ctrl On Ctrl P 10 13 Ctrl On Ctrl Q 11 14 Ctrl On Ctrl R 12 15 Ctrl On Ctrl S 13 16 Ctrl On Ctrl T 14 17 Ctrl On Ctrl U 15 18 Ctrl On Ctrl V 16 19 Ctrl On Ctrl W 17 1A Ctrl On Ctrl X 18 1B Ctrl On Ctrl Y 19 1C Ctrl On Ctrl Z lA 1D Ctrl On ESC 1B esc 29 Ctrl 1C 31 Ctrl On
89. ies amp Systems Corporation All rights reserved Page 50 of 113 ID TECH Spectrum Air User Manual MOIR RS232 Demo Program ver 4 0 Port General Setting MSR Security Help Manual Command Reader Output Reader Output ISO 4BA New Data Output Format 6001 98803F 48236B 03BF 2524 343236363834 24 24 24 24 24 94 24 3939395E 425553482044 522F 47454F5247452 0572E 4D 525E 2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B 3432 3636383424 24 24 24 24 24 243939393D 24 24 24 24 24 24 OA DA OA DA DA OA DA 94 24 SF OA IBOSE FS633494E BBF35F ES2003EB3E53DD8E04123D5B5DD 487407845DB80BSSCABF3A17D 48D CSDE 50125F2E 3B890C626F 3B 2632 F17D443C7B563FBC2492E F62BD 737397D83FD198CCB5863681CB5E 48 54BBCAB3B 7106794AEF 76608080 E5304325D4CFCFB2E 7FA2F65CF8454DCD 71E 3 amp 355410FCD 39D C81BB AFBSFBSCFC5553E 1E215BA5871FDF FEES6741A1EBODCEASFEAFSE 71101E 76469C8BB 2ECDFE SCFFSC4B6C754E01 SBBEFSSEB576C6E 2004444 489112451D1FD64F8E499F 828376451 D5829B 27D 3DDC8CC742E 216000720 401 BD8234CE 48CF8E 7ASEAB 268D 7D 44485F 341 84C88F65E 1DB7ED4D10973F99DFCS463FFEDF1 1 3B6226C489849D 355057E CAF114559 SF02CA31688851C157C1CE2E OF 72CE OF 3BB 598461 4 4486 162994901 1A000BC000074803 Clear Masked Data eg 53 18 Set Default Configuration c eg 52 22 Read Firmware Version Output Format C ap HEX Send Command Decrypt Input Initial Key Eat Command Output Dectypted Data EL ACT RPLY DEACT RPLY Get Status CMD
90. imum value 15 lt Len gt is the number of bytes of Prefix string including string length lt length gt is a two bytes counter which indicates the number of bytes in command from 53 to the end of lt Prefix String gt The most significant byte comes first Example to set the prefix to TRK 60 00 07 53 D2 04 03 54 52 4B AC 03 9 4 16 Set MSR Data Postfix String 53 D3 This command works on unencrypted mode only 60 length 53 D3 Len Postfix String gt LRC 03 Where Postfix String string length string String length is one byte maximum 15 Len is the number of bytes of Postfix string including string length Length is a two bytes counter which indicates the number of bytes in command from 53 to the end of the lt Postfix String gt The most significant byte comes first Example to put a at the end of the MSR data 60 00 05 53 D3 02 01 5D BB 03 9 4 17 Set Track 1 ID 53 31 This command works on unencrypted mode only 60 00 04 53 31 01 lt Track 1 ID gt LRC 03 lt Track 1 ID gt ASCII code set as Track 1 ID NULL for None Example 60 00 04 53 31 01 00 07 03 Send no Track 1 ID 9 4 18 Set Track 2 ID 53 32 This command works on unencrypted mode only 60 00 04 53 32 01 lt Track2ID gt LRC 03 lt Track 2 ID gt ASCII code set as Track 2 ID NULL for None Example 60 00 04 53 32 01 32 36 03 Send Track 2 ID of ASCII 2 9 4 19 Set Track 3 ID 53 33 This command works on unencrypted mode
91. interface types The USB HID reader output is padded with zeros at the end of the secure MSR output until the length is 580 bytes The USB HID KB reader is identical to the RS232 output described below except it is preceded by the keyboard output header and the Keyboard sends all fields that are not in ASCII in two bytes for each hex character The secure output is in either one of two protocols the MOIR the default protocol or the NGA protocol These will be described below The HID KB header is Right Shift make Right Shift break Left Shift make Left Shift break Right Ctrl make Right Ctrl break Left Ctrl make Left Ctrl break 10 4 1 Data Format Original Encryption Reader Data Structure Offset Usage Name If MOIR protocol envelope 0 60 1 Data Length high byte 2 Data Length low byte End MOIR protocol envelope header If NGA protocol envelope 0 STX 1 Data Length low byte 2 Data Length high byte End NGA protocol envelope header Encrypt Hash Status 1 byte see definition and example 0 T1 data masked if card type 0 omitted if card type 4 T2 data masked if card type 0 omitted if card type 4 T3 data unencrypted omitted if card type 4 3 Card Encode Type 4 Track 1 3 Status 5 T1 data length 6 T2 data length 7 T3 data length 8 Mask Clear Status 1 byte see definition and example 9 1 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 40 of 113 ID TEC
92. l other conditions Card in Slot B6 All other conditions Incomplete Insertion B7 Unused Flags are available only when optional features are supported by the reader The flag will always be 0 if an option is not supported BUFFER MODE COMMANDS lt 60 gt lt 00 gt lt 03 gt lt 50 gt lt 01 gt lt 30 gt lt LRC gt lt ETX gt lt 60 gt lt 00 gt lt 03 gt lt 50 gt lt 01 gt lt 32 gt lt LRC gt lt ETX gt lt 60 gt lt 00 gt lt 03 gt lt 51 gt lt 01 gt lt Track Select Byte gt lt LRC gt lt ETX gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 74 of 113 ID TECH Spectrum Air User Manual These commands are executed only when the MSR READING SETTING is in 32 MSR Reading Buffered mode If the host sends these commands to the reader in MSR Auto Transmission mode the reader will send back an EO 00 response package For more specific information please refer to the descriptions under the ARM TO READ IN BUFFER MODE MSR RESET IN BUFFER MODE and READ MSR DATA IN BUFFER MODE commands SET TERMINAL TYPE This command sets terminal type for the reader It is only used on a reader with a PS 2 connector and is meant to select the keyboard type lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 10 gt lt 01 Terminal Type gt lt LRC gt lt ETX gt A terminal type is defined as follows 30 PC AT keyboard interface reader 31 Scan Code Set 1 KB interface reader 32 Scan
93. lot On B3 No Incomplete Insertion Incomplete Insertion B4 MOIR Protocol for NGA protocol for secure Output Secure output B5 B7 Reserved The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt LRC gt lt ETX gt For RS232 reader the default value is 0x00 For USB_HID_KB reader the default value is 0x03 After an insertion or withdrawal a NO DATA notification will be issued if its setting is ON That means no data on selected tracks if Read Direction is enabled and no magnetic data after an insertion or withdrawal time out After an insertion or withdrawal a MEDIA DETECTED notification will be issued if its setting is ON and magnetic data in the current read direction is disabled by reader After a withdrawal a CARD IN SLOT notification will be issued if CARD PRESENT is still ON 2 seconds after withdrawal After an insertion an INCOMPLETE INSERTION notification will be issued if CARD SEATED is still OFF 2 seconds after insertion For RS232 interface reader a STATUS CHANGE notification lt 60 gt lt 00 gt lt 02 gt lt B0 gt lt Card Status gt lt LRC gt lt ETX gt will be issued by the reader if Media Detected No Data Card In Slot or Incomplete Insertion has been set to ON and the according status was changed For USB HID KB interface reader a notification string No Data String Media Detected String Card In Slot String or Incomplete Insertion String will be issued by the reader if M
94. lt 026 1B ESC Alt 027 IC Ctrl Alt 028 1D Ctrl Alt 029 lE Ctrl 6 Alt 030 1F Ctrl Alt 031 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 112 of 113 ID TECH Secure MOIR User Manual APPENDIX D Envelope Drawing unit mm general tolerance 0 2mm 120 020 9v gw 43 0 77 0 we 37 0 J L9 3 r 4 0 5 120 1 j Y 66 i A l TERRENT Ei Ei I Se CH 2 rane En T 79 0 yo 0 0Oo onrn n S 61 0 E EI ee ie E ler Y pa TUUTTUUU Y WE e ep O e Y a 031x45 92 0 S0 we 79 0 j 50 Y I i Ha f EE H Bets Er D 0 C 280 EN LU TTT Ta U T 20 4 E ll V 48 0 41 9 Ee p umm t Ke I p amp LM I 2 0 Y 1 d Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 113 of 113
95. m Calculating MAC requires knowledge of current DUKPT KSN this could be retrieved using Get DUKPT KSN and Counter command Default reader properties are configured to have security level 1 no encryption In order to output encrypted data the reader has to be key injected with encryption feature enabled Once the reader has been configured to security level 2 3 or 4 it cannot be reverted to a lower security level Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 38 of 113 ID TECH Spectrum Air User Manual 10 1 Encryption Management The Encrypted read supports TDES and AES encryption standards for data encryption Encryption can be turned on via a command TDES is the default If the reader is in security level 3 for the encrypted fields the original data is encrypted using the TDES AES CBC mode with an Initialization Vector starting at all binary zeroes and the Encryption Key associated with the current DUKPT KSN 10 2 Check Card Format e SO ABA American Banking Association Card card type 0 Encoding method Track1 is 7 bits encoding Track1 is 7 bits encoding Track2 is 5 bits encoding Track3 is 5 bits encoding Track is 7 bits encoding Track2 is 5 bits encoding Track2 is 5 bits encoding Additional check Track1 2 byte is B There is only one in track 2 and the position of is between 12 20 character Total length of track 2 should above
96. mmand content to send commands to the reader All commands and characters are expressed in hex format and contained in brackets 9 2 NGA Protocol for Sending Commands and Receiving Responses Spectrum Air also supports NGA protocol a second protocol which is compatible with SecureMag readers All the command can be sent with a different envelope as described below Setting Command Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 20 of 113 ID TECH Spectrum Air User Manual The setting data command is a collection of many function setting blocks and its format is as follows Command lt STX gt lt S gt lt FuncSETBLOCK1 gt lt FuncBLOCKn gt lt ETX gt lt LRC gt Response lt ACK gt or lt NAK gt for wrong command invalid funcID length and value Each function setting block FuncSETBLOCK has following format lt FuncID gt lt Len gt lt FuncData gt Where lt FuncID gt is one byte identifying the setting s for the function lt Len gt is the length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the sending command for this function Get Setting Command This command will send current setting to application Command lt STX gt R lt FuncID gt ETX LRC 1 Response lt ACK gt STX lt FuncID gt Len lt FuncData gt ETX LRC 2 FuncID
97. most 59 bits and Encryption Counter in the rightmost 21 bits Challenge 1 8 bytes challenge used to activate authentication Encrypted using the key derived from the current DUKPT key Challenge 2 8 bytes challenge used to deactivate authentication Encrypted using the key derived from the current DUKPT key Activation Challenge Reply Command This command serves as the second part of an Activate Authentication sequence The host sends the first 6 bytes of Challenge 1 from the response of Activate Authenticated Mode command two bytes of Authenticated mode timeout duration and eight bytes Session ID encrypted with the result of current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt The Authenticated mode timeout duration specifies the maximum time in seconds which the reader would remain in Authenticated Mode A value of zero forces the reader to stay in Authenticated Mode until a card insertion and or removal or power down occurs The minimum timeout duration required is 120 seconds If the specified time is less than the minimum 120 seconds would be used for timeout duration The maximum time allowed is 3600 seconds one hour If Session ID information is included and the command is successful the Session ID will be changed The Activate Authenticated Mode succeeds if the device decrypts Challenge Reply response correctly If the device cannot decrypt Challenge Reply command Activate Authenticated Mo
98. n set reader option section 11 6 9 3 4 Reader Reset Command 49 60 00 01 49 28 03 This allows the host to return the reader to its default state i e not armed to read no magnetic data stored etc The reader remains on line This command is not supported on USB interface reader Command completed successfully response 9000 is as follows 60 00 02 90 00 F2 03 9 3 5 Get Copyright Information 38 60 00 01 38 59 03 An approximately 26 byte Copyright Notice will be returned Response is as follows 60 00 3F Copyright String LRC 03 Response Example mixed hex and ASCII 60 00 3F Copyright c 2011 ID TECH LRC 03 9 4 Reader Configuration Commands Description For RS232 device the serial communication parameter default setting is 38400 none 8 1 Setting Command Command requests and responses are sent to and received from the device For USB interface devices the commands are sent to the device using HID class specific request Set Report 21 09 The response to a command is retrieved from the device using HID class specific request Get Report Al 01 These requests are sent over the default control pipe For RS232 interface devices please see the commands listed below COMMANDS The following table is a magnetic stripe reader commands summary described in this section Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 23 of 113 ID TECH Spectrum Air U
99. nary 0 for no track3 data AES TDES encrypted data bytes AES TDES encrypted data bytes AES TDES encrypted data bytes 20 bytes SHA1 Xor 20 bytes SHA1 Xor 10 bytes Non ISO ABA Data Output Non Encrypted Format Track 1 Encrypted Data Length card encoding type track status sampling track 1 length track 2 length track 3 length track 1 data track 2 data track 3 data 1 AAMVA 3 Others bit 0 1 2 T1 2 3 decode bit 3 4 5 T1 2 3 1 byte in binary 0 for no track data 1 byte in binary 0 for no track2 data 1 byte in binary 0 for no track3 data This value indicates the number of bytes in the Track 1 encrypted data field The field is always a multiple of 8 bytes in length This value will be zero if there was no data on the track or if there was an error decoding the track Once the encrypted data is decrypted there may be fewer bytes of decoded track data than indicated by this field The number of bytes of decoded track data is indicated by the track 1 unencrypted length The field is always a multiple of 8 bytes in length This value will be zero if there was Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 93 of 113 ID TECH Spectrum Air User Manual Track 2 Encrypted Data Length This value indicates the number of bytes in the Track 2 encrypted data field The value will be zero if there was no data on the track or if there was an error decodi
100. nd or removes a card The KSN is incremented every time the authenticated mode is exited by timeout or card insertion and or removal action When the authenticated mode is exited by Deactivate Authenticated Mode command the KSN will increment when the increment flag is set to 0x01 Command Structure Host gt Device 1 60 00 OB S 83h 08h Deactivation Data gt lt LRC gt lt ETX gt Device Host 60 00 02 90 00 lt LRC gt lt ETX gt success EO 00 02 XX XX lt LRC gt lt ETX gt fail Deactivation data 8 bytes response to Challenge 2 It contains 7 bytes of Challenge 2 with 1 byte of Increment Flag encrypted by the specified variant of current DUKPT Key Get Reader Status Command Command Structure Host Device 60 00 02 lt R gt lt 83h gt lt LRC gt lt ETX gt Device gt Host 60 00 02 lt STX gt lt 83h gt lt 02h gt lt Current Reader Status gt lt Pre condition gt lt LRC gt lt ETX gt success NAK fail 6931 invalid DUKPT activation challenge Current Reader Status 2 bytes data with one byte of Reader State and one byte of Pre Condition Reader State indicates the current state of the reader Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 72 of 113 ID TECH Spectrum Air User Manual 0x00 The reader is waiting for Activate Authentication Mode Command The command must be sent before the card can be read 0x01 The au
101. ng the track Once the encrypted data is decrypted there may be fewer bytes of decoded track data than indicated by this field The number of bytes of decoded track data is indicated by the track 2 unencrypted length The key management scheme is DUKPT and the key used for encrypting data is called the Data Key Data Key is generated by first taking the DUKPT Derived Key exclusive or ed with 0000000000FF0000 0000000000FF0000 to get the resulting intermediate variant key The left side of the intermediate variant key is then TDES encrypted with the entire 16 byte variant as the key After the same steps are preformed for the right side of the key combine the two key parts to create the Data Key Track 1 unencrypted Length This one byte value indicates the number of useable bytes in the Track 1 Encrypted Data field and Track 1 masked Data field after decryption Track 2 unencrypted Length This one byte value indicates the number of useable bytes in the Track 2 Encrypted Data field and Track 2 masked Data field after decryption Track 3 unencrypted Length This one byte value indicates the number of useable bytes in the Track 3 masked Data field 15 4 Level 1 and 2 Buffer Mode Output Format 50 01 32 Buffer mode reset Buffer Mode Output 51 01 Track Selection Option Read MSR Data Track Selection Option 0x30 Any Track 0x31 Track 1 Only 0x32 Track 2 Only 0x33 Track 1 amp Track 2 0x34 Track 3 Only 0x35
102. nsertion Withdrawal 1 000 000 operations minimum 0 76mm tolerance 0 08mm 3 to 60 ips 8kV air discharge contact 4kV CAB1041 1 drawing PN 80028211 for RS232 interface 80035212 002 for USB interface FCC Class A CE RoHS DC 4 5V 5 5V DC 6V 20mA Q Vin 5V Interfaces signals and main components Support interface USB RS232 USB Pl Signal Description 1 Chassis Chassis Ground GND 2 ES xS 3 D USB Data 4 SS S 5 Vin Power Input 5V 6 D USB Data Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 15 of 113 ID TECH Spectrum Air User Manual 7 GND Power Ground RS232 Pl Signal Direction Description 1 Chassis Chassis Ground GND 2 TXD OUT Transmit Data RS232 Signal 3 RXD IN Receive Data RS232 Signal 4 Vin Power Input 5V 5 Es Ba 6 m d oe 7 GND Power Ground Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 16 of 113 ID TECH Spectrum Air User Manual 8 CONNECTOR PINOUT RS232 Interface Cable part number CAB1041 1 drawing PN 80028211 HOUSING MOLEX 51004 0700 J1 OR APPROVED EQUIVALENT l CRIMP TERMINAL MOLEX 50011 8X00 OR APPROVED EQUIVALENT D 1 U il
103. nt tab Card Any String lt 23 characters String Present tab CardOutStrI 29 Card Out String tab Card Any String lt 23 characters D Out tab NoDataStrID 2A No Data String tab No Any String lt 23 characters Data tab MediaDetect 2B MediaDetected tab Media Any String lt 23 characters edStrID String Detected tab MagDataStrI 2C Magnetic Data tab Magnetic Any String lt 23 characters D String Data tab CardInSlotSt 2D Card In Slot tab Card In Any String lt 23 characters r String Slot tab PartialInStr 2E Incomplete tab Incomplete Any String lt 23 characters Insertion Stong Insertion tab ReaderOpt2I 2F Reader Option 00h RS232 03h Any Character D 2 KB CustSetID 30 custom setting 0 0 none bit2 send serial with encrypted transactions Track1ID 31 Track 1 ID NULL Any ASCII Code Track2ID 32 Track 2 ID NULL Any ASCII Code Track3ID 33 Track 3 ID NULL Any ASCII Code CustomSetID 30 Custom settings 0 if bit 2 high include serial number 5 when sending enhanced encrypted tracks ReaderResetl 32 None D TracklPrefix 34 Track 1 Prefix O No prefix for track 1 6 char max ID Track2Prefix 35 Track 2 Prefix 0 No prefix for track 2 6 char max ID Track3Prefix 36 Track 3 Prefix 0 No prefix for track 3 6 char max ID Track1Suffix 37 Track 1 Suffix 0 No suffix for track 1
104. nual Command Encrypted Data textbox NOTE In order to allow the demo to know that the reader is in secure mode Select the synchronize button The decrypt button will not work until this is done unless the demo is configured to match the reader zx MOIR RS232 Demo Program ver 4 0 Port General Setting MSR Security Help Manual Command Reader Output Reader Output ISO 4BA New Data Output Format 6001 98803F 48236B 03BF 2524 3432363624 24 24 24 24 24 24 94 393939395E 425553482044522F 47454F5247452 0572E 4D 525E 24 2424 24 24 34 2424 OA DA OA OA DA OA DA 2A2A2A 22A OA DADA 252A 2A2A2A 252A OA SF 2A3B 3432 36362424 2424 24 24 24 24393939393D 2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F 2497 BF 48357664 7447 660E 4BAB4EASBFE 32407 7264C20FE030F2D 94D 21 0B 881 771613581 E6D 7490975346E 28F 4496771 BSBF4305D17 8D1415686F 750D 7E 7B 3141908 2B 286C1 5559308063591 401 8C4950B 9DE 3746CBE 1FBBFB7773528AE 1 76F6 331DE407E C4627 455E 2B 35E 2082F 50BF 81 6541 2E 7DO6E 90111ED1F14541DD 3688D 4F86F58C427902936E E1E149539642E F5321 72560503D 957DD9692FD4051 6B 744E46E GT AA OD 2C0456B02BB 30269BE 622E 408D1 F987B99D1 4F037C9924FB1 42221 126137691673E4249D02635E 115496228 726071 FDA FS60EDOFF4DE 144 48245341 84C88F65E 1DB7ED4D10973F99DFC8463FF6DF113B6226C0489849D 355057E CAF1145598F 02043 1688861015701 CE 2E OF 72CE 0F3BB538A614EAABB 162994901 14000BE 000079503 Clear Masked Data eg 53 18 Set Default Configuration eg 52 22 Read Firmware Version Output Form
105. ode Port Select Com port and open close port Help Provides version information of the demo software Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 53 of 113 ID TECH Spectrum Air User Manual 12 Decryption Examples Key for all examples is 0123456789ABCDEFFEDCBA9876543210 Example Security Level 3 Decryption with default settings Example of decryption of a three track ABA card with the enhanced encryption format with TDES Enhanced encryption format can be recognized because the high bit of the fourth byte underlined 80 is 1 If the reader is set to default it will send out the card insertion and removed status that will precede and trail the encrypted card transaction data The card status messages have been placed into separate lines in the message below to simplify interpretation This is the block of data received from the reader that must be interpreted and decrypted 600002B008DA03 600002B00AD803 600002B008DA03 600198803F48236B03BF252A3432306362A2A2A2A2A2A2A2A393939395E4255534 8204A522F47454F52474520572E4D525E2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A 2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A3B343236362A2A2A2A2A2A2A2A39393 9393D2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3F2A26B03F2BD327CA087C159DEAS3E 717974A36B6E89CB5BC85EF92D08FB01152089099FE2A348DF2BA8D7AFEF16AlF5 F2CEA46946A92CDC2AB3B750D1AEF8127995EE6A944E12F9DF40E46607FO06C68E 057DA05CC3BBB2BD68ECE1D7D8 9A4671423C4F649082106A785A62D9382968BCF
106. one DataSeqlD 32 None StartCharID 53 None SessionID 54 8 byte hex not None always init to all FF stored in EEPROM Mod10ID 55 include mod1O 0 0 2 don t include mod10 1 display check digit mod10 2 display wrong mod10 DesKeyID 56 DES Key Value 0 internal use only r n AesKeyID 57 AES Key Value 0 internal use only r n KeyManageT 58 DUKPT 1 60 1 0 fixed key ypeID HashOptID 5C I 0 7 Send tk1 3 hash bit 0 1 send tk1 hash bit 1 1 send tk2 hash bit2 1 send tk3 hash HexCaseID 5D T 0 1 k LRCID 60 LRC character 0 0 17 Without LRC in output TI7BStartID 61 Track 1 7 Bit Dn as Track 1 7 Bit Start Sentinel Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 101 of 113 ID TECH Secure MOIR User Manual Start Char TISBStartID 63 T15B Start So as Track 1 5 Bit Start Sentinel T27BStartID 64 Track 2 7 Bit Dun as Track 2 7 Bit Start Sentinel Start Char T25BStartID 65 T25BStart a as Track 2 5 Bit Start Sentinel T37BStartID 66 Track 3 7 Bit e as Track 3 7 Bit Start Sentinel Start Char T35BStartID 68 T35BStart js as Track 3 5 Bit Start Sentinel T1EndID 69 AnyTrack End 2 as End Sentinel Used for all Sentinel tracks TIERRSTA 6C Track 1 err
107. only 60 00 04 53 33 01 lt Track3 ID gt LRC 03 lt Track 3 ID gt ASCII code set as Track 3 ID NULL for None Example 60 00 04 53 33 01 03 06 03 Send Track 3 ID of Hex 3 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 31 of 113 ID TECH Spectrum Air User Manual 9 4 20 Set Track Selection 53 13 This command works on unencrypted mode only 60 00 04 53 13 01 Track Selection LRC 03 Track Selection 0 Any Track Track 1 Only KS Track 2 Only F Track 1 amp Track 2 ur Track 3 Only 5 Track 1 amp Track 3 6 Track 2 amp Track 3 TE All Three Tracks 8 Track 1 and or 2 9 Track 2 and or 3 Example to select all 3 tracks and all must have data 60 00 04 53 13 01 07 22 03 Note If a track selected above as opposed to any track that track must be present and good or the reader does not transmit any track information 9 4 21 Set Track Separator 53 17 This command works on unencrypted mode only 60 00 04 53 17 01 lt Track_Separator gt LRC 03 lt Track_Separator gt is one ASCII byte The default value is CR Hex 0D Example to set the track separator to CR carriage return 9 4 22 Set Track n Prefix 53 34 This command works on unencrypted mode only Characters can be added to the beginning of a track data These can be special characters to identify the specific track to the receiving host or any other cha
108. or Dun start sentinel if track 1 error report RTID code T2ERRSTA 6D Track 2 error p start sentinel if track 2 error report RTID code T3ERRSTA 6E Track 3 error start sentinel if track 3 error report RTID code SecureLRCI 6F Send or not 0 1 1 send track LRC in secure mode D track LRC in 0 don t send it secure mode T28BStartID 72 JISTI2SS ES 0 NOT SUPPORTED T38BStartID 73 JIS T3 SS ES 0 NOT SUPPORTED EquipFwID 77 feature option 0 7 Reader firmware configuration setting SyncCheckI 7B check for track 2 0 2 check leading amp trailing sync bits on D sync bits track data if poorly encoded card SecurityLeve 7E Sor 3 0 key exhausted 1 non encrypted IID 1 key loaded non encrypted 3 encrypted 4 EncryptOptl 84 encryption 8 encrypt trk 3 if bit O encrypt trk1 bit 1 encrypt trk2 D options card type 0 O bit 2 encrypt trk3 bit 3 encrypt trk3 if 1F card type 0 bit 4 mask track 3 is ISO 4909 with PAN EncryptStrID 85 encrypt O 0 original 1 enhanced if 85 is not structure an option then always enhanced struct MaskOptID 86 clear mask 7 bit 0 send clear mask trk1 bit 1 send data options clear mask trk2 bit 2 send clear mask trk3 Tk3ExpDate 89 Trk3 expire 34 34 or 36 are the two normal values on PosID date position 30 39 allowed Equip2ID AE special settings 00 any if bit4 high send serial number during enumeration
109. played in hexadecimal AB5A5B65170A895BE90610DA28439472 First 20 bytes of track one data hashed 20 bytes 3418AC88F65EIDB7EDA4D10973F99DFC8463FF6DF Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 57 of 113 ID TECH Spectrum Air User Manual First 20 bytes of track two data hashed 20 bytes 113B6226C4898A9D355057ECAF11A5598F02CA31 First 20 bytes of track three data hashed 20 bytes 688861C157C1CE2EOF72CEOF3BB598A614EAABBI KSN 10 bytes 629949011A0003A00013 LRC and ETX 00 03 Clear Masked Data in ASCII Track 1 4266 9999 BUSH JR GEORGE W MR X kk kCkCkCkCk Ck kCkck Ck kCkck k kc kck k k kk k k k OK Track 2t 4266 QOQQOc xk kk kk kk k kx KKK DK Key Value 8A DA 61 2E C2 8F B1 81 96 DA 34 3F CB 32 95 TE KSN 62 99 49 01 1A 00 03 AO 00 13 Session ID AA AA AA AA AA AA AA AA Decrypted Data in ASCII all three tracks B4266841088889999 BUSH JR GEORGE W MR 0809101100001100000000046000000 74266841088889999 08091011000004670 3333333333 7601767607070776767633333393337676760707077676 7633333333 3376767607070776767633333333337676760707 2 Track 1 decrypted data in hex including padding zeros 2542343236363834313038383838393939395E42555348204A522F47454F52474 520572E4D525E3038303931303131303030303131303030303030303030343630 30303030303F210000000000000000 Track 2 decrypted data in hex including padding zeros 3B34323636383431303838383839393939
110. pyright 2014 International Technologies amp Systems Corporation All rights reserved Page 97 of 113 ID TECH Spectrum Air User Manual 0x07 insertion and or removal Timed Out The user fails to insert and or remove a card within the time specified in the Activation Challenge Reply command Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 98 of 113 ID TECH Secure MOIR User Manual APPENDIX ASetting Parameters and Values Following is a table of default setting and available settings value within parentheses for each function ID Function ID Hex Description Default Setting Description HTypeID 10 Terminal Type 0 PC AT Scan Code Set 2 1 3 PC AT 0 2 4 6 with external Keyboard and PC AT without External Keyboard ReaderOptID 11 Reader Option AFh RS232 Any 23h KB ChaDelayID 12 Character Delay 0 0 5 2 ms inter character delay TrackSelectI 13 Track Selection 0 0 9 Any Track 0 any 1 7 bit 1 tk1 bit 2 D tk2 bit 3 tk3 8 tKk1 2 9 tk2 3 PollingInterv 14 Polling Interval 1 1 255 USB HID Polling Interval alID DataFmtID 15 Data Output 0 00 27 ID TECH Format Format FmtOptionID 16 UIC Mag Tek H 59 Refer to MiniMag RS232 User s Manual TrackSepID 17 Track Separator CR Ente
111. r CR for RS232 Enter for KB any character supported except 00 which means none DefaultAllID 18 Default All SendOptionI 19 Send Option 1 07 0x3F Sentinel and Account number control D 5 for KB MSRReading 1A MSR Reading P 07727 Enable MSR Reading 0 MSR ID disable 2 Buffer Mode DTEnableSe 1B DT Enable ECO 1531 Data Editing Control ndID Send CustomEquip 1C custom 0x00 0x20 bit 520 single head bit 5 1 0x20 ID equipment 0x40 or 0x60 dual head bit 621 0x40 support JIS setting Unaffected by reset all DecodingMet ID MSR Read P CPLL both 2 read on insert 3 report hodID Direction on withdrawal 4 read on withdrawal ReviewID 1F Review All None Settings Terminator 21 MSR CR Enter CR for RS232 Enter for KB 0 for D Terminator none any value legal FmVerID 22 Firmware Version USBHIDFmt 23 USB HID Fmt 0 USB HID 8 0 for USB HID ID KB 0 8 8 for USB HID KB Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 99 of 113 ID TECH Secure MOIR User Manual ForeignKBI 24 Foreign KB 0 OO 0x3A Foreign Keyboard k D CardSeatedSt 26 Card Seated tab Card Any String lt 23 characters rID String Seated tab CardRemove 27 Card Removed tab Card Any String lt 23 characters dStrID String Removed tab CardInStrID 28 Card Prese
112. r User Manual 9 49 Buffered Mode Read MSR Data Command 51 01 XX 60 00 03 51 01 Track Selection Option LRC 03 The Track Select Option byte is defined as follows 0 Any Track q Track 1 A Track 2 3 Track 1 and Track 2 ur Track 3 5 Track 1 and Track 3 Track 2 and Track 3 T Track 1 Track 2 and Track 3 HI Track 1 and or Track 2 9 Track 2 and or Track 3 This command requests card data information while in buffered mode The selected MSR data is sent to the host with or without envelope format according to the operation mode setting This command does not erase the data Note In security level 3 and 4 all track data is sent no matter which tracks are requested Response is as follows 60 00 02 Len H Len L MSR Data LRC 03 Problem response is as follows EO 00 02 xxxx LRC 03 Other possible response statuses 6911 Q command length must be 1 692 reader not configured for buffered mode C000 no magstripe data available Use of Buffered Mode with Security Level 4 When the reader is used in both buffered mode and Security level 4 it is possible to vary the order of commands and still have the reader work The reader needs to be both armed to read and security authenticated before the card track data will be sent to the host computer as an encrypted message In order to assure proper function reading a card under these conditions the transaction should proceed in the following sequence
113. r as specified in the followings e Security Level 0 Security Level 0 is a special case where all DUKPT keys have been used and is set automatically when it runs out of DUKPT keys The lifetime of DUKPT keys is 1 million Once the key s end of life time is reached user should inject DUKPT keys again e Security Level 1 By default the readers from factory are configured to have this security level There is no encryption process no key serial number transmitted with decoded data The reader would function as a non encrypting reader and have decoded track data same as level 1 e Security Level 2 Key Serial Number and Base Derivation Key have been injected but the encryption process is not yet activated The reader would send out decoded track data in default format e Security Level 3 Both Key Serial Number and Base Derivation Keys are injected and encryption mode is turned on For payment cards both encrypted data and masked clear text data are sent out Users can select the data masking area however the encrypted data format cannot be modified e Security Level 4 When the reader is at Security Level 4 a correctly executed Authentication Sequence is required before the reader sends out data for a card Commands that require security must be sent with a four byte Message Authentication Code MAC at the end Note that data supplied to MAC algorithm should NOT be converted to ASCII Hex rather it should be supplied in its raw binary for
114. racter string Up to six ASCII characters can be defined 60 00 03 53 lt n gt lt Len gt lt Prefix gt LRC 03 Where n is 34h for track 1 35h for track 2 and 36h for track 3 Len the number of bytes of prefix string Prefix string length string NOTE String length is one byte maximum six Example 60 00 09 53 34 06 05 Trkl LRC 03 Problem with configure command Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 32 of 113 ID TECH Spectrum Air User Manual EO 00 02 69 1E 95 03 9 4 23 Set Track n Suffix 53 37 This command works on unencrypted mode only Characters can be added to the end of track data These can be special characters to identify the specific track to the receiving host or any other character string Up to six ASCII characters can be defined 60 00 LenL 53 lt n gt lt Len gt lt Suffix gt 03 LRC Where n is 37h for track 1 38h for track 2 and 39h for track 3 Len the number of bytes of suffix string Suffix string length string NOTE String length is one byte maximum six Example 60 00 09 53 38 06 05 Endl LRC 03 9 5 Magnetic Card Read Modes The Secure MOIR supports two MSR modes Auto Transmit mode Reader sends data as soon as the data is available When using Auto Transmit Mode the application program needs to be ready to receive data This is the default mode The track data is cleared as soon as it is sent
115. rt RS232 Reader V1 00 63 03 9 3 2 Revert to Default Settings 53 18 60 0002 53 18 29 03 This command does not have any lt FuncData gt All non security settings revert to their default values Some transient statuses e g card report timers may not be cleared immediately if done in the middle of a card transaction 9 3 3 Host LED Control Command 6C 60 00 02 6C LED State LRC 03 This command is used to change the color setting on the LED Note Reader must have the LED option on the reader for this command function properly Where LED State are 0 30 LED will be turned off S7 31 LED will be turned on green P 32 LED will be turned on red m 33 LED will be turned on amber ur 34 LED will be flashing red amber Ss 35 LED will be flashing green o 36 LED will be flashing red SH 37 LED will be flashing amber Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 22 of 113 ID TECH Spectrum Air User Manual A 41 LED will be slowly flashing green B 42 LED will be slowly flashing red C 43 LED will be slowly flashing amber Example To flash the LED green 60 00 02 6C 35 3B 03 Command completed successfully response 9000 is as follows 60 00 02 90 00 F2 03 Other possible response statuses 6913 2nd byte of LED command was not 30 37 or 41 43 691D Command length is incorrect 691F host LED control not enabled To configure the reader to support host see bit 4 i
116. s amp Systems Corporation All rights reserved Page 13 of 113 ID TECH Spectrum Air User Manual READ MSR DATA IN BUFFER MODE commands In buffered mode the LED is set to slow flashing green until the reader is armed to read then it turns solid green It remains green when the card track data is captured When the host requests the buffered data the LED will briefly go dark during track decode then return to slow flashing green if the read was successful or turn red for 5 second if the read was unsuccessful it will remain at slow flashing green until it is rearmed In normal operation the host will arm to read before the patron tries to use the reader and will request the card track data immediately after the card is read so the LED will be green for a successful read or red for an unsuccessful read It will then revert to solid green because the host immediately arms the reader to read the next card Suggested steps for buffered mode application 1 Set reader to buffered mode It only needs to be set once use Configurator software not in regular application the result will be stored in EEPROM 53 1A 01 32 The LED will turn to a slow green flash 2 Arm to read 50 01 30 The LED will turn green indicating okay to read a card 3 Prompt the user to insert and remove a card The LED will stay green but card track data was captured The reader by default will send out the card inserted card removed and mag data present statuses The host
117. s of the command ID Function ID Function Length and Function Data The TRAILER consists of lt LRC gt followed by ETX The maximum size of length is 768 plus envelope bytes 9 1 2 Sending Command 60 lt Length gt lt Command ID gt lt FuncID gt lt Len gt lt FuncData gt lt LRC gt lt ETX gt Where lt Length gt is a two byte count of the bytes in the DATA field lt Command ID gt is a one byte value identifying a specific command ID lt FuncID gt is a one byte Function ID which identifies the particular function or settings affected Len is a one byte length count for the data block lt FuncData gt lt FuncData gt is the data block for the function lt LRC gt See Calculation below lt ETX gt 03 9 1 2 1 Protocol Host Reader Command Response Status 60 Length lt Response Data Status lt LRC gt lt ETX gt Where Length is a two byte counter from Response Data to the end of Status Response Data is the data block associated with the Response Status is a two byte value indicating the success or failure of a command The overall LRC Modulus 2 Exclusive OR checksum from 60 to LRC should be zero See example of LRC calculation in the next section Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 19 of 113 ID TECH Spectrum Air User Manual 9 1 2 2 Ex
118. s the new standard default MSR reading option report on withdrawal This option is designed to maximize card read success rate The card is read on the way in and on the way out and the two reads combined and the combination reported after the card has been removed It is currently only supported in auto transmit mode it is not currently compatible with buffered mode Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 33 of 113 ID TECH Spectrum Air User Manual 9 6 LED Handling LED handling can be under the control of the reader or under the control of the host computer The default operation is to have the LED under the control of the reader e On powering on the reader the LED will flash red then green to indicate a successful startup e The LED will turn green after read a magstripe card to indicate a good read e The LED will turn red briefly after read a magstripe card to indicate a bad read e The LED will turn solid amber if USB connection to host is in process or incomplete e The LED will flash amber on start up if the configuration EEPROM has a problem If the LED is under the command of the host the following settings are available Turn the LED off Turn the LED on Green Turn the LED on Red Turn the LED on Amber Set the LED to Green flashing Set the LED to Red flashing Set the LED to Amber Flashing Set the LED to flashing Red and Amber Set the LED to slow flashing Green Set the
119. ser Manual 60 00 04 53 1301 xx 60 00 04 5317 01 xx 60 00 04 5319 01 xx 60 00 04 53 1A 01 XX 60 00 04 53 ID 01 Decoding Method To read a card in a selected direction 60 00 04 53 60 01 LRC Option To enable or disable sending out the LRC character 60 00 04 53 6101 To set the track1 start sentinel character Track Selection Setting Track Separator Setting Send Option To select the tracks on the magnetic stripe to be read To format the data read from the card To enable or disable the sentinel or account number on Track 2 only or sending error notification MSR Reading To turn the magnetic stripe reading function off or on in either auto transmit or buffer mode Track1 7bit start sentinel Track1 obt start sentinel Track1 5bit start sentinel Track2 7bit start sentinel Track2 5bit start sentinel Track3 7bit start sentinel Track3 6bit start sentinel 60 00 04 60 00 04 53 63 01 60 00 04 53 64 01 60 00 04 53 65 01 60 00 04 53 66 01 60 00 04 536701 60 00 04 53 6801 Track3 5bit start sentinel 60 00 04 53 69 01 Track end sentinel To set the track end sentinel character 60 00 04 53 21 01 xx Terminator Setting To format the data read from the card 60 00 04 53 3n 01 xx Track 1 2 3 ID Setting To edit the data read from the card 53 62 01 To set the track1 start sentinel character To set the track1 start sentinel character To set the track2 start sentinel character To set the track2 start sentinel ch
120. standard card Send the error notification 38 through lt 3F gt Send keyboard control codes in the standard form or send the alternate control codes The default setting for RS232 reader is 0x31 and the default setting for USB HID KB reader is 0x35 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt Note If the reader is configured to send an error notification on a bad track and it is desired to suppress the start and or end sentinels on the error notification see t1 ErrStart 6C t2ErrStart 6D and 13ErrStart 6E and t1 End 69 to set the reader not to send these 9 4 14 Set MSR Data Terminator 53 21 60 00 04 53 21 01 Terminator Setting LRC 03 The Terminator Setting byte is any one byte except 0x00 The default is OxOD which is Carriage Return CR If 0x00 is set the reader will send no terminator Example to set to send Line Feed LF 0x0A after the last MSR data 60 00 04 53 21 01 OA 27 03 The terminator value 30 is special it will send out two characters CRLF or OD and OA A Value of 0x00 means do not send any MSR data terminator Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 30 of 113 ID TECH Spectrum Air User Manual 9 4 15 Set MSR Data Prefix String 53 D2 60 length 53 D2 Len Prefix String LRC 03 Where Prefix String gt string length string String length is one byte max
121. t LRC 03 Each Function Setting block lt FuncSETBLOCK gt has the following format lt FuncID gt Len lt FuncData gt Where Length is a two bytes counter which indicates bytes of all lt FuncSETBLOCK gt The most significant byte comes first lt FuncID gt is a one byte Function ID identifies the setting s for the function For a complete list of FuncID see Appendix A page 99 lt Len gt is a one byte length count for the following function setting block lt FuncData gt lt FuncData gt is the current setting for this function It has the same format as in the Sending Command for this function See SENDING COMMAND LIST for details FuncSETBLOCK are in the order of their function ID lt FuncID gt Example 60 00 B7 23 01 30 4C 01 31 4E 09 08 00 00 00 00 00 00 00 00 77 01 03 7E 01 34 1001 30 11 01 8F 13 01 30 14 01 01 17 OT OD 19 0L 31 1A 01 31 IB 0130 1D 01 33 21 01 OD 24 01 30 2F 01 00 31 01 00 32 01 00 33 01 00 34 00 37 00 35 00 38 00 36 00 39 0041 01 37 42 01 30 43 01 30 44 01 30 45 01 30 47 01 11 48 01 13 49 01 06 4A 01 03 4B 01 2A 4D 01 30 50 01 30 55 01 30 5C 01 37 5D 01 31 60 01 30 61 01 25 6201 25 63 01 3B 64 01 25 65 01 3B 66 01 25 67 01 21 68 01 3B 69 01 3F 6C 01 25 6D 01 3B 6E 01 2B 7B 01 30 84 01 08 8501 31 86 01 07 D2 00 D3 00 58 01 31 CD 03 Example Interpreted 60 00 B7 ACK length data 00B7
122. t Len gt lt Magnetic Data String gt lt LRC gt lt ETX gt Where lt Command Length gt is a two byte length from lt 53 gt to lt Magnetic Data String gt lt Len gt is the number of bytes of the Magnetic Data String but no greater than 24 lt Magnetic Data String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 85 of 113 ID TECH Spectrum Air User Manual 14 MAGNETIC STRIPE READER CONFIGURATION SET TRACK 1 7 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 1 start sentinel if the magnetic card s Track 1 data is 7 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 61 gt lt 01 gt lt Track1 7Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 1 6 BIT START SENTINEL This setting allows the user to select any single character to be output as the Track 1 start sentinel if the magnetic card s Track 1 data is 6 bit encoded lt 60 gt lt 00 gt lt 04 gt lt 53 gt lt 62 gt lt 01 gt lt Track1 6Bit Start Sentinel gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET TRACK 1 5 BIT START SENTI
123. t Mode gt byte is defined as follows 0 MSR Reading Disable 1 MSR Reading Auto Transmit Mode SE MSR Reading in Buffered Mode Example to enable MSR reading auto transmit mode 60 00 04 53 1A 01 31 ID 03 9 4 12 Set MSR Read Direction 53 1D 60 00 04 53 1D O1 lt Read Direction gt LRC 03 The lt Read Direction gt byte is defined as follows T Read on both insertion and withdrawal E Read on insertion only KN Report on withdrawal 4 Read on withdrawal only Example 60 00 04 53 1D 01 03 28 03 report on withdrawal Note Unless the users are trained or the reader is a partial insert reader about 20 of the population will not insert a card smoothly enough to be read during insertion Nearly everyone extracts a card smoothly but report on withdrawal feature captures both insert and withdrawal and combines them into one read Note If the reader is in Secure Level 3 or 4 the card data is sent in the same format always These options do not apply The only exception is a keyboard reader can send a MSR data prefix or postfix string around the data so that the host can recognize that the data came from the MOIR rather than from the keyboard 9 4 13 Set MSR Send Option 53 19 60 00 04 53 19 01 Send Option LRC 03 The lt Send Option gt byte is defined as follows Bit Position 0 TP BO No Start End Sentinel Send Start End Sentinel B1 All Data on track 2 Account Number on track 2 B2 no bad
124. tatus and field 9 Encrypted Hash data sent status will only be sent in new encrypt structure Field 8 Clear mask data sent status byte bit 0 1 if TK1 clear mask data present bit 1 1 if TK2 clear mask data present bit 2 1 if TK3 clear mask data present Bit 3 0 9 reserved future use Bit 4 7 0 0 Field 9 Encrypted data sent status bit 0 if 1 tk1 encrypted data present bit 1 if 1 tk2 encrypted data present bit 2 if 1 tk3 encrypted data present bit 3 if 1 tk1 hash data present bit 4 if 1 tk2 hash data present bit 5 if 1 tk3 hash data present Bit 6 if 1 session ID present Bit 7 if 1 KSN present Card Type Value Encode Type Description 0 80 ISO ABA format 1 81 AAMVA format Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 67 of 113 ID TECH Spectrum Air User Manual e 3 83 Other e 4 84 Raw un decoded format 13 4 Level 4 Data Output Format For ISO card both clear and encrypted data are sent For other card only clear data are sent A card insertion and or removal returns the following data Note if all tracks are bad an empty packet is sent Card data is sent out in format of 60 LenL LenH Card Data gt lt LRC gt lt CheckSum gt 03 lt LenL gt lt LenH gt is a two byte length of Card Data lt LRC gt is a one byte Exclusive OR sum calculated for all Card Data lt CheckSum gt is a one byte Sum value cal
125. ted This field is the encrypted Track data using either TDES CBC or AES CBC with initial vector of 0 If the original data is not a multiple of 8 bytes for TDES or a multiple of 16 bytes for AES the reader right pads the data with 0 The key management scheme is DUKPT and the key used for encrypting data is called the Data Key Data Key is generated by first taking the DUKPT Derived Key exclusive or ed with 0000000000FF0000 0000000000FF0000 to get the resulting intermediate variant key The left side of the intermediate variant key is then TDES encrypted with the entire 16 byte variant as the key After the same steps are preformed for the right side of the key combine the two key parts to create the Data Key How to get Encrypted Data Length Track 1 and Track 2 data are encrypted as a single block in original encryption format or in separate blocks in enhanced encryption format In order to get the number of bytes for Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 69 of 113 ID TECH Spectrum Air User Manual encrypted data field we need to get Track 1 and Track 2 unencrypted length first The field length is always a multiple of 8 bytes for TDES or multiple of 16 bytes for AES This value will be zero if there was no data on both tracks or if there was an error decoding both tracks Once the encrypted data is decrypted all padding 0 need to be removed The number of bytes of decoded tra
126. ted using the key derived from the current DUKPT key Deactivate Authenticated Mode Command This command is used to exit Authenticated Mode Host needs to send the first 7 bytes of Challenge 2 from the response of Activate Authenticated Mode command and the Increment Flag 0x00 indicates no increment Ox01 indicates increment of the KSN encrypted with current DUKPT Key exclusive or ed with lt 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C 3C3C gt If device decrypts Challenge 2 successfully the device will exit Authenticated Mode The KSN will increase if the Increment flag is set to 0x01 If device cannot decrypt Challenge 2 successfully it will stay in Authenticated Mode until timeout occurs or when customer inserts and or removes a card The KSN is incremented every time the authenticated mode is exited by timeout or card insertion and or removal action When the authenticated mode is exited by Deactivate Authenticated Mode command the KSN will increment when the increment flag is set to 0x01 Command Structure Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 96 of 113 ID TECH Spectrum Air User Manual Host Device 60 00 OA lt S gt lt 83h gt lt 08h gt lt Deactivation Data gt lt LRC gt lt ETX gt lt Deactivation data gt 8 bytes response to Challenge 2 It contains 7 bytes of Challenge 2 with 1 byte of Increment Flag encrypted by the specified variant of current DUKPT Key
127. thentication request has been sent the reader is waiting for the Activation Challenge Reply Command 0x02 The reader is waiting for a card insertion and or removal Pre condition specifies how the reader goes to its current state as follows 0x00 The reader has no card insertion or removal and has not been authenticated since it was powered up 0x01 Authentication Mode was activated successfully The reader processed a valid Activation Challenge Reply command 0x02 The reader receives a good card insertion and or removal 0x03 The reader receives a bad card insertion and or removal or the card is invalid 0x04 Authentication Activation Failed 0x05 Authentication Deactivation Failed 0x06 Authentication Activation Timed Out The Host fails to send an Activation Challenge Reply command within the time specified in the Activate Authentication Mode command 0x07 insertion and or removal Timed Out The user fails to insertion and or removal a card within the time specified in the Activation Challenge Reply command 13 6 General Commands The following table is a summary of the general commands described in this section HEADER NIONNE NN NE OSEE i XE eu 60 00 01 Get Reader Status To get NE E status in the form lof a single byte 60 00 01 Le Version To get the version of the reader s firmware state No confieuration change Mode mode d 00 03 50 01 32 MSR Reset in Buffer To return the reader to its default Mode settings
128. tion 15 00 Logical Minimum 26 FF 00 Logical Maximum 75 08 Report Size Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 61 of 113 ID TECH Spectrum Air User Manual 09 20 Usage Tk1 Decode Status 09 21 Usage Tk2 Decode Status 09 22 Usage Tk3 Decode Status 09 28 Usage Tk1 Data Length 09 29 Usage Tk2 Data Length 09 2A Usage Tk3 Data Length 09 38 Usage Card Encode Type 95 07 Report Count 81 02 Input Data Var Abs Bit Field 09 30 Usage Total Sending Length 95 02 Report Count 2 82 02 01 Input Data Var Abs Bit Field 09 31 Usage Output Data 96 3B 02 Report Count 512 59 571 9 580 82 02 01 Input Data Var Abs Bit Field 09 20 Usage Command Message 95 08 Report Count B2 02 01 Feature Data Var Abs Buffered Bytes CO End Collection Report Descriptor USB KB Value Description 05 01 Usage Page Generic Desktop 09 06 Usage Keyboard Al Ol Collection Application 05 07 Usage Page Key Codes 19 EO Usage Minimum 29 E7 Usage Maximum 15 00 Logical Minimum 25 01 Logical Maximum 7501 Report Size 95 08 Report Count 81 02 Input Data Variable Absolute 95 01 Report Count 1 75 08 Report Size 81 01 Input Constant 95 05 Report Count 7501 Report Size 05 08 Usage Page LED 1901 Usage Minimum 29 05
129. trols the LED the LED will turn green and the reader will send an ACK response to the host Previously read data will be erased and the reader will wait for the next card Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 88 of 113 ID TECH Spectrum Air User Manual insertion or withdraw depend on decoding method command If an MSR RESET command is received all data will be erased from memory When a card is inserted and withdrawn the decoded data will be saved in memory and not sent to the host If the reader controls the LED the LED will turn slow flashing green If there was no data to read the LED will briefly turn red and then go slow flashing green A notification will be sent to the host to indicate the presence of magnetic data Data will be held until receiving the next ARM TO READ or MSR RESET command While in Buffer Mode the reader will continue to allow the normal commands e g status LED commands MSR RESET IN BUFFER MODE This command will disable MSR reading and clear any magnetic data stored in the buffer The reader will enter a disarmed state and ignore MSR data 60 00 lt 03 gt lt 50 gt lt 01 gt lt 32 gt lt LRC gt ETX The response will be 60 00 02 lt 90 gt lt 00 gt LRC 03 Any stored magnetic data will be erased The reader will send an ACK response to the host If the reader is configured automatically to transmit magn
130. type 0 omitted if card type 4 T3 data unencrypted omitted if card type 4 Encrypted section T1 T2 data encrypted if card type 0 or 4 else omitted T3 data encrypted only if card type 4 Session ID 8 bytes Only if security level 4 amp card type 0 or 4 End encrypted section T1 T3 hashed if card type 0 or 4 20 bytes each KSN 10 bytes only if card type 0 or 4 If MOIR protocol envelope LRC ETX End MOIR protocol envelope header If NGA protocol envelope LRC 3 Card Encode Type 4 Track 1 3 Status 5 T1 data length 6 T2 data length 7 T3 data length 8 Mask Clear Status 1 byte see definition and example 9 1 Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 42 of 113 ID TECH Spectrum Air User Manual Check Sum ETX End NGA protocol envelope header This mode is used when all tracks must be encrypted or encrypted OPOS support is required or when the tracks must be encrypted separately or when cards other than type 0 ABA bank cards must be encrypted or when track 3 must be encrypted 1 Encryption Option Setting for enhanced encryption format only Command 53 84 01 Encryption Option Encryption Option default 08h bitO 1 track 1 force encrypt bitl 1 track 2 force encrypt bit2 1 track 3 force encrypt bit3 1 track 3 force encrypt when card type is 0 Note 1 When force encrypt is set this track will always be encrypted regar
131. um 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET PARTIAL INSERTION STRING This setting allows the user to select a character string to be output as partial in notification When the card insert through the card front switch and the card seated switch is still off after 2s this string will be sent out if Incomplete Insertion On and Off bit in ReaderOpt2ID is set lt 60 gt lt Command Length gt lt 53 gt lt 2E gt lt Len gt lt Incomplete Insertion String gt lt LRC gt lt ETX gt Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 84 of 113 ID TECH Spectrum Air User Manual Where Command Length is a two byte length from 53 to Incomplete Insertion String Len is the number of bytes of the Incomplete Insertion String but no greater than 24 lt Incomplete Insertion String gt is string length string String length is one byte maximum 23 The response will be lt 60 gt lt 00 gt lt 02 gt lt 90 gt lt 00 gt lt F2 gt lt 03 gt SET MAGNETIC DATA STRING This setting allows the user to select a character string to be output as magnetic data notification After an insertion or withdrawal if in buffer mode the magnetic data in current read direction was enabled by reader this string will be sent out if Magnetic Data On and Off bit in ReaderOptID is set lt 60 gt lt Command Length gt lt 53 gt lt 2C gt l
132. ut duration The maximum time allowed is 3600 seconds one hour If the reader times out while waiting for the activation challenge reply the authentication failed Device Response When authentication mode is requested the device responds with two challenges Challenge and challenge 2 The challenges are encrypted using the current DUKPT key exclusive or ed with lt FOFO FOFO FOFO FOFO FOFO FOFO FOFO FOFO gt The decrypted challenge 1 contains 6 bytes of random number followed by the last two bytes of KSN The two bytes of KSN may be compared with the last two bytes of the clear text KSN sent in the message to authenticate the reader The user should complete the Activate Authentication sequence using Activation Challenge Reply command Command Structure Host gt Device 60 00 lt LenL gt lt R gt lt 80h gt lt 02h gt lt Pre Authentication Time Limit gt lt LRC gt 03 Device gt Host Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 70 of 113 ID TECH Spectrum Air User Manual 60 00 lt LenH gt lt Device Response Data LRC ETX success EO 00 02 6931 lt LRC gt 03 fail invalid DUKPT activation challenge Pre Authentication Time Limit 2 bytes of time in seconds Device Response Data 26 bytes data consists of Current Key Serial Number gt lt Challenge 1 gt lt Challenge 2 Current Key Serial Number 10 bytes data with Initial Key Serial Number in the left
133. when buffer mode is enabled Copyright 2014 International Technologies amp Systems Corporation All rights reserved Page 73 of 113 ID TECH Spectrum Air User Manual 60 00 03 51 01 xx Read MSR Data in To set the tracks on the magnetic Buffer stripe to be read while in the N Lade Ih made 60 00 02 52 1F Review All Settings To retrieve all current settings 60 00 02 52 Get Setting Getting various reader optional lt FunctionID gt settings 60 00 02 53 18 Default All Setting reader optional functions O delta 60 00 xx 53 FuncID Send Setting Setting various reader optional Len Func functions 60 00 04 531001 xx Get Terminal Type Set terminal type of the reader 60 00 04 531101 xx Get Reader Option Set the switch notifications LED control Data Envelope and Raw Data Decoding 60 00 04 53 2F01 xx Get Reader Option 2 Set the notification of no data media detect card in slot and incomplete insertion NGA 60 00 02 ae Control To set the LED to be controlled by host GET READER STATUS lt 60 gt lt 00 gt lt 01 gt lt 24 gt lt LRC gt lt ETX gt The response will be lt 60 gt lt 00 gt lt 01 gt lt Reader Status gt lt LRC gt lt ETX gt For RS232 and USB KB readers a single byte reader status will be returned Bit Position 0 1 BO Others No data in a reader Bl Card not seated Card seated B2 Others Media detected B3 Card not present Card present B4 No magnetic data Magnetic data present B5 Al
Download Pdf Manuals
Related Search
Related Contents
BENEKOV S25 BENEKOV S50 Colloque de Montréal ( PDF - 182.4 ko) 仕 様 - 放射線医学総合研究所 M 170 11.5–17.0 m³/min 405–600 cfm Intermatic T173R Instructions / Assembly Honeywell Thermostat T834 User's Manual A Criação de Valor em Portugal Dissertação para Robot Navigation and Mapping with Vision HMP45C Capteur d`humidité relative et de température- https://telegra.ph/Wire-Size-Calculator-From-Voltage-Drop-e36e0908-11-16
- https://telegra.ph/Square-Column-Concrete-Volume-Calculator-d4579a46-11-17
- https://telegra.ph/1-4-8-Concrete-Mix-Calculator-4a9672ea-11-13
- https://telegra.ph/1-2-4-Concrete-Mix-Calculator-5ba5e413-11-13
- https://telegra.ph/Footer-Concrete-Volume-Calculator-db2329ee-11-13
- https://telegra.ph/Concrete-Volume-Calculator-for-Steps-7cabf957-11-13
- https://telegra.ph/hexagonal-steel-weight-calculator-96385d90-11-07
- https://telegra.ph/AC-Three-phase-Voltage-Drop-Calculator-91bf8661-11-18
- https://telegra.ph/DC-Voltage-Drop-Calculator-55b47603-11-18
- https://telegra.ph/Calculate-Current-from-Voltage-Drop-18aad17e-11-18