ACS ACR33U-A1 SmartDuo Smart Card Reader User Manual
Page 53
ACR33U-A1 – Reference Manual
Version 1.02
www.acs.com.hk
Page 53 of 60
The authentication has to be performed in two steps. The first step is to send the Authentication
Certificate to the card. The second step is to get back two bytes of authentication data calculated by
the card.
Step 1: Send Authentication Certificate to the Card.
Command format (abData field in the PC_to_RDR_XfrBlock)
Pseudo-APDU
CLA INS P1 P2
MEM_L
CODE
KEY CLK_CNT Byte1 Byte 2 …… Byte 5 Byte 6
FFh 84h 00h 00h
08h
Where:
KEY:
Key to be used for the computation of the authentication certificate:
00h:
key 1 with no cipher block chaining
01h:
key 2 with no cipher block chaining
80h:
key 1 with cipher block chaining (SLE5536 and SLE6636 only)
81h:
key 2 with cipher block chaining (SLE5536 and SLE6636 only)
CLK_CNT:
Number of CLK pulses to be supplied to the card for the computation of each
bit of the authentication certificate. Typical value is 160 clocks (A0h)
BYTE 1...6:
Card challenge data
Response data format (abData field in the RDR_to_PC_DataBlock)
SW1 SW2
61h 02h
Where:
SW1, SW2 = 61 02h if no error, meaning two bytes of authentication data are ready. The
authentication data can be retrieved by “Get_Response” command.
Step 2: Get back the Authentication Data (Get_Response).
Command format (abData field in the PC_to_RDR_XfrBlock)
Pseudo-APDU
CLA INS P1 P2 MEM_L
FFh C0h 00h 00h
02h
Response data format (abData field in the RDR_to_PC_DataBlock)
CERT SW1 SW2
Where:
CERT:
16 bits of authentication data computed by the card. The LSB of BYTE 1 is the
first authentication bit read from the card.
SW1, SW2 = 90 00h if no error