Section 4. security, Security level 3, Security level 4 – MagTek Bluetooth MagneSafe V5 Swipe Reader User Manual

Page 19

Advertising
background image

11

SECTION 4. SECURITY

This reader is a secure reader. Security features include:

Supplies 54 byte MagnePrint value

Includes Device Serial Number

Encrypts all track data and the MagnePrint value

Provides clear text confirmation data including card holder’s name, expiration date, and a
portion of the PAN as part of the Masked Track Data

Supports Mutual Authentication Mode for use with Magensa

Offers selectable levels of Security


The reader supports two Security Levels. The Security Level can be increased by command, but
can never be decreased.

SECURITY LEVEL 3

Security Level 3 enables encryption of track data, MagnePrint data, and the Session ID.
MagnePrint data is always included and it is always encrypted. The format for the data is
detailed later in this document. At Security Level 3, many commands require security—most
notably, the Set Property command. Transition to Security Level 4 requires security.

SECURITY LEVEL 4

When the reader is at Security Level 4, a correctly executed Authentication Sequence is required
before the reader will emit data from a card swipe. Correctly executing the Authentication
Sequence also causes the Green LED to blink, alerting the user to the fact that the reader is being
controlled by a Host with knowledge of the keys—that is, an Authentic Host.

Commands that require security must be sent with a four byte Message Authentication Code
(MAC) appended to the end. The MAC is calculated as specified in ANSI X9.24 Part 1 – 2004,
Annex A. Note that data supplied to the MAC algorithm should NOT be converted to the
ASCII-Hex, rather it should be supplied in its raw binary form. The MAC key to be used is as
specified in the same document (“Request PIN Entry 2” bullet 2). Calculating the MAC requires
knowledge of the current DUKPT KSN, this could be retrieved using the Get DUKPT KSN and
Counter command. For each command processed successfully, the DUKPT Key is advanced.

Advertising
Popular Brands
Popular manuals