Deactivate authenticated mode command – MagTek MagneSafe V5 User Manual
Page 75
Section 2. Communications
67
If the reader decrypts the CR response correctly the Activate
Authenticated Mode has succeeded. If the reader can not decrypt the CR
command correctly the Activate Authenticated Mode has failed, the
DUKPT KSN advances.
Data structure:
Request Data:
Offset
Field Name
Description
0
Response to
Challenge 1
Six bytes of Challenge 1 plus two bytes of time as
outlined above, encrypted by the specified variant of
the current DUKPT Key
8
Session ID
Optional eight byte Session ID encrypted by the
specified variant of the current DUKPT Key.
Response Data: None
Result codes:
0x00 Success
0x02 Bad Parameters – the Request Data is not a correct length
0x04 Bad Data – the encrypted reply data could not be verified
0x07 Sequence – not expecting this command
Example Activation Challenge Reply Request (Hex):
Cmd Num
Data Len
Data
11
08
8579827521573495
Example Activation Challenge Reply Response (Hex):
Result Code Data Len
Data
00
00
Deactivate Authenticated Mode Command
Command number:
0x12
Description:
This command is used to exit the Authenticated Mode command. It can
be used to exit the mode with or without incrementing the DUKPT
transaction counter (lower 21 bits of the KSN). The application must send
the first 7 bytes of Challenge 2 (from the response to the Activate
Authenticated Mode command) and the Increment flag (0x00 indicates no
increment, 0x01 indicates increment of the KSN) encrypted with a variant
of the current DUKPT PIN Encryption Key (Key XOR 3C3C 3C3C 3C3C
3C3C 3C3C 3C3C 3C3C 3C3C).
If the reader decrypts Challenge 2 successfully it will exit the
Authenticated Mode and, depending on the Increment flag, may increment
the KSN.
If the reader cannot decrypt Challenge 2 successfully, it will stay in the
Authenticated Mode until either the time specified in the Activate
Authenticated Mode command passes or the user swipes a card. This