UIC Bezel5 payment card Reader Programmer’s Manual RS232 & USB Interface Document #: PM098 Revision 1.4 May. 7th, 2014 Copyright © 2013, Uniform Industrial Corp.
Document History Document Version 1.1 1.2 1.3 1.4 Author Robin Tang Vicky Tuan Stanley Lui Ting Sun UIC Bezel5 Programmer’s Manual Change Initial version Date Adjusted some wordings Adjusted some wordings(Bezel5) Page.2/166 16, Dec, 2013 18, Dec, 2013 07.May.2014 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
Table of Contents LIST OF TABLES ...............................................................................................................................10 LIST OF FIGURES.............................................................................................................................11 NOTICE ...........................................................................................................................................11 AGENCY APPROVED ........................................
3.1. READER DEFAULT SETTING ............................................................................................................ 11 3.2. PRESSING THE BUTTONS AND MAGNETIC CARD ‘WIGGLING’ ................................................................ 11 3.3. 3.2.1. Pressing the Cancel Button.................................................................................................... 11 3.2.2. Pressing the Enter Button...................................................................
4.1.3. 71 (37H31H) or 91 (39H31H) - Copyright Report.................................................................... 11 4.1.4. 7A (37H41H) or 9A (39H41H) - Module Version Report .......................................................... 11 4.1.5. 7F (37H 46H) – Get Hardware Status ..................................................................................... 11 4.1.6. ? (3FH) - Select Verbose Responses Command....................................................................... 11 4.1.
4.4. 4.3.4. CPx(43h 50h x) - PayPass Support ..................................................................................... 11 4.3.5. CTx(43h 54h x) - Set Terminal/Transaction Type/Info......................................................... 11 4.3.6. DFx(44h 46h x) - Default Setting ....................................................................................... 11 4.3.7. DWx(44h 57h x) - Set Wait Amount mode.........................................................................
5. 4.4.6. f (66H) – Select(type A)/Attrib(type B) ................................................................................... 11 4.4.7. g (67H) – MIFARE Classic Card Authentication........................................................................ 11 4.4.8. h (68H) – MIFARE Classic Card Read Block(Supports MIFARE Ultralight).................................. 11 4.4.9. i (69H) – MIFARE Classic Card Write Block(Supports MIFARE Ultralight).................................. 11 4.4.10.
6. (C8H) – Activate/Deactivate Contactless/MSR Reading command .......................................... 11 5.2.2. (C9H) – Response of Start Transaction ................................................................................... 11 5.2.3. (CEH) – Return the Specific EMV Tags .................................................................................... 11 AUTHENTICATION AND CARD DATA ENCRYPTION ???............................................................11 6.1.
7.2. CONFIGURATION OPTION.............................................................................................................. 11 7.3. TAG FFFF820E DATA FORMAT ...................................................................................................... 11 7.4. GOOGLE WALLET MERCHANT KEY UPDATE ....................................................................................... 11 7.5. GOOGLE WALLET COMMANDS ........................................................................
List of Tables Table 1-1 Bezel5 features ........................................................................................................11 Table 2-1. Pin Assignment of Interface Cable...........................................................................11 Table 3-1. Default Configuration settings.................................................................................11 Table 3-2. Track 3 Data Format .....................................................................................
Table 4-21. LCD Backlight Control............................................................................................11 Table 4-22. Commands related to Self-Arm mode transaction example flow ...........................11 Table 4-23. Commands related to Host-Poll mode transaction example flow...........................11 Table 4-24. BLP Configuration Protocol....................................................................................11 Table 4-25. Set Configuration Code Table ................
Table 5-10. MaestroCard Application ID Default Tag Value ......................................................11 Table 5-11. American Express Application ID Default Tag Value ...............................................11 Table 5-12 Discover Zip Application ID Default Tag Value.........................................................11 Table 5-13. Interac Flash Application ID Default Tag Value .......................................................11 Table 5-14.
Table 7-5. Google Wallet Operation Command Type ...............................................................11 Table 8-1 Track/Tag information of Google Wallet Transaction Format ....................................11 Table 8-2. ISIS Wallet Tag Data Output Format ........................................................................11 Table 8-3. ISIS Wallet Data Transmission Tag Format ...............................................................11 UIC Bezel5 Programmer’s Manual Page.
List of Figures Figure 3-1. EMV Configuration command diagram ..................................................................11 Figure 3-2. Self-Arm Mode Transaction Process Example Flow ................................................11 Figure 3-3. Host Poll Mode Transaction Process Example Flow................................................11 Figure 6-1. Data Security Operation Flow ................................................................................11 Figure 6-2.
NOTICE The issuer of this manual has made every effort to provide accurate information contained in this manual. The issuer shall not be held liable for any technical and editorial omissions or errors made herein; nor for incidental consequential damages resulting from the furnishing, performance or use of this material. This document contains proprietary information protected by copyright. All rights are reserved.
WARRANTY This product is served under one-year warranty of defects in material and functionality to the original purchasers. Within the warranty period, if the product found to be defective will be repaired or replaced. This warranty applies to the products only under the normal use of the original purchasers, and in no circumstances covers incidental or consequential damages through consumers’ misuse or modification of the product.
1. General Description This section presents general information about the basic characteristics of the Bezel5. 1.1. Features Contactless card brand label 2x16 LCD Display Cancel button Enter button Reset button MSR reader Reset Button The LCD can be refreshed by a short click on the reset button. After the button is released it will generate a short beep to indicate the LCD refresh is complete. For hardware reset, please hold the reset button for 8 seconds.
The Bezel5 reader provides the following features: Bezel5 1 Integrated magnetic stripe reader to read magnetic stripe cards that conform to ISO standard 2 Bi-directional card swipe and triple track read capability 3 64x128 Graphic LCD display with backlight 4 Front: Two Buttons (cancel button and enter button) ; Back: One Button (reset button) 5 LED and Buzzer indicators indicate card status 6 Encrypted card data output (optional) 8 Support RS232, USB 2.
1.3. Physical LED Indication Bezel5 has 3 sets of LED for different indications: 1. 2. 3. Scrolling LED – for catching the attentions of people that the reader is available for accepting payments. Magstripe Ready arrow LED – an indicator to show the Bezel5 is ready to accept Magstripe card swipe Contactless transaction LEDs – leftmost LED indicates Bezel5 is ready to accept contactless card. Rest of LEDs to indicate the transaction status.
data automatically. The contactless LEDs will be flashing from left to right sequentially. 2. EMV Transaction Mode: Under this mode, the LEDs are lighted during the transaction process. Each LED will represent a different transaction stage in the process. Idle, ready to accept contactless card Processing, transaction is processing and do not remove card. Complete, transaction has been completed by the reader and the card can be removed now.
2. Configurations This section shows the various specifications of the Bezel5 reader. 2.1. Functional Specifications Basic functions Read high or low coercivity magnetic stripes (300-4000oe) 5 LEDs for attention grabbing Programmable audio buzzer Real time clock /w 5 years battery life Contactless communication at 13.
Authentication with RSA 2048 bit key Antennas Build-in direct matching antenna 13BU Payment applications American Express ExpressPay Discover ZIP MasterCard PayPass/MCHIP Visa MSD/qVSDC Google wallet ISIS wallet MIFARE applications Read/Write of MIFARE Plus/Classic/Ultralight/DESFire cards Support MIFARE higher baud rate up to 424KHz 2.2. Mechanical Specifications Dimension UIC Bezel5 Programmer’s Manual Length: 107 mm Width: 84 mm Depth: 57.5 mm Page.22/166 UDN PM098 Rev. 1.
2.3. Electrical Specifications Power Required 7.5 VDC ~ 45 VDC Power Consumption 75mA in idle mode; 90mA in operating mode (preliminary estimate) at 34 V working voltage Communication Standard RS232 signal level Compatible with USB 2.0 specification Communication Signal (RS232) Logic 1 = -3 volts to -15 volts Logic 0 = +3 volts to +15 volts 2.4.
2.5. Pin Assignment Interface Pin Assignment Pin Signal Comment Pin Signal Comment 1 2 VCC RXD 5VDC 1 2 VCC TXD 5VDC 3 4 TXD Signal Ground 3 4 RXD DN 5 N/C 5 6 DP Hi power 7 8 9 10 N/C N/C Signal Ground Shield Ground 7.5VDC ~ 45VDC Table 2-1. Pin Assignment of Interface Cable UIC Bezel5 Programmer’s Manual Page.24/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
2.6. Communication U RS232 Interface Data Output Synchronization The interface receives and transmits serial asynchronous data at voltage levels compatible with the RS232 specification. Baud Rate 9600 BPS default (optional: 1200/2400/4800/9600/19200/38400/56000/115.2K BPS) USB Interface Compatible with USB specification 2.0 The in/out commands will use the HidD_GetFeature/HidD_SetFeature functions of the Windows standard USB HID driver.
3. Operation After power up of the reader, the scrolling LEDs are turned on together with one beep sound, indicating that the reader is ready to operate. As factory default setting, the Bezel5 reader is set to Self-Arm mode enabled. Under this mode, the reader will read and transmit payment card 2 data automatically. User needs to disable this mode in order to send contactless card operation commands. F F 3.1.
3.2. Pressing the Buttons and Magnetic Card ‘Wiggling’ 3.2.1. Pressing the Cancel Button The message “SSS” is transmitted out from the reader after someone presses the Cancel button 3.2.2. Pressing the Enter Button The message “AAA” is transmitted out from the reader after someone presses the Enter Button. 3.2.3. Magnetic Card is ‘Wiggled’ The message “BBB” is transmitted out from the reader after someone wiggles the magnetic card back and forth. UIC Bezel5 Programmer’s Manual Page.
3.3. Reader Configurations 3.3.1. Transmission Protocol The user may select from two different protocols: Protocol 0 and 2. Upon reset, the reader will send out the default power-on character “:”, or any character specified by the configuration setting. Important: When the Bezel5 reader is working in the USB interface mode, we need to add the header byte C2h and the 2-byte data length before the command.
Example of Protocol 2, RS232 Interface Host Command Reader Response Comment <01><00><00><01>P<50h> Ready to read <01><00><00><01>^<5Eh> Reader ACK Reader Response Comment Example of Protocol 2, USB Interface Host Command <00><06><01><00><00><01>P<50h> Ready to read <00><06><01><00><00><01>^<5Eh> Reader ACK The field is for a multi-reader system. This function is not currently supported. The recommended value for this field is NULL (00Hex) but any value will work.
3.3.2. Configuration Protocol BLP Protocol In BLP Protocol, all messages are preceded by the ASCII character , followed by a one byte reader address, one byte character count and terminated with a one byte . is an XOR of the 7 data bits, excluding parity, of each character in the entire message, including .
3.3.3. Self – Arm Mode The default reader configuration is in “Self-Arm Mode”. This allows the payment cards (including VISA MSD, ExpressPay card and the general magnetic stripe credit cards) reading functions to run automatically, reporting the card data to the host without any instruction sent from the host. With the reader running in the Self-Arm Mode, it can be configured to the “Host Polled Mode” by disabling the Self-Arm Mode.
Card data output clear format (Self-Arm mode) Preamble Protocol Envelope code Tk1 prefix Tk1 Data Tk1 suffix Separator Tk2 prefix Tk2 Data Tk2 suffix Separator Tk3 prefix Tk3 Data Tk3 suffix Protocol Envelope code Postamble The preamble/postamble is only available in the card data output format under Self-Arm mode. The Bezel5 reader can be configured to become a secure reader which will output encrypted card data.
3.3.4. Host Poll Mode Under this mode, user can send out commands manually. Examples like the Q, R, S commands for individual track card data; the commands for controlling the LED and commands for turn on/off antenna power. Host Poll mode is disabled if the reader is configured with default setting. 22B Read card data using commands in the Host-Polled mode The reader replies to the so called “Host-Polled” command such as “Transmit Track Data”.
3.3.5. EMV Mode The EMV transaction is supported by two command groups in Bezel5: 1. Configuration command group 2. General command group. Usually before the deployment, the configuration commands are set to the bezel with the specific EMV transaction parameters. The settings are stored in the nonvolatile memory and kept until new settings are downloaded. This data is acquirer/issuer related.
Public key loading (T03 command) Start Terminal Configuration Setup (T01 command) No Done? Application Configuration Setup (T15 command) Yes Ready for Deployment No Done? Yes Figure 3-1. EMV Configuration command diagram EMV Transaction - Using the bezel general commands (Protocol 2). There are many transaction scenarios for EMV transactions. The on-line transaction is shown in the above as one example.
3.3.6. Details of the Payment Card Tracks Data The Bezel5 reader running at Self-Arm mode will automatically decode the payment card data according to the payment application type. For non-supported payment cards, it is possible to go through the host-polled mode to query the card data. In general, for the supported payment cards, track 1 and 2 card data will always be present for a successful reading.
Track 3 Data Format Start sentinel Card Type Transaction Result 1-byte 1-byte 2-byte Transaction Data Object(s) (card type dependent) End sentinel Each object is separated by the field separator.(n Bytes) 1-byte Table 3-2.
Tag Description Track 3 (ASCII-HEX) , RS232/Vcom Interface Data Length (byte) Card Type* Data Object Format in Payment Specification Type, Data Length (byte) MasterCard ans, up to 16 bytes Up to 16 bytes 9F12 Application Preferred Name 9F16 Merchant ID V/M ans, 15 bytes 30 bytes 9F17 Personal Identification Number (PIN) Try Counter VISA Binary, 1 byte 2 bytes 9F1A Terminal Country Code V/M Binary, 2 bytes 4 bytes 9F1E Interface Device Serial Number (IFD) V/M an, 8 bytes 16 bytes
Tag 9F7C Description Card Type* Data Object Format in Payment Specification Type, Data Length (byte) Track 3 (ASCII-HEX) , RS232/Vcom Interface Data Length (byte) Customer Exclusive Data VISA Binary, 0~32 var. 0~64 bytes - POS Entry Mode VISA Binary, 1 byte, VISA only, the value of ‘91’ for MSD transactions.
Value of Card Type Card Type: It indicates that the tag may appear in track 3 by reading that particular card. V/M means VISA and MasterCard. If the card brand doesn’t appear in the card type field, it doesn’t mean that this card will not support such tag. Value Card Type* 0 MChip 1 MagStripe V3.3 2 Amex Express Pay/EP3 (Reserve) 3 Visa(qVSDC, MSD) 4 Interac 5 Discover Zip/D-PAS (Reserve) Table 3-4.
3.3.7. Payment Card Data Output Example PayPass–Magstripe3.
PayPass–MChip Track 3 data format: + Card Type (1-byte) Transaction Result (2-byte) =[CVM]=[9F26]=[9F10]=[9F37]=[9F36]=[95]=[9B]=[9A]=[9C]=[9F02]=[5F2A] =[82]=[9F1A]=[9F03]=[9F33]=[9F35]=[84]=[9F09]=[9F1E]=[9F16]=[9F41]=[9F27] =[9F34]=[9F53]=[5A]=[5F24]=[57]=[9F6E]=[50]=[9F12]=[9F11]=[5F34] ? Track Data: %B5413330089600119^0056^ETEC/PAYPASS^141231^^?;5413330089600119=1412==?+002=1F=96EB58603A581C2 F=0110A00000000000000000000000000000FF0000000000000000000000000000=14A946B2=0001=8000000000== 120604=00=00
Position 9 10 11 12 Tag 9C 9F02 5F2A 82 Value 00 000000001500 0978 1880 Description Transaction Type Amount, Authorized Transaction Currency Code Application Interchange Profile Position 13 14 15 16 Tag 9F1A 9F03 9F33 9F35 Value 0056 000000000000 000888 22 Description Terminal Country Code Amount, Other Terminal Capabilities Terminal Type Position 17 18 19 20 Tag 84 9F09 9F1E 9F16 Value A0000000041010 0002 1234567890000000 3030303030303030 30303030303031
Visa (qVSDC, MSD) Track 3 data format: + Card Type (1-byte) Transaction Result (2-byte) =[9F26]=[9F10]=[9F37]=[9F36]=[9F66]=[95]=[9B]=[9A]=[9F02]=[5F2A]=[82] =[9F1A]=[9F03]=[9F33]=[9F35]=[9F09]=[9F1E]=[9F16]=[5F34]=[9F40]=[9F6E] =[9F7C]=[57]=[5A]=[5F20]=[5F24]=[9C]=[9F5D]=[9F68]=[9F6C]=[9F6B]=[9F51] =[9F17]=[9F78]=[9F79]=[9F6D]=[9F54]=[POS Entry Mode]=[Terminal Enter Capability] ? Track Data: %B4761739001010010^ /^201212000123100399030000?;4761739001010010=20121200012339900031?+300=AABBCCDDEEFF1122=060
Position Description 5 Terminal Transaction Qualifiers 6 7 Terminal Verification Results 8 Transaction Status Information Transaction Date Position 9 10 11 12 Tag 9F02 5F2A 82 9F1A Value 000000000100 0840 2000 0840 Description Amount, Authorized Transaction Currency Code Application Interchange Profile Terminal Country Code Position 13 14 15 16 Tag 9F03 9F33 9F35 9F09 Value 000000000000 000888 22 0000 Description Amount, Other Terminal Capabilities Terminal Type
Position 33 34 35 36 Tag 9F17 9F78 9F79 9F6D PIN Try Counter VLP Single Transaction Limit VLP Available Funds VLP Reset Threshold Value Description Position 37 38 39 Tag 9F54 POS Entry Mode Terminal Enter Capability 07 08 qVSDC transaction Always set to 8 Value Description Cumulative Total Transaction Amount Limit UIC Bezel5 Programmer’s Manual Page.46/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
4. Commands and Responses 4.1. Common Command Description Reader Response Code Response Meaning ^ Acknowledgement * Cannot execute (e.g. out of range) ! Bad parameter (e.g. incorrect length) + (2BH) No Magnetic Stripe Card Data. Command was received correctly. ? (3FH) Communication Error. Command was not received correctly. : (3AH) Power On report. ~ (7EH) Unavailable. Hardware is not available to complete this request. 4.1.1.
4.1.3. 71 (37H31H) or 91 (39H31H) - Copyright Report Transmits the version and copyright information Example Host Command Reader Response Example 71 131210,BE50131A:V1.G This command is sent if the user wants to know the version, model and copyright of the currently loaded Bezel5 firmware. The response is an ASCII string giving the firmware date (yymmdd), reader type and the firmware version number, followed by the firmware copyright statement.
Host Command Reader Response Example 7A0 BE5H11-xxxx 4.1.5. 7F (37H 46H) – Get Hardware Status This command can get the hardware status back after powered-on. The host can use this command to check if there's any hardware initialization issue happened during the power-on process. If all the ICs are working well, the response should be 4 bytes of zeros.
Byte 2 Meaning Bit4 Create New DUKPT Key Bit3 DUKPT KEY Error Bit2 Create New MAC Key Bit1 MAC Key Error Byte 3 Meaning Bit 8 Create New PingPing Key Bit7 PingPing Key Error Bit6 Ext Flash Error Bit5 Create New RSA Key Bit4 RSA Chip Error Bit3 Create New Master Key Bit2 Initial Master Key Error Bit1 EEPROM Error 4.1.6.
Reader Response Example = ‘<01> Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Byte 1, see Table 4-2 0 1 1 0 0 0 0 0 Byte 2, see Table 4-3 0 0 0 0 0 0 0 1 First Status Byte Bit Value: 0 Value: 1 0 RFU RFU 1 No Card Present Card Seated 2 RFU RFU 3 RFU RFU 4 No Card status Report Auto Card status Report 5 always ‘1’ always ‘1’ 6 Not armed to read Armed to read 7 RFU RFU Table 4-2.
Reader Response Example = “ ? ” Byte 1, see Table 4-4 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 0 0 1 1 1 1 1 1 Standard, One Configuration Byte Bit Value: 0 Value: 1 0 Track 1 not present Track 1 present 1 Track 2 not present Track 2 present 2 Track 3 not present Track 3 present 3-7 RFU RFU Table 4-4. First byte of Configuration Request response Extended Configuration Bytes (16 bytes) Byte Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5-15 Remark Equip.0 Equip.
Byte Remark 3 Speed 4 Address 00H=1200, 01H=2400, 02H=4800, 03H=9600, (Default) 04H=19.2k, 05H=38.4k, 06H=57.6k, 07H=115.2k bps Always 00H. By using the configuration setting command, users can select the standard or extended format. For the Extend command usage refer to 4.3.8. ECx(45h 43h x) - Extended Configuration Report Enable/Disable. UIC Bezel5 Programmer’s Manual Page.53/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
4.1.9. (18H) – Clear Data Buffer Clears read data buffers. Example Host Command Reader Response Example <18> ^ 4.1.10. <7FH> – Warm Reset It aborts all current actions and causes the device to execute all initialization functions. The device will respond as if in a "power up" cycle; by default it returns a ‘:’ (3AH). This operation will take at least 3 seconds to complete. Example Host Command Reader Response Example <7F> ^ 4.1.11.
51 (35H31H) - Read Date Response data Packet: Byte 0 – Byte 1 Byte 2 Byte 3 Byte 4 Year Month Date Week <20*><12> <12> <06> <04> *The year <20> can be interpreted as space character.
54 (35H34H) - Set Date Command Packet: Byte 0-1 Byte 2-3 Byte 4 Byte 5 Byte 6 Command Year Month Date Week 54 <14><0C> <0C> <06> <04> Hex value format valid input 01h=Monday, 02h=Tuesday, … 07h=Sunday Default setting is <20><01><01><01><01>, obtained by Read Date. YYYY: 14h 00h – 1Eh FFh (2000 – 3000) If the ‘YYYY’ falls out of range, the reader will restore the configuration to default settings after resetting the device.
4.1.12. B (42H) – Buzzer Beep control Used to let the Buzzer to beep under user’s control Command Packet Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Command Count Tone On Duration Short Duration B <31> <30> <7F> <00> Example Host Command Reader Response Example B<31><30><7F><00> ^ Command Type Field Count Description 0 (30h, ASCII Hex) – long beep **Important: Once ‘B0’ command starts beeping, NO command can STOP it–unless users send a “Reset” command to stop it.
4.1.13. I (49H) – Load RSA Key This command is used to load RSA Key and query Key Index for PayPass MCHIP and VISA qVSDC applications.
Data Description Mod Len 1 byte in binary format, Max is 248. Modulus 1-248 bytes in binary format. Sha_1 Len Len-1 byte in binary format, must be 0 or 20. Sha_1 20 bytes in binary format, if present. Table 4-6.
Padding Frame - (Command I2, Authentication RSA Key) Byte 0~1 Byte 2+n Byte 3+n 00h 01h Var. 00h Table 4-9.
ASCII – Hex Value Description 4 ( or 34h) Request a certain PAN from the Exception File Command Data Type Description 2 ( or 32h) 3 ( or 33h) 4 ( or 34h) data length(1 byte) + PAN(up to 19 bytes ASCII ‘0’~’9’) 2 bytes long, range from 0000h to 010Fh Response data format Type Description 1 ( or 31h) Return 2-byte binary number -- the total number of PANs in the file. 3 ( or 33h) Return ‘1’ if PAN exists; else, return ‘0'. 4 ( or 34h) Return primary account number; else, return 00h.
Command Type Type Description 01h LCD Clear, See Table 4-12 02h LCD Write Char, See Table 4-13 03h Graphic picture selection, See Table 4-14 04h LCD Inverse, See Table 4-15 07h Cursor Blink, See Table 4-16 08h Cursor Home 09h Cursor Display, See Table 4-17 0Ah Position Cursor, See Table 4-18 0Bh LCD Blinking, See Table 4-19 0Ch LCD Blink Time, See Table 4-20 16h LCD Backlight control, See Table 4-21 Table 4-11.
Display Line Host Command Reader Response Example ^ LCD Write Char (5 Fields in binary format) Field 1 Field 2 Field 3 Field 4 Field 5 1~18 1~64 Length 1 Length 2 Data buffer Total length = (Length 1 * 256) + Length 2 Table 4-13.
LCD Inverse Data Description 00h Normal 01h Light pixels on a dark background Table 4-15. LCD Inverse Option Example Host Command Reader Response Example <01><00><00><03>@<04><01>G Enable ^ <01><00><00><03>@<04><00>F Disable ^ Cursor Blink Data Description 00h No blinking 01h Cursor blink on Table 4-16. Cursor Blink Option Cursor Display Data Description 00h Cursor hides 01h Cursor display Table 4-17.
LCD Blink Time Data Description 00h~0Fh Setup blinking time, 1 byte in binary format Table 4-20. Set LCD Blinking Time LCD Backlight control Data Description 00h Off 01h Turn on the LCD backlight. Table 4-21. LCD Backlight Control Example Host Command Reader Response Example <01><00><00><03>@<16><01>U On ^ <01><00><00><03>@<16><00>T Off ^ 4.1.16. L (4Ch) / l (6Ch) / ( (28h)- LED Control This command is for Contactless LED control.
LED Position Type Description 1, (31h) First LED (Blue) 2, (32h) Second LED (Orange) 3, (33h) Third LED (Yellow Green) 4, (34h) Fourth LED (Red) 4.1.17. LE (4Ch 45h) / LD (4Ch 44h) - Flash LED Control This command is for the user to recognize that the reader is up and functioning. The default is turned-on upon power up. For specific purpose, it can be disabled and controlled by the host to determine when the LED be turned on.
4.2. General Commands Description The default setting of the Bezel5 reader, Self-Arm mode, is mainly used to simplify the process so that the host does not need to communicate back and forth with the reader. In this situation, the Bezel5 acts like a general magnetic stripe card reader. Whenever it senses the card it will try to decode the card data automatically and send out the decoded data to the host if the process is successful. Otherwise, error code will be sent out for host to make next activation.
Self-Arm Mode transaction process Example flow Receive error from reader Reader Initial Enable Self-Arm Mode H1 / SAE Command Terminal/Controller Action Start new transaction Error Code Action 54/55 Command Set Transaction Date/Time Return Error Code? * Set reader to Self-Arm mode by send H1 command is for temporary test, reader will return to Host-Poll mode after power cycling.
Host Poll Mode transaction process Example flow In this Example, assume the Bezel5 is in protocol USI2 and Self-Arm disable mode. Reader Initial Receive error from reader Terminal/Controller Action Host-Poll Mode Enabled? * Bezel-5 Plus has Host-Poll mode enabled set to default.
Function Reference Set Arm to Read 4.2.2. P (50H) – Arm to Read Set Amount 4.2.6. Get Transaction Data T (54H) – Transaction Comman 4.2.5. Q, R, S – Get Transmit Track Data Table 4-23. Commands related to Host-Poll mode transaction example flow 4.2.1. H (48H) – Self-Arm function disable/enable Used for controlling the contactless auto read function temporarily.
Example Host Command Reader Response Example P ^ Note: 1. 2. 3. After an Arm to Read command is received and acknowledged the only valid commands that will be accepted for execution are: “Abort” and ‘$’ “Status”. Reader will NOT send out track data automatically; the host has to issue the ‘Q’, ‘R’, ‘S’ commands to get the corresponding track data. In the Self-Arm mode, it is not necessary to send this command. If this command is sent, it will temporarily override the Self-Arm mode. 4.2.3.
4.2.5. Q, R, S – Get Transmit Track Data Q (51H) Transmit Track 1 data R (52H) Transmit Track 2 data S (53H) Transmit Track 3 data Example Host Command Reader Response Example S +300=AABBCCDDEEFF1122=06011103900000=09861AA8=0003=A0800000=0000000000=0 000=121207=000000000000=0840=2000=0840=000000000000=000888=25=0000=303030 3030303030=303030303030303030303030303031=01=6000000001=======00=00000001 0000==2000========07=08? 4.2.6.
Command Data Command Type Data Description T1 6 bytes in numeric format, use once only. T2 2 bytes in binary format, decide which record to read; range from 0001h to 0186h. TB (Get Data) 2 bytes in binary format. Note: Record data of ‘T2’ command includes Transaction Date and Tracks data. UIC Bezel5 Programmer’s Manual Page.73/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
4.3. Configuration Command Description The configuration commands related to card brands transaction listed in this section only provide the usage which don't require to have EMV or any card brand certifications. Bezel5 has PayPass 3.0 supported, to process with EMV transaction flow, please use the EMV transaction operating commands (refer to Section 5 EMV Transaction Operating Command). The following are configuration commands executed in BLP format.
4.3.2. CKx – Enable/Disable User CA Key To enable/disable the user CA key (i.e. load by I command) Command Packet Byte 0~1 Byte 2 CK Parameters, see Table 4-26 Command Type Parameter Example (Hex) Description 00h 09h 00h 03h 43h 4Bh 00h 02h User CA Key 01h 09h 00h 03h 43h 4Bh 01h 03h Test CA key (default) Table 4-26. Public Key switch Table Note: 1. The host must send CK<00> to set user CA keys enabled if the new CA key is set via T03 command. Otherwise, the default test key is used.
CPx(43h 50h x) - PayPass Support 4.3.4. Command Packet Byte 0 ~ 1 Byte 2 CP Command Type, see Table 4-28 Command Type Parameter Example (Hex) Description 00h 09h 00h 03h 43h 50h 00h 19h MagStripe Only 01h 09h 00h 03h 43h 50h 01h 18h MChip Enable Table 4-28. Configure PayPass supporting mode CTx(43h 54h x) - Set Terminal/Transaction Type/Info 4.3.5.
DWx(44h 57h x) - Set Wait Amount mode 4.3.7. This command can only operate in Self-Arm mode. If the wait amount mode is enabled, transaction can only be enabled by reader receiving amount through T1 command. Command Packet Byte 0 ~ 1 Byte 2 DW Command Type, see Table 4-30 Command Type Parameter Length Description Example (Hex) D 1 Byte Disable 09h 00h 03h 44h 57h 44h 5Dh E 1 Byte Enable 09h 00h 03h 44h 57h 45h 5Ch Table 4-30.
Command Type Parameter Length Description Example (Hex) 00 1 Byte Output clear data 09h 00h 03h 45h 47h 00h 08h 01 1 Byte Output encrypted data 09h 00h 03h 45h 47h 01h 09h Table 4-32. Output Data Encryption Setup 4.3.10.
If SS/ES is enabled, each track data of magnetic stripe card that sent automatically in Self-Arm mode will be wrapped by the SS/ES character. Note: This command is only effective in Self-Arming mode. 4.3.12.
Command Type Parameter Length Description Example (Hex) 00 1 Byte All cards 09h 00h 04h 4Ch 42h 30h 00h 33h 02 1 Byte PayPass 09h 00h 04h 4Ch 42h 30h 02h 31h 03 1 Byte VISA 09h 00h 04h 4Ch 42h 30h 03h 30h 04 1 Byte AMEX 09h 00h 04h 4Ch 42h 30h 04h 37h 05 1 Byte Discover 09h 00h 04h 4Ch 42h 30h 05h 36h Table 4-36. Set Read Card Mode 4.3.14. LCx(4Ch 43h x) - LRC Enable/Disable If LRC is enabled, each track data sent automatically in self-arm mode will be followed by the LRC character.
Command Type (Mifare) Parameter Length Description Example (Hex) 0 1 Byte Disable Mifare Card 09h 00h 04h 4Dh 46h 31h 30h 07h 1 1 Byte Enable Mifare Card *Example set to Payment Card enabled 09h 00h 04h 4Dh 46h 31h 31h 06h Once MIFARE Auto-Polling is enabled, the reader will send out the following characters to the host if a MIFARE Card is detected.
4.3.17. PEx (50h 45h x) - Set Pass-Through Function Command Packet Byte 0 ~ 1 Byte 2 PE Command Type Command Type Parameter Length Description Example (Hex) 0 1 Byte Pass-Through Disabled 09h 00h 03h 50h 45h 30h 2Fh 1 1 Byte Pass-Through Enabled 09h 00h 03h 50h 45h 31h 2Eh 4.3.18.
4.3.20. SEx(53h 45h x) - Self-Arm Mode Data Envelope Enable/Disable Command Packet Byte 0 ~ 1 Byte 2 SE Command Type Command Type Parameter Length D 1 Byte Description Example (Hex) Disable. The data is not wrapped in the current protocol envelope (default) 09h 00h 03h 53h 45h 44h 58h Enable. The data is wrapped in the current protocol 09h 00h 03h 53h 45h 45h 59h envelope * In the self-arm mode, the default is not to send any protocol information with the magnetic stripe card data. E 1 Byte 4.
Command Type Parameter Length Description Example (Hex) 00h 1 Byte Disabled 09h 00h 03h 54h 4Dh 00h 13h 01h 1 Byte Enabled 09h 00h 03h 54h 4Dh 01h 12h 4.3.23. TOx(54h 4Fh x) - Set Transmitting Data Output Format Command Packet Byte 0 ~ 1 Byte 2 TO Command Type Command Type Parameter Length Description Example (Hex) 0 1 Byte Protocol 0 09h 00h 03h 54h 4Fh 30h 21h 2 1 Byte Protocol 2 09h 00h 03h 54h 4Fh 32h 23h 4.3.24.
Command Type Parameter Length Description Example (Hex) 0 1 Byte Default 09h 00h 08h 55h 54h 30h 00h 00h 00h 00h 00h 30h 1 1 Byte Denial 09h 00h 08h 55h 54h 31h 00h 00h 00h 00h 00h 31h 2 1 Byte Online 09h 00h 08h 55h 54h 32h 00h 00h 00h 00h 00h 32h Table 4-40. Set TAC Table (for PayPass Only) 4.3.26.
Example Parameter Length Description Example (Hex) 31h 30h 30h 30h 30h 30h 6 Bytes Amount=$313,030,303,030 09h 00h 08h 56h 4Ch 31h 30h 30h 30h 30h 30h 1Ah *CVM Required Limit value is fixed at 6 bytes and data format is numeric. UIC Bezel5 Programmer’s Manual Page.86/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
4.4. Contactless Operation Commands Description 4.4.1. G (47H) – ISO 14443 Type Protocol Select Select which manual command to be operated – ISO 14443 Type A or B. Command Packet Byte 0 Byte 1 Command Type G 0 Command Type Type Description 0 (30h, ASCII Hex) ISO 14443 Type A 4 (34h, ASCII Hex) ISO 14443 Type B Note: The default contactless smart card type is Type A after power up. Example Host Command Reader Response Example G0 ^ 4.4.2.
4.4.3. o (6FH) – Antenna power OFF To Turns off the antenna power Example Host Command Reader Response Example o ^ Note: If the reader is in Self-Arm mode. The antenna power cannot be turned off by manual command setting. 4.4.4. b (62H) – Request The ‘Request’ command. Command Packet - ISO 14443 type A Byte 0 Byte 1 Command Req command b 52 The request command code is ISO 14443 type A. It can be either 26(REQA) or 52(WUPA).
Success Response Data Format Message Type Description ATQA 2 bytes, type A, Binary Hex ATQB 16 bytes, type B, Binary Hex Note: If reader response ‘*’ = No card response or No power on the antenna 4.4.5. c (63H) – Anti-collision(type A)/Slot-MARKER(type B) In type A mode, reader sends the ANTICOLLISION command to the card. In type B mode, reader sends the Slot-MARKER command to the card.
4.4.7. g (67H) – MIFARE Classic Card Authentication An authentication command has to be carried out before any operation in order to allow further commands. Command Packet Byte 0 Byte 1-3 Byte 4 Byte 5 Command Block number Key number Key type g 001 0 A Byte 0 Byte 1-3 Byte 4 Byte 5-16 Command Block number Key Type Key g 001 A FFFFFFFFFFFF Or Authenticate the card with the key stored in EEPROM.
Command Packet Byte 0 Byte 1-3 Command Block number h 001 Block Number – 2 Types Block Number Type Data Format 000 to 255 30h30h30h to 32h35h35h, ASCII Hex B<00><00> to B<00> 42h00h00h to 42h00hFFh, ASCII Hex Example Host Command Reader Response Example h001 1111111111111111 Response Block data (16 bytes, Binary Hex) 4.4.9. i (69H) – MIFARE Classic Card Write Block(Supports MIFARE Ultralight) MIFARE Classic card write command.
Example Host Command Reader Response Example i0011234123412341234 ^ 4.4.10. t (74H) – MIFARE Classic Card Value Operation Value Block Operation commands.
Host Command Reader Response Example ^ t00100001 ^ t00110001 ^ t00130001002 ^ 4.4.11. W (57H) – ISO 14443A Detection To detect the ISO 14443A cards Response ‘M’ if detects an ISO 14443A card. 4.4.12. X (58H) – MIFARE Classic Card Activation (Supports MIFARE Ultralight) Performs the request/anti-collision/select commands to activate the card It is also can be used for any ISO 14443 compatible cards.
Block Number – 2 Types Block Number Type Data Format 000 to 255 30h30h30h to 32h35h35h, ASCII Hex B<00><00> to B<00> 42h00h00h to 42h00hFFh, ASCII Hex Note: For MIFARE Classic 4K, sectors 0~31 contains 4 blocks each and sectors 32~39 contains 16 blocks each. Response Sector data (64/256 bytes, depending on the card) if command executed successfully 4.4.14. v (76H) – MIFARE Classic Card Write Sector MIFARE Classic card write sector command.
Command Packet Byte 0 Byte 1 Byte 2~13 Command Key number Key data Key Information Field Data Format Key number 0 to 4 (or 30h to 34h, ASCII Hex) Key data 0 to 9 or A to F( or 30h to 39h or 41h to 46h, ASCII Hex) 4.4.17. F (58H) – Identify MIFARE Card Type To reports the MIFARE Card type. It also can be used for any ISO 14443A compatible cards.
4.4.19. Z (5AH) – I/O to contactless CPU card with APDU format The command is used to pass an APDU to the card where both data and an ISO status are expected in the response. Command Packet Byte 0 Byte 1~ (262 Bytes max) Command APDU (Binary hex(00h to FFh)) If successful, the data from the ICC and the two bytes SW1/SW2 ISO 7816-4 response are returned. If unsuccessful, reader transmits '*'.
5. EMV Transaction Operating Command In order to process EMV transactions, the reader must be initialized properly according to the transactions it has to support. Known as EMV application configuration, the controller needs to configure the reader with the necessary application data. All of the application data is stored in the nonvolatile memory of the reader and is set once before the reader is deployed to the field site.
5.1. Configuration Commands The following are configuration commands executed in BLP format BLP Protocol – RS232 Interface Byte 1 Byte 2,3 Byte 4+n Byte 5+n 09h Command Len Command/Data(n bytes) BCC Response Code Response Meaning ^ Acknowledgement * Cannot execute (e.g. out of range) ! Bad parameter (e.g. incorrect length) 5.1.1. T01 (54H, 30H, 31H) – Terminal Configuration Setup The EMV application uses this command to send the Terminal Configuration Data to the reader.
Note: 1. The reader will reject the command if the data is in non-TLV format and with invalid coding. 2. For all the unknown tags or tags with incorrect values, it will be ignored by the reader. 3. For the duplicate tags, the reader always overwrites the earlier tag value by the latter tag. 4. The reader accepts partial data update of TLV data. 5. See appendix A for the terminal default value.
5.1.3. T15 (54H, 31H, 35H) – Contactless Application Configuration Setup The EMV application uses this command to send one set of EMV application configuration data to the reader. T15 command is acceptable by the reader up to a maximum of 1K bytes for one application. A total of 11 applications can be stored. The command will be rejected if it goes beyond the max number of the application configurations. Please use the T1B command to delete the unnecessary application configuration.
Tag Data Object Name Format Length (Byte) FFFF8203 Terminal Action Code (Denial) b 5 FFFF8204 Terminal Entry Capability (VISA) b 1 FFFF8205 Time-Out Value b 4 FFFF8206 Retry Counter for Wait Online Response (DPAS) b 1 FFFF8207 Time-Out for Wait Online Response b 4 FFFF8208 Transaction Info b 1 FFFF8209 Default TDOL b n FFFF820A Default PDOL b n FFFF8210 Paypass Phone Message Table b n FFFF8211 Certification Revocation List b n FFFF8212 Paypass Signal Out b n F
Example - Update 9F66 of VISA AID (A0 00 00 00 03 10 10) in the group tags: Host Command <09><00><17>T15<9F><06><07><00><00><00><03><10><10><9C><01> <00><9F>f<04><80><00><00><00><93> Reader Response Example ^ 5.1.4. T19 (54H, 31H, 39H) – EMV Contactless Configuration Data Query To retrieve the group ID of the EMV application or the CA public key stored in the rerader.
Host Command Reader Response Example A0000000031010<1C>A0000000999090<1C>A0000000032010<1C>A00000 00041010<1C>A0000000043060<1C>B012345678<1C>A00000002501<1C> A0000003241010<1C>A0000001523010 <09><00><13>T193A0000000031010<0 <9F><06><07><00><00><00><03><10><10><9C><01><00>< 0><07> 80><02><01><01><80><03><01><03><80><04><01><01 ><80><05><01><01><9F><1B><04><00><00>’<10><81> <01><06><00><00><00><10><00><00><81><02><06><00><00>< 00>P<00><00><81><03>
5.1.6. T0C (54H, 30H, 43H) –Configuration Version/Checksum To retrieve the checksum/version of the EMV application or the CA public key stored in the reader. Command Packet Byte 1,2,3 Byte 4 Byte 5 T0C Mode, see Table 5-5 Options, see Table 5-6 Mode Parameter Description 31h Terminal data checksum request. 32h EMV Contactless application data checksum request. 33h Public key data checksum request. Table 5-5.
5.1.7. T1C (54H, 31H, 43H) –Terminal and Application List Default Setting To restore the default terminal and application data in the reader (For testing only) Command Packet Byte 1~3 T1C Example Host Command Reader Response Example T1C ^ 1. 2. This command will take 15 ~ 20 seconds to update EEPROM. Note 2: Be careful to use this command because the previous data will be changed permanently.
Visa Application Identifier Tag Length Value Description 9F06 07 A0000000031010 AID Visa 9C 01 00 Transaction Type FFFF8002 01 01 ASI DF810C 01 03 Kernel ID FFFF800F 01 00 Dynamic Reader Limits Enable FFFF8007 01 01 Status Check(Signal Unit Enable) FFFF8005 01 01 Zero allow FFFF8008 01 01 Select Amount Option 1/2 FFFF8004 01 01 Disable Contactless Transaction Limit DF8124 06 000000003000 Reader Contactless Transaction Limit FFFF8009 01 01 CVM Required Limit Che
Tag Length Value Description FFFF8007 01 01 Sign Unit Check FFFF8009 01 01 CVM Require Limit Check Enable FFFF8010 01 00 Extended Selection Support flag FFFF8208 01 40 Transaction Info 5F57 00 N/A Account Type 9F01 00 N/A Acquirer Identifier 9F40 05 0000000000 9F09 02 0002 DF8117 01 00 Card Data Input Capability DF8118 01 60 CVM Capability-CVM Required DF8119 01 08 CVM Capability-No CVM Required DF811A 03 9F6A04 DF8130 00 N/A Hold Time Value DF811B 01 2
MaestroCard Application Identifier Tag Length Value 9F06 07 A0000000043060 AID MaestroCard 9C 01 00 Transaction Type FFFF8002 01 01 Application Selection Identifier FFFF8004 01 01 Disable Contactless Transaction Limit FFFF8005 01 01 Zero allow FFFF8007 01 01 Sign Unit Check FFFF8009 01 01 CVM Require Limit Check Enable FFFF8010 01 00 Extended Selection Support flag FFFF8208 01 40 Transaction Info 5F57 00 N/A Account Type 9F01 00 N/A Acquirer Identifier 9F40 05
Tag Length Value Description DF8121 05 0000000000 Terminal Action Code-Denial DF8122 05 0000000000 Terminal Action Code-Online 9F33 00 N/A Terminal Capabilities 9F35 01 22 Terminal Type FFFF8026 01 01 Transaction Type Check 5F36 01 02 Transaction Currency Exponent Table 5-10.
Discover Zip Application Identifier Tag Length Value Description 9F06 07 A0000003241010 AID Discover Zip 9C 01 00 Transaction Type FFFF8002 01 01 Application Selection Identifier DF810C 01 05 Kernel ID FFFF8004 01 01 Disable Contactless Transaction Limit FFFF8005 01 01 Zero allow FFFF8007 01 01 Sign Unit Check FFFF8009 01 01 CVM Require Limit Check Enable FFFF8010 01 00 Extended Selection Support flag FFFF8208 01 40 Transaction Info 5F57 00 N/A Account Type 9F
Tag Length Value Description 9F40 05 0000000000 9F5E 02 E000 9F58 01 03 9F59 03 D84000 9F5A 01 00 9F5D 06 000000005000 Terminal Contactless Receipt Required limit DF2A 01 000000000600 Threshold Value for Biased Random Selection DF2B 01 00 Maximum Target Percentage for Biased Random Selection DF2C 01 63 Target Percentage for Random Selection DF810C 01 06 Kernel ID DF8120 05 0000000000 Terminal Action Code-Default DF8121 05 0000000000 Terminal Action Code-Denial
5.2. General Command The general command of the reader is for daily transaction purpose. Depending on the reader set for which protocol, the command can be sent by using one of the following protocols: USI0, or USI2 (default). USI0 – the simplest data format without the header, the trailer or the BCC. The reader relies on a 100ms timeout to determine that a command is received.
Default Display picture of Interface Priority In EMV mode, the display will be empty in the idle mode. After the Host sends the Activate Contactless Reading command to Bezel5, the display will show the picture according to the parameter set in the Interface Priority field. Parameter Description 01 RFID & Magstripe 02 RFID 03 Magstripe Display Note: The pictures in this table are reference only. For the real position of the signs please refer to the physical unit. Table 5-15.
Note: 1. 2. 3. 4. 5. The reader will reject the command if the data is non-TLV format or with invalid coding. For the unknown tags or tags with incorrect values, it will be ignored by the reader. For the duplicate tags, the reader always overwrites the earlier tag value by the latter tag. The reader accepts partial data update TLV data. If "Transaction Date" and "Transaction Time" was not set in C8 command, the reader will proceed to the transaction by using RTC time (set by command "54" and "55"). 5.2.2.
Value 11 12 Description Contactless Magstripe Card executing (Wait for the card (either contactless or contact) to be completely removed from reading area or card slot.) v v Try Again v nd 20 2 Tap v 33 Switch to Other Interface. (Contactless Used) v 37 Multiple Card v 39 Terminated. (Contactless Used) v 86 Empty candidate list, try other interface v 8C Authentication error, try other interface v Table 5-17.
Fields Description Value Length (Byte) Description ‘|’ 1 Field separator. DUKPT SN/Counter 20 DUKPT Key serial number, DUKPT Key using for data encryption can be recognized by this serial number. SID 16 Encrypted Session ID. Table 5-19. Field Description of Contactless Transaction Data Magstripe card read successful, Error code = 00 (successful) and POS Entry = 04 Clear Data CARD- | Encrypted Data TK1 | TK2 | Clear Data TK3 | DUKPT SN/Counter | SID Table 5-20.
6. Authentication and Card Data Encryption ??? Question: Is this applicable to Bezel5 only? Does it apply to Bezel5? The Bezel5 can be configured as a secure reader to protect the card holder’s privacy. Once the Bezel5 enters into the secure reader mode, the output card data is encrypted. And the administration commands for changing the status or settings of the reader need to be authenticated. 6.1.
wants to disable the encryption function. The RSA key length is 2048-bits. TDES will use the double length key and AES will use 128 bits if it is selected. 6.2.
6.3. Operation Flow Creation The reader is in the UIC factory to preload the encryption key. UIC Factory Operation Administration The system integrator updates the key and load the session ID. Field Site/ Operation – General Operation The merchant operates the reader System Integator Terminated The key generation reaches the end, no more card reading operation at the reader UIC Factory/ System Integrator Re-inject the key Figure 6-1. Data Security Operation Flow 6.4.
Authentication involved entities: 1. 2. 3. 4. 5. 6. The claimant = the host application The verifier = the reader TEXT = the command/or key data to be sent from the host to the reader PrivA = The RSA private key at the host application PubA = The RSA public key at the reader TDES/RSA […] = Data encrypted either by RSA or Triple DES The authentication process proceeds as follows: 1. The claimant makes an authentication request to the verifier. 2.
6.5. Double DUKPT In order to support 2 million times of card reading, the Double DUKPT (D-DUKPT) solution is being used in the Bezel5 reader. There are two DUKPT key slots available inside the reader. They can be combined in different modes to fit the user application for achieving the 2 million times of operations. In this way it can extend the life cycle of the reader without the need to return the reader to the factory for key re-injection.
reader will get the key from slot 2. If both key slots are inactive and the data encryption is enabled, the reader is in the terminated state then no data output is available. 6.5.1. Auto Rollover 1: key generation Figure 6-2. Auto Rollover 1: Key Generation UIC Bezel5 Programmer’s Manual Page.122/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
6.5.2. Auto Rollover 2: key generation 1M iteration 1M iteration Terminated Slot 1 Slot 2 Slot 1 and 2 can have different initial key and KSN Key Injection Key Injection Figure 6-3. Auto Rollover 2: Key Generation UIC Bezel5 Programmer’s Manual Page.123/166 UDN PM098 Rev. 1.0 Copyright © 2013, Uniform Industrial Corp.
6.6. Track Output format (Self-Arm) The encrypted data output varies according to the encryption mode and the interface type of the reader. The card data can be encrypted with one of the following three modes: 1. DUKPT TDES 2. DUKPT AES 3. RSA The following two interface groups will give totally different output formats of the encrypted card data: 1. RS232/USB Virtual COM 2. HID MSR They are described in the following sections. 6.6.1.
EXAMPLE 3|ZBJPirNzGDqKfOZ9Iar1MB12qQo+Sm4NJZZi5RVyEZ30O0qh1sc4Cq+IctcOQdNLNLlJEAx9bM/O59dV60v4upM5V7hpe ROaQQCu1H2OQfvz/lEwqgpWEWySTqjWg/w/hh8c2yqT8ZZrWvJjddx0+tJCRpmtLZbmaYdFH7AvCdUQobEpamNnltg1vb XoZ2OXYAIt9Wps3E6M4ogsoI0wDI87TYXgUXDl3Onz1Tjz+dnXYtoet/lKp4++n8B8MEm/U4wHfmxgjzNwl/HM/ZxhSH5IwL rOJh/vhTN/SyWZ4jqr/+qUxTLmcITyOtKli3X6+2m5443p5nyQ6GTwsWbrxg==|vZ/M4tMk+1SY8Lyjy7UGzVBO0rOTYZZDY WMMnnS+c8cEO0kHbnz26j3wbyWkI/rZoq07VTeviCenqFU79QFs/s8ZLGRugWLa6jzJW4rqjB4UT2zlQBtQPtMZ2hVjBi+M XYg3T9Wwfaj5aa0COTMMhrPH
Low Nibble 0 ISO/ABA:ISO/ABA encode format for all contactless payments High Nibble Bit 7, 6, 5 – payment instrument status 000 – No payment solution is available or its traditional magistrate card data 001 – Track of Google payment MID available in track 1 and 2 010 – PayPass Magstripe & Mchip available in track 1, 2 and 3 011 – Visa MSD & qVSDC available in track 1, 2 and 3 100 – Amex available in track 1 and 2 101 – Discover ZIP available in track 1 and 2 111 – Other contactless payment solution (res
6.7. Administration Commands 6.7.1. 90H 02H – Load Session ID This command is used to load 8 bytes Session ID to device. Command Pocket Byte 0~1 Byte 2~9 Byte 10~17 Command Encrypted Random Encrypted Session ID 90h 02h Issue 90h 03h command to get random For creating new keys 6.7.2. 90H 03H – Get KSN & Encrypted Random This command is used to get the DUKPT Key Serial Number and encrypted random number.
Command Pocket Byte 0~1 Byte 2 Command, 90h 04h Data Command Data Data Description 01h Select key slot 1 02h Select key slot 2 Response Code Response 6.7.4. Meaning ^ Acknowledgement * Cannot execute (e.g. out of range) ! Bad parameter (e.g. incorrect length) 90H 05H – Select DUKPT Management Mode This command is used to select DUKPT Management Mode of device.
6.7.5. 90H 06H – DUKPT Key Iteration Test This message is designed to do DUKPT key iteration test. The reader will return 71 assuming a PIN of ‘1234’ and pack the data in ANSI X9.8 PIN block format. This command can be used to verify the key being loaded properly or not.
Code Meaning ‘B’ Flash read/write error. ‘C’ Memory buffer allocation error. ‘F’ DUKPT operation limit (1 million) reached, program stop. Example Parameter Initial Key “554E49464F524D5F44454641554C5421” Account number “1234567890” Usage Send command "<90><06>1234567890<1C>D4567" Gets PIN Block "710554943303030310003E32FF2D3C47BF9F87E" Find out current key by using of initial key and serial number/counter.
Response element Encrypt Mode Code Meaning 00 Not Encrypted 01 DUKPT Mode 02 AES Mode 03 RSA Mode DUKPT Key Slot Code Meaning 00 Key Slot 1 01 Key Slot 2 DUKPT Management Mode Code Meaning 00 Mode 1 01 Mode 2 DUKPT Key Slot 1 Status Code Meaning 00 DUKPT Key Empty 01 DUKPT Key Active 02 DUKPT Key Terminated DUKPT Key Slot 2 Status Code Meaning 00 DUKPT Key Empty 01 DUKPT Key Active 02 DUKPT Key Terminated UIC Bezel5 Programmer’s Manual Page.131/166 UDN PM098 Rev. 1.
6.7.7. 90H 10H – Get Challenge This command is used to get challenge from the reader. Command Pocket Byte 0~1 Command, 90h 10h RSA Encrypted Response Response Byte n Byte 0~15 +n Success Padding Data See Table 6-4 Random Byte 16~35 +n SHA1 (Padding + Random + Exp Len + Exp + Modules Length + Modules) The return length is upon RSA key length. Bad Parameters * Padding Frame Byte 0~1 Byte 2+n Byte 3+n 00h 02h Var. 00h Table 6-4. Get Challenge Padding Frame 6.7.8.
Data Byte Field Name 19~20 +n Key Length 21~28 +n Key Data 29~48 +n SHA1 Length 2 Bytes 8~16 Bytes 20 Bytes Notes 2 bytes in binary format Initial DUKPT Key, must be 8 or 16 bytes Padding + Random + Encrypt Mode + Key Slot + Key Length + Key Data Padding Frame Byte 0~1 Byte 2+n Byte 3+n 00h 01h Var. 00h Table 6-5. Load Initial Key Padding Frame Encrypt Mode Code Meaning 01 DUKPT Mode 02 Google Wallet merchant symmetry key Table 6-6.
Data Byte 17+n Field Name Length Encrypt Mode 18~37+n Notes 1 Byte SHA1 See Table 6-9 20 Bytes Padding + Random + Encrypt Mode Padding Frame Byte 0~1 Byte 2+n Byte 3+n 00h 01h Var. 00h Table 6-8. Padding Frame of Change Encrypt Mode for Data Output Format Encrypt Mode Code Meaning 30h None Encrypted Mode 31h DUKPT TDES Mode 32h DUKPT AES Mode 33h RSA Mode Table 6-9. Encrypt Mode of Data Output Format UIC Bezel5 Programmer’s Manual Page.134/166 UDN PM098 Rev. 1.
6.8. Load Session ID USAGE: 1. Issue the 90h 03h command to get encrypted random number. 2. Decrypt “Encrypted Random” using the current key and gets “Random”. 3. Generate an encryption key by XORing current key and “Random”. 4. Use encryption key to encrypt [(Random) + (New Session ID)]. Put the result into the 90h 02h command packet.
6.9. Load DUKPT Key USAGE: 1. 2. 3. 4. 5. Issue the 90h 10h command to get the encrypted challenge data. Decrypt the “Encrypted Challenge” by using the “RSA Private Key” and then get the “Random”. Use the command format data to get the SHA 1(20 bytes). Use the “RSA Private Key” to encrypt the command format data. Put the result into the 90h 11h command packet.
10h command result A012B908F3D8A646246F70236FAACE67FCF638E75E7EBFAD71D52405EAC4F04D9530BDA C54D97BB37C9BF229D2F18F140AB071BC7C144F9255947A5C55DFF8B1A465621E64447C A6AA5D50876F2B22CCEC68EF629AAE7AD78CA9D3D3BC1A72E92FDDACFFC4A347240ED9 FDF245AE0D3545D2249553DD5A4758D58A44E642736B60E6D5B4C2A940C194F4109F458 C9D2636535EC63A82A1" gets clear format “000213128446848055107333536843043063130225127201117370049836628096318451 1345200232425145528526184503136810365209537777444951615531096409926153192 2782409A52271033
6.10. Load Google Wallet Merchant Symmetry Key USAGE: 1. 2. 3. 4. 5. Issue the 90h 10h command to get the encrypted challenge data. Decrypt the “Encrypted Challenge” using the the “RSA Private Key” and then get the “Random”. Use the command format data to get the SHA 1(20 bytes). Use the “RSA Private Key” to encrypt the command format data. Put the result into the 90h 11h command packet.
format 5246048350230716256119815505945234153193597310555761037509143415560395999 1042127044404248709333974621853650201647513489037542275934139063120931881 3020127526814474630130205503555125012019698125060363012279079380506308573 9007284558CF716CA567844661192AD23C99DEE8B5255D018714140BFE60D122467ECF17 5A7” Random data “7284558CF716CA567844661192AD23C9” Complement the data 7 length “0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
6.11. Load Authentication RSA Key USAGE: 1. 2. 3. 4. 5. Issue the 90h 10h command to get the encrypted challenge data. Decrypt the “Encrypted Challenge” using the “RSA Private Key” and then get the “Random”. Use the command format data to get the SHA 1(20 bytes). Use the “RSA Private Key” to encrypt the command format data. Put the result into the “I2” command packet.
C923CB0FEF00EC2A9BE648E952AFB7502733D11EBA0CE4D3642EDAC412F58773AA793C9 784BACD3068A8CF76CC65175001AE879E78F437D67051CE604839C3BA4177407B353FEB0 887A3FFC2A47940" 8 Using the RSA Private key to decrypt challenge data then gets clear format “000290503282591385508221843391503270417040350361787725870210458535565343 46428212305541795712283982062056A5103685107835553812620610084709515281116 0037930080451625357213530957558147293393101182408247185240470195245305292 294510361970931605044744353414A50813018473203320
Base on Private Key Length – 2 bytes, add 2 bytes of Head (6A) and End (BC) to each package.
6.12. Change Encrypt Mode for Data Output Format USAGE 1. 2. 3. 4. 5. Issue the 90h 10h command to get the encrypted challenge data. Decrypt the “Encrypted Challenge” using the the “RSA Private Key” and then get the “Random”. Use the command format data to get the SHA 1 (20 bytes). Use the “RSA Private Key” to encrypt the command format data. Put the result into the 90h 12h command packet.
data then gets clear format 2261382065027843430440595310358901384310502624329203409175009185065590105 7752232055503031414823180337450550305385945111913229101984324536531003011 5167151413692235302595123933765030701823657750310331305823732689042341455 1257281483427422206143305936656063250116625831111935366452330928410225178 5000591231B27E3E125BE4B88B68D451A2EEB5A5734ECB97987B0C26873D84F13CA52267 898” Random data “0591231B27E3E125BE4B88B68D451A2E” Complement the data length9 “0001FFFFFFFFFFFFFFFFFFFFFFFFF
7. Google Wallet Google Wallet is an application utilizing the mobile phone as the payment instrument. It provides several services in one wallet including payments, offers and rewards. The general working scenario is just to have the user to tap the phone at the Bezel5 reader. By passing all necessary information to the host application, the user can purchase the goods to earn the loyalty points, get the discount price or pay by the gift card.
CASE 4: • Card contains no active payment instrument in PPSE and no active payment instrument in Mifare. • VAID containing payment MID is not present in PPSE Output: Tag FFFF820E, if any. Track 1~3, Tag FFFF820E Information Track # Description SS/ES Data 1 PayPass/payWave/Amex/Discover ZIP/Google Wallet Payment %/? Emulate magnetic stripe track 1: PAN, Card holder name, Expiration Date, Track 1 Discretionary Data.
7.2. Configuration Option In order to integrate the Google Wallet with other payment schemes, Bezel5 provides the following selectable configurations. Mode Description Google application deactivated Google application (and Mifare functionality) is deactivated Mifare First (default) Google application (and Mifare functionality) is activated and Mifare is read first Select PPSE First Google application (and Mifare functionality) is activated and Select PPSE is done first Table 7-2.
7.3. Tag FFFF820E Data Format Tag FFFF820E data format is reserved for Google Wallet application only (Tag FFFF820E data format is being used for Google Wallet application). This data can be represented in ASCII-HEX values. If the data is in ASCII, it is embraced by […]. The data begins with start sentinel “$” and ends with end sentinel “?”.
Data/Tag 2002 Description Data Object Format (Bytes) App 2 Schema-code 2 bytes C5 App 2 tag 1 byte 04 Length of all records for App 2 1~3 byte Data of all records for App 2 var bytes CB02 [CB][02] 2 bytes 4002 App 3 Schema-code 2 bytes D1 App 3 tag 1 byte 07 Length of all records for App 3 1~3 byte Data of all records for App 3 var bytes End Sentinel 1 byte 12340001 12FF34FF056789 ? Table 7-4.
7.4. Google Wallet Merchant Key Update The Google Wallet merchant key is protected by a pre-loaded injection key by using TDES crypto algorithm. Since the key is always encrypted, the authentication is not required. The reader will use the SHA1 value for verification purpose.
7.5. Google Wallet Commands 7.5.1. D (44H) – Google Card Operation The command is used to operate Google card. Command Packet Byte 0 Byte 1 Byte 2+n D (44h) Command Type Data, (Optional) Command Type Command Description 03h Read transmission log 04h Clear transmission log 07h Load Google wallet MIFARE secret key 08h Get SHA1 value of MIFARE key 09h Get Google Polling Mode 0Ah Get SHA1 value of All Encrypt MIFARE key Table 7-5.
Host Command Reader Response Example Comment <02><01><30><30><30><30><30><30><30><30> <12><01><00><5A><02><01><00><30><31> <00><00><00><97><12><01><00><5A><02><01> <00><30><31><00><00><00><97><12><01><00> Transmission log of the card (40 bytes) OR D<03> Read transmission log * (2Ah) Card not detected D<04> (44H 04H) - Clear transmission log Example Host Command Reader Response Example Comment The Google Wallet card on top of the card reader Do not remove H0
D<07> (44H 07H) – Load Google wallet MIFARE secret key Command Packet Byte 0-1 Byte 2 Byte 3~ Command Total Encrypt length Encrypt data D<07> <38> 3FAF3B31B3DDDBA6964DF8BBB81A3F828BEF5FAEED91B5B2856E44E4 E0C30ED930502694CD20EE81E43B0846FDC8DD7924B7A04BA6248C5E Example Keys Symmetry Key 112233445566778899AABBCCDDEEFF11 Secret Key MID 1 20E103626A70A92B3AD3FDE04429C3B6 0000 2 642DDA067A4A1725C6F3B22F51E607EE FFFE 3 7A244D16EAB80D7CBB5329E0653A09CD F010 Load MIFARE Key Get clear text data
D<08> (44H 08H) –Get SHA1 value of MIFARE key Command Packet Byte 0-1 Byte 2 Command Key Index D<08> 1 (31h) ~ 8 (38h) Example Keys Symmetry Key 112233445566778899AABBCCDDEEFF11 Secret Key MID 1 20E103626A70A92B3AD3FDE04429C3B6 0000 2 642DDA067A4A1725C6F3B22F51E607EE FFFE 3 7A244D16EAB80D7CBB5329E0653A09CD F010 Load MIFARE Key Get clear text data 36||20E103626A70A92B3AD3FDE04429C3B60000642DDA067A4A1725C6F3B 22F51E607EEFFFE7A244D16EAB80D7CBB5329E0653A09CDF010||80 Encrypt the clear text dat
Example Host Command Reader Response Example Comment <12><5A><6E><5C><3A><17><41 ><72><3F><3F><0E><6C><30> SHA1 (20 bytes) Empty (20 bytes) D<08>1 D<09> (44H 09H) –Get Google Polling Mode Example Host Command Reader Response Example Comment 0 (30h) Google Polling Disable 1 (31h) PPSE First 2 (32h) MIFARE First * (2Ah) Bad parameters D<09> D<0A> (44H 0AH) –Get SHA1 value of All En
Load MIFARE Key Get clear text data 36||20E103626A70A92B3AD3FDE04429C3B60000642DDA067A4A1725C6F3B 22F51E607EEFFFE7A244D16EAB80D7CBB5329E0653A09CDF010||80 Encrypt the clear text data by the symmetry Key doing TDES Encrypt Clear Data 3FAF3B31B3DDDBA6964DF8BBB81A3F828BEF5FAEED91B5B2856E44E4E0C30 ED930502694CD20EE81E43B0846FDC8DD7924B7A04BA6248C5E Total Encrypt Data Length = 38h Send the command to the reader D<07>383FAF3B31B3DDDBA6964DF8BBB81A3F828BEF5FAEED91B5B2856E44 E4E0C30ED930502694CD20EE81E43B0846FD
8. ISIS Wallet ISIS Wallet is proposed by the wireless service providers, AT&T Mobility, T-Mobile USA, and Verizon Wireless that mainly target at the payment solutions. The payment application name is called the Sizzle Apps which runs on the phone to manage the payment information, loyalty data or the coupon offer. The reader plays the role to gather all transaction data from the Sizzle Apps and pass it to the POS applications.
8.1. Track Output Concept Bezel5 is designed to eliminate the burdens of the communication between the reader and the host application. When the user taps the phone, the reader gathers all the data within the track format and output to the host just in one time. It does not require the application to send any command to get the card data.
8.2. Configuration Option There are some configuration settings to be done before the unit is deployed to the field Mode Description Wallet application deactivated ISIS wallet is deactivated Mifare First (default) Google application (and Mifare functionality) is activated and Mifare is read first ISIS Wallet ISIS wallet is activated*. The operation PPSE or Sizzle AID is determined by TERMINAL_STARTUP_MODE. And the host can choose for ‘ISIS only’, or ‘ISIS with the payment in MERCHANT_CAPABILITIES’.
Empty Tag Format Byte 0 Byte 1~4 Byte 5 [#], Start sentinel 0000 [?], End sentinel The empty track has two different meanings 1. It may indicate the user taps the ISIS wallet phone for the payment but there is no ISIS wallet data. Usually, it comes after track 1 & 2 payment card data. 2. It may indicate the POST TRANSACTION command is sent to the ISIS wallet phone successfully.
Data/Tag Data Object Format (Bytes) Output in ASCII (Bytes) Description Xx Num of tags 01 to 99 xx Num of Loyalty If num = 00, DF41/ DF43 doesn’t present in track 4, If it exists, the number is LoyaltyID#x Xx Num of Offer If num = 00, DF51/ DF53/ DF55 doesn’t present in track 4 If it exists, the number is Offer_Type_Code#x = Field separator DF21 Customer ID = Field separator DF41 LoyaltyID #1 = Field separator DF43 Loyalty Account #1 = Field separator … … … DF41 LoyaltyID #x v
8.4. ISIS Commands Bezel5 supports the BLP command format and is mainly to update the EEPROM setting. In general, the factory or the system integrator uses the BLP protocol to configure the reader before deploying it to the field site. It can always be set back to a known state by the BLP protocol if the user doesn’t know the current setting of the reader. 8.4.1. Configuration Command Protocol The BLP protocol is used to store the configuration settings to the nonvolatile memory.
Load Merchant ID Command Data Format/Example ISM 09 00 0C 49 53 4D 08 11 22 33 44 55 66 77 01 5B Description Set Merchant ID, Ex: set 11 22 33 44 55 66 77 01 Get Merchant ID Command Data Format/Example Description ISm 09 00 03 49 53 6D 7D Get Merchant ID (Response) < Merchant ID, var bytes> 08 11 22 33 44 55 66 77 01 Returned Merchant ID, Ex: get 11 22 33 44 55 66 77 01 8.4.4.
Load Loyalty ID Command Data Format/Example ISL< Loyalty ID, var bytes> 09 00 0C 49 53 4C 08 11 22 33 44 55 66 77 01 5A Description Add Loyalty ID, Ex: set 11 22 33 44 55 66 77 01 Get Loyalty ID Command Data Format/Example Description ISl 09 00 03 49 53 6C 7C Get Loyalty ID (Response) < Loyalty ID, var bytes> 08 11 22 33 44 55 66 77 01 Returned Loyalty ID, Ex: get 11 22 33 44 55 66 77 01 Erase Loyalty ID Command Data Format/Example ISRL 09 00 04 49 53 52 4C 09 De
Erase OFFER_TYPE_CODES Command Data Format/Example ISRO 09 00 04 49 53 52 4F 0A Description Erase the last one in OFFER_TYPE_CODES list Important: MEI 4-in-1 Plus accepts multiple OFFER_TYPE_CODES. However, the new added OFFER_TYPE_CODES appended at the end of the list. The erase command will erase the last OFFER_TYPE_CODES from the list. 8.4.7. Load MERCHANT_CAPABILITIES To accept ISIS wallet only or not.
8.4.8. Load TERMINAL_STARTUP_MODE The Terminal Start mode will determine in the reader the mechanism to be used to start the SmarTap application on the NFC reader.
