Handheld PIN Pad Device with MSR/Contact/Contactless Programmer s Manual (COMMANDS)

Transcription

1 DynaPro Go Handheld PIN Pad Device with MSR/Contact/Contactless Programmer s Manual (COMMANDS) August 2018 Document Number: D REGISTERED TO ISO 9001:2015 MagTek I 1710 Apollo Court I Seal Beach, CA I Phone: (562) I Technical Support: (888)

2 Copyright MagTek, Inc. Printed in the United States of America INFORMATION IN THIS PUBLICATION IS SUBJECT TO CHANGE WITHOUT NOTICE AND MAY CONTAIN TECHNICAL INACCURACIES OR GRAPHICAL DISCREPANCIES. CHANGES OR IMPROVEMENTS MADE TO THIS PRODUCT WILL BE UPDATED IN THE NEXT PUBLICATION RELEASE. NO PART OF THIS DOCUMENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS, ELECTRONIC OR MECHANICAL, FOR ANY PURPOSE, WITHOUT THE EXPRESS WRITTEN PERMISSION OF MAGTEK, INC. MagTek is a registered trademark of MagTek, Inc. MagnePrint is a registered trademark of MagTek, Inc. Magensa is a trademark of MagTek, Inc. MagneSafe is a trademark of MagTek, Inc. DynaPro and DynaPro Mini, are trademarks of MagTek, Inc. IPAD is a trademark of MagTek, Inc. AAMVA is a trademark of AAMVA. American Express and EXPRESSPAY FROM AMERICAN EXPRESS are registered trademarks of American Express Marketing & Development Corp. Apple Pay is a registered trademark to Apple Inc. D-PAYMENT APPLICATION SPECIFICATION is a registered trademark to Discover Financial Services CORPORATION MasterCard is a registered trademark and PayPass and Tap & Go are trademarks of MasterCard International Incorporated. Visa and Visa paywave are registered trademarks of Visa International Service Association. ANSI, the ANSI logo, and numerous other identifiers containing "ANSI" are registered trademarks, service marks, and accreditation marks of the American National Standards Institute (ANSI). ISO is a registered trademark of the International Organization for Standardization. PCI Security Standards Council is a registered trademark of the PCI Security Standards Council, LLC. EMVCo and EMV are trademarks of EMVCo and its licensors. UL and the UL logo are trademarks of UL LLC. Microsoft, Windows and.net are registered trademarks of Microsoft Corporation. Some device icons courtesy of used under the Creative Commons Attribution- NoDerivs 3.0 license. All other system names and product names are the property of their respective owners. Page 2 of 212 (D )

3 Table Revisions Rev Number Date Notes 10 Oct 28, 2016 Engineering Prototype for BOM purposes (no attachments) 20 Aug 29, 2018 Initial release from master Rev 150 plus minor corrections Page 3 of 212 (D )

4 LIMITED WARRANTY MagTek warrants that the products sold pursuant to this Agreement will perform in accordance with MagTek s published specifications. This warranty shall be provided only for a period of one year from the date of the shipment of the product from MagTek (the Warranty Period ). This warranty shall apply only to the Buyer (the original purchaser, unless that entity resells the product as authorized by MagTek, in which event this warranty shall apply only to the first repurchaser). During the Warranty Period, should this product fail to conform to MagTek s specifications, MagTek will, at its option, repair or replace this product at no additional charge except as set forth below. Repair parts and replacement products will be furnished on an exchange basis and will be either reconditioned or new. All replaced parts and products become the property of MagTek. This limited warranty does not include service to repair damage to the product resulting from accident, disaster, unreasonable use, misuse, abuse, negligence, or modification of the product not authorized by MagTek. MagTek reserves the right to examine the alleged defective goods to determine whether the warranty is applicable. Without limiting the generality of the foregoing, MagTek specifically disclaims any liability or warranty for goods resold in other than MagTek s original packages, and for goods modified, altered, or treated without authorization by MagTek. Service may be obtained by delivering the product during the warranty period to MagTek (1710 Apollo Court, Seal Beach, CA 90740). If this product is delivered by mail or by an equivalent shipping carrier, the customer agrees to insure the product or assume the risk of loss or damage in transit, to prepay shipping charges to the warranty service location, and to use the original shipping container or equivalent. MagTek will return the product, prepaid, via a three (3) day shipping service. A Return Material Authorization ( RMA ) number must accompany all returns. Buyers may obtain an RMA number by contacting Technical Support at (888) EACH BUYER UNDERSTANDS THAT THIS MAGTEK PRODUCT IS OFFERED AS IS. MAGTEK MAKES NO OTHER WARRANTY, EXPRESS OR IMPLIED, AND MAGTEK DISCLAIMS ANY WARRANTY OF ANY OTHER KIND, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IF THIS PRODUCT DOES NOT CONFORM TO MAGTEK S SPECIFICATIONS, THE SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT AS PROVIDED ABOVE. MAGTEK S LIABILITY, IF ANY, SHALL IN NO EVENT EXCEED THE TOTAL AMOUNT PAID TO MAGTEK UNDER THIS AGREEMENT. IN NO EVENT WILL MAGTEK BE LIABLE TO THE BUYER FOR ANY DAMAGES, INCLUDING ANY LOST PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF, OR INABILITY TO USE, SUCH PRODUCT, EVEN IF MAGTEK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. Page 4 of 212 (D )

5 LIMITATION ON LIABILITY EXCEPT AS PROVIDED IN THE SECTIONS RELATING TO MAGTEK S LIMITED WARRANTY, MAGTEK S LIABILITY UNDER THIS AGREEMENT IS LIMITED TO THE CONTRACT PRICE OF THIS PRODUCT. MAGTEK MAKES NO OTHER WARRANTIES WITH RESPECT TO THE PRODUCT, EXPRESSED OR IMPLIED, EXCEPT AS MAY BE STATED IN THIS AGREEMENT, AND MAGTEK DISCLAIMS ANY IMPLIED WARRANTY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MAGTEK SHALL NOT BE LIABLE FOR CONTINGENT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES TO PERSONS OR PROPERTY. MAGTEK FURTHER LIMITS ITS LIABILITY OF ANY KIND WITH RESPECT TO THE PRODUCT, INCLUDING ANY NEGLIGENCE ON ITS PART, TO THE CONTRACT PRICE FOR THE GOODS. MAGTEK S SOLE LIABILITY AND BUYER S EXCLUSIVE REMEDIES ARE STATED IN THIS SECTION AND IN THE SECTION RELATING TO MAGTEK S LIMITED WARRANTY. Page 5 of 212 (D )

6 FCC INFORMATION This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/tv technician for help. Caution: Changes or modifications not expressly approved by MagTek could void the user s authority to operate this equipment. CANADIAN DECLARATION OF CONFORMITY This digital apparatus does not exceed the Class B limits for radio noise from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe B prescrites dans le Réglement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conformé à la norme NMB-003 du Canada. INDUSTRY CANADA (IC) RSS This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the following two conditions: (1) This device may not cause interference, and (2) This device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d'industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes: (1) L'appareil ne doit pas produire de brouillage, et (2) L'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement. CUR/UR This product is recognized per Underwriter Laboratories and Canadian Underwriter Laboratories Page 6 of 212 (D )

7 CE STANDARDS Testing for compliance with CE requirements was performed by an independent laboratory. The unit under test was found compliant with standards established for Class B devices. EU STATEMENT Hereby, MagTek Inc. declares that the radio equipment types Wideband Transmission System ( wireless) and Non-Specific Short Range Device (contactless) are in compliance with Directive 2014/53/EU. The full text of the EU declaration of conformity is available at the following internet address: AUSTRALIA / NEW ZEALAND STATEMENT Testing for compliance with AS/NZS standards was performed by a registered and accredited laboratory. The unit under test was found compliant with standards established under AS/NZS CISPR 32 (2013), AS/NZS 4268 Table 1, Row 59 DTS MHz SRD (802.11), and AS/NZS 4268 (2017) Table 1, Row MHz (contactless reader). UL/CSA This product is recognized per UL , 2nd Edition, (Information Technology Equipment - Safety - Part 1: General Requirements), CSA C22.2 No , 2nd Edition, (Information Technology Equipment - Safety - Part 1: General Requirements). ROHS STATEMENT When ordered as RoHS compliant, this product meets the Electrical and Electronic Equipment (EEE) Reduction of Hazardous Substances (RoHS) European Directive 2002/95/EC. The marking is clearly recognizable, either as written words like Pb-free, lead-free, or as another clear symbol ( ). PCI STATEMENT PCI Security Standards Council, LLC ( PCI SSC ) has approved this PIN Transaction Security Device to be in compliance with PCI SSC s PIN Security Requirements. When granted, PCI SSC approval is provided by PCI SSC to ensure certain security and operational characteristics important to the achievement of PCI SSC s goals, but PCI SSC approval does not under any circumstances include any endorsement or warranty regarding the functionality, quality or performance of any particular product or service. PCI SSC does not warrant any products or services provided by third parties. PCI SSC approval does not under any circumstances include or imply any product warranties from PCI SSC, including, without limitation, any implied warranties of merchantability, fitness for purpose, or non-infringement, all of which are expressly disclaimed by PCI SSC. All rights and remedies regarding products and services which have received PCI SSC approval shall be provided by the party providing such products or services, and not by PCI SSC. Page 7 of 212 (D )

8 1 - Table of Contents 1 Table of Contents Limited Warranty... 4 FCC Information... 6 Canadian Declaration Of Conformity... 6 Industry Canada (IC) RSS... 6 CUR/UR... 6 CE STANDARDS... 7 EU Statement... 7 Australia / New Zealand Statement... 7 UL/CSA... 7 RoHS STATEMENT... 7 PCI Statement Table of Contents Introduction About This Document About Terminology About Connection Types About Device Features About SDKs Connection Types How to Use USB Connections (USB Only) About Reports About the Report Descriptor How to Send Commands On the USB Connection How to Receive Data On the USB Connection How to Use Network Connections (Ethernet Only Wireless Only) How to Use Wireless Connections ( Wireless Only) How to Send Commands Using Network Connections How to Receive Data On the Wireless Connection Command Set About Big Block Data and TLV Format About Message Authentication Codes ( MAC-AMK or MAC-MSR ) General Commands Command 0x01 - Response ACK Command 0x02 - End Session Command 0x03 - Request Swipe Card Command 0x04 - Request PIN Entry Page 8 of 212 (D )

9 1 - Table of Contents Command 0x05 - Cancel Command Command 0x06 - Request Cardholder Selection Command 0x07 - Display Message Command 0x08 - Request Device Status Command 0x09 - Set / Get Device Configuration Command 0x0A - Request MSR Data Command 0x0B - Get Challenge Command 0x0C - Set Bitmap (Bitmaps Only) Command 0x0E - Get Information Command 0x0F - Login/Authenticate or Logout Command 0x10 - Send Big Block Data to Device Command 0x11 - Request Manual Card Entry Command 0x14 - Request Cardholder Data Entry Command 0x16 - Get Selected Menu Item Command (Handheld Operation Only) Command 0x17 - Update Device Command 0x1A - Request Device Information Command 0x1F - Request Clear Text Cardholder Data Entry (Clear Text User Data Only) Command 0x32 - Get BIN Whitelist Table - Non Financial Format Command 0x33 - Get BIN Whitelist Table - Financial Format (Financial Format Whitelist Only) Command 0x58 - Request Device Certificate Command 0xFF - Device Reset General Input Reports Report 0x20 - Device State Report Report 0x21 - Cardholder Data Entry Response Report Report 0x22 - Card Status Report Report 0x23 - Card Data Report (MAC-MSR) Report 0x24 - PIN Response Report Report 0x25 - Cardholder Selection Response Report Report 0x26 - Send Selected Menu Item (Handheld Operation Only) Report 0x27 - Display Message Done Report Report 0x29 - Send Big Block Data to Host Big Block Data for Authorization Request (ARQC) Report 0x2A - Delayed Response ACK Report 0x2E - Clear Text Cardholder Data Entry Response Report (Clear Text User Data Only) Page 9 of 212 (D )

10 1 - Table of Contents Report 0x2F - Request Host Connection (Handheld Operation Only, Wireless Only) EMV-Related Commands and Reports (EMV Only) Report 0x2C - EMV Cardholder Interaction Status Report Report 0x30 - Tip or Cashback Report (Handheld Operation Only) Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) Command 0xA1 - Access EMV Tags Reading All EMV Tags Command 0xA2 - Start EMV Transaction Standard EMV Transaction ARQC Request (EMV Only) Command 0xA2 Completion Command 0xA4 - Acquirer Response ARPC (MAC-MSR) Command 0xA8 - Get Kernel Info Command 0xAB - Request EMV Transaction Data (MAC-MSR) Command 0xAC - Merchant Bypass PIN Command Command 0xAE - MCL Send DET Command (MCL 3.1 Support Only) Wireless Commands and Reports ( Wireless Only) Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only) Command 0xE2 - Set / Get Wireless Timeouts ( Wireless Only) Command 0xE3 - Enable / Disable TLS Mutual Authentication ( Wireless Only) Command 0xE4 - Set Wireless Network Configuration ( Wireless Only) Command 0xE4/0x00 Set Wireless Access Point Connection Command 0xE4/0x02 Set Wireless Access Point Security Key/Password Command 0xE4/0x03 Set Wireless TCP/IP Settings Command 0xE4/0x04 Set Wireless Network Host ID Command 0xE5 - Get Wireless Network Info ( Wireless Only) Appendix A Examples A.1 How to Get MSR/PIN Data from the Device for a Bank Simulation A.2 How to Parse Encrypted Big Block EMV Data From An SRED Device Appendix B Terminology Appendix C Status and Message Codes Appendix D MagTek Custom EMV Tags (EMV Only) Appendix E EMV Configurations (EMV Only) Appendix F Error Codes Page 10 of 212 (D )

11 1 - Table of Contents F.1 H Codes F.2 S Codes F.3 C Codes F.4 Device Offline K Codes F.5 Device Offline A Codes F.6 Device Offline W Codes Appendix G Custom Messages (Custom Messages Only) Appendix H EMV Factory Defaults (EMV Only) H.1 Certificate Authority Public Keys H.2 EMV Contact Factory Defaults (EMV Only) H.2.1 EMV Contact Terminal Factory Defaults H.2.2 EMV Contact Payment Brand Factory Defaults H.3 PayPass/MCL Factory Defaults (PayPass Support Only MasterCard MCL 3.1.x Support Only) 173 H.3.1 MCL Terminal Factory Defaults (MCL 3.1.x Support Only) H.3.2 MCL Application Slot Factory Defaults (MCL 3.1.x Support Only) H.4 paywave Factory Defaults (paywave Support Only paywave 2.2 Support Only). 196 H.4.1 paywave Terminal Factory Defaults (paywave 2.2 Support Only) H.4.2 paywave Application Slot Factory Defaults(payWave 2.2 Support Only) H.4.3 paywave Dynamic Reader Limit Slots (paywave 2.2 Support Only) H.5 Expresspay Factory Defaults (Expresspay 3.0 Support Only Expresspay 3.1 Support Only) 203 H.5.1 Expresspay Terminal Factory Defaults (Expresspay 3.1 Support Only) H.5.2 Expresspay Application Slot Factory Defaults (Expresspay 3.0 Support Only Expresspay 3.1 Support Only) H.5.3 Expresspay Dynamic Reader Limit Slot Factory Defaults (Expresspay 3.1 Support Only) 207 H.6 D-PAS Factory Defaults (D-PAS Support Only) H.6.1 D-PAS Terminal Factory Defaults H.6.2 D-PAS Application Slot Factory Defaults Appendix I Language and Country Codes I.1 Terminal Country Codes I.2 Terminal Language Codes Page 11 of 212 (D )

12 2 - Introduction 2 Introduction 2.1 About This Document This document describes the master command set available through byte-by-byte direct communication with DynaPro Go PIN encryption devices (referred to in this document as the device ). 2.2 About Terminology The general terms device and host are used in different, often incompatible ways in a multitude of specifications and contexts. For example, host may have different meanings in the context of USB communication than in the context of networked financial transaction processing. In this document, device and host are used strictly as follows: Device refers to the PIN Encryption Device (PED) that receives and responds to the command set specified in this document. Devices include DynaPro, DynaPro Go, and so on. Host refers to the piece of general-purpose electronic equipment the device is connected or paired to, which can send data to and receive data from the device. Host types include PC and Mac computers/laptops, tablets, smartphones, teletype terminals, and even test harnesses. In many cases the host may have custom software installed on it that communicates with the device. When host must be used differently, it is qualified as something specific, such as acquirer host or USB host. Similarly, the word user is used in different ways in different contexts. This document separates users into more descriptive categories: The cardholder The operator (such as a cashier, bank teller, customer service representative, or server), and The developer or the administrator (such as an integrator configuring the device for the first time). Because some connection types, payment brands, and other vocabulary name spaces (notably Bluetooth LE, EMV, smart phones, and more recent versions of Windows) use very specific meanings for the term Application, this document favors the term software to refer to software on the host that provides a user interface for the operator. The combination of device(s), host(s), software, firmware, configuration settings, physical mounting and environment, operator and cardholder experiences, and documentation is referred to as the solution. 2.3 About Connection Types DynaPro Go and related products use a common communication protocol across a variety of physical connection layers, which can include universal serial bus (USB), Ethernet, Apple 30-pin dock connector, and Bluetooth Low Energy (Bluetooth LE). The set of available connection layers depends on the device. Details for communicating with devices via each physical connection type are provided in section 3 Connection Types. 2.4 About Device Features The information in this document applies to multiple devices. When developing solutions that use a specific device or set of devices, integrators must be aware of each device s communication interfaces, features, and configuration options, which affect the availability and behavior of some commands. Table 2-1 provides a list of device features that may impact command availability and behavior. Page 12 of 212 (D )

13 2 - Introduction Table Device Features Feature IPAD DynaPro v1 DynaPro v3 DynaPro Plus DynaPro Plus L1 DynaPro Mini 30-pin DynaPro Mini Bluetooth LE DynaPro Go DynaPro Go PIN Function General Features Signature Capture Stylus ( SC-S ) Y Y Y Opt Opt N N N N Signature Capture Finger ( SC-F ) N N N N N N N Y Y PIN Language Select N Y Y Y Y N N Y Y Re-PIN Support N N N N N N N N Y Custom Messages Y Y Y Y Y N N Y Y Bitmaps Y Y Y Y Y N N Y Y Clear Text User Data N Y Y Y Y N N Y Y Host-Supplied PAN Y Y Y Y Y Y Y N N Capacitive Keypad ( Cap Keypad ) Y Y Y Y Y N N N N Activation Codes N Y Y Y Y N N Y Y Fixed PIN Key Y Y Y Y Y Y Y N N PCI 4.x Key Block N N N N N N N Y Y IntelliHead Y Y Y Y Y Y Y N N Financial Format Whitelisting N Y Y Y Y N N Y Y Max Financial Card PAN Length N MagneSafe 2.0 (MS2.0) Y Y Y Y Y Y Y N N Token Reversal N Y Y Y Y Y Y N N Handheld Operation N N N N N N N Y Y Quick Chip N Y 3 Y 3 N N N Y 6 Y Y Beeper Control N Y Y Y Y Y Y Y Y Connections and Connection Features USB Connection Y Y Y Y Y Y Y Y Y TCP/IP Over Wireless Connection N N N N N N N Y N Ethernet Connection N Opt Opt Opt Opt N N N N Static IP (Ethernet) N Y 4 Y 4 N N N N N N Apple 30-Pin Connection N N N N N Y N N N Page 13 of 212 (D )

14 2 - Introduction Feature IPAD DynaPro v1 DynaPro v3 DynaPro Plus DynaPro Plus L1 DynaPro Mini 30-pin DynaPro Mini Bluetooth LE DynaPro Go DynaPro Go PIN Function RS-232 Connection N N N N N N N N N Bluetooth LE Connection N N N N N N Y N N SRED Options SRED N Opt Opt Opt Opt Opt Opt Y Y Non-SRED Y Opt Opt Opt Opt Opt Opt N N EMV Features Chip Card Contact N Y Y N Y Y Y Y Y Chip Card L1 Mode N N N N Y N N N N Chip Card L2 Mode N Y Y N N Y Y Y Y 2 RID CAPK Key Slots N 8/16 1 8/16 1 N N 8 8/ Multiple Payment Brand Defaults N N N N N N N Y Y Chip Card Contactless N Opt Opt N N N N Y Y 2 MasterCard PayPass Support N Opt Opt N N N N N N MasterCard MCL 3.1.x support N N N N N N N Y Y 2 paywave Support N Opt Opt N N N N N N paywave 2.2 Support N N N N N N N Y Y 2 Expresspay 3.0 Support N Opt Opt N N N N N N Expresspay 3.1 Support N N N N N N N Y Y 2 D-PAS Support N Opt Opt N N N N Y Y 2 Configurable EMV Support N Y Y Y Y N N N N 1) The number of CAPK key slots per RID depends on firmware revision number. DynaPro firmware up to revision D provides 8 key slots; revisions E and newer provide 16. DynaPro v3 provides 16 key slots. DynaPro Mini firmware up to revision C provides 8 key slots; revisions D and newer provide 16. 2) Feature is not agency-certified. 3) DynaPro v1 firmware revision F and newer; DynaPro v3 firmware revision B and newer. 4) Available with Ethernet module firmware version A00 and later. 5) Available on DynaPro v3 with Contactless L1 EMVCo Ver 2.6 6) Available on DynaPro Mini Bluetooth LE firmware revision E or newer. Page 14 of 212 (D )

15 2 - Introduction 2.5 About SDKs MagTek provides convenient SDKs and corresponding documentation for many programming languages and operating systems. The API libraries included in the SDKs wrap the details of the connection in an interface that conceptually parallels the device s internal operation, freeing software developers to focus on the business logic, without having to deal with the complexities of platform APIs for connecting to the various available connection types, communicating using the various available protocols, and parsing the various available data formats. The SDKs and corresponding documentation include: Functions for sending the direct commands described in this manual Wrappers for commonly used commands that further simplify development Sample source code to demonstrate how to communicate with the device using the direct commands described in this manual To download the SDKs and documentation, search for SDK and select the SDK and documentation for the programming languages and platforms you need, or contact MagTek Support Services for assistance. Table 2-2 provides an example list of SDKs and related documentation available for this family of devices: Table Available SDKs and Documentation Platform SDK Documentation Android Windows D IPAD, DynaPro, DynaPro Go, DynaPro Mini Programmer s Manual (ANDROID) D IPAD, DynaPro, DynaPro Go, DynaPro Mini Programmer s Manual (JAVA/JAVA APPLETS) D IPAD, DynaPro, DynaPro Go, DynaPro Mini Programmer s Manual (MICROSOFT.NET) D IPAD, DynaPro, DynaPro Go, DynaPro Mini Programmer s Manual (C++) ios D DynaPro, DynaPro Go, DynaPro Mini Programmer s Manual (IOS) Software developers also have the option to revert to direct communication with the device using libraries available in the chosen development framework. This document provides information and support for developing host software using that method. Page 15 of 212 (D )

16 3 - Connection Types 3 Connection Types Table 2-1 in section 2.4 includes a list of connection types available for each device. The following subsections provide details developers need to communicate with the device using each connection type. 3.1 How to Use USB Connections (USB Only) The device conforms to the USB specification revision 2.0, and is compatible with revision 1.1. It also conforms to the Human Interface Device (HID) class specification version 1.1, and communicates as a vendor-defined HID device. This document assumes the reader is familiar with USB HID class specifications, which are available at MagTek strongly recommends becoming familiar with that standard before trying to communicate with the device directly via USB. Developers can easily create custom software to communicate with the device using any framework that can make API calls to the standard Windows USB HID driver, such as Visual Basic or Visual C++. MagTek has developed demonstration software that communicates with the device via this method, and developers can use it to test the device and to provide a starting point for developing other software. For more information, see the MagTek web site, or contact your reseller or MagTek Support Services. The devices documented here are full speed high-powered USB device that, if not designed to use an external power supply, draw power from the USB bus. They identify themselves with vendor ID 0x0801 and product ID 0x3009 (DynaPro Mini or DynaPro Go). The device enters and wakes up from Suspend mode when directed to do so by the USB host. It does not support remote wakeup. This device has programmable configuration properties stored in non-volatile memory. The properties are configured via the USB port and can be configured at the factory, at a key injection facility, or by the end user. More details can be found in section 4 Command Set in this document, and in a separate document which provides details about key loading. There are no specific security settings or actions required to use the device s USB connection in a manner that is compliant with agency certification security requirements. Page 16 of 212 (D )

17 3 - Connection Types About Reports All USB HID devices send and receive data using Reports. Each report can contain several sections, called Usages, each of which has its own unique four-byte (32-bit) identifier. The two most significant bytes of a usage are called the usage page, and the two least significant bytes are called the usage ID. Vendor-defined HID usages must have a usage page in the range 0xFF00-0xFFFF, and it is common practice for related usage IDs share the same usage page. For these reasons, all usages for these devices use vendor-defined usage page 0xFF20. HID reports used by the host can be divided into three types: Feature Reports are used by the host to send commands to the device and to receive synchronous responses from the device. Feature reports can be further subdivided into Get Feature and Set Feature types. Input Reports are used by the device to send asynchronous responses or notifications to the host when a related feature report completes, or automatically the device s state changes. This is common when a command depends on cardholder interaction, or when a command takes more time for the device to process than is reasonable for the host to wait on a blocking call for the device to acknowledge completion. Output Reports. Output reports are part of the HID standard, but are not used by this device. For information about determining the device s available reports, see section About the Report Descriptor. For information about using feature reports to send commands to the device and receive responses from the device, see section How to Send Commands On the USB Connection. For information about receiving unsolicited data from the device via Input Reports, see section How to Receive Data On the USB Connection. Page 17 of 212 (D )

18 3 - Connection Types About the Report Descriptor The list of the device s available reports and their structure is sent to the host in a report descriptor, usually just after the device is connected to the USB port. Generally the details of the report descriptor are abstracted by the developer s HID API; however, should it become necessary to examine a report descriptor byte-by-byte, a full inventory of the report descriptor for these devices is provided in Table 3-1, which also indicates whether each report is a Get type or Set type or both. The reports themselves are fully documented in the sections that follow. Table USB HID Report Descriptor Usage Page Item FF Usage Collection A1 01 Report Size (8) Logical Minimum (0) Logical Maximum (255) 26 FF 00 Report ID (0x01) - Get Usage (Response ACK) Report Count (4) Feature (Data,Var,Abs,NWrp,Lin,Pref,NNul,Nvol,Buf) B Report ID (0x02) - Set Usage (End Session) Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x03) - Set Usage (Request Swipe Card) Report Count (3) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x04) - Set Usage (Request PIN Entry) Report Count (5) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x05) - Set Usage (Cancel Command) Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x06) - Set Value (Hex) Page 18 of 212 (D )

19 3 - Connection Types Item Value (Hex) Usage (Request Cardholder Selection) Report Count (4) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x07) - Set Usage (Display Message) Report Count (2) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x08) - Set Usage (Request Device Status) Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x09) - Get/Set Usage (Get/Set Device Config) Report Count (8) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0A) - Set 85 0A Usage (Request MSR Data) 09 0A Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0B) - Get/Set 85 0B Usage (Get/Set Challenge) 09 0B Report Count (13) 95 0D Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0C) - Set 85 0C Usage (Set Bitmap) 09 0C Report Count (2) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0D) - Set 85 0D Usage (Send Session Data/Send Session PAN) 09 0D Report Count (21) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0E) - Get 85 0E Usage (Get Information) 09 0E Page 19 of 212 (D )

20 3 - Connection Types Item Value (Hex) Report Count (63) 95 3F Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x0F) - Set 85 0F Usage (Authenticate/Logout) 09 0F Report Count (9) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x10) - Set Usage (Send Big Block Data to Device) Report Count (63) 95 3F Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x11) - Set Usage (Request Manual Card Entry) Report Count (3) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x12) - Set Usage (Request Cardholder Signature) Report Count (3) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x13) - Get Usage (Get Cardholder Signature) Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x14) - Set Usage (Request Cardholder Data Entry) Report Count (3) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x017) - Set Usage (Update Device) Report Count (8) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x018) - Set Usage (Perform Test) Report Count (63) 95 3F Page 20 of 212 (D )

21 3 - Connection Types Item Value (Hex) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x019) - Get/Set Usage (Extended Device) Report Count (8) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x01A) - Get/Set 85 1A Usage (Request Device Configuration) 09 1A Report Count (63) 95 3F Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x1F) Usage (Request Clear Text Cardholder Data Entry) 85 1F Report Count (3) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0x20) - Input Usage (Device State) Report Count (6) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x21) - Input Usage (Cardholder Data Entry Response) Report Count (20) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x22) - Input Usage (Card Status) Report Count (16) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x23) - Input Usage (Card Data) Report Count (127) 95 7F Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x24) - Input Usage (PIN Response) Report Count (20) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Page 21 of 212 (D )

22 3 - Connection Types Item Value (Hex) Report ID (0x25) - Input Usage (Cardholder Selection Response) Report Count (3) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x27) - Input Usage (Display Message Done) Report Count (2) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x29) - Input Usage (Send Big Block Data to Host) Report Count(127) 95 7F Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x2A) - Input 85 2A Usage (Delayed Response ACK) 09 2A Report Count (3) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x2B) - Input 85 2B Reserved Report ID (0x2C) - Input 85 2C Usage (EMV Cardholder Interaction Status) 09 2C Report Count (127) 95 7F Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x2E) - Input 85 2E Usage (Clear Text Cardholder Data Entry Response Report) 09 2E Report Count (12) 95 0C Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) Report ID (0x30 - Get/Set) Usage (Set/Get KSN) Report Count(1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0x31) - Set Usage (Set KSN Encrypted Data) Report Count(1) Page 22 of 212 (D )

23 3 - Connection Types Item Value (Hex) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0x32) - Get/Set Usage (Set/Get BIN Table) Report Count(1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0x58) - Set Usage (Key Handling or Manufacturer Command) Report Count (2) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA1) - Set 85 A1 Usage (Set or Get EMV Tag(s)) 09 A1 Report Count (8) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA2) - Set 85 A2 Usage (Request Start EMV Transaction) 09 A2 Report Count (48) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA3) - Set 85 A3 Usage (Request ATR Data) 09 A3 Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA4) - Set 85 A4 Usage (Acquirer Response) 09 A4 Report Count (12) 95 0C Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA5) - Set 85 A5 Usage (Set or Get EMV CA Public Key) 09 A5 Report Count (8) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA6) - Set 85 A6 Usage (Request Power Up/Down Reset ICC) 09 A6 Report Count (16) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Page 23 of 212 (D )

24 3 - Connection Types Item Value (Hex) Report ID (0xA7) - Get/Set 85 A7 Usage (Send/Get ICC APDU) 09 A7 Report Count (16) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA8) - Set 85 A8 Usage (Get Kernel Info) 09 A8 Report Count (63) 95 3F Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xA9) - Get/Set 85 A9 Usage (Get/Set Challenge and Session Key) 09 A9 Report Count (44) 95 2C Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xAA) - Set 85 AA Usage (Confirm Session Key) 09 AA Report Count (17) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xAB) - Set 85 AB Usage (Request EMV Transaction Data) 09 AB Report Count (4) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B Report ID (0xAC) - Set 85 AC Usage (Merchant Bypass PIN Command) 09 AC Report Count (1) Feature (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Nvol,Buf) B Report ID (0xFF) - Set 85 FF Usage (Device Reset) 09 1E Report Count (02) Input (Data,Var,Abs,NWrp,Lin,Pref,Nnul,Buf) B End Collection C0 Page 24 of 212 (D )

25 3 - Connection Types How to Send Commands On the USB Connection Because some of the devices documented here support connection types beyond USB, this documentation abstracts host-device communication by referring to Commands, which are often a pairing of a Request from the host and a corresponding Response from the device. This section explains how these terms apply when using the USB HID connection. When the device is connected to the host via USB, the host generally sends a Set Feature Report to the device to send the requests for commands, and sends a Get Feature Report to the device to retrieve status, and then synchronous response data when appropriate. The host should send both Feature Report types using the default Control pipe using a blocking call to the operating system s native USB libraries. The device NAKs the Status page of a Set Feature Report until it finishes the requested operation, and if it does not respond, the operating system will generally time out and report failure. This method ensures that as soon as the device has fulfilled the command request embedded in the Set Feature Report, the host software can immediately call a follow-up Get Feature Report to retrieve the command status and then the device response, if one is required, and that the host software will not hang on a blocking call indefinitely. In some cases, the host may simply send a Get Feature Report directly ( call the command in Get mode ) without a preceding Set Feature Report; the command documentation is specifically explains these cases. The host should follow this general sequence to send a command request, determine status, and retrieve response data from the device when appropriate: 1) Choose the command to invoke from section 4 Command Set. Every command has a corresponding Command Number listed in the header of its documentation section. The host should use that command number as the report s Feature ID. 2) Determine whether the command should be called in Set mode or Get mode. If the command documentation does not explicit state it, assume Set mode. 3) If the command should be called in Set mode: a) Construct and send a Set Feature Report using the Usage / Request table in the command documentation. b) Construct and send a Get Feature Report for Command 0x01 - Response ACK. The report includes the command number being acknowledged and a one-byte status indicating whether the device accepted the command. c) If the command documentation states the command should then be called in Get mode to retrieve the device s response, the host must send a followup Get Feature Report for the original command. The response is formatted per the Get Mode / Response table in the command documentation. For some commands, the host should instead listen for the device to send an asynchronous response via an HID Input Report using a USB Interrupt IN transaction when the command finishes executing. For other commands, no follow-up to get response data is required. 4) If the documentation specifies the command should be called in Get mode, simply construct and send a Get Feature Report, and interpret the device s response using the Usage / Response table in the command documentation. Page 25 of 212 (D )

26 3 - Connection Types How to Receive Data On the USB Connection When the device communicates with the host as a vendor-defined HID device, it sends unsolicited messages to the host via one or more Input Reports, which are asynchronous data packets (i.e., events) sent from the device to the host using the USB Interrupt IN pipe. Events occur when the device state changes or when an asynchronous command (such as a command that requires cardholder interaction) has completed. Per the USB HID standard, the host polls the device on a regular Polling Interval to see if it has input data available to send. If the device does not, it responds to the poll with a USB NAK. The host software should listen for input reports, and upon receiving one, process it as follows: 1) Determine the incoming input report s Report ID. 2) Look up the corresponding Report ID in this document (for example, Report 0x20 - Device State Report uses Report ID 0x20). 3) Parse the data in the input report according to the report s documentation. Optionally the host may examine the Usage for that report, and interpret the incoming data according to that. 4) Respond accordingly (for example, by sending followup commands). Page 26 of 212 (D )

27 3 - Connection Types 3.2 How to Use Network Connections (Ethernet Only Wireless Only) When the device is connected to the host via a 10/100 Ethernet port or wireless, on power-up the device uses its preconfigured static IP address or attempts to contact a DHCP server to acquire a dynamic IP address. The default port for the host to communicate with the device is TCP/IP port 26. On some devices, network functionality and the following network-related keypad commands are only enabled when the device s USB cable is not connected. To show the MAC address of the device, press keypad buttons Left function key Right function key. To show the current IP address of the device, press keypad buttons Left function key, Right function key How to Use Wireless Connections ( Wireless Only) DynaPro Go ships from the manufacturer with TLS Enabled. This setting can be set to Disabled by the customer, which may be useful for initial network setup and testing. MagTek strongly recommends that TLS always be Enabled when it is deployed in the field. To use the device s wireless connection, first follow the configuration steps in the device s Installation and Operation Manual, available from MagTek, to set up the network, host, and device, and switch the device s Active Connection to Wireless. Host software that uses the wireless connection must do so using a TLS library, which may include the host software operating system s cipher suite (for example, Schannel on Windows 8.1 and above). The host will generally follow these steps to communicate with the device: 1) The host software must establish a permanent listener on the TCP port where the device is configured to connect. See section How to Receive Data On the Wireless Connection for details. 2) On power-up, the device connects to the configured wireless access point. If it is configured to use DHCP, it registers its device name (TLS plus its serial number) with the DNS server, and gets an IP address. 3) Based on configuration, the device either opens a TCP listening socket immediately and waits for the host to connect, or opens an unsecured TCP connection to the configured host, sends Report 0x2F - Request Host Connection (Handheld Operation Only, Wireless Only), and opens a TCP listening socket. 4) If the device has TLS enabled, the host must then establish a mutually authenticated TLS connection with the device s listening port. Depending on the operating system and library the host is using, this may involve: a) Establishing an unsecured TCP connection to the port the device is listening on, using either the device s DNS name or IP address. The host should continuously monitor the status of this connection to make sure the device is still available, and if the connection is terminated, it should assume the device has returned to the idle state, and cancel any pending operations. Page 27 of 212 (D )

28 3 - Connection Types b) Using the operating system certificate store to get a handle to the certificate chain the host will use to authenticate, and validate the full chain. c) Use the TLS library to perform a mutual authentication sequence on the TCP connection. For example, AuthenticateAsClient (ServerName, Certs, SslProtocols.Tls12, False). With some libraries, the host will have to perform additional steps directly, such as specifying what cipher suites the host supports. For details, see the documentation for the TLS library and operating system the host software is using. d) Wait a reasonable period of time (e.g., 10ms) for the device to prepare to receive commands. e) If the host fails to connect: i) Temporarily disable TLS to verify basic connection to the device is OK. See the device s Installation and Operation Manual for proper host configuration and installation of certificates. ii) Use a network packet capture tool on the host, such as Wireshark, which can help debug the TLS handshake. 5) If the device does not have TLS enabled, the host must establish an unsecured TCP connection with the device s listening port. The host should continuously monitor the status of this connection to make sure the device is still available, and if the connection is terminated, it should assume the device has returned to the idle state, and cancel any pending operations. 6) The host may then send any available commands to the device s listening port until the operation is complete or the device closes the connection (for example, a timeout occurs, or an operator powers off the device, etc.). See section How to Send Commands Using Network Connections. 7) Make sure all pending operations have completed, then close the TLS connection and TCP socket. Page 28 of 212 (D )

29 3 - Connection Types How to Send Commands Using Network Connections Data the host sends to the device via the network connection must follow the SLIP protocol as defined in Part D, Section 3 of Specification of the Bluetooth System, Host Controller Interface, Volume 4, which is available at Note the reference to bluetooth.org is intentional, and the specification does indeed apply to the device s network connection. The host software should begin and end commands with SLIP s frame delimiter C0, and must take into account SLIP escape sequences that deal with occurrences of C0 inside the SLIP data frame: If outbound data contains the byte value C0, software should encode it into SLIP as DB DC; if inbound SLIP data contains the byte sequence DB DC, software should decode it to C0. If outbound data contains the byte value DB, software should encode it into SLIP as DB DD; if inbound SLIP data contains the byte sequence DB DD, software should decode it to DB. To communicate with a device using the network connection, the host should wrap all commands in the following block: Table Network Connection Command Wrapper Bit Byte 0 Byte 1 Byte 2.. Byte n Byte n+1 0xC0 = SLIP frame delimiter 0x00 = Get 0x01 = Set Command as defined in section 4 Command Set. See SLIP specification for requirements about re-encoding occurrences of frame delimiter C0. 0xC0 = SLIP frame delimiter The device wraps all responses in the following block: Table Network Connection Response Wrapper Bit Byte 0 Byte 1 Byte 2.. Byte n Byte n+1 0xC0 = SLIP frame delimiter 0x02 = Response to a command 0x03 = Unsolicited transmission for an event. Response as defined in section 4 Command Set. See SLIP specification for requirements about decoding DB xx byte sequences. 0xC0 = SLIP frame delimiter Page 29 of 212 (D )

30 3 - Connection Types How to Receive Data On the Wireless Connection When the device sends unsolicited messages to the host s listening port via the wireless connection, it uses the same SLIP format documented in section How to Send Commands Using Network Connections. Events occur when the device state changes or when an asynchronous command (such as a command that requires cardholder interaction) has completed, and in this documentation they are referred to as Reports. 1) The host must maintain an actively listening TCP socket for the device to connect to at all times. 2) On receiving an unsolicited message, unpack it according to Table 3-3 on page 29, which will label the message as Unsolicited transmission for an event. 3) Determine the incoming message s Report ID, and look up the corresponding Report ID in this document (for example, Report 0x20 - Device State Report uses Report ID 0x20). 4) Parse the data in the message according to the report s documentation. 5) Respond accordingly (for example, by establishing a mutually authenticated TLS connection with the device and sending followup commands). Page 30 of 212 (D )

31 4 - Command Set 4 Command Set 4.1 About Big Block Data and TLV Format There are some cases where command data (host to device) or response data (device to host) requires special treatment. For example, some commands require the host or device to transmit large blocks of data that exceed the maximum packet size of the chosen data transport layer; other commands require transmitted data to be encrypted and/or encoded, fully received, then decrypted and/or decoded as a single piece. For commands and responses that require these sorts of special treatment, the usage information in this document indicates that the command or response uses big block data buffers. The device provides support for transmitting big block data by implementing two reports: For feature reports that require big block data transmission, the host should first call Command 0x10 - Send Big Block Data to Device to transmit the relevant data to the device, then invoke the desired command. In cases where the device sends big block data to the host, the host should invoke the desired command, then the device sends one or more instances of Report 0x29 - Send Big Block Data to Host. The host must then assemble / parse / decrypt / decode the data. Big block data is frequently encoded using an industry standard Tag-Length-Value (TLV) format. For detailed information about parsing EMV response data in TLV format, see EMV Integrated Circuit Card Specifications for Payment Systems 4.3, Part IV, Annex B Rules for BER-TLV Data Objects. For a detailed example of parsing TLV data, see Appendix A.2 How to Parse Encrypted Big Block EMV Data From An SRED Device. For details about the specific tags used by a given command, see the usage information for the command. 4.2 About Message Authentication Codes ( MAC-AMK or MAC-MSR ) MAC is an abbreviation of Message Authentication Code, which is a string of bytes included in a message that can be used to provide reasonable assurance that the message originated from a trusted source and has not been modified. All messages in this document (including commands, responses, and command payloads) that are tagged MAC-AMK or MAC-MSR must include the device s unique serial number and a four-byte MAC. The sections in this document about all commands, responses, and data formats that include a MAC are tagged with MAC-AMK or MAC-MSR in the section title. All of these sections specify how to generate and use the MAC, including which key and variant to use, which data elements to use, and how the resulting MAC is included in the message. The key used to calculate the MAC is usually either the MSR key or the AMK key, and the variant is always Message Authentication, Request or Both Ways. The choice of key depends on several factors, including the type of message, whether its related processes use encryption, and which encryption keys those processes use. In all cases, the MAC is produced by following ISO Information Technology Security Techniques Message Authentication Codes, using Padding Method 1, Initial Transformation 1, Output Transformation 3, Algorithm 3, DEA, with two 56 bit-keys (K and K'). That method produces an 8-byte MAC value, and the most significant 32 bits of that value serve as the MAC the device or host will include with the message. The host and device stage many MACed messages using big block data buffers (detailed in section 4.1 About Big Block Data and TLV Format). In cases where the MACed message uses TLV data object F9, which is designed specifically for transmitting MACed messages, the message being sent as big block data follows this general format (interpret hexadecimal as binary values, ignore whitespace and /*comments*/, replace <angle bracketed values> with actual values): Page 31 of 212 (D )

32 4 - Command Set AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */ F9<len> /* container for MAC structure and generic data */ DFDF54(MAC KSN)<len><val> DFDF55(MAC Encryption Type)<len><val> DFDF25(IFD Serial Number)<len><val> <Nested TLV data objects specific to the message> <Padding to force F9 plus padding to be a multiple of 8 bytes> <Four byte CBC-MAC> The host and device construct and send the full F9-based message as follows: The first two bytes of the message are in big-endian order (MSB first) not in TLV format, and indicate the length of the full F9 object, starting with the F9 byte at the beginning, and ending at the last byte of the F9 data object s final nested child. By definition, this excludes any added padding and the CBC-MAC itself at the end of the message (both described later). The F9 data object is populated with nested TLV data objects as specified by the command, response, or data format s documentation. In general: o If the MAC is generated using a DUKPT key, F9 will include nested TLV data object DFDF54 specifying the KSN for the DUKPT working key used to generate the MAC. If the MAC is generated using a fixed key, F9 will not include DFDF54. o F9 will always include nested TLV data object DFDF55 containing a MAC Encryption Type, which specifies which key and variant was used to generate the MAC. See the definition of DFDF55 in Appendix D MagTek Custom EMV Tags (EMV Only) for information about valid values. o F9 will always include nested TLV data object DFDF25 containing the device s unique IFD Serial Number, which the host can read from the device. See Appendix D MagTek Custom EMV Tags (EMV Only) for details about retrieving tags. The end of the message outside the F9 data object is padded to ensure that the length of data, starting with the F9 byte at the beginning, and ending with any additional padding, is a multiple of 8 bytes. This is a requirement of using the CBC-MAC algorithm. Using the key specified in the message s documentation, the CBC-MAC is calculated over the block of data that starts with the F9 byte at the beginning, through the last byte of any additional padding. This yields an 8-byte CBC-MAC. The final 4 bytes of the message are populated with the most significant 32 bits of the 8-byte CBC- MAC, not in TLV format. If the host is sending the message, it will send it to the device using Command 0x10 - Send Big Block Data to Device. If the device is sending the message as part of a response or report, it will send it to the host using Report 0x29 - Send Big Block Data to Host. Page 32 of 212 (D )

33 4 - Command Set 4.3 General Commands Command 0x01 - Response ACK This command retrieves the status of the most recent command the host has sent to the device. The host should call this command immediately after it sends a command to the device, to determine whether the device accepted the command as sent. The data the device returns includes an ACKSTS code (see Table 4-2 on page 34) and the ID of the command the status is for. Table Usage Table for Command 0x01 Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Bit x01 Status of command ( ACKSTS ). See Table ACKSTS Codes for a list of possible values. ID of command being ACKed Reserved Reserved For example, after sending Command 0x03 - Request Swipe Card to the device, the host should immediately call Command 0x01 - Response ACK. If the command executed correctly, the ACKSTS would be 0x00; if the host included bad parameters in the command, the ACKSTS would be Bad Parameter (0x82), as specified in the documentation of Command 0x03 - Request Swipe Card. Page 33 of 212 (D )

34 4 - Command Set Table ACKSTS Codes Status/Msg ACK Status ( ACKSTS ) Value 0x00 = OK / Done 0x15 = RID error / Index not found 0x80 = Device Error. A device error or tamper has been detected, the device certificate is missing or has been changed, or a signature is not correct. 0x81 = Device not Idle 0x82 = Data Error or Bad Parameter(s). The command contains bad parameters. For example, in a big block data transfer, the parameters in any block 1 through n data packet don t match (or don t follow) the previous data packet s parameters; it may also indicate a bad CBC-MAC ACKSTS, wrong serial number, or a bad key. 0x83 = Length Error or OID error. The data size is 0 or is larger than the available buffer size, or a data packet is incomplete, or MagTek device OID of the certificate doesn t match the predefined OID 0x84 = PAN Exists 0x85 = No Key or Key is incorrect. No Mutual Authentication Key, no Acquirer Master Key, or an invalid key is found in the device 0x86 = Device busy 0x87 = Device Locked. More than 120 PINs were entered within one hour, or there have been three authentication failures, or a previous call to Command 0x09 - Set / Get Device Configuration locked the device s configuration 0x88 = Mutual Authentication required 0x89 = Bad Mutual Authentication. The host has sent an incorrect authentication token (e.g., the decrypted random token or device serial number doesn t match the device s current values) 0x8A = Device not Available, Device Status is not OK, Touchscreen is not connected or doesn t exist, or Authentication challenge token has timed out (i.e. is not used within 5 minutes) 0x8B = Amount Needed. If PIN amount is required, no amount has been sent 0x8C = Battery is critically low (refuse new transactions and host commands) 0x8D = Device is resetting (refuse new transactions and host commands) 0x8E = Firmware update not allowed. The host has attempted to call a firmware update command on an interface where firmware updates are not allowed. 0x8F = Value too large. The host, or a cardholder or operator, has provided a value that exceeds the device s length / magnitude limit for that value. 0x90 = Certificate or associated CA doesn t exist. For unbind/rebind/key injection, the associated certificate doesn t exist 0x91 = Expired (Certificate/Certificate Revocation List) 0x92 = Invalid (Certificate/Certificate Revocation List/Message) 0x93 = Revoked (Certificate/Certificate Revocation List) 0x94 = Associated Certificate or Certificate Revocation List doesn t exist 0x95 = Cert exists 0x96 = Duplicate KSN/Key. The key already exists. 0x9A = Operator has pressed Cancel when prompted to enter admin passcode. Page 34 of 212 (D )

35 4 - Command Set Command 0x02 - End Session This command clears all existing session data including PIN, PAN, and amount. The device returns to the idle state and displays the specified Welcome screen. Bitmaps Only: Before the host can use Idle Message 0x01 through 0x04, it must first configure the device by loading bitmaps into the desired slots using Command 0x0C - Set Bitmap (Bitmaps Only). Otherwise, the host should use Idle Message ID 0, and the device displays the default Welcome screen shown below. Table Usage Table for Command 0x02 Byte 0 Byte 1 Figure DynaPro Go Welcome Screens Bit x02 Idle Message: 0x00 = Welcome (default) (Bitmaps Only): 0x01 = Bitmap Slot 1 0x02 = Bitmap Slot 2 0x03 = Bitmap Slot 3 0x04 = Bitmap Slot 4 Page 35 of 212 (D )

36 4 - Command Set Command 0x03 - Request Swipe Card This command directs the device to prompt the cardholder to swipe a card by displaying one of four predetermined messages (see Card Message ID in Table 4-4). Example request screens look like this: Figure DynaPro Go Swipe Prompts If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. When this command completes (card swiped OK, cardholder or operator cancelled, or timeout), the device sends Report 0x22 - Card Status Report to the host. If the Card and Operation Status are both OK, the host should then send Command 0x0A - Request MSR Data to get the card data. For an example of using this command, see Appendix A.1 How to Get MSR/PIN Data from the Device for a Bank Simulation. Table Usage Table for Command 0x03 Byte 0 Byte 1 Bit x03 Wait time in seconds, (0x01..0xFF; 0x00 = Infinite wait time) Page 36 of 212 (D )

37 4 - Command Set Byte 2 Byte 3 Bit Card Message ID to display: 0x00 = Swipe Card / Idle (alternating) 0x01 = Swipe Card 0x02 = Please Swipe Card 0x03 = Please Swipe Card Again 0x04 = Chip Error, Use Mag Stripe Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Page 37 of 212 (D )

38 4 - Command Set Command 0x04 - Request PIN Entry This command directs the device to prompt the cardholder to enter a PIN as follows: 1) (PIN Language Select Only) If the command specifies Language Select should be enabled, the device first prompts the cardholder to select one of the allowed languages. The selected language remains active until the host sends Command 0x02 - End Session. The device then switches to the default device language set in the contact database using Command 0xA1 - Access EMV Tags. 2) The device displays one of five predefined messages (see PIN Mode in Table 4-5) and waits for the cardholder to enter a PIN. 3) If the host specifies PIN Mode Verify PIN: a) The device prompts the cardholder to enter the PIN a second time, and proceeds only if both entries match. b) (Re-PIN Only) The device performs a check to ensure the cardholder has not entered a trivial PIN: The PIN must not match the beginning of the PAN, the end of the PAN, or the card expiry date; the PIN can not consist of the same repeated digit; the PIN can not exclusively consist of sequential digits. 4) If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. 1) If no error occurs, when the command completes (PIN entry done, cardholder or operator cancelled, or timeout), the device sends Report 0x24 - PIN Response Report to the host. If PIN entry is successful, the report also contains the PIN KSN (if using a DUKPT PIN Key, otherwise the PIN KSN is zero) and the encrypted PIN block (EPB) data. The EPB format depends on the PIN Option the host specified in the command, and on Session State (see Report 0x20 - Device State Report): a) If there is no PAN (from card swipe or sent via command), the device creates the EPB using ISO format 1. b) If there is a PAN, the device creates the EPB using the PIN Option the host specified in the command. The EPB is encrypted under the current PIN DUKPT key as DES or TDES depending on the injected key type. The English on-screen prompts look like this: Page 38 of 212 (D )

39 4 - Command Set Table Usage Table for Command 0x04 Figure DynaPro Go PIN Prompts Bit Byte 0 Byte 1 Byte 2 0x04 Wait Time in seconds (0x01..0xFF; 0x00 = 256 seconds) PIN Mode: 0x00 = Enter PIN 0x01 = Enter PIN Amount 0x02 = Reenter PIN Amount 0x03 = Reenter PIN 0x04 = Verify PIN Byte 3 Max PIN length (<=12) Min PIN length (>=4) Byte 4 Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Page 39 of 212 (D )

40 4 - Command Set Bit Byte 5 PIN Options Reserved (PIN Language Select Only) Language Select: 0b00 = Disabled 0b01 = English or French Only 0b10 = All Languages as defined by DFDF2D Wait Msg Verify PIN PIN Block Format 0 = ISO Format 0 1 = ISO Format 3 Page 40 of 212 (D )

41 4 - Command Set Command 0x05 - Cancel Command This command cancels the current command. Table Usage Table for Command 0x05 Byte 0 Byte 1 Bit x05 0x00 Page 41 of 212 (D )

42 4 - Command Set Command 0x06 - Request Cardholder Selection This command directs the device to prompt the cardholder to select the transaction type (debit, credit, etc.) or to verify the transaction amount, as shown below. For information about setting custom status messages, see Appendix G Custom Messages. Figure DynaPro Go Cardholder Selection Screens If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. After the cardholder makes a selection or cancels, or if a timeout occurs based on Wait Time, the device does the following: 1) Clear the display 2) Return to the idle state 3) Send Report 0x25 - Cardholder Selection Response Report to the host Table Usage Table for Command 0x06 Byte 0 Byte 1 Bit x06 Wait Time in seconds, (0x01..0xFF; 0x00 = 256 seconds) Page 42 of 212 (D )

43 4 - Command Set Byte 2 Bit Message ID: 0x00 = Transaction type Credit / Debit 0x01 = Verify Transaction Amount 0x02 = Transaction type Credit / Other / Debit 0x03 = Transaction type Credit / EBT / Debit 0x04 = Transaction type Credit / Gift/ Debit 0x05 = Transaction type EBT / Gift / Other Bitmaps Only: 0x80..0x83 = Bitmaps in slots 0..3 (only available in firmware revision C12 and newer) Byte 3 Byte 4 Custom Messages Only: 0xFF = Custom Message. Requires the host first send data via Command 0x10 - Send Big Block Data to Device Masked Keys. OR together the desired combination of enabled / disabled keys: 0 = Do not allow input from indicated key 1 = Enable indicated key Bit Reserved Reserved Reserved Reserved Enter Right Middle Left Tone Pattern: 0x00 = No start beep, one timeout beep 0x01 = One start beep, one timeout beep 0x02 = Two start beeps, one timeout beep 0x64 = No start beep, no timeout beep 0x65 = One start beep, no timeout beep 0x66 = Two start beep, no timeout beep Page 43 of 212 (D )

44 4 - Command Set Command 0x07 - Display Message This command directs the device to display a predefined message for a specified time. Examples are shown below. For information about setting custom status messages, see Appendix G Custom Messages. Figure DynaPro Go Messages Page 44 of 212 (D )

45 4 - Command Set If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, when the command completes (message displayed, cardholder or operator cancelled, or timeout), the device does the following: 1) Clear the display 2) Return to the idle state 3) Send Report 0x27 - Display Message Done Report to the host Table Usage Table for Command 0x07 Byte 0 Byte 1 Byte 2 Bit x07 Wait Time in seconds, (0x01..0xFF; 0x00 = Infinite wait time) Display message ID: 0x00 = Blank 0x01 = Approved 0x02 = Declined 0x03 = Cancelled 0x04 = Thank You 0x05 = PIN Invalid 0x06 = Processing 0x07 = Please Wait 0x08 = Hands Off 0x09 = PIN PAD not available 0x0A = Call Your Bank 0x0B = CARD ERROR 0x0C = Not Accepted 0x0D = Processing Error 0x0E = Use CHIP READER 0x0F = Refer to your payment device Bitmaps Only: 0x80..0x83 = Bitmap in slots xFF = Custom Bitmap Message (requires first sending data via Command 0x10 - Send Big Block Data to Device) Page 45 of 212 (D )

46 4 - Command Set Command 0x08 - Request Device Status This command directs the device to send current information (Session State, Device State and Status, etc.) to the host. Following this command, the device sends the host Report 0x20 - Device State Report. Table Usage Table for Command 0x08 Byte 0 Byte 1 Bit x08 0x00 Page 46 of 212 (D )

47 4 - Command Set Command 0x09 - Set / Get Device Configuration The host calls this command in Set mode to send operator-defined configuration settings to the device. If the command changes the EMV Mode control setting, the host must send Command 0xFF - Device Reset or the operator must power cycle the device before that setting takes effect. The host can also call this command in Get mode to direct the device to return its current configuration settings. The format of the device s response in this case is identical to the format of the host s request when calling the command in Set mode (Table 4-10). If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device saves the new configuration. The Configuration Lock bit can only be set by the manufacturer. When the device is locked, the host cannot change any of the device configuration settings. When the device is unlocked, the host can only change the following settings: MSR Encryption Variant Clear Text Cardholder Data Beeper Mode Mask Configuration MSR Card Configuration Mask Character Number of leading/trailing to leave unmasked EMV L2 ICS Configuration Financial+ICC Card Type reporting Enabling and Disabling Contactless Payment Brand (Chip card contactless only) Contactless Alternate GUI Control (Chip card contactless only) All other settings, including the Configuration Lock bit, can only be changed by the supplier or manufacturer. Page 47 of 212 (D )

48 4 - Command Set Table Usage Table for Command 0x09 (Set mode) / Response for Command 0x09 (Get mode) Bit Byte 0 0x09 Device Control (default value = 0x00) Bit 0 Require Mutual Authentication: 0 = No 1 = Yes Bit 1 MSR Encryption Variant: 0 = PIN 1 = DATA Bit 2 Reserved Byte 1 Bit 3 Clear Text Cardholder Data (Clear Text User Data Only) Enables Command 0x1F - Request Clear Text Cardholder Data Entry (Clear Text User Data Only) and clear text transmission in Report 0x21 - Cardholder Data Entry Response Report 0 = Disable 1 = Enable Bit 4 Beeper Mode (Beeper Control Only) Configure audio feedback 0 = Enable 1 = Disable Bit 5 Reserved Bit 6 Bitmap Lock (Bitmaps Only): 0 = Unlocked 1 = Locked Bit 7 Configuration Lock (NOTE: After locking, unlocking can only be performed by the manufacturer): 0 = Unlocked 1 = Locked Page 48 of 212 (D )

49 4 - Command Set Bit Device Control 2 (default value = 0x00) Bit 0 Reserved Byte 2 Byte 3 Bit 1 ARPC MAC Checking (EMV Only) Configure MAC requirement on inbound online response for Command 0xA4 - Acquirer Response ARPC (MAC-MSR): 0 = Enable (default) 1 = Disable Bit 2 Financial + ICC Card Type Reporting: Configure Financial+ICC Card type reporting 0 = Enable (default) 1 = Disable Bit 3 ARQC and Batch Data Output Format (Protected): 0 = DynaPro Format (default) 1 = Reserved Mask Configuration (default value = 0xC0, all enabled except MS2.0) ISO Mask 0 = Disable 1 = Enable Check Digit 0 = Disable 1 = Enable MS2.0 Enable 00 = MS2.0 Disabled MS2.0 Only: 10 = MS2.0 Enabled MSR Card Configuration (default value = 0xD5, all enabled) Reserved Byte 4 AAMVA Card 0 = Disable 1 = Enable Non-finance card option Track 3 Data 00 = Disabled 01 = Enabled 11 = Required Track 2 Data 00 = Disabled 01 = Enabled 11 = Required Track 1 Data 00 = Disabled 01 = Enabled 11 = Required Byte 5 Mask Character (factory setting is 0x30 representing ASCII 0 ) Byte 6 Byte 7 Leading length to leave unmasked. In SRED, maximum length = 6. EMV L2 ICS Configuration (Default = 0x01) Note: This setting is ignored when EMV Mode is disabled. Trailing length to leave unmasked. In SRED, maximum length = 4. Page 49 of 212 (D )

50 4 - Command Set Bit EMV L2 ICS Configuration 0000 = No L2 capability 0001 = Configuration C = Configuration C2 DynaPro (Firmware Rev E and newer), DynaPro Mini firmware Rev D and newer, and DynaPro Go only: 0011 = Configuration C = Configuration C = Configuration C = Configuration C = Configuration C = Reserved DynaPro Firmware Rev A to D: Configurations C1 and C2 are EMVCo certified. DynaPro Mini Rev A to C: Configurations C1 and C2 are EMVCo certified. DynaPro Firmware Rev E and newer: Configurations C1, C4 and C5 are EMVCo certified. DynaPro Mini Rev D and newer: Configurations C1, C4 and C5 are EMVCo certified. DynaPro Go: Configurations C1, C4 and C5 are EMVCo certified. Page 50 of 212 (D )

51 4 - Command Set Bit Default = 0x00 Bits 0 through 3 control which contactless payment brands are enabled (chip card contactless only): 0x0 = All contactless kernels enabled 0x1 = PayPass/MCL Support Disabled 0x2 = paywave Support Disabled 0x4 = Expresspay Support Disabled 0x8 = D-PAS Support Disabled Byte 8 Bit 4 Reserved Bit 5 Alternate GUI Control (Contactless Only): Alternate mode prevents both the MSR and Contactless interfaces from being enabled at the same time. 0 = Standard 1 = Alternate Bit 6 Reserved Bit 7 Reserved Page 51 of 212 (D )

52 4 - Command Set Command 0x0A - Request MSR Data This command directs the device to send MSR data to the host; it should be issued after a Command 0x03 - Request Swipe Card command has successfully completed. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device sends multiple instances of Report 0x23 - Card Data Report to the host. If no MSR data is available, the device sends a single Report 0x23 - Card Data Report containing a Data Length of 0. Table Usage Table for Command 0x0A Byte 0 Byte 1 Bit x0A 0x00 Page 52 of 212 (D )

53 4 - Command Set Command 0x0B - Get Challenge This command directs the device to send challenge data to the host, which the host can then use to perform a specific sensitive operation / modify a specific type of device setting. Information about how the host should pass the required challenge data to the device is included in the documentation for all commands that use this security mechanism. Upon providing the challenge to the host, the device sets an internal countdown timer. When the time limit expires, the device will no longer accept the challenge. This binding of the command to a specific time period allows the device to detect and reject commands that have been captured/intercepted at one point in time and replayed later. To get a challenge, the host should follow these steps: 1) Send this command in Set mode per Table 4-12, specifying the item it intends to change or the operation it intends to perform. 2) Get the ACKSTS report from the device to make sure the command was successful. 3) Send this command in Get mode per Table If the Sub Operation was not valid, or if a valid Mutual Authentication Key (MAK) is not available for Sub Operation = 0x63, the device fills the Data Block with zeroes. Table Usage Table for Command 0x0B (Set mode) Byte 0 Byte 1 Bit x0B Sub Operation: 0x63 = Mutual Authentication Table Usage Table for Command 0x0B (Get mode) Byte 0 Byte 1 Bit Byte x0B Sub Operation: 0x63 = Login/Logout Mutual Authentication Data Block: If Sub Operation = 0x63 and a valid Mutual Authentication Key is available: Bytes 2..9 contain the encrypted partial device serial number and random token Bytes contain the partial device serial number Page 53 of 212 (D )

54 4 - Command Set Command 0x0C - Set Bitmap (Bitmaps Only) This command directs the device to save new bitmap image data in the specified slot with the selected format. The device can hold up to four different bitmaps in slots specified as Bitmap slot 1 through Bitmap slot 4. Slot 0 holds the default bitmap image, which is generally blank and can not be changed. For details about preparing and optimizing bitmaps for loading into the device, see D INSTRUCTIONS FOR LOADING BITMAP IMAGES, available from MagTek. To send new bitmap data to the device, follow these steps: 1) Issue Command 0x10 - Send Big Block Data to Device to send new bitmap image data to the device. 2) Issue Command 0x0C - Set Bitmap (Bitmaps Only) to direct the device to save the new bitmap image data in the specified slot with the selected format. 3) Optionally, display the Welcome page superimposed on a bitmap of the host s choice by calling Command 0x02 - End Session and specifying which bitmap slot to use. To clear a bitmap from a specified slot, the host can simply issue this command with the Operation to Perform set to 0x00 ( Clear ). If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0x0C Byte 0 Byte 1 Byte 2 Bit x0C Bitmap Number 0x00 = Bitmap slot 1 0x01 = Bitmap slot 2 0x02 = Bitmap slot 3 0x03 = Bitmap slot 4 Operation to Perform: 0x00 = Clear 0x01 = Save 0x02 = Invert (i.e. reverse black / white) and Save Figure DynaPro Go Welcome Screen With Custom Bitmap Page 54 of 212 (D )

55 4 - Command Set Command 0x0E - Get Information The host uses this command to retrieve various types of information from the device. Table Usage Table for Command 0x0E Byte 0 Bit x0E Byte 1 Info ID (see Table 4-17) If the host is retrieving Info ID 0x80, the host should call this command in Get mode, and if the device has keys injected, the command returns the requested KCV/Hash. If the host is using any Info ID other than 0x80, it should follow these steps: 1) Call this command in Set mode, specifying the Info ID from Table If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. 2) Call this command in Get mode. 3) The device responds with the requested data. Table Usage Table for Command 0x0E Byte 0 Bit x0E Byte 1 Info ID (see Table 4-17) Byte 2 Key Status, if Info ID < 0x80: 0x00 = Empty (default) 0x01 = OK 0x02 = Exhausted Key Status, if Info ID = 0x80: 0x00..0x05 = KCV type (see Table 4-17) Byte 3 Data length (see Table 4-17); default value is 0 Byte Block data Table Response for Command 0x0E Info ID Key Status Data Length 0x00 1 lbllen* Data Mutual Authentication Key (MAK) label 0x KSN PIN Key 0x KSN MSR Key 0x KSN Description If Mutual Authentication Key exists PIN Key exhausted (no more DUKPT keys available) Page 55 of 212 (D )

56 4 - Command Set Info ID Key Status Data Length 0x KSN Data Page 56 of 212 (D ) Description MSR Key exhausted (no more DUKPT keys available) 0x03 1 <=59 SN & subject s DN** If PIN Key Loader Certificate exists 0x04 1 <=59 SN & subject s DN** If MSR Key Loader Certificate exists 0x05 1 <=19 Label and KCV If Mutual Authentication Key exists 0x Customer ID (4 byte integer), Signing Sequence Number (4 byte integer), Upgradability Options (4 byte integer) 0x is Generic Customer Signing Sequence typically starts at 0x and must advance with each upgrade. Upgradability values: 0x = Generic Only 0x = Specific Only 0x = Generic or Specific 0x09 1 <=19 Label and KCV Acquirer Master Key 0x x 3 4 slots for bitmap data [status + 2 bytes CRC] status: 0 = not loaded 1 = loaded 0x60..0x70 1 <=59 SN & subject s DN** 0x71..0x7F 1 <=59 SN & issuer s DN** 0x80 kcv_type=0 4 KCV value Bitmap data status and its CRC If associated CA certificate exists*** If associated CA certificate exists*** KCV**** for Mutual Authentication Key 0x80 kcv_type=1 4 KCV value KCV for First DUKPT PIN Key 0x80 kcv_type=2 4 KCV value KCV for First DUKPT MSR Key 0x80 kcv_type=4 4 Hash value 0x80 kcv_type=5 4 Hash value Device Authentication token signed by PIN Key Loader Certificate Device Authentication token signed by MSR Key Loader Certificate 0x80 kcv_type=9 4 KCV value KCV for Acquirer Master Key 0x80 All other kcv_types 0 KCV**** * lbllen = Mutual Authentication Key s label length ** SN = serial number of certificate; DN = distinguished names of subject or issuer of certificate; Data length varies with SN and DN length; max length is 59. *** its corresponding CA certificate **** KCV = Key Check Value, where the lowest 6 digits are valid

57 4 - Command Set Command 0x0F - Login/Authenticate or Logout The host uses this command to perform mutual authentication with the device (log in) or to revoke authentication (log out). If the Device Control byte returned from Command 0x09 - Set / Get Device Configuration has the bit set for Mutual Authentication Required, the host must successfully call this command to bring the device out of the OFFLINE state. If mutual authentication is required, the host must follow these steps to initiate mutual authentication: 1) Request a mutual authentication token from the device using Command 0x0B - Get Challenge. 2) Decrypt the received token using the Mutual Authentication Key to create an 8-byte decrypted token. 3) Create an 8-byte transformed token from the decrypted token as follows: a) Split the token into a first half-token and a last half-token. b) Add 0x to the last half-token in little-endian format, truncate off the carry (if any) to get 4 bytes, and use the result as the beginning of the transformed token. c) Append the first half-token to the end to form the full transformed token. 4) Encrypt the transformed token with the Mutual Authentication Key to create an encrypted transformed token. 5) Call the Login / Authenticate form of this command. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0x0F Login/Authenticate or Logout Byte 0 Byte 1 Bit Bytes x0F 0x00 = Logout 0x01 = Login / Authenticate If logging in, encrypted transformed token (8 bytes). See Command 0x0B - Get Challenge. If logging out, Reserved. Page 57 of 212 (D )

58 4 - Command Set Command 0x10 - Send Big Block Data to Device This command is used to provide data for several general commands and input reports (listed in Table 4-19) in 60-byte increments. If the data size is greater than 60 bytes, the data must be split into several smaller blocks, each containing a maximum of 60 bytes. Two data formats are used in connection with this command: The first packet (block 0, see Table 4-19) signals the start of a new data set and specifies the complete total length of the data; subsequent packets (blocks 1 through n, see Table 4-20) transmit the actual data to a predefined buffer within the device. For more information about big blocks and TLV format, see section 4.1 About Big Block Data and TLV Format. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device stores the uploaded data in a local staging buffer for use by a subsequent command, and the host must call that command to direct the device to consume the uploaded data. Table Usage Table for Command 0x10 (Block 0) Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 Bit Byte x10 Data Type: 0x06 = Request cardholder selection (Custom Messages Only) 0x07 = Display custom message (Custom Messages Only) 0x0C = Bitmap image data (Bitmaps Only) 0x16 = Menu Line Items (Handheld Operation Only) 0x17 = Firmware file 0xA0 = EMV data in DOL format (MAC) 0xA1 = EMV data in TLV format, Set EMV Tag(s) (MAC) 0xA4 = EMV data in TLV format, Acquirer Response (ARPC) 0xA5 = EMV CA Public Key Data (MAC) 0xAE = DET to send.(mcl 3.1 only) 0x00 = Start of new data set (this packet contains the total data length) Data Length low byte Data Length high byte (if Byte 7 indicates Legacy) Data Length middle low byte (if Byte 7 indicates Extended) Reserved (if Byte 7 indicates Legacy) Data Length middle high byte (if Byte 7 indicates Extended) Reserved (if Byte 7 indicates Legacy) Data Length high byte (if Byte 7 indicates Extended) Extended Type: 0x00 = Legacy, data length less than 64K 0x01 = Extended, data length > 64K Reserved Page 58 of 212 (D )

59 4 - Command Set Table Usage Table for Command 0x10 (Blocks 1 through n) Byte 0 Byte 1 Byte 2 Byte 3 Bit Bytes x10 Data Type: 0x06 = Request cardholder selection (Custom Messages Only) 0x07 = Display custom message (Custom Messages Only) 0x0C = Bitmap image data (Bitmaps Only) 0x17 = Firmware file 0xA1 = EMV data in TLV format 0xA4 = EMV data in TLV format, Acquirer Response (ARPC) 0xA5 = EMV CA Public Key Data (MAC) 0xAE = DET to send (MCL 3.1 only) Data Packet Number (1..n) Packet Length Packet Data: (EMV Only) If sending EMV data, use Tag-Length-Value format. For more information about big blocks and TLV format, see section 4.1 About Big Block Data and TLV Format. If sending 0xAE, use the format defined in Command 0xAE - MCL Send DET Command (MCL 3.1 Support Only). (MasterCard MCL 3.1.x support only) Page 59 of 212 (D )

60 4 - Command Set Command 0x11 - Request Manual Card Entry This command directs the device to prompt the cardholder to enter the following card information by keypad. Two modes are available: Account Number mode and Qwick Code mode: Account Number mode prompts for the following: Account number (minimum length = 9, maximum length = 19) Expiration date (minimum length = maximum length = 4) Card verification code (minimum length = 3, maximum length = 4) Qwick Code mode prompts for the following: Qwick Code (minimum length = 8, maximum length = 16) Last 4 digits of account # (minimum length = maximum length = 4) Card verification code (minimum length = 3, maximum length = 4) Figure DynaPro Go Manual Card Information Entry If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device sends Report 0x22 - Card Status Report to the host. If the cardholder or operator cancelled the request, or if the request timed out, byte 1 of Report 0x22 - Card Status Report contains the appropriate Operation Status code to indicate why the command did not complete. Otherwise, if all of the card information was entered correctly, byte 1 = 0x00 (this command completed OK), byte 2 = 0x00 (Card Status is OK), byte 3 = 0x03 (Card Type is manual), and the host should send a request to get the card data (see Command 0x0A - Request MSR Data). The device responds with multiple instances of Report 0x23 - Card Data Report, followed by Report 0x20 - Device State Report. Table Usage Table for Command 0x11 Bit Byte 0 Byte 1 0x11 Wait Time in seconds, (0x01..0xFF, 0x00 = 256 seconds) Page 60 of 212 (D )

61 4 - Command Set Bit Byte Byte 3 0=Use PAN min 9, max 19 1=Use PAN min 14, max 21 1=Use PAN in PIN block creation 1=Use QwickCodes entry Field Options: 0 = Acct,Date,CVC 1 = Acct,Date 2 = Acct,CVC 3 = Acct Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. The track data sent by the device for manually entered card data may be masked according to the device s configuration (the same as it is for credit/debit cards), but the data shown in the following examples is unmasked just to show the detail. The account number or QwickCode is denoted by a string of 5s, the expiration date (or PAN4) by 3s and the CVC by 4s. The location marked by 6 indicates the field options used when the data was collected; unused fields are 0s. 0s below denote fixed-length filler. Track 1 card type ( B for credit/debit cards) is set to M and the name is set to the string literal MANUAL ENTRY/. Track 1 data may be found in the instance of Report 0x23 - Card Data Report that contains Data ID = 0x01. The device formats Track 1 card data as follows: %M ^MANUAL ENTRY/^ ? Track 2 data may be found in the instance of Report 0x23 - Card Data Report that contains Data ID = 0x02. The device formats Track 2 card data as follows: ; = ? The device does not change the length of the CVC (either 3 or 4 characters) entered by the cardholder. The length of the CVC thus affects the length of the track data output by the device, and the host must locate the CVC in the track data as follows: The CVC starting position is the byte after the 6 digits which follow the 4-digit expiration date (or PAN4). The CVC ending position in Track 1 is the byte before the 6 digits which precede the end sentinel (?); the CVC ending position in Track 2 is the byte before the 3 digits which precede the end sentinel (?). Page 61 of 212 (D )

62 4 - Command Set Command 0x14 - Request Cardholder Data Entry This command directs the device to prompt the cardholder to enter SSN, Zip Code, Birth Date, Activation Code (Activation Codes Only)(firmware revision C12 and newer), (Handheld Transactions Only) Server/Waiter Number or Ticket Number, by displaying one of the available predetermined messages, examples of which are shown below: Page 62 of 212 (D )

63 4 - Command Set Figure DynaPro Go Request Cardholder Data Entry Screens If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Otherwise, when the command completes (data entry done, cardholder or operator cancelled, or timeout), the device sends Report 0x21 - Cardholder Data Entry Response Report to the host. Table Usage Table for Command 0x14 Byte 0 Byte 1 Byte 2 Byte 3 Bit x14 Wait time in seconds (0x00 to 0xFF, 0 = 256 seconds) Cardholder data mode: 0x00 = Enter SSN (9 digits) 0x01 = Enter Zip code (5 digits) 0x02 = Enter Birthdate (8 digits, in MM/DD/YYYY format) 0x03 = Enter Birthdate (6 digits, in MM/DD/YY format) 0x04 = Enter Activation code (4 digits) (Activation Codes only, firmware revision C12 and newer) 0x05 = Enter Server/Waiter code (4 to 9 digits) (Handheld Operation Only) 0x06 = Enter Ticket Number (4 to 9 digits) (Handheld Operation Only) Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Page 63 of 212 (D )

64 4 - Command Set Command 0x16 - Get Selected Menu Item Command (Handheld Operation Only) The host uses this command to direct the device to present a list of up to 10 line items for a cardholder or operator to select from. The host should first use Command 0x10 - Send Big Block Data to Device to send the line items for the device to display, with each line item terminated by a Carriage Return, then call this command to direct the device to prompt the cardholder or operator. When selection is complete, the device sends Report 0x26 - Send Selected Menu Item (Handheld Operation Only) to the host. For example, to show the following menu items: Table1 Table2 Table3 Figure DynaPro Go Get Selected Menu Item The host should first send Table1<CR>Table2<CR>Table3<CR><CR> using Command 0x10 - Send Big Block Data to Device, then call this command. The host should keep track of each item s index in the list so it can interpret the selection the device reports back. For example, Table1 above is index 0, and Table3 is index 2. Table Usage Table for Command 0x16 Byte 0 Byte 1 Byte 2 Byte 3 Bit x16 Wait time in seconds, (0x01..0xFF; 0x00 = 256 seconds) Menu Selection Mode: 0x00 = Select Table 0x01 = Select Bill Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Page 64 of 212 (D )

65 4 - Command Set Command 0x17 - Update Device This command directs the device to validate, authenticate, and use the file data to upgrade the device s main application firmware. It is only available when using the USB or Ethernet connections. Further information about the bootloader is available in document MNL DYNALEX BOOTLOADER. To send new file data to the device, follow these steps: 1) Issue Command 0x10 - Send Big Block Data to Device to send new file data to the device 2) Issue Command 0x17 - Update Device to request the device to validate and perform an update using the file data with the correct parameters. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0x17 Byte 0 Bit x17 Byte 1 Options. See Table Bytes 2..8 Reserved Table 4-25 Byte 1 Options for Command 0x17 Bit Notes Reset Options N/A N/A N/A N/A N/A N/A 0 0 N/A N/A N/A N/A N/A N/A 0 1 N/A N/A N/A N/A N/A N/A 1 0 RFU N/A N/A N/A N/A N/A N/A 1 1 RFU X X X X X X N/A N/A RFU Return Response ACK (big data must exist), Update, Reset when Done Return Response ACK (big data must exist), Update, Delayed Response ACK, Allow Reset later Return Response ACK, wait 100ms, Reset Now (only valid after successful update) Page 65 of 212 (D )

66 4 - Command Set Command 0x1A - Request Device Information This command requests information about the device. Use this command in Set mode first to specify the information to retrieve, then use Get mode to retrieve the requested information. Table Usage Table for Command 0x1A Byte 0 Byte 1 Bit Bytes x1A Mode: 0x00 = Product_ID 0x01 = Maximum Device Message Size 0x02 = Capability String 0x03 = Manufacturer 0x04 = Product Name 0x05 = Serial Number 0x06 = Firmware Number 0x07 = Build Info 0x08 = MAC Address Wireless Module ( Wireless Only) 0x09 = Firmware Version Wireless Module ( Wireless Only) 0x0A = Boot1 Firmware Version 0x0B = Boot2 Firmware Version 0x10 = Contactless Database Status (Chip Card Contactless Only) Reserved Depending on what device information the host has requested, the device responds to this command using the following formats. Table Usage Table for Command 0x1A - Product_ID Byte 0 Byte 1 Bit Bytes x1A 0x (null terminated string) Table Usage Table for Command 0x1A - Maximum Device Message Size Bit Byte 0 0x1A Byte 1 0x01 Bytes (null terminated string) Table Usage Table for Command 0x1A - Capability String Bit Byte 0 0x1A Page 66 of 212 (D )

67 4 - Command Set Byte 1 Bit x02 V=4,SC=1,SR=1,TR=1,MS2=1,PFK=1,UDE=2,CE=2,CLE=1,DR=1, WF=1" (null terminated string) Bytes Capability String Code Description: V = Device Type SC = Signature Capture Support, 1=Supported, 0=Not Supported SR = SRED, 1=SRED, 0=NON-SRED TR = Token Reversal Support, 1=Supported, 0=Not Supported MS2 = MagneSafe 2.0 Support, 1=Supported, 0=Not Supported PFK = PIN Fixed Key Support, 1=Supported, 0=Not Supported UDE = Cardholder Data Entry Mode, 1=Encrypted Only, 2=Clear Text and Encrypted CE = Contact EMV Level Support, 1=L1, 2=L2 CLE = Contactless EMV Level Support, 1=L1, 2=L2 DR = Delayed Response Support, 1=Supported, 0=Not Supported WF = Wireless support, 1=Supported, 0=Not Supported Table Usage Table for Command 0x1A - Manufacturer Bit Byte 0 0x1A Byte 1 0x03 Bytes MagTek, Inc. (null terminated string) Table Usage Table for Command 0x1A - Product Name Byte 0 Byte 1 Bit Bytes x1A 0x04 The product name is a null-terminated string containing: DynaPro or DynaPro SC if the device is signature capture capable, or DynaPro Mini or DynaPro Go Table Usage Table for Command 0x1A - Serial Number Bit Byte 0 0x1A Byte 1 0x05 Bytes (null terminated string) Page 67 of 212 (D )

68 4 - Command Set Table Usage Table for Command 0x1A - Firmware Number Bit Byte 0 0x1A Byte 1 0x06 Bytes A01-DEMO (null terminated string) Table Usage Table for Command 0x1A - Build Info Bit Byte 0 0x1A Byte 1 0x07 Bytes <date><time> (null terminated string) Table Usage Table for Command 0x1A - MAC Address (Ethernet Only Wireless Only) Bit Byte 0 0x1A Byte 1 0x08 Bytes (null terminated string) Table Usage Table for Command 0x1A - Network Module Firmware Version (Ethernet Only Wireless Only) Byte 0 Byte 1 Bit Bytes x1A 0x (null terminated string) Table Usage Table for Command 0x1A - Boot1 Firmware Version Bit Byte 0 0x1A Byte 1 0x0A Bytes B01-DEMO (null terminated string) Table Usage Table for Command 0x1A - Boot2 Firmware Version Bit Byte 0 0x1A Page 68 of 212 (D )

69 4 - Command Set Bit Byte 1 0x0B Bytes B02-DEMO (null terminated string) Table Usage Table for Command 0x1A - Contactless Database Status (Chip Card Contactless Only) Byte 0 Byte 1 Byte 2 Bit Bytes x1A 0x10 D-PAS 0x00 = Initialized 0x01 = Modified 0x11 = Corrupted Reserved Expresspay 0x00 = Initialized 0x01 = Modified 0x11 = Corrupted paywave 0x00 = Initialized 0x01 = Modified 0x11 = Corrupted PayPass/MCL 0x00 = Initialized 0x01 = Modified 0x11 = Corrupted Page 69 of 212 (D )

70 4 - Command Set Command 0x1F - Request Clear Text Cardholder Data Entry (Clear Text User Data Only) This command directs the device to prompt the cardholder to enter SSN, Zip Code, Birth Date, Activation Code (Activation Codes Only) (firmware revision C12 and newer), (Handheld Transactions Only) Server/Waiter Number or Ticket Number, by displaying one of the available predetermined messages, examples of which are shown below: Page 70 of 212 (D )

71 4 - Command Set Figure DynaPro Go Request Clear Text Cardholder Data Entry If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Page 71 of 212 (D )

72 4 - Command Set If no error occurs, when the command completes (data entry done, cardholder or operator cancelled, or timeout), the device sends Report 0x2E - Clear Text Cardholder Data Entry Response Report to the host. If data entry is successful, the report also contains the requested data. Table Usage Table for Command 0x1F Byte 0 Byte 1 Byte 2 Byte 3 Bit x1F Wait time in seconds, (0x01..0xFF; 0x00 = 256 seconds) Cardholder data mode: 0x00 = Enter SSN (9 digits) 0x01 = Enter Zip code (5 digits) 0x02 = Enter Birthdate (8 digits, in MM/DD/YYYY format) 0x03 = Enter Birthdate (6 digits, in MM/DD/YY format) 0x04 = Enter Activation code (4 digits) (Activation Codes only) 0x05 = Enter Server/Waiter code (4 to 9 digits) (Handheld Operation Only) 0x06 = Enter Ticket Number (4 to 9 digits) (Handheld Operation Only) Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Page 72 of 212 (D )

73 4 - Command Set Command 0x32 - Get BIN Whitelist Table - Non Financial Format The device supports a BIN whitelist for non-financial cards that holds up to six six-digit Bank Identification Numbers (BINs). After a cardholder swipes a non-financial card, the device looks up the card s BIN in this whitelist. If it finds the card s BIN and if the card s PAN is longer than the Max Financial PAN Length in section 2.4 About Device Features, the device will not encrypt data ID 4, 5 or 6 in the Report 0x23 - Card Data Report it sends to the host. The host uses this command to direct the device to send the current contents of the BIN whitelist for nonfinancial cards to the host. The device responds in the following format: Table Usage Table for Command 0x32 (Get mode) Byte 0 Byte 1 Bit x32 Number of bytes to follow (36 = 0x24 for the 6 slots at 6 bytes each) Bytes 2..7 Data from BIN Whitelist Table Slot 1 Bytes Data from BIN Whitelist Table Slot 2 Bytes Data from BIN Whitelist Table Slot 3 Bytes Data from BIN Whitelist Table Slot 4 Bytes Data from BIN Whitelist Table Slot 5 Bytes Data from BIN Whitelist Table Slot 6 If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Page 73 of 212 (D )

74 4 - Command Set Command 0x33 - Get BIN Whitelist Table - Financial Format (Financial Format Whitelist Only) The device supports a BIN whitelist for financial cards that holds up to six six-digit Bank Identification Numbers (BINs). After a cardholder swipes a financial card, the device looks up the card s BIN in this whitelist. If it finds the card s BIN and if the card s PAN is longer than the Max Financial PAN Length in section 2.4 About Device Features, the device will not encrypt data ID 4, 5 or 6 in the Report 0x23 - Card Data Report it sends to the host. The host uses this command to request the device send the current contents of the financial format whitelist BIN table to the host. The device responds in the following format: Table Usage Table for Command 0x33 (Get mode) Byte 0 Byte 1 Bit x33 Number of bytes to follow (36 = 0x24 for the 6 slots at 6 bytes each) Bytes 2..7 Raw BIN stored in whitelist slot 1 Bytes Raw BIN stored in whitelist slot 2 Bytes Raw BIN stored in whitelist slot 3 Bytes Raw BIN stored in whitelist slot 4 Byte Raw BIN stored in whitelist slot 5 Byte Raw BIN stored in whitelist slot 6 If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Page 74 of 212 (D )

75 4 - Command Set Command 0x58 - Request Device Certificate The host uses this command to request a certificate stored on the device. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device sends the Device Certificate to the host in DER encoded X.509 format using Report 0x29 - Send Big Block Data to Host. Table Usage Table for Command 0x58 (Request Device Certificate) Byte 0 Byte 1 Bit x58 0x02 = Read Byte 2 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Device Certificate Page 75 of 212 (D )

76 4 - Command Set Command 0xFF - Device Reset This command directs the device to perform a restart. Table Usage Table for Command 0xFF Byte 0 Byte 1 Byte 2 Bit xFF 0x00 = Soft Reset Reserved Page 76 of 212 (D )

77 4 - Command Set 4.4 General Input Reports Input reports are asynchronous data packets (i.e., events) sent from the device to the host. Events occur when the device state changes, or upon completion of an asynchronous command (such as a command that requires cardholder input) sent by the host to the device Report 0x20 - Device State Report This event is triggered explicitly when the host successfully issues Command 0x08 - Request Device Status, or automatically when the device changes state. Both cases cause the device to send Device State, Session State, Device Status, Device Certificate Status, and Hardware Status to the host. Table Usage Table for Report 0x20 Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Bit x20 Device State: 0x00 = Idle 0x01 = Session 0x02 = Wait For Card 0x03 = Wait For PIN 0x04 = Wait For Selection 0x05 = Displaying Message 0x06 = Test (Reserved for future use) 0x07 = Manual Card Entry 0x09 = Wait Cardholder Entry 0x0A = Chip Card 0x0B = ICC Kernel Test 0x0C = EMV Transaction 0x0D = Show PAN Session State (see Table Session State Codes). Device Status (see Table Device Status Codes). Device Certificate Status (see Table Device Certificate Status Codes). Hardware Status (see Table Hardware Status Codes). Page 77 of 212 (D )

78 4 - Command Set Bit ICC Master and Session Key Status Bit 0: 1 = No Acquirer Master Key Injected Bit 1: 1 = No ICC Session Key Active Byte 6 Bit 2: 1 = CAPK EMV database corrupted Bit 3: 1 = EMV Terminal / Payment Brand Database corrupted Bit 4: 1 = Card Present in chip card connector Byte 7 Bit 5 (Contactless Chip Card Only): 1 = Contactless Database corrupted Extended Device Certificate Status ( Wireless Only, Otherwise Reserved). See Table 4-49 Extended Device Certificate Status Codes. Table Session State Codes Status/Msg Value Bit Pwr Chg Card Data MSRPAN EXPAN Amt The bits of Session State mean the following: Pwr Chg: 1 = Power Change Occurred (occurs on Power up or after a USB resume) Session State Card Data: 1 = Card Data Available MSR PAN: 1 = PAN Parsed from Card EXPAN: 1 = External PAN Sent Amt: 1 = Amount sent Page 78 of 212 (D )

79 4 - Command Set Table Device Status Codes Status/Msg Value 0x00 = OK. Otherwise, the possible values are listed below: Bits 0..1 = PIN Key Status: 00 = PIN Key OK 01 = PIN Key Exhausted 10 = No PIN Key 11 = PIN Key Not Bound Device Status Bits 2..3 = MSR Key Status: 00 = MSR Key OK 01 = MSR Key Exhausted 10 = No MSR Key 11 = MSR Key Not Bound Bit 4 = Tamper: 0 = Normal 1 = Tamper Detected Bit 5 = 0 Bit 6 = Authentication Status: 0 = Not Authenticated 1 = Authenticated Bit 7 = Device Error Status: 1 = Device Error (Can be cleared by calling Command 0x02 - End Session) Table Device Certificate Status Codes Status/Msg Device Certificate Status 0 = Certificate does not exist in the device 1 = Certificate exists in the device Value Bit MSR CRL PIN CRL TLS (RSA) Cert Manufact urer Unbind MSR Key Loader CA PIN Key Loader CA Device CA Device Cert Table 4-49 Extended Device Certificate Status Codes Status/Msg Device Certificate Status 0 = Certificate does not exist in the device 1 = Certificate exists in the device Value Bit Page 79 of 212 (D )

80 4 - Command Set Status/Msg Value Reserv ed Reser ved Reserv ed Reserved Reserved Reserved Reserved TLS (ECC) Cert Table Hardware Status Codes Status/Msg Hardware Status 0 = False 1 = True Value Bit IE3 only SRED Reserved Reserved Reserved Reserved Tamper Sensors Active Page 80 of 212 (D )

81 4 - Command Set Report 0x21 - Cardholder Data Entry Response Report This event supports Command 0x14 - Request Cardholder Data Entry. After the cardholder has successfully entered data, the device uses this report to send cardholder data to the host. Table Usage Table for Report 0x21 Byte 0 Bit x21 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Bytes Bytes MSR KSN Cardholder Data Block If the device is configured to send this data encrypted (see the Clear Text Cardholder Data bit in Command 0x09 - Set / Get Device Configuration), it encrypts the Cardholder Data Block using the current MSR DUKPT working key. It will either use the data variant or the PIN variant (see the MSR Encryption Variant bit in Command 0x09 - Set / Get Device Configuration). The Cardholder Data Block format is a proprietary variation of a standard PIN ISO Format 1 data block, but contains the information the host requested with Command 0x14 - Request Cardholder Data Entry (for example, if the host requested the cardholder s zip code, this block would return just the zip code data). After decryption, the 8-byte Cardholder Data Block is divided into 16 four-bit nybbles, as specified in the tables below. Each nybble contains one of the following: C: Control field o 0100=SSN o 0101=Zip Code o 0110=Birth Date o 0111=Activation Code [firmware revision C12 and newer] (Activation Codes Only) o 1000= Server/Waiter code (Handheld Operation Only) o 1001=Ticket Number (Handheld Operation Only) N: Data length P: Cardholder data digit from 0000 (decimal 0) to 1001 (decimal 9) R: Filled random number P/R: If the Birth Date data length is 6 (MMDDYY format), the positions marked P/R are filled with random numbers (R); if the Birth Date data length is 8 (MMDDYYYY format), those positions contain the rightmost two characters of the birth year (P). Table Report 0x21 Cardholder Data Block Format Bits SSN C N P P P P P P P P P R R R R R Zip Code C N P P P P P R R R R R R R R R Page 81 of 212 (D )

82 4 - Command Set Bits Birth Date C N P P P P P P P/R P/R R R R R R R Activation Code (Activation Codes Only) Server/Waiter code (Handheld Operation Only) Ticket Number (Handheld Operation Only) C N P P P P R R R R R R R R R R C N P P P P P/R P/R P/R P/R P/R R R R R R C N P P P P P/R P/R P/R P/R P/R R R R R R Page 82 of 212 (D )

83 4 - Command Set Report 0x22 - Card Status Report This event is triggered by Command 0x03 - Request Swipe Card or Command 0xA2 - Start EMV Transaction, which causes the device to send Operation Status, Card Status, and Card Type to the host. Table Usage Table for Report 0x22 Byte 0 Bit x22 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Byte 2 Card Status (see Table Card Status Codes). Byte 3 Card Type (see Table Card Type Codes on page 148) Table Card Status Codes Status/Msg Value 0x00 = OK Otherwise, for each track, the possible values are listed below: Card Status Value 0 = No error Value 1 = Error detected Bit ICC Track 3 Track 2 Track 1 0 Page 83 of 212 (D )

84 4 - Command Set Report 0x23 - Card Data Report (MAC-MSR) In response to the host sending Command 0x0A - Request MSR Data after a card swipe or manual card entry, the device sends multiple instances of this report; one for each Data ID listed in Table When sending encrypted data, the device encrypts using the current MSR DUKPT working key. It will use either the data variant or the PIN variant, based on how the device is configured (see the MSR Encryption Variant bit in Command 0x09 - Set / Get Device Configuration). To calculate a CBC-MAC for comparison, the host should store all bytes of all incoming reports asreceived (without decrypting), and assemble them end-to-end, stopping when it receives the final report, which will always contain Data ID 0x64 CBC-MAC. The host should then calculate the CBC-MAC over the data collected from all previous reports, using the Message Authentication, request or both ways variant of the same MSR DUKPT working key the device used to encrypt the data. For details about the MAC algorithm, see section 4.2 About Message Authentication Codes ( MAC-AMK or MAC- MSR ). Table Usage Table for Report 0x23 Byte 0 Byte 1 Byte 2 Byte 3 Bit x23 Data ID: 0x01 = Track 1 data 0x02 = Track 2 data 0x03 = Track 3 data 0x04 = Encrypted Track 1 data 0x05 = Encrypted Track 2 data 0x06 = Encrypted Track 3 data 0x07 = Encrypted MagnePrint data 0x40 = Encrypted PAN and expiration date (financial cards only; otherwise data is blank) 0x41 = Device serial number 0x63 = KSN and MagnePrint Status 0x64 = CBC-MAC Track Status: 0x00 = OK 0x01 = Empty 0x02 = Error 0x03 = Disabled Data Length Page 84 of 212 (D )

85 4 - Command Set Byte 4..n Bit Data Block If Data ID < 0x08, the data block contains track data, encrypted track data, or MagnePrint data corresponding to the Data ID the device is sending. If Data ID = 0x63, bytes are KSN data; bytes are MagnePrint Status data. If Data ID = 0x41, data block is the device s 8 byte serial number. If Data ID = 0x64, data block is a 4 byte CBC-MAC. If Data ID = 0x40, data block is the encrypted PAN and Expiration date in the following format: Start Sentinel( ; ) PAN Separator ( = ) YYMM (? ) Page 85 of 212 (D )

86 4 - Command Set Report 0x24 - PIN Response Report This event is triggered by Command 0x04 - Request PIN Entry, which directs the device to send PIN data to the host after a PIN is successfully entered. If the device is reporting the end of a PIN entry session that timed out or that the cardholder canceled, the data fields will be filled with zeroes. The device may report Keypad Security in Byte 1 to indicate the keypad has detected a tamper condition. This can be triggered by a cardholder pressing a function key for too long when selecting an account type. To cover this case, the host software should include retry logic that resends Command 0x04 - Request PIN Entry to re-arm the PIN pad. Table Usage Table for Report 0x24 Byte 0 Bit x24 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Bytes Bytes PIN KSN Encrypted PIN Block (EPB). If PIN entry was successful, this contains the PIN data, encrypted using the PIN variant of the current PIN DUKPT working key. Format after decryption depends on the PIN Option the host specified in Command 0x04 - Request PIN Entry, and on the device s Session State: If the Session State in Report 0x20 - Device State Report indicates there is no PAN available (from card swipe or sent via command), the device creates the EPB using ISO Format 1. If there is a PAN, the device creates the EPB using the PIN Option the host specified in the command. Page 86 of 212 (D )

87 4 - Command Set Report 0x25 - Cardholder Selection Response Report The device sends this report to the host to provide a response to Command 0x06 - Request Cardholder Selection. Table Usage Table for Report 0x25 Byte 0 Bit x25 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Byte 2 Code of key pressed: 0x71 = Left function key 0x72 = Middle function key 0x74 = Right function key 0x78 = Enter key Page 87 of 212 (D )

88 4 - Command Set Report 0x26 - Send Selected Menu Item (Handheld Operation Only) This event is triggered by Command 0x16 - Get Selected Menu Item Command (Handheld Operation Only), which directs the device to prompt a cardholder or operator to select a value from a list and send the results to the host after selection is complete. Table Usage Table for Report 0x26 Byte 0 Bit x26 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Byte 2 Byte 3 Byte 4 Menu Selection Mode 0x00 = Select Table 0x01 = Select Bill Index of Selected Menu Item 0x00 (Reserved) Page 88 of 212 (D )

89 4 - Command Set Report 0x27 - Display Message Done Report The device sends this report to the host to indicate a pending Command 0x07 - Display Message has completed. Table Usage Table for Report 0x27 Byte 0 Bit x27 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Page 89 of 212 (D )

90 4 - Command Set Report 0x29 - Send Big Block Data to Host The device sends this report to the host to send the cardholder s signature, device certificate, or CSR to the host. If the data size is greater than 123 bytes, the data must be broken into multiple 123-byte data blocks, or packets. The host will use three distinct types of block in connection with this command: The first packet (block 0) is used to signal the start of sending, which defines the buffer type, buffer status, and the total length of data being sent (in bytes); Subsequent packets (blocks 1 through n) contain the requested data; and A final packet signifies the end of sending. If the big block buffer type parameter is one of the types tagged with Secured or MAC, the first two bytes of the Data Block in Block 1 are the expected total length of the response data (from all blocks 1..n), excluding data padding and CBC-MAC. If the big block buffer type parameter is PayPass/MCL Asynchronous Message, after assembly of the different packets, the first two bytes of the data packet are the length, and the TLV formatted message starts on the third byte. For more information about big blocks and TLV format, see section 4.1 About Big Block Data and TLV Format. Table Start of Big Block Sending Format (Block 0) Bit Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 0x29 Big block buffer type: 0x02 = Device certificate 0x32 = Set BIN (MAC) 0x42 = Device CSR 0x43 = TLS CSR 0xA1 = EMV data in TLV format, Tag Data (MAC) 0xA2 = Reserved 0xA3 = Reserved 0xA4 = EMV data in TLV format, Authorization Request (ARQC) 0xA5 = EMV CA Public Key (MAC) 0xAB = EMV data in TLV format, Batch Data or Batch Data and Reversal Data 0x00 = Start flag Big buffer status (0x00 = N/A) Data length low byte Data length high byte Table Big Block Data Sending Format (Blocks 1 thru n) Bit Byte 0 Byte 1 0x29 Not defined Page 90 of 212 (D )

91 4 - Command Set Bit Byte 2 Block number (options: 0x01..0x62) Byte 3 Data length Byte 4..n Data block (maximum 123 bytes) Table End of Big Block Sending Format Bit Byte 0 0x29 Byte 1 Not defined Byte 2 0x63 = End flag Big Block Data for Authorization Request (ARQC) In response to Command 0xA2 - Start EMV Transaction, when an ONLINE approval is required as determined by the device and the ICC, by default the device sends EMV tag 70 containing an authorization request message to the host in the format shown below. The list of tags the device includes in the authorization request message can be re-configured by changing the list of tags stored in tag DFDF02 (see Command 0xA1 - Access EMV Tags). The data is contained in EMV tag 70. Table Default ARQC Data Format 9F03 9F26 Tag Description Source Format Length Secondary amount associated with the transaction representing a cashback amount Cryptogram returned by the ICC in response of the GENERATE AC command Page 91 of 212 (D ) Device n 6 Card b 8 82 EMV Application Interchange Profile Card b 2 5A EMV Application PAN Card c F34 EMV Application PAN Sequence Number Card n 1 9F36 EMV Application Transaction Counter Card b 2 9F1A EMV Terminal Country Code Device n 2 95 TVR Device b 5 9F02 Authorized amount of the transactions (excluding adjustments) Device n 6 5F2A Transaction Currency Code Device n 2 9A Local Date transaction was authorized Device n 3 9C Transaction Type Device n 1 9F37 Unpredictable Number Device b 4 9F10 Issuer EMV Application Data Card b 0..32

92 4 - Command Set Tag Description Source Format Length DFDF53 Fallback Indicator Device n 1 F5 Container For Encrypted PIN Device b Var F4 Container For Encrypted MSR Device b Var Page 92 of 212 (D )

93 4 - Command Set Report 0x2A - Delayed Response ACK This event is triggered by completion of longer-running commands that need to report status back to the host. It is an asynchronous version of Command 0x01 - Response ACK. Table Usage Table for Report 0x2A Byte 0 Byte 1 Byte 2 Bit Bytes 3..n 0x2A Status of Command ( ACKSTS ) ID for Command reporting status Reserved Page 93 of 212 (D )

94 4 - Command Set Report 0x2E - Clear Text Cardholder Data Entry Response Report (Clear Text User Data Only) This event is triggered by Command 0x1F - Request Clear Text Cardholder Data Entry, which directs the device to send clear text cardholder data to the host after the cardholder has successfully entered data. It is only available in firmware revision C12 or newer. Table Usage table for Report 0x2E Byte Byte 0 0x2E Description Byte 1 Operation Status (see Table Operation Status Codes on page 148) Byte 2 Byte 3 Bytes Cardholder Data Mode: 0x00 = SSN (9 digits) 0x01 = Zip Code (5 digits) 0x02 = Birthdate (8 digits, MMDDYYYY format) 0x03 = Birthdate (6 digits, MMDDYY format) 0x04 = Activation Code (4 digits) (Activation Codes Only) 0x05 = Server/Waiter Number (4 to 9 digits) (Handheld Operation Only) 0x06 = Ticket Number (4 to 9 digits) (Handheld Operation Only) Length of data Clear Text Cardholder Data block - only the indicated number of bytes is meaningful, other bytes should be ignored. Page 94 of 212 (D )

95 4 - Command Set Report 0x2F - Request Host Connection (Handheld Operation Only, Wireless Only) When the device is configured in a handheld solution to not persistently listen for host commands on a predetermined TCP/IP port (see Network Connection Mode in Command 0x09 - Set / Get Device Configuration), it sends this report to the host to request the host initiate the connection: 1) The device must first be properly configured, which will include specifying how it should connect to the host [see section Wireless Commands and Reports ( Wireless Only)]. 2) On the device s keypad, an operator enters a Start Transaction keypad sequence. 3) The device checks its connection to the Wireless Access Point, and if necessary, registers its device name (TLS plus its serial number) with the DNS server, and gets an IP address. 4) The device opens an unsecured TCP connection to the configured host. 5) The device sends the host this notification, which contains the Device TLS Certificate Common Name, which is the same as the registered DNS Name of the device, and will only accept an ACK response from the host. a) If the host responds correctly, the device closes the TCP connection, opens a secure listening socket for the host to connect to, and waits for the host to initiate a connection. b) If the host does not respond or responds incorrectly, the device closes the socket, shows an error on the display, and terminates the operation. The operator must enter a Start Transaction keypad sequence to start again. 6) The host can now connect to the listening socket and send any available command. 7) The host should perform all required operations, then close the socket. If there is no user activity and the host leaves the connection inactive past the timeout set by Command 0xE2 - Set / Get Wireless Timeouts ( Wireless Only), the device closes the connection automatically and returns to the Welcome screen. To deal with this case, the host should always check to make sure it has an open connection before assuming it can continue with a multi-part operation. If the socket is not available, the host should assume the device has returned to the Welcome screen. Although all commands are then available for the host to call over the connection, generally the host should assume the device is performing a handheld transaction, and respond by sending the device either Command 0x1F - Request Clear Text Cardholder Data Entry (Clear Text User Data Only) or Command 0x14 - Request Cardholder Data Entry with the command s Cardholder Data Mode set to one of the Handheld Operation selections. In many cases the host would then issue Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) to gather further information from the cardholder, then use the gathered data to send Command 0xA2 - Start EMV Transaction. Table Usage table for Report 0x2F - Request Host Connection Byte Description Byte 0 Bytes 1..2 Byte 3 Byte 4 Byte x2F Device Listening Port TLS Enabled 0x00 = Disabled 0x01=Enabled Device TLS Certificate Common Name length Device TLS Certificate Common Name (up to 59 characters, padded to fill) Page 95 of 212 (D )

96 4 - Command Set 4.5 EMV-Related Commands and Reports (EMV Only) This section contains both commands sent from the host to the device (feature reports) and asynchronous events sent from device to the host (input reports) that support EMV transaction processing. After the device successfully reads a chip card, it generates EMV data in the form of tags for transaction processing. The device then sends the host its own information plus information read from the card. The host will generally then use that information to authorize, complete, and save a transaction. If fallback is enabled, the device uses magnetic stripe data to process a transaction if it can not read the chip card. A number of tags can be configured on the device using the Set form of Command 0xA1 - Access EMV Tags, such as EMV terminal floor limit, terminal ID, and transaction currency code. Page 96 of 212 (D )

97 4 - Command Set Report 0x2C - EMV Cardholder Interaction Status Report This event is triggered during an EMV transaction started by Command 0xA2 - Start EMV Transaction. Events are generated when there is a cardholder interaction; for example, when a screen is displayed and waits for cardholder input. This report is used to update the merchant display throughout the transaction based on cardholder interactions. Table Usage Table for Report 0x2C Byte 0 Byte 1 Byte 2 Byte 3 Bit x2C EMV Cardholder Interaction Status ID: 0x01 = Waiting for amount confirmation selection 0x02 = Amount confirmation selected 0x03 = Waiting for multi-payment ICC Application selection 0x04 = ICC Application selected 0x07 = Waiting for language selection 0x08 = Language selected 0x09 = Waiting for credit/debit selection 0x0A = Credit/Debit selected 0x0B = Waiting for PIN Entry for ICC 0x0C = PIN entered for ICC 0x0D = Waiting for PIN Entry for MSR 0x0E = PIN entered for MSR 0x00 (Reserved) 0x00 (Reserved) Data block: If EMV Cardholder Interaction Status ID from Byte 1 = 0x02, value 0x01 indicates Amount Confirmed, or value 0x02 indicates Amount Not Confirmed. Bytes If EMV Cardholder Interaction Status ID from Byte 1 = 0x04, data is a string representing EMV application preferred name, or label chosen by cardholder. If EMV Cardholder Interaction Status ID from Byte 1 = 0x0A, value 0x01 indicates Credit, or value 0x02 indicates Debit. If EMV Cardholder Interaction Status ID from Byte 1 = 0x20, bytes 4 and 5 indicate the length of data starting at byte 6, which is in TLV format. Otherwise, no data. Page 97 of 212 (D )

98 4 - Command Set Report 0x30 - Tip or Cashback Report (Handheld Operation Only) The device sends this report to the host to provide a response to Command 0xA0 - Request Tip or Cashback (Handheld Operation Only). Table Usage Table for Report 0x30 - Tip or Cashback Byte 0 Bit x30 Byte 1 Operation Status (see Table Operation Status Codes on page 148) Byte 2 Bytes 3..8 Bytes Bytes Bytes Byte 24 Mode: 0x00 = Tip 0x01 = Cashback Amount (n12 format) from original Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) Tax (n12 format) from original Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) Tax Rate % (n6 format x 100) from original Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) Tip or Cashback amount depending on Mode specified in Byte 2 (n12 format) Reserved Page 98 of 212 (D )

99 4 - Command Set Command 0xA0 - Request Tip or Cashback (Handheld Operation Only) The host uses this command to direct the device to request tip or cashback information from the cardholder or operator if the solution design needs that information to start an EMV transaction. The device prompts the cardholder or operator to enter the requested information, and upon successful entry sends Report 0x30 - Tip or Cashback Report (Handheld Operation Only) to the host to return the tip or cashback amount, which the host can then use when it calls Command 0xA2 - Start EMV Transaction. The maximum length of Transaction Amount, Calculated Tax Amount, Tip dollar amount, and Cash Back dollar amount is 10 digits. If the Tip calculated by percentage equals or exceeds $42,949,672.95, the device shows 0. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0xA0 Byte 0 Byte 1 Byte 2 Byte 3 Bytes 4..9 Bit Bytes Bytes Byte 19 Byte 20 Byte 21 Byte 22 Bytes xA0 Wait time in seconds, (0x01..0x3C) for cardholder to enter Tip or Cashback Operating Mode: 0x00 = Tip mode 0x01 = Cashback mode Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Transaction Amount (n12 format) Calculated Tax Amount (n12 format) Tax Rate % (n6 format x 100) (Handheld Operation Only). This information is for screen display only, the device does not perform any tax calculation Fixed Tip Selection Mode: 0x00 = Percent Mode 0x01 = Amount Mode Not applicable when using Cashback mode Percent or Fixed Amount for left button (format n2) Not applicable when using Cashback mode Percent or Fixed Amount for middle button (format n2) Not applicable when using Cashback mode Percent or Fixed Amount for right button (format n2) Not applicable when using Cashback mode Reserved Page 99 of 212 (D )

100 4 - Command Set Figure DynaPro Go Request Tip or Cashback - Cashback Mode Figure DynaPro Go Request Tip or Cashback - Tip Mode, Percent Page 100 of 212 (D )

101 4 - Command Set Figure DynaPro Go Request Tip or Cashback - Tip Mode, Amount Page 101 of 212 (D )

102 4 - Command Set Command 0xA1 - Access EMV Tags The host uses this to access slots on the device which store one or more EMV tags that drive the device s EMV kernel configurations. The set of available configuration tags comes from multiple sources: The EMV specification, EMV Integrated Circuit Card Specifications for Payment Systems v4.3. The MagTek custom tags listed in Appendix D MagTek Custom EMV Tags (for example, the host can assign the database of EMV tags a label using tag DFDF26, and read the checksum back using tag DFDF27); The payment brand tag sets listed in Appendix H. For example, if the device supports contactless operation and a cardholder presents a Visa card with paywave contactless, the device s behavior would be partially driven by the tag set listed in Appendix H.4 paywave Factory Defaults (paywave Support Only paywave 2.2 Support Only). Page 102 of 212 (D )

103 4 - Command Set Reading All EMV Tags To read all EMV tags stored on the device, the host should send the following command: Table Usage Table for Command 0xA1 (Set form to Read All Tags) Byte 0 Bit xA1 Specifies which EMV or Contactless tag group to read: If bits 6 and 7 are set to EMV/Contactless Application, bits 0..5 specify which application slot to read. Byte 1 Byte 2 Byte 3 Bytes = EMV/Contactless Terminal tag group 10 = EMV/Contactless Application tag group 11 = Contactless Dynamic Reader Limits (DRL) tag group (paywave Only) 0x0F=Read all EMV terminal or payment brand tags (Chip Card Contactless Only) If bits 6 and 7 are set to DRL, bits 0..5 specify the DRL group to read. Note that DRL applies only to Visa paywave. Number of supported slots: Contact: 0..9 (Contact Chip Card Only) PayPass/MCL: (MasterCard PayPass Support Only, MasterCard MCL 3.1.x Support Only) paywave: 0..7 (paywave Support Only) DRL: 0..4 (paywave Support Only) Expresspay: 0 (Expresspay Support Only) D-PAS: 0..4 (D-PAS Support Only) Database Selector: 0x00 = Contact L2 EMV Tags 0x01 = PayPass/MCL - MasterCard (MasterCard PayPass Support Only, MasterCard MCL 3.1.x Support Only) 0x02 = paywave - VISA (paywave Support Only) 0x03 = Expresspay - AMEX (Expresspay Support Only) 0x04 = D-PAS (D-PAS Support Only) Reserved If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device sends a response to the host s followup Command 0x01 - Response ACK, then sends Report 0x29 - Send Big Block Data to Host with a message structured like the example below. For details about using the general F9 MAC structure, see section 4.2 About Message Authentication Codes ( MAC-AMK or MAC-MSR ). Information specific to this message is provided after the example. AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */ F9<len> /* container for MAC structure and generic data */ DFDF55(MAC Encryption Type)<len><val> DFDF25(IFD Serial Number)<len><val> Page 103 of 212 (D )

104 4 - Command Set FA<len>/* container for generic data */ <tag><len><val>... <tag><len><val> <Padding to force F9 plus padding to be a multiple of 8 bytes> <Four byte CBC-MAC> The FA TLV data object contains nested TLV data objects representing the tags the host requested. The device calculates the CBC-MAC using the AMK key XOR 0x FF FF00. Page 104 of 212 (D )

105 4 - Command Set Command 0xA2 - Start EMV Transaction This command directs the device to initiate various transactions for magnetic stripe cards, chip cards, and contactless cards. The host should send the command to the device as follows: Table Usage Table for Command 0xA2 Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Bit xA2 Wait time in seconds, (0x01..0x3C, or 0x01..0x78 if the device supports MasterCard MCL 3.1.x) for cardholder to confirm, cancel, and present card. This timer is also used for the cardholder to choose an ICC application. Wait time in seconds, (0x01..0x3C, or 0x01..0x78 if the device supports MasterCard MCL 3.1.x) for cardholder to enter PIN. 0x00, Reserved for future use to support TIP mode Beeper Behavior (Only changes device behavior if Beeper Mode = Enabled in Command 0x09 - Set / Get Device Configuration). See Table Beeper Behavior Codes on page 148 for possible values. Card Type to Read: 0x01 = Magnetic Stripe Card 0x02 = Contact Chip Card 0x04 = Contactless Chip Card (Contactless Only) Byte 6 Bytes Byte 13 Bytes Bytes Multiple Card Types can be selected by ORing the values together. For example: Set byte 5 to 0x03 to read both Magnetic stripe card and contact chip card. Options: 0x00 = Normal 0x01 = Bypass PIN 0x02 = Force Online 0x04 = Acquirer not available (Note: prevents long timeout on waiting for host approval) Amount Authorized (EMV Tag 9F02, n12 format) Transaction Type: DynaPro Go and DynaPro Mini (Firmware Rev D and newer) 0x00 = Purchase 0x01 = Cash Advance 0x02 or 0x09 = Cashback 0x04 = Goods (Purchase) 0x08 = Services (Purchase) 0x12 = Cash Manual 0x20 = Refund (Chip Card Contactless Only) 0x50 = Payment (Chip Card Contact Only) Cashback Amount (if non-zero, EMV Tag 9F03, n12 format) (Contactless Only) Balance Read Before Gen AC (EMV Tag DF8104, n12 format) Page 105 of 212 (D )

106 4 - Command Set Bit Bytes Bytes Byte 34 Byte 35 (Contactless Only) Balance Read After Gen AC (EMV Tag DF8105, n12 format) Transaction Currency Code (EMV Tag 5F2A, format n4) Valid values: 0x0000 = Use value from contact database 0x0840 = US Dollar 0x0978 = Euro 0x0826 = UK Pound (Contactless Only) Transaction Category Code (PayPass/MCL Tag 9F53) (Quick Chip Only) 0x00 = Regular Mode 0x01 = Quick Chip Mode (Handheld Operation Only Re-PIN Operation Only, Otherwise Reserved) Byte 36 Bytes Bytes Byte 46 Byte 47 Byte 48 Bytes Bytes Operating Mode: (Handheld Operation Only) 0x00 = Legacy 0x01 = Tip 0x02 = Cashback Calculated Tax Amount (n12 format) (Handheld Operation Only) (Handheld Operation Only, Otherwise Reserved) Tax Rate % (n6 format x 100). This information is for screen display only, the device does not perform any tax calculation. Reserved Reserved. Set = 0x00 Reserved. Set = 0x00 (Handheld Operation Only, Otherwise Reserved) Tip (n12 format) Reserved If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Page 106 of 212 (D )

107 4 - Command Set Standard EMV Transaction The sequence for calling the command is as follows: 1) (Contactless Only) In solutions that accept all card types, the host may configure the device using Command 0x09 - Set / Get Device Configuration to set Alternate GUI Control = Alternate to avoid unintentional reading of contactless cards when a cardholder intends to use the magnetic stripe. Screens that would ordinarily prompt the cardholder to approve an amount will then include prompts to select a payment method (Swipe or Insert / Tap). 2) As a cautionary measure, the host may send the device Command 0x02 - End Session to make sure the device does not have a previous unfinished transaction lingering, which would block initiation of a new transaction. 3) The host finalizes the amount for the transaction. (Handheld Operation Only) For solutions that implement tip or cashback, this involves the host first calling Command 0xA0 - Request Tip or Cashback (Handheld Operation Only). 4) The host sends the device Command 0xA2 - Start EMV Transaction. 5) The device prompts the cardholder to present payment by displaying pre-defined EMV messages: a) DynaPro and DynaPro Go show AMOUNT OK? (AMOUNT) and Yes or No, and wait for the cardholder to select Yes, No, or Cancel. i) (Handheld Operation Only) If the host invoked the command with Operating Mode equal to Tip or Cashback, the device will also show the Tax, Tip, and Total amounts, or the Tax, Cash Back, and Total amounts, respectively. ii) (Contactless Only) If the device is configured to use Alternate GUI Control, and the command specified both Contactless Chip Card and Magnetic Stripe Card are enabled: (1) The device splits the Yes option further into Yes, Swipe or Yes, Insert/Tap. (2) If the host specified Quick Chip mode in the command, the device does not show an amount or a prompt at all, and instead just presents the cardholder with options Swipe, Insert/Tap, and Cancel. Figure DynaPro Go Handheld Operation Present Payment Pages Page 107 of 212 (D )

108 4 - Command Set 6) If the cardholder confirms the amount or makes a payment type selection, then depending on the card type the host specified in the command, the device arms the MSR and/or ICC slot, turns on the LED near the slot (if any), and displays either SWIPE or INSERT CARD. If the cardholder presses the Cancel button or the transaction times out, the device performs Command 0xA2 Completion. Figure 4-15 DynaPro Go Request Start EMV Transaction Insert Card - Contact Only Figure 4-16 DynaPro Go Request Start EMV Transaction Insert Card - Contactless Only Figure 4-17 DynaPro Go Request Start EMV Transaction Insert Card - Contactless and MSR Page 108 of 212 (D )

109 4 - Command Set Figure 4-18 DynaPro Go Request Start EMV Transaction Insert Card - Contact and Contactless Figure 4-19 DynaPro Go Request Start EMV Transaction Insert Card - Contact and MSR Page 109 of 212 (D )

110 4 - Command Set Figure 4-20 DynaPro Go Request Start EMV Transaction Insert Card - Contact, Contactless, and MSR 7) If the cardholder swipes a magnetic stripe card, the device meets EMV 4.x requirements by checking the service code from the magnetic stripe data to see if it begins with a 2 or a 6 to determine if the card also includes a chip, and advises the cardholder that EMV is preferred by displaying USE CHIP READER (similar to the screenshots for Command 0x07 - Display Message). If the chip fails or the service code does not begin with a 2 or a 6, the device prompts the cardholder for an MSR swipe. After a successful swipe, the device prompts the cardholder to select Debit or Credit. If this is a debit account type, the device requests a PIN. 8) If the cardholder inserts a contact chip card, depending on the device s payment brand account type setting for ICC the Acquirer has set in tag DFDF73 [see Appendix D MagTek Custom EMV Tags (EMV Only)] the device does one of the following: a) Assume Credit, Debit, or Default. b) Prompt the cardholder to select Credit, Default, or Debit. Figure DynaPro Go Select Credit, Default, Debit 9) If the cardholder has inserted a contact chip card, the device shows ICC applications that are mutually supported by both the card and the device, and asks the cardholder to choose the preferred ICC application. If there is no mutually supported application, the device may show CARD BLOCKED. If a PIN entry is needed per EMV 4.x requirements, the device shows ENTER PIN and starts the PIN entry timer (similar to the screenshots for Command 0x04 - Request PIN Entry). If the cardholder cancels the transaction or the transaction times out, the device performs Command 0xA2 Completion. When the device is configured to allow PIN bypass using tag DFDF68, the PIN requirement can be bypassed by the merchant by setting bit 0, byte 6 of the 0xA2 command. The Page 110 of 212 (D )

111 4 - Command Set TVR bits will be set appropriately per EMV 4.x requirements. The PIN requirement can also be bypassed by the cardholder. Figure DynaPro Go EMV Application Selection 10) After PIN entry, the device displays either PIN OK or cycles through INCORRECT PIN and TRY AGAIN up to the PIN retry limit (similar to the screenshots in Command 0x04 - Request PIN Entry). If the number of attempts reaches PIN try limit-1, the device displays Last PIN Try briefly before returning to TRY AGAIN. If the cardholder exceeds the PIN entry retry limit, the device performs Command 0xA2 Completion, otherwise the transaction proceeds to the approval stage. Figure 4-23 DynaPro Go Last PIN Try Screen 11) The device determines the appropriate transaction approval method per EMV 4.x requirements. A transaction can be forced online by the merchant by setting the Options in the invocation of Command 0xA2 to Force Online. a) For offline transactions, the device gets the TC or AAC from the chip for later transmission to the host. Depending on the transaction outcome, the device shows APPROVED, DECLINED, or ERROR (similar to the screenshots in Command 0x07 - Display Message) and performs Command 0xA2 Completion. b) For online transactions, the device does the following: i) If the host started the transaction with Quick Chip Mode in effect: (1) The device sends an ARQC Request (EMV Only) to the host for approval using Report 0x29 - Send Big Block Data to Host. The host should save this information for later verification. Page 111 of 212 (D )

112 4 - Command Set (2) The device immediately constructs its own ARPC Response with tag 8A set to Z3 and continues the transaction processing. (3) The device performs Command 0xA2 Completion. (4) The device shows REMOVE CARD to notify cardholder the card can be removed, and ends the transaction. (5) The host should then process the ARQC Message data, including setting the final transaction amount, and should coordinate with the transaction processor to retrieve a final transaction result. (6) Based on the transaction result, the host can show APPROVED or DECLINED using Command 0x07 - Display Message. (7) The host may request for the transaction data by sending Command 0xAB Request EMV transaction data. ii) If the host started the transaction with Regular Mode (Quick Chip Mode NOT in effect): (1) The device sends an ARQC Request (EMV Only) to the host for approval using Report 0x29 - Send Big Block Data to Host. (2) The device starts a host response timer. (3) The device waits for the host to send Command 0xA4 - Acquirer Response ARPC (MAC-MSR). (4) The device processes the host response. (5) The device gets TC or AAC from the chip. (6) Depending on the transaction outcome, the device displays APPROVED, DECLINED or ERROR (similar to the screenshots in Command 0x07 - Display Message), and performs Command 0xA2 Completion. Page 112 of 212 (D )

113 4 - Command Set ARQC Request (EMV Only) ARQC stands for Authorization Request Cryptogram. These are requests sent by the payment method to the device to the host, which then transmits them to the transaction processor to request approval for the transaction SRED ARQC Request (SRED Only, MAC-MSR) On SRED devices, the device sends ARQC messages using Report 0x29 - Send Big Block Data to Host with a message structured like the example below. The host may also customize the contents of the messages using tag DFDF02. For details about using the general F9 MAC structure, see section 4.2 About Message Authentication Codes ( MAC-AMK or MAC-MSR ). Information specific to this message is provided after the example. AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */ F9<len> /* container for MAC structure and generic data */ DFDF54(MAC KSN)<len><val> DFDF55(MAC Encryption Type)<len><val> DFDF25(IFD Serial Number)<len><val> FA<len>/* container for generic data */ 70<len> /*container for ARQC */ DFDF53<len><value> /*fallback indicator */ 5F20<len><value> /*cardholder name */ 5F30<len><value> /*service code */ DFDF4D<len><value> /* Mask T2 ICC Data */ DFDF52<len><value> /* card type */ F8<len> /*container tag for encryption */ DFDF59<len><val> /* Encrypted Data Primitive; decrypt data to read tags */ DFDF56<len><val> /* Encrypted Transaction Data KSN */> DFDF57<len><val> /* Encrypted Transaction Data Encryption Type */ DFDF58<len><val> /* # of padding bytes added to DFDF59 value to force length to a multiple of 8 bytes */ <Padding to force F9 plus padding to be a multiple of 8 bytes> <Four byte CBC-MAC> TLV data object F8 is an encrypted data container wrapping the encrypted ARQC message in nested data object DFDF59, plus supporting information as clear text in other tags. (Re-PIN Only) When performing Select PIN or Verify PIN operations, TLV data object 70 also contains nested data object 5F34, containing the application expiration date. The device encrypts the Value inside data container DFDF59 using the data variant of the current MSR DUKPT working key used in the relevant transaction. As a requirement for using the DUKPT TDES encryption algorithm, the device pads it so the length of its value is a multiple of 8 bytes. The device uses Page 113 of 212 (D )

114 4 - Command Set tag DFDF58 to report how many bytes of tag DFDF59 are padding. DFDF59 contains the following after the host decrypts it: data */ Data><len><val> Data><len><val> in the clear*/ data */ multiple of 8 bytes> FC<len>/* container for encrypted generic data */ F4<len>/* container tag for encrypted MSR DFDF36 <EncT1status><len><val> DFDF37 <EncT1data><len><val> DFDF38 <EncT2status><len><val> DFDF39 <EncT2data><len><val> DFDF3A <EncT3status><len><val> DFDF3B <EncT3data><len><val> DFDF3C <Encrypted Magneprint DFDF43 <Magneprint Status DFDF50(MSR KSN Data)<len><val> /*sent DFDF51(MSR EncryptionType)<len><val> F5<len>/* container tag for encrypted PIN 99(Encrypted PIN DATA)<len><val> DFDF41(PIN KSN Data)<len><val> DFDF42(PIN EncryptionType)<len><val> <Padding to force DFDF59 plus padding to be a TLV data container F5 contains Encrypted PIN data using ISO Format 0 in nested data object 99, plus supporting information to decrypt it. The host should use the current PIN DUKPT working key specified in the supporting information. The device calculates the CBC-MAC using the Message Authentication, request or both ways variant of the current MSR DUKPT working key used in the relevant transaction Command 0xA2 Completion When this command completes (card read OK, transaction finished, ICC problems, command cancelled, cardholder cancels, or timeout): 1) The device clears all sensitive data buffers and sends a Report 0x22 - Card Status Report to the host, and will continue to show THANK YOU on the display. 2) If the report indicates the cardholder has pressed the Cancel button, the host should abort the transaction. 3) If the Card Status and Operation Status are both OK, the host should send a request to get the EMV card data with Command 0xAB - Request EMV Transaction Data (MAC-MSR). It may call this multiple times if necessary. 4) The host should wait for as long as the solution design requires THANK YOU to show on the display. 5) The host should send the device Command 0x02 - End Session to clear THANK YOU from the display and make the device ready for the next transaction. Page 114 of 212 (D )

115 4 - Command Set Command 0xA4 - Acquirer Response ARPC (MAC-MSR) If a chip card and the device determine an EMV transaction should be processed online, the device sends an ARQC Request (EMV Only) to the host. The host should coordinate approval of the transaction with the transaction processor, then use this command to provide the response from the transaction processor to the device. The host should stage a request message in a buffer, structured like the example below. For details about using the general F9 MAC structure, see section 4.2 About Message Authentication Codes ( MAC- AMK or MAC-MSR ). Information specific to this message is provided after the example. This example assumes a transaction processor response of 8A : AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */ F9<len> /* container for MAC structure and generic data */ DFDF54 (MAC KSN)<len><val> DFDF55 (MAC Encryption Type><len><val> DFDF25 (IFD Serial Number)<len><val> FA<len> /* Container for generic data */ 70<len> /*Container for ARPC data */ 8A <Padding to force F9 plus padding to be a multiple of 8 bytes> <Four byte CBC-MAC> TLV data object FA contains the full ARPC response, which must contain at least Response Code 8A, otherwise the host should terminate the transaction. Depending on the card type, FA may contain one or more of the following additional EMV data tags: 91 = Issuer Authentication Data 71 = Issuer Script Template 1 72 = Issuer Script Template 2 If the device is not configured to disable CBC-MAC verification, the host should calculate the CBC- MAC using the Message Authentication, request or both ways variant of the same MSR DUKPT working key used in the related ARQC Request. The device may also be factory configured to disable CBC-MAC verification (see the ARPC MAC Checking bit in Command 0x09 - Set / Get Device Configuration), in which case the MAC structure is still required, but the CBC-MAC field can be filled with any value. Depending on the device s terminal setting DFDF02, it may include tag DFDF40 in the ARQC request to help the host determine whether the device will check the CBC-MAC; 0x80 = checked, 0x00 means not checked. After constructing the full message, the host should send it to the device using Command 0x10 - Send Big Block Data to Device. After sending the contents of the message, the host should send the following command to trigger the device to process it: Table Usage Table for Command 0xA4 Bit Byte 0 Bytes xA4 Reserved Page 115 of 212 (D )

116 4 - Command Set Command 0xA8 - Get Kernel Info This command directs the device to send the requested kernel information to the host. Table Usage Table for Command 0xA8 Set Mode Byte 0 Bit xA8 Byte 1 Kernel Info ID (see Table 4-75) If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the host should call Command 0x08 - Request Device Status in Get mode to retrieve a response in the following format: Table Usage Table for Command 0xA8 Get Mode Byte 0 Bit xA8 Byte 1 Kernel Info ID (see Table 4-75) Byte 2 Bytes Data length Block data Table xA8 Kernel Info IDs Info ID Description 0x00 Version - L1 Kernel 0x01 Version - L2 Kernel LIB 0x02 Version - CL1 Kernel (Chip Card Contactless Only, otherwise Reserved) 0x03 Version - L2 HAL 0x04 Version - S/W LIB 0x05 Version - CL2 HAL (Chip Card Contactless Only, otherwise Reserved) 0x06 Version - CL2 Entry Point (Chip Card Contactless Only, otherwise Reserved) 0x07 Version - CL2 PayPass/MCL Kernel (Chip Card Contactless Only, otherwise Reserved) 0x08 Version - CL2 paywave Kernel (Chip Card Contactless Only, otherwise Reserved) 0x09 Version - CL2 Expresspay Kernel (Chip Card Contactless Only, otherwise Reserved) 0x0A Version - CL2 D-PAS Kernel (Chip Card Contactless Only, otherwise Reserved) 0x10 Checksum/Signature - L1 Kernel 0x11 Checksum/Signature - L2 Kernel LIB 0x12 Checksum/Signature - L2 Kernel Configuration 0x13 Checksum/Signature - L2 HAL Page 116 of 212 (D )

117 4 - Command Set Info ID 0x14 0x1F 0x20 0x21 0x22 0x23 0x24 0x25 0x26 Checksum/Signature - S/W LIB Description Checksum/Signature - L2 Kernel. This is the sum of all the checksums needed for the L2 Kernel and is the only value that should be monitored for L2 testing. Checksum/Signature - CL1 Kernel (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 HAL (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 Entry Point (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 PayPass/MCL Kernel (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 paywave Kernel (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 Expresspay Kernel (Chip Card Contactless Only, otherwise Reserved) Checksum/Signature - CL2 D-PAS Kernel (Chip Card Contactless Only, otherwise Reserved) Page 117 of 212 (D )

118 4 - Command Set Command 0xAB - Request EMV Transaction Data (MAC-MSR) This command directs the device to send merchant data and pre-defined EMV batch data tags to the host, and for unsuccessful transactions can be used to send pre-defined reversal data. It is normally used by the host for data capture. The host should first successfully complete Command 0xA2 - Start EMV Transaction, then call this command to retrieve the results of the transaction. The set of tags used during a given EMV transaction is a combination of the tags defined in the EMV specification and the tags that are specific to the kernel being used for the transaction. See the specifications for the payment brands for details: For EMV, see EMV Integrated Circuit Card Specifications for Payment Systems v4.3. For payment brands (Chip Card Contactless Only): o For MCL, see MasterCard Contactless Reader Specification Version and MagStripe Technical Specifications v3.3. o For paywave, see Visa Contact Specifications v o For Expresspay, see Expresspay Terminal Specification v3.0. o For D-PAS, see Discover Contactless D-PAS: Terminal Application Specifications, v1.0. Table Usage Table for Command 0xAB Bit Byte 0 Bytes xAB 0x00 (Reserved) If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. If no error occurs, the device sends Report 0x29 - Send Big Block Data to Host with a message structured like the example below. For details about using the general F9 MAC structure, see section 4.2 About Message Authentication Codes ( MAC-AMK or MAC-MSR ). Information specific to this message is provided after the example. (SRED Only) /*SRED Example */ AAAA /* 2-byte MSB message length excluding padding and CBC-MAC */ F9<len> /* container for MAC structure and generic data */ DFDF54(MAC KSN)<len><val> DFDF55(MAC Encryption Type)<len><val> DFDF25(IFD Serial Number)<len><val> FA<len>/* container for generic data */ F0<len> /* Transaction Results */ F1<len> /* container for Status Data */ /* Status Data tags */ F8<len> /* container tag for encryption */ DFDF59(Encrypted Data Primative)<len><Encrypted Data val (Decrypt data to read tags)> DFDF56(Encrypted Transaction Data KSN)<len><val> DFDF57(Encrypted Transaction Data Encryption Type)<val> Page 118 of 212 (D )

119 4 - Command Set DFDF58(# of bytes of padding in DFDF59)<len><val> F7<len>/* container for Merchant Data */ /* < Merchant Data tags */ <Padding to force F9 plus padding to be a multiple of 8 bytes> <Four byte CBC-MAC> On SRED devices, TLV data object DFDF59 contains the batch data message, encrypted using the data variant of the current MSR DUKPT working key used in the relevant transaction. After decryption, its value is structured as follows: FC<len>/* container for encrypted generic data */ F2<len>/* container for Batch Data */ /* Batch Data tags */ F3<len>/* container for Reversal Data, if any */ /* Reversal Data tags */ TLV data object F1 contains the Status Data, consisting of a set of tags listed in Table TLV data object F7 contains Merchant Data, consisting of a set of tags listed in Table 4-80, and is normally used by the host for receipt printing. The tags in the F7 container are not programmable. The device calculates the CBC-MAC using the Message Authentication, request or both ways variant of current MSR DUKPT working key used in the relevant transaction. For more information about big blocks and TLV format, see section 4.1 About Big Block Data and TLV Format. For an example of how to interpret the device s response to this command, see section A.2 How to Parse Encrypted Big Block EMV Data From An SRED Device. The following tables provide details about the data format. For an explanation of the Format columns, see the definitions in EMV 4.3 Book 3. Page 119 of 212 (D )

120 4 - Command Set Table Big Block Response to Command 0xAB - Status Data Container (F1) Tag Description Source Format DFDF1A DFDF1B Transaction Status 0x00 = Accept 0x01 = Decline 0x02 = Error 0x10 = Cancelled by Host 0x11 = Confirm Amount No 0x12 = Confirm Amount Timeout 0x13 = Confirm Amount Cancel 0x14 = MSR Select Credit 0x15 = MSR Select Debit 0x16 = MSR Select Credit/Debit timeout 0x17 = MSR Select Credit/Debit cancel 0x1B = PIN entry Cancelled by Host 0x1C = PIN entry timeout 0x1D = PIN entry Cancelled by Cardholder 0x1E = Manual Selection Cancelled by Host 0x1F = Manual Selection timeout 0x20 = Manual Selection Cancelled by Cardholder 0x21 = Waiting For Card Cancelled by Host 0x22 = Waiting For Card timeout 0x23 = Waiting For Card Cancelled by Cardholder 0x24 = Waiting For Card ICC Seated 0x25 = Waiting For Card MSR Swiped 0xFF = Unknown Additional Transaction Information 0x00 = No additional information 0x31 = EMV Application not selected 0x32 = Error transaction in progress 0x33 = Error invalid PSE format 0x34 = EMV Terminal application list is empty 0x35 = Candidate list is empty 0x36 = No transaction 0x37 = No common EMV applications 0x38 = Transaction canceled 0x39 = Aid parse error 0x3A = Code table index not found 0x3B = Error no more record 0x3C = EMV e overflow [sic.] Device b 1 Device b 4 Length (decimal) Page 120 of 212 (D )

121 4 - Command Set Table Big Block Response to Command 0xAB - Batch Data Container (F2 [Default Tags Shown]) Tag Description Source Format Len 82 EMV Application Interchange Profile Card b 2 8E CVM list Card b F24 Date after which the EMV Application expires Card n 3 5F25 Date from which the EMV Application can be used Card n 3 9F06 9F07 9F0D 9F0E 9F0F 9F10 9F26 9F27 9F36 Indicates the EMV Application as described in ISO/IEC Indicates issuer's specified restrictions on the geographic usage and services allowed for the EMV Application Specifies the issuer's conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online Specifies the issuer's conditions that cause the denial of a transaction without attempt to go online Specifies the issuer's conditions that cause a transaction to be transmitted online Contains proprietary EMV application data for transmission to the issuer in an online Transaction Cryptogram returned by the ICC in response to the GENERATE AC command Indicates the type of cryptogram and the actions to be performed by the terminal Counter maintained by the EMV application in the ICC (incrementing the ATC is managed by the ICC) Device b Card b 2 Card b 5 Card b 5 Card b 5 Card b Card b 8 Card b 1 Card b 2 95 TVR Device b 5 9B TSI Device b 2 9C Transaction Type Device b 2 9F33 Terminal Capabilities Device b 3 9F34 Indicates the results of the last CVM performed Device b 3 9F37 Value to provide variability and uniqueness to the generation of a cryptogram Device b 4 9F40 Additional Terminal Capabilities Device b 5 DFDF70 TAC-default (Terminal Action Codes) Device n 5 DFDF71 TAC-Offline (Terminal Action Codes) Device n 5 DFDF72 TAC-Online (Terminal Action Codes) Device n 5 9F5B Issuer Script Results Device b Page 121 of 212 (D )

122 4 - Command Set Table Big Block Response to Command 0xAB - Reversal Data Container (F3) Tag Description Source Format Length 82 EMV Application Interchange Profile Card b 2 9F36 Counter maintained by the EMV application in the ICC (incrementing the ATC is managed by the ICC) Card b 2 DFDF25 Terminal Serial Number Device an 8 9F10 Contains proprietary EMV application data for transmission to the issuer in an online Transaction Card b F5B Issuer Script Results Device b F33 Terminal Capabilities Device b 3 9F35 Terminal Type Device n 1 95 TVR Device b 5 9F01 Uniquely identifies the acquirer within each payment system Device n 6 5F24 Date after which the EMV Application expires Card n 3 5A Primary Account Number Card c F34 PAN Sequence Number Card n 3 8A Authorization Code Device an 2 9F15 Merchant Category Code Device n 2 9F16 Merchant Identifier Device s 15 9F39 POS Entry Mode Device n 1 9F1A Terminal Country Code Device n 2 9F1C Terminal ID Device an 8 57 Track2 Equivalent Data Card b F02 Amount Authorized Device n 6 5F2A Transaction Currency Code Device n 2 9A Transaction Date Device n 3 9F21 Transaction Time Device n 3 9C Transaction Type Device n 1 Page 122 of 212 (D )

123 4 - Command Set Table Big Block Response to Command 0xAB - Merchant Data Container (F7) Tag Description Source Format DFDF30 Masked T1 Status Device b 1 DFDF31 Masked T1 Device b Var DFDF32 Masked T2 Status Device b 1 DFDF33 Masked T2 Device b Var DFDF34 Masked T3 Status Device b 1 DFDF35 Masked T3 Device b Var DFDF40 Signature Required Device b 1 5F25 EMV Application Effective Date Card n6 3 5F24 EMV Application Expiration Date Card n Authorization Code Device b 6 5F2A Transaction Currency Code Card n3 2 9F02 Amount, authorized Device n12 6 9F03 Amount, other Device n12 6 Length (decimal) 9F06 AID - terminal Device b Var F12 EMV Application Preferred Name Card ans Var F1C Terminal ID Device an 8 8 9F39 POS Entry Mode Device n2 1 9C Transaction Type Device n2 1 9F34 Indicates the results of the last CVM performed Device b 3 5F57 Account Type Device n2 1 5F34 PAN Sequence Number Card n2 1 5F20 Cardholder Name Card ans Var DFDF4D Masked ICC Track 2 Data Card ans Var Page 123 of 212 (D )

124 4 - Command Set Command 0xAC - Merchant Bypass PIN Command This command allows the host to bypass the PIN entry requirement during an EMV transaction (Command 0xA2 - Start EMV Transaction). Table Usage Table for Command 0xAC Byte 0 Bit Byte 1 0 0xAC Page 124 of 212 (D )

125 4 - Command Set Command 0xAE - MCL Send DET Command (MCL 3.1 Support Only) The host uses this command to send a Send DET command and DET strings to the MCL kernel. The host should first send Command 0x10 - Send Big Block Data to Device to load the DET strings into the device, then call this command to send them to the kernel. The host should send as many blocks as necessary to send all DETs in the following format using the 60-byte Packet Data field: The first byte should indicate DET Status (0x00 = OK there are DETs; 0x70 = No Matching DEK; 0x71 = DET Empty). The next byte should indicate the total number of DETs the host is sending. The subsequent bytes across as many blocks as needed should contain data for all DETs the host is sending, in this format: o DET Number (starting with 0x01) o DET Data Length MSB o DET Data Length LSB o DET Data o [Repeat for subsequent DETs] Table Usage Table for Command 0xAE Byte 0 Bit Byte 1 0 Byte 2 Byte 3 0xAE Reserved Reserved If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Page 125 of 212 (D )

126 4 - Command Set Wireless Commands and Reports ( Wireless Only) This section contains commands used to configure the device s wireless connection. These commands can only be sent using the USB interface and require the host to first send Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). The host can then configure the device s network settings by using the other commands in this section. Page 126 of 212 (D )

127 4 - Command Set Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only) The host uses this command to unlock the device s wireless settings for the host to configure. The host must use the USB connection to call this command. If an error occurs immediately after calling this command, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. If the command is successful, the device s display prompts the operator to Enter Admin Passcode for configuration authentication, and waits for the operator to enter passcode Enter. Figure Passcode Screens for DynaPro Go When the operator action is complete (passcode entry done, operator cancelled, or timeout), the device sends asynchronous Report 0x2A - Delayed Response ACK to the host to report success ( OK ) or failure. If the response is OK, the device allows the host to change wireless settings using Wireless Commands and Reports ( Wireless Only) that require it. The device leaves wireless settings unlocked until the device restarts, the USB connection is disconnected, or the host issues a command outside of the set of Wireless Commands and Reports ( Wireless Only). Table Usage Table for Command 0xE3 - Restart Network (Set Mode) Byte 0 Byte 1 Bit xE1 Wait Time for operator passcode entry in seconds (0x01..0xFF; 0x00 = 256 seconds) Page 127 of 212 (D )

128 4 - Command Set Command 0xE2 - Set / Get Wireless Timeouts ( Wireless Only) The host uses this command to set or get the timeout values for the device s wireless connection. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0xE2 (Set Limit Time Values in minutes) Byte 0 Byte 1 Bit xE2 Timeout Selection 0x00 = Inactive Connection Timeout. Period of time the device will maintain an wireless TCP session connection with the host when there is no host activity. If no host activity occurs during the timeout period, the device closes the session connection. The timeout must be between 1 and 15 minutes, or the device rejects the command. Default is 2 minutes. Byte 2 0x01 = Sleep Timeout. Set how long the device will stay powered on in the absence of operator activity or host activity on the wireless connection, before it automatically enters sleep mode. The timeout must be between 1 and 255 minutes. Default is 2 minutes. Timeout Value in minutes Table Usage Table for Command 0xE2 (Get Limit Time Values in minutes) Bit Byte 0 0xE2 Byte 1 Inactive Connection Timeout Byte 2 Sleep Timeout Page 128 of 212 (D )

129 4 - Command Set Command 0xE3 - Enable / Disable TLS Mutual Authentication ( Wireless Only) DynaPro Go ships from the manufacturer with TLS Enabled. This setting can be set to Disabled by the customer, which may be useful for initial network setup and testing. MagTek strongly recommends that TLS always be Enabled when it is deployed in the field. The host uses this command to enable or disable TLS mutual authentication on the device s wireless connection. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only), then call this command in Set mode. When disabling TLS, the device flash the display off and on three times to warn the operator of the disabled state. The host may also call this command in Get mode on the USB connection without unlocking device settings, to determine the current state of the setting. The response format is identical to Set mode. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. If the command is successful, the device saves the new network TLS mode, which will be active after the operator switches the device s Active Connection to wireless. Usage Table for Set/Get Command 0xE3 (Set Wireless Network TLS Mutual Authentication) Byte 0 Byte 1 Bit xE3 TLS Mode: 0x00 = Enable TLS (default) 0x01 = Disable TLS Page 129 of 212 (D )

130 4 - Command Set Command 0xE4 - Set Wireless Network Configuration ( Wireless Only) The host uses this command in Set mode with subcommands to change the device s wireless configuration settings, including Access Point Connection settings, Port settings, device Network Server Identification (if used), and access point security key. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). Before attempting to connect to an access point, make sure the host has set all required security settings. For example, if the host specifies Personal Network, it must call: Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only) Command 0xE4/0x00 Set Wireless Access Point Connection Command 0xE4/0x02 Set Wireless Access Point Security Key/Password If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. If the command is successful, the device saves the new configuration, and it will be active upon starting to use the wireless connection. Usage of the command is slightly different depending on which setting the host is changing. The following subsections provide distinct usage tables for calling the command to change each of the available settings. Page 130 of 212 (D )

131 4 - Command Set Command 0xE4/0x00 Set Wireless Access Point Connection This command sets the network connection type, security type, and SSID for connecting to the wireless network access point. Some connection types require the host to also call additional configuration commands before attempting to use the wireless connection: Personal Network, requires the host also call Command 0xE4/0x02 Set Wireless Access Point Security Key/Password. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). Table Usage Table for Command 0xE4 - Set Wireless Access Point Connection (Set mode) Bit Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Bytes Bytes xE4 Setting ID: 0x00 = Access Point Connection Connection Type: 0x00 = Personal Network Security Type: 0x02 = WPA2 (PCI Requires WPA2 Security) SSID Name length SSID Name (up to 32 characters) Reserved Page 131 of 212 (D )

132 4 - Command Set Command 0xE4/0x02 Set Wireless Access Point Security Key/Password This command sets the security key/password the device should use to connect to the wireless network access point. For connection type Personal Network, this sets the pre-shared key (PSK) for the access point. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). Table Usage Table for Command 0xE4 Set Wireless Access Point Security Key/Password (Set mode) Byte 0 Byte 1 Byte 2 Bit Bytes xE4 Setting ID: 0x02 = Access Point Security Key / Password Security Key length Security Key (up to 61 characters) Page 132 of 212 (D )

133 4 - Command Set Command 0xE4/0x03 Set Wireless TCP/IP Settings The host uses this command to configure the device s TCP/IP settings for the wireless connection, as well as the TCP socket the device listens on (default = decimal 26), but only if the device s Network Connection Mode is set to Always Listening by Command 0x09 - Set / Get Device Configuration. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). Table Usage Table for Command 0xE4 - Set Always Listening Wireless TCP/IP Settings (Set mode) Byte 0 Byte 1 Bit xE4 Setting ID: 0x03 = Wireless TCP/IP Settings Bytes Wireless Always-Listening Port Number (default = 26) Byte 4 Bytes 5..8 Bytes Bytes Bytes IP Configuration: 0x00 = Use dynamic IP address (default) 0x01 = Use static IP address Static IPv4 address (4 bytes), ignored if IP Configuration is set to use dynamic IP address Gateway address (4 bytes) Subnet Mask (4 bytes) Reserved Page 133 of 212 (D )

134 4 - Command Set Command 0xE4/0x04 Set Wireless Network Host ID The host uses this command to designate which TCP socket the device uses to connect to the host, if the device s Network Connection Mode is set to Device Initiated by Command 0x09 - Set / Get Device Configuration. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). The device can be configured to find the host in one of three ways: By directly setting both the host port and the host IP address By directly setting the host port and by using a DNS lookup of the host name to find its IP address Table Usage Table for Command 0xE4 - Set Wireless Network Host ID (Set Mode) Byte 0 Byte 1 Byte 2 Bytes 3..4 Bit xE4 Setting ID: 0x04 = Host ID Host Configuration: 0x00 = Host port and IP address 0x01 = Host name for DNS lookup Host port Byte 5 Host name length (if using IP address, set to 0x00) Bytes 6..n Bytes n..63 Host IPv4 address (4 bytes) OR Host name (up to 32 characters) Reserved Page 134 of 212 (D )

135 4 - Command Set Command 0xE5 - Get Wireless Network Info ( Wireless Only) The host uses this command to retrieve wireless connection information from the device. The host must use the USB connection to call this command, and must first successfully unlock the device s wireless settings by calling Command 0xE1 - Unlock Wireless Network Configuration ( Wireless Only). The host should first call the command in Set mode to specify what wireless connection information it wants to retrieve, then receive the standard ACKSTS response, then call the same command in Get mode to retrieve the requested information. The device s response to the Get call is formatted as defined in Command 0xE4 - Set Wireless Network Configuration ( Wireless Only). If valid information is not available, the data block will be all zeroes. If an error occurs, the device terminates the command and reports the error in ACKSTS of Command 0x01 - Response ACK. For a full list of error codes, see Command 0x01 - Response ACK. Table Usage Table for Command 0xE5 Get Wireless Network Info (Set mode / Get mode) Byte 0 Byte 1 Bit xE5 Network Information ID: 0x00 = Access Point Connection 0x01 = Reserved 0x02 = Reserved 0x03 = Device Wireless TCP/IP Settings 0x04 = Host ID Configuration Page 135 of 212 (D )

136 Appendix A - Examples Appendix A Examples A.1 How to Get MSR/PIN Data from the Device for a Bank Simulation This section provides a byte-by-byte example of transmitting commands on various devices using a USB connection, an wireless connection, an Ethernet connection, or an Apple 30-pin connection. All data shown in this section is in hexadecimal format wireless, Ethernet, and USB connections require bytes to be transmitted in least significant byte (little endian) order; ios requires bytes to be transmitted in most significant byte (big endian) order, so ios command strings appear as the byte-bybyte reverse of the others. 1) Host sends out Command 0x03 - Request Swipe Card to the device, which expands to the following bytes: a) 0xC0: Ethernet packet header ( Wireless Only Ethernet only) b) 0x01: Execute command in Get mode ( Wireless Only Ethernet Only 30-Pin Only) c) 0x03: Command ID (03=Command 0x03 - Request Swipe Card) d) 0x20: Wait time (0x20=32 seconds) e) 0x00: Display message ID (00=swipe card/idle) f) 0x01: Beep prompt tone for card swipe (01=one beep) g) 0xC0: Ethernet packet terminator (Ethernet Only Wireless Only) Sample command data of Command 0x03 - Request Swipe Card (Hex) USB format of command C C wireless and Ethernet format of command ios format of command (Note MSB order) 2) Device sends back Command 0x01 - Response ACK to the host, which expands to the following bytes. If Command 0x03 - Request Swipe Card had failed (i.e. ACK status not = 00), the device would not have returned a device state input report to the host: a) 0xC0: Ethernet packet header (Ethernet Only Wireless Only) b) 0x02: Response to command (Ethernet Only Wireless Only) c) 0x01: Report ID (0x01=Command 0x01 - Response ACK) d) 0x00: ACK status of Command 0x03 - Request Swipe Card (00=Command is good) e) 0x03: Command ID of the command being ACKed (0x03=Command 0x03 - Request Swipe Card) f) 0xC0: Ethernet packet terminator (Ethernet Only Wireless Only) Sample response for Command 0x01 - Response ACK (Hex) USB format of command C C wireless and Ethernet format of command ios format of command (Note MSB order) 3) The device prompts the cardholder to swipe his or her card, and sends Report 0x20 - Device State Report to the host, which expands to the following bytes: Page 136 of 212 (D )

137 Appendix A - Examples a) 0xC0: Ethernet packet header (Ethernet Only Wireless Only) b) 0x03: Unsolicited response (Ethernet Only Wireless Only) c) 0x20: Report ID (0x20=Report 0x20 - Device State Report) d) 0x02: Device state (0x02=Wait for card) e) 0x08: Session state (0x08=Card data available) f) 0x40: Device status (0x40=Not authenticated) g) 0x47: Device certificate status (PIN Key Loader Certificate Revocation List, PIN Key Loader CA certificate, Device CA Certificate, and Device Certificate exist) h) 0x07: Hardware status (Keypad calibrated, Mag Head programmed, Tamper sensors active) i) 0xC0: Ethernet packet terminator (Ethernet Only Wireless Only) Sample Report 0x20 - Device State Report (Hex) USB format of command C C and Ethernet format of command ios format of command (Note MSB order) 4) After the cardholder swipes the card, the device sends back Report 0x22 - Card Status Report to the host, which expands to the following bytes: a) 0xC0: Ethernet packet header (Ethernet Only Wireless Only) b) 0x03: Unsolicited response (Ethernet Only Wireless Only) c) 0x22: Report ID (0x22=Report 0x22 - Card Status Report) d) 0x00: Operation status (0x00=OK) e) 0x00: Card status (0x00=OK) f) 0x01: Card type (0x01=Financial card) g) 0xC0: Ethernet packet terminator (Ethernet Only Wireless Only) Sample Report 0x22 - Card Status Report (Hex) USB format of command C C wireless and Ethernet format of command ios format of command (Note MSB order) 5) If the operation and the card status are OK, the host retrieves the card data from the device by issuing Command 0x0A - Request MSR Data, as shown: Sample Command 0x0A - Request MSR Data: 0A 00 C0 01 0A 00 C0 0A 00 USB format of command wireless and Ethernet format of command ios format of command (Note MSB order) 6) The device sends back Command 0x01 - Response ACK to the host. Page 137 of 212 (D )

138 Appendix A - Examples 7) The device sends back eight instances of Report 0x23 - Card Data Report to the host, which the host interprets as meaning the following (Note that additional headers for Ethernet are not shown): a) Track 1: F 0-0x2E bytes of data b) Track 2: E 0-0x1D bytes of data c) Track 3: x46 bytes of data d) Encrypted Track1: x2F bytes of data e) Encrypted Track2: x1F bytes of data f) Encrypted Track3: x47 bytes of data g) Encrypted MagnePrint: x37 bytes of data h) KSN and MagnePrint Status: E 0-0x0D bytes of data 8) The device sends back another Report 0x20 - Device State Report to the host. 9) If the operation status and card status from Report 0x22 - Card Status Report sent previously are both OK, the host issues Command 0x04 - Request PIN Entry, which expands to the following bytes: a) 0xC0: Ethernet packet header (Ethernet Only Wireless Only) b) 0x01: Execute command in Get mode (Ethernet Only Wireless Only 30-Pin Only Bluetooth LE Only RS-232 Only) c) 0x04: Command ID (0x04=Command 0x04 - Request PIN Entry) d) 0x1E: Wait time for PIN entry (0x1E=30 seconds) e) 0x00: PIN mode (0x00=Enter PIN) f) 0x44: Max and min length of PIN (in this example, PIN must be exactly four characters) g) 0x01: Prompt tone (0x01=One beep) h) 0x01: PIN option (0x01=ISO3) i) 0xC0: Ethernet packet terminator (Ethernet Only Wireless Only) Sample Command 0x04 (Hex) 04 1E USB format of command C E C and Ethernet format of command E ios format of command (Note MSB order) 10) The device sends the host Command 0x01 - Response ACK if the command is successful. 11) The device sends the host Report 0x24 - PIN Response Report if PIN entry is successful. 12) The device sends the host another Report 0x20 - Device State Report. Page 138 of 212 (D )

139 Appendix A - Examples A.2 How to Parse Encrypted Big Block EMV Data From An SRED Device This section provides an example of parsing encrypted EMV data sent from an SRED device in TLV format, in response to Command 0xAB - Request EMV Transaction Data (MAC-MSR). For more information about big blocks and TLV format, see section 4.1 About Big Block Data and TLV Format. In this case, the device sends big block data to the host in the big block data buffer via Report 0x29 - Send Big Block Data to Host. Upon assembling the incoming packets and stripping off the packet containers, the block of data looks like this: 01C7F98201C3DFDF540A DDFDF550182DFDF250898CE DFA8201A0F082019CF105DFDF1A0100F882010EDFDF598200F08569A27E2A2A9D7E 67A96624D10DBE3F366EC3F31C FEF43213AF3C76ABE06A6E90F10E1650BE4EC E9CF64E F66B44E8C4A697CA5A0E319D933BF9BBC52B2DAF8FCC663354E2B0E5 45A5002F4A0C976E65DD23705AB36ECA78D6A6B99243F2C2B907A8F1F2A66D D 7B1F91F1B6C06BF EEABA502A57A3AA2F1344C4E405B86C3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE68058C334B383D99 1EAE3C8F5594FBFB FF67344F37DE54EA5F28BFECF A9FAE3A61FEF132 54B6C7B2C1D0AF626E5A14F19C025B7CD1EF1456A31DDFDF560A DDFDF570180DFDF580106F782007FDFDF F F F2A F F0607A F1C F C01009F34035E03005F F F F DFDF4D263B D F C568ACEB Because the calling command is tagged with MAC, its response should be interpreted using the information in section 4.2 About Message Authentication Codes ( MAC-AMK. Specifically because this is batch data coming from an SRED device, the data is interpreted using section Command 0xAB - Request EMV Transaction Data (MAC-MSR), so the data would be broken down as follows: 01C7 is the expected data length not including padding and CBC-MAC. Per Appendix D MagTek Custom EMV Tags and section 4.5.8, the next byte, F9, is a tag that indicates the beginning of a data object containing Message Authentication (MAC) structure and generic data. According to EMV Integrated Circuit Card Specifications for Payment Systems 4.3, Part IV, Annex B Rules for BER-TLV Data Objects, the next three bytes, 8201C3, indicate the length of the value in data block F9; lengths can be either one byte long from 0x00 to 0x7F, or multiple bytes starting with 0x80 or higher, in which case the lower 7 bits of the first byte specify how many subsequent bytes indicate the length of the value in the data object. In this case, 0x82 is greater than 0x7F, and the lower 7 bits equal 0x02, so the next 2 bytes 0x01C3 give the total length of the data block for tag F9. The value in data object F9 therefore consists of these 451 bytes: DFDF540A DDFDF550182DFDF250898CE DFA8201A0 F082019CF105DFDF1A0100F882010EDFDF598200F08569A27E2A2A9D7E67A96624D10D BE3F366EC3F31C FEF43213AF3C76ABE06A6E90F10E1650BE4ECE9CF64E F66B44E8C4A697CA5A0E319D933BF9BBC52B2DAF8FCC663354E2B0E545A5002F4A0C 976E65DD23705AB36ECA78D6A6B99243F2C2B907A8F1F2A66D D7B1F91F1B6C0 6BF EEABA502A57A3AA2F1344C4E405B86C3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE68058C334B383D991EAE3C8F5594 FBFB FF67344F37DE54EA5F28BFECF A9FAE3A61FEF13254B6C7B2C1D0 Page 139 of 212 (D )

140 Appendix A - Examples AF626E5A14F19C025B7CD1EF1456A31DDFDF560A DDFDF DFDF580106F782007FDFDF F F F2A F F0607A F1C F C01009F34 035E03005F F F F DFDF4D263B D F The value in data block F9 starts with tag DFDF54, which according to Appendix D MagTek Custom EMV Tags and section 4.5.8, provides the MAC KSN. Its length is 0x0A (as described above, a value smaller than 0x7F means the length is indicated by a single byte), so the next 10 bytes provide MAC KSN D. Next in the value of data block F9 is another tag, DFDF55, length 0x01, value 0x82. According to Appendix D MagTek Custom EMV Tags and section 4.5.8, this indicates the MAC encryption type is DUKPT key. The next tag is DFDF25 of length 0x08, giving the IFD Serial Number 98CE D. The next tag is FA (generic data container), and 0x82 indicates the next two bytes 0x01A0 are the length, giving a 416 byte value: F082019CF105DFDF1A0100F882010EDFDF598200F08569A27E2A2A9D7E67A96624D10D BE3F366EC3F31C FEF43213AF3C76ABE06A6E90F10E1650BE4ECE9CF64E F66B44E8C4A697CA5A0E319D933BF9BBC52B2DAF8FCC663354E2B0E545A5002F4A0C 976E65DD23705AB36ECA78D6A6B99243F2C2B907A8F1F2A66D D7B1F91F1B6C0 6BF EEABA502A57A3AA2F1344C4E405B86C3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE68058C334B383D991EAE3C8F5594 FBFB FF67344F37DE54EA5F28BFECF A9FAE3A61FEF13254B6C7B2C1D0 AF626E5A14F19C025B7CD1EF1456A31DDFDF560A DDFDF DFDF580106F782007FDFDF F F F2A F F0607A F1C F C01009F34 035E03005F F F F DFDF4D263B D F The value of data object FA begins with tag F0, which Appendix D MagTek Custom EMV Tags and section indicate is transaction results. Its length 0x82019C gives a 412 byte value: F105DFDF1A0100F882010EDFDF598200F08569A27E2A2A9D7E67A96624D10DBE3F366E C3F31C FEF43213AF3C76ABE06A6E90F10E1650BE4ECE9CF64E F66B44 E8C4A697CA5A0E319D933BF9BBC52B2DAF8FCC663354E2B0E545A5002F4A0C976E65DD 23705AB36ECA78D6A6B99243F2C2B907A8F1F2A66D D7B1F91F1B6C06BF EEABA502A57A3AA2F1344C4E405B86C3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE68058C334B383D991EAE3C8F5594FBFB FF67344F37DE54EA5F28BFECF A9FAE3A61FEF13254B6C7B2C1D0AF626E5A 14F19C025B7CD1EF1456A31DDFDF560A DDFDF570180DFDF F782007FDFDF F F F2A F F0607A F1C F C01009F34035E0300 5F F F F DFDF4D263B D F Page 140 of 212 (D )

141 Appendix A - Examples The value of data object F0 (transaction results) begins with tag F1, which Appendix D MagTek Custom EMV Tags and section indicate is status data. Its length is a single byte 0x05, giving the value DFDF1A0100. The value of data object F0 (transaction results) continues with tag F8 (container tag for encryption), length 0x82010E, giving a 270 byte value: DFDF598200F08569A27E2A2A9D7E67A96624D10DBE3F366EC3F31C FEF43213A F3C76ABE06A6E90F10E1650BE4ECE9CF64E F66B44E8C4A697CA5A0E319D933B F9BBC52B2DAF8FCC663354E2B0E545A5002F4A0C976E65DD23705AB36ECA78D6A6B992 43F2C2B907A8F1F2A66D D7B1F91F1B6C06BF EEABA502A57A3AA2F13 44C4E405B86C3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE68058C334B383D991EAE3C8F5594FBFB FF67344F37DE54EA5F2 8BFECF A9FAE3A61FEF13254B6C7B2C1D0AF626E5A14F19C025B7CD1EF1456A3 1DDFDF560A DDFDF570180DFDF The value of data object F8 begins with tag DFDF59 (encrypted data primitive), length 0x8200F0, giving a 240 byte value containing encrypted data: 8569A27E2A2A9D7E67A96624D10DBE3F366EC3F31C FEF43213AF3C76ABE06A6 E90F10E1650BE4ECE9CF64E F66B44E8C4A697CA5A0E319D933BF9BBC52B2DAF 8FCC663354E2B0E545A5002F4A0C976E65DD23705AB36ECA78D6A6B99243F2C2B907A8 F1F2A66D D7B1F91F1B6C06BF EEABA502A57A3AA2F1344C4E405B86C 3D64FB93E638D A C0E117B669B74A B8E8AFF3FFE 68058C334B383D991EAE3C8F5594FBFB FF67344F37DE54EA5F28BFECF A9FAE3A61FEF13254B6C7B2C1D0AF626E5A14F19C025B7CD1EF1456A31D This data must be decrypted (described later) to read the remaining TLV data inside it. After the encrypted data primitive, the value of data object F8 continues with: DFDF560A DDFDF570180DFDF This breaks down into tag DFDF56 (encrypted transaction data KSN), length 0x0A giving 10 byte value D, tag DFDF57 (encrypted transaction data encryption type), length 0x01, value 0x80 (DUKPT key), and tag DFDF58 (number of bytes padding in DFDF59), length 0x01, value 0x06. To decrypt the value from data object DFDF59 above, use the data key variant and the KSN from DFDF56 above ( D) and the ANSI test key to perform 3DES-DUKPT decryption on the value. For details about the decryption algorithm, see ANSI X9.24. In this case, the value decrypts and parses as: Tag Length Value 82 (EMV Application Interchange Profile) E (CVM) E F03 Page 141 of 212 (D )

142 Appendix A - Examples Tag Length Value 5F24 (EMV Application Expiration Date) F25 (EMV Application Effective Date) F06 (EMV Application AID) 0007 A F07 (EMV Application Usage Control) 0002 FF00 9F0D (Issuer Action Code - Default) 0005 F F0E (Issuer Action Code - Denial) F0F (Issuer Action Code - Online) 0005 F F10 (Issuer EMV Application Data) FF 9F26 (EMV Application Cryptogram) EF3D1741A3E41D 9F27 (Cryptogram Information Data) F36 (EMV Application Transaction Counter) (TVR) C B (TSI) 0002 E800 9C (Transaction Type) F33 (Terminal Capabilities) 0003 E0F8C8 9F34 (CVM Results - Terminal) E0300 9F37 (Unpredictable Number) 0004 EB47CE8F 9F40 (Additional Terminal Capabilities) B0B001 DFDF70 (Terminal Action Code - Default) 0005 C DFDF71 (Terminal Action Code - Denial) DFDF72 (Terminal Action Code - Online) 0005 C A (EMV Application PAN) F02 (Amount Authorized) F1A (Terminal Country Code) (Track 2 Equivalent Data) D (EMV Application Interchange Profile) The value if data block F0 (transaction results) continues with: F782007FDFDF F F F2A F F0607A F1C F C01009F34035E03005F F F F DFDF4D263B D F Page 142 of 212 (D )

143 Appendix A - Examples The value consists of tag F7 (merchant data tags), length 0x82007F, which is always unencrypted, and parses to the following: Tag Length Value DFDF40 (Signature or MAC Required) F25 (EMV Application Effective Date) F24 (EMV Application Expiration Date) F2A (Transaction Currency Code) F02 (Amount Authorized) F06 (EMV Application AID) 0007 A F1C (Terminal ID) F39 (POS Entry Mode) C (Transaction Type) F34 (CVM Results - Terminal) E0300 5F57 (Account Type) F34 (PAN Sequence Number) F20 (Cardholder Name) F DFDF4D (Mask T2 ICC Data) 0026 And the remaining data in the whole big block is: C568ACEB which consists of padding zeroes and the 4-byte CBC-MAC C568ACEB. 3B D F ( TEST/CARD ) Page 143 of 212 (D )

144 Appendix B - Terminology Appendix B Terminology This appendix provides definitions of common terms used in this document. Table Common Terms Term AAC AAMVA ACK AES AMK AP APDU API ARC ARQC ARPC ATR BIN Bluetooth LE BPK CA CAPK CBC CDA CRC CRL CVC CVM DDA DER DES Definition Application Authentication Cryptogram American Association of Motor Vehicle Administrators Acknowledge Advanced Encryption Standard Acquirer Master Key [ Wireless] Access Point Application Protocol Data Unit Application Programming Interface Authorization Response Code Authorization Request Cryptogram Authorization Response Cryptogram Answer To Reset Bank/Issuer Identification Number Bluetooth Low Energy Battery Protected Keys Certificate Authority Certificate Authority Public Key Cipher Block Chaining Combined DDA/Application Cryptogram Generation Cyclic Redundancy Check Certificate Revocation List Card Verification Code Cardholder Verification Method Dynamic Data Authentication Distinguished Encoding Rules Data Encryption Standard. An algorithm developed in the1970s by IBM Corporation, since adopted by the US government and ANSI (the American National Standards Institute) as the encryption standard for financial institutions. Page 144 of 212 (D )

145 Appendix B - Terminology DLL DOL DUKPT CBC EMV[co] EPB GATT HAL HID I 2 C iap ios ICC IEC ISO Key Injection KCV KSN LCD LSB MagnePrint MS2.0 Term Definition Dynamically Linked Library Data Object List Derived Unique Key Per Transaction. A key management scheme in which a unique key is used for every transaction Cipher Block Chaining Europay MasterCard Visa [company] Encrypted PIN Block Generic ATTribute Profile, a general specification for sending and receiving short pieces of data known as "attributes" over a Bluetooth LE link. Hardware Abstraction Layer Human Interface Device Inter-Integrated Circuit ipod Accessory Protocol Apple device operating system Integrated Circuit Card International Electrotechnical Commission International Standards Organization A secure operation whereby an encryption key is injected into a device Key Check Value Key Serial Number Liquid Crystal Display Least Significant Byte, Least Significant Bit MagnePrint is a card authentication technology which allows any magnetic stripe card to be recognized as a unique and non-reproducible security token. MagnePrint is able to detect cards that have been illegally reproduced ( skimmed ) as well as cards that have had their data re-encoded or magnetically altered. The term itself is derived from the following expressions: Magne as in magnetic and Print as in fingerprint. MagneSafe 2.0, MagTek s proprietary method of encrypting data while preserving the essential format of the unencrypted data, such as length and character set. Page 145 of 212 (D )

146 Appendix B - Terminology MSB MSR PAN PCI DSS PCI PED PED PIN PKI RFU RID RSA RNG RTC SPI SDA SDRAM SRAM SRED TAC TC TDES TRSM TSI TVR UART USB Term Definition Most Significant Byte, Most Significant Bit Magnetic Stripe Reader Personal Account Number, which is most commonly recognized as the 16-digit account number associated with a card. Payment Card Industry Data Security Standards Payment Card Industry PED PIN Encryption Device, the generic term for the class of devices that includes IPAD, DynaPro, DynaPro Go, and DynaPro Mini. Personal Identification Number Public Key Infrastructure. An arrangement that binds public keys with respective user identities by means of a certificate authority. Reserved for Future Use Registered Application Provider Identifier Rivest-Shamir-Adleman. A highly secure cryptography method by RSA Data Security, Inc., Redwood City, CA ( which uses a two-part key: The private key is kept by the owner, and the public key is published. Random Number Generator Real Time Clock Serial Peripheral Interconnect Static Data Authentication Synchronous Dynamic Random Access Memory Static Random Access Memory Secure Reading and Exchange of Data Terminal Action Codes Transaction Certificate Triple Data Encryption Standard Tamper-Resistant Security Module Transaction Status Information Transaction Verification Results Universal Asynchronous Receive Transmit Universal Serial Bus Page 146 of 212 (D )

147 Appendix B - Terminology USIP Term Definition Universal Secure Integrated Platform Page 147 of 212 (D )

148 Appendix C - Status and Message Codes Appendix C Status and Message Codes Table Operation Status Codes Status/Msg Operation Status Value 0x00 = OK / Done 0x01 = Cardholder Cancel 0x02 = Timeout 0x03 = Host Cancel 0x04 = Verify fail 0x05 = Keypad Security 0x06 = Calibration Done 0x07 = Write with duplicate RID and index 0x08 = Write with corrupted Key 0x09 = EMV CA Public Key reached maximum capacity 0x0A = EMV CA Public Key read with invalid RID or Index Table Response Message Codes Status/Msg Response Message 0x00 = Transaction Type 0x01 = Amount OK Value Table Beeper Behavior Codes Status/Msg Beeper Behavior 0x00 = None 0x01 = Single Beep 0x02 = Double Beep Value Table Card Type Codes Status/Msg Card Type Value 0x00 = Other 0x01 = Financial 0x02 = AAMVA 0x03 = Manual 0x04 = Unknown 0x05 = ICC 0x06 = Contactless ICC - EMV 0x07 = Financial MSR + ICC (Byte 2 bit 2 of device configuration must be set) 0x08 = Contactless ICC - MSD Page 148 of 212 (D )

149 Appendix D - MagTek Custom EMV Tags (EMV Only) Appendix D MagTek Custom EMV Tags (EMV Only) In addition to the standard EMV tags documented in EMV 4.3, Book 3, Annex A, MagTek provides additional custom tags with the device. These are used with Command 0xA1 - Access EMV Tags, Command 0xA2 - Start EMV Transaction, and Command 0xAB - Request EMV Transaction Data (MAC-MSR). The custom tags are listed in Table The characters used in the Format column are described in EMV 4.3, Book 4, Section 4.3. Table MagTek Custom EMV Tags Tag Description Default (Hex) Format Length F0 Container for Status, Batch, Reversal, Merchant * b var F1 Status Data (Constructed Data Object) * b var F2 Batch Data (Constructed Data Object) * b var F3 Reversal Data (Constructed Data Object) * b var F4 Encrypted MSR Data (Constructed Data Object) * b var F5 Encrypted PIN Data (Constructed Data Object) * b var F7 Container for Merchant Data * b var F8 Container for Encrypted Data * b var F9 Container For Message Authentication (MAC) * b var FA Container for Generic Data * b var FB Container for BIN table * b var FC Container for Encrypted Generic Data * b var DFDF00 Random number for random online transaction 8D b 1 DFDF01 DFDF02 Revoked Certificate Lists (Not supported) Authorization Request Tags (ARQC) A FF FF FF A FF FF FF A FF FF FF 9F 03 9F A 5F 34 9F 36 9F 1A 95 9F 02 5F 2A 9A 9C 9F 37 9F 10 DFDF03 Advice Tags (Not supported) 5A b DFDF04 Financial Request Tags (ARPC) (Not supported) F A b b b var up to 72 var up to 158 var up to 161 var up to 433 Page 149 of 212 (D )

150 Appendix D - MagTek Custom EMV Tags (EMV Only) Tag Description Default (Hex) Format Length DFDF05 Reversal Tags 82 9F 36 9F 1E 9F 10 9F 5B 9F 33 9F F 01 5F 24 5A 5F 34 8A 9F 15 9F 16 9F 39 9F 1A 9F 1C 57 9F 02 5F 2A 9A 9F 21 9C DFDF06 Authorization Response Tags 8A 91 b DFDF07 Certification Validation Table (Not supported) 00 b 1 DFDF10 Threshold Value for Biased Random Selection n 6 DFDF11 DFDF12 Target Percentage to be used for Random Selection (0..99 decimal, or hex) Maximum Target Percentage to be used for Biased Random Selection (0..99 decimal, or hex) 32 b 1 46 b 1 DFDF13 Default CVM for the EMV application 01 1 DFDF14 Socket Timeout B B8 b 4 DFDF15 Socket Retries b 4 DFDF16 Issuer Script max size n 4 DFDF17 Batch Data Tags 82 8E 5F 24 5F 25 9F 06 9F 07 9F 0D 9F 0E 9F 0F 9F 10 9F 26 9F 27 9F B 9C 9F 33 9F 34 9F 37 9F 40 FF 0D FF 0E FF 0F 9F 5B DFDF19 Default Terminal Language 65 6E b 2 DFDF1A DFDF1B Transaction Status - Part of F1 container for status. Always present. Additional Transaction Information - Part of F1 container for status. May not be present. * b 1 * b 4 DFDF20 Terminal Features 57 b 1 DFDF21 Number of EMV Applications 0A b 1 DFDF22 PSE Name E E b b b 14 DFDF23 ASI (Application Select Indicator) 01 b 1 var up to 123 var up to 123 var up to 438 Page 150 of 212 (D )

151 Appendix D - MagTek Custom EMV Tags (EMV Only) Tag Description Default (Hex) Format Length DFDF24 Requested Transaction Type * b 1 DFDF25 Unique and permanent serial number assigned to the IFD by the manufacturer USIP SN b 8 DFDF26 Device & EMV Application Database Label b 16 DFDF27 Device & EMV Application Database Checksum Read-only, calculated by device b 20 DFDF28 CAPK Database Label b 16 DFDF29 DFDF2D CAPK Database Checksum Supported Terminal Languages Read-only, calculated by device 65 6e b 20 b 10 DFDF30 Masked T1 Status * b 1 DFDF31 Masked T1 * a var DFDF32 Masked T2 Status * b 1 DFDF33 Masked T2 * a var DFDF34 Masked T3 Status * b 1 DFDF35 Masked T3 * a var DFDF36 Encrypted T1 Status * b 1 DFDF37 Encrypted T1 * b var DFDF38 Encrypted T2 Status * b 1 DFDF39 Encrypted T2 * b var DFDF3A Encrypted T3 Status * b 1 DFDF3B Encrypted T3 * b var DFDF3C Encrypted MagnePrint * b 56 DFDF3F CAPK Tag * b var DFDF40 Signature Required: 0x01 = Signature Required 0x80 = CBC-MAC checked in ARQC online response * b 1 DFDF41 PIN KSN * b 10 Page 151 of 212 (D )

152 Appendix D - MagTek Custom EMV Tags (EMV Only) Tag Description Default (Hex) Format Length DFDF42 PIN Encryption Type: 0xxx xxxx = Fixed key 1xxx xxxx = DUKPT key xx00 xxxx = TDES xx01 xxxx = AES xxxx xx00 = Data variant xxxx xx01 = PIN variant xxxx xx10 = MAC variant Page 152 of 212 (D ) * b 1 DFDF43 MagnePrint Status Data * b 4 DFDF44 Encrypted PAN Data * b var DFDF4D Masked ICC Track2 data * a var DFDF50 MSR KSN * b 10 DFDF51 DFDF52 DFDF53 MSR Encryption Type (see DFDF42 for bit definitions) Card Type Reported as clear text in ARQC with possible values 01 or 07. See Table Card Type Codes on page 148. Fallback Indication 0x00 = No fallback or missing tag 0x81 = MSR Fallback used 0x01 = Technical Fallback used * b 1 - b 1 * b 1 DFDF54 MAC KSN * b 10 DFDF55 MAC Encryption Type (see DFDF42 for bit definitions) * b 1 DFDF56 Encrypted Transaction Data KSN * b 10 DFDF57 Encrypted Transaction Data Encryption Type (see DFDF42 for bit definitions) * b 1 DFDF58 Number of Bytes of Padding in F8 * b 1 DFDF59 Encrypted Data Primitive * b var DFDF61 BIN Table Slot b 6 DFDF62 BIN Table Slot b 6 DFDF63 BIN Table Slot b 6 DFDF64 BIN Table Slot b 6 DFDF65 BIN Table Slot b 6 DFDF66 BIN Table Slot b 6 DFDF67 Acquirer Terminal Config - Fallback 0x00 = Fallback Not Supported 0x01 = Fallback Supported 01 b 1

153 Appendix D - MagTek Custom EMV Tags (EMV Only) Tag Description Default (Hex) Format Length DFDF68 Acquirer Terminal Config - PIN Bypass 0 = PIN Bypass Not Supported 1 = PIN Bypass Supported 01 b 1 DFDF70 Terminal Action Code - Default b 5 DFDF71 Terminal Action Code - Denial b 5 DFDF72 Terminal Action Code - Online b 5 DFDF73 Payment Brand Account Type 0x00 = Default 0x01 = Cardholder Select Credit, Debit, Default 0x02 = Debit 0x03 = Credit * - Value is based on the ongoing transaction 00 b 1 Page 153 of 212 (D )

154 Appendix E - EMV Configurations (EMV Only) Appendix E EMV Configurations (EMV Only) For the most up-to-date information about the device s EMV Terminal Configuration, EMV Terminal Type, EMV Terminal Capabilities, and Additional EMV Terminal Capabilities, see the EMVCo Letter Of Approval (LOA) for the device: 1) In a web browser, open 2) Follow the Approvals and Certification link. 3) Expand the navigation tree to Terminal Type Approval > Approved Products, and follow the Level 2 Contact Approved Application Kernels link. 4) Alternatively you may try this direct table link to the M section of tables. 5) Find the table for products made by MagTek, Inc. and locate the table row for the device you are working with. 6) Click the attachment icon at the end of the row to open the Letter of Approval for that device. Page 154 of 212 (D )