Deactivate authenticated mode command – MagTek Bluetooth MagneSafe V5 Swipe Reader User Manual
Page 52

Bluetooth MagneSafe V5 Swipe Reader
44
in the Authenticated Mode until a card swipe or power down occurs (no
timeout).
If the Session ID information is included and the command is successful,
it will change the Session ID in the reader.
If the reader decrypts the CR response correctly the Activate
Authenticated Mode has succeeded. If the reader can not decrypt the CR
command correctly the Activate Authenticated Mode has failed, the
DUKPT KSN advances.
Data structure:
Request Data: None
Offset
Field Name
Description
0
Response to
Challenge 1
Six bytes of Challenge 1 plus two bytes of time as
outlined above, encrypted by the specified variant of
the current DUKPT Key
8
Session ID
Optional eight byte Session ID encrypted by the
specified variant of the current DUKPT Key.
Response Data: None
Result codes:
0x00 (Success)
0x02 (Bad Parameters – the Request Data is not a correct length)
0x04 (Bad Data – the encrypted reply data could not be verified)
0x07 (Sequence – not expecting this command)
Example Activation Challenge Reply Request (Hex):
Cmd Num
Data Len
Data
11
08
8579 8275 2157 3495
Example Activation Challenge Reply Response (Hex):
Result Code Data Len
Data
00
00
DEACTIVATE AUTHENTICATED MODE COMMAND
Command number:
0x12
Description:
This command is used to exit the Authenticated Mode command. It can
be used to exit the mode with or without incrementing the DUKPT
transaction counter (lower 21 bits of the KSN). The application must send
the first 7 bytes of Challenge 2 (from the response to the Activate
Authenticated Mode command) and the Increment flag (0x00 indicates no
increment, 0x01 indicates increment of the KSN) encrypted with a variant
of the current DUKPT PIN Encryption Key (Key XOR 3C3C 3C3C 3C3C
3C3C 3C3C 3C3C 3C3C 3C3C).