Uniform PP190 PIN Pad User Manual PIN Pad PP190
Uniform Industrial Corp. PIN Pad PIN Pad PP190
Uniform >
Manual
PIN Pad PP190 Programmer’s Manual Personal ID Number Pad Revision 0 2014-02-06 PIN Pad 190 Programmer’s Manual 2014-02-06 FEDERAL COMMUNICATIONS COMMISSION STATEMENT This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. You are cautioned that any change or modifications to the equipment not expressly approve by the party responsible for compliance could void your authority to operate such equipment. Uniform Industrial Corp. Proprietary and Confidential Page 1 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 NOTICE The issuer of this manual has made every effort to provide accurate information. The issuer will not be held liable for any technical and editorial omission or errors made herein; nor for incidental consequential damages resulting from the furnishing, performance or use of this material. This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated without the prior written consent of the issuer. The information provided in this manual is subject to change without notice. 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、 大功率 或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改 善至無干擾時方得繼續使用。 前項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電 波輻射性電機設備之干擾。 AGENCY APPROVED FCC class B CE class B WARRANTY This product is served under one-year warranty to the original purchaser. Within the warranty period, merchandise found to be defective would be repaired or replaced. This warranty applies to the products only under the normal use of the original purchaser, and in no circumstances covers incidental or consequential damages through consumers’ misuse or modification of the products. Uniform Industrial Corp. Proprietary and Confidential Page 2 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Document History Document Version Apply to FW version Change 0A 190BL00A First SQA 190SC00A 190PM00A 0B 190BL00A 1. First SQA debug. 190BL00A 1. Second SQA debug. 190SC00C 2. Add new command ”01”、”16”. 190PM00A 3. Add new command “94”、”96”. 4. Add new function “self diagnostic”. 190BL00A 1. Third SQA debug 190SC00D 2. Add new function “Remote key injection” (R00 ~ R02) 190BL00A 1. Fourth SQA debug 190SC00E 2. Add new function RTC(Real time clock) and new 190SC00B 190PM00A 0C 0D 190PM00A 0E 190PM00A 0F 190BL00A command “P18” 1. Fifth SQA debug 190SC00F a. Modify command 02. 190PM00A b. Modify command 08. c. Modify command 72. d. Modify command Z2 to responseat end of transmit. e. Modify command Z60. f. Modify command 70 (PIN Entry Request with DUKPT) to check exist of DUKPT key early. Uniform Industrial Corp. Proprietary and Confidential Page 3 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Table of Contents Section 2 PP190 Setup & Diagnostic Menu __________________________________ 7 Start Up Self Test _____________________________________________________________ 7 Call up Diagnostic Menu ______________________________________________________ 7 Diagnostic Menu 1: HW Tests __________________________________________________ 7 Diagnostic Menu 2: Display Info ________________________________________________ 8 Diagnostic Menu 3: Set LCD Backlight ___________________________________________ 8 Diagnostic Menu 4: Set Keypad Beep ____________________________________________ 8 Diagnostic Menu 5: Update Password ___________________________________________ 8 About USB virtual COM port (only applied on USB version) _________________________ 9 Section 3 Message format ______________________________________________ 10 Notation Conventions ________________________________________________________ 10 Message frame summary _____________________________________________________ 11 Section 4 Administration and maintenance messages_______________________ 12 Message 01 Self Test ________________________________________________________ 12 Message 02 Load Master Key _________________________________________________ 14 Symmetric Keys Loading Authentication ________________________________________ 18 Message 04 Check Master Key ________________________________________________ 20 Message 05 Load Serial Number _______________________________________________ 22 Message 06 Get Serial Number ________________________________________________ 23 Message 07 Test DES Implementation __________________________________________ 24 Message 08 Select Master Key ________________________________________________ 25 Message 09 Communication Test ______________________________________________ 26 Message 11 PIN Pad Device Connection Test ____________________________________ 28 Message 13 Adjust COM1 Baud Rate (RS-232 version only) ________________________ 29 Message 16 Remote self-test request ___________________________________________ 31 Message 17 Request random number __________________________________________ 32 Message 18 Get/Set PIN pad system time _______________________________________ 33 Message 19 Query Firmware Version ___________________________________________ 35 Message 1J Turn ON/OFF LCD Backlight ________________________________________ 37 Message 1M Setup Keypad Beeper _____________________________________________ 39 Section 6 Online transaction messages with Master/Session Keys (MK/SK) _____ 41 Message 70 PIN entry request (MK/SK) _________________________________________ 41 Message 71 Encrypted PIN Block Response _____________________________________ 44 Message 72 PIN Entry Cancel _________________________________________________ 47 Message Z0 Move Display Cursor ______________________________________________ 48 Message Z1 Reset State ______________________________________________________ 49 Message Z2 Display String____________________________________________________ 50 Message Z3 Display Line Prompts _____________________________________________ 53 Uniform Industrial Corp. Proprietary and Confidential Page4 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Z2 / Z3 Authenticated mode with fixed prompt ___________________________________ 56 Z2 / Z3 PIN entry mode with fixed prompt _______________________________________ 56 Message Z2 Display String with Authentication Code _____________________________ 57 Message Z3 Display Line Prompts with Authentication Code _______________________ 59 Example to use Z2 / Z3 with Authencation Code. _________________________________ 61 Message Z42 Read Key Code ________________________________________________ 62 Message Z43 Read Key Code Response _______________________________________ 63 Message Z50 String Entry Request ___________________________________________ 64 Message Z51 String Entry Response __________________________________________ 66 Message Z60 PIN entry request with external prompt (MK/SK)_____________________ 67 Message Z62 PIN entry request with customized prompt (MK/SK) _________________ 69 Message Z64 Query Key Check Value (KCV) ____________________________________ 72 Message Z65 Key Check Value Response _______________________________________ 73 Message Z66 Message Authentication Code (MAC) Request ______________________ 74 Message Z67 Message Authentication Code (MAC) Response _____________________ 77 Message Z7 Turn ON/OFF CANCEL Message Display _____________________________ 79 Message Z8 Set Idle Prompt __________________________________________________ 80 Section 7 Online transaction messages with Derived Unique Key per Transaction (DUKPT) ______________________________________________________________ 81 Message 60 Pre-authorization PIN Entry Request _________________________________ 82 Message 62 Pre-authorization Amount Authorization Request ______________________ 84 Message 70 PIN Entry Request (DUKPT) ________________________________________ 85 Message 71 Encrypted PIN Block Response _____________________________________ 87 Message 72 PIN Entry Cancel _________________________________________________ 89 Message Z60 PIN entry request with external prompt (DUKPT) ____________________ 90 Message Z62 PIN entry request with customized prompt (DUKPT) _________________ 92 Message 76 PIN Entry Test Request ____________________________________________ 95 Message 7A KSN output format _______________________________________________ 96 Message 90 Load First Initial Key Request ______________________________________ 97 Message 91 Load Initial Key Response _________________________________________ 99 Message 94 Load Second Initial Key Request ___________________________________ 100 Message 96 Select Active Key Set ____________________________________________ 101 Section 8 Remote key injection method__________________________________ 102 Message R00 Load Vender Public Key _________________________________________ 103 Message R01 Update RSA Key _______________________________________________ 106 Message R02 Remote Key Injection ___________________________________________ 112 Section 9 EMV Level 2 transaction messages _____________________________ 117 Message T51 Terminal Configuration Setup ____________________________________ 118 Message T52 Terminal Configuration Setup Response ___________________________ 121 Message T53 Certificate Authority Public Key Setup _____________________________ 122 Uniform Industrial Corp. Proprietary and Confidential Page5 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Message T54 Certificate Authority Public Key Setup Response ____________________ 125 Message T55 EMV Application Configuration Setup ______________________________ 126 Message T56 EMV Application Configuration Setup Response ____________________ 131 Message T61 Start Transaction _______________________________________________ 132 Message T62 Start Transaction Response ______________________________________ 134 Message T63 Get Transaction Result’s Data ____________________________________ 136 Message T64 Get Transaction Result’s Data Response ___________________________ 137 Message T65 Get Online authorization Data ____________________________________ 138 Message T66 Response of Get Online authorization Data message _________________ 139 Message T71 Send Online Authorized Code ____________________________________ 140 Message T73 Send Issuer Script Command ____________________________________ 142 Message T74 Send Issuer Script Command Response ___________________________ 143 Message T75 Revocation List Setup ___________________________________________ 144 Message T76 Revocation List Setup Response__________________________________ 145 Message T77 Exception List Setup ____________________________________________ 146 Message T78 Exception List Setup Response ___________________________________ 147 Appendix A Key management__________________________________________ 148 Appendix B PIN Block Format _________________________________________ 156 ANSI x9.8 format (MK/SK, DUKPT, and Offline clear text PIN entry) _________________ 156 Appendix C Fixed Prompts for Z2/Z3 authenticated mode___________________ 157 Appendix D Fixed Prompts for Z2/Z3 PIN entry mode ______________________ 159 Uniform Industrial Corp. Proprietary and Confidential Page6 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Section 2 PP190 Setup & Diagnostic Menu Start Up Self Test PP190 will perform a series of self-tests during start up, which include: Internal firmware checksum: PP190 will verify the internal firmware checksum to ensure the integrity of the firmware program. If firmware checksum error, PP190 will show following prompt and reject further commands: ** A L E R T ** ROM CHKSUM FAILD Security Memory Integrity: PP190 will verify secret personalization information written in the Battery Powered Key (BPK) register of the CPU. If BPK verification failed (possibly by security breach or internal battery exhausted,) PP190 will show following prompt and reject further commands: ** A L E R T ** PED WAS TAMPERED Call up Diagnostic Menu Press function key [CLR] + [3] (quickly press ‘3’ after [CLR] released) of PP190 will call up diagnostic menu when PP190 in idle state. The default 2 passwords for diagnostic menu are “87806799” (both passwords) DISPLAY ACTION (Idle prompt) Power on. Press [CLR]+[3] Password 1? Input first setup password and press [ENTER] Password 2? Input second setup password and press [ENTER] HW Tests Use left button [-] and right button [-] to scroll up and down. Display Info [ENTER] to execute. Set LCD Backlight Set Keypad Beep Update Password Diagnostic Menu 1: HW Tests DISPLAY ACTION Display Test Display two pages of test pattern: First page is turn on all pixels to check if there are any dot Uniform Industrial Corp. Proprietary and Confidential Page7 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 damage. Press any key or wait 10 sec to continue. Second page shows PP190 character sets. Press any key or wait 5 sec to leave. Keypad Test PP190 will echo user’s input key at line 2. Press [CAN] to leave this test. Diagnostic Menu 2: Display Info DISPLAY ACTION Show SerialNum Display current serial number. Refer to message 06. Show Version Display current firmware version. Diagnostic Menu 3: Set LCD Backlight DISPLAY ACTION Light Always ON First item will set LCD backlight always on. This setting is the Light Auto OFF same with message 1J with parameter 1. Second item will set PP190 enable its backlight in following situation: a. Any key is pressed. b. PIN entry command is working c. Selecting Menu. And backlight will automatically turn off after 3 seconds of above operation ends. Diagnostic Menu 4: Set Keypad Beep DISPLAY ACTION Beep ON Key press with beep. Beep OFF Key press without beep. Diagnostic Menu 5: Update Password DISPLAY Uniform Industrial Corp. ACTION Proprietary and Confidential Page8 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Update Password1 PP190 will show following message: NEW PASSWD **** CONFIRM PASSWD **** User should press 1st password, press [ENTER] to enter 2nd password, then press [ENTER] to finish input. If two passwords mismatch the password will not be changed. Password must have 4 characters at least, with maximum 8 characters. Update Password2 PP190 will show following message: NEW PASSWD **** CONFIRM PASSWD **** (Usage is the same with password 1.) About USB virtual COM port (only applied on USB version) PP190 USB version will identify itself as a virtual COM port for Windows 2000/XP device enumeration. When Windows requests PP190’s device driver, please provide a directory name which contains PP190 USB driver, and answer “proceed anyway” when prompted with driver certification questions. The baud rate of PP190 virtual COM port is determined by the application program. When AP calls Windows API to open COM port, PP190 and Windows virtual COM port driver will adjust its baud rate according to the parameters sent to API function. Uniform Industrial Corp. Proprietary and Confidential Page9 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Section 3 Message format This chapter details the format of messages exchanged between the host and PIN Pad. Notation Conventions The following conventions are used to make the description of messages more readable: Control Codes Control codes (non-displayable codes) are represented by two to three capital letters enclosed in angled brackets “<>“. This PIN Pad uses 12 control codes in total. Their actual code, when referenced, is represented by two hex digits enclosed in angled brackets, <0F> for example. The following table lists their usage and value in hex codes. CODE HEX VALUE USAGE STX 02 Denotes the beginning of a message frame ETX 03 Denotes the ending of a message frame EOT 04 Indicates communication session terminated ACK 06 Acknowledge of message received SI 0F Denotes the beginning of a message frame SO 0E Denotes the ending of a message frame NAK 15 Indicates invalid message received SUB 1A Message parameter follows FS 1C Field separator GS 1D Message ID follows [LRC] Each message frame transmitted is followed by an LRC byte to detect communication error. This byte should be regarded as part of the message frame but comes after the ending delimiter character. [LRC] is used to represents this LRC byte in describing message frames. LRC is calculated as an XORed value of every byte after start code in the message frame except itself, that means from the next byte of or through the or byte. [item] A descriptive item name enclosed in bracket denotes a string or data byte that has no fixed value. Uniform Industrial Corp. Proprietary and Confidential Page10 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Message frame summary Data exchanged between PIN Pad and host computer are grouped into “message frames”. Each message frame has one of the two frame formats listed below: [message ID][data] [LRC] [message ID][data] [LRC] Each type of message has a unique value in its message ID field. In the following texts, we reference a message type by its message ID value, e.g. “message 70”. Message type Messages exchanged between the Signature PIN Pad and the HOST can be divided into two categories. One is for administration and maintenance, in general administrative messages have packet header and will return message to HOST by the same message ID. The other is for various transactions, in general transaction messages have packet header, and comes in pair. Even number message packets sends command and data to Signature PIN pad, then odd number message packets returns the result. Time-out Whenever the PIN Pad sends a message, a response ( character for acknowledgement or character if LRC error occurred) from host is expected. If the PIN Pad does not receive a response within 5 seconds, it will retransmit the last packet. If PIN pad does not receive or after two retransmit attempts, it will send character and this communication session will be terminated. Transmission Error The PIN Pad expects the host computer to send a NAK when the host decides that an invalid frame is received. When the PIN Pad receives a NAK, it will retransmit its last message. If the message retransmitted is invalid again, then a NAK should be sent by host to request for another try. The PIN Pad will keep on retransmitting until an or is received. Packet Error When PIN pad received a good transmission but invalid packet (wrong message id) it will ignore the packet. If the packet has acceptable message id but have wrong format. PIN pad will send as error message. When in PIN entry functions it will send more detail error code. Uniform Industrial Corp. Proprietary and Confidential Page11 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Section 4 Administration and maintenance messages Message 01 Self Test Format: 01[test item] [LRC] Message length: Fixed 7 bytes. Usage: Field maintenance users can issue message 01 to do interactive PIN Pad self-tests. Test results will be displayed on PIN Pad. ’04’ PIN Pad will detect specific pattern of key presses as a “correct” pattern, which is “[F1] [MENU] [F2] 1 2 3 4 5 6 7 8 9 [CAN] 0 [ENTER] [CLEAR]”. Key press pattern other than above will be treated as fail. Issue message 72 will interrupt this test, too. ’05’: PIN pad will display 2 test pages: First one is a full screen of black dots to check for damaged dot. Press [ENTER] or wait 10 seconds to display page 2, which is some characters. Press [ENTER] again to end this test. ’06’: PIN pad will display its serial number on the LCD display. ’07’: PIN pad will execute a communication test, see next page for message flow. Message element: Field Length Value and description <0F> 01 Message ID [Test item] 01 02 03 04 Keypad test 05 Display test 06 Check serial number 07 Communication test <0E> [LRC] Checksum Message flow: (for test item 04 through 06) HOST Message 01 Direction PIN Pad (Good LRC) (Bad LRC) ( after 3 NAKs) (Execute self test) Uniform Industrial Corp. Proprietary and Confidential Page12 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 (when test done) Message flow: (for test 07) HOST Direction Message 01 PIN Pad (Good LRC) (Bad LRC) ( after 3 NAKs) 09 Request Packet (Good LRC) (Bad LRC) ( after 3 NAKs) 09 Response Packet (Good LRC) (Bad LRC) ( after 3 NAKs) (Good LRC) 09 Response Packet (Bad LRC) Uniform Industrial Corp. Proprietary and Confidential (when test done) Page13 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Message 02 Load Master Key Format: 02[Key ID][Key value] [Usage][Mode] [LRC] (with clear text key) 02[Key ID][Key value (ANSI TR31 format)] [LRC] (with encrypted key) Message length: Variable (38 to 94 bytes). Usage: Load Master Keys into PP190. PP190 can store 16 master keys; each has a one digit ID. Master keys are divided into three groups of different functions. Refer to Appendix A: Key management for key usage and ID definition. PP190 implements multiple security measures to conform Payment Card Industry (PCI) security requirement. In order to load clear text master keys, two authorized people with their password are required. Otherwise the user must issue message 02 with encrypted key value (ANSI TR31 format). See next entity “Symmetric Keys Loading Authentication” for detailed information. Note: 1. The [key value] field’s format is ASCII string with range ‘0’-‘9’, ‘A’-‘V’, which represents a hexadecimal byte in two characters, i.e. “1F” represents 0x1F. 2. PP190 requires key loading key (master key #F) to be TDES. 3. Pass key loading authentication and then load new clear text master key will erase all other master keys, to prevent malicious key substitution. For more information refer to “Symmetric Keys Loading Authentication” at page 24. Uniform Industrial Corp. Proprietary and Confidential Page14 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Message element: Request fame (HOST to PP190) Field Length Value and description <0F> 02 Message ID [Key ID] ‘0’ to ‘9’, ‘A’ to ‘F’ (A is not used) [Key value] Var. Hexadecimal string for key value. Clear text format: 32 bytes for double length, 48 bytes for triple length. TR31 format: 56 bytes for single length, 72 bytes for double length, 88 bytes for triple length. Field separator. (Optional, only available in clear text format frame if following [Usage] and [Mode] exists) [Usage] Optional: ANSI TR-31 key usage for clear text frame. Available value are: “K0” for key encryption. (id 0 ~ 9, B ~ F) “P0” for PIN encryption. (id 0 ~ 9) “M3” for MAC calculation. (id B ~ E) If omitted, default value is “K0” [Mode] Optional: ANSI TR-31 key mode for clear text frame. Available value are: ‘D’ for decryption only. (K0 keys) ‘E’ for encryption only (P0 / D0 keys) ‘G’ for MAC generation only (M3 keys) ‘V’ for MAC verification only (M3 keys) If omitted, default value is ‘D’. <0E> [LRC] Checksum Uniform Industrial Corp. Proprietary and Confidential Page15 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Request fame – Error message (HOST to PP190) Field Length Value and description <0F> 02 Message ID [Err msg] ‘1’: KLK does not exist. ‘2’: Key value duplicated with other existing key. ‘3’: Internal fail: fail to allocate memory ‘4’: Internal fail: fail to read key structure ‘7’: Fail to decrypt key value. ‘A’: TR31 format error. ‘B’: Insecure key inject. (New key is longer than the key used to protect it.) ‘C’: Fail to verify MAC value. ‘E’: Key usage incompatible with key ID. <0E> [LRC] Checksum Message flow: HOST Direction Message 02 (request frame) PIN Pad / / Processing request. If format error, send and end. Message 02 (echo of request frame). Verify echo frame. If verify ok, send . If packet LRC error, send . If host want to cancel key loading procedure, send . Uniform Industrial Corp. Proprietary and Confidential Save key value and send Page16 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Example: Clear Text Master key to be loaded: 1919191919191919 5B5B5B5B5B5B5B5B The Key ID you want to load: The resulting 02 message : 02019191919191919195B5B5B5B5B5B5B5B [LRC] Encrypted (ANSI TR-31 2005 Key Variant Binding Method) Key encrypting key (Mkey #F): 1919191919191919 5B5B5B5B5B5B5B5B Master key to be loaded (K0): AA55AA55AA55AA55 3434343434343434 Key Block Header (KBH): (ASCII) A0072K0TD00N0000 TDES CBC encrypted key value: 7D2D21FC9ECD3EEC BB0A2615BD8F0560 5722120BDFF2CCAC Left 4 bytes of MAC value: 319C3198 The Key ID you want to load: The resulting 02 message: 020A0072K0TD00N00007D2D21FC9ECD3EECBB0A2615BD8F05605722120BDFF2CCAC319C3 918 [LRC] Encrypted (ANSI TR-31 2010 Key Derivation Binding Method) Key condition: Load a double length PIN encryption key to key position #1 Key block protection key (KBPK): 1919191919191919 5B5B5B5B5B5B5B5B PIN encryption key to be loaded: AA55AA55AA55AA55 3434343434343434 Padded key data: 0080 AA55AA55AA55AA55 3434343434343434 1C2965473CE2 Key Block Header (KBH): (ASCII) B0080P0TE00N0000 Derived Key block encryption key (KBEK): DB7F2A99D5647A7D D3EDFE3DA7CF5B21 Derived Key block MAC key (KBMK): 87EE6C0795954446 A34A0BB5F305BCE1 (See Appendix A for detail derive process) CMAC of (KBH + Padded key data), using KBMK: EA391E5834C1AA0C (See Appendix A for detail CMAC algorithm) Use CMAC as IV to do TDES CBC encryption on padded key data, using KBEK: Encrypted key data: 3C4F5024C59C182F 7165BC870FCB7F63 456AAE07DB736C32 The resulting 02 message: <0F>021B0080P0TE00N0000 3C4F5024C59C182F 7165BC870FCB7F63 456AAE07DB736C32 EA391E5834C1AA0C<0E> Uniform Industrial Corp. Proprietary and Confidential Page17 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Symmetric Keys Loading Authentication In order to make PP190 accept clear text key loading frame, the key loading authentication must be processed. [Enter key loading authentication menu] Press [CLR]+[2] on the keypad of PP190, then PP190 will show key injection authentication login screen as following: ENTER PASSWORD 1: (Default password will be sent to authentic owner separately) st The first authorized person come to enter 1 password on keypad and press [ENTER]. Then PP190 will prompt to enter 2 nd st nd password if 1 password is correct. If 2 password is correct, too, PP190 will enter key loading mode and show following menu: KEY INJECT MODE Update Password1 Update Password2 Inject MKEY/IPEK Use [F1] and [F4] key to navigate light bar to “Inject MKEY/IPEK”, then press [ENTER]. Then user is free to load clear text master key by message 02, or load DUKPT initial key by message 90 and 94. [Timing constraint and message constraint of Key Inject Mode] According to PCI security requirement, PIN pad cannot stay in Key Inject Mode forever. Thus when PP190 entered Key Inject Mode, its internal timer will start to countdown, and its operating system will monitor specific message packets. If any one of following criteria is matched, PP190 will exit Key Inject Mode and reject message 02(clear text form) and 90, 94 command: 1. When PIN pad idled for 60seconds, it will exit Key Inject Mode. (Each time 02 / 90 / 94 / 08 / 96 is succeeded, the 60 seconds counter will reset to 60 again.) 2. When PIN pad has been in Key Inject Mode for 15 minutes. It will unconditionally exit Key Inject Mode. 3. When PIN pad receives messages other than 02 / 90 / 94 / 08 / 86, it will exit Key Inject Mode. 4. When user pressed CAN key on keypad, it will exit key inject mode. [Master key substitution protection] When user entered Key Inject Mode, PIN pad operating system will set up a new “Key Injecting Session”. The first injected clear text master key in a new session will erase all other master keys. The other master keys loaded in the same session will not erase any other master key. DUKPT key set 0 and set 1 will not erase each other. Uniform Industrial Corp. Proprietary and Confidential Page18 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Example flow to load master keys with security: In the following example we assume a bank receives a new PP190 and wants to initialize it before deploy. And want to update some master keys after its deployed. We also assume the master key to be loaded is position 0 and position F; their values are already stored in a Tamper Resistant Security Module (TRSM) in a secure way. 1. The bank must generate two passwords, and make two authorized people to keep them separately. 2. Authorized people must enter KEY INJECT AUTH menu and change password 1 and password 2. 3. After password changed, connect PIN pad to TRSM, enter KEY INJECT AUTH menu again and choose Inject MKEY/IPEK function. 4. Operate TRSM to load master key #F and master key #0. After step 4 finishes, user can issue other commands to PIN pad (such as message 08 to select key #0 as active master key) or turn it off and deploy it. 5. To load or update master keys at field site, user should issue encrypted command 02. Uniform Industrial Corp. Proprietary and Confidential Page19 Total 160 pages PIN Pad 190 Programmer’s Manual 2014-02-06 Message 04 Check Master Key Format: 04[key ID][Key Info Query] [LRC] Message length: Variable (6 or 7) bytes. Usage: Host sends this message to PIN Pad for checking if the master key with an ID of [key ID] has been loaded or not. Message 04 should be used before loading any master key. Message 04 can be also used to query key information (key usage/mode/algorithm) if the designated key is not empty. Message element: Request frame (HOST to PIN Pad) Field Length Value and description <0F> 04 Message ID [key ID] Master key ID [Key Info Query]