AET63 BioTRUSTKey Reference Manual info@acs.com.hk Subject to change without prior notice www.acs.com.
Table of Contents 1.0. Introduction ............................................................................................................... 3 2.0. Supported Card Types.............................................................................................. 4 2.1. Microcontroller-Based Smart Cards (Asynchronous Interface) .............................................4 3.0. Smart Card Interface ................................................................................................
1.0. Introduction The AET63 BioTRUSTKey provides an interface for communication between a computer, a smart card, and TFM (Trusted Fingerprint Module). Because different types of smart cards have their own sets of communication protocols and commands, direct communication between a smart card and a computer is prevented in most cases. The BioTRUSTKey establishes a uniform interface between a computer and a smart card for a wide variety of cards.
2.0. Supported Card Types The AET63 can operate MCU card with T=0 and T=1 protocol. The table presented in Appendix A explains which card type selection value must be specified for the various card types supported by the reader. 2.1.
3.0. Smart Card Interface The interface between the AET63 and the inserted smart card follows the specifications of ISO7816-3 with certain restrictions or enhancements to increase the practical functionality of the AET63. 3.1. Smart Card Power Supply VCC (C1) The current consumption of the inserted card must not be higher than 50mA. 3.2. Programming Voltage VPP (C6) According to ISO 7816-3, the smart card contact C6 (VPP) supplies the programming voltage to the smart card.
4.0. Power Supply The AET63 requires a voltage of 5V DC, 100mA, regulated, power supply. The AET63 gets the power supply from PC (through the cable supplied along with each type of reader). Status LEDs Two green LED on the front of the reader indicates the activation status of the smart card interface and the status of power supply of the device: First Green LED Indicates power supply to the device, i.e., the device is receiving power from the computer.
5.0. USB Interface The AET63 is connected to a computer through a USB following the USB standard. 5.1. Communication Parameters The AET63 is connected to a computer through USB as specified in the USB Specification. The AET63 is working in low speed mode, i.e. 1.5 Mbps. USB Interface Wiring Pin Signal Function 1 VBUS +5V power supply for the reader 2 D- Differential signal transmits data between AET63 and PC. 3 D+ Differential signal transmits data between AET63 and PC.
6.0. Communication Protocol In the normal operation, the AET63 acts as a slave device with regard to the communication between a computer and the reader. The communication is carried out in the form of successive commandresponse exchanges. The computer transmits a command to the reader and receives a response from the reader after the command has been executed. A new command can be transmitted to the AET63 only after the response to the previous command has been received.
6.1.2. Extended Command A command consists of six protocol bytes and a variable number of data bytes and has the following structure: Byte 1 2 3 Header Instruction 4 Data Length = N FFH Header 5 6 ... N+5 (N>0) N+6 Data Checksum Data Length N 01H to indicate the start of a standard command. 02H to indicate the start of an encrypted command (support from firmware 0.
SW2 67 H = error detected in command execution FFH = status message initiated by the reader Further qualification of the command execution status. A table listing the possible values of the status bytes SW1 and SW2 and the corresponding meaning is given in Appendix B. Data Length Number of subsequent data bytes (0 < N < 255) Data Data contents of the command. For a READ_DATA command, for example, the data bytes would contain the contents of the memory addresses read from the card.
Data Data contents of the command. For a READ_DATA command, for example, the data bytes would contain the contents of the memory addresses read from the card. The data bytes can represent values read from the card and/or status information. Checksum The checksum is computed by XORing all response bytes including header, status bytes, data length and all data bytes. Note (*) : Please refer to “BioTRUSTKey API Manual.doc” for the descriptions of PTVerifySC and PTVerifySCAll. 6.2.3.
NOTE: If the card is being removed from the reader while a card command is being executed, the reader will transmit a normal response to the computer with the response status bytes indicating the card removal during command execution (see Appendix B: Response Status Codes). 6.4.
7.0. COMMANDS The commands executed by the AET63 can generally be divided into two categories, namely, Control Commands and Card Commands. Control Commands manage the internal operation of the AET63. They do not directly affect the card inserted in the reader and are therefore independent of the selected card type. Card Commands are directed toward the card inserted in the AET63. The structure of these commands and the data transmitted in the commands and responses depend on the selected card type. 7.1.
7.1.2. SELECT_CARD_TYPE This command sets the required card type. The firmware in the AET63 adjusts the communication protocol between reader and the inserted card according to the selected card type. Command format Instruction Code Data length Data TYPE 02 H TYPE 01 H See Appendix A for the value to be specified in this command for a particular card to be used. Response data format No response data 7.1.3.
NOTIFY Specifies whether the Card Status Message shall be transmitted to notify the host computer of card insertion / removal 01H : transmit Card Status Message 02H : do not transmit Card Status Message Response data format No response data 7.1.5. SET_OPTION This command selects the options for the reader.
7.2. EEPROM Commands 7.2.1. EEPROM_READ_DATA This command is used to read the specified number of bytes from the specified address of the EEPROM. Command format Instruction Code Data length Data ADDR 9A H LEN 03 H ADDR Byte address of first byte to be read from the EEPROM. The high byte of the address is specified as the first byte of ADDR. LEN Number N of data bytes to be read from the EEPROM (0 < N ≤ MAX_R) Response data format BYTE 1 BYTE x 7.2.2. BYTE 2 BYTE 3 ... ...
7.3. TFM (Trusted Fingerprint Module) Commands 7.3.1. TFM_COMMAND This command is used to send the command to the TFM. Command format Instruction Code Data length Data LEN TFM Command 9C H LEN … … … Number N of command to be sent to the TFM (0 < N ≤ MAX_R) DATA The TFM command (please refer to TFM API Documentation) Response data format BYTE 1 BYTE x 7.3.2. BYTE 2 BYTE 3 ... ...
7.3.3. 3. TFM_SMARTCARD This is used to get list of APDUs from the EEPROM and then send the APDUs to the smart card. The list of APDUs selects the correct file in the smart card for the enrollment or verification of the fingerprint template. Command format Instruction Code 9E H ADDR Data length Data LEN ADDR 02 H Address of the EEPROM stores the list of APDUs.
7.3.4. TFM_OPEN_SECURE_SESSION This command sends 24 bytes of random number to AET63. The random number is used to general the session key. Command format Instruction Code 9F H Data Data length Data LEN ….. 18 H ….. 24 bytes of random number to generate the session key Response data format No response data Page 19 of 26 AET63 Reference Manual Document Title Here Version 2.2 Document Title Here info@acs.com.hk www.acs.com.
7.4. MCU-based Card 7.4.1. RESET This command powers up the card inserted in the card reader and performs a card reset. If the card is powered up when the command is being issued, only a reset of the card is carried out. The power supply to the card is not switched off. Command format Instruction Code Data length 80 H 00 H Response data format ATR ATR Answer-To-Reset as transmitted by the card according to ISO7816-3.
P1 APDU parameter byte 1 P2 APDU parameter byte 2 Lc APDU command data length BYTE x APDU command data Le Expected APDU response data length (Le = 0 means no data is expected from the card) NOTE With the T=0 communication protocol it is not possible to transmit data to the card and from the card in a single command-response pair. Hence, only either Lc or Le can be greater than 0 in an EXCHANGE_APDU command when a T=0 card is in the reader.
7.5. Security Application Module (SAM) Note: 7.5.1. The commands in this section ACITIVATE_SAM, DEACTIVATE_SAM, EXCHANGE_SAM_APDU and EXCHANGE_SAM_T1_FRAME can only be used in SAM reader. ACTIVATE_SAM This command is used to power up and reset the specified SAM and transmit the SAM's ATR in the response.
7.5.3. EXCHANGE_SAM_APDU To exchange an APDU (Application Protocol Data Unit) command/response pair between the SAM card inserted in the AET63 and the host computer. Command format Instruction Data Code length LEN Data CLA INS P1 P2 Lc BYTE 1 ...2 ...
7.5.4. EXCHANGE_SAM_T1_FRAME To exchange an APDU (Application Protocol Data Unit) command/response pair between the SAM card inserted in the AET63 and the host computer using T1 protocol. Command format Instruction Code Data length Data LEN T1 BLOCK FRAME B1 H LEN Length of APDU command data, N DATA T1 Block frame to be sent to the card Response data format BYTE 1 BYTE x ... ... BYTE N Response T1 Block from card (if any) Page 24 of 26 AET63 Reference Manual Document Title Here Version 2.
Appendix A. Supported Card Types The following table summarizes which values must be specified in the SET_CARD_TYPE command for a particular card type to be used, and how the bits in the response to the GET_ACR_STAT command correspond with the respective card types.
Appendix B. Response Status Codes The following table summarizes the possible status code bytes SW1, SW2 returned by the AET63: SW1 SW2 Status 90 00 OK – command successfully executed 90 01 OK – using T=1 protocol (only in response to the RESET command) 90 10 OK – synchronous protocol is used (only in response to the RESET command). The exact card type should be selected by using the SELECT_CARD_TYPE command.