Technical Blog

Welcome to the ID TECH Products technical blog

Home  > Technical Blog

Kas Thomas
Posted: 5 Mar 2017

One of the nice things about chip cards (ICCs) is that the data that comes out of them is virtually always supplied in a standard format, called BER-TLV. In plain English: Basic Encoding Rules, Tag-Length-Value (a quaint but informative article about it can be found here). The BER-TLV format is one of the ASN.1 (Abstract Syntax Notation) encodings defined by ITU X.690, which is a very old set of standards dating to the primordial predawn of the Internet. Chip cards use the TLV scheme to encode card data. At its simplest, the Tag-Length-Value scheme just means that if you have a tag...

Kas Thomas
Posted: 5 Feb 2017

I've mentioned our Augusta (see photo) in previous posts, and I've mentioned that Augusta with Quick Chip and M/Chip Fast is patent-pending. But why? Why is it patent-pending? What the heck is patentable about it? Isn't Quick Chip in the public domain? (Yes, actually. Visa considered patenting it, but decided not to.) What is there about Augusta with Quick Chip and M/Chip Fast that's so darned innovative, anyway? Short answer: The Big Innovation here is that Augusta is the only chip-card reader on the market that can do EMV entirely in keyboard mode. Which means it can be adapted for use in browser apps: that...

Kas Thomas
Posted: 5 Jan 2017

At ID TECH, we're excited about Faster EMV (aka Quick Chip) technology. You should be, too! In case you haven't heard, Faster EMV (originally a Visa innovation called Quick Chip, but now officially blessed by all major card issuers) has the potential to turn a 20-second chip card transaction into a super-fast (2-second) "dip and go" scenario. It's standard EMV, hard-wired for speed. And it's easy to implement; we've done all the hard work for you. We think it has the potential to change the outlook for EMV in the U.S. But note well, this is not just about faster transactions (and...

Kas Thomas
Posted: 5 Dec 2016

Wouldn't it be great if a chip-card transaction took, say, 2.0 seconds instead of 20 seconds? We thought so too. Which is why ID TECH is proud to introduce the patent-pending Augusta with Quick Chip (see photo), the fastest contact-EMV card reader money will buy. Just insert your chip card, remove it two seconds later, and put your card away while a receipt prints out. It's that fast. (Come see it in person at the National Retail Federation show, Booth 4521, at the Javits Center, Jan. 15, 16, and 17.) Augusta is blazing fast, but this isn't just about speed. It's also about making EMV play...

Kas Thomas
Posted: 5 Nov 2016

Until recently, reading credit card data was as easy as swiping a card through a reader (such as one of the many readers made by ID TECH) and having a virtual-terminal app (or other apps) slurp up the track data as it comes straight out of the reader. The data in question would simply show up as keystrokes on a screen, unencrypted. Those were the days!  Suffice it to say, things have changed. Today, magstripe readers generally output encrypted data, over USB (often in HID mode, rather than keyboard mode), and most card readers today have to handle chip cards...

Kas Thomas
Posted: 5 Oct 2016

Compared to magstripe readers, chip-card readers are fussy. Reading a magnetic stripe is comparatively straightforward, but getting a chip-card reader to converse with the chip on a chip card requires a substantial amount of preparation and setup. Let's talk about what that means. Before attempting to perform any EMV transactions using a chip-card reader, you need to make sure your card reader is properly configured. At a minimum, this means loading the device with: Proper terminal settings Any AIDs that might be needed Public keys for the card brands you intend to honor TERMINAL SETTINGS So-called "terminal settings" must be...

Kas Thomas
Posted: 5 Sep 2016

One of the nice things about ID TECH card readers is how ridiculously easy it is to communicate with them. Did you know, for example, that you can talk to most of our payment peripherals via your Google Chrome web browser? Let's talk about how to do that, because it's tremendously handy to be able to talk to serial and/or USB devices using nothing more than JavaScript and HTML. For this article, I'm going to focus on the RS-232 version of ID TECH's SRED-compliant SecuRED card reader (pictured below), which is a full-time-encrypting magnetic swipe reader (MSR) that can communicate via USB-HID, USB-KB, or...

Kas Thomas
Posted: 20 Aug 2016

Customers often ask: How can I decrypt the data coming out of my ID TECH credit-card reader?  The answer: You need to know the algorithm that was used to encrypt the data, and the keythat was used. Then you can decrypt the data using the key. These days, almost all credit-card data gets encrypted using a one-time-only key, obtained via a special key-management scheme called DUKPT (which stands for Derived Unique Key Per Transaction). It's important to understand that in the DUKPT world, every transaction has its own key. The key can't be reused for any other transaction(s); hence, replay attacks are impossible. The question is: How can you...

Kas Thomas
Posted: 5 Aug 2016

A question that comes up a lot is: The track data I'm getting from my ID TECH credit card reader is encrypted. How do I decrypt it? The answer is: You need to obtain the proper session key for the transaction, and then use that key to decrypt the data payload via Triple-DES (or AES, as appropriate).  The decryption process itself is gratifyingly anticlimactic. You'll likely use any of a number of existing open-source implementations of TDES or AES (there's no need to implement core crypto routines yourself), operating in CBC (Cipher Block Chaining) mode, with a default initial vector of all zero bytes. Assuming you...