Technical Blog

Welcome to the ID TECH Products technical blog

Home  > Technical Blog

Posted: 20 Aug 2016

Customers often ask: How can I decrypt the data coming out of my ID TECH credit-card reader?  The answer: You need to know the algorithm that was used to encrypt the data, and the keythat was used. Then you can decrypt the data using the key. These days, almost all credit-card data gets encrypted using a one-time-only key, obtained via a special key-management scheme called DUKPT (which stands for Derived Unique Key Per Transaction). It’s important to understand that in the DUKPT world, every transaction has its own key. The key can’t be reused for any other transaction(s); hence, replay attacks are impossible. The question is: How can you derive a DUKPT key that will unlock a given transaction? The answer is: Generally speaking, you need the Key Serial Number (KSN) for the transaction, plus a special value called the...

Posted: 05 Aug 2016

A question that comes up a lot is: The track data I’m getting from my ID TECH credit card reader is encrypted. How do I decrypt it? The answer is: You need to obtain the proper session key for the transaction, and then use that key to decrypt the data payload via Triple-DES (or AES, as appropriate).  The decryption process itself is gratifyingly anticlimactic. You’ll likely use any of a number of existing open-source implementations of TDES or AES (there’s no need to implement core crypto routines yourself), operating in CBC (Cipher Block Chaining) mode, with a default initial vector of all zero bytes. Assuming you have the correct 16-byte decryption key, the decryption process is easy. The tricky part is deriving the key. For this, you’ll need to understand ANSI X9.24-1, otherwise known as DUKPT.   Welcome to the...

One of the nice things about ID TECH card readers is how ridiculously easy it is to communicate with them. Did you know, for example, that you can talk to most of our payment peripherals via your Google Chrome web browser? Let’s talk about how to do that, because it’s tremendously handy to be able to talk to serial and/or USB devices using nothing more than JavaScript and HTML. For this article, I’m going to focus on the RS-232 version of ID TECH’s SRED-compliant SecuRED card reader (pictured below), which is a full-time-encrypting magnetic swipe reader (MSR) that can communicate via USB-HID, USB-KB, or RS-232. In future articles, we’ll talk in depth about how to connect to ID TECH readers over USB-HID (in Chrome). For today, we’ll concentrate on RS-232, which is slightly easier than...