Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
April 2017
ABC SMARTCARD
9 bd grand CAMP 13016 Marseille France
Phone :+33 4 95 06 12 17
Mail contact : [email protected]
http://www.abc-smartcard.com
ABC Core-CT1 V3.2.8-Based
Reader
User Guide
Version 1.0
© ABC-Smartcard 2017 - copyright and all other rights reserved ii / ii
SPECIFIC WARNING NOTICE
All information herein is either public information or is the property of and owned solely by ABC-Smartcard who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights or concerning any of ABC-Smartcard 's information.
This document can be used for informational, non-commercial, internal and personal use only provided that: - the copyright notice below, the confidentiality and proprietary legend and this full warning notice appear in all copies. - this document shall not be posted on any network computer or broadcast in any media and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided « AS IS » without any warranty of any kind. Unless otherwise expressly agreed in writing, ABC-Smartcard makes no warranty as to the value or accuracy of information contained herein. The document could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Furthermore, ABC-Smartcard reserves the right to make any change or improvement in the specifications data, information, and the like described herein, at any time. ABC-SMARTCARD HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE INFORMATION CONTAINED HEREIN, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL ABC-SMARTCARD BE LIABLE, WHETHER IN CONTRACT, TORT OR OTHERWISE, FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING BUT NOT LIMITED TO DAMAGES RESULTING FROM LOSS OF USE, DATA, PROFITS, REVENUES, OR CUSTOMERS, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION CONTAINED IN THIS DOCUMENT. © Copyright ABC-Smartcard, 2017. Printed in France. ABC-SMARTCARD, 9, boulevard Grand Camp, 1306 MARSEILLE Tel: +33 (0)4.91.46.52.16 Fax: +33 (0)4.91.46.52.39 Document Reference: UGCT1326
© ABC-Smartcard 2017 - copyright and all other rights reserved iii / iii
CONTENTS
Table des matières 1. PREFACE ............................................................................................................................................................. 1
2. OVERVIEW .......................................................................................................................................................... 2
3. ABC CORE-CT1 CHIPSET INFORMATION ..................................................................................................... 3
4. ABC CORE-CT1 CONFIGURATION ................................................................................................................. 4
SOFTWARE ARCHITECTURE ................................................................................................................. 4
HARDWARE IMPLEMENTATION ........................................................................................................... 5
5. HOST COMMUNICATION PROTOCOL ........................................................................................................... 5
USB_COM .................................................................................................................................................. 6
COM_SERIAL_CCID................................................................................................................................. 6
COM_UART ............................................................................................................................................... 7
COM_SPI .................................................................................................................................................... 7
COM_HSSPI ............................................................................................................................................... 7
COM_I2C .................................................................................................................................................... 7
CCID COMMUNICATION PROTOCOL .................................................................................................. 8
5.7.1. Interrupt-IN messages ............................................................................................................................. 8
5.7.2. Bulk-OUT messages - Reader commands ............................................................................................... 9
PC_to_RDR_PowerOn ................................................................................................................... 9
PC_to_RDR_PowerOff ................................................................................................................ 10
PC_to_RDR_GetSlotStatus .......................................................................................................... 10
PC_to_RDR_XfrBlock ................................................................................................................. 11
PC_to_RDR_GetParameters ........................................................................................................ 11
PC_to_RDR_ResetParameters ..................................................................................................... 12
PC_to_RDR_SetParameters ......................................................................................................... 12
PC_to_RDR_Escape..................................................................................................................... 14
5.7.3. Response Pipe, Bulk-IN Messages ........................................................................................................ 15
RDR_to_PC_DataBlock ............................................................................................................... 15
RDR_to_PC_SlotStatus ................................................................................................................ 16
RDR_to_PC_Parameters .............................................................................................................. 16
RDR_to_PC_Escape..................................................................................................................... 18
Slot Error and Slot Status Reports in Bulk-IN message ............................................................... 19
5.7.4. List of supported functions by ABC CORE CT1 version ..................................................................... 20
5.7.5. Reader based Proprietary commands .................................................................................................... 21
LED Management ........................................................................................................................ 21
Switch to bootloader for firmware upgrade .................................................................................. 23
Start embedded EMV Loopback .................................................................................................. 24
Set APDU mode ........................................................................................................................... 25
Card Interface ............................................................................................................................................ 26
5.8.1. Commands ............................................................................................................................................ 26
© ABC-Smartcard 2017 - copyright and all other rights reserved iv / iv
5.8.2. Specific Commands for Asynchronous Cards EMV-Compliant operating mode .................................. 27
5.8.3. Specific commands for asynchronous Cards in Transparent Mode ....................................................... 28
5.8.4. Specific command for synchronous cards ............................................................................................. 29
Select card type ............................................................................................................................ 30
Read binary................................................................................................................................... 32
Get Response ................................................................................................................................ 33
Write Binary ................................................................................................................................. 34
5.8.5. Specific commands for Secure Element SE I2C ....................................................................... 35
Write Binary command ................................................................................................................ 35
Read Binary command ................................................................................................................. 36
6. Update USB information by flash memory ......................................................................................................... 37
7. APPENDIX A. STATUS CODES ....................................................................................................................... 38
8. APPENDIX B. .................................................................................................................................................... 39
How to read I2C AT24C02 card ................................................................................................................. 39
8.1.1. Select Card Type command ................................................................................................................... 39
8.1.2. Get Response command ........................................................................................................................ 39
How to write to I2C AT24C1024 card ........................................................................................................ 40
8.2.1. Select Card Type command ................................................................................................................... 40
8.2.2. Write Binary command ......................................................................................................................... 40
8.2.3. Write Binary command ......................................................................................................................... 40
How to access SLE 4418 /SLE 4428 card ................................................................................................. 41
8.3.1. Read the memory with protected bit ..................................................................................................... 41
8.3.2. Read the memory without protected bit ................................................................................................ 41
8.3.3. Write in the memory .............................................................................................................................. 42
Write in the protected memory .................................................................................................................. 42
8.4.1. Present code memory card (only SLE4428, SLE5528) ......................................................................... 43
8.4.2. Read presentation error counter memory card (only SLE 4428, SLE5528) .......................................... 43
How to access SLE SLE55/44_32 SLE55/44_42 card .............................................................................. 45
8.5.1. Read the memory .................................................................................................................................. 45
8.5.2. Get response Read protection memory.................................................................................................. 46
8.5.3. Update main memory ............................................................................................................................ 46
8.5.4. Write protection memory ...................................................................................................................... 47
8.5.5. Present Code memory (only SLE 4442, SLE5542) ............................................................................... 47
8.5.6. Read security memory (only SLE 4442, SLE5542) .............................................................................. 48
8.5.7. Get response Read security memory ..................................................................................................... 48
9. APPENDIX C. Example of Memory Flash or EEPROM configuration ............................................................. 49
10. APPENDIX D. TAG configuration ABC CORE CT1 .................................................................................... 50
11. REFERENCE DOCUMENT .......................................................................................................................... 51
12. TERMINOLOGY ........................................................................................................................................... 52
© ABC-Smartcard 2017 - copyright and all other rights reserved v / v
List of Figures Figure 1 Software module ............................................................................................................................................. 4 Figure 2 : Hardware implementation ............................................................................................................................ 5 Figure 3 : USB CCID protocol ...................................................................................................................................... 8
List of Tables
© ABC-Smartcard 2017 - copyright and all other rights reserved 1 / 58
1. PREFACE
This document provides information about the ABC Core-CT1 V3.xx-Smart Card Reader software. Refer to the ABC Core CT Technical Data Sheet for a detailed description of the ABC Core-CT1 V3.x.x-Based Reader hardware.
Audience This document is intended for anyone wishing to develop electronic systems using a smart card interface.
Conventions By default, a numeric is expressed in decimal. A hexadecimal number is followed by the h character. For example, the decimal value 13 expressed in hexadecimal becomes 0Dh
A byte B consists of eight bits b7b6b5b4b3b2b1b0: b7 is the most significant (the highest) bit and b0 the least significant (the lowest) bit:
One byte b7 b6 b5 b4 b3 b2 b1 b0
A string of bytes consists of n concatenated bytes B0B1….Bn-1: B0 is the most significant (the highest) byte and Bn-1 the least significant (the lowest) byte:
A string of n bytes B0 B1 B2 B3 B4 ……. Bn-1
Contact for Comments We welcome your feedback to help us provide high quality documentation. Contact us at:
E-mail [email protected] Postal ABC-Smartcard 9, Boulevard Grand Camp 13016 Marseille
FRANCE Please remember to quote the document reference, your job function and your company.
© ABC-Smartcard 2017 - copyright and all other rights reserved 2 / 58
2. OVERVIEW
This document describes the interface between the application and the ABC Core-CT1 V3.2.x-Smart Card Reader. The ABC Core-CT1 V3.2.x-Smart Card Reader, which consists of one programmed controller is designed to simplify the integration of smart card interfaces in electronic devices and it manages communication with ISO 7816 1-2-3-4 compatible smart cards. The Hardware is based on AT90SCRxxx chip family provided by Inside Secure. The software implements communication protocols for the host system (ABC Block Protocol or Transport Layer Protocol (TLP)) as well as protocols for synchronous and asynchronous smart cards. The communication interface between the host is set by default in USB mode CCID compliant to PC/SC. I2C, SPI, High Speed SPI (HSSPI) and Serial link are ready to use by option. Depending on the reader, the software may also manage hardware interfaces with, for instance, a display, a keypad or an external memory. The connection with the host system takes place via a serial asynchronous port at the Transistor-Transistor Logic (TTL) level. The ABC Core-C V3.2.x-Based Reader is certified WHQL (Plug & Play and PC/SC) and allows for EMV-compliant developments. The reader can be used in two different modes:
Generic operating mode (ISO 7816 and synchronous smart card)
I2C Secure Element Device
EMV-compliant EMVco L1 v4.3 mode (http://www.emvco.com)
The Set Operating Mode command is used to switch from one mode to an other.
Among asynchronous commands, some are used in generic operating mode, while others are used in the EMV-compliant mode. Note: Before an EMV-compliant asynchronous command can be
used, the operating mode must have been set accordingly using the Set Operating Mode command.
© ABC-Smartcard 2017 - copyright and all other rights reserved 3 / 58
3. ABC CORE-CT1 CHIPSET INFORMATION
The Command Layer
The command layer handles and interprets the standard ABC Core-CT1 based on CCID Bulk OUT / Bulk IN commands.
The Transport Layer The Transport layer depends on ABC CORE version and implemented options. It can be UART, SPI, HSSPI, I2C. By default, USB PC/SC CCID layer is implemented. The USB Layer is fully compliant with USB Specifications V2.0 High Speed available on the USB website www.usb.org
Smart Card Protocols Supported The following smart card protocols are supported:
Asynchronous smart card: T=0 and T=1 with PTS management
Synchronous smart card
I2C Secure Element
Smart Card Electrical Interface Management The main features of the smart card electrical interface are as follows:
Monitoring of smart card power supply: 1,8V, 3V or 5V
Short-circuit detection
Controlled power up/down sequence for high signal integrity on the card I/O and signal lines
Automatic power off when the card is removed
ESD protection on card pins (6KV, human body model)
Power Supply The ABC CORE CT1 chipset is seen as a low power-consumption device by the USB (consumption <100 mA) with a bus powered from 3V to 5.25V.
© ABC-Smartcard 2017 - copyright and all other rights reserved 4 / 58
4. ABC CORE-CT1 CONFIGURATION
SOFTWARE ARCHITECTURE
The software is organized in modules
Figure 1 Software module
© ABC-Smartcard 2017 - copyright and all other rights reserved 5 / 58
HARDWARE IMPLEMENTATION
Figure 2 : Hardware implementation
HOST COMMUNICATION PROTOCOL
By default, communication with the HOST is set in USB High speed 2.0. The communication protocol is PC/SC CCID The following related documents are available from www.usb.org:
Universal Serial Bus Specification 2.0 (also referred to as the USB specification), April 27, 2000
Universal Serial Bus Device Common Class Specification 1.0, December 16, 1997
Universal Serial Bus Device Class : Smart Card CCID Specification for Integrated Circuit(s) Cards Interface Devices, Revision 1.1, April 22, 2015
Other HOST communication modules are available on demand
COM_SERIAL
COM_SPI
COM_HSSPI
COM_I2C
© ABC-Smartcard 2017 - copyright and all other rights reserved 6 / 58
USB_COM
Firmware Version ABC_CORE_CT1: v3.2.x, v3.4.x,
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
ABC_CORE connects to HOST computer through USB, as specified in the USB Specification 2.0. ABC_CORE works in full speed mode, i.e. 12Mbps.
ABC_CORE_CT1 is compliant with CCID class and Microsoft driver need to be installed on host computer.
ABC_CORE uses the following endpoints to communicate with the host.
For the detail of CCID command supported by ABC CORE CT1 see [CCID Protocol]
Control Endpoint : for setup and control purpose
Bulk OUT : For command to be sent from Host (CCID packet size 64 bytes)n to ABC CORE CT1 Chipset
Bulk IN : For response to be sent from ABC CORE CT1 Chipset to Host (CCID packet size 64 bytes)
Interrupt IN : For card status message sent by ABC CORE CT1 Chipset to Host (CCID interrupt 2 bytes)
COM_SERIAL_CCID
Firmware Version ABC_CORE_CT1: v3.2.8 ->
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H*
ABC CORE CT1 connects to the HOST through different serial link (UART, SPI, HSSPI, I2C) This module manages a serial transport layer independently of the physical link for full compatibility to USB_CCID link. The frame are similar to USB CCID frame with the addition of a prologue field, and an epilogue field
Prologue field Information Field Epilogue field
Key CCID command or proprietary command EDC
1 byte 10 bytes + n Bytes 1 byte
EDC computation is an XOR over the prologue and information fields, Epilogue is excluded from computation Each Prologue field Key is associate to a physical serial link, and a request/response frame. By default the key matrix is:
UART SPI HSSPI I2C Comments
CCID Command/ Response EAh DAh CAh Bah See [CCID protocol]
Specific Request ECh DCh CCh BCh See : [Specific request]
System request EBh DBh CBh BBh See : [System request]
Event Error EEh DEh CEh BEh See [Event Error]
Event report EF DFh CFh BFh See [Event report]
© ABC-Smartcard 2017 - copyright and all other rights reserved 7 / 58
The key matrix is stored in EEPROM configuration area (see [EEPROM CONFIG serial CCID]) If a key in the matrix equals to 00h or FFh the request/response in physical link is not supported. If the key matrix is filled by 00h in EEPROM or not present in configuration area then the USB CCID is active.
COM_UART
Firmware Version ABC_CORE_CT1: Not implemented in this version.
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
COM_SPI
Firmware Version ABC_CORE_CT1: Not implemented in this version
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD,
COM_HSSPI
Firmware Version ABC_CORE_CT1: Not implemented in this version
Hardware Version AT90SCR: 200LHS, 200H
COM_I2C
Firmware Version ABC_CORE_CT1: Not implemented in this version
Hardware Version AT90SCR: 200H
© ABC-Smartcard 2017 - copyright and all other rights reserved 8 / 58
CCID COMMUNICATION PROTOCOL
Firmware Version ABC_CORE_CT1:3.2.x, 3.4.x
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
Independently of the physical link with the Host by USB or Serial (I2C, SPI, HSSPI, UART), the communication protocol layer stay the same. By default, the HOST is Master and ABC CORE CT1 is Slave. The Host sends a Bulk-OUT command and the ABC CORE CT1 send back a response with Bulk-IN Response. When an event is detected by ABC CORE CT1 an asynchronously Interrupt IN message is sent to the Host.
Figure < 3 > xxxxxxx
4.10.1. Interrupt-IN messages
The Interrupt-IN message may occur asynchronously and outside the context of a command-response exchange between Host and ABC CORE CT1. The message is composed of 2 bytes.
With:
Message ID CCID Command Name Supported
0x50
RDR_to_PC_NotifySlotChange Yes
Data message
02h - Event card movement , card not present
03h - Event card movement, card present
0x51 RDR_to_PC_HardwareError No
Message ID (1 byte) Data Message (1 Byte)
Figure 3 : USB CCID Protocol
© ABC-Smartcard 2017 - copyright and all other rights reserved 9 / 58
4.10.2. Bulk-OUT messages - Reader commands Bulk-OUT message is sent by the Host to ABC CORE CT1. This section describes the ABC Core-C V3.x.x -Based Reader commands. For each command it indicates:
The function it performs
The syntax of command
The data returned
PC_to_RDR_PowerOn The PC_to_RDR_PowerUp command makes the ICC power up and send back is ATR value
Offset Field Size Value Description
0 bMessageType 1 62h Power Up command
1 dwLength 4 00000000h Message-specific data length
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 bPowerSelect 1 01h, 02h, 03h Voltage that applied to the ICC
01h – 5.0 Volts
02h – 3.0 Volts
03h – 1.8 Volts
8 abRFU 2 Reserved for Future Use
The response to this command is the RDR_to_PC_DataBlock response message and the data returned is the Answer To Reset (ATR). RDR_to_PC_DataBlock could return any of the following errors.
bmICCStatus bmCommandStatus bError Description
2 1 5 bSlot does not exit
2 1 ICC_Mute No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
1 1 7 bPowerSelect error (not supported)
1 1 XFR_PARITY_ERROR Parity error on ATR
1 1 ICC_MUTE ICC mute (Time out)
1 1 BAD_ATR_TS Bad TS in ATR
1 1 BAD_ATR_TCK Bad TCK in ATR
© ABC-Smartcard 2017 - copyright and all other rights reserved 10 / 58
PC_to_RDR_PowerOff The PC_to_RDR_PowerOff command makes the ICC power off.
Offset Field Size Value Description
0 bMessageType 1 63h Power Off command
1 dwLength 4 00000000h Message-specific data length
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
8 abRFU 3 Reserverd for Future Use
The response to this command is the RDR_to_PC_SlotStatus message. RDR_to_PC_SlotStatus could return any of the following errors.
bmICCStatus bmCommandStatus bError Description
2 1 5 bSlot does not exit
PC_to_RDR_GetSlotStatus The command PC_to_RDR_GetSlotStatus checks the slot ICC status.
Offset Field Size Value Description
0 bMessageType 1 65h Get Slot Status Command
1 dwLength 4 00000000h Message-specific data length
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
8 abRFU 3 Reserved for Future Use
The response to this command is RDR_to_PC_SlotStatus message. RDR_to_PC_SlotStatus could return any of the following error.
bmICCStaus bmCommandStatus bError Description
2 1 5 bSlot does not exit
2 1 ICC_MUTE No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
© ABC-Smartcard 2017 - copyright and all other rights reserved 11 / 58
PC_to_RDR_XfrBlock The command PC_to_RDR_XfrBlock sends data to ICC.
Offset Field Size Value Description
0 bMessageType 1 6Fh Send Data to ICC Command
1 dwLength 4 Size of abData field of this message LSB First
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 bBWI 1 00-FFh
Used to extend the CCIDs Block Waiting Timeout
for this current transfer. The CCID will timeout the
block after “this number multiplied by the Block
Waiting Time” has expired.
8 wLevelParameter 2 0000h TPDU Level, RFU ,=0000h Use
10 abData * ICC byte array data Data block send to the CCID.
* For reference, the absolute maximum block size for a TPDU T=0 block is 260 bytes (5 byte command; 255 bytes data), or for a TPDU T=1 block is 259 bytes.
.
bmICCStaus bmCommandStatus bError Description
2 1 5 bSlot does not exit
2 1 ICC_Mute No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
0 1 XFR_PARITY_ERROR Parity error
0 1 XFR_OVERRUN ICC over run
0 1 ICC_MUTE ICC mute (Time out)
PC_to_RDR_GetParameters
The command PC_to_RDR_GetParameters check the slot ICC status.
Offset Field Size Value Description
0 bMessageType 1 6Ch Get Parameter ICC Command
1 dwLength 4 00000000h Message-specific data length
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
8 abRFU 3 Reserved for Future Use
The response to this command is the RDR_to_PC_Parameters message. RDR_to_PC_Parameters could return any of the following errors.
bmICCStaus bmCommandStatus bError Description
2 1 5 bSlot does not exit
2 1 ICC_MUTE No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
© ABC-Smartcard 2017 - copyright and all other rights reserved 12 / 58
PC_to_RDR_ResetParameters
The command PC_to_RDR_ResetParameters restore default ICC slot parameters.
Offset Field Size Value Description
0 bMessageType 1 6Dh Reset Parameter ICC Command
1 dwLength 4 00000000h Message-specific data length
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
8 abRFU 3 Reserved for Future Use
The response to this command is the RDR_to_PC_Parameters message. RDR_to_PC_Parameters could return any of the following error.
bmICCStaus bmCommandStatus bError Description
2 1 5 bSlot does not exit
2 1 ICC_MUTE No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
PC_to_RDR_SetParameters The command PC_to_RDR_SetParameters is used to change the parameters of a given slot.
Offset Field Size Value Description
0 bMessageType 1 61h Set Parameter ICC Command
1 dwLength 4 Message-specific data length, LSB First
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 bRFU 1 00h,
01h
Specifies which protocol data structure follows
00h = Structure for protocol T=0
01h = Structure for protocol T=1
The following value are reserved for synchronous card (fu-
ture use).
80h = Structure for 2-wire protocol
81h = Structure for 3-wire protocol
82h = Structure for I2C protocol
8 abRFU 2 Reserved for Future Use
10 abProtocolData-
Structure
Byte ar-
ray Protocol Data Structure
© ABC-Smartcard 2017 - copyright and all other rights reserved 13 / 58
Protocol Data Structure for Protocol T=0 (bProtocolNum=0) (dwLength=00000005h)
Offset Field Size Value Description
10 bmFindexDin-
dex 1
B7-4 – FI – Index into the table 7 in ISO/IEC7816-3 Selecting a
clock rate conversion factor
B3-0 – DI – index into the table 8 in ISO/IEC7816-3:1997 Select-
ing a baud rate conversion factor.
11 bmTCCKST0 1 00h,02h
For T=0, B0-0b, B7-2 -00000000b
B1- Convention used (b1=0 for direct, b1=1 for inverse)
Note the CCID ignores this bit, its value is determined by first
bytes of the ICC’s ATR data. It is here as a placeholder so the
same data structure can be used for the PC_to_RDR_SetParam-
eter and the RDR_to_PC_GetParameters message. This field is
intended to be compatible with parameter rr in table 2-6 of part 4
of the PCSC specification.
12 BGuard-
TimeT0 1 00-FFh
Extra Guard time between two characters. Add 0 to 254 etu to the
normal guard time of 12 etu. FFh is the same as 00h
13 bWaitingInte-
gerT0 1 00-FFh WI for T=0 used to defined WWT
14 bClockStop 1 00h Not managed (Future use)
Protocol Data Structure for Protocol T=1 (bProtocolNum=1) (dwLength=00000007h)
Off-
set Field Size Value Description
10 bmFindexDin-
dex 1
B7-4 – FI – Index into the table 7 in ISO/IEC7816-3 Selecting a clock rate
conversion factor
B3-0 – DI – index into the table 8 in ISO/IEC7816-3:1997 Selecting a baud
rate conversion factor.
11 bmTCCKST1 1
10h,
11h,
12h,
12h
For T=1, B7-2b, B7-2 -000100b
B0 – Checksum used (b0=0 for LRC, b0=1 for inverse)
B1- Convention used (b1=0 for direct, b1=1 for inverse)
Note the CCID ignores this bit, its value is determined by first bytes of the
ICC’s ATR data. It is here as a placeholder so the same data structure
can be used for the PC_to_RDR_SetParameter and the
RDR_to_PC_GetParameters message. This field is intended to be com-
patible with parameter rr in table 2-6 of part 4 of the PCSC specification.
12 BGuard-
TimeT1 1
00-
FFh
Extra Guard time (0 to 254 etu between two characters). If value is FFh,
the guard time is reduced by 1 etu.
13 bmWaitingIn-
tegerT1 1
00-
9Fh
B7-4 = BWI value 0-9 valid
B3-0 = CWI value 0-Fh valid
14 bClockStop 1 00h Not manage (Future use)
15 bISFC 1 FDh Size of negotiated IFSC
© ABC-Smartcard 2017 - copyright and all other rights reserved 14 / 58
Other Protocol Data structure for “2wire” protocol (bProtocolNum=80h), “3-Wire” protocol (bProtocolNum=81h), and “I2C” protocol (bProtocolNum=82h) have not been defined yet. The response to this command is the RDR_to_PC_Parameters message. RDR_to_PC_Parameters could return any of the following error.
bmIC-
CStaus
bmCommand-
Status bError Description
2 1 5 bSlot does not exit
2 1 ICC_MUTE No ICC present
1 1 HW_ERROR Hardware Error (ICC short circuit)
0 1 0 Command not supported
0 1 7 Protocol invalid or not supported
0 1 10 FI – DI pair invalid or not supported
0 1 11 Invalid TCCKTS parameter
0 1 12 Guard time not supported
0 1 13 T=0 WI invalid or not supported
T+1 BWI or CWI invalid or not supported
0 1 14 Clock stop support requested invalid or not sup-
ported
0 1 15 IFSC size invalid or not supported
0 1 16 NAD value invalid or not supported
PC_to_RDR_Escape The command allows the CCID manufacturer to define and access extended features information sent via this command is processed by the CCID control logic.
Offset Field Size Value Description
0 bMessageType 1 6Bh Send Data to Reader
1 dwLength 4 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 abData 3 Data block sent to the CCID
10 AbData Byte array Data block see ABC_CORE_1 proprietary command.
The response to this command is the RDR_to_PC_Escape message. RDR_to_PC_Escape could return any of the following errors.
bmIC-
CStaus
bmCommand-
Status bError Description
2 1 5 bSlot does not exit
0 1 0 Command not supported
0 1 Manufacturer
Specific
Manufacturer Specific Error Condition
See the specific function for the specific error
code
© ABC-Smartcard 2017 - copyright and all other rights reserved 15 / 58
4.10.3. Response Pipe, Bulk-IN Messages
The Bulk-IN message is send by the Reader to the ABC CORE CT1. This section describes the ABC CORE CT1 V3.x.x -Based Reader commands. For each command the response message is described in the followings section
The function it performs
The syntax
The data it returns
Message Name bMessageType Command Message
RDR_to_PC_DataBlock 80h PC_to_RDR_IccPowerOn
PC_to_RDR_XfrBlock
RDR_to_PC_SlotStatus 81h PC_to_RDR_IccPowerOff
PC_to_RDR_GetSlotStatus
RDR_to_PC_Parameters 82h
PC_to_RDR_GetParameters
PC_to_RDR_ResetParameters
PC_to_RDR_SetParameters
RDR_to_PC_Escape 83h PC_to_RDR_Escape
RDR_to_PC_DataBlock Response from ABC CORE CT1 to the following command messages: PC_to_RDR_IccPowerOn and PC_to_RDR_XfrBlock For PC_to_RDR_IccPowerOn the message is the Answer To Reset (ATR) data associated with ICC power on. In Other cases, the response message contain the optional data return by the ICC, followed by the 2 bytes status words SW1-SW2.
Off-
set Field Size Value Description
0 bMessageType 1 80h Indicates that data block is sent from CCID.
1 dwLength 4 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT mes-
sage
Sequence number for the corresponding com-
mand.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bChainParame-
ter 1 RFU = 00h
10 abData Byte
Array This field contains the data return by the ICC
© ABC-Smartcard 2017 - copyright and all other rights reserved 16 / 58
RDR_to_PC_SlotStatus
Response from ABC CORE CT1 to the following command messages: PC_to_RDR_IccPowerOff and PC_to_RDR_GetSlotStatus
Off-
set Field Size Value Description
0 bMessageType 1 81h Indicates message slot Status
1 dwLength 4 00000000h Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT mes-
sage
Sequence number for the corresponding com-
mand.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bClockStatus 1 RFU = 00h
RDR_to_PC_Parameters
Response from ABC CORE CT1 to the following command messages: PC_to_RDR_GetParameters, PC_to_RDR_ResetParameters and PC_to_RDR_SetParameters
Off-
set Field Size Value Description
0 bMessageType 1 81h Indicates message slot Status
1 dwLength 4 00000000h Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT
message Sequence number for the corresponding command.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bProtocolNum 1 00h, 001h
Specified which protocol data structure follows. 00h =
Structure for protocol T=0
01h = Structure for protocol T=1
The following value are reserved for future use.
80h = Structure for 2 wire protocol
81h = Structure for 3 wire protocol
82h = Structure for I2C protocol
10 abProtocolData-
Structure
Byte
Array Protocol Data Structure
© ABC-Smartcard 2017 - copyright and all other rights reserved 17 / 58
Protocol Data Structure for Protocol T=0 (bProtocolNum=0) (dwLength=00000005h)
Off-
set Field Size Value Description
10 bmFindexDin-
dex 1
B7-4 – FI – Index into the table 7 in ISO/IEC7816-3 Selecting a clock
rate conversion factor
B3-0 – DI – index into the table 8 in ISO/IEC7816-3:1997 Selecting a
baud rate conversion factor.
11 bmTCCKST0 1 00h,02h
For T=0, B0-0b, B7-2 -00000000b
B1- Convention used (b1=0 for direct, b1=1 for inverse)
Note the CCID ignores this bit, its value is determined by first bytes of th
ICC’s ATR data. It is here as a placeholder so the same data structure
can be used for the PC_to_RDR_SetParameter and the
RDR_to_PC_GetParameters message. This field is intended to be com-
patible with parameter rr in table 2-6 of part 4 of the PCSC specification.
12 BGuard-
TimeT0 1 00-FFh
Extra Guard time between two characters. Add 0 to 254 etu to the normal
guard time of 12 etu. FFh is the same as 00h
13 bWaitingInte-
gerT0 1 00-FFh WI for T=0 used to defined WWT
14 bClockStop 1 00h Not managed (RFU)
Protocol Data Structure for Protocol T=1 (bProtocolNum=1) (dwLength=00000007h)
Off-
set Field Size Value Description
10 bmFindexDin-
dex 1
B7-4 – FI – Index into the table 7 in ISO/IEC7816-3 Selecting a clock rate
conversion factor
B3-0 – DI – index into the table 8 in ISO/IEC7816-3:1997 Selecting a baud
rate conversion factor.
11 bmTCCKST1 1
10h,
11h,
12h,
12h
For T=1, B7-2b, B7-2 -000100b
B0 – Checksum used (b0=0 for LRC, b0=1 for inverse)
B1- Convention used (b1=0 for direct, b1=1 for inverse)
Note the CCID ignores this bit, its value is determined by first bytes of the
ICC’s ATR data. It is here as a placeholder so the same data structure
can be used for the PC_to_RDR_SetParameter and the
RDR_to_PC_GetParameters message. This field is intended to be com-
patible with parameter rr in table 2-6 of part 4 of the PCSC specification.
12 BGuard-
TimeT1 1
00-
FFh
Extra Guard time (0 to 254 etu between two characters). If value is FFh,
the guard time is reduced by 1 etu.
13 bmWaitingInte-
gerT1 1
00-
9Fh
B7-4 = BWI value 0-9 valid
B3-0 = CWI value 0-Fh valid
14 bClockStop 1 00h Not manage (Future use)
15 bISFC 1 FDh Size of negotiated IFSC
Other Protocol Data structure for “2wire” protocol (bProtocolNum=80h), “3-Wire” protocol (bProtocolNum=81h), and “I2C” protocol (bProtocolNum=82h) have not been defined yet.
© ABC-Smartcard 2017 - copyright and all other rights reserved 18 / 58
RDR_to_PC_Escape Response from ABC CORE CT1 to the following command messages: PC_to_RDR_Escape
Off-
set Field Size Value Description
0 bMes-
sageType 1 83h Indicates that data block is being sent from CCID.
1 dwLength 4 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT mes-
sage
Sequence number for the corresponding com-
mand.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bRFU 1 RFU = 00h
10 abData
Byte
Ar-
ray
This sent to the reader ABC_CORE C1 return
© ABC-Smartcard 2017 - copyright and all other rights reserved 19 / 58
Slot Error and Slot Status Reports in Bulk-IN message Each Bulk-IN Message contains the value Slot Error and Slot Status registers.
bError
Error Code Error Name Possible Causes
Decimal Binary
-1 FFh CMD_ABORTED Host aborted the current activity
-2 FEh ICC_MUTE Reader timeout while talking to the ICC
-3 FDh XFR_PARITY_ERROR Parity error talking to the ICC
-4 FCh XFR_OVERRUN Overrun error while talking to the ICC
-5 FBh HW_ERROR An hardware error occurred, ICC over current…
-8 F8h BAD_ATR_TS Bad TS in ATR
-9 F7h BAD_ATR_TCK
-10 F6h ICC_PROTOCAL_NOT SUP-
PORT
-11 F5h ICC_CLASS_NOT_SUPPORT
-12 F4 PROCEDURE_BYTE_CON-
FLICT
bSlotStatus
Offset Field Size Value Description
0 bmICCStatus 2 bit 00b, 01b,
10b
00b – An ICC is present and active (power is on and stable, RST
is inactive,
01b – An ICC is present and inactive (not activated or shut down
by hardware error)
10b – No ICC is present
11b – RFU
2 bmRFU 4 bit 0000h 0000h RFU
6 bmCom-
mandStatus
2
bits
00b, 01b,
10b
00b – Processed without error
01b – Failed (error code by the bError register
10b – Time Extension is requested
11b – RFU
A bmCommandStatus field set to 0 indicate that the command was processed without error. A bmCommandStatus field set to 1 indicate that the command process failed, the slot error register is set with a signed 8 bit value. A bmCommandStatus field set to 2, indicate that a Time Extension is requested, then the slot error register contains the multiplier value BWT the protocol is T=1 or the multiplier value of WWT when protocol is T=0.
© ABC-Smartcard 2017 - copyright and all other rights reserved 20 / 58
4.10.4. List of supported functions by ABC CORE CT1 version
D Default: The function is implemented in the firmware and activated into default configuration.
S Setting: The function is implemented in the firmware, but it’s
possible to enable/disable it by specific command at warm running
F Flash: The function is implemented in the firmware but it’s
possible to enable/disable it by flash programming cold setting
E External EEPROM. The function is present in the firmware
and it’s possible to activate it with external memory P Pin: the function is present in the firmware and they can be
activated by connecting the corresponding pin to the ground cold setting
C C: The function is not implemented in the firmware but it’s
possible to add in the specific custom build.
Function / module Firmware Version
AT90SCRxxx Comment
060 075L 075H 200LSD 200LHS 200H
COM_USB_CCID 323 -> …
34x D D D D D D
COM_SERIAL 34x C C C F F F
COM_SPI 34x C C C F - -
COM_HSSPI 34x C C C - F F
COM_I2C 34x C C C - - F
TPDU_MOD 323 -> … D CSE CSE D D D
APDU_MOD 323->326
34x CSE CSE CSE
C FS
C FS
C FS
EMV_MOD 323->326
34x CSE CSE CSE
C FS
C FS
C FS
LED 323->325
326 -> C C C
- D
- D
D
D
See LED management
chapter
Synchronous card
323->325 326 34X
C C C D C FS
D C FS
D C FS
See Chapter Custom C01
SE I2C 326 C C C - - C See SE I2C
chapter
© ABC-Smartcard 2017 - copyright and all other rights reserved 21 / 58
4.10.5. Reader based Proprietary commands
The ABC Core-C V3.2.x-Based Reader are different module and setting configuration commands are used to define the reader settings. Each module is described in the following pages
LED Management
AT90SCR 060 075 200LSD 200LHS SCR200H Remarque
Pin output drive current
PC4(12),PC5(4
)
PC4(12),PC5(4)
PC2 PC2 PC2, PC3, PC4,PC5
V3.2.3
LED0= PA6,
LED1 = PA5
LED2 = PA4
LED3 = PA7
LED0 = indication device operational
LED1 = indication smartcard power
LED2 = indication power
LED3 = on demand
V3.2.4
V3.2.5
V3.2.6 LED0 = PC2 LED0 = multi indication
V3.40 LED0 = PC2 LED0 = multi indication
LED0
LED0 mode: indication device operational
State Indication Description
OFF Initial state No power, or not connected to the driver
ON Operational device
The device are power on,
The HOST are correctly connect to the reader by the UDB CCID DRIVER,
device ready
LED0 mode: multi indication
State Indication Description
OFF Initial state No power, or not connected to the host
Blink 2sec Operational de-
vice
The device are power on,
The HOST are correctly connect to the reader by the UDB CCID DRIVER
ON fix ICC power ON The ICC are switch on by the HOST with success
Blink Quickly ICC communicate The ICC exchange the data with the HOST
© ABC-Smartcard 2017 - copyright and all other rights reserved 22 / 58
LED1
LED2 mode: ICC indication
State Indication Description
Blink 2sec ICC power off Card unpowered
ON ICC power on Card powered
LED2
LED2 mode: indication device power
State Indication Description
OFF Power off Device unpowered or hardware error
ON Power on Device powered
LED3
LED3 mode: on demand…
State Indication Description
© ABC-Smartcard 2017 - copyright and all other rights reserved 23 / 58
Switch to bootloader for firmware upgrade Firmware Version ABC_CORE_CT1: v3.2.x
Hardware Version AT90SCR: 200LSD, 200LHS, 200H
1 - Restore the bootloader by sending an Escape Command with data command equals to 04h
Offset Field Size Value Description
0 bMes-
sageType 1 6Bh Send Data to Reader
1 dwLength 4 00000001h Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 abData 3 Data block sent to the CCID
10 abData Byte ar-
ray 04
Restore bootloader command see ABC_CORE_CT1 proprietary
command.
The response to this command is the RDR_to_PC_Escape message. RDR_to_PC_Escape could return any of the following errors.
bmIC-
CStaus
bmCommand-
Status bError Description
2 1 5 bSlot does not exit
0 1 0 Command not supported
0 1 Manufacturer Spe-
cific
Manufacturer Specific Error Condition
See the specific function for the specific error
code
The CCID response is:
Offset Field Size Value Description
0 bMes-
sageType 1 83h Indicates that data block is being sent from CCID.
1 dwLength 4 00000001 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT
message Sequence number for the corresponding command.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bRFU 1 RFU = 00h
10 abData
Byte
Ar-
ray
04h Restore bootloader command see ABC_CORE_CT1
proprietary command
To send Escape Commands under Microsoft Environment see: http://msdn.microsoft.com/en-us/library/windows/hardware/gg487509.aspx 2 – Reboot the reader 3 - Download the new firmware
© ABC-Smartcard 2017 - copyright and all other rights reserved 24 / 58
Start embedded EMV Loopback Firmware Version ABC_CORE_CT1: v3.2.x
Hardware Version AT90SCR: 200LSD, 200LHS, 200H
Start the internal EMVCo loopback by sending an Escape Command with data command equals to 55h. The EMVCo loopback will run continuously, any further command sent to reader will be ignored until the device has been rebooted.
Offset Field Size Value Description
0 bMes-
sageType 1 6Bh Send Data to Reader
1 dwLength 4 00000001h Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 abData 3 Data block sent to the CCID
10 AbData Byte ar-
ray 55h
Command proprietary ABC CORE CT1 START EMV l LOOP-
BACK
The response to this command is the RDR_to_PC_Escape message. RDR_to_PC_Escape could return any of the following error:
bmIC-
CStaus
bmCommand-
Status bError Description
2 1 5 bSlot does not exit
0 1 0 Command not supported
0 1 Manufacturer Spe-
cific
Manufacturer Specific Error Condition
See the specific function for the specific error
code
The CCID response is:
Offset Field Size Value Description
0 bMes-
sageType 1 83h Indicates that data block is being sent from CCID.
1 dwLength 4 00000001 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT
message Sequence number for the corresponding command.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bRFU 1 RFU = 00h
10 abData
Byte
Ar-
ray
55 Command proprietary ABC CORE CT1 START EMV l
LOOPBACK
To send Escape Commands under Microsoft Environment see: http://msdn.microsoft.com/en-us/library/windows/hardware/gg487509.aspx
© ABC-Smartcard 2017 - copyright and all other rights reserved 25 / 58
Set APDU mode Firmware Version ABC_CORE_CT1: v3.2.x
Hardware Version AT90SCR: 200LSD, 200LHS, 200H
By default the ABC CORE CT1 works in TPDU mode. For a compliant EMV mode, the recommendation is to select the APDU mode for EMV cards. To switch to APDU MODE, send an Escape Command with data command equals to AAh.
Offset Field Size Value Description
0 bMessageType 1 6Bh Send Data to Reader
1 dwLength 4 00000001h Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 00-FFh Sequence number for command
7 abData 3 Data block sent to the CCID
10 AbData Byte array AAh Command proprietary ABC CORE CT1 SET_APDU_MODE
The response to this command is the RDR_to_PC_Escape message. RDR_to_PC_Escape could return any of the following error:
bmIC-
CStaus
bmCommand-
Status bError Description
2 1 5 bSlot does not exit
0 1 0 Command not supported
0 1 Manufacturer Spe-
cific
Manufacturer Specific Error Condition
See the specific function for the specific error
code
The CCID response is:
Off-
set Field Size Value Description
0 bMes-
sageType 1 83h Indicates that data block is being sent from CCID.
1 dwLength 4 00000001 Size of abData field of this message
5 bSlot 1 00h Identifies the slot number for this command
6 bSeq 1 Same as Bulk OUT mes-
sage Sequence number for the corresponding command.
7 bStatus 1 Status Slot (see status slot)
8 bError 1 Slot error register (see error code)
9 bRFU 1 RFU = 00h
10 abData
Byte
Ar-
ray
AAh Command proprietary ABC CORE CT1
SET_APDU_MODE
To send Escape Commands under Microsoft Environment see: http://msdn.microsoft.com/en-us/library/windows/hardware/gg487509.aspx
© ABC-Smartcard 2017 - copyright and all other rights reserved 26 / 58
Card Interface
4.11.1. Commands
The card interface commands manage the communication with smart cards Five groups of commands are defined:
Common card interface commands
Specific commands for asynchronous cards, generic ISO7816 operating mode
Specific commands for asynchronous cards, EMV-compliant operating mode
Specific commands for asynchronous cards in transparent mode, (RFU)
Specific commands for synchronous cards.
Common Card Interface Commands
Firmware Version ABC_CORE_CT1: v3.2.x,3.4.x
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
These commands are valid regardless of the selected type Common card interface commands are:
Each command is described in the following pages.
Command Description Parameter
PC_to_RDR_PowerOn Switch ON the ICC Voltage
PC_to_RDR_SetParameters Parameter T=0, T=1 Parameter, timeout, …
PC_to_RDR_XfrBlock TPDU exchange T0 in, TPDU T0 Out , T1 CLASS, IN, P1,P2
PC_to_RDR_PowerOff Switch OFF the ICC
© ABC-Smartcard 2017 - copyright and all other rights reserved 27 / 58
4.11.2. Specific Commands for Asynchronous Cards EMV-Compliant operating mode
Firmware Version ABC_CORE_CT1: v3.4.x
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
These commands behave specifically when the EMV-compliant mode is selected
Power Up – EMV-compliant
Exchange APDU – EMV-compliant
Card Status – EMV-compliant
Change Card Communication Parameters – Asynchronous cards
ISO Ouput – Asynchronous cards
ISO Input – Asynchronous cards When in EMV-compliant operating mode, the transparent type can be selected for a card. However, the card cannot be used because all commands are rejected See Appendix “A. Status Codes” for a description of status codes
© ABC-Smartcard 2017 - copyright and all other rights reserved 28 / 58
4.11.3. Specific commands for asynchronous Cards in Transparent Mode
Firmware Version ABC_CORE_CT1: Future use
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
These commands are designed for use with an asynchronous card in transparent mode (type = EFh or FFh). They have a specific behaviour: Commands that are valid in this mode are
Change Transparent Mode Parameters
Power Up – Transparent Mode
Exchange Block – Transparent Mode
Card Status – Transparent Mode
See “Appendix A. Status Codes” for a description of status codes
© ABC-Smartcard 2017 - copyright and all other rights reserved 29 / 58
4.11.4. Specific command for synchronous cards
Firmware Version ABC_CORE_CT1: 323 ->325 , v326 C01
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
The Synchronous card are activate when the reader received the commande PC_to_RDR_PowerUp with parameter bVoltage (5 Volt). The sequence Cold et Warm Reset in a asynchronous card are activate without success. The reader start the sequence power up for synchrous card by order. - 2 wire card, - 3 wire card, - I2C card
Command dedicated for synchronous card are identical to smart card in T=0. A command PC_to_RDR_SetParameter (with parameter bPtotocolNum=0) are processing. This process are automatics execute when the reader are connected in PC/SC HOST. TPDU command are ISO7816-4 compliant, the only difference is the CLA byte (0x00 for normal case and 0xFF for memory card). The command TPDU are pass by the command PC_to_RDR_XfrBlock Commands valid in this mode are:
Select card type – Synchronous Card
Read Binary
Get response
Write binary
© ABC-Smartcard 2017 - copyright and all other rights reserved 30 / 58
Select card type This command must be executed just after connection to the card with PC_to_RDR_PowerUp (with bVoltage= 5 Vollt). The command PC_to_RDR_XfrBlock. It’s a basic TPDU command with dedicated class byte (CLA) 0xFF. We need to fill parameter P1 and P2 to define card type and other parameter. This command can return up to 253 bytes.
TP_to_RDR_XfrBlock field AbData = CLA INS P1 P2
Where: CLA INS P1 P2 Are the five ISO-like header bytes. The
ISO header is interpreted by the ABC Core-Based Reader. CLA 0xFF INS 0xA4 P1:
b7 b6 b5 b4 b3 b2 b1 b0
Card Type Nb of addressable Bits
b7 b6 b5 b4 b3 b2 b1 b0 Comment
0 0 0 1 X X X X I2C
0 0 1 0 X X X X 2 wires
0 0 1 1 X X X X 3 wires
For I2C card
X X X X 0 0 0 1 7 bits
X X X X 0 0 1 0 7 bits
X X X X 0 0 1 1 7 bits
X X X X 0 1 0 0 7 bits
X X X X 0 1 0 1 7 bits
X X X X 0 1 1 0 7 bits
X X X X 0 1 1 1 7 bits
X X X X 1 0 0 0 7 bits
X X X X 1 0 0 1 7 bits
X X X X 1 0 1 0 7 bits
X X X X 1 0 1 1 7 bits
For 3 wires card
X X X X 0 0 0 0 SLE4418 SLE4428 SLE5528
P2:
b7 b6 b5 b4 b3 b2 b1 b0
Nb of page present Nb of byte / memory page
For I2C card
b7 b6 b5 b4 b3 b2 b1 b0 Comment
0 0 0 1 X X X X 16
0 0 1 0 X X X X 32
0 0 1 1 X X X X 64
© ABC-Smartcard 2017 - copyright and all other rights reserved 31 / 58
0 1 0 0 X X X X 128
0 1 0 1 X X X X 256
0 1 1 0 X X X X 512
For 3 wires card
X X X X 0 0 0 1 8
X X X X 0 0 1 0 16
X X X X 0 0 1 1 32
X X X X 0 1 0 0 64
X X X X 0 1 0 1 128
X X X X 0 1 1 0 256
Response Responses to commands are received a RDR_to_PC_DataBlock in the
following format. RDR_to_PC_DataBlock field abData
Body Trailer
Data SW1, SW2
The body is optional and holds any data returned by the card. The trailer includes the following two mandatory bytes: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 32 / 58
Read binary This command reads data from a memory card the T=0 ISO Out format. The command are transmit with PC_to_RDR_XfrBlock. This command can return up to 253 bytes.
PC_to_RDR_XfrBlock with field abData = CLA INS P1 P2 LN
Where: CLA INS P1 P2 LN Are the five ISO-like header bytes. The
ISO header is interpreted by the ABC Core-Based Reader CLA 0xFF INS
b7 b6 b5 b4 b3 b2 b1 b0 Comment
1 0 1 1 0 0 0 0 I2C1
1 0 1 1 0 0 0 1 I2C2
1 0 1 1 0 0 1 0 3 wires3
1 0 1 1 0 0 1 1 3 wires4
P1: First byte of address P2: Second byte of address LN: Length of data to read (≤ 0xFD)
For example, to read a memory card with 256 bytes of memory, you can fill an address between 0 and 0xFF. The maximum length of data read is 253 (0xFD). To read a card with 17 bits (address 0x01ABCD)
INS byte will contains the 17th bits (0xB0 | 0x01),
P1 will contains 0xAB
and P2 will contains 0xCD
Responses to commands are received a RDR_to_PC_DataBlock in the following format. The field abData contain
<data> SW1 SW2
Where: <data> Is the data returned by the card. If a smart card error or ABC Core-C V3.2.3- Based Reader error is detected (S<>0 and S<>E7h), the ABR does not return any data. The card may return any number of bytes up to LN.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1: 0x61 SW2: Lc if no error, need to execute GetResponse command
1 Card with address between 7 and 16 bits (2 bytes max) 2 Card with 17 addressable bits (example with AT24C1024) 3 Card without protection 4 Card with protection
© ABC-Smartcard 2017 - copyright and all other rights reserved 33 / 58
Get Response
This command retrieve data of the memory card after executed successfully the READ BINARY command. PC_to_RDR_XfrBlock with field abData = CLA INS P1 P2 LN
Where: CLA INS P1 P2 LN Are the five ISO-like header bytes. The
ISO header is interpreted by the ABC Core-Based Reader CLA 0xFF INS 0xC0 P1 0x00 P2 0x00 LN Length of data expected (equal to the
length previously sent into READ BINARY)
Response <data> SW1 SW2
Where: <data> Is the data returned by the card. If a
smart card error or ABC Core-C V3.2.3- Based Reader error is detected (S<>0 and S<>E7h), the ABR does not return any data. The card may return any number of bytes up to LN.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 34 / 58
Write Binary
This command write data into the memory card, like for READ BINARY, it’s just necessary to fill the address of a card. For example for a memory card with 256 bytes of memory, you can fill an address between 0 and 0xFF. The maximum length of data read is 253 (0xFD). PC_to_RDR_XfrBlock with field abData = CLA INS P1 P2 LN < data>
Where: CLA INS P1 P2 LN Are the five ISO-like header bytes. The
ISO header is interpreted by the ABC Core-Based Reader CLA 0xFF INS 0xD0: For I2C card with address between 7 and 16 bits (2 bytes max) 0xD1: For I2C card with 17 addressable bits (example with AT24C1024) P1 First byte of address P2 Second byte of address LN Length of data to write (<= 0xFD) < Data > Represents the LN data bytes
transmitted to the card. The maximum length of the data is 253 bytes.
Responses to commands are received a RDR_to_PC_DataBlock in the following format.The field abData contain
Response SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 35 / 58
4.11.5. Specific commands for Secure Element SE I2C
Firmware Version ABC_CORE_CT1: 326 C02
Hardware Version AT90SCR: 060, 075L, 075H, 200LSD, 200LHS, 200H
The SE I2C Module are a custom module Secure Element I2C. The module name are C02 (Custom 02) When this custom module are on demand activate the other modules of communication with smartcard are disable (module TPDU, APDU, EMV, Synchronous card) PC_to_RDR_PowerUp with parameter bVoltage (5 Volt, 3 Volt or 1.8Volt) set the power to I2C chip in 3Volt. The reader start the sequence powerup, I2C Secure Element
Command dedicated for SE I2C are identical to smart card in T=0. A command PC_to_RDR_SetParameter (with parameter bPtotocolNum=0) are processing. This process are automatics execute when the reader are connected in PC/SC HOST. TPDU command are ISO7816-4 compliant, the only difference is the CLA byte (0x00 for normal case and 0xAC for SE I2C. The chip AT90SCR are the Master I2C and the SE are a slave with by I2C default address 50h The command TPDU are pass by the command PC_to_RDR_XfrBlock Commands valid in this mode are:
Read Binary
Write binary
Write Binary command Maximum of 255 bytes (0xFF) to write.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LE < data>
Where: CLA 0xAC INS 0xD0 P1: 0x00 P2: 0x00 LN Length Data <data> Date (LN)
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. Exemple Write Binary command 3 last bytes to write.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
© ABC-Smartcard 2017 - copyright and all other rights reserved 36 / 58
Where: CLA 0xAC
INS 0xD0 P1: 0x00 P2: 0x00 LN 0x03 < data> 0xFD, 0xFE, 0xFF
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to
specify an error. It is 00h if there is no error.
Read Binary command Maximum of 255 bytes (0xFF) to read.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LE
Where: CLA 0xAC INS 0xB0 P1: 0x00 P2: 0x00 LE LE are Length data Expected
Response <data (LE)> SW1 SW2
Where: <data> Byte0, Byte1, Byte2, ByteLE.
W1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 37 / 58
5. Update USB information by flash memory
Firmware Version ABC_CORE_CT1: v3.4.x
Hardware Version AT90SCR: 200LSD, 200LHS, 200H
By default, the reader contains USB information (deviceDescriptor) of Inside Secure. With a specific firmware, It will be possible to change these USB information. The possible parameter is:
The Vendor ID
The Product ID
The Manufacturer String
The Device Name For update these information, it’s necessary to connect an external flash memory that will contains a preformatted data structure. The use case is really simple, at reset state; the reader will try to detect an external memory flash. A dedicated structure will be filled with new USB information and a new USB DESCRIPTOR will be created. After updating, a flag will be erased into the external memory flash. The external memory flash need to fulfill a specific data structure, the principle used is the TLV (Tag Length Value). Tag 0x01: Update Flag Tag 0x02: Vendor ID Tag 0x03: Product ID Tag 0x04: Manufacturer String Tag 0x05: Device Name The advantages of the TLV are to have the possibility to add new parameter with different Tag value. You will find in Appendix C. an example of update by external memory flash.
© ABC-Smartcard 2017 - copyright and all other rights reserved 38 / 58
6. APPENDIX A. STATUS CODES
Each answer Message contains the value Slot Error and Slot Status registers.
bError
Error Code Error Name Possible Causes
Deci-
mal
Bi-
nary
-1 FFh CMD_ABORTED Host aborted the current activity
-2 FEh ICC_MUTE Reader timout while talking to the ICC
-3 FDh XFR_PARITY_ERROR Parity error talking to the ICC
-4 FCh XFR_OVERRUN Overrun error while talking to the ICC
-5 FBh HW_ERROR An hardware error occurred, ICC over current,…
-8 F8h BAD_ATR_TS Bad TS in ATR
-9 F7h BAD_ATR_TCK
-10 F6h ICC_PROTOCAL_NOT SUP-
PORT
-11 F5h ICC_CLASS_NOT_SUPPORT
-12 F4h PROCEDURE_BYTE_CON-
FLICT
bSlotStatus
Off-
set Field Size Value Description
0 bmICCStatus 2 bit 00b, 01b,
10b
00b – An ICC is present and active (power is on and sta-
ble, RST is inactive,
01b – An ICC is present and inactive (not activated or shut
down by hardware error)
10b – No ICC is present
11b – RFU
2 bmRFU 4 bit 0000h 0000h RFU
6 bmCommand-
Status
2
bits
00b, 01b,
10b
00b – Processed without error
01b – Failed (error code by the bError register
10b – Time Extension is requested
11b – RFU
Status Word
The following table contains possible erroneous Status Word returned by the AT90SCRxxx Reader.
Status Word Error description
0x6982 P1 or P2 equal 0 with command SelectCardType 0x6984 GetResponse executed before ReadBinary APDU 0x6985 Length of getResponse different from previous ReadBinary length
0x6A00 P1 or P2 different from specific value with command SelectCardType 0x6A81 Address to R/W Binary exceed max address byte 0x6A82 Data to R/W exceed the size of the card 0x6A83 R/W Binary command executed before SelectCardType APDU 0x6A87 Length exceed max frame size 0xFD (R/W Binary)
0x6A88 Bad APDU format (4 bytes for SelectCardType and min 5 bytes for R/W
Binary)
0x6D00 INS byte not supported 0x6E00 Bad CLA (different from 0xFF) 0x6F00 Unable to R/W to the card (processing error)
© ABC-Smartcard 2017 - copyright and all other rights reserved 39 / 58
7. APPENDIX B.
How to read I2C AT24C02 card
By default ATR for I2C cards is 0x3B, 0x04, 0x49, 0x32, 0x43, 0x2E This card contains 256 bytes of memory (32 pages of 8 bytes).
7.1.1. Select Card Type command
PC_to_RDR_XfrBlock abData= CLA INS P1 P2
Where: CLA 0xFF INS 0xA4 P1: 0x12 (I2C Card / 8 bits addressable) P2: 0x21 (32 pages / 8bits /page) Now we can read data from the card, in this example we will read 16 bytes at the address 0xF0.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF INS 0xB0 P1: 0x00 P2: 0xF0 LN 0x10
tp SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1: 0X61 SW2: 0x10
7.1.2. Get Response command
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF INS 0xC0 P1: 0x00 P2: 0x00 LN 0x10
RDR_to_PC_DataBlock abData= <data> SW1 SW2
Where: <data> Is the data returned by the card. The card may return any number of bytes up to LN.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 40 / 58
How to write to I2C AT24C1024 card
This card contains 131072 (0x020000) bytes of memory (512 pages of 256 bytes).
7.2.1. Select Card Type command
PC_to_RDR_XfrBlock abData= CLA INS P1 P2
Where: CLA 0xFF INS 0xA4 P1: 0x1B (I2C Card / 17 bits addressable) P2: 0x66 (512 pages / 256bits /page) Now we can write data into the card, 256 bytes at the address 0xFF00.
7.2.2. Write Binary command Maximum of 253 bytes (0xFD) to write.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF Details for addressing with INS byte:
INS P1 P2
Basic Command 0xD0 0x00 0x00
Address 0x01FF00 0x01 0xFF 0x00
Write Binary 0xD1 0xFF 0x00
INS 0xD1 P1: 0xFF P2: 0x00 LN 0xFD <data> 0x00 …..0xFC
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.2.3. Write Binary command 3 last bytes to write.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xD1 P1: 0xFF P2: 0x00 LN 0x03 < data> 0xFD, 0xFE, 0xFF
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 41 / 58
How to access SLE 4418 /SLE 4428 card
This card contains 131072 (0x020000) bytes of memory (512 pages of 256 bytes).
7.3.1. Read the memory with protected bit PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF
INS 0xB3 P1: MSB address. 0000 00A9A8 b is the memory address location of the memory card P2: LSB address. A7A6A5A4A3A2A1A0 B is the memory address location of the memory card LN Length of data to be read from the memory card (max allowable size is EC)
RDR_to_PC_DataBlock abData= <data1> <data2> SW1 SW2
Where: <data1> Is the data returned by the card.
<data2> PROT Bytes containing the 8 protections bits of the data 8 bytes.
The number “L” of protection bytes returned in the response is determined by the number N/8+1 of data bytes read from the card max as follows: L= 1 + INT (N/8) = 228 data bytes
PROT 0 to7 PROT 8 to 15 ….PROTN-8 to N
P0
P1
P2
P3
P4
P5
P6
P7
P8
P9
P10
P11
P12
P13
P14
P15
.
. … … … … … P
N
Px is the protection bit of BYTEx in the response data: ‘0’ byte is write protected ‘1’ byte can be written
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.3.2. Read the memory without protected bit PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF
INS 0xB2 P1: MSB address. 0000 00A9A8 b is the memory address location of the memory card. P2: LSB address. A7A6A5A4A3A2A1A0 B is the memory address location of the memory card LN Length of data to be read from the memory card (max allowable size is EC)
© ABC-Smartcard 2017 - copyright and all other rights reserved 42 / 58
RDR_to_PC_DataBlock abData= <data> SW1 SW2
Where: <data> Is the data returned by the card.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.3.3. Write in the memory
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xD2 P1: MSB address. 0000 00A9A8 b is the memory address location of the memory card. P2: LSB address. A7A6A5A4A3A2A1A0 B is the memory address location of the memory card LN Length of data to be writing to the memory card (max allowable size is EC) <data> Data to be written in the card.
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
Write in the protected memory
Each of the bytes specified in the command is internally in the card compared with the byte stored at the specified address and if the data matches, the corresponding protection bit is irreversibly programmed to ‘0’
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xD3 P1: MSB address. 0000 00A9A8 b is the memory address location of the memory card. P2: LSB address. A7A6A5A4A3A2A1A0 B is the memory address location of the memory card LN Length of data to be writing to the memory card (max allowable size is EC) <data> Data to be written in the card. Byte1 is compared with the data at byte address1; ByteN is compared with the data at (byte address + N -1)
© ABC-Smartcard 2017 - copyright and all other rights reserved 43 / 58
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.4.1. Present code memory card (only SLE4428, SLE5528) To submit the secret code to the memory card (to enable the write oper-ation with the SLE4428 card), the following actions are executed:
Search a ‘1’ bit in the presentation error counter and write the bit to ‘0’
present the specified code to the card
try to erase the presentation error counter
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF
INS 0x20 P1: 0x00 P2: 0x00 LN 0x02 <data> two bytes secret code PIN
RDR_to_PC_DataBlock abData= S SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1 0x63 SW2 0xxx. if Wrong PIN with xx number fail presentation. ERRCNT The value of the presentation error
counter after the code presentation CODE The two bytes secret code read from the
card. Warning: 8 max PIN presentation before lock the
SLE4428/SLE5528
7.4.2. Read presentation error counter memory card (only SLE 4428, SLE5528)
To read the presentation error counter for the secret code.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xB4 P1: 0x00
© ABC-Smartcard 2017 - copyright and all other rights reserved 44 / 58
P2: 0x00 LN 0x00
RDR_to_PC_DataBlock abData= <data> SW1 SW2
Where: <data> Is the data returned by the card.
ERRCNT is the value of the presentation error counter after the code presentation
DUMMY are three bytes dummy data read from the card.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 45 / 58
How to access SLE SLE55/44_32 SLE55/44_42 card
7.5.1. Read the memory PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF
INS 0xB5 P1: 0x00 P2: Address value 0x00 to 0xFF LN Length of data to be read from the memory card (max allowable size is EC)
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1: 0x61 SW2 0xLN if no error, need to execute GetResponse command Read the protected memory This command return 4 bytes, each bit at 0 means corresponding bytes (32 first memory bytes ) become locked.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF
INS 0xB6 P1: 0x00 P2: 0x00 LN 0x04
RDR_to_PC_DataBlock abData= <data> SW1 SW2
Where: <data> Is the data returned by the card.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1: 0x61 SW2 0x04 if no error, need to execute GetResponse command with 4 bytes expected
© ABC-Smartcard 2017 - copyright and all other rights reserved 46 / 58
7.5.2. Get response Read protection memory
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF INS 0xC0 P1: 0x00 P2: 0x00 LN 0x04
Response <data> SW1 SW2
Where: <data> Byte0, Byte1, Byte2, Byte3.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.5.3. Update main memory Before execute this command it’s necessary First to present PIN Code
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xD7 P1: 0x00 P2: Address to start writing process LN Length of data to write (<= 0xFD) <data> Data to be written in the card.
RDR_to_PC_DataBlock abData= S SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 47 / 58
7.5.4. Write protection memory Each of the bytes specified in the command is internally in the card compared with the byte stored at the specified address and if the data matches, the corresponding protection bit is irreversibly programmed to ‘0’.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xD8 P1: 0x00 P2: Address of byte to protect (0x00 to 0x1F) LN Length of data to protect (≤ 0x04) <data> Byte0, Byte1, Byte2, Byte3. For protect a
byte, it’s necessary to send the same value present into the card
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
7.5.5. Present Code memory (only SLE 4442, SLE5542) To submit the secret code to the memory card to enable the write opera-tion with the SLE55/4442 card. The following actions are executed:
search a ‘1’ bit in the presentation error counter and write the bit to ‘0’
present the specified code to the card
try to erase the presentation error counter
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0x21 P1: 0x00 P2: 0x00 LN 0x03 <data> Byte0, Byte1, Byte2. PIN Code to submit
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
© ABC-Smartcard 2017 - copyright and all other rights reserved 48 / 58
7.5.6. Read security memory (only SLE 4442, SLE5542) To read the presentation error counter for the secret code.
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN < data>
Where: CLA 0xFF INS 0xB7 P1: 0x00 P2: 0x00 LN 0x04
RDR_to_PC_DataBlock abData= SW1 SW2
Where: SW1 Status byte 1 is added by the ABR to
specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error. SW1: 0x61 SW2 0x04 if no error, need to execute GetResponse command with 4 bytes expected
7.5.7. Get response Read security memory
PC_to_RDR_XfrBlock abData= CLA INS P1 P2 LN
Where: CLA 0xFF INS 0xC0 P1: 0x00 P2: 0x00 LN 0x04
RDR_to_PC_DataBlock abData= <data> SW1 SW2
Where: <data> 0xNN, 0xFF, 0xFF, 0xFF.
SW1 Status byte 1 is added by the ABR to specify an error. It is 90h if there is no error. SW2 Status byte 2 is added by the ABR to specify an error. It is 00h if there is no error.
ERRCNT The value of the presentation error counter. DUMMY Three bytes dummy data read from the card
© ABC-Smartcard 2017 - copyright and all other rights reserved 49 / 58
8. APPENDIX C. Example of Memory Flash or EEPROM configuration
The following example presents the Tag Length Value for update USB Information The example below represents the flash process with information from ABC Smartcard. TAG 1 flag for notify if external memory already read TAG 2 Vendor ID TAG 3 Product ID TAG 4 Manufacturer String TAG 5 Device Name VID: 0x0ABC PID: 0x0CBA ManuString: abc-smartcard DeviceName: abcSmartcardReader Raw TLV Data (length 46 bytes):
Tag Length Value
01 01 01
02 02 0A BC
03 02 0C BA
04 0D 61 62 63 2D 73 6D 61 72 74 63 61 72 64
05 12 61 62 63 53 6D 61 72 74 63 61 72 64 52 65 61 64 65 72
NDEF Record (length 53 bytes): Header: D1 01 31 54 02 65 6E Raw TLV Data:
Tag Length Value
01 01 01
02 02 0A BC
03 02 0C BA
04 0D 61 62 63 2D 73 6D 61 72 74 63 61 72 64
05 12 61 62 63 53 6D 61 72 74 63 61 72 64 52 65 61 64 65 72
NDEFFormat for M24 Tag from STMicro (length 60 bytes) Header M24: E1 10 3C 00 03 35 Header NDEF: D1 01 31 54 02 65 6E Raw TLV Data:
Tag Length Value
01 01 01
02 02 0A BC
03 02 0C BA
04 0D 61 62 63 2D 73 6D 61 72 74 63 61 72 64
05 12 61 62 63 53 6D 61 72 74 63 61 72 64 52 65 61 64 65 72
End Of Record: FE
© ABC-Smartcard 2017 - copyright and all other rights reserved 50 / 58
9. APPENDIX D. TAG configuration ABC CORE CT1
This tag are store by default in flash code memory or rom code memory. If a tag code are present in EEPROM or external memory the value are use.
Tag Len Name Comments
01h 16h CfgSerialCCID See [Serial_CCID]
© ABC-Smartcard 2017 - copyright and all other rights reserved 51 / 58
10. REFERENCE DOCUMENT
CCID Specification for Integrated Circuits(s) Card Interface
Revision 1.1 April 22, 2005
USB Universal Serial Bus Specification Revision 2.0 April 27, 2005
AT90SCR Data Sheet
Technical Data Sheet AT90SCR100/132/200 TPR0327F August 01,2015
EMVco Specification EMVco L1 contact, www.emvo.com
Revision :4.3 http://www.emvco.com
PC/SC Personal Computer / Smart Card http://www.pcscworkgroup.com
© ABC-Smartcard 2017 - copyright and all other rights reserved 52 / 58
11. TERMINOLOGY
Abbreviations ABP ABC Block Protocol ABR ABC Core-Based Reader ACK Acknowledgement byte ADH Used in the Read Memory and Write Memory
commands, ADH is the most significant byte of the 16-bit address of the first byte to be read or written.
ADL Used in the Read Memory and Write Memory commands, ADL is the least significant byte of the 16-bit address of the first byte to be read or written.
AIA Application Interface Area BWI Block Waiting time Integer CB Configuration Byte CLK Clock CRC Cyclic Redundancy Check CWI Character Waiting time Integer DAT DATa (being transmitted) EDC Error Detection Code EEPROM Electrically Erasable Programmable Read Only Memory EOT End Of Transmission Etu elementary time unit I-Block Information Block ICC Integrated Circuits Card used interchangeably
with Smart Card IFD IFSC Information Field Size of the Card IFSD Information Field Size of the Device ISO International Standards Organization LCD Liquid Crystal Display LEN Length of the Data field LN Length of the message (command or status code) LR Length of APDU response LRC Result of an EXCLUSIVE OR (XOR) between the ACK, the LN and the MESSAGE characters N Auxiliary card number NAD Node Address PCB Printed Circuit Board PTS Protocol Type Selection R-Block Receive Ready Block SCR Smart card reader (AT90SCR chip + ABC Core-
C firmware) SE Secure Element
Glossary APDU Application Protocol Data Unit; data exchange
protocol between a card and a reader. The APDU can be changed to ensure that it meets reader requirements for the user’s site.
Baud Rate of signals per second transmitted over a communication channel.
Block Logically contiguous data memory that is allocated when requested for data field.
Command Layer The command layer handles and interprets the ABC Core-C V3.2.3-Based Reader commands.
© ABC-Smartcard 2017 - copyright and all other rights reserved 53 / 58
Physical Layer The physical layer handles the data
transmission. T = 0 Protocol Character-oriented asynchronous half duplex
transmission protocol. T = 1 Protocol Block-oriented asynchronous half duplex
transmission protocol. TA1 Interface byte that defines the rate of the
transmission. Transport Layer The transport layer handles message
addressing, specifies the transmission type, and validates each transmission. The transport layer can use the CCID protocol .
I2C Inter-Integrated Circuit (Protocol using 2 line SDA, SCL)
TWI Two Wire Interface other name for I2C