ACS ACOS3 Microprocessor Card User Manual

June 9, 2024
ACS

ACS ACOS3 Microprocessor Card

Introduction

The purpose of this document is to describe in detail the features and functions of the ACOS3 Contactless Card, a versatile smart card operating system developed by Advanced Card Systems Ltd.
History of Modifications for ACOS3 Contactless Nov 2010 ACOS3 Combi Revision 1.17

  • Contact and contactless dual interface ACOS3 version
  • 8 Kilobyte user storage capacity
  • Backward compatible expect ATR/ATS and its customization

Dear customer,
Thank you for purchasing our product. Please read the following instructions carefully before first use and keep this user manual for future reference. Pay particular attention to the safety instructions. If you have any questions or comments about the device, please contact the customer line.

Technical Specifications

The following are the features and technical of the ACOS3 Contactless card

  • Electrical
    • Operating Voltage: 5V DC +/-10% (Class A) and 3V DC +/- 10% (Class B)
    • Maximum Supply Current: < 10mA
    • ESD Protection: ≤4KV
  • Environmental
    • Operating Temperature: -20°C to 85°C
    • Storage Temperature: -40°C to 100°
  • Communication Protocols
    • T=CL with baud up to 848kbps
  • Memory
    • Capacity: 8KB
    • EEPROM endurance: 500,00 erase/write cycles
    • Data Retention: 20 Years
  • Cryptographic Capabilities
    • DES/3DES: 56/112-bits
  • Random Number Generation
    • FIPS 140-2 compliant RNG

File Security

  • Five secret codes + Issuer Code
  • PIN code
  • Key pair for mutual authentication
  • Session key based on random numbers
  • Secure Messaging function for confidential and authenticated data transfers
  • Support for highly secured e-Purse for payment applications

Compliance to Standards
Compliance to ISO 14443 (Type A) Parts 1,2,3,4

Answer to Select (ATS)
After receiving a Request for Answer to Select (RATS) from the card reader, the card transmits and Answer to Select (ATS) in compliance with ISO 14443 Part 4.

The following data transmitted in the ATS:

TL T0 TA1 TB1 TC1 3 Historical Bytes
08h 78h 33h B5h 02h
T1 T2 T3
--- --- ---
41h 01h 25h

Card Management
This selection outlines the card level features and management functions.

Card Life Cycle States
During the whole life cycle of the chip-card, three phases and two different operating modes can be distinguished:

  • Manufacturing State
  • Personalization State
  • User State
  • User State – Issuer ModeACS ACOS3 Microprocessor Card - 1

Manufacturing State
The Manufacturing State is effective from the moment of chip manufacturing until an associated fuse (i.e., certain bit in the EEPROM), the Manufacturer Fuse, has been programmed. The IC is presented to the card in plain, without encryption. All command are available in manufacturer state. In addition, the Manufacturer File (FF01h) can only be written in this state. The manufacturer file contains two records, 8 bytes each, associated to manufacturing state. In this file, it contains the Manufacturer Fuse. After programming the Manufacturer Fuse, the card enters the personalization state and the manufacturer file is on read-only. Data unique to each card and common card data can be programmed, such as, card manufacturer identification, card serial number, etc. The card does not interpret the data. In this state, the card’s data and keys can erased by calling the CLEAR CARD command. This command will physically erase the EEPROM memory expect for the IC code and manufacturer file. Once the manufacturer fuse has been blown the manufacturing state will be terminated, thus there is no possibility of resetting the card back into the manufacturing state.

Personalization State
Personalization State is effective from the moment of termination of the manufacturing state until an associated bit in the EEPROM, the so-called Personalization Bit, has been programmed. In this state, the card’s data and keys can be erased by calling the CLEAR CARD command. This command will physically erase EEPROM memory expect from the IC code and manufacturer file. Re-personalization of the card is possible. In the Personalization State, any write access to Internal Data Files, as well as the read access to the Security File is only possible after the presentation of the correct IC code. The card manufacturer writes the IC code in the Manufacturing State. The IC is presented to the card in plain, without encryption. The Authentication Process should not be executed prior to programming the correct keys in the Personalization State. Once the Personalization Bit has been programmed and the Personalization State has this been terminated, there is no possibility of resetting the card back into the personalization state.

User State
User State designates the normal operating mode of the card. There are two types of User States – the User State and the User State – Issuer Mode. The User State is effective from the moment of termination of the personalization state. Most card holder operation should occur in this state. A submission of the Issuer Code changes the operation mode to Issuer Mode. This privileged mode allows access to certain memory areas, which are otherwise not accessible.

Answer To Select
After receiving the Request for Answer To Select (RATS), the card transmits an Answer to Select (ATS) in compliance with ISO 14443 Part 4

Customizing the ATS
Due to the difference in the firmware architecture of the AOCS3 Contactless and ACOS3 Contact, the ATS of the ACOS3 Contactless can only be modified at the ACS production facilities. Please contact your ACS representatives during ordering for custom TA1 and Historical bytes values.

Customized ATS TA1 Value
The contactless protocol currently has TA1 = 33h as its bit rate capability. This means the card supports 106, 212, 424 kpbs for both directions from PICC to PCD and vice versa. This is stated in ISO 14443 part 4. Section 5.4.4. The ACOS3 Contactless card can support up to 848 kbps by setting TA1 value to 77h. The solution provider should ensure that the baud rate works with all their existing contactless smart card readers (PCDs) before a volume order of ACOS3 Contactless cards. Please contact your ACS representatives for more information.

Customized ATS for Microsoft Windows Usage
For Windows 7 and above operating systems: Windows automatically attempts to download the smart card’s minidriver whenever a smart card is presented to the smart card reader. Since ACOS3 is not intended to conform to Windows default usage, a smart card minidriver is not necessary. However, if the ACOS3 is presented info a system running Windows 7 or later, the operating system may search online for the driver ma give a warning that the “device driver was not successfully installed” for the smart card. There are two ways to solve this issue:

  • Disable smart card plug and play and certificate propagation in Windows.
  • Change the ATS so Windows will recognize the ACOS3 Contactless card to use ACS’s Unified Null Driver.

For the first solution, please follow instructions in this Microsoft support link to disable smart card plug and play. This may have be done for every computer that will be used in this system. http://support.microsoft.com/kb/976832 For the second solution, ACS has developed a Unified Null driver for ACOS line of smart cards. The Unified Null driver will satisfy the Windows requirement to have a minidriver for the card, hence the warning from Windows every time the card is inserted will no longer appear. The Unified Null Driver can be downloaded automatically from Windows Update if Automatic Updated are turned ON. In order for Windows to recognize the ACOS3 Contactless card and use the Unified Null Driver, the ATS must be customized, which needs to be done by ACS. Please contact your ACS representative regarding such request. In the case of the ACOS3 Contactless card, the ATS value will be: ATS: 08 78 XX B5 02 33 4e 44h The XX is the value of TA1. The TA1 value can be set to the baud rate that the smart card reader used can support.

EEPROM Memory Management

The user EEPROM memory area provided by the card chip is fully usable for user data storage. There is an additional EEPROM area that stores internal card configuration data. • The User Data Memory stores the data of the card under the control of the application.

Data Files
Access to both the Internal Data Memory area and the User Data Memory area is possible within the scopes of data files and data records. Data files in the Internal Data Memory area referred to as Internal Data Files. Data files in the User Data Memory are called User Data Files. Data files are the smallest entity to which individual security attributes can be assigned to control the read and write access to the data stored in the EEPROM. Data files are of either record type or transparent type.

Data File Access Control

  • Two security attributes are assigned to each Data File: the Read Security Attribute and the Write Security Attribute. Security attributes define the security conditions that must be fulfilled to allow the respective operation:
  • The Read Security Attribute controls the read access to the data in a file through the READ RECORD/BINARY command. If the security condition specified in the Read Security Attribute is not fulfilled., the card will reject a READ command to that file.
  • The Write Security Attribute controls the write access to the data in a file through the WRITE RECORD/BINARY command. If the security condition specified in the Write Security Attribute is not fulfilled, the card will reject a WRITE command to that file.

Internal Data Files
With exception of the Account Data Structure, which has associated a special set of commands, the memory areas of the Internal Data Memory are processed as data files.
The attributes of the Internal Data Files are defined in the card operating system and cannot be changed. However, the security attributes depend on the card life cycle state.

User Data Files
User Data Files are allocated in the Personalization State of the card life cycle. There are two types of User Data Files, Record and Binary files. Record files are specified by number of records and fixed record length. Binary files are specified by a file size and accessed via offsetting into the file. The data stored in a User Data File can be read though the READ RECORD/BINARY command and update through the WRITE RECORD/BINARY command when the security conditions associated to the data file are fulfilled. User Data Files are defined by writing the corresponding File Definition Blocks in the records of the User File Management File during the Personalization State. It is not possible to change the number of records of a file once any of the User Data Files has been used. User will be able to access these data as long as it’s within the capacity of the card.

Data File Access
The process of data file access is identical for Internal Data Files and for User Data Files.

Account Data Structure
The Account Data Structure – Account, for short – is dedicated for the use in applications in which a numeric value representing some amount must be securely processed. The Account is stores in the Account File.
In the User State of the cad life cycle, the data in the Account cannot be manipulated by WRITE instructions like the data in User Data Files. A set of dedicated instructions is available for the processing of the Account, i.e. for adding value to and subtracting value from the balance in the Account and for reading the current balance. Different access conditions can be specified for adding to, subtracting from and reading the Account. Critical Account operations, for example, CREDIT, are carried out under strict security control conditions.

Security Features

The following security mechanisms are provided by the ACOS3 card operating system:

  • DES/3DES and MAC Calculation
  • Mutual Authentication and Session Key Generation
  • Secret Codes
  • Secure Messaging for Data Files
  • Secure Account Transaction Processing
  • Anti-tearing Mechanism

DES refers to the DEA algorithm for data encryption and decryption as specified in the standard ANSI X3.93. MAC refers to the algorithm for generation of cryptographic checksums (DEA in Cipher Block Chaining mode) as specified in the standard ANSI X3.99. Mutual Authentication is a process in which bot the card and the Card Accepting Device verify that the respective counterpart is genuine. The Session Key is result of the successful execution of the Mutual Authentication. It is used for data encryption and decryption during a “session”. A session is defined as the time between the successful execution of a Mutual Authentication procedure and a reset of the card or the execution of another START SESSION command. Secret Codes and the PIN code are used to selectively enable access to data stored in the card and to features and functions provided by the card, for example, the READ and WRITE commands. Secure messaging ensures data transmitted between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modifications. This is achieved by signing the command and response with a MAC and encrypting command and response data. The Account Transaction Processing provides mechanism for the secure and auditable manipulation of data in the Account Data Structure, in particular, the balance value.

DES and MAC Calculation
All keys used in DES/3DES and MAC calculation are 8/16 bytes long depending on Single/Triple DES selection in Option Register. The least significant bit of each byte of the key is not used in the calculation and is not interpreted by the card operating.

Mutual Authentication and Session Key Generation
The Mutual Authentication is based on the exchange and mutual verification of secret keys between the Card and the Card Accepting Device. The key exchange is performed in a secure way by use of random numbers and DES/3DES data encryption. The session key is the final result of the Mutual Authentication process, and it is based on the random numbers of both card and terminal. The successful completion of the Mutual Authentication is recorded in the card. The resulting Session Key KS is used for all data encryption and decryption during the same session.  The card maintains and error counter CNT KT count and limit the number of consecutive unsuccessful executions of the AUTHENTICATE command. The Card Random Number RNDC is derived in a complex non- predictable mathematical process from the Random Number Seed stored in the Security File. The Random Number Seed is internally updated by the Operating System after each START TRANSACTION command.

Secret Codes
Secret codes stored in the card are used to restrict the access to data stored in user data files and to certain commands provided by the card. Secret codes must be presented to the card to be able to read data from or write to user data files and execute certain privileged card commands.

Secure Messaging
ACOS3 Version 1.07 and above support Secure Messaging (SM) for data files. Secure messaging ensures data transmitted between the card and terminal/server is secured and not susceptible to eavesdropping, replay attack and unauthorized modifications. User data file can be specified that secure messaging is required for READ/WRITE RECORD/BINARY commands. Almost all the other commands can also use secure messaging initiated by the terminal. The SM employed in ACOS3 both encrypts and signs the data transmitting into and out of the card.

Account Transaction Processing
Associated to the Account are four keys:

  • The Credit Key KCR
  • The Debit Key KD
  • The Certify Key KCF
  • The Revoke Debit Key KRD

Anti-tearing Mechanism
Anti-tearing mechanism help protects card data and security in the event that the card is suddenly powered down or pulled out during a card operation. When writing user data into the card, ACOS3’s anti-tearing mechanism ensures the operation is performed atomically. That is, data is either completely written or the target writing area is left at its previous state before the write operation. The account data files is protected similarly when performing CREDIT/DEBIT/REVOKE DEBIT commands.

Life Supports Application

These products are not designed for use in life support appliances, devices or systems where malfunction of these products can reasonably be expected to result in personal injury. ACS customer using or selling these products for use in such applications do so on their own risk and agree to fully indemnify ACS for any damages resulting from such improper use or sale.

Contact Information

Warranty

Warranty Conditions
A new product purchased in the Alza.cz sales network is guaranteed for 2 years. If you need repair or other services during the warranty period, contact the product seller directly, you must provide the original proof of purchase with the date of purchase.

The following are considered to be a conflict with the warranty conditions, for which the claimed claim may not be recognized:

  • Using the product for any purpose other than that for which the product is intended or failing to follow the instructions for maintenance, operation, and service of the product.
  • Damage to the product by a natural disaster, the intervention of an unauthorized person or mechanically through the fault of the buyer (e.g., during transport, cleaning by inappropriate means, etc.).
  • Natural wear and aging of consumables or components during use (such as batteries, etc.).
  • Exposure to adverse external influences, such as sunlight and other radiation or electromagnetic fields, fluid intrusion, object intrusion, mains overvoltage, electrostatic discharge voltage (including lightning), faulty supply or input voltage and inappropriate polarity of this voltage, chemical processes such as used power supplies, etc.
  • If anyone has made modifications, modifications, alterations to the design or adaptation to change or extend the functions of the product compared to the purchased design or use of non-original components.

www.alza.co.uk/kontakt
+44 (0)203 514 4411
Alza.cz a.s., Jankovcova 1522/53, Holešovice, 170 00 Prague 7, www.alza.cz

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals