Pin Ecryption With Diebold Format

Beside Ansi Pin block, another popular for encryption on ATM is Diebold pin block format.Diebold pin block consist 16 hexa block digit and format appear like picture below. The format and encrypted method defined by Pin PAD on FIT (financial instution table) download.


The pin block is created from customer PIN and padding with F character until all completely 16 digit. For example the pin number is 1234 and the pin block is 1234FFFF FFFFFFFF. The lenght of depend o PIN by FIT on coniguration data download.

The encryption process results in 16 hex digits that are converted to ASCII by prefixing each hex digit with a hex 3 to convert the 16 hex digits to 16 ASCII digits. These 16 ASCII digits are sent to the host if the protocol is ASCII

How ANSI Pin Block work on ATM

One of  method atm for  PIN verification is ANSI Pin Block. which is Ansi Pin block consist 2 blok, is PIN Block and PAN bock. PAN or primary account number Block is  Acquire from track 2 on the magnetic card.

The Ansi Pin block has 16 hexa lenght and result from XOR operation from  PAN block and PIN Block. for example we can see ilustrated below ;

From illustrated, we can see Pin Block. the component for pin block is ;

On Pin block 
04 = ‘0’ is control field and always filled with zero
04 = ‘4’ is length of pin number
1234 = pin number
FF = padding character

On Pan block
0000 =PAD digit and always 0 value
589875200411= PAN Number, if less than 12 digit padding with 0

The result from XOR operation for PIN Block and PAN Block is 04126C678ADFFBEE.
This value must be encrypted with master key (stored on security module on ATM) before sending to the network.

For example the ATM use master key for encypted, and the value of master key is 1234567890ABCDEF. The result for this encryption is 953CC7CC0FC5BD7C

The result show on Test Key APP below;

Pin & Verification

There a two type of PIN verification before sending to the network. the type is local verification and network verification. but for  the now all atm commonly  using network pin verification for their ATM.

Network PIN verification requires that the PIN be padded to 16 digits andencrypted before sending it to the Network. The terminal can encrypt thecustomer-entered PIN once or twice, then send it to the Network withunencrypted PAN and offset. The PIN may be send unencrypted, but this is notrecommended only for system testing. When the encrypted PIN reaches theverification point in the network, a single (or double) decryption restores the customer entered PIN. Then the generated PIN will be compared with thecalculated PIN. If the PIN is correct the transaction can be continued. The institution may choose to verify the encrypted PIN without performing decryption. This can be done by comparing the encrypted PIN to a table of encrypted PIN values. Therefore the PAN is used as a table look-up key.For remote PIN verification, the PIN is sent to the network in two different forms:

-ANSI PIN/PAN Block

-Diebold PIN Block

The terminal encrypts the block and sends it to the network. The network thenhandles the PIN verification.

Configuration Data

When The first time ATM to turn on the power, atm go on power up mode. In this mode atm will load all Operating system, Driver and ATM application. After power up mode finish and line communication with host established, ATM entering to Out Of service Mode. On this mode, the first time ATM sends Power fail Message to ATM-C for notification central the ATM ready for operate and need configuration data to download..

If central /ATM-C receives power fail Message from terminal, the central will be download configuration data to the terminal using a series write command message. Which the configuration data divided into 4 categories.

• States - state tables direct the terminal to the tasks to be performed during each part of a transaction

• Screens - screen data contains display, control, and delimiter characters for different screens which must be shown during different parts of a transaction.

• Miscellaneous data consists of terminal parameters (capabilities), LUNO (a unique number identifying each terminal), and terminal timer values.

• FIT entries - Financial Institution Tables entries provide information which is used for identifying which institution has issued a particular card, decoding or encoding of data and for electronic fund transfer.

All configuration data will be stored or write on terminal. If the terminal succeeds in receiving the data, it returns a Ready State to Central, waiting for Central to send the next message. If the terminal fails in receiving the data, it returns a Command Reject message to Central.

This message exchange continues until all the configuration data has been sent to the ATM terminal. On completion, Central sends a Start-Up command message to the terminal, and the terminal goes into service

NDC+

NDC+ is the terminal control application from NCR. It is table-driven and can be
customised to meet your own requirements.
NDC+ is the 4th generation version of NDC, and has been developed for NCR’s 4th
generation SSTs and Account Services Terminals. It allows you to run 4th generation
and Personas terminals in your network, in either Diebold Emulation of Native mode.

The NDC+ software system is made up of two parts:
-Terminal application
-Central application

The terminal application gathers transaction details from the cardholder and sends
these details in a transaction request message to the Central
When a terminal receives a transaction reply from the central, it completes the
transaction.

The terminal application responds to terminal commands from the central, such as
go-in-service or go-out-of-service, and requests for information, such as tallies, by sending solicited status messages to central. An unexpected event can be reported to central using an unsolicited status message.

The central application receives transaction request messages from the terminal,
and determines whether the transaction should be approved or declined. It controls
the terminal by sending terminal commands to it and acting on responses received.

The central application must be able to decode and act on the messages it receives
from the terminal.

The central application must also be able to code the messages in the form that the
NDC+ software in the terminal understands.

Double Detect On Friction System.

On Dispenser a mandatory sould have one sensor to detect money double or not and to check size of money correct or not. double detect commonly is the sensor work principle with light sensor or lvdt sensor(mechanicly system)
On this article we will talk about LVDT double detect on Dispenser with friction system. For illustration I will use dispenser old IBM series.


From Picture Above, we can see the Feed wheel assembly, this roller which this function roller is picking the money. Actualy the roller is not realy simetris rounded, but the eccentric. This mean the ecentric area will pick the money on the cycle of roller. Media on the picture is money.
The working this module is, when the money picking by eccentric roller of feed whell, the money will try to go inside small gap between Fork Block and Fork. When the money on gap, the fork mechanicly will move depend the thickness of money, and this will change the value of lvdt sensor by Proximity probe. The default value of lvdt set by double detect adjust screw. So if double money go inside, the value of LVDT will be out of range, and by dispenser control module , this is indicate the the double money happened on the feeding action.

Part Of Dispenser.

We know dispenser is one device on ATM who have function dispense money to the customer on one transaction. Dispenser have some parts module on itself, and how many module or part on dispenser depend or type of cash dispenser. Now we talk for dispenser on generally.
Dispenser consist 3 main module, Feeding Module, Stacking Module and Deliver/presenting module, each module have main function to do work of ATM, beside that! On dispenser have Money Cassette and Reject cassette. For illustration, picture below show module of dispenser old IBM ATM (diebold).




Feeding Module or on picture IBM call it with picker Module. The function of this module is to picking money from cassette and deliver to stacking area. The picking system on this dispenser is friction system which inside of feed module have one big roller for picking money before deliver to stacker unit. And about the cassette, the cassette insert to feed module. Usually on a Atm have 2 or 4 feeding module. Bellow the picture of money cassette inserted to feed module.



If cassette nor inserted to the Feed Module, there no chance to see the money inside if we don’t have a key to open it, but when tha cassette inserted to feed module, there a mechanicly system inside the feed module to open cassette so the money can picking by feed roller. Picture bellow is the Picking Roller inside the feed module.



A mandatory on each dispenser have a double detect sensor, to cheking the money is double or not, other that double detect have function to recognize size of money. If the money size not correct with the setting dispenser. The double detect will be reject the money to reject cassette. On some dispenser like IBM or wincor Nixdorf commonly double detect sensor located on feeding module, so if Dipsenser have 4 feeding module the double detect have 4 module too. But some model of dispenser only have 1 double detect module on stacking area. The cheking money will be do it before money go the stacking area.
Stacking module the function is to collect the money in one bundle before deliver to presenter area. In this area ussualy have one gate to the reject cassette, so if the money double detected by double detect the reject gate will be open and the money not to go to the bundle of money but go the reject cassette.
If in a transaction for example withdrawl 10 notes of money, after stacking module completed with 20 notes, the stacking area will be moving bundle the money to Transport or presenter area to deliver the bundle of money to the customer. On presenter area have sensor on the front, which the function is to detect the customer take money or not, if on 2 or three minutes not take by customer. The dispenser will be moving the bundle money to inside and to the reject cassette.
Picture below is path of money on fujitsu dispenser.