> For the complete documentation index, see [llms.txt](https://developer.magtek.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaflex-ii-go/documents/developers-manuals/programmers-manual-commands/commands/security/send-secured-command-to-device.md). # Send Secured Command to Device ## Command 0xEEEE - Send Secured Command to Device The host uses this command to transmit another command securely. This “secure wrapper” mechanism provides the device a means to ensure the wrapped command originated from an authentic, authorized host. In addition, its implementation includes an operation that starts a countdown timer, which ensures the command is current and is not an unauthorized replay of a previously intercepted / stored command. This command can use multiple authentication methods, including MAC or ECDSA Signature. The method and parameters to use are specific to the command being wrapped, and are specified in the documentation for that command. The sequence of events is as follows: {% stepper %} {% step %} ### Determine command and compose Message Payload The host determines what command it wants to call from **Section 6 Commands**, determines the command must be secured, and uses the Request Data table for that command to compose **Message Payload**. {% endstep %} {% step %} ### Retrieve Challenge Token The host uses **Command 0xE001 - Get Challenge** to retrieve a **Challenge Token** and unlock the device for receiving the desired command for a limited period of time. When the time expires, the device will no longer accept the Challenge Token and the host will have to retrieve another one. {% endstep %} {% step %} ### Build the 0xEEEE request The host creates an instance of **Command 0xEEEE - Send Secured Command to Device** in the format below, and includes the Message Payload and Challenge Token inside it. In the **Request Message**, it fills in **Command ID** as the command number of the wrapped Message Payload, instead of 0xEEEE. Some parameters are command-specific; see the documentation for the command that is being wrapped to determine what values to use. {% endstep %} {% step %} ### Send the composite command The host sends the resulting composite command request to the device. {% endstep %} {% step %} ### Device validates and authenticates The device validates the serial number and challenge token, then examines the parameters to determine which authentication method is being used, and authenticates the command accordingly. {% endstep %} {% step %} ### Device executes secure command If the device determines the command request is authentic, it will start executing the secure command defined by the Message Payload. {% endstep %} {% step %} ### Device responds The device sends a response to the host reporting success or failure. In both cases, the response uses the format that corresponds to the command invoked by the Message Payload. See the documentation for that command to determine the format of the response. {% endstep %} {% endstepper %} ## Table - Request Data for Command 0xEEEE - Send Secured Command to Device
TagLenValue / DescriptionTypReqDefault
Beginning of any wrappers, at minimum including Request Message
EEEE = Command 0xEEEE - Send Secured Command to Device
A1varSecurity Parameters — This parameter describes how the Signature parameter in this data object is calculated, and is a Security Parameters Type TLV data object. To determine which values to use in that TLV data object, see the documentation for the command being wrapped.TR
8204Serial NumberBR
8308Challenge Token — The token the device returned when the host called Command 0xE001 - Get Challenge.BR
84varMessage PayloadBR
9EvarMAC or SignatureBR
End of any wrappers, at minimum including Request Message
## Table - Request Example Using MAC Example (Hex): ```hex This example wraps [**Command 0xD811 - Start Send File to Device (Secured) AA 00 81 04 01 04 D8 11 84 81 8F EE EE A1 19 81 05 03 03 06 02 08 84 00 85 00 A8 0A 81 02 11 02 82 00 86 00 88 00 A9 00 82 04 FF FF FF F0 83 08 C9 65 45 F2 97 69 85 B1 84 4E D8 11 81 04 00 00 03 00 A2 2B 81 04 00 00 02 99 82 01 04 83 20 87 A4 B3 54 61 C5 CB D3 1D DC BA 9D 65 25 5A D4 6A 22 FA 51 5E FD 65 87 AF AC A8 8C 4F AF 80 9B A3 14 38 31 30 38 33 30 33 30 33 30 33 30 33 33 33 30 33 30 87 01 01 9E 10 7D E4 27 C8 A0 70 72 08 19 0A 1E 0A 3F 48 BB F1 ``` ## Table - Request Example Using ECDSA ```hex This example wraps [**Command 0xF015 - Read Log & Clear Tamper (MAGTEK INTERNAL ONLY)**](#_bookmark52): AA 00 // Marker 81 04 01 0F F0 15 // Message Information 84 81 C8 // Request Payload EE EE // 0xEEEE, Secure Wrapper A1 24 // P4-A1, Security Parameters 81 04 02 01 04 05 // 02=Cmd Auth-sign, 01=ECDSA, 04=SHA-256, 05=P-521 84 00 // Data (for IV, nonce, as needed) 85 00 // Extra data item (reserved for future use) A8 16 // Key Info 81 02 00 00 // Key Slot ID 82 07 45 43 43 53 49 47 4E // Key Label, “ECCSIGN” 86 05 45 43 44 53 41 // KSN or derive info, ECDSA 88 00 // Added Info A9 00 // 2nd Key Info (reserved for future use) 82 04 B5 03 3D A0 // P4-P2, Device Serial Number 83 08 5B 6B 45 4B 00 5B CE 31 // P4-P3, Challenge Token 84 02 F0 15 // P4-P4, Payload Command 0xF015 9E 81 89 // P4-P30, Signature for Secure Wrapper 30 81 86 02 41 // Sig->R 52 5B 04 9A C7 CC 56 DE 5A EA 89 62 47 BB B8 0D 93 80 CE C8 AD 6E 16 F7 6E DA 08 42 0B 9C 69 77 61 B0 99 FC 05 7D AE AF 75 79 9C 7B B3 81 72 5C 4E 5B 92 DC F3 B6 85 5E B3 A2 71 0D 1D 93 B5 0D 0C 02 41 // Sig->S 46 47 0A EF 6F D5 97 ED 4F 41 E8 3C FD 20 A1 CE 7D E5 CA D3 E8 22 3B ED BC 2A 8A A0 BF 73 72 81 35 4F CB 52 B6 A9 07 6F 36 7F 5D 35 D5 29 3D 5D 78 17 0E B2 D6 AA A5 0D B3 4D B9 04 2C 03 6A AC A5 ``` {% hint style="info" %} Note: For additional support, please contact MagTek Support. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaflex-ii-go/documents/developers-manuals/programmers-manual-commands/commands/security/send-secured-command-to-device.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.