Versions Compared

Old Version 3

changes.mady.by.user Tom Polman

Saved on

compared with

New Version 4

changes.mady.by.user Francisco Pérez-Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If there are 4 SAM cards present in a Charon then there will be 4 different reader scripts with samId=0,1,2 and 3. By provisioning these scripts to the readers on the line you can determine which reader uses which SAM, and in this way spread the load. These scripts are called use_SamX.xml with X=0,1,2,3.

Info

For the Reader Manager version 5.03.41 or later, a new command setLed is available and recommended to be used in the reader script. See the note in the next section below.

4.2 Reader keys

Loading the correct keystore in the SAM and instructing the SAM which generation keys to use is a process that requires a number of steps.

  1. Initially the SAM will contain only one application (with AID 92f7 and TKH Security specific keys).

  2. By provisioning a keystore file that contains the TKH Specific keys (RM-SAM.ktl) to the Readermanager node, the Readermanager has the correct keys to communicate with the SAM. Once this has successfully been provisioned to the Readermanager this provisioning element can be removed from the node.

  3. Now the SAM will accept project specific configuration cards. With these cards the keysets can be configured that are used to read the access cards.

  4. First of all a configuration card must be presented that changes the TKH Security specific keys to Customer/Rijkspas specific keys.

  5. Now the first customer configuration card (G0  G0) can be offered to the reader. The customer specific applications are loaded in the SAM. If you have 4 SAMs in the Charon module connected to a Pluto you will have to present the G0->G0 card to 4 readers to configure all SAMs.

  6. If, in the future it is necessary to start using the next generation keyset on the SAM card, you can offer the G0->G1 configuration card to the corresponding reader.

...

iProtect will generate an event in case the configuration card changes the keyset.

Info

For the Reader Manager version 5.03.41 or later, and in conjunction with the setLed command, a visual feedback will be shown when applying a configuration card. During the time the SAM is being programmed, the reader LED will turn blue.

The configuration card should be then applied into the reader as long as this LED keeps being blue, until the usual beep is heard and the reader LED returns to its original color (red in most cases).

If in this situation the card is retired but the LED in the reader keeps blue, a new application of the configuration card is required in order to program the SAM with the new keys.

...

5 Reader configuration preparation step-by-step

...

  • Reader manager: ≥ 05.03.13

  • Reader keystore: project specific keystore (example: project-x.ktl)

  • Reader script per SAM (4x) (example: combi-sam0_v3.xml, combi-sam1_v3.xml,
    …)

  • Combi script for dualityReader script per SAM (4x) (example: static-rijkspas-sam0.xml, static-rijkspassam1.
    xml, …)

  • Rijkspas only script to disable duality

  • Reader manager keystore SAM (example: reader-manager_SAM.ktl)

...

  • Reader manager: ≥ 05.03.13

  • Reader keystore: project specific keystore (example: project-x.ktl)

  • Reader script per SAM (4x) (example: combi-sam0_v3.xml, combi-sam1_v3.xml,…)Reader script per SAM (4x) (example: static-rijkspas-sam0.xml, static-rijkspassam1.xml,…)

  • Reader manager keystore SAM (example: reader-manager_SAM.ktl)

...