User Guide for the iCLASS TECHNICAL NOTE
User Guide for the iCLASS TECHNICAL NOTE In order to provide additional levels of security, the HandReader can be used in conjunction with iCLASS contactless smart card readers. With this card technology, there is no need to store the user information and template in a centralized database. All of the user’s information can be stored on the credential, eliminating the need for the user to remember a pin, and for managing templates over networks. However, it’s helpful to understand how the iCLASS reader works when integrated into the HandReader. The iCLASS reader, when installed on the HandReader, is programmed with a proprietary key by default. iCLASS cards also contain a key which must match the key in the reader in order for the card to communicate and exchange information with the card reader. The SmartKey utility was designed by Schlage biometrics to manage the iCLASS keys used with the HandReader family. It is a complimentary program used with Windows OS that allows the storing and modifying of iCLASS keys on cards and the HandReader. Below is the technical information on how to use the SmartKey. You can obtain a copy of the SmartKey program by contacting our technical support group ([email protected]). Before you order an iClass reader, you will need to know what you are connecting to: Lock output or Access Panel. If you are connecting to an Access Panel, you will also need to know your card format and the iClass key. If you require additional information before the purchase of a HandReader with the iCLASS, please consult your local sales representative or our technical support group at 1-866-861-2480, option 1. Rev. A 03/2010 User Guide for the iCLASS 70200-0087A User Guide for the iCLASS TECHNICAL NOTE CONTENTS OF THIS TECHNICAL NOTE INCLUDE: WHAT IS SMARTKEY? PROGRAM STARTUP CONNECTING TO THE iCLASS HANDREADER MAIN MENU SELECTIONS 1. Exit SmartKey program 2. Store user key to reader 3. Restore default key to reader 4. Change key on smart cards 5. View configuration block on smart cards SMARTKEY The SmartKey utility is designed by Schlage biometrics to manage the iCLASS keys used with the HandReader Family. The program is a 32 bit console mode program for Windows. It has been successfully tested with Windows-98, Windows 2000 and Windows-XP. The main key management functions of SmartKey are: • Store iCLASS keys in the HandReader • Store iCLASS keys on cards These functions enable administrators to secure their iCLASS installation with private keys known only to them. To change keys in a HandReader, the PC running SmartKey must be connected to the HandReader using the iCLASS cable supplied by Schlage. To change keys on cards only, the PC running SmartKey can be connected either to a HandReader, or to an external iCLASS card reader/writer supplied by HID. CONNECTING TO THE HANDREADER Use the Serial DB9 – 3-pin cable to make the connection between the computer running SmartKey and the iCLASS HandReader. First, connect the DB9 Serial connector to an open serial port on the computer. Then, carefully connect the 3-pin connector directly to the iCLASS reader (you may have to disconnect the iCLASS reader from the HandReader to do this). Then, attach the grounding clip to the back plate of the HandReader. Making the ground connection is very important – otherwise, SmartKey will not be able to detect the iCLASS reader. When you are finished using SmartKey, detach the grounding clip, disconnect the 3-pin connector and carefully reconnect the iCLASS reader cable to the main board connector. You should not have to cycle power on the reader; however, if you encounter any immediate problems a power cycle will reset the connection and typically restore functionality. PROGRAM STARTUP Save SmartKey.exe in a known folder on a Windows PC, and start the program from either the Windows "Run" dialog or by selecting the program from Windows explorer. When the program is started, it will prompt the operator to specify the communications port for the iCLASS device. Enter the serial port that the HandReader or an external HID reader/writer is connected too, and press <RETURN/ENTER>. SmartKey will automatically check for a HandReader using 9600 baud, and if that fails it will then test for an external HID reader/writer at 57600 baud. If neither device is detected, SmartKey will display an error message and quit. If an iCLASS device is found by SmartKey, it displays its’ main menu and waits for a user selection. The operator selects the desired menu and then presses <RETURN/ENTER>. Rev. A 03/2010 User Guide for the iCLASS 70200-0087A User Guide for the iCLASS TECHNICAL NOTE MAIN MENU SELECTIONS 1. Exit SmartKey program This is used in the main menu to exit the program. The sub-menus accessed via the main menu also use selection 1 as an exit choice. 2. Store user key to reader This selection allows the operator to define a 16-digit iCLASS key to be saved in the HandReader. In any iCLASS system, the card reader/writer and the cards being presented must share the same key value. This selection stores the desired key to the HandReader, so iCLASS cards having the same key can be read and written by the HandReader. NOTE: iCLASS keys are 64-bit values. SmartKey requires values as 16 hexadecimal digits. A hexadecimal digit is one of the characters 0 thru 9 and A thru F. An example is: 9876543210ABCDEF. Always specify exactly 16 digits for key values using SmartKey. Even leading 0’s are significant. 3. Restore default key to reader This selection restores the HandReader iCLASS key back to factory default. The default ‘con-configured, nonprogrammed’ value is stored on blank cards. The key on the blank cards is read internally by SmartKey, and it is used during card key changes without this selection being accessed. This menu selection is provided only in the event that an operator encounters some unforeseen need to restore the HandReader key to its default value. 4. Change key on smart cards This selection allows the operator to store keys on iCLASS cards that match the key value stored in the HandReader. When this menu is selected, a sequence of sub-menu steps is initiated which prompt the operator for key values and other choices. At the conclusion of entering these selections, the operator is prompted to present a card to the iCLASS device. When the card is detected, the new key is stored to it. For convenience, SmartKey can repeat this sequence of detecting cards and storing keys. NOTE: If you change keys, you will need to document the new key and store it in a safe place. Once cards are programmed, you can’t reconfigure them without knowing the key on the card.* 1) The first sub-menu step when changing card keys requests the operator to indicate the iCLASS key that is already on the card. In order to perform this action, the user must know the current key on their cards provided by the card distributor. This is required because storing new keys on cards requires SmartKey to authenticate with the existing card key. If the card is new, then select option 2 to use the default key for blank cards. Alternately, if the card key was previously changed by SmartKey or some other utility, then select option 3 to manually specify the key value. Note that if option 2 for using the default key is selected, SmartKey will actually attempt card authentication using first the ‘configured, non-programmed’ key and then with the HID ‘nonconfigured, non-programmed’ key. This check occurs without any operator interaction. 2) The second sub-menu step when changing card keys requires the operator to indicate the new key value to be stored on the card. If the desired key has already been stored in the reader, then option 2 can be selected to store that same key on a card. Alternately, the operator can use option 3 to manually specify a key value. In this case, the key is written only to the card, and the reader key value is left unchanged. 3) The third sub-menu step when changing card keys gives the operator a choice to blow the card fuse during the key change. It is recommended that the operator answer yes to this prompt. Blowing the card fuse fixes the portion of the card that is secured by the HandReader key. Specificly, the HandReader uses card key 2 to access blocks 19 thru 31 in the base page of cards. When the card fuse is blown by SmartKey, the card application limit Rev. A 03/2010 User Guide for the iCLASS 70200-0087A User Guide for the iCLASS TECHNICAL NOTE is set to block 18 and the fuse bit is cleared. When this is complete, only card key 2 will authenticate blocks 19 thru 31. NOTE: Caution, blowing the fuse will disallow any future re-configuration to the key structure*** 4) The fourth sub-menu step when changing card keys prompts the user to present a card to the reader. When the card is detected, the card key storage function is performed. The operator can follow prompts to repeat the operation on multiple cards. 5. View configuration block on smart cards NOTE: This menu is not required for managing iCLASS keys with SmartKey. This menu is provided as a tool for administrators who are familiar with the technical details of iCLASS card configuration blocks. After selecting this menu, present a card to the iCLASS reader. SmartKey will detect the card and display the configuration block information. This is the data from block 1 in the base page of the card. Rev. A 03/2010 User Guide for the iCLASS 70200-0087A
© Copyright 2024