Dot origin Vtap100 User manual

Installation Guide -

VTAP100 Desktop USBReader

VTAP100-USB

Revised November 2022 v2.03

If you need help to set up or use your VTAP100, beyond what is contained in this Installation

Guide, then please contact our support team.

Email: [email protected]

Download the latest documentation and firmware from https://vtapnfc.com

Telephone UK and Europe: +44 (0) 1428 685861

Telephone North America and Latin America: +1 565-262-9642

If you have any feedback on setting up or using your VTAP100 or this documentation, then

please contact our support team. The product is constantly being reviewed and improved and

we value feedback about your experience.

No part of this Installation Guide may be published or reproduced without the written

permission of Dot Origin Ltd except for personal use. This Installation Guide relates to correct

use of the VTAP100 only. No liability can be accepted under any circumstances relating to the

operation of the user’s own PC, network or infrastructure.

Dot Origin Ltd

Unit 7, Coopers Place Business Park, Combe Lane, Wormley

Godalming GU8 5SZ United Kingdom

+44 (0) 1428 685861

Contents

1 Using this guide 1

2 How the VTAP100 works 2

2.1 Default operation on factory settings 3

2.2 Start reading your own passes 3

2.3 Check status in BOOT.TXT 7

3 Choose a location for your VTAP100 8

4 Design a custom label for the wallbox 9

5 Mount a VTAP100 wallbox 10

6 Hardware lock to disable USB mass storage device 11

7 Disposal 12

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE I

VTAP MOBILE WALLET READERS

Safety instructions

WARNING: INTENDEDUSE

The VTAP100-USB is a boxed product for end-users. Although the enclosure may be opened

when the device is not connected, components mounted on the VTAP PCB are not

user-serviceable.

WARNING: ESD PRECAUTIONS

If the enclosure is opened to access the PCB, we recommend careful handling of

Electrostatic Sensitive Devices (ESDs) .

WARNING: POWERSUPPLY

Use the USB cable provided to connect the VTAP100-USB to a PC.

EMC emissions and immunity certifications are only valid when using the VTAP100-USB

with the supplied cable.

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE II

VTAP MOBILE WALLET READERS

1  Using this guide

This guide is for first-time users of the VTAP100-USB.

Figure 1-1 VTAP100 in compact (-CC) case

It contains the information you need to physically install your VTAP100.

Consult the VTAP Configuration Guide for more about custom configuration and

maintenance features for any VTAP100, including how to update the firmware on your

VTAP100-USB, when a new release is available.

If you need help beyond what is contained in this guide please contact

[email protected].

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 1

VTAP MOBILE WALLET READERS

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 2

2  How the VTAP100 works

With the VTAP100-USB connected to a PC, simply tap your smartphone against the

VTAP100. Your mobile NFC pass will be read and data sent to the connected PC.

Of course, the data can only be read if your phone contains a mobile NFC pass, which has

been issued in connection with the Merchant ID(s)/Collector ID(s) and key(s) that are known

to the VTAP100. The unit comes with default values, so that you can test Default operation

on factory settings before you begin customising any settings.

When the VTAP100-USB is connected to a computer it appears as a generic mass storage

device (like a memory stick). To configure your VTAP100, you simply edit or create text files.

These will be read automatically, and control the operation of the VTAP100. There is

information in Start reading your own passes to take the first steps towards reading your

own passes. Consult the VTAP Configuration Guide for more detail.

By default the VTAP100 is fully upgradable in the field. However, the VTAP100 can be locked

in software or hardware, before deploying the unit, so that operation is no longer easily

changed.

VTAP MOBILE WALLET READERS

2.1 Default operation on factory settings

Before anyone changes the configuration from its default, you can confirm that the unit is

working.

These steps demonstrate that the hardware can detect and interact with an OriginPass mobile

NFC pass, which is ready to work with the default configuration of your VTAP100.

1. Obtain an OriginPass from Dot Origin by visiting https://originpass.com/VTAP/ and add it

to Google or Apple Wallet. (You will require a username and password - contact

[email protected] to get these.)

2. Connect the VTAP100 to your PC, using a USB cable.

3. Open a text editor, such as Windows Notepad.

4. When you tap the OriginPass on the VTAP100:

lPass contents will be displayed in the open text editor.

lThe diagnostic LEDs on the VTAP100 PCB will flash together.

lYour smartphone may signal with a buzz or beep.

Note: Some Android phones will only interact if their screen is on, although it does not

need to be unlocked. You may need to enable NFC in the settings for the smartphone.

Note: If the pass detected does not match the key and ID on the VTAP, or is moved away

too quickly to be read, the pass contents displayed will be an 8 digit random hex string,

such as '08E22AC1', different on each presentation. OriginPass contents will be a

consistent string of the type '3~ffymeK9f_mziYtA6~53999301628695~Valued'. The

separator '~' or '|' will depend on your keyboard language settings.

Note: If local security settings prevent or limit the use of removable storage devices, or

the connection of additional keyboards, an administrator may need to alter those

permissions.

2.2 Start reading your own passes

If you navigate to the VTAP in the computer's file system. It will appear as an attached mass

storage device and list the files contained, including the main config.txt file.

To read any mobile NFC pass, you will need to provide your pass reading parameters in the

config.txt file. This means a collector ID or merchant ID and any keys. These allow you to

read and decrypt pass data that is held by your users, on their smartphones.

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 3

VTAP MOBILE WALLET READERS

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 4

This first time, you will need to connect the VTAP100 to your PC, using a USB cable. (If

needed, you can adjust the configuration to make these changes remotely in future, see

VTAP Application Notes.)

Step 1: Upload key file(s) to your VTAP100

1. Ensure each of the keys you need to use are stored in a file with the name

private#.pem, following the .pem format, where # is replaced with a number from 1

to 6, matching the key slot you will save it in. (The demo passes are accessed using the

key in KeySlot 6, so don't overwrite this one unless you are finished with demo passes.)

Note: You cannot use more than 6 key files.

2. Load your keys by copying these files onto your VTAP100, which shows up in the file

system of your PC as a mass storage device.

Note: When you reboot the VTAP100 your key will have been stored in hardware, and

will no longer be listed as a file on the device. You can confirm key file(s) have been

loaded when you Check status in BOOT.TXT. If the key file does not disappear and

there is an error in Boot.txt, check your .pem file as it is likely it did not adhere to the

standard.

VTAP MOBILE WALLET READERS

Step 2:Declare Merchant ID(s)/Collector ID(s) in the config.txt file

1. Open the file config.txt in a text editor (such as Windows Notepad). It already

contains parameters for accessing the demo passes, prefixed VAS1 and ST1, both relying

on KeySlot 6. You can overwrite these, or keep them in addition to your own pass

reading parameters.

2. Add your pass reading parameters in the config.txt file to access up to 6 Apple

VAS and up to 6 Google Smart Tap IDs, and identify the keys to be used in each case.

Note: Although the VTAP100 supports multiple IDs, Apple and Google expect most

users will only use one. Using multiple IDs is an advanced feature to use with care. The

VAS# and ST# numbers define the order in which IDs will be requested from Apple or

Android phones respectively. The lowest numbered ID will be requested first, then

continuing in ascending numeric order.

Put each parameter on a new line. Order of parameters does not matter to the

VTAP100, but could help other people who need to edit the file. Start any comment

lines in the config.txt file, that the VTAP100 should ignore, with a semicolon. Each

parameter should only appear once - if it accidentally appears more than once then only

the last instance will take effect.

Example:Settings in config.txt to interact with both

Apple VASand Google Smart Tap mobile passes

!VTAPconfig



VAS1MerchantID=<yourmerchantID>

VAS1KeySlot=1

;Thissaysusethekeyaddedasfile'private1.pem'toreadand

;decryptanypassconnectedtoyourmerchantIDonanAppleiPhone



ST1CollectorID=<yourcollectorID>

ST1KeySlot=2

ST1KeyVersion=1

;Thissaysusethekeyaddedasfile'private2.pem'atkeyversion1

;toreadanddecryptanypassconnectedtoyourcollectorID

;onanAndroidphone

3. Save the amended config.txt file and these changes will take effect immediately. (A small

number of changes to the config.txt file require a reboot to take effect, for instance

to the status of the virtual COM port, but these are highlighted in later sections).

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 5

VTAP MOBILE WALLET READERS

VTAP100-USB INSTALLATION GUIDE © DOT ORIGIN PAGE 6

Note: If a VAS#KeySlot parameter is omitted, or set to 0, then all available keys will be

compared with the 4 byte hash of the public key for the data, to choose the right key. If the

data received by the VTAP100 cannot be decrypted, the Apple iphone will register a pass

read, but the data will not be output.

Note: If an ST#KeySlot parameter is omitted, or set to 0, then authentication will be

omitted and decryption will not be performed. In this case, Google Smart Tap data will be

received and sent on by the VTAP100, only if the pass does not require authentication by

the terminal.

VTAP MOBILE WALLET READERS

2.3 Check status in BOOT.TXT

If you navigate to the VTAP100 in the computer's file system. It will appear as an attached

mass storage device and list the files contained, including the BOOT.TXT file.

Inspecting BOOT.TXT will give you essential information about your VTAP100 set up, at time

of last reboot, which might be helpful when troubleshooting.

Figure 2-1 Example VTAP100 BOOT.TXTfile

You are most likely to need:

l'ATCA' on VTAP100 - the serial number for your VTAP100.

l'Firmware' - the VTAP100 firmware version in use.

l'Hardware' - the VTAP100 hardware version in use.

l'KeySlots used:' - a useful check that you have uploaded the necessary key files, since these

are deleted when they are uploaded. These two examples show how to read this

information:

o'KeySlots used:------' shows that no keys have been uploaded.

o'KeySlots used: 12--56' shows that key files 1 and 2 have been successfully uploaded, in

addition to the defaults 5 and 6.

l'VCP enabled' - indicates that the virtual COM port has been enabled.

l'Status' - should be 0 if operating normally, anything else indicates an error state.

l'Boot time' - The time at boot, which defaults to 1970/00/00 00:00:00 if power is removed

to reboot.

If the configuration has been locked the BOOT.TXT file will end with the words LOCKED S/W

or LOCKED H/W.

VTAP MOBILE WALLET READERS

3  Choose a location for your VTAP100

Position the VTAP100-USB so that users can easily tap their smartphone against the label, on

top of the device.

CAUTION: Never allow a metal surface between the VTAP100 and the user's phone or card.

The compact wallbox for a VTAP100 is 97mm x 49mm and 40mm deep.

Figure 3-1 VTAP100 -CC compact wallbox

The VTAP100 must be stored and operated under the following conditions:

lAmbient temperature -25 to +70°C (-13 to 158°F)

lHumidity 0 to 95% RH non-condensing

lPressure 86-106kPa

VTAP MOBILE WALLET READERS

4  Design a custom label for the wallbox

You can design and affix your own branded label to the unit.

If you need help branding units do contact [email protected].

We can take your CMYK, vector format images and design and supply labels manufactured to

high standards using an advanced production method, where the printing is protected by a

thick layer of clear plastic, making them scratchproof, waterproof and UV-proof.

Apple guidelines require the standard contactless logo to be used, and so our standard label

template includes this along with a design that highlights the location of the VTAP antenna, as

that is the target location for a user to tap their phone.

The size of the label recess on a compact case (-CC) is 41mm x 57mm with 2mm radius

rounded corners as shown below.

Figure 4-1 Dimensions of label recess in -CCcompact case

VTAP MOBILE WALLET READERS

5  Mount a VTAP100 wallbox

The compact wallbox has mounting holes in case you want to fix the device in place. The

wallbox separates into two pieces, which clip together around the PCB. The following diagram

shows the location of mounting holes in the compact wallbox base plate:

Figure 5-1 Mounting holes in the -CC compact case base plate

The VTAP100 is rated at 5V DC (typ. 110mA, max 150mA) for power over USB.

We recommend that you complete and test your configuration before the VTAP100 is

mounted. Detailed help is in the VTAP Configuration Guide.

VTAP MOBILE WALLET READERS

6  Hardware lock to disable USB mass storage device

You can lock the VTAP100 so that its firmware and configuration cannot be changed. You can

either do this in software, or simply disable the mass storage device in hardware. If you have a

boxed VTAP100-USB it is strongly recommended that you use the software lock option,

which is described in the VTAP Configuration Guide.

A software lock prevents changes but leaves some files visible. A hardware lock means that

the VTAP100 will no longer be detected as a USB mass storage device. (It will still behave as

an HID keyboard device and, if enabled, the virtual COM port will behave as a composite USB

device consisting of HID keyboard and USB virtual COM port.)

Users of a VTAP100-USB will need to open the wallbox to locate the jumper labelled LOCK

(close to the MicroUSB connector) on the PCB.

If you have a compact (CC) case you need to remove the screw from the case (which may be

either a security screw or phillips head screw).

Connect a jumper across LOCK on the PCB to lock the device, preventing firmware or

configuration changes via the mass storage device. (It may still be possible to update the

firmware or configuration via the command interfaces of the virtual COM port or serial ports,

if they are enabled.)

Figure 6-1 Jumper positions on VTAP100 PCB v4a hardware

When you start the VTAP100, the presence of this jumper means the connected PC will not

detect a USB mass storage device. The VTAP100 will only be detected by the PC as a

keyboard (or keyboard and virtual COM port).

At any time you can remove the jumper across LOCK. When you restart the VTAP100, it will

be detected as a USB mass storage device and you will be able to make firmware or

configuration changes again.

VTAP MOBILE WALLET READERS

7  Disposal

For safety and sustainability, it is the responsibility of the integrator to ensure that when

equipment containing a VTAP100 reaches the end of its life, it is recycled in accordance with

WEEE Regulations within the EU.

VTAP100 (PCB and cables) should not be disposed of in general waste. If you

wish to discard electrical and electronic equipment (EEE), please contact your

supplier for further information.

VTAP MOBILE WALLET READERS

Other manuals for VTAP100

Table of contents

Dot Origin VTAP100 User manual

Popular Card Reader manuals by other brands