Ict Protege User manual

ICT Card Reader

Configuration Guide

The specifications and descriptions of products and services contained in this document were correct at the time

of printing. Integrated Control Technology Limited reserves the right to change specifications or withdraw

products without notice. No part of this document may be reproduced, photocopied, or transmitted in any form or

by any means (electronic or mechanical), for any purpose, without the express written permission of Integrated

Control Technology Limited. Designed and manufactured by Integrated Control Technology Limited, Protege® and

the Protege® Logo are registered trademarks of Integrated Control Technology Limited. All other brand or product

names are trademarks or registered trademarks of their respective holders.

Last Published: 17-Oct-22 1:00 PM

ICT Card Reader | Configuration Guide 2

Contents

Introduction 5

About This Module 5

Programming ICT Card Readers 5

Updating Card Reader Firmware 6

Protege Config App 7

Programming Summary 7

Prerequisites 7

Installing the Config App 8

Logging In 8

Config App Navigation and Settings 9

Reader Configuration 10

Config Management 10

TLV Settings 10

Programming a Card Reader 21

Failed Programming 21

Config Programming Examples 23

Config Example: Enable OSDP 23

Config Example: OSDP Baud Rate 23

Config Example: OSDP Install Mode 24

Config Example: Reader Address 24

Config Example: Enable DualLEDMode 25

Config Example: LED Colors 25

Config Example: ISO14443 Gain for EV2 Tags 26

Config Example: Set Wiegand Output Mode 26

Config Example: Firmware Update Mode 27

Config Example: Factory Default 27

Config Example: Custom Credential 28

MIFARE Config Card 30

Prerequisites 30

Config Card Settings 30

Basic Settings 30

Advanced Settings 31

Programming a Card Reader 31

125kHz Programming Card 32

ICT Card Reader | Configuration Guide 3

Prerequisites 32

Entering Programming Mode 32

125kHz Programming 34

125kHz Reading Mode 34

Wiegand Output Format 34

LED Function 35

Intelligent Tamper Mode 35

Enable ASK (EM) Cards 35

PIN Data Interface 35

PSK Unscramble 36

PSK Enable 36

Factory Default 36

Disclaimer and Warranty 37

ICT Card Reader | Configuration Guide 4

Introduction

This configuration guide provides programming information and instructions for ICT card readers. For installation

instructions and technical specifications, see the card reader installation manual, available from the ICT website.

About This Module

The ICT card reader is an advanced-technology, high-frequency smart card radio frequency identification device

(RFID), specifically designed to enhance the functionality of security, building automation and access control by

providing multiple format compatibility, high-speed data transmission and sabotage protection.

ICT card readers can operate using Wiegand, intelligent RS-485 or OSDP communications, and can be

programmed to read and output different card formats.

Current Features

The current features of ICT card readers include:

⦁Multi-card technology provides support for 125kHz, MIFARE and DESFire cards

⦁Encrypted RS-485, un-encrypted configurable RS-485 or standard Wiegand connection

⦁Bluetooth® Wireless Technology for reading mobile credentials (Bluetooth® versions only)

⦁NFC credential reading

⦁Support for OSDP(Open Supervised Device Protocol) communication with secure channel protocol

⦁Configurable LED strip: 2 color control via external LED wiring, 16 color selectable for Protege GX function

codes and other features (programming requires RS-485 connection or Protege Config App)

⦁Keep alive transmission every 30 seconds for intelligent tamper management

⦁Fully encapsulated design with environmental IP rating of IP65 for outdoor and indoor operation

⦁Programmable via programming cards and the Protege Config App

⦁Keypad output on Wiegand data lines (keypad versions only)

Programming ICT Card Readers

ICT card readers are programmed by applying a configuration profile consisting of specific TLV (Type Length

Value) settings to enable, disable and configure reader options. To program a card reader you must disconnect

and reconnect the power, then apply the configuration within 2 minutes of the reader powering up.

ICT card readers support a variety of reader technologies, and each technology has an associated programming

method. If your reader supports multiple technologies then it will support multiple programming methods.

Reader Technology Programming Method

Bluetooth® Wireless Technology Protege Config App (see page7)

13.56MHz (MIFARE / DESFire / NFC) MIFAREConfig Card (see page30)

125kHz 125kHz Programming Card (see page32)

See the Reader Editions section of the installation manual for the technologies supported by each edition.

ICT Card Reader | Configuration Guide 5

Updating Card Reader Firmware

The following steps describe how to update ICT tSec readers to the latest firmware. To complete the process, an

RS-485 USB Converter and LoadIT software version 1.5 or later are required.

1. Put the reader into boot mode by connecting the blue,orange and brown wires to the black (N-) wire.

Instead of shorting the wiring sequence, you can also put ICT readers into boot mode by applying the Protege

Config App Firmware Update Mode or TLVconfig 080100 to the reader within 2 minutes of startup.

2. Connect the reader to the RS-485 USB converter as pictured below.

NAN+ N- NB

AUX + AUX-

Violet

Yellow

Black

Red

Orange

Blue

Brown

Reader

3. The LEDs on the reader will flash blue and green to indicate it is starting in boot mode. The flashes will then

slow to indicate the reader is now in boot mode and ready for the firmware update. You will now have

approximately 30 seconds from the time you power on to load the firmware. For this reason it is best to

configure the settings in LoadIT before you begin.

LoadIT Settings

1. Open LoadIT and configure the following settings.

2. From the main window select the Serial Port tab.

3. Select the Serial Port that the RS485-USB converter is connected on. You can confirm this by checking in the

Windows Device Manager under Ports (COM & LTP).

4. Once the serial port has been selected, click OK.

5. From the main window select the Setup Device tab.

6. In the Select Device Type section, select PRT-KLCD LCD User Station.

7. In the Advanced Setting section, select Ignore Module File Type (Dangerous).

8. In the Select Device Address section leave it as 1 and click OK.

9. From the main window, click the ellipsis button [...] next to the file name and select the firmware file for the

reader.

10. Click Open.

11. Power on the reader and put it into boot mode (see steps above). The blue and green LEDs will flash indicating

it is starting in boot mode.

12. Select the Update Device tab in LoadIT and the update process will begin.

13. Once the process has completed, the Status should say Module Restarted Function Complete.

ICT Card Reader | Configuration Guide 6

Protege Config App

The Protege Config App provides a secure, convenient and flexible method for programming a Bluetooth-enabled

ICT card reader.

Programming Summary

To program a card reader using the Config App:

1. Log in to the app using your app account.

2. Select your Credential Profile.

Your credential profile is automatically assigned to your app account with your mobile credential, and is

based on the credential issuer and the site the credential was allocated to.

3. Create a Reader Configuration (config) comprising the required TLVsettings.

4. Activate Bluetooth® on your device (if not already activated).

5. Power cycle the reader you want to program.

6. Select the config to program the reader with.

7. Apply the configuration to the reader, within two minutes of startup. Hold your mobile device close to the

reader and tap Scan Closest to apply the configuration.

When programming is successful the reader will beep 4 times quickly, then restart.

Prerequisites

Config App

To use the Config App you will need:

⦁An app account

⦁A mobile credential

If you already have a Protege Mobile App account and mobile credential (product code: PRX-MCR), these same

If you do not have a Protege mobile credential, contact ICT Customer Services to be issued one for use with the

Config App. You can make a new app account after installing the app (see next page).

Card Reader

To use the Config App to program a card reader, the reader must meet the following requirements:

⦁Firmware version 1.04.254 or higher

⦁Bluetooth® capability

⦁RGB LEDs (if configuring LED colors)

Firmware version: It is not possible to specifically identify the firmware version on a reader. The version the reader

was shipped with can be checked by contacting ICT Technical Support and providing the reader's serial number.

Alternatively, upgrade the firmware to a known compatible version.

Bluetooth® capability: The sticker on the back of the reader identifies the hardware configuration. The Model code

must contain BT to signify that the reader is Bluetooth® enabled.

ICT Card Reader | Configuration Guide 7

Confirming Compatibility

Reader compatibility can be easily checked using the Config App. When programming the reader (see page21),

tap Select Reader to display a list of nearby readers that can be contacted over Bluetooth®. If the reader's serial

number is displayed as a Broadcast Address (preceded by _R), the reader is compatible with the Config App.

If only the reader model is displayed (e.g. 'TSEC') but not its serial number, then it cannot currently be configured

using the app.The reader most likely requires a firmware upgrade before it can be configured using the app.

Installing the Config App

To begin using the Protege Config App you will first need to download and install it on your mobile device. The

app is available from the Google Play Store and from the App Store.

Downloading for Android Devices

1. On your Android device, navigate to the Google Play Store.

2. Enter Protege Config into the search bar.

3. Select the Protege Config App.

4. Tap Install.

Downloading for iPhone / iPad

1. On your iOS device, navigate to the App Store.

2. From the search bar, enter Protege Config.

3. Select the Protege Config App.

4. Tap GET.

Logging In

The Protege Config App uses the same account credentials as your Protege Mobile App. If you already have an

account on the Mobile App you can simply use the same account to log in to the Config App.

On startup, a warning will advise you to close the Mobile App before configuring any readers. While the Config

App and Mobile App can operate at the same time, transmissions from the Mobile App may interfere with

Bluetooth® connections from the Config App and cause reader programming to fail.

If you do not have an existing account, it is easy to create a new one either by entering a new email address and

password, or by linking to a social media account.

Protege Config App data is linked to your account and not to the device the app is installed on. This enables you to

Once you select a login method, ensure this is the only method you use to access the app. Each method creates a

unique account which will not be able to access the mobile credential or configurations linked to other accounts.

ICT Card Reader | Configuration Guide 8

Logging In for the First Time

1. Open the Protege Config App.

2. You will be presented with a Login screen. When you log in for the first time, you can select your preferred

authentication method:

-Sign in using an existing Protege Mobile App account

-Sign in with Facebook

-Sign in with Google

-Sign in with Twitter

-Create new account

Signing in with social media accounts is only available for Android.

3. If creating a new account, you will be prompted to create new credentials (username and password) for use

with this account. If signing in with social media, you may be asked to enter your credentials, or you may

proceed automatically if you are logged in on your device.

4. When your login method is accepted, you will be presented with the End-User License Agreement. To

continue, read through the agreement and tap Accept.

This screen is only displayed after your first login.

5. Next you will be prompted to create a PIN for use with this account. Enter a unique four-digit PIN code, then

re-enter the same PIN to verify it.

6. From the drop-down, select how frequently you would like to be prompted to enter this PIN while using the

Config App.

You can edit these settings and your PIN in the future from the Account Settings page.

Config App Navigation and Settings

You can navigate the Config App via the menu in the top left of the app. The following pages are available.

⦁Reader Configuration: All configuration and reader programming is performed through this page.

⦁Account Settings: Set and change your PIN and PIN request frequency. View and delete your account data.

⦁Mobile Credential Settings:

-View the details of your Mobile Credentials.

-Set the Bluetooth Proximity (read distance for this device).

-Scan to Unlock a reader. This feature transmits your credential to allow convenient testing when

programming reader functions, without needing to switch to the Protege Mobile App.

⦁Logout: Logs you out of the Config App.

ICT Card Reader | Configuration Guide 9

Reader Configuration

When you first access the reader configuration page you will be prompted to select your Credential Profile. Your

profile is automatically assigned to your app account with your mobile credential, based on the issuer of the

credential, and typically corresponds to the site or group your credential was allocated to.

If you do not have a credential profile, contact ICT Customer Services.

Config Management

A config is a configuration profile consisting of any number of TLV (Type Length Value) settings that provide

configuration programming for ICT card readers.

Config programming examples are provided later in this document (see page23).

1. To create a new config, tap the +at the top right of the screen.

2. Enter a Config name to describe the profile you are configuring.

3. Tap Add TLVand select the required TLVsetting from the list, then configure any associated settings.

4. Once all TLV settings are configured, Save the new config.

All saved configs associated with your account are displayed on the Reader Configuration page. Edit or delete

configs by swiping left on the config, then tapping the Edit or Delete icon.

TLV Settings

The following TLV settings are available in the Protege Config App.

Important: Many of the available TLV settings contain advanced configuration options that may render a reader

unusable if applied incorrectly. Please ensure that you understand these settings and their impact before

implementation, or call ICT Technical Support for assistance.

Update Key (NFC & Bluetooth)

This TLV can be used to conveniently update the custom mobile encryption key and associated card linkages

programmed on the reader with the mobile credential encryption key associated with the credential profile that is

currently selected in the config app.

⦁Keyslot: Specifies the mobile credential slot where the mobile credential encryption key will be stored.

Mobile Credential Keyslot

This setting is used to load custom mobile credential encryption keys onto the reader so that it can read a custom

mobile access credential. Each key is assigned to a specific slot.

It must be used in conjunction with the Access Credential TLV (see page13) to define the credential configuration,

and the Custom Card Format Slot TLV (see page16) to describe how to interpret data from the mobile credential.

⦁Keyslot Specifies the mobile credential slot where the mobile credential encryption key will be stored.

Keyslots 0 and 1 are reserved for the card settings lock login and OSDPsession key respectively.

ICT Card Reader | Configuration Guide 10

Keyslot Availability

Keyslot Description

0 Card Settings Lock Login

1 OSDP Session Key

2 Available

3 Available

4 Available

While slots 0 and 1 can be used if not required for the card settings lock login or OSDP session key, it is

recommended to avoid using these keyslots to prevent potential future issues if the configuration changes.

LED Mode

Set the reader to use either normally blue, normally green or dual LED mode.

The default setting is single LED mode, normally blue.

⦁LED Mode:

-Dual: Allows the signaling of both LEDs independently using the LED control lines

-Blue: Blue LED is on by default

-Green: Green LED is on by default

Dual LED mode requires the reader to be wired with both the orange and brown LED control lines connected.

Backlight Level

Set the brightness of the keypad backlight (for readers with keypads).

⦁Backlight Level:

-Disabled

-Very Low

-Low (default setting)

-Medium

-High

-Very High

Device Mode

The Device Mode TLV is used to factory default the reader or put it into an update mode.

The device mode must be the first TLV in the config, so when you add this TLV it will be automatically placed

above any other TLVs programmed previously.

⦁Device Mode:

-Firmware Update Mode: Put the reader into boot mode so that new firmware can be loaded.

-Factory Default EEPROM: Default the reader back to its shipped factory default configuration.

This cannot be undone. Once the reader is defaulted you will need to reapply all configuration

programming.

-OSDPInstall Mode: Put the reader into OSDPinstallation mode so that it is ready to accept initiation of a

secure channel session from the connected controller or module.

ICT Card Reader | Configuration Guide 11

Wiegand Style

Define the bit length style the reader will output, and specify transmission enforcement options.

⦁Style: Specify the bit length for the Wiegand output.

-26 Bit Output

-27 Bit Output

-32 Bit Output

-34 Bit Output

-Legacy Undefined Output:This is a legacy option that has no effect.

-Legacy Undefined Output: This is a legacy option that has no effect.

-66 Bit Output

-37 Bit Output

-64 Bit Output

-37 Bit (No Site Code)

-Kantech KSFFormat

-Legacy Undefined Output: This is a legacy option that has no effect.

-Auto / Card Defined

-36 Bit Output

The reader's default setting is Auto / Card Defined, where it will not attempt to modify the formatting on the

card. For all other settings the reader will read the card and re-format the card data before sending it.

⦁Enforce Options: Optionally specify a transmission enforcement option.

-Enforce on CSN: Enforce the configured Wiegand style on CSN transmission.

If this option is not enabled:

◾CSN will be sent as the complete CSN in auto mode.

◾CSNwill be sent as a valid HID card in 26 or 34 bit Wiegand style (parity bit, CSN bytes, parity bit).

◾CSN will be padded or truncated in any other Wiegand style.

-Enforce on OSDP: Enforce the configured Wiegand style on OSDP interpreted card transmission.

If this option is not enabled, OSDP transmissions will not be formatted to the configured Wiegand style.

125kHz Formats

The 125kHz Formats TLV is used to enable/disable specific 125kHz card types.

⦁125kHz Formats:

-Postech

-HID

-ICT

-Guardtek

-Em41xx

-PSK

PSK card formats require specific hardware to operate.

-Guardall G-ProxII

Guardall G-ProxII card formats require specific hardware to operate.

ICT Card Reader | Configuration Guide 12

Output Mode

Set the reader output mode to configure its operating protocol.

⦁Output Mode:

-Wiegand

-ICT Smart Reader (RS485)

-Custom Serial (RS485)

-Smart Serial:This mode is valid for reader firmware up to and including version 1.04.260

-OSDP: This mode is valid for reader firmware 1.04.261 and above

The reader output mode automatically switches to ICT Smart Reader (RS485) when connected with RS-485

wiring configuration.

Tamper

The Tamper TLV is used to enable/disable intelligent reader tamper mode for detecting readers which have been

disconnected. When enabled, the reader will check in to the device it is connected to every 30 seconds.

Custom RS485 Format

Specify the format to use when the reader Output Mode has been set to Custom Serial (RS485) (see above).

⦁Custom Format: Enter the string to configure the output format of data when in custom RS-485 output mode.

-%s = Site Decimal

-%S = Site Hex

-%c = Card Decimal

-%C = Card Hex

-%e = CSN Decimal

-%E = CSN Hex

-%p = Padded CSNDecimal

-%P = Padded CSNHex

For example: "%s:%c" will output 233:4555 for a card with a site code of 233 and card number of 4555.

Access Credentials

Customize the reader configuration to enable reading of different types of credentials.

Changing this setting has the potential to render the reader unusable.

This TLV only configures the credential structure. Before this can be utilized by the reader you will need to:

⦁add the encryption key to a Keyslot (see page20)

⦁add your custom format string to a Custom Card Format Slot (see page16)

⦁create a Card Linkage (see page15) to link all the elements together

A programming example is provided to help illustrate this process (see page28).

ICT Card Reader | Configuration Guide 13

⦁Slot: Specifies the credential slot where the access credential configuration will be stored.

The default slot assignments are displayed in the table below.

The default credential types in slots 0-4 should not be removed under normal operation. Slots 5-8 are empty.

Slot Credential

0 MIFARE Classic

1 MIFARE Secured

2 MIFARE DESFire

3 ISO7816 (NFC)

4 Bluetooth®

5 Available

6 Available

7 Available

8 Available

⦁Credential Type:

⦁Disabled: Disables the selected credential slot

⦁Mifare Classic

⦁Mifare DESFire

⦁ISO7618 (NFC)

⦁Bluetooth

Additional options are specific to the credential type selected

MIFARE Classic:

⦁Block: The MIFARE block number

⦁Key Type: Set the key type to type Aor type B

⦁Keyslot: The keyslot to use as the MIFARE Classic sector key

⦁Flags: Select the Diversify Key option to enable key diversification

⦁Diversification Keyslot: The keyslot to use for diversification (if enabled)

MIFARE DESFire:

⦁App ID The DESFire application ID to access

⦁AES Keyslot: The keyslot to use for AES authentication

⦁File Number: The file number to access in the DESFire application

⦁Key Number: The DESFire keynumber to use for read access

⦁Diversification: The diversification method to use

-No diversification

-ICT diversification

-AV2 diversification

ISO7816 (NFC):

⦁App ID The DESFire application ID to access

⦁AES Keyslot: The keyslot to use for AES authentication

⦁File Number: The file number to access in the DESFire application

ICT Card Reader | Configuration Guide 14

Bluetooth:

⦁Keyslot: The keyslot to use for creating the encrypted session

⦁Key Number: The key number being sent in the challenge packet to the mobile device

Card Linkages

The Card Linkages TLV is used for linking credential types to custom card formats and encryption keys.

When the reader finds a credential that it can read, the linkage configuration specifies where to find the custom

card formats and encryption keys to interpret that credential type, and how the card data is encrypted.

Changing this setting has the potential to render the reader unusable.

⦁Linkage Slot: The card linkage slot where the linkage configuration will be stored

⦁Flags: The decryption method to use:

-AES 256 Decryption: If enabled, the reader expects data on the card to be encrypted with AES 256 in

addition to the security on the card itself (e.g. MIFARE crypto1/DESFire key).

-AES 256 Decryption CBC: If enabled, the reader expects data on the card to be encrypted with AES 256

with Cipher Block Chaining in addition to the security on the card itself.

-AES IV In First Block: If enabled, the reader expects the IV (Initialization Vector) to be in the first block

received from the card. Otherwise, it initializes the IV with all zeros.

-Serial Diversified: If enabled, the reader expects the key for the encryption above to be diversified against

the card serial number.

⦁Keyslot: The keyslot to link the custom encryption keys that will be used to authenticate the access credential

⦁Access Credential Slot: The slot to link the Access Credential configuration

⦁Format Slot: The Custom Card Format Slot to link the custom format string which describes how to interpret

data from the card being read

CSN Reading Mode

The CSN Reading Mode TLV is used to enable/disable CSN (Card Serial Number) reading for MIFARE, DESFire and

other NFC cards.

⦁CSNReading Mode:

-Mifare CSN (ISO14443a3)

-Mifare CSN Reversed (ISO14443a3)

-ISO 14443-4 CSN (DESFire)

-ISO 14443-4 CSN Reversed (DESFire)

-ISO15693 CSN: This is a legacy option. ISO15693 CSN capable cards are no longer supported

-ISO15693 CSN Reversed: This is a legacy option. ISO15693 CSN capable cards are no longer supported

The reader will first attempt to read the card using the encoded access credential before reading CSN. CSN

will only be sent from the reader if the card cannot be read using any of the configured credentials.

PSKDecryption

Enable the reader to read PSK formatted Kantech, Tecom or Motorola cards for PSK capable readers.

PSK card formats require specific hardware to operate.

⦁PSKDecryption:

-Raw Decoding: Reads raw data. Does not attempt to decrypt.

-Kantech

-Tecom

-Motorola T1

ICT Card Reader | Configuration Guide 15

Keypad Output Format

Define the data format the reader will use to send keypad input data.

This configuration applies when sending PIN data over Wiegand only.

⦁Keypad Output Format:

-ARK501 (Default)

-26 Bit

-4 Bit

-4 Bit Parity

-4 Bit Buffered

-4 Bit Parity Buffered

-36 Bit Output

Low Frequency Flags

The Low Frequency Flag TLV is used to enable reading of legacy HID low frequency formats, which may be

required for backward compatibility on older sites.

When enabled, the reader will interpret 125kHz HID cards using a legacy version of the HID format. When disabled,

the reader will read 125kHz HID cards using the standard HID format. This is the default.

There is currently no selection option to disable this programming once enabled. To disable low frequency flags,

apply a Hex TLVwith hex code 160100.

Custom Card Format Slots

Allows the entry of a custom format string which describes how to interpret data from the card being read.

Changing this setting has the potential to render the reader unusable.

⦁Slot: The custom card format slot where the custom format configuration will be stored.

⦁Format: Enter the required custom card format string.

The string must be in ASCII format, up to a maximum of 64 ASCII characters.

For example, %64r sets the format to 64 bit raw, so the reader will read the first 64 bits of data off the card.

ICT Card Reader | Configuration Guide 16

Custom Card Format ASCII Codes

The custom card format is defined using an ASCII code. The following ASCII format codes are supported.

⦁%Xs: The next X bits on the card will be interpreted as the site code.

⦁%Xc: The next X bits on the card will be interpreted as the card number.

⦁%Xu: The next X bits on the card will be unused/ignored.

⦁%Xr: The next X bits on the card will be interpreted as raw data. That is, the data may be site code or card

number. Exactly how the raw data is interpreted will depend on the configuration of your system.

⦁%Xk: the following card data must match the key stored in keyslot X on the reader.

The length of card data which must match is determined by the length of the key stored on the reader.

⦁%XmY: the next X bits on the card must match the following Y bits of the ASCII format string.

e.g. %32m2F2F means the next 32 bits on the card must match the ASCII pattern of 2F2F.

⦁%XnY: the next X bits on the card must not match the following Y bits of the ASCII format string.

e.g. %32n2F2F means the next 32 bits on the card must be other than the ASCII pattern of 2F2F.

⦁%Xl: the next X bits on the card will be interpreted as a length. This length will be stored and can subsequently

be accessed by substituting 'l' for the number of bits to be interpreted as some formatting character.

e.g. %8l%ls means the next 8 bits represent the length value l. Once this length value has been read from the

card the subsequent 'l' bits on the card will be interpreted as the site code.

LED Color Settings

The reader has an internal palette of 16 configurable colors. The Index in the color settings refers to a slot number

in the palette. For example, the reader normally uses slots 5 and 11 to show Unlocked (green) and Locked (blue)

respectively. Other slots in the palette are used for other designated functions (such as to indicate area state,

function codes, or two factor authentication required).

The LED Color TLV allows custom programming of the default reader LEDcolors by replacing the color assigned in

the slots with a different color.

Changing the color assigned to a slot changes all functions associated with the original color.

A programming example is provided to help illustrate LED color configuration (see page25).

⦁Color: Select a color by tapping or dragging on the color picker. Alternatively, you can type a color code into

the field below the color picker. Tap the arrow icons to switch between Hex, RGB and HSL color codes.

Note that the color displayed by the reader LEDs will not perfectly match the screen of your device.

⦁Index: Defines the color slot to be updated. Each index corresponds to a particular function of the card reader.

ICT Card Reader | Configuration Guide 17

Color Slot Index

The color slot index and the default color assigned to each slot are outlined in the table below.

This table applies to raw TLVsprogrammed directly on the card reader only. Configurations programmed in

Protege GX are adjusted by 1 for the controller's 'off' index (0), such that Red=1 through to Crimson=16.

Color Slot Index Default Color

0 Red

1 Amber

2 Orange

3 Yellow

4 Lime

5 Green

6 Mint

7 Turquoise

8 Cyan

9 Sky Blue

10 Cobalt

11 Blue

12 Violet

13 Purple

14 Magenta

15 Crimson

Color slot 5 is the default color for access granted. Color slot 11 is the default reader idle color. Changing the

default colors will mean the reader LEDs no longer display as expected for events and functions, which may

complicate support requests. It is recommended to keep a register of any LED color changes.

Wiegand Site Code

The Wiegand Site Code TLV is used to configure the site code sent with keypad input data in 26 bit and 36 bit

Wiegand keypad output formats (see page12). Both of those keypad formats have a site code which is sent along

with the PIN. This TLV allows you to define that site code.

⦁Wiegand Site Code: The site code may be entered in decimal or hexadecimal format.

This configuration applies when sending PIN data over 26 bit and 36 bit Wiegand only.

ICT Card Reader | Configuration Guide 18

Reread Mode

Configure the reader to continuously reread a card that is kept within range.

This option can be used with the tSec Extra Card Holder Cover (Ordering code: PRX-TSEC-XCDH) .

The reader will send a card read to the controller every 3 seconds while a card is present in front of the reader,

regardless of whether the card has been read before. The reader can also be set to silently reread the card, where

it disables the beeps generated when the card is read.

⦁Reread Mode:

-Enable Reread

-Silent Reread

There is currently no selection option to disable this programming once enabled. To disable reread mode, apply a

Hex TLVwith hex code 200100.

Reader Address

This TLVis only valid for protocols which support addressing (ICT RS485, OSDP or Smart Serial).

The Reader Address TLV allows you to program the reader's address configuration.

This may be required to set a specific address when connecting to third-party systems.

This TLVcan also be used to configure an RS-485 reader as an entry reader (address 0) or exit reader (address 1).

This does not apply for tSec readers with the green and orange wires joined. When these wires are joined the

reader is always an exit reader and the address cannot be configured.

⦁Reader Address: Enter the address to program the reader with. The maximum supported address is 127.

Uart Configuration

Define the baud rate of the RS-485 interface for compatibility with third-party systems.

⦁Baud:

-4800

-9600

-14400

-19200

-38400

-57600

-115200

ICT Card Reader | Configuration Guide 19

Hex

An open field for entering a hex code to program a custom TLV.

⦁Hex: Enter the custom TLVhex code to achieve the desired programming.

Custom TLVs

Custom TLVs can be used to send configuration commands to a reader. A TLV consists of a type definition, data

length measured in bytes (which does not include the type or length), and the data value itself. The type and

length are fixed in size, and the value field is of variable size.

⦁Type: Specifies the setting or configuration type that the value applies to.

⦁Length: The size of the value field in bytes.

⦁Value: The variable-sized series of bytes containing the data that will be applied to the configuration.

This setting requires high level understanding of TLVprogramming and should not be used unless directed by

documentation or the ICT Technical Support team. This setting has the potential to render a reader unusable.

Keyslot

There is currently no preconfigured config app TLVfor loading custom encryption keys for non-mobile credentials

onto the reader. This is achieved by applying a custom Hex TLV (see above).

The following TLVstructure is used to create a hex code which will load custom encryption keys onto the reader.

Type Length Value

0x03 ≤33 [up to 32 byte key] [keyslot]

The type (03) is followed by the length (in bytes) and the value, made up of the encryption key (up to 32 bytes)

and the keyslot where the encryption key will be stored (1 byte). Each key is assigned to a specific slot.

TLVExample

03 11 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 02

This TLVsets keyslot 2 to use the 128 bit key AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.

Keyslot Availability

Keyslots 0 and 1 are reserved for the card settings lock login and OSDPsession key respectively.

Keyslot Hex Description

0 0x00 Card Settings Lock Login

1 0x01 OSDP Session Key

2 0x02 Available

3 0x03 Available

4 0x04 Available

ICT Card Reader | Configuration Guide 20

Table of contents

ICT Protege User manual

Popular Card Reader manuals by other brands