HID iCLASS SE User Manual

Page 1
iCLASS SE CP1000 Encoder User Guide
PLT-01067
Version: A.3
April 2014
hidglobal.com
Page 2
Copyright
© 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
This document may not be reproduced, disseminated or republished in any form without the prior written permission of HID Global Corporation.
Trademarks
HID GLOBAL, HID, the HID logo, iCLASS, iCLASS SE, OMNIKEY, and Seos are the trademarks or registered trademarks of HID Global Corporation, or its licensors, in the U.S. and other countries.
MIFARE, MIFARE DESFire and MIFARE DESFire EV1 are registered trademarks of NXP B.V. and are used under license.
Revision History
Date Description Version
03/01/2014 Software Release 2.4 (SP1) A.3
09/13/2013 Software Release 2.3.6 (Prox update) A.2
08/22/2013 First Release A.1
07/08/2013 Beta A.0
Contacts
For additional offices around the world, see www.hidglobal.com corporate offices.
North America Asia Pacific
611 Center Ridge Drive Austin, TX 78753 USA Phone: 800 237 7769 Fax: 949 732 2120
19/F 625 King’s Road North Point, Island East Hong Kong Phone: 852 3160 9800 Fax: 852 3160 4809
Europe, Middle East and Africa (EMEA)
Haverhill Business Park Phoenix Road Haverhill, Suffolk CB9 7AE England Phone: 44 (0) 1440 714 850 Fax: 44 (0) 1440 714 840
HID Global Customer Support: support.hidglobal.com
Page 3
Contents
Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1
1.1 Main Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.1 Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-2
1.1.2 Administration Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-2
1.1.3 Media Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3
1.1.4 Secure Object Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4
1.1.5 Secure Channel Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4
1.1.6 Credential Credit Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5
1.1.7 Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5
1.1.8 Plugin Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6
1.1.9 Work Orders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6
1.1.10 Work Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6
1.1.11 Custom Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6
1.1.12 Custom Host Applications (Transparent Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7
1.1.13 Data Mapper Applications (HF Migration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7
Chapter 2: Application Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1 File Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
2.1.1 Install Plugin Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1.2 Install Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1.3 Upload Encoder Configuration Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1.4 Upload Credential Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1.5 Load HID Keys to Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1
2.1.6 Log Out / Switch User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2
2.1.7 Recent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2
2.1.8 Plugins / Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3
2.1.9 Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-4
2.1.10 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-5
2.1.11 Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-6
2.1.12 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-7
2.1.13 Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-8
2.2 Home Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
2.2.1 Work Order Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-9
2.2.2 Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-10
2.2.3 Reader Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-11
Chapter 3: Setup and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1
3.1 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2 General Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.3 Installing the iCLASS SE Encoder Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
3.4 Set Administrative Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
April 2014 PLT-01067, Version: A.3
Page 4
Page iv
3.5 Change Default Admin Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
3.6 Add System Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Chapter 4: Initial Configuration (Startup) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
4.1 Install Plugin Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
4.2 Install Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
4.3 Upload Encoder Configuration Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
4.4 Upload (Top Up) Credential Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
4.5 Load HID Keys to Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
4.6 Create Custom Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Chapter 5: Work Order Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1 Card Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.2 Create a Work Order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
5.3 Add a Work Instruction to a Work Order. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
5.4 Edit a Work Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
5.5 Remove a Work Instruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
5.6 Work Instruction Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
5.6.1 iCLASS Work Instruction: HID Access Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
5.6.2 iCLASS Work Instruction: Custom Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
5.6.3 MIFARE Classic Work Instruction: HID Access Application . . . . . . . . . . . . . . . . . . . . . . . . 5-19
5.6.4 MIFARE Classic Work Instruction: Custom Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
5.6.5 MIFARE DESFire EV1 Work Instruction: HID Access Application . . . . . . . . . . . . . . . . . . . 5-27
5.6.6 MIFARE DESFire EV1 Work Instruction: Custom Encoding . . . . . . . . . . . . . . . . . . . . . . . . 5-32
5.6.7 Prox Work Instruction: HID Access Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37
5.6.8 Seos Work Instruction: HID Access Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-41
5.6.9 Work Instruction: Roll Card Authentication Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45
5.6.10 Work Instruction: Move Genuine SO Sector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-51
5.7 Work Order Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54
5.7.1 To Add a Credential Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54
5.7.2 To Add a Batch of Credential Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56
5.7.3 To Remove Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-58
5.7.4 Execute Work Order on Selected Credential Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-60
5.7.5 Execute a Work Order on All Credential Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-62
5.7.6 Read Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-63
5.7.7 Printing a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-64
5.7.8 File Save As a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-64
5.7.9 Export a Work Order to a CSV File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-65
5.7.10 Export a Work Order to a PDF File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-66
5.7.11 Open a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-67
5.7.12 Close a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-68
5.7.13 Rename a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-69
5.7.14 Delete a Work Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-70
Chapter 6: Key Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
6.1 Create Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
6.2 Remove Selected Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Page 5
Page v
6.3 Import Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
6.4 Export Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
6.5 Authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
6.6 Load HID Key(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
6.7 Remove HID Key(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
6.8 Change Admin Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
6.9 Add Key Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
6.10 Edit Key Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
6.11 Delete Key Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22
6.12 Revoke HID Key(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
Chapter 7: Reader Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
7.1 Data Mapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
7.2 Data Mapper Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
7.3 Elite Prep Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
7.4 iCLASS Legacy Config Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14
7.5 Load HID Application Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Chapter 8: Administrative . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.1 Admin Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.1.1 Change Administrative Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.1.2 Save Admin Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
8.1.3 Retrieve Saved Admin Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
8.2 Manage Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
8.2.1 Add a New User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
8.2.2 Edit a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
8.2.3 Change Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
8.2.4 Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Chapter 9: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.1 Backup and Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
9.2 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
9.3 Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
9.3.1 Synchronize Database to Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
9.4 Exceptions and Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Glossary
April 2014 PLT-01067, Version: A.3
Page 6
Page vi
This page intentionally left blank.
Page 7
Overview
The CP1000 iCLASS SE Encoder is a smart card provisioning product that consolidates most of HID’s existing encoding products including the CP400 iCLASS Programmer, CP600 DESFire Encoder, iCL-ELITE programmer, and 1050 ProxProgrammer.
Included are the following features:
Encode HID Access Control Application with Standard, Elite, and custom Security on to iCLASS
and MIFARE® cards and tokens
Encode HID Secure Identity Objects with Elite Security on iCLASS, MIFARE, MIFARE DESFire
EV1®, and Seos
Encode HID Access Control Application on to HID Prox cards and tokens
Encode Custom Data Objects on iCLASS, MIFARE, MIFARE DESFire EV1, and Seos
Roll keys on existing card populations from a revoked key set to a new active key set
Migrate existing iCLASS and MIFARE Standard Security (applications) card populations to SE
Security
Configure encoders for various Security models and Custom Data model interpreters
Chapter 1
®
®
Other Features and Use Cases:
Create and manage custom media and application keys
Export and Import custom keys
Import keys from HID Secure Key Management Platform (SDI)
Port custom Elite keys imported from CP400 iCLASS Programmer
Configure blank iCLASS cards and tokens
Manage all card and reader transactions through work orders scripted from instruction sets
April 2014 PLT-01067, Version: A.3
Page 8
Overview Page 1-2

1.1 Main Concepts

To get the most out of the CP1000 iCLASS SE Encoder, there are several concepts that should be understood.
Key Management
Credential Credit Management
Formats
Plugin Architecture
Work Orders
Work Instructions
Creating Custom Applications

1.1.1 Key Management

iCLASS SE Encoder is an HID Global product that provides solution to encode user credentials and reader configuration data. In order to provide a high level of security the encoder device uses a smart card chip (an ISO 7816 compliant device) to perform the key management as well run the encoding applications. This component of the encoder device is called Secure Access Module (SAM).
A typical encoding operation requires knowledge of default/transport keys of the card, the user credential or reader configuration data and the new keys to be used to protect the credential. The keys that are involved in encoding operation could be ones that are managed by HID or the ones created by the customer and provisioned in SAM.
In order to do a secure key management we follow state of the art security practices and use cryptographic algorithms and practices that have been validated by industry to provide secure solutions for us and our customers. The rest of the document will describe different types of keys and their management.

1.1.2 Administration Keys

In order to load, update and delete configuration data and keys used during encoding operation we use Simple Network Management Protocol (SNMP) version 3. SNMP is an internet-standard protocol for managing devices on IP networks and defined by RFC 3411-RFC 3418. Though the protocol is intended for IP devices we make use of it over other transport and application protocols such as ISO 7816-3 (APDU) for PC/SC readers.
A typical SNMP message is encrypted and signed using 16 byte keys and also contains metadata about the cryptographic mechanism used to protect the message. The message defines its actions using set of verbs, such as GET, SET etc. The key that is used for encryption is called SNMP encryption/privacy key and key used for signing is called SNMP signing/authentication key.
A device or a software application implementing the SNMP standard is called an SNMP endpoint or engine and is identified using one or more engineId/username pairs.
The encoder SAM is an SNMP endpoint that has two identities. The first identity is that of HID Admin and other is that for OEM Admin. Each identity is recognized using an engineId and username pair as described in the SNMP standard, and with each identity are two associated keys (SNMP encryption and signing keys).
Page 9
Page 1-3 Overview
Purpose of HID Admin identity is to manage the keys and configuration data that originate from HID Vault where as the OEM Admin identity can be used to create custom keys and perform operations that do not require high level of security.
When a customer receives an encoder it has OEM Admin SNMP keys that are set to default/public values. When the host application is started the first time it prompts the user to change them to the ones managed by the user. The host application then stores the changed OEM Admin keys in the local database and the keys are encrypted using the password of the user of the desktop application.

1.1.3 Media Keys

The keys that are used to authenticate to a card to perform read/write operations are called media keys. For example, the debit and credit keys for a page in PicoPass (iCLASS) cards will be the media keys. In case of MIFARE Classic, the Key A and Key B of a sector are the media keys and for DESFire the application keys as well as PICC master key will be the examples of media keys.
The lengths of these types of keys as well as the cryptographic algorithms such as authentication algorithm that make use of these keys are dependent upon the card/media technology.
A typical encoding operation will use the default/known media key to first authenticate to the blank card, create the application, write the credential and change the value of the key to the one specified by the user. It is important to make a note that the new value will be a diversified key so as to reduce the surface area of attack. In other words, all the cards/media will have different values of the media keys. For the newer and more secure credentials (for example: Secure Objects) we make use of NIST 108 key diversification algorithm whereas the older/legacy credentials make use of proprietary key diversification algorithms invented by HID and/or chip vendor such as NXP.
For all the card/media, the keys could fall in one of these categories:
HID Managed Standard Media Keys: These keys are managed securely in the HID vault and are
intended for general customer base.
HID Managed Elite Media Keys: These keys are managed securely in the HID vault and are
specific to customers who participate in the Elite program. For example an Elite customer identified using an ICE 0120 will have a different set of media keys than the one identified using ICE0133.
Customer Generated and Managed Keys: These keys are either generated using encoder
solution and/or entered by the customer. The keys reside in the encoder SAM, and can be exported in encrypted form to be archived. Once created, knowledge of the plain text key is the responsibility of the administrator. Custom Keys are not archived in the HID vault.
All the HID managed keys are delivered in the form of static SNMP messages targeted to the encoder, for which they were requested. Typically, the customer will read the engineId of the encoder device using the host application and request HID for the appropriate key set (for example: standard, ICEXXX etc.). The keys are delivered in the form of a file that will contain the static messages, and the host application provides necessary user interface to load them in the encoder SAM.
Custom keys can be exported from the encoder device. The export format is again an SNMP message that is protected using OEM Admin keys.
April 2014 PLT-01067, Version: A.3
Page 10
Overview Page 1-4

1.1.4 Secure Object Keys

The newer and more secure credentials used by HID readers are based on the Secure Object (SO) technology. While it is outside the scope of this document to describe SO technology in detail, in simple words, a SO is a structured credential that is based on state of the art industry standards to ensure extensibility of credential structure and use industry validated and approved security algorithms and mechanisms. The most important aspect of a SO is that it provides an additional security for the credential and therefore we do not only rely on the security mechanisms of the chip/media silicon vendor.
Very much like an SNMP message a SO also has a notion of encryption and signature. In order to reduce the size of a secure object credential we make use of an Authenticated Encryption with Associated Data (AEAD) algorithm called EAX’ (read as EAX prime). In simple words, EAX’ one key can be used to perform both encryption and signing of the SO credential. This key is called SO encryption key. Please note it is called an encryption key but it also performs signature verification.
The SO encryption key could be managed by HID as a standard key and/or an Elite key, which is similar to the management of Media keys described earlier. We also provide the support to create a customer managed SO encryption key, however a SO credential that is protected using such a key is not managed via the HID vault and will also have an additional signature using HID’s license key.
More information about secure objects can be requested from HID.

1.1.5 Secure Channel Key

The messages that are exchanged between a host application and the encoder device are transferred over a mandatory secure channel5. The secure channel ensures the confidentiality and authenticity of the messages between the host application and the encoder device.
The encoder comes with a default value of the secure channel key, and very much like the OEM Admin keys, the host application prompts the user to provide the new value of the secure channel key. This secure channel key is stored in the local database, which is managed by host application, and is encrypted using the user’s password.
The secure channel mechanism is based on a slightly modified Global platform SCP 03 secure channel protocol. You can request more information about the secure channel from HID.
Reference:
1
ISO/IEC 7816: http://en.wikipedia.org/wiki/ISO/IEC_7816
2
SAM: http://en.wikipedia.org/wiki/Secure_access_module
3
SNMP: http://tools.ietf.org/html/rfc3411
4
SIO: Secure Identity Objects; request information from HID
5
HID Secure Channel version 0.87
Page 11
Page 1-5 Overview

1.1.6 Credential Credit Management

All transactions with smart cards are enabled by credential credits. These are discrete tokens that are consumed after every transaction until none remain or until additional credits are ordered (topped up).
The following attributes, are the building blocks to define a transaction which is enabled by a Credential Credit Token.
Technology Application Security Media
iCLASS HID Standard Genuine HID
MIFARE Classic SIO Elite Third Party
MIFARE DESFire EV1 Custom Custom
Prox
Seos
For example: To encode iCLASS with HID Access Control application and Standard keys, this transaction would require a different credential credit token than the same transaction using Elite keys.
Things to know about credential credits:
Each credit token type is managed by its respective credit counter.
Credit top up messages are delivered in a secure SNMP message that is targeted for a specific
device by diversifying the keys with the device UID.
Credit top up messages can be loaded only once.
A cap (100 credits) is placed on the number of credits that can be ordered at a time. This is to
limit the monetary value that can be loaded into a single encoder device which can be lost or destroyed.

1.1.7 Formats

The CP1000 includes a format interpreter capable of parsing all open and custom formats developed and maintained by HID.
Format fields are presented to the user in the desktop UI for the purpose of assigning data to each field.
Formats must be ordered from Customer Service. Most formats are custom to a specific OEM and end users, and are not freely distributed.
The H10301 is the default format delivered with the desktop application.
April 2014 PLT-01067, Version: A.3
Page 12
Overview Page 1-6

1.1.8 Plugin Architecture

The CP1000 includes a plugin architecture which makes it highly configurable with minimal maintenance and few releases. There are two types of plugins:
Technology
Configuration
Technology plugins are a packaged bundle that includes an applet which is loaded to the encoder device and a UI plugin for the desktop application that is customized for the associated applet.
Applets are small C# applications designed to run on the .NET framework that is native to the
encoder device. These applets manage the interface to the smart card and provide an API to the desktop application. Applets can be tailored for a specific use case.
The UI plugin manages the interface to the encoder device and provides the user with inputs
and information specific to the applet loaded on the device. For example, each technology applet comes with a unique set of wizard pages gathering user input for work order creation.
Configuration plugins expose a UI for gathering inputs and creating reader configuration cards. Reader configuration plugins are released as groups that organize parameters.
Things to know about plugins:
Each plugin is digitally signed by a key managed by HID and known by all encoder devices
(global key). This identifies the applet as Genuine HID. Only Genuine HID plugins are recognized by the encoder device.
Initially, one applet/plugin is created for each of the four supported technologies (iCLASS,
MIFARE Classic, MIFARE DESFire EV1, Prox, and Seos).
Custom plugins can be created on a CPO basis.

1.1.9 Work Orders

All credential encoding activity is managed through Work Orders. Each Work Order includes a set of Work Instructions to be executed on every card or token presented to the encoder.
Work orders execute a work flow that you design
Work Orders are technology independent
Work Orders can be limited in scope or open-ended

1.1.10 Work Instructions

Each Work Instruction represents one step of an overall work flow that is executed on every card or token presented to the encoder.
Work Instructions are analogous to scripts
Work Instructions are technology specific
Work Instructions are wholly independent operations

1.1.11 Custom Applications

Custom Applications can be written to cards. The iCLASS SE Encoder supports two types of custom application; Custom Host and Data Mapper.
Page 13
Page 1-7 Overview

1.1.12 Custom Host Applications (Transparent Mode)

Access to the card application data is managed from the host versus autonomously by the
reader (OK5427UE Desktop Encoder).
Host sends APDU serial commands through the reader to communicate to the card.
Host loads authentication keys and sends read commands

1.1.13 Data Mapper Applications (HF Migration)

Reader accesses custom card application data autonomously and reports data on
communications ports
Reader is configured with necessary authentication and encryption keys to access the raw card
data
Reader is configured with instructions for manipulating the raw data into a format that can be
managed by the host or access control system
April 2014 PLT-01067, Version: A.3
Page 14
Overview Page 1-8
This page intentionally left blank.
Page 15
Application Navigation
The CP1000 iCLASS SE Encoder consists of two main tabs with multiple options along the left pane.

2.1 File Tab

The File tab contains all the Administrative, UI configuration, and management functions.

2.1.1 Install Plugin Package

The Install Plugin Package installs all necessary plugins for a particular technology. Technologies include iCLASS, MIFARE Classic, MIFARE DESFire EV1, Seos, and Prox.

2.1.2 Install Format

Chapter 2
The Install Format imports an encrypted file determining how a PACS credential is formatted.

2.1.3 Upload Encoder Configuration Package

The Upload Encoder Configuration Package uploads a combination of counters and keys.

2.1.4 Upload Credential Credits

The Upload Credential Credits uploads individual credit files.

2.1.5 Load HID Keys to Encoder

The Load HID Keys to Encoder uploads keys managed by HID to the iCLASS SE Encoder.
April 2014 PLT-01067, Version: A.3
Page 16
Application Navigation Page 2-2

2.1.6 Log Out / Switch User

The Log Out / Switch User logs out the current user and displays the User Login window for a user to log in.

2.1.7 Recent

The Recent option on the File tab, displays the Recent Work Orders, for quick reference. Work Orders can quickly be opened by double-clicking on a Work Order listed.
Page 17
Page 2-3 Application Navigation

2.1.8 Plugins / Users

This window contains the two following areas:
Installed Plugins - Displays the plugins installed, and allows the user to uninstall and refresh the list from this location.
Users - The Users management allows viewing, creating, deleting of users, and the modification of
passwords. For more detailed information on Users, see Chapter 8: Administrative.
April 2014 PLT-01067, Version: A.3
Page 18

2.1.9 Formats

The Formats window displays all the formats currently loaded, and allows the selection, deletion, and restoral of formats provided to the customer from HID Global.
Application Navigation Page 2-4
Page 19
Page 2-5 Application Navigation

2.1.10 Options

The Options window allows the user to set a few preferences, regarding Work Orders.
Load work order from last session at startup
Automatically focus next row in grid after executing the last row in a work order
Automatically add a new row after executing the last row in a work order
Prompt user between each card that is encoded during batch encoding
April 2014 PLT-01067, Version: A.3
Page 20

2.1.11 Actions

The Check SAM Firmware Compatibility feature allows the user to check and upgrade the SAM firmware version.
When the desktop application is launched, it checks for the current SDK version of the encoder device. If there is a mismatch, higher or lower, the desktop application will boot load the version of the SDK that is built into the assembly file to ensure compatibility.
The SAM SIO Firmware Version can be checked on the File tab > Help window.
Application Navigation Page 2-6
Page 21
Page 2-7 Application Navigation

2.1.12 Database

The Database window allows a user to see the location of the database, as well as view/clear the following items:
Database Location - Displays the path to iCLASS SE Encoder database.
Sync to Encoder - This will launch a form that will analyze and synchronize to the current
iCLASS SE Encoder.
Note: See Section 9.3.1: Synchronize Database to Encoder for more information.
Secured Encoder/User Records - Lists the number of secure devices and users connected to
this application.
Warning: If you clear the Encoders, it will be necessary to enter the generated Admin Keys to reconnect to the iCLASS SE Encoder with the loaded keys/credits.
Known HID Keys - Lists the number of HID Keys loaded on the database.
Custom Keys - Lists the number of custom keys that are on the database.
Key Set Type Fields - Lists the number of Key Set Type fields
Note: Clearing the database items, does not clear this data from the iCLASS SE Encoder. A future release will include database syncing to allow multiple databases to be managed with the iCLASS SE Encoder devices.
April 2014 PLT-01067, Version: A.3
Page 22

2.1.13 Help

The Help window displays the current software/firmware information. Also from this location the user can view the log file, for troubleshooting information.
Application Navigation Page 2-8
Log File
Page 23
Page 2-9 Application Navigation

2.2 Home Tab

The Home tab contains all the configuration and implementation of Work Orders, Work Instructions, Key Management and Reader Configuration.

2.2.1 Work Order Manager

The Work Order Manager allows you to define and save an encoding profile for your credential deployment. Each work order defines the number of data fields encoded, as well as the data type and field size. These data fields are concatenated into a single data stream and encoded into an application, and are defined by the selected format.
April 2014 PLT-01067, Version: A.3
Page 24

2.2.2 Key Manager

The Key Manager window has multiple options for managing HID and Custom keys.
Manage keys for the HID access control application and SIOs
Manage user defined keys for Custom Applications
Import/export Custom keys
Load keys to the iCLASS SE Encoder
Application Navigation Page 2-10
Page 25
Application Navigation Page 2-11

2.2.3 Reader Configuration

The Reader Configuration window is used to create the Reader Data configuration cards (for both keys and reader limited settings).
This page intentionally left blank.
Page 26
Application Navigation Page 2-12
This page intentionally left blank.
Page 27
Setup and Configuration

3.1 System Requirements

Chapter 3
Type
Computer/Processor
Memory
Hard Disk
Display
Software Environment

3.2 General Workflow

The following is the general workflow for setting up the iCLASS SE Encoder:
Plug the iCLASS SE Encoder device to your PC.
Plug the USB Flash Drive from iCLASS SE Encoder Kit to your PC.
Install the iCLASS SE Encoder application and follow the wizard installation instructions.
Launch the iCLASS SE Encoder application.
Change the Default Administration keys from the factory when prompted (save plain text key
values in a secure archive).
Install the Technology Plugins files when prompted.
Install Formats, if required.
Upload the Configuration file to install Credits (credentials).
Load HID Keys to the iCLASS SE Encoder using the Key Manager.
Create Custom keys (if desired)
The iCLASS SE Encoder is now ready to start creating and executing Work Orders, and
configuring SE iCLASS readers.
Windows
300 MHz or higher Pentium-compatible CPU USB Ports
1 GB of RAM or higher
500 MB free space
BGA or higher resolution monitor
Latest Operating System service pack
®
April 2014 PLT-01067, Version: A.3
Page 28
Setup and Configuration Page 3-2

3.3 Installing the iCLASS SE Encoder Software

1. Plug the iCLASS SE Encoder device into a USB port on a PC.
2. Wait for the correct Windows USB drivers to install, if necessary.
3. Plug the HID USB flash drive into a second USB port on the PC.
4. Locate and launch the iCLASS SE Encoder zip file on the USB flash drive.
5. Unzip the file and double-click on the executable file to launch the installation.
6. On the installation wizard click Next to begin the installation.
Page 29
Page 3-3 Setup and Configuration
7. On the License Agreement Window, read the license agreement, and if you agree, select the I accept the license agreement box.
8. Click Next.
April 2014 PLT-01067, Version: A.3
Page 30
Setup and Configuration Page 3-4
9. Modify the destination installation Folder path, modify if required. Click Next.
10. Select Create Desktop Shortcut, if needed. Click Next.
Page 31
Page 3-5 Setup and Configuration
11. The option Run iCLASS SE Encoder now is selected by default, uncheck if needed.
12. Click Finish.
13. If the option to Run iCLASS SE Encoder now is selected, the application will open and prompt you to log in.
14. Login to the Application. Default settings are: Username: admin, Password: admin.
15. Click OK.
April 2014 PLT-01067, Version: A.3
Page 32
Setup and Configuration Page 3-6

3.4 Set Administrative Keys

On the initial installation the following message will appear to change the Administrative Keys. This is important, for security reasons, and should be taken care of at this time.
1. Click OK.
2. Enter the Admin Keys. This can be done by entering keys that have been saved earlier, or click
Generate Random Keys. Click OK.
Warning: If the PC hosting the application fails, you will lose access to ALL Credential Credits. The Credential Credits are only recoverable with the Admin Keys, therefore it is important that you
record these keys in a secure location for future reference. See Section 8.1.2: Save Admin Keys for
detailed directions.

3.5 Change Default Admin Password

The Admin password must be modified from the default values immediately (Username: admin, Password: admin). For security reasons, this access should not be left on the application.
See Section 8.2.3: Change Password for detailed information on modifying the default Admin password.
Warning: When creating, a new Admin user, or changing an Admin password, it is important that this password is saved in a secure location. At this time there is no password reset feature in place.

3.6 Add System Users

See Section 8.2: Manage Users for detailed information on adding Users.
Warning: When creating, a new Admin user, or changing an Admin password, it is important that this password is saved in a secure location. At this time there is no password reset feature in place.
Page 33
Chapter 4
Initial Configuration (Startup)
The following sections cover the initial configuration of the iCLASS SE Encoder.

4.1 Install Plugin Package

A plugin package configures both the iCLASS SE desktop software and the encoder for the type of technology being used (for example iCLASS). This installation package may also contain all the counters, configuration, format and key files necessary to execute work orders for a single technology. By default, the iCLASS SE Encoder Kit ships with Standard keys for iCLASS and Seos, and a small number of credits to get started.
1. When initially launching the software, the user is prompted to install plugins, if they have not been installed. Click Yes to begin the installation process. Note: If you select No, simply go to step 3 and start the process manually.
2. On the HID USB flash drive, locate (browse) the Technology Plugins folder. Double-click the first Plugin file in the list to install.
Note: Plugin version numbers listed above may vary.
April 2014 PLT-01067, Version: A.3
Page 34
Initial Configuration (Startup) Page 4-2
3. To load the next Plugin, select File menu > Install Plugin Package.
4. Double-click the next Plugin file from the list to load.
5. Repeat the process (step 3 and 4) for all the plugins in the folder.
6. When complete, all the installed plugins are displayed on the File tab > Plugins/Users window.
Page 35
Page 4-3 Initial Configuration (Startup)

4.2 Install Format

HID programs thousands of formats used in the Security business. Every format has a name and a number. A format describes how a credential is to be constructed and deciphered (for example: the number of data fields, size, legal value ranges, and how they are constructed when written to a card).
The application is provided with a default format of H10301. If you require an additional/different format, you must contact your HID representative for assistance. Therefore this step will not be required unless you need to load an additional format.
1. Select the File tab > Install Format.
April 2014 PLT-01067, Version: A.3
Page 36
Initial Configuration (Startup) Page 4-4
2. On the HID USB flash drive locate the Format folder. Double-click the Format file to install.
3. When complete, all installed Formats are displayed on the File tab > Formats. All of the Format information is listed in this window.
Note: By default the UI has the H10301 format loaded.
Page 37
Page 4-5 Initial Configuration (Startup)

4.3 Upload Encoder Configuration Package

Normally the customer will receive the Credential Credits and Keys in this form (Configuration Package).
Note: If the Credential Credits and/or Keys are received individually, see Section 4.4: Upload (Top Up) Credential Credits and Section 4.5: Load HID Keys to Encoder.
1. Select the File tab > Upload Encoder Configuration Package.
April 2014 PLT-01067, Version: A.3
Page 38
Initial Configuration (Startup) Page 4-6
2. Browse to the Configuration Package ordered from HID. Double-click the file to be loaded.
3. A progress bar will display as the keys and credits are loaded.
Page 39
Page 4-7 Initial Configuration (Startup)
4. When the package has been successfully loaded, a Ready message will appear at the bottom of the window.
April 2014 PLT-01067, Version: A.3
Page 40
Initial Configuration (Startup) Page 4-8
5. After the upload is complete, the installed package contents are displayed.
Page 41
Page 4-9 Initial Configuration (Startup)

4.4 Upload (Top Up) Credential Credits

Note: If you have already loaded the Credential Package (Section 4.3), then skip to Section 4.6:
Create Custom Keys.
The term Credential Credit, refers to the tokens purchased from HID that enable all card transactions. The iCLASS SE Encoder is enabled until the authorized credentials have been exhausted. The user must then request additional credentials.
The management of these credentials can be conceptually understood as a counter. When a customer orders “X” credentials, the counter is increased by “X” and the encoder is enabled until the counter is decremented to 0, or until more credentials are requested.
When loading individual credit files:
1. Select the File tab > Upload Credential Credits.
Note: Credential credits are ordered for specific iCLASS SE Encoder devices and can only be uploaded once.
April 2014 PLT-01067, Version: A.3
Page 42
Initial Configuration (Startup) Page 4-10
2. Browse to the Credits (counters) ordered from HID. Select the desired file(s) to be loaded. Note: Credit files can be used only once and are bound to a specific device UID.
3. Click Open.
Page 43
Page 4-11 Initial Configuration (Startup)
4. To verify the Credential Credits have been loaded properly, go to the Home tab. The Credential
Credits are listed on the right, on the Configuration panel. Note: To display specific Technology Credits, select the technology type from the Selected Technology pull-down menu, they will display below.
Credential Credits are listed by the Technology selected above.
April 2014 PLT-01067, Version: A.3
Page 44
Initial Configuration (Startup) Page 4-12

4.5 Load HID Keys to Encoder

Note: If you have already loaded the Credential Package (Section 4.3), then skip to Section 4.6: Create
Custom Keys.
The following process will load the HID managed keys to the iCLASS SE Encoder.
1. Select the File tab > Load HID Keys to Encoder.
Note: The Load HID Managed Keys to Encoder action can also be found on the Home tab > Key Manager window.
Page 45
Page 4-13 Initial Configuration (Startup)
2. Browse to the Keys ordered from HID. Select the desired file(s) to be loaded.
3. Click Open.
4. A progress bar will display as keys are loaded.
April 2014 PLT-01067, Version: A.3
Page 46
Initial Configuration (Startup) Page 4-14
5. When the Keys are successfully loaded, a message will appear at the bottom of the window.
Page 47
Page 4-15 Initial Configuration (Startup)
6. After the upload is complete, the installed Keys are displayed on the Key Manager window.
April 2014 PLT-01067, Version: A.3
Page 48
Initial Configuration (Startup) Page 4-16

4.6 Create Custom Keys

To Create Custom Keys, see Section 6.1: Create Key.
Page 49
Work Order Manager

5.1 Card Information

The Card Info button on the menu bar, will read the UID and memory configuration of the card presented to the iCLASS SE Encoder.
1. Place a card on the iCLASS SE Encoder.
2. Select Home tab > Work Order Manager.
3. From the Selected Technology field, select the card type from the drop-down menu.
4. The Card information will display. Note: Not all cards display the same information. In general the information will be:
CSN - Card Serial Number
Card Type (for example, SO Only)
Chapter 5
April 2014 PLT-01067, Version: A.3
Page 50
Work Order Manager Page 5-2

5.2 Create a Work Order

A Work Order is comprised of one or many Work Instructions.
A Work Instruction is a single command issued during Work Order execution. The single Work Instruction can either read or write to a specific memory location.
1. Select Home tab > Work Order Manager.
2. Select New
3. Select the required technology, and click OK.
4. See Section 5.6: Work Instruction Wizard, for details on each technology wizard. When you have
completed the wizard, return to the following step.
Page 51
Page 5-3 Work Order Manager
5. Select Yes to save the Work Order.
6. Enter a descriptive name for the Work Order, and click OK
April 2014 PLT-01067, Version: A.3
Page 52
Work Order Manager Page 5-4
7. The Work Order will now be listed on the Work Order Manager Page, and the Work Order name will display across the top of the window.
Page 53
Page 5-5 Work Order Manager

5.3 Add a Work Instruction to a Work Order

A Work Instruction is a single routine issued during Work Order execution. The single Work Instruction can either read or write to a specific memory location.
Note: This example is of a Custom Configuration.
1. Open a Work Order.
2. Double-click to open a Work Order from the list.
April 2014 PLT-01067, Version: A.3
Page 54
Work Order Manager Page 5-6
3. The Work Order information is displayed on the Work Order Manager window. Select Add Work Instruction
4. Select the required technology, and click OK.
5. See Section 5.6: Work Instruction Wizard, for details on each technology wizard. When you have
completed the wizard, return to the following step.
6. Select Yes to save the Work Order.
Page 55
Page 5-7 Work Order Manager
7. The Work Instruction will now be listed on the Work Order Manager Page.
April 2014 PLT-01067, Version: A.3
Page 56
Work Order Manager Page 5-8

5.4 Edit a Work Instruction

The following describes the simple process of editing an existing Work Instruction.
1. Open a Work Order.
2. The Work Instruction will now be displayed on the Work Order Manager Page.
3. Click Edit, in the Work Instructions section of the menu bar.
4. Double-click the Work Instruction to edit, from the list.
5. The Work Order Instruction wizard is opened. See Section 5.6: Work Instruction Wizard for details
on each technology wizard.
6. When the changes are saved, the Work Instruction selected is modified.
Page 57
Page 5-9 Work Order Manager

5.5 Remove a Work Instruction

The following describes the simple process of removing an existing Work Instruction.
1. Open a Work Order.
2. The Work Instruction will now be displayed on the Work Order Manager Page.
3. Click Remove, in the Work Instructions section of the menu bar.
4. Double-click the Work Instruction to remove, from the list.
5. When the changes are save, the Work Instruction will be removed.
April 2014 PLT-01067, Version: A.3
Page 58
Work Order Manager Page 5-10

5.6 Work Instruction Wizard

The Work Instruction Wizard appears any time you:
Create a New Work Order
Add a Work Instruction to a Work Order
Edit a Work Instruction
There are currently five (5) technology types available, with a corresponding Work Instruction wizard.
iCLASS
MIFARE Classic
MIFARE DESFire EV1
Prox
Seos
See the following for detailed information on each wizard.

5.6.1 iCLASS Work Instruction: HID Access Application

This section covers the Work Instruction wizard for iCLASS, with the HID Access Application encoding.
1. Select the iCLASS technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for iCLASS. Click Next.
Page 59
Page 5-11 Work Order Manager
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, or Roll Card Authentication Key
Data Type HID Access Application, or Custom
Overwrite Existing Credential: Allows the iCLASS SE Encoder to write over
Options
Credential Type
an application that has already been recorded in the Work Order database. Enable User PIN Entry (available with SR (HID Access Application and SO)
only)
SE (SO only), SR (HID Access Application and SO), or HID Access Application.
Format: Select a Format from the list.
Note: For this example we are selecting a Write/HID Application/SE configuration.
April 2014 PLT-01067, Version: A.3
Page 60
Work Order Manager Page 5-12
4. Define Format Parameters: The user selects then customizes each parameter defined for the selected format. Simply select the line to modify, each parameter is editable with text or from a
drop-down menu.
Field Description
Name
Parameter Type
Enforce Unique Numbers
Default Value The default Static value is used when auto-creating a new Credential record.
Increment Step The step value used to increment Auto Number sequences.
Auto Numbers
The name is read from the Format file. It is recommended to not change this name unless necessary.
This can be Auto Increment, Static, or Manual User Entry. Note: Type is typically determined by the Format file.
Check this box for a runtime check of manual value entered by user to guarantee uniqueness, prior to executing the Work Order.
This field sets the Auto Number Sequences for the Work Instruction. The ranges are set by selecting the ellipses (…) and entering the ranges (see following graphic).
Auto Number Sequences window
Simply select Add Range and set the range in the editable fields. Click OK.
5. Click Next to continue with the Wizard.
Page 61
Page 5-13 Work Order Manager
6. Memory Map Selection: Select card configuration and location where the data will be written. Click Next.
Field Description
Expected Card Type
Card Configuration
Configured or Unconfigured. Note: If Unconfigured is selected, the Card Configuration field below must be set.
Select the memory configuration from the drop-down list. Options are: 2K, 16k2, 16k16, 16k2+16k1, 16k16+16k1, 2K (SO Only), 16k2 (SO Only),
16k16 (SO Only), 16k2+16k1 (SO Only), 16k16+16k1 (SO Only) Default is 2K.
Note: Memory Map will be grayed out with the Data Type set to HID Access Application, as the HID Access Application is always encoded in the same place. However, if the Data Type is set to Custom, the Memory Map will be active.
Expected Card Type: Configured
Expected Card Type: Unconfigured
April 2014 PLT-01067, Version: A.3
Page 62
Work Order Manager Page 5-14
7. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
Field Description
Card Authentication Keys Custom or HID defined Key Sets may be selected.
SO Encryption Key Custom or HID defined SO Encryption Key Sets may be selected.
8. You have completed the wizard. Click Finish.
9. Return to Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 63
Page 5-15 Work Order Manager

5.6.2 iCLASS Work Instruction: Custom Encoding

This section covers the Work Instruction wizard for iCLASS, with Custom Encoding.
1. Select the iCLASS technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for iCLASS. Click Next.
April 2014 PLT-01067, Version: A.3
Page 64
Work Order Manager Page 5-16
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, or Roll Card Authentication Key
Data Type For this example Custom must be selected.
Options Not available with Custom
Custom Data Plugin Type: ASCII Text, Hexadecimal Data, Unicode Text
Name: Modify the Name, if needed. Note: Name field constitutes column in
Work Order data view.
Note: For this example we are selecting a Write/Custom/ASCII Text/Custom_Field.
Page 65
Page 5-17 Work Order Manager
4. Memory Map Selection: Select card configuration and location where the data will be written. Click Next.
Field Description
Expected Card Type Configured or Unconfigured.
Select the memory configuration from the drop-down list.
Card Configuration
Memory Map Define (select) the AppArea/Block.
Options are: 2K, 16k2, 16k16, 16k2+16k1, 16k16+16k1, 2K (SO Only), 16k2 (SO Only), 16k16 (SO Only), 16k2+16k1 (SO Only), 16k16+16k1 (SO Only)
Default is 2K.
Note: This is a scrollable field.
April 2014 PLT-01067, Version: A.3
Page 66
Work Order Manager Page 5-18
5. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
Field Description
Card Authentication Key: Custom or HID defined Key Sets may be selected.
Keys
Encryption
SO Encryption Key: Custom or Standard Key Sets may be selected. New Card Authentication Key: None or Custom Key Sets may be selected.
Encryption Type: None, or 3DES Encryption Key: This field appears with the 3DES selection above. Select the
Encryption Keys loaded.
6. You have completed the wizard. Click Finish.
7. Return to Section 5.2: Create a Work Order step 5 to save the Work Order.
Page 67
Page 5-19 Work Order Manager

5.6.3 MIFARE Classic Work Instruction: HID Access Application

This section covers the Work Instruction wizard for MIFARE Classic, with the HID Access Application encoding.
1. Select the MIFARE Classic technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for MIFARE Classic. Click Next.
April 2014 PLT-01067, Version: A.3
Page 68
Work Order Manager Page 5-20
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, Roll Card Authentication Key, or Move Genuine SO Sector
Data Type HID Access Application, or Custom
Overwrite Existing Credential: Allows the iCLASS SE Encoder to write over an
Options
application that has already been recorded in the Work Order database. Enable User PIN Entry (available with SR (HID Access Application and SO) only)
Credential Type
SE (SO only), SR (HID Access Application and SO), or HID Access Application.
Format: Select a Format from the list.
Note: For this example we are selecting a Write/HID Application/SE configuration.
Page 69
Page 5-21 Work Order Manager
4. Define Format Parameters: The user selects then customizes each parameter defined for the selected format. Simply select the line to modify, each parameter is editable with text or from a
drop-down menu.
Field Description
Name
Parameter Type This can be Auto Increment, Static, or Manual User Entry.
Enforce Unique Numbers
Default Value The default Static value for Static and Manual parameters.
Increment Step The step value used to increment Auto Number sequences.
Auto Numbers
The name is read from the Format file. It is recommended to not change this name unless necessary.
Check this box for a runtime check of manual value entered by user to guarantee uniqueness, prior to executing the Work Order.
This field sets the Auto Number Sequences for the Work Instruction. The ranges are set by selecting the ellipses (…) and entering the ranges (see following graphic).
Auto Number Sequences window
Simply select Add Range and set the range in the editable fields. Click OK.
5. Click Next to continue with the Wizard.
April 2014 PLT-01067, Version: A.3
Page 70
Work Order Manager Page 5-22
6. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
Field Description
Key Set: Standard, Custom or HID defined Key Sets may be selected. Authentication Keys are the keys currently used to protect the Sector.
Select Default if working with a blank card or Sector.
Keys
Authentication Key A: Select an option from the drop-down menu. Authentication Key B: Select an option from the drop-down menu. SO Encryption Key: Select an option from the drop-down menu. MAD Write Key B: Select an option from the drop-down menu.
7. You have completed the wizard. Click Finish.
8. Return to Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 71
Page 5-23 Work Order Manager

5.6.4 MIFARE Classic Work Instruction: Custom Encoding

This section covers the Work Instruction wizard for MIFARE Classic, with Custom Encoding.
1. Select the MIFARE Classic technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for MIFARE Classic. Click Next.
April 2014 PLT-01067, Version: A.3
Page 72
Work Order Manager Page 5-24
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, Roll Card Authentication Key, or Roll Card Authentication Key.
Data Type For this example Custom must be selected.
Options Not available with Custom.
Plugin Type: ASCII Text, Hexadecimal Data, Unicode Text
Custom Data
Name: Modify the Name, if needed. Note: Name field constitutes column in
Work Order data view.
Note: For this example we are selecting a Write/Custom/ASCII Text/Custom_Field.
Page 73
Page 5-25 Work Order Manager
4. Memory Map Selection: Select card configuration and location where the data will be written. Click Next.
Field Description
Configuration
Update MAD
Change access conditions
Memory Map
Card Type: 1K, or 4K
Sector Trailer Authentication Key: Key A, or Key B
Select the check box to update the MIFARE Application Directory (MAD). Note: This is an optional parameter (sector 0 is always reserved for this purpose).
Application ID: Enter the Application ID your company has registered with NXP to update.
Select the check box to Change access conditions
Sector Trailer Access: Select an option from the drop-down menu. Note: See the NXP Datasheet for more detail on Sector Trailer. Block Access: Select an option from the drop-down menu.
Define (select) the MIFARE Sector/Block (scrollable field). Note: The legacy HID application can be encoded on Sector 1. This is a fixed
location. The HID SIO application can be encoded in Sector 4 generally, but can be moved.
April 2014 PLT-01067, Version: A.3
Page 74
Work Order Manager Page 5-26
5. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
Field Description
Key Set: Not an option. Authentication Keys are the keys currently used to protect the Sector.
Select Default if working with a blank card or Sector.
Keys
Authentication Key A: Select an option from the drop-down menu. Authentication Key B: Select an option from the drop-down menu. SO Encryption Key: Not available with the Custom option. MAD Write Key B: Select an option from the drop-down menu.
6. You have completed the wizard. Click Finish.
7. Return to Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 75
Page 5-27 Work Order Manager

5.6.5 MIFARE DESFire EV1 Work Instruction: HID Access Application

This section covers the Work Instruction wizard for MIFARE DESFire EV1, with the HID Access Application encoding.
1. Select the MIFARE DESFire EV1 technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for MIFARE DESFire EV1. Click Next.
April 2014 PLT-01067, Version: A.3
Page 76
Work Order Manager Page 5-28
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, or Roll Card Authentication Key
Data Type HID Access Application, or Custom
Overwrite Existing Credential: Allows the iCLASS SE Encoder to write over an
Options
application that has already been recorded in the Work Order database. Enable User PIN Entry (available with SR (HID Access Application and SO) only)
Credential Type
SE (SO only), SR (HID Access Application and SO), or HID Access Application.
Format: Select a Format from the list.
Note: For this example we are selecting a Write/HID Access Application configuration.
Page 77
Page 5-29 Work Order Manager
4. Define Format Parameters: The user selects then customizes each parameter defined for the selected format. Simply select the line to modify, each parameter is editable with text or from a
drop-down menu.
Field Description
Name
Parameter Type This can be Auto Increment, Static, or Manual User Entry.
Enforce Unique Numbers
Default Value The default Static value for Static and Manual parameters.
Increment Step The step value used to increment Auto Number sequences.
Auto Numbers
The name is read from the Format file. It is recommended to not change this name unless necessary.
Check this box for a runtime check of manual value entered by user to guarantee uniqueness, prior to executing the Work Order.
This field sets the Auto Number Sequences for the Work Instruction. The ranges are set by selecting the ellipses (…) and entering the ranges (see following graphic).
Auto Number Sequences window
Simply select Add Range and set the range in the editable fields. Click OK.
5. Click Next to continue with the Wizard.
April 2014 PLT-01067, Version: A.3
Page 78
Work Order Manager Page 5-30
6. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
Field Description
Key Set
Application Keys
Key Type Displays the Key type.
Crypto Method Triple DES, AES, or 3 Key Triple DES (24 byte keys)
Key Diversifier Algorithm
Auth Key
Key Set: Custom or HID defined Key Sets may be selected Change Key Set: Standard (No option).
None, NIST SENC HMAC, NXP AV1 1 Key Triple DES, or NXP AV1 2 Key Triple DES
None, NXP Default Transport Key, or HID SO PICC Master Key. Also custom Auth Key will be listed.
Page 79
Page 5-31 Work Order Manager
7. You have completed the wizard. Click Finish.
8. Return to see Section 5.2: Create a Work Order, step 5 to save the Work Order.
April 2014 PLT-01067, Version: A.3
Page 80
Work Order Manager Page 5-32

5.6.6 MIFARE DESFire EV1 Work Instruction: Custom Encoding

This section covers the Work Instruction wizard for MIFARE DESFire EV1, with Custom Encoding.
1. Select the MIFARE DESFire EV1 technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for MIFARE DESFire EV1. Click Next.
Page 81
Page 5-33 Work Order Manager
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, Roll Card Authentication Key, or Move Genuine SO Sector
Data Type For this example Custom must be selected.
Options Not available with Custom.
Plugin Type: ASCII Text, Hexadecimal Data, Unicode Text
Custom Data
Name: Modify the Name, if needed. Note: Name field constitutes column in
Work Order data view.
Note: For this example we are selecting a Write/Custom/ASCII Text/Custom_Field.
April 2014 PLT-01067, Version: A.3
Page 82
Work Order Manager Page 5-34
4. Memory Map Selection: Select card configuration and location where the data will be written. Click Next.
Field Description
Application ID
File Number Select the file number (Range 0-31).
File Type Standard Data File is the only supported option.
File Size (bytes) Select the file size in bytes. Default is 16 bytes.
File Communication Settings
Key Change Mode
PICC Master Key Properties
Application Master Key Properties
Enter the 3-byte Application ID your company has registered with NXP, in hexadecimal form.
Ciphered is the only supported option.
To change a key, requires authentication with the following: Master Key, Key 1-13, Authenticate with key to be changed, or Do not allow keys to be changed
Select the PICC Master Properties from the list. Note: These options can only be managed when working with a blank card.
Select the Application Properties from the list.
Page 83
Page 5-35 Work Order Manager
5. Key Selection: Set the Application Key options in accordance with the NXP datasheets, and click Next. All options can be set from the associated drop-down menu.
Note: Selections must abide by the rules you set up for the card.
Field Description
Application Keys
Key Type Displays the Key type.
Crypto Method Triple DES, AES, or 3 Key Triple DES (24 byte keys)
Key Diversifier Algorithm None, NXP AV1 1 Key Triple DES, or NXP AV1 2 Key Triple DES
None, or NXP Default Transport Key.
Auth Key
Change Key
File Keys (Note keys selected in the following must be configured in the Application Keys section
above)
Read Key Select Read Key number (Range 1-13)
Note: Only applicable if you selected any options to Overwrite or
Delete existing applications /files.
None, or NXP Default Transport Key. Note: Only applicable if you selected any options to Overwrite or Delete existing applications /files.
Write Key Select Write Key number (Range 1-13)
Read/Write Key Select Read/Write Key number (Range 1-13)
April 2014 PLT-01067, Version: A.3
Page 84
Work Order Manager Page 5-36
6. You have completed the wizard. Click Finish.
7. Return to see Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 85
Page 5-37 Work Order Manager

5.6.7 Prox Work Instruction: HID Access Application

This section covers the Work Instruction wizard for Prox, with the HID Access Application encoding.
1. Select the Prox technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for Prox. Click Next.
April 2014 PLT-01067, Version: A.3
Page 86
Work Order Manager Page 5-38
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, or Write.
Options
Credential Type Format: Select a Format from the list.
Overwrite Existing Credential: Allows the iCLASS SE Encoder to write over
an application that has already been recorded in the Work Order database.
Note: For this example we are selecting a Read/Format: H10301.
Page 87
Page 5-39 Work Order Manager
4. Define Format Parameters: The user selects then customizes each parameter defined for the selected format. Simply select the line to modify, each parameter is editable with text or from a
drop-down menu.
Field Description
Name
Parameter Type
Enforce Unique Numbers
Default Value The default Static value for Static and Manual parameters.
Increment Step The step value used to increment Auto Number sequences.
Auto Numbers
The name is read from the Format file. It is recommended to not change this name unless necessary.
This can be Auto Increment, Static, or Manual User Entry. Note: Type is typically determined by the Format file.
Check this box for a runtime check of manual value entered by user to guarantee uniqueness, prior to executing the Work Order.
This field sets the Auto Number Sequences for the Work Instruction. The ranges are set by selecting the ellipses (…) and entering the ranges (see following graphic).
Auto Number Sequences window
Simply select Add Range and set the range in the editable fields. Click OK.
5. Click Next to continue with the Wizard.
April 2014 PLT-01067, Version: A.3
Page 88
Work Order Manager Page 5-40
6. You have completed the wizard. Click Finish.
7. Return to see Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 89
Page 5-41 Work Order Manager

5.6.8 Seos Work Instruction: HID Access Application

This section covers the Work Instruction wizard for Seos, with the HID Access Application encoding.
1. Select the Seos technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for Prox. Click Next.
April 2014 PLT-01067, Version: A.3
Page 90
Work Order Manager Page 5-42
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Read, Write, or Roll Card Authentication Key
Data Type
Options
Credential Type Format: Select a Format from the list.
HID Access Application, or Custom (Custom apps are not supported at this time).
Overwrite Existing Credential: Allows the iCLASS SE Encoder to write over an application that has already been recorded in the Work Order database.
Note: For this example we are selecting a Write/HID Application configuration.
Page 91
Page 5-43 Work Order Manager
4. Define Format Parameters: The user selects then customizes each parameter defined for the selected format. Simply select the line to modify, each parameter is editable with text or from a
drop-down menu.
Field Description
Name
Parameter Type
Enforce Unique Numbers
Default Value The default Static value for Static and Manual parameters.
Increment Step The step value used to increment Auto Number sequences.
Auto Numbers
The name is read from the Format file. It is recommended to not change this name unless necessary.
This can be Auto Increment, Static, or Manual User Entry. Note: Type is typically determined by the Format file.
Check this box for a runtime check of manual value entered by user to guarantee uniqueness, prior to executing the Work Order.
This field sets the Auto Number Sequences for the Work Instruction. The ranges are set by selecting the ellipses (…) and entering the ranges (see following graphic).
Auto Number Sequences window
Simply select Add Range and set the range in the editable fields. Click OK.
5. Click Next to continue with the Wizard.
April 2014 PLT-01067, Version: A.3
Page 92
Work Order Manager Page 5-44
6. Key Selection: Select a key to lock the AppArea after the data is written, and click Next. .
Field Description
Key Sets Auth Key Set: Standard, Custom or HID defined Key Sets may be
selected
Change Key Set: Not applicable.
Encryption Keys SO Encryption Key: Standard, Custom or HID defined Key Sets may be
selected
7. You have completed the wizard. Click Finish.
8. Return to see Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 93
Page 5-45 Work Order Manager

5.6.9 Work Instruction: Roll Card Authentication Key

This section covers the Work Instruction wizard for Roll Card Authentication Key Encoding.
1. Select the technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for Prox. Click Next.
April 2014 PLT-01067, Version: A.3
Page 94
Work Order Manager Page 5-46
3. Select Data Format: The user can make selections from the following. When complete click
Next.
Field Description
Instruction Type Roll Card Authentication Key
Data Type Not available
Credential Type Not available
Note: For this example we are selecting a Roll Card Authentication Key configuration.
Page 95
Page 5-47 Work Order Manager
4. Key Selection: Select a key to lock the AppArea after the data is written, and click Next.
iCLASS Key Selection
The following section is the Key Selection window for iCLASS Encoding.
Field Description
Key Card Authentication Key: Standard, or HID defined Key Sets may be
selected New Card Authentication Key: Standard, or HID defined Key Sets may
be selected SO Encryption Key: Standard, or HID defined Key Sets may be
selected
April 2014 PLT-01067, Version: A.3
Page 96
Work Order Manager Page 5-48
MIFARE Classic Key Selection
The following section is the Key Selection window for MIFARE Classic Encoding.
Field Description
Keys Key Set: Custom, Standard, or HID defined Key Sets may be selected.
Roll Key Set: Custom or HID defined Key Sets may be selected.
Authentication Key A: Select an option from the drop-down menu. Change Key A: Select an option from the drop-down menu.
Authentication Key B: Select an option from the drop-down menu. Change Key B: Select an option from the drop-down menu.
SO Encryption Key: Select an option from the drop-down menu. Change SO Encryption Key: Select an option from the drop-down menu. MAD Write Key A: Select an option from the drop-down menu. MAD Write Key B: Select an option from the drop-down menu.
Page 97
Page 5-49 Work Order Manager
MIFARE DESFire EV1 Key Selection
The following section is the Key Selection window for MIFARE DESFire EV1 Encoding.
Field Description
Keys Key Set: Standard or HID defined Key Sets may be selected.
Change Key Set: Standard or HID defined Key Sets may be selected. Custom PICC Master Key: Select to open the Application Keys section for
configuration (see section circled below).
April 2014 PLT-01067, Version: A.3
Page 98
Work Order Manager Page 5-50
Seos Key Selection
The following section is the Key Selection window for Seos Encoding.
Field Description
Key Sets
Encryption Keys SO Encryption Key: Standard or HID Standard Key Sets may be selected.
Auth Key Set: Standard or HID defined Key Sets may be selected. Change Key Set: Standard or Custom Key Sets may be selected.
5. You have completed the wizard. Click Finish.
6. Return to Section 5.2: Create a Work Order, step 5 to save the Work Order.
Page 99
Page 5-51 Work Order Manager

5.6.10 Work Instruction: Move Genuine SO Sector

This section covers the Work Instruction wizard for Move Genuine SO Sector process.
1. Select the MIFARE Classic technology type, and click OK.
2. The Work Instruction Wizard will open to allow the user to configure the Work Instruction for Prox. Click Next.
April 2014 PLT-01067, Version: A.3
Page 100
Work Order Manager Page 5-52
3. Select Data Format: Select the following. When complete click Next.
Field Description
Instruction Type Move Genuine SO Sector
Loading...