Reference Manual


Sec.GetAcMask

This command retrieves the Access Condition Mask of a specified security level.

The Access Condition Mask can be set using the command Sec.SetAcMask or by loading a reader configuration file which defines the respective configuration values Device/HostSecurity/AccessConditionMask.

In case of security level 0 (plain access) the actual Access Condition Mask that is applied by the reader may deviate from the value which is returned by this command. Refer to Sec.GetCurAcMask. It is not possible to deny the retrieval of the Access Condition Mask via the "Encryption and Authorization" settings in the configuration. This means that this command will never return the ERR_ACCESS_DENIED status code.

Properties

Parameters (request frame)

Name Type/Size Description
SecLevel Integer (8 bits) Security Level to get the Access Condition Mask from. Must be between 0 and 3. If this value is 0xFF, the Access Condition Mask of the current Security Level will be returned.

Returned values (response frame)

Name Type/Size Description
AcMask Bit mask (32 bits) Access Condition Mask of the Security Level specified in the SecurityLevel parameter.
Every Feature in this list can be disabled by not setting the corresponding bit.
RFU Integer (bit mask area 0xE0000000) Zero padding
EthernetAccess Boolean (bit 0x10000000) Provide Access to Ethernet BRP Commands
AutoreadAccess Boolean (bit 0x08000000) Has to be cleared to deny control autoread task
CryptoAccess Boolean (bit 0x04000000) Has to be cleared to deny allow access to the encryption unit
Bf2Upload Boolean (bit 0x02000000) Has to be cleared to deny allow to upload firmware
ExtendedAccess Boolean (bit 0x01000000) Has to be cleared to deny allow access to the extended reader partition
FlashFileSystemWrite Boolean (bit 0x00800000) Has to be cleared to deny write access to flash file system
FlashFileSystemRead Boolean (bit 0x00400000) Has to be cleared to deny read access to flash file system
RtcWrite Boolean (bit 0x00200000) Has to be cleared to deny write access to RTC
VhlExchangeapdu Boolean (bit 0x00100000) Has to be cleared to deny running VHL APDU Exchange
VhlFormat Boolean (bit 0x00080000) Has to be cleared to deny formattings cards via VHL
VhlWrite Boolean (bit 0x00040000) Has to be cleared to deny writing cards via VHL
VhlRead Boolean (bit 0x00020000) Has to be cleared to deny reading cards via VHL
VhlSelect Boolean (bit 0x00010000) Has to be cleared to deny detection of cards via VHL
ExtSamAccess Boolean (bit 0x00008000) Has to be cleared to deny access to SAM over 7816-3 commands ( Iso78 command group )
HfLowlevelAccess Boolean (bit 0x00004000) Has to be cleared to deny allow to access HF via low level commands
GuiAccess Boolean (bit 0x00002000) Has to be cleared to deny access to keypad/lcd
IoPortWrite Boolean (bit 0x00001000) Has to be cleared to deny write access to io ports
IoPortRead Boolean (bit 0x00000800) Has to be cleared to deny read access to io ports
ConfigReset Boolean (bit 0x00000400) Has to be cleared to deny reset configuration keys/while configuration.
ConfigWrite Boolean (bit 0x00000200) Has to be cleared to deny write access to configuration keys/values.
ConfigRead Boolean (bit 0x00000100) Has to be cleared to deny read access to configuration keys/values
SysReset Boolean (bit 0x00000080) Has to be cleared to deny allow reboot/powerdown of system
SetAccessConditionMask2 Boolean (bit 0x00000040) Has to be cleared to deny set ac 2
SetAccessConditionMask1 Boolean (bit 0x00000020) Has to be cleared to deny set ac 1
SetAccessConditionMask0 Boolean (bit 0x00000010) Has to be cleared to deny set ac 0
SetKey3 Boolean (bit 0x00000008) Has to be cleared to deny set security key 3
SetKey2 Boolean (bit 0x00000004) Has to be cleared to deny set security key 2
SetKey1 Boolean (bit 0x00000002) Has to be cleared to deny set security key 1
FactoryReset Boolean (bit 0x00000001) Has to be cleared to deny resetting system to factory settings