Sec.GetCurAcMask

This command retrieves the Access Condition Mask, which is applied by the reader in the current context (i.e. security level, protocol).

If this command is executed in security level 1-3 the actual Access Condition Mask is defined by the value which has been set for the particular security level before via Sec.SetAcMask command respectively the configuration value Device/HostSecurity/AccessConditionMask. In this case this command is identical to Sec.GetAcMask for the respective security level.

In case of security level 0 (plain access) the applied Access Condition Mask is determined by the protocol-specific Access Condition Mask ( Protocols/AccessConditionsBitsStd, Protocols/AccessConditionsBitsAlt ). If this value is not available for the particular protocol the reader uses the value that has been set with Sec.SetAcMask respectively Device/HostSecurity/AccessConditionMask[0] before in combination (bitwise AND) with a hard-coded default value as fallback; in most cases this default value corresponds to all access rights - for BRP over TCP it is zero.

It is not possible to deny the retrieval of the Access Condition Mask via the "Encryption and Authorization" settings in the configuration. This means that this command will never return the ERR_ACCESS_DENIED status code.

Properties

Parameters (request frame)

None

Returned values (response frame)

Name Type/Size Description
AcMask Bit mask (32 bits) Current Access Condition Mask.
Every Feature in this list can be disabled by not setting the corresponding bit.
RFU Integer (bit mask area 0xE0000000) Zero padding
EthernetAccess Boolean (bit 0x10000000) Provide Access to Ethernet BRP Commands
AutoreadAccess Boolean (bit 0x08000000) Has to be cleared to deny control autoread task
CryptoAccess Boolean (bit 0x04000000) Has to be cleared to deny allow access to the encryption unit
Bf2Upload Boolean (bit 0x02000000) Has to be cleared to deny allow to upload firmware
ExtendedAccess Boolean (bit 0x01000000) Has to be cleared to deny allow access to the extended reader partition
FlashFileSystemWrite Boolean (bit 0x00800000) Has to be cleared to deny write access to flash file system
FlashFileSystemRead Boolean (bit 0x00400000) Has to be cleared to deny read access to flash file system
RtcWrite Boolean (bit 0x00200000) Has to be cleared to deny write access to RTC
VhlExchangeapdu Boolean (bit 0x00100000) Has to be cleared to deny running VHL APDU Exchange
VhlFormat Boolean (bit 0x00080000) Has to be cleared to deny formattings cards via VHL
VhlWrite Boolean (bit 0x00040000) Has to be cleared to deny writing cards via VHL
VhlRead Boolean (bit 0x00020000) Has to be cleared to deny reading cards via VHL
VhlSelect Boolean (bit 0x00010000) Has to be cleared to deny detection of cards via VHL
ExtSamAccess Boolean (bit 0x00008000) Has to be cleared to deny access to SAM over 7816-3 commands ( Iso78 command group )
HfLowlevelAccess Boolean (bit 0x00004000) Has to be cleared to deny allow to access HF via low level commands
GuiAccess Boolean (bit 0x00002000) Has to be cleared to deny access to keypad/lcd
IoPortWrite Boolean (bit 0x00001000) Has to be cleared to deny write access to io ports
IoPortRead Boolean (bit 0x00000800) Has to be cleared to deny read access to io ports
ConfigReset Boolean (bit 0x00000400) Has to be cleared to deny reset configuration keys/while configuration.
ConfigWrite Boolean (bit 0x00000200) Has to be cleared to deny write access to configuration keys/values.
ConfigRead Boolean (bit 0x00000100) Has to be cleared to deny read access to configuration keys/values
SysReset Boolean (bit 0x00000080) Has to be cleared to deny allow reboot/powerdown of system
SetAccessConditionMask2 Boolean (bit 0x00000040) Has to be cleared to deny set ac 2
SetAccessConditionMask1 Boolean (bit 0x00000020) Has to be cleared to deny set ac 1
SetAccessConditionMask0 Boolean (bit 0x00000010) Has to be cleared to deny set ac 0
SetKey3 Boolean (bit 0x00000008) Has to be cleared to deny set security key 3
SetKey2 Boolean (bit 0x00000004) Has to be cleared to deny set security key 2
SetKey1 Boolean (bit 0x00000002) Has to be cleared to deny set security key 1
FactoryReset Boolean (bit 0x00000001) Has to be cleared to deny resetting system to factory settings