Sec.GetCurAcMask
This command retrieves the Access Condition Mask, which is applied by the reader in the current context (i.e. security level, protocol).
If this command is executed in security level 1-3 the actual Access Condition Mask is defined by the value which has been set for the particular security level before via Sec.SetAcMask command respectively the configuration value Device/HostSecurity/AccessConditionMask. In this case this command is identical to Sec.GetAcMask for the respective security level.
In case of security level 0 (plain access) the applied Access Condition Mask is determined by the protocol-specific Access Condition Mask ( Protocols/AccessConditionsBitsStd, Protocols/AccessConditionsBitsAlt ). If this value is not available for the particular protocol the reader uses the value that has been set with Sec.SetAcMask respectively Device/HostSecurity/AccessConditionMask[0] before in combination (bitwise AND) with a hard-coded default value as fallback; in most cases this default value corresponds to all access rights - for BRP over TCP it is zero.
It is not possible to deny the retrieval of the Access Condition Mask via the "Encryption and Authorization" settings in the configuration. This means that this command will never return the ERR_ACCESS_DENIED status code.
Properties
- Command code: 0x070A
- Command timeout: 100 ms
- Possible status codes: General status codes
Parameters (request frame)
None
Returned values (response frame)
| Name | Type/Size | Description | |
|---|---|---|---|
| AcMask | Bit mask (32 bits) |
Current Access Condition Mask.
Every Feature in this list can be disabled by not setting the corresponding bit. |
|
| RFU | Integer (bit mask area 0xE0000000) |
Zero padding |
|
| EthernetAccess | Boolean (bit 0x10000000) | Provide Access to Ethernet BRP Commands | |
| AutoreadAccess | Boolean (bit 0x08000000) | Has to be cleared to deny control autoread task | |
| CryptoAccess | Boolean (bit 0x04000000) | Has to be cleared to deny allow access to the encryption unit | |
| Bf2Upload | Boolean (bit 0x02000000) | Has to be cleared to deny allow to upload firmware | |
| ExtendedAccess | Boolean (bit 0x01000000) | Has to be cleared to deny allow access to the extended reader partition | |
| FlashFileSystemWrite | Boolean (bit 0x00800000) | Has to be cleared to deny write access to flash file system | |
| FlashFileSystemRead | Boolean (bit 0x00400000) | Has to be cleared to deny read access to flash file system | |
| RtcWrite | Boolean (bit 0x00200000) | Has to be cleared to deny write access to RTC | |
| VhlExchangeapdu | Boolean (bit 0x00100000) | Has to be cleared to deny running VHL APDU Exchange | |
| VhlFormat | Boolean (bit 0x00080000) | Has to be cleared to deny formattings cards via VHL | |
| VhlWrite | Boolean (bit 0x00040000) | Has to be cleared to deny writing cards via VHL | |
| VhlRead | Boolean (bit 0x00020000) | Has to be cleared to deny reading cards via VHL | |
| VhlSelect | Boolean (bit 0x00010000) | Has to be cleared to deny detection of cards via VHL | |
| ExtSamAccess | Boolean (bit 0x00008000) | Has to be cleared to deny access to SAM over 7816-3 commands ( Iso78 command group ) | |
| HfLowlevelAccess | Boolean (bit 0x00004000) | Has to be cleared to deny allow to access HF via low level commands | |
| GuiAccess | Boolean (bit 0x00002000) | Has to be cleared to deny access to keypad/lcd | |
| IoPortWrite | Boolean (bit 0x00001000) | Has to be cleared to deny write access to io ports | |
| IoPortRead | Boolean (bit 0x00000800) | Has to be cleared to deny read access to io ports | |
| ConfigReset | Boolean (bit 0x00000400) | Has to be cleared to deny reset configuration keys/while configuration. | |
| ConfigWrite | Boolean (bit 0x00000200) | Has to be cleared to deny write access to configuration keys/values. | |
| ConfigRead | Boolean (bit 0x00000100) | Has to be cleared to deny read access to configuration keys/values | |
| SysReset | Boolean (bit 0x00000080) | Has to be cleared to deny allow reboot/powerdown of system | |
| SetAccessConditionMask2 | Boolean (bit 0x00000040) | Has to be cleared to deny set ac 2 | |
| SetAccessConditionMask1 | Boolean (bit 0x00000020) | Has to be cleared to deny set ac 1 | |
| SetAccessConditionMask0 | Boolean (bit 0x00000010) | Has to be cleared to deny set ac 0 | |
| SetKey3 | Boolean (bit 0x00000008) | Has to be cleared to deny set security key 3 | |
| SetKey2 | Boolean (bit 0x00000004) | Has to be cleared to deny set security key 2 | |
| SetKey1 | Boolean (bit 0x00000002) | Has to be cleared to deny set security key 1 | |
| FactoryReset | Boolean (bit 0x00000001) | Has to be cleared to deny resetting system to factory settings | |