How to manage VTAP readers in the field

VTAP NFC readers can read mobile wallet and/or physical cards and tags, decrypt the data, and send it on to other systems using different connection methods. They are highly configurable and can be easily and securely updated in the field, including with new firmware, encryption keys and other settings.

VTAP readers primarily use a file-based approach for managing configuration and updates. They are supplied by Dot Origin with a default ‘demo’ configuration, or with specific keys and settings agreed with the end customer. Solution providers can also easily apply their own configuration and keys prior to deployment.

Once deployed, updates may be required due to changing circumstances. For example, a new NFC pass ID or encryption key may be issued, or a useful new feature may be added to the VTAP firmware. Depending on the model of reader and the connected system, there will be several possible ways to update VTAP readers in each scenario.

VTAP USB readers

USB‑connected VTAP readers are typically connected to a front desk PC, kiosk or point of sale system. These systems usually run Windows or Android, although VTAP readers are platform independent. In its default mode, a VTAP reader appears as a composite USB device, emulating a keyboard, a mass storage device (like a USB memory stick) and a virtual serial COM port. These can be selectively turned on or off and the reader can also be put into a read‑only ‘locked’ state to prevent accidental configuration changes.

Updates to config, keys and firmware can be achieved either by copying the relevant files to the mass storage drive, or by sending them over the virtual COM interface using a file transfer protocol. Both ZMODEM and secure OSDP file transfer protocols are supported, as well as other commands to dynamically change individual settings. A reboot command will complete the process for some changes – for example, to apply an encrypted firmware update or to securely store and delete an ECC or AES encryption key file.

Desktop, point‑of‑sale and kiosk platforms therefore need to provide functions to distribute files to each VTAP reader. This is typically incorporated into the wider management of the installed software solution. To help with integration, Dot Origin provides example Windows and Android apps and source code that implements VTAP file transfer over virtual COM.

In some scenarios, VTAP readers can also be managed remotely using the VTAP Cloud platform. For a USB‑connected VTAP reader installed on a Windows PC, VTAP Agent runs as a service to connect it to VTAP Cloud. It can then be added to a fleet of centrally managed readers and the config, keys and firmware pushed out via the internet instead.

VTAP embedded reader boards and modules

All VTAP embedded NFC reader boards and modules support USB and can appear as a USB client device, if the host system supports this. They also offer various serial comms options, for example a 3 UART interface that can be used to communicate directly with another processor platform, and RS‑232 for legacy host equipment. Other serial interfaces such as I2C and SPI are also available on the VTAP25 module.

As with their desktop USB counterparts above, all VTAP embedded readers boards and modules can be managed by copying files over any interface. The file transfer and other commands available on the USB virtual COM interface are mirrored on the physical serial interfaces. This allows updates to be sent irrespective of the connection method. Dot Origin provides embedded C source code, that implements the VTAP serial file transfer protocol, to help with integration.

VTAP RS‑485/OSDP access control readers

VTAP NFC access control readers which communicate over RS‑485 offer several options for remote management, including the open, standardised and secure OSDP update mechanism. Door access readers are typically connected to an access control panel that may be running proprietary firmware, or they may use the long‑distance capability of the RS‑485 interface to link readers directly back to a PC or another system. In all cases, the VTAP reader can be updated in the field by sending config, keys and/or firmware files over the serial comms interface, using standard file transfer functions.

The RS‑485 version of the VTAP100 reader (VTAP100‑PAC‑485) can be configured to operate with two different comms protocols:

• VTAP serial protocol, which supports various commands and features including ZMODEM for file transfer;

• OSDP, the modern industry standard for access control reader interfacing.

OSDP includes secure comms for transmitting both credential data and configuration files. The VTAP implementation supports OSDP file transfers for config and encryption keys (ECC and AES keys for NFC Wallet passes and/or DESFire/Ultralight AES cards) as well as secure firmware updates.

Note that the VTAP OSDP protocol is also available over other serial comms channels such as USB virtual COM, RS‑232 or TTL serial, enabling a common approach to device configuration and management across the entire range of VTAP NFC readers and embedded modules.

The VTAP100 RS‑485 access control reader also has an onboard micro‑USB socket, and can therefore be locally configured and updated over USB using a PC or laptop if required. The VTAP200 has RS‑485, Wiegand and Wi‑Fi interfaces and can also be managed remotely using VTAP Cloud or another platform (depending on its firmware and configuration) even if it is connected to a legacy access control panel.

VTAP PRO IP‑connected readers

The VTAP100 PRO range of NFC readers provides a wide range of options when it comes to local and remote management, connectivity and operating modes.

Generally, VTAP PRO readers are either managed locally over USB, in which case they operate similarly to a standard VTAP USB reader, or remotely, via Wi-Fi or Ethernet, using the VTAP Cloud platform.