Apple Access settings

A list of additional configuration settings for the config.txt file, which relate to extracting secure data from passes for Apple Access.

Apple Access allows passes in Apple Wallet to act as electronic keys. This is distinct from Apple VAS passes, for different use cases, enforcing a higher level of security, although it is similar in many ways.

The additional settings are AccessTCI which identifies you as a credential issuer in the Apple Access programme, and AccessAuthRequired to require positive iPhone or Watch authentication with every tap to share an Access pass. When Apple Access is enabled the reader is in ECP2 mode and will then read DESFire credentials stored in Apple Wallet. You can manage the reading of these credentials with settings in the section the section DESFire cards or tags or Apple Access credential settings.

Settings below: AccessTCI | AccessAuthRequired

AccessTCI

Definition:

The TCI is an ID assigned by Apple Access credential issuer. When this setting is used, the VTAP reader will operate in ECP2 mode and enable DESFire credential reading.

Options:

3 byte hex value which allows a matching pass to be brought up by an Apple iPhone or Apple Watch. A reboot is required to bring a change to this setting into effect.

Default value: N/A

Example value: =203C20

AccessAuthRequired

Definition:

Requires authentication of an Access pass in Apple Wallet, overriding any Express mode setting that may be in place.

Options:

=1 to require authentication,
=0 authentication not required.

A reboot is required to bring a change to this setting into effect.

Default value: =0

Example value: =1