Online Store

How to enable µFR Nano Online Log and Access Control Mode?

µFR Nano Online Log and Access Control Mode #

How to enable log mode? #

  1. Log in to the µFR Online Log and Access Control Module Online WEB configurator GUI.
  2. Enable Master mode if it is not already enabled.
  3. Click the Save and Restart option to apply the changes.

uFR Online log and access control mode1

  1. Enable log mode (only visible after the Master mode is enabled)

uFR Online log and access control mode 2 

How to enable access control mode? #

  1. Log in to the µFR Online Log and Access Control Module Online WEB configurator GUI.
  2. Enable Log mode.
  3. Enable Access Control mode (only available if log mode is previously enabled).
  4. Turn off µFR Online from the power supply
  5. Connect the Access control board.
  6. Turn on µFR Online from the power supply

uFR Online enable log and access control mode

***Access control mode has to be enabled before the access control board is connected.

Access control mode additional options #

  • Relay pulse time: How many milliseconds relay outputs square wave pulse
  • Relay pulse frequency: Square wave output frequency in Hz
  • Relay pulse power: Square wave output power (duty cycle)
  • Relay active time: How many milliseconds to stay output high after a square wave pulse

uFR Online log and access control mode 4

Use cases #

This section will describes two primary use case scenarios.

  • Log mode without access control #

Enable log mode and ensure that access control mode is disabled.

  1. Navigate to the log mode section and click the Edit button.
  2. Enter the Log server host URL.
  3. Click the Save button.
  4. Click on the Save and restart button.
  5. Log mode is now ready to use.

The table below will describe which cards are allowed or denied based on blacklist or whitelist.

Scenario

Allowed / Denied

Blank both, the whitelist and the blacklist

All cards are allowed

Whitelist blank and blacklist not blank

All cards except blacklisted ones are allowed

Whitelist not blank and blacklist blank

Only whitelisted cards are allowed

Both whitelist and blacklist are not blank

Only whitelisted cards that are not blacklisted are allowed

Exclusive whitelist enabled

Only whitelisted cards that are not blacklisted are allowed (In pro mode, only whitelisted company cards are allowed except blacklisted)

If a card is allowed, the reader will beep once and the green light will be turned on.

If a card is denied, the reader will not beep and the red light will be turned on.

  • Log mode with access control #

Enable log mode and make sure that access control mode is enabled.

  1. Navigate to the log mode section and click the Edit button.
  2. Enter the Log server host URL.
  3. Click the Save button.
  4. Click on the Save and restart button.
  5. Log mode with access control is now ready to use.

Scenario

Allowed/Denied

Blank both whitelist and blacklist

All cards are denied (In pro mode, all company cards are allowed)

Whitelist blank and blacklist not blank

All cards are denied (In pro mode, all company cards are allowed except blacklisted)

Whitelist not blank and blacklist blank

Only whitelisted cards are allowed (In pro mode, all company cards are allowed except blacklisted)

Both whitelist and blacklist are not blank

Only whitelisted cards that are not blacklisted are allowed (In pro mode, all company cards are allowed except blacklisted)

Exclusive whitelist enabled

Only whitelisted cards that are not blacklisted are allowed (In pro mode, only whitelisted company cards are allowed except blacklisted)

If a card is allowed, the reader will beep once and the green light will be turned on. Also, the access control board will trigger a relay, beep once and turn on the external LED ring.

If a card is denied, the reader will not beep and the red light will be turned on. Also, the access control board will turn on the external LED ring.

The table below will describe which cards are allowed or denied based on blacklist or whitelist.

 

How to wire the access control board? #

uFR Online log and access control mode 5

 

 

There is also a premade cable for connecting µFR Online and the Access control board.

NOTE: Access control mode must be enabled before the control board is connected, otherwise beeper will be enabled all the time.

In-reader log format #

All log events are stored in human-readable JSON format. 

Example of the log stored in µFR Online reader:

{“log”:[

{“id”:1,”uid”:”11223344″,”time”:”2022-08-15 06:56:02″,”delta”:16,”type”:0,”reader”:1,”status”:0},

{“id”:2,”uid”:”AABBCCDD”,”time”:”2022-08-15 06:56:04″,”delta”:18,”type”:0,”reader”:1,”status”:2}

]}

JSON key/node name

Description

log

Main parent node that contains log events

id

Unique auto-increment log event id

UID

Card unique ID

PID

Personal ID. Only available in Pro mode

time

Log event date/time in UTC format

delta

Time difference between two log events

type

Always 0, reserved for future use

reader

1 if the internal reader has read the card or 2 if external

status

  1. – Allowed card
  2. – Denied card
  3. – Whitelisted card
  4. – Blacklisted card
  5. – Pro mode company card allowed
  6. – Pro mode company card denied

 

In-reader whitelist/blacklist format #

Whitelist and blacklist are stored in human-readable JSON format. 

Example of whitelist stored in µFR Online reader:

{

“whitelist”:[“11223344”, “AABBCCDD”],

“timestamp”:1660492955

}

JSON key/node name

Description

whitelist

A Node that contains whitelisted UIDs in comma-separated format

timestamp

Currently stored whitelist timestamp

 

Example of blacklist stored in µFR Online reader:

 

{

“blacklist”:[“11223344”, “AABBCCDD”],

“timestamp”:1660492955

}

JSON key/node name

Description

blacklist

A Node that contains blacklisted UIDs in comma-separated format

timestamp

Currently stored blacklist timestamp

 

Log and access control mode flowchart #

There are two main events in log and access control mode.

  • Card read event #

 

uFR Online log and access control mode 6

 

  • Reader/Server synchronization (every 60 seconds) #

uFR Online log and access control mode 7

HTTP(S) server request and response protocols #

  • Real-time event protocol #

Real-time events are sent to the server in human-readable JSON format. Example of a real-time event request from a reader to a server:

 

Reader HTTP(S) request to a server

{

“rte”: [{

“id”:83,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1

}],

“whitelist_timestamp”:1660492955, “blacklist_timestamp”:1660492955

}

JSON key/node name

Description

RTE

Parent node that contains real-time event

For more information about the RTE child node read in-reader log format

whitelist_timestamp

Current in-reader stored whitelist timestamp

blacklist_timestamp

The current in-reader stored blacklist timestamp

Readers’ serial numbers, IP addresses, and firmware versions are sent in the HTTP POST header as “OSN”, “SN1” “SN2”, “IP”, “FW”, “FW1”, “FW2”

 

Server HTTP(S) response to the reader

{

“last_id”:79, “time”:1660636893,

“blacklist”:[“AABBCCDD”], “blacklist_timestamp”:1660636882, “whitelist”:[“11223344”], “whitelist_timestamp”:1660636882, “update_fw”:[“2.8.2”, “5.0.71”, “5.0.70”]

}

JSON key/node name

Description

last_id

Last log event id that is stored on the server. The reader will send all log events that have an ID larger than last_id

time

Optional. If the server timestamp  is sent, the reader will sync internal RTC time with a server time

blacklist

Optional. If a server blacklist is sent, the reader will replace the currently stored blacklist with a newly received one.

blacklist_timestamp

This parameter is mandatory if a blacklist is sent. the reader will replace the currently stored blacklist_timestamp with a newly received one.

whitelist

Optional. If a server whitelist is sent, the reader will replace the currently stored whitelist with a newly received one.

blacklist_timestamp

This parameter is mandatory if a whitelist is sent. the reader will replace the currently stored whitelist_timestamp with a newly received one.

update_fw

This parameter is optional. It contains requests to update in reader firmware. If this parameter is sent, the reader will trigger the firmware update procedure.

The first element contains µFR Online firmware, the second contains the UART1 reader and the third contains the UART2 reader. If the array element is an empty string, the update will not be triggered.

 

  • Log event protocol #

Log events are sent to the server in human-readable JSON format. 

Example of a real-time event request from a reader to a server:

Reader HTTP(S) request to a server

{

“log”: [{

“id”:83,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1,

“id”:84,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1

}]}

JSON key/node name

Description

log

Parent node that contains an array of log events

For more information about the log, child node read in-reader log format

 

Log event will be sent whenever the “last_id” parameter is received from the server (Real-time event response or reader/server synchronization response).

  • Reader/Server synchronization protocol #

Log events are sent to the server in human-readable JSON format. 

Example of a real-time event request from a reader to a server:

 

Reader HTTP(S) request to a server

{

“whitelist_timestamp”:1660636882, “blacklist_timestamp”:1660636882

}

JSON key/node name

Description

blacklist_timestamp

Current in-reader blacklist timestamp

whitelist_timestamp

Current in-reader whitelist timestamp

 

PHP and MySQL server script #

There are prebuilt PHP and MySQL scripts that can be hosted on the server. It is made to easily implement the server-side part of log and access mode. It can handle real-time events, log events, and reader-server synchronization requests.

  • MySql database structure #

“events” table

Column name

Column description

id

Unique log event id

UID

Card UID

PID

Personal id. Can be used to identify the same user with multiple card UIDs

time

Event timestamp

delta

Time difference between the two events

type

Always 0, reserved for future use

status

Event status

OSN

µFR Online serial number

sn1

Internal connected µFR NFC reader serial number

sn2

External connected µFR NFC reader, serial number

reader,

  1. If the card is read by an internal reader
  2. If the card is read by an external reader

RTE

  1. – If the event is Real-time
  2. – If the event is Log

 

“readers” table

 

Column name

Column description

OSN

µFR Online serial number

descriptor

µFR Online reader descriptor. Default is empty

sn2

External connected µFR NFC reader serial number

whitelist_on_server

Timestamp of last modified whitelist on the server. Automatically updated by user_after_update trigger

whitelist_in_reader

Timestamp of whitelist stored in the reader.

Automatically updated by HTTP POST sent by

reader

blacklist_on_server

Timestamp of last modified blacklist on the server. Automatically updated by user_after_update trigger

blacklist_in_reader

Timestamp of blacklist stored in the reader.

Automatically updated by HTTP POST sent by

reader

IP

Timestamp of blacklist stored in the reader.

Automatically updated by HTTP POST sent by

reader

online_firmware

Current µFR Online firmware version.

Automatically updated by HTTP POST sent by

reader

reader1_firmware

Current µFR on the UART1 firmware version.

Automatically updated by HTTP POST sent by

reader

reader2_firmware

Current µFR on the UART2 firmware version.

Automatically updated by HTTP POST sent by

reader

requested_online_firmware

If this field is populated and is different from online_firmware, an update request will be sent to the reader

 

requested_reader1_firmware

If this field is populated and is different from reader1_firmware, an update request will be sent to the reader

requested_reader2_firmware

If this field is populated and is different from reader2_firmware, an update request will be sent to the reader

New readers are automatically added to every reader event. For example, if a new reader is connected to the network and the Log mode host URL is set, the new reader will be dynamically added the first time when an event is sent. **Do not add readers manually

 

“users” table

Column name

Column description

UID

Card unique ID

PID

Personal ID. Can be used to identify the same user with multiple card UIDs

description

User description. Can be used eg. to set first and last names.

image

Binary formatted user image

*ON123456

Example of µFR Online reader with serial number ON123456. This field is used to whitelist or blacklist current users on this reader

*ON654321

Example of µFR Online reader with serial number ON654321. This field is used to whitelist or blacklist current users on this reader

New readers are automatically added to every reader event. For example, if a new reader is connected to the network and the Log mode host URL is set, the new reader will be dynamically added the first time when an event is sent as a new column. If a new reader is added.

*Example readers. **Do not add readers manually.

 

“debug_log” table

Column name

Column description

id

Unique debug id

OSN

µFR Online serial number

log

Raw POST data sent from reader to server or from server to reader

time

Current server timestamp

direction

FROM_SERVER – HTTP server response FROM_READER – HTTP reader request

Debug log table is populating only if the “DEBUG” flag is set enabled in the PHP script

 

  • PHP script flowchart #

uFR Online log and access control mode 7uFR Online log and access control mode 8