Common Questions about Card Readers
This KB article covers common questions (and FAQ) about card readers and their use with PaperCut for photocopier access control and secure print release.
Q Where are card readers used?
PaperCut supports various card readers in a number of areas such as controlling access to photocopiers, providing a quick method of authenticating to a stand alone release station and also being used with the PaperCut Fast Release product.
Q What type of card readers and card standards/formats are supported by PaperCut?
Card readers can be used with PaperCut in a variety of ways. The following sections explain the different ways card readers can be used and how card reader support is affected.
Q What is card self-association?
Card self-association allows a user to associate their card with their account without needing any administrator assistance. If the admin enables this feature for the MFP device in “Authentication Methods”→”Swipe Card”, then when a user presents a new card for the first time, they will be taken to a screen for entering their username and password. If the username and password are entered correctly, then the card is linked with their account. On subsequent card swipes, the user will be logged straight in as their card is now associated.
Please do not confuse card self-association with user self registration. User self registration is a less popular feature used in selected scenarios such as large universities offering public access to printing services in a library.
Q How can I change the number format read from the card? (e.g. Hexadecimal to Decimal)
Simple card number conversion such as from Hexidecimal to Decimal can be implemented quickly using a number of methods:
- Hardware - reprogramming your card reader
- Software - Using one of the in-built filters in PaperCut such as
You’ll find more information about this in the FAQ question about changing card number formats below, and also in the manuals for the PaperCut embedded solutions. Reach out to your reseller or PaperCut Authorized Solution Center (ASC).
Q What is Fast Release?
Fast Release is a short cut method to release the jobs held in a hold/release queue using commodity off-the-shelf card reader hardware (secure print release). The solution does not rely on embedded software and hence will work with any printer type. Specifically the solution works as follows:
- The administrator places a networked card reader next to the printer. The card reader in PaperCut (identified by an IP address) is linked with a queue.
- A user prints to the queue. The job will not print immediately and will be held.
- The user walks up to the printer and presents their card at the reader.
- The card number is sent to the PaperCut server and the user identified.
- Any jobs in the queue for the adjacent printer (which belong to this user) will automatically start printing.
Some general information about secure print release can be found in the product tour.
An common alternative to Fast Release is Mobile Print Release. This option provides an alternative to card readers and allows your users to release held print jobs via their mobile smart phone.
Q Does Fast Release use the same reader type as those used on MFDs?
Yes. The same reader types used on most embedded solutions can also be used for Fast Release. This ensures the maximum level of card compatibility. The two popular readers are Elatec and RFIDeas. The standard USB Elatec reader can be turned into an Ethernet/IP networked reader with a simple TCP Converter Box. In some cases special firmware needs to be loaded onto the reader to support Fast Release. For example, the specially written scripts for the Elatec reader allows the PaperCut server to send different audible tones and lights on different conditions (e.g. no jobs, unknown card).
As well as card readers the Elatec TCP converter can also be used with USB keyboards. This can be useful when customers wish to enter in a number to release jobs. Please note not all USB keyboards/Number pads work so please contact support for models we have tested.
All PaperCut Authorized Solution Centers are able to advise on appropriate technology for a given situation/setup.
Q How do I get my card numbers into PaperCut’s database?
PaperCut offers a variety of ways to get card numbers into the PaperCut database, including:
- By automatically importing the number from a field Active Directory or LDAP.
- By configuring PaperCut to perform a lookup on an external database system (e.g. a security card system).
- By importing the numbers from a text file.
- Users can self-associate their card by swiping and entering their username/password on supported MFD and other hardware.
- Using the server-command or web service APIs.
- By manually entering the card number in the user details page.
The common methods are 1 and 2 as these are simplest to implemented and most automated. If you’re using Microsoft Active Directory, a common selection is to re-use the pager number field (not many people have pages these days so it’s a good choice for a card number store!).
For more information see: Importing card numbers KB
Q My card numbers are in a Database. How can I use this data?
Q Where can I purchase card reader hardware compatible with my device?
Normally customers obtain card readers at the same time as they make arrangements to install devices from their hardware supplier. Please note that the card reader hardware required can depend on the multi-function devices being used, as some manufacture only support their own proprietary card solutions.
Specific information about which card readers work is given in the embedded manual for each of our supported solutions and you PaperCut MF reseller can usually assist with with obtaining any necessary hardware. If you are a PaperCut reseller you should contact your PaperCut Authorised Solution Centre or your local supplier (e.g. Local RFIDeas or Elatec supplier)
Q Which track/sector does PaperCut use on a card (e.g. a Magnetic strip card)
It is down to the reader what information PaperCut readers from a card. Typically a magnetic strip reader will read data from 1 of 3 tracks on the magnetic strip. Some “multi” track magstrip readers can be config to read data from a specific track if needed. This is configured via a downloaded configuration utility.
Typically a prox reader will read a unique serial number from a card. This is generally what an organisation would want, in reality a PaperCut Admin would not mind what number was read as long as it was unique for each user. If you wish to read a different sector from a proximity card then it is possible to read other sectors assuming you have a “playback reader”. These look and cost much the same as normal card readers but the firmware on the device acts differently. Playback readers can be programmed using a configuration utility to read certain sectors from a card. Reading other sectors requires you to know an encryption key. Most sectors would be encrypted by whoever created the card (the door access supplier for example) The configuration utility needs to have an encryption key entered into it, so it can read from that sector. Most cards are protected by two keys, A and B. Key A allows a user to read the sector and key B allows you to read and write to the sector. Key A is all you would need in most cases. It is not often anyone needed to change the sector to read from as part of a PaperCut install.
Q What is the best way to mount a card reader onto an MFD/Copier/Printer?
The simplest method is to directly attach a card reader to the device with double-sided tape, or 5 minute epoxy resin, however in educational environments a more permanent, tamper-proof approach is called for, and many devices provide a cavity for this purpose. Alternatively a card reader may be mounted within the MFD itself. A common internal mounting option is to double-sided tape in the reader inside the scanner feeder hopper on the copier’s lift lid (note: some minor disassembly will be required if mounting inside the feeder, and PaperCut recommends that this only be performed by a certified copier technician or a PaperCut certified ASC). If mounting internally, where space is at a premium, it may be necessary to remove the card reader’s protective case. Ensure to mount the reader behind a prominent flat surface.
“Swipe Here” stickers marking the card reader’s location can be obtained from our Marketing Resources page.
Q What is a “keyboard emulating” USB card reader?
A keyboard emulating USB card reader is a card reader that acts just like a keyboard by “typing” the card number each time a card is swiped. Keyboard emulation can be easily tested. To do this, plug in the card reader, open a text editor application (like Notepad or Word) and then swipe the card. If the card number appears in the text editor as if it was typed, this card reader is said to be “keyboard emulating”.
Keyboard emulation depends on driver support, although the majority of card readers available support the USB HID specification and do not require any additional drivers or software to enable keyboard emulation (the drivers are typically bundled with the operating system).
Some card readers require specific drivers to enable keyboard emulation.
A small number or card readers do not support keyboard emulation at all (software wanting to support these card readers must build-in support for their specific driver). Where possible PaperCut’s embedded solutions aim to support a wide array of readers. Internally PaperCut’s embedded software includes a number of ‘drivers’ and will auto-detect as appropriate.
Q My card reader is reading numbers in a format different to my records. How can I change the format?
Card readers are configured to expect cards to be formatted in a certain way. Sometimes you may be in a position where a card reader is expecting a format that is different to the format your cards are written in. If you’re only using cards readers for self-association then there may not be a need to change any configuration; just as long as each card produces a unique number. However, if you have existing user records with card numbers and want those to match the card reader output then you will need to ensure all of your card readers are working as expected.
If you find the your card readers are not reading the correct number then you need to either reconfigure PaperCut or the card reader hardware. Hardware configuration is ideal if you only have a small amount of devices to update (see option 1). The process is different for each card reader manufacturer, and you will need physical access to the device as well as the configuration software that the manufacturer provides. Alternatively, if you have many devices then it may be quicker to configure the card number format conversion in “software” - that is in PaperCut itself.
946EBD28), but your records are kept in decimal (
2490285352). Activating the hex2dec converter would make PaperCut do the conversion from hexidecimal to decimal.
Q I’d like to see if my card format can be read by a reader. How do I get it tested?
Contact your nearest Authorized Solutions Centre, who will be able to answer any questions you may have, or organize any necessary tests.
Q I receive an “Uncertified USB card reader found” message on a Ricoh MFD. What is this?
The Ricoh platform only supports a limited number of specific card readers. Please refer to the PaperCut Embedded manual for Ricoh (Appendix A) for details.
Q My card reader doesn’t work on my Toshiba MFD. Why?
Toshiba MPFs, both eB3 and eBX types, support a variety of card readers. To support a card reader’s, it’s important that the Toshiba copier is correctly configured. Recently, eBX devices have added support for Magtek card readers. A number of things should be checked (as described in the Toshiba Embedded Manual):
- The 08 codes and values are set correctly for the type of card reader. The 08 code is different for eBX versus eB3 but both these devices use the same 08 values depending on the card reader type.
- Check that LDAP card authentication is turned on for the correct PaperCut LDAP server.
- Ensure that the card reader is connected prior to the MFD boot up.
- If using an Elatec TWN3 card reader, then it needs to have Toshiba firmware installed on it.
Q My card reader is not working. Can you suggest some trouble-shooting steps?
Make sure that the MFD works without the card reader by using a different authentication method. Once you have verified that you can authenticate to the device, swap the reader, MFD or user to see if the problem can be isolated. If you are still not able to get it working, contact the card reader supplier or PaperCut Support with the steps that you have followed.
Q I have mixed card types on my network. What are the options?
This situation may occur when organizations merge, or on sites where their are multiple security solutions for door access. Typically a card of one time can’t be reader by a reader designed for a card of another type. There are a number of multi-readers on the market and in some cases these pose as an acceptable solution. Some factors which have precluded the use of a multi-reader in the past are:
- Multi-readers are more expensive. It may be a viable solution for small deployments, however can get quite expensive in organizations with large MFD fleets.
- Some multi-readers are quite slow at reading as they need to scan a wider frequency range.
An alternate and popular option is “dual frequency” the cards using RFID data dots (RFID ID stickers). Rather than using a multi-reader a single reader type is selected and cards not compatible with this reader have a data-dot sticker applied. Care needs to be taken to ensure the data dotes selected don’t clash with the physical cards. We recommend careful testing to validate your selection prior to production deployment.
Q What is two-factor authentication (Card + PIN)?
Two factor authentication means “something you know” and “something you have”. For PaperCut and card authentication this means turning on Card + PIN authentication (Card - you have, PIN - only you know).
Q Is there a way to enforce a minimum length for the card number?
Yes, you can enforce a minimum length by changing the value of the config key
user.card-id-min-length. The default value is 1. You can set it to a value of your choice. Change the value of a config key via
Options → Config Editor. Information on how to use the config editor is given here.
Q My users employ their PIN instead of their network passwords to authenticate. Are they able to perform card self-association using their PIN?
We’ve spoken with a number of sites wherein users aren’t privy to the passwords for their network accounts, and instead use a PIN exclusively. In the past, card self-association would require a user to authenticate with their formal network credentials, rendering it an unviable feature for those sites. As of PaperCut MF 17.3, it is now possible to authenticate during card self-association using a PIN instead of a password.
To enable PIN authentication for card self-association, you’ll need to modify an advanced configuration key via the Config Editor. The key in question:
By default, attempting to authenticate with a username and PIN when self-associating will fail. When the above configuration key is changed from
Y, self-association with either a username and PIN or a username and password will be possible.
Q I maintain the PINs for my users within my domain user listing. Can I synchronize these with PaperCut MF in the same way that I synchronize card/ID numbers?
PIN synchronization with common directory services is achievable as of PaperCut MF 17.3. To get this working, you’ll need to tell PaperCut MF what field to retrieve these PINs from in your directory listing; this is done using an advanced configuration key, modifiable via the Config Editor.
If your Primary sync source is configured to be Windows Active Directory, the configuration key to populate with the name of your PIN field is as follows:
If your Primary sync source is set to LDAP, you’ll instead want to use this key:
Alternately, if you wish to retrieve PINs from an LDAP synchronization source which is configured as your Secondary sync source, you’ll need this key:
You can find more information about how to customize your synchronized LDAP fields in the following section of our online User Manual.
Q Who do I go to for help with my card reader?
If you’re using PaperCut MF, then it’s worth contacting your Reseller or MF Partner to help out with initial card reader configuration or to start the troubleshooting process. They’ll often have any specific configuration for the card reader / device combination that you’re using in your local environment.
Their contact details can be found in the PaperCut admin interface, under the ‘About’ tab - find your local partner or contact under the ‘Sales and Solutions Contact’ and ‘Support’ sections.
Keywords: nfc, near field communication, near field card, proximity reader, copier authentication, mf-only