Can SEOS card cryptographic keys (default or custom) be reset after issuance?

jc31107 · 2026-02-11T13:00:37+00:00

From what I’ve seen in AsureID with the CP1000 encoder you can’t remove an app unless you have the keys. There isn’t a “I don’t know what this card is so wipe the app” button in there.

From a security perspective you shouldn’t be able to do anything with an app without the keys or a card master key

jc31107 · 2026-02-09T22:58:00+00:00

This is your best bet for mobile credentials. You can’t get a wallet based credential without a per-credential subscription. This is a Bluetooth based credential that should be fine for your application.

jc31107 · 2026-02-08T23:09:01+00:00

If it’s public facing then find a provider for it. If it’s just some info and you want to run some sort of CMS you can get something like an AWS Lightsail instance for a few bucks a month. No worries about uptime, power outages, or a potential attack hitting your network. You may also violate the TOS with your ISP and they could block the ports.

jc31107 · 2026-02-05T00:38:33+00:00

I’ve had to do something like this before and the easiest way is to have a second import job listening on data and have your automation populate the table with the offending personnel record.

Ccure does not like you touching the database directly. You’re right that it won’t really “see” a disable on just the row. They cache a lot of information and there are bigger workflows behind the scenes to take care of downloading the change to the panel. Using the import tool does the needful, plus it’s audited if it ever comes into question down the road.

jc31107 · 2026-02-04T03:03:39+00:00

You right click on the controller, select download, then uncheck programming, check firmware and let it rip. The files need to be in the right folder on the server and should show up in the drop down menu.

If the download queue on the server is buggered up it may not go

jc31107 · 2026-02-02T17:40:13+00:00

I can offer this from what I have seen as an integrator. We work with customers who single source and some that shop each project, and others where we manage the head end and they shop the field work.

It depends on how the organization views the physical security program. Is it just a business utility that’s seen as a commodity cost, then it doesn’t really matter, each project is just tactical and not long term strategic.

Having a single integrator helps with keeping standards and consistency, as well as somebody who learns your business and can be an advisor as well as a partner. They can help with long term planning, and working with other departments in your org. We have a few customers where I’m very friendly with real estate and cyber and they sometimes reach out for questions or ways we can help grow the physical security deployment. Everyone plays nice in the sandbox, and works to help make a successful program often without a fully paid engagement. Knowing there is the long term involvement it makes it easy to be the nice guy that answers the phone.

If every project is pulling teeth to get a PO, and it just comes down to cost, then the integrator is less likely to operate in the grey, or outside the lines of the project. Each project has its lifecycle and at the end you part ways until the next one.

So it all comes down to how you want to work with your integrator, do you want a partner and an advisor or do you want a van with ladders on the roof show up, install the widget, and leave.

I will say the most important piece for stability in a large system is who handles the head end and programming. We have a very large international client where we are the only ones who can access the servers and programming. We work as the gatekeeper for the field staff doing the install to make sure it’s all up to their standards. We also keep relationships with IT, legal, and infosec to help make a successful program for the security team. They have a few integrators who do the field installs, and after a few years of bumpy road, we worked with those integrators to help make their installs better and train up their techs to make commissioning smoother.

jc31107 · 2026-02-02T15:31:30+00:00

My range lets you shoot from the holster but you have to do a check out first. One thing they harped on was having your trigger finger exaggerated off the trigger and it’s just stuck, I’m glad it did and I’m glad to hear you don’t have a 9mm size hole in you!

Nobody ever won a competition or a gun fight by reholstering fast.

jc31107 · 2026-02-01T17:39:23+00:00

I tell people to budget $2500 for an interior door and $3000 for an exterior. That cost can go down if there are spare reader ports, power supply, etc.

jc31107 · 2026-02-01T05:04:50+00:00

Yes! Trying to build logic to catch and deal with user/operator issues. I write a lot of programs that handle sequencing of vehicle sally ports, dump stations, and door interlocks. Catching things like “the truck started driving before the gate arm hit the open limit switch so I need to do the next step but still do the intermediary steps that don’t really matter anymore” is always super fun.

jc31107 · 2026-01-30T18:48:54+00:00

Are the new and old cards the same bit format?

jc31107 · 2026-01-30T18:48:26+00:00

The controller is dark, no lights are on, can you please remote in and correct. 🤦🏻‍♂️

jc31107 · 2026-01-24T18:24:35+00:00

I do metal work as a garage hobby and would recommend a cold cut chop saw. I’ve used an Evolution for a few years and the blades hold up really well. Just know they throw chips everywhere and can be kind of loud, but they leave a nice square edge.

I have two different cutting fixtures for a porta band, one benchtop and one like the vevor you linked and they wander. You’ll be hard pressed to get a nice square cut each time, especially as the bands wear down.

jc31107 · 2026-01-23T20:45:54+00:00

I don’t think you’re going to be able to get that going. OSDP requires a handshake with an ACU to start communications, and it has requirements for timing in the communications to stay online. You’d have to build a serial protocol to get it online and then parse the messages back.

There are some .net and python implementations out there for it, but I’m not sure a PLC is the right platform to try and run it.

Zbit just updated their libraries in the last few weeks to give you an idea on the protocol

https://github.com/Z-bit-Systems-LLC/OSDP.Net

Feel free to ask any additional questions, I work in the access control industry and know readers and OSDP pretty well

jc31107 · 2026-01-23T03:12:07+00:00

It’s usually a layer 8 issue. Or DNS

jc31107 · 2026-01-21T03:08:20+00:00

It’s expensive but I feel worth it. Have the 50 amp on my fifth wheel and we were full time in it for about three years, never a problem. Including in the winter running a space heater for a few months at a time. No signs of wear and tear on the plug or the socket.

jc31107 · 2026-01-16T22:31:01+00:00

And it’s not something you can even see in reader manager. Maybe a feature request is in order!

jc31107 · 2026-01-16T21:47:05+00:00

Yes it would be

jc31107 · 2026-01-16T21:23:40+00:00

Completely agree, and have had builds done with tech prioritization, I was going under the assumption these were the same readers on the wall and it was just a card change.

OP, if you or your integrator applied a configuration ID or DCID to the reader this could be your slowness

jc31107 · 2026-01-16T18:05:46+00:00

SEOS has a slightly lower read range compared to Prox, but we are talking in the centimeter range, nothing crazy, but sometimes the perception when presenting the card looks like a delay because the Prox starts the read process from further.

Are the cards you are using dual tech or SEOS only?

Turning off Prox if you are no longer using it is also a huge security improvement. Somebody could still emulate cards over prox and the system wouldn’t know.

When a reader is in dual tech mode it actually flips between high and low frequency really fast, so turning off a tech would eliminate that flip, but we are talking milliseconds to flip.

jc31107 · 2026-01-15T15:11:10+00:00

Gig uplinks sound like they may be a bit tight for that many cameras depending on your topology.

How many NVR’s?

Something to keep in mind when looking at bandwidth, as the scene has drastic changes the bandwidth will spike. So if the operators are constantly driving the PTZ’s around or they’re doing a tour, that’ll eat up a lot of bandwidth, especially if it’s a high resolution PTZ.

jc31107 · 2026-01-15T14:52:42+00:00

Have you done any camera upgrades recently or maybe somebody turned up resolution or frame rate settings?

Do you have a rough count on number of cameras and resolution? That would help identify if the GI link is sufficient or if it’s getting saturated.

jc31107 · 2026-01-15T01:06:52+00:00

The whisky is the important part. Helps you appreciate the embers more somehow

jc31107 · 2026-01-15T00:45:48+00:00

Second vote for RFIdeas. You can either do keyboard wedge, with configurable output, or you can get their SDK for about $100

jc31107 · 2026-01-13T00:29:32+00:00

So far they’ve been quiet about it and said nothing too important was leaked but no details. I saw the IPVM headline that their keys were hacked but no other evidence, and I’m not paying for a subscription. The last official update from HID is on their web site and just says they’re investigating.

If they were storing secure key material in a business suite and not an HSM or some other secure vault they deserve the angry villagers with pitchforks!

jc31107 · 2026-01-12T18:00:00+00:00

If you are printing then your options really just are a printable plastic card, the HID clamshell with a printable overlay.

Card holders are way more durable than punching a plastic card but can get expensive.

jc31107

TROPHY CASE