FAQ

Depending on the variant, BALTECH RFID readers are available with the following host interfaces:

• USB (HID, keyboard emulation, PC/SC, virtual COM port)
• RS-232/UART
• Magstripe emulation
• RS-485 (OSDP)
• Wiegand
• Ethernet

Docs: Host interfaces per product
Docs: Host interfaces and protocols for custom application development
Reader finder: Find variants with the host interface you need

All BALTECH readers support HF/NFC (High Frequency/Near Field Communication, 13.56 MHz) for technologies such as MIFARE, LEGIC, HID iCLASS and ISO 15693-compliant transponders.

Depending on the variant, readers additionally support:

• LF (Low Frequency, 125 kHz) for technologies such as HID Prox, Hitag, or EMarine.
• Bluetooth Low Energy to use BALTECH Mobile ID (as well as Tungsten Business Connect with the print-management product range).

Docs: Overview of card types per frequency
Reader finder: Find variants with the frequencies you need
Product page: Mobile ID

BALTECH RFID readers support all common card types, including MIFARE Classic (1k/4k), MIFARE DESFire (EV1, EV2, EV3), LEGIC advant and prime, HID iCLASS (SE, Seos), HID Prox, and Hitag. In addition, we support smartphone-based identification via Bluetooth with BALTECH Mobile ID (as well as Tungsten Business Connect with the print-management product range). The specific technologies supported depend on the product variant chosen.

Docs: All supported card types
Download: Supported card types per product variant
Reader finder: Find variants with support for your card type
Product page: Mobile ID

Yes, with BALTECH Mobile ID, you can use smartphones as means of identification. The app for iOS and Android uses Bluetooth Low Energy to communicate with compatible BALTECH readers. BALTECH Mobile ID is available free of charge, as a cloud service or on-premises, and can also be integrated into custom apps using our SDK.

Product page: Mobile ID
Docs: Mobile ID
Reader finder: Find variants with Mobile ID support

Choosing the right variant depends on several factors, in particular:

• Product range (Standard or print management)
• Form factor (module, desktop, wall-mounted)
• Host interface
• Card types

Reader finder: Find variants with the required feature set

For an overview of all features per variant, you can also refer to our price lists:

• ID-engine Z
• ACCESS200
• Print-management readers

With any questions, our Sales team is happy to help.

Yes, the firmware is updatable. This allows new features or bug fixes to be rolled out to the readers as needed, without having to replace the hardware. To update the firmware, you can use BALTECH Uploader (part of BALTECH ToolSuite, available for free). The upload works both with a wired connection and wirelessly via the NFC interface.

If you develop your own applications, you can also implement Wired Upload yourself.

Docs: Update reader firmware via Wired Upload)
Docs: Update reader firmware via Wireless Upload
Docs: Implement Wired Upload via the host

With many competing products, customizations – such as a different output format or specific I/O behavior – require custom firmware or even a hardware replacement. With BALTECH readers, most customizations can be implemented through configuration. For you, this means significantly lower costs, less effort during deployment to readers, and faster implementation.

This flexibility is the result of nearly 30 years of consistent focus on this very technology – with hardware, firmware, and software development all under one roof at our site near Munich.

Docs: Create a configuration

Yes. If your requirements change during operation – e.g., switching card systems, adding new card types after a merger, or adjusting the output format – you can simply create and deploy a new version of the project configuration. Deployment to installed readers is handled via multiple interfaces, including wireless upload via NFC or ConfigCard. No need to uninstall or replace readers.

Docs: Create a new configuration version
Docs: Deploy configurations

BALTECH ToolSuite, available free of charge, covers the full workflow:

• Form-based configuration: Create project configuration based on predefined forms, with automatic versionong. No RFID expert knowledge required.
• Test on your PC: Test the RFID interface as well as LED and beeper right in ToolSuite.
• Flexible rollout: Upload configurations via a wired connection or wirelessly via NFC or ConfigCard – even to readers that are already installed.

For projects with specific requirements, we create custom configuration forms or handle the entire configuration process for you.

Download: BALTECH ToolSuite
Docs: Quick start with BALTECH ToolSuite

No. BALTECH ToolSuite is designed so that end users can create and manage their own project configurations even without RFID knowledge. Forms guide you through all relevant parameters; automatic versioning ensures that you always have a clear overview of the configuration statuses. For more complex requirements, we’re happy to create the configuration for you on request.

Docs: Create a configuration
Docs: Order a configuration

Yes. For nearly 30 years, we have handled hardware, firmware, and software development, design, and manufacturing all under one roof – this is what enables us to respond to individual requirements with far greater flexibility than many other providers.

Often, the necessary adjustments can be made through configuration alone, without any firmware changes. For requirements that go beyond this – including those that other providers would turn down – we implement them as custom development: cost-effectively, thanks to streamlined coordination processes and a deep understanding of the system at all levels, and even on short notice, because we have no external dependencies.

Yes. Since we handle the entire value chain in-house – hardware, firmware, and software development, design, and manufacturing – we can efficiently meet even highly specialized requirements. Examples:

• Proprietary host protocols
• Custom antenna or housing design for special installation environments
• Expanding low-level support for your card system
• Individual I/O sequences or control logic

Contact us for a free, no-obligation quote.

A complete RFID system consists of 3 components:

• RFID medium (physical transponder, e.g. card or key fob, or a smartphone): carries the identification data, usually a unique number
• RFID reader: Reads the identification data and transfers it to the background system in the required format
• Background system/application: Processes the identification data and decides whether permissions are granted

Apart from readers, we also offer preformatted cards and key fobs. In addition, we support smartphone-based identification via Bluetooth with BALTECH Mobile ID and Tungsten Business Connect.

Product page: Standard readers
Product page: Print-management readers
Product page: Mobile ID
Download: Data sheet „Cards and transponders“

The RFID reader collects the identification data from a medium (card, key fob, or smartphone) and transmits it to a higher-level host system, which makes the actual authorization decision. In simple applications, the authorization check can also be performed directly in the reader if a list of valid numbers is stored there.

BALTECH RFID readers support both options.

Docs: Configure readers (incl. host interface)
Docs: Configure readers for standalone operations (offline access control)

NFC (Near Field Communication) is a standardized subset of RFID technology and operates exclusively in the HF (High Frequency) band at 13.56 MHz. Unlike traditional RFID systems, NFC also supports peer-to-peer communication between two active devices (e.g., 2 smartphones) and is therefore used not only for card reading but also for data exchange and contactless payments.

There are 3 common RFID frequencies:

• LF (Low Frequency, 125 kHz / 134 kHz)
• HF/NFC (High Frequency, 13.56 MHz)
• UHF (Ultra High Frequency, 860–960 MHz) for longer ranges and logistics applications.
• Bluetooth (2.45 GHz)

BALTECH reader support LF, HF/NFC, and Bluetooth.

Reader finder: Find variants with the frequencies you need

The operating volume of an RFID reader depends primarily on 3 factors:

• Frequencies: LF (Low Frequency) and HF (High Frequency) typically 2–10 cm, UHF up to several meters, Bluetooth up to 10 m
• Antenna size and geometry
• Form factor and size of the transponder

In addition, the installation environment plays a role: Metal, for example, reduces the operating volume.

Docs: Operating volume of BALTECH readers per model
Docs: Guidelines for the installation of BALTECH readers in metal environments

Every transponder has a UID (Unique Identifier), a hard-coded serial number of the electronic chip that can be read without authorization. In addition, newer card types in the HF/NFC range (High Frequency, 13.56 MHz) may contain additional, often cryptographically protected memory areas. These can be used, for example, to store individually defined numbers that can only be accessed with the appropriate key. BALTECH refers to these numbers as “PCN” (Programmed Card Number).

Due to the protection offered by encryption, we strongly recommend using PCNs instead of UIDs. We’re happy to apply a card structure suitable for your project, including PCNs, to your cards. Alternatively, we provide the “Card Formatter” tool that allows you to format your cards easily and securely on-site.

Docs: Card Formatter
Docs: Configure readers to read a UID or PCN

The security of an RFID system depends on several factors:

• Card system and the encryption mechanisms it supports. We recommend MIFARE DESFire and MIFARE Plus, which currently meet the highest standards.
• Card key storage location: By default, keys are stored in the reader; however, for particularly high security requirements, we recommend storing them in a SAM (Secure Access Module). Variants with a SAM slot are available for all our products.
• Communication with the host system: Communication with our USB readers can be encrypted using AES-128. Our Ethernet readers support HTTPS encryption.
• Protection of the configuration and the keys it contains against unauthorized access and tampering. Our configurations are end-to-end encrypted; we support both symmetric encryption based on AES-128 and asymmetric encryption based on ECC (Elliptic Curve Cryptography).
• Processor cards with RSA or ECC are supported via the corresponding SAMs.

For further details about the security of our readers, please refer to our security concept (see link below).

Docs: BALTECH security concept
Docs: Implement AES encrytion for the host interface
Docs: SAMs: Functionality and installation

Memory structures vary significantly between card technologies:

MIFARE DESFire organizes memory into applications (identified by a 3-byte application ID, AID). Each application contains files and keys. Access is cryptographically protected (AES, DES, 3DES, or 3K3DES). Each application contains various files. Data is addressed using a file number and byte position. Docs: MIFARE DESFire card structure

MIFARE Classic is divided into sectors; each sector consists of 4 blocks (up to 16 blocks per sector for 4K cards). The last block of each sector is the sector trailer, which contains two keys (Type A and Type B) that control read and write access to the remaining blocks. Data is addressed via block number and byte position. Docs: MIFARE Classic card structure

LEGIC advant/prime uses segments as structural units—each segment belongs to an application (e.g., access control, cafeteria). A segment consists of an administrative area (stamp, 1–12 bytes) and an application-specific user data area. Data is addressed using the segment number and byte position. Docs: LEGIC card structure

ISO 15693 transponders store data in blocks that are 4, 8, or 32 bytes in size, depending on the product. Data is addressed using the block number and byte position. Docs: ISO 15693 card structure

These differences are relevant for the configuration of the RFID readers. If you develop your own applications, you can use our macro command set VHL (Very High Level) to create universally appliable code, independent of the card system used, and specify all card-type-specific information in the reader configuration. Docs: Macro command set VHL (Very High Level)

Absolute quantum-proof encryption, i.e., encryption that can withstand attacks from future, powerful quantum computers, is something no RFID reader manufacturer can promise today. However, it is both realistically achievable and sensible to focus on “quantum readiness”: To achieve this, the reader must be designed so that cryptographic algorithms can be updated – without replacing the hardware – when the threat landscape or market standards require it.

This is known as cryptoagility and applies to both communication channels: the connection between the card and the reader, as well as the connection between the reader and the host system. A cryptoagile reader can block weak methods and retrofit new card protocols or algorithms via firmware updates. Whether a specific update is possible on hardware already in the field also depends on key lengths and available computing power – this is a reality that applies to the entire industry. BALTECH readers already offer the technical foundation – protocol and algorithm updates via firmware updates, including contactless ones – today.

Another quantum-ready feature already available today is the SAM slot. A SAM (Secure Access Module) allows for the secure exchange of cryptographic keys stored in the reader – without having to replace the device itself. Variants with a SAM slot are available for all BALTECH products.

This update infrastructure is a prerequisite for implementing post-quantum cryptography (PQC) as soon as corresponding standards for RFID systems are established.

Docs: Update reader firmware via Wireless Upload
Docs: SAMs:Functionality and installation

OSDP (Open Supervised Device Protocol) is an open standard for communication between RFID readers and access control systems via RS-485. Compared to Wiegand, OSDP offers bidirectional communication, line monitoring (tamper detection), and optional AES encryption of the transmission.

OSDP v1 and v2 are supported by default across all variants of our access control reader ACCESS200.

Docs: OSDP
Product description: ACCESS200
Docs: ACCESS200 hardware specification