Page 1
PITreader PITreader Firmware V1.5.x Control and signal devices Operating Manual-1004806-EN-08...
Page 2
Preface This document is the original document. All rights to this documentation are reserved by Pilz GmbH & Co. KG. Copies may be made for the user's internal purposes. Suggestions and comments for improving this documenta- tion will be gratefully received.
Page 3
Validity of documentation......................Using the documentation ......................Definition of symbols......................... Third-party manufacturer licence information ................Overview ..........................Device features ......................... PITreader device view with base unit ..................Safety ............................Intended use ..........................Safety regulations ........................3.2.1 Additional documents that apply....................3.2.2 Use of qualified personnel ......................
Page 4
API Clients ..........................8.15 Save and restore configuration....................8.16 Reset to default settings ......................Firmware update ........................Operation ..........................10.1 LED indicator ..........................10.2 Safely decommission PITreader....................10.3 Diagnostics ..........................10.3.1 Statistics ........................... Operating Manual PITreader, PITreader Firmware V1.5.x 1004806-EN-08...
Page 5
Technical details ........................Supplementary data ......................12.1 Radio approval.......................... 12.2 Network data..........................12.3 Overview of permissions......................Order reference ........................13.1 Authentication system....................... 13.2 Transponder key........................13.3 Accessories ..........................EC declaration of conformity ....................Operating Manual PITreader, PITreader Firmware V1.5.x 1004806-EN-08...
Page 6
Introduction Introduction Validity of documentation This documentation is valid for the product PITreader. It is valid until new documentation is published. This operating manual explains the function and operation, describes the installation and provides guidelines on how to connect the product.
Page 7
The request for the source code must be received 3 years at the latest after the receipt of the relevant MPL. Irrespective of this period we will send you a complete, machine-read- able copy of the source code as long as Pilz offers spares or technical support for this device.
Page 8
For mounting cutouts D22 (diameter 22.3 mm +0.4 mm/-0.0 mm) in accordance with EN 60947-5-1 with anti-rotation device Only PITreader S base unit type devices and versions of the PIT gb with PITreader (e.g. PIT gb RLLE y up ETH, PIT gb RLLE y down ETH): Integrated OPC Server UA Operating Manual PITreader, PITreader Firmware V1.5.x...
Page 9
X2 Ethernet interface [1] Device description [2] Order number [3] Serial number [4] PITreader base unit, including spring-loaded terminal (order no. 402 255) [5] PITreader key adapter h (order no. 402 308) [6] PITreader key (see also Transponder key [ 20]) Operating Manual PITreader, PITreader Firmware V1.5.x...
Page 10
Safety Safety Intended use The PITreader is a system for authentication and authorisation on control systems. Authen- tication is via transponder key. The following is deemed improper use in particular Any component, technical or electrical modification to the product, Use of the product outside the areas described in this operating manual,...
Page 11
Any type of modification has been made (e.g. exchanging components on the PCB boards, soldering work etc.). 3.2.4 Disposal When decommissioning, please comply with local regulations regarding the disposal of electronic devices (e.g. Electrical and Electronic Equipment Act). Operating Manual PITreader, PITreader Firmware V1.5.x | 11 1004806-EN-08...
Page 12
Perform a risk assessment in accordance with VDI/VDE 2182 or IEC 62443-3-2 and plan the security measures with care. If necessary, seek advice from Pilz Customer Support. Implemented security measures The web application is protected against unauthorised access by a password prompt.
Page 13
Limit Modbus/TCP connections to the internal machine network. Secure the connection against external networks. As soon as possible, install firmware updates that Pilz provides for the product. Keep the transponder key in a safe place and protect it from unauthorised access. Advise users of the security risks of sharing transponder keys.
Page 14
(LED: yellow) (LED: red) (LED: red) Fig.: Authentication procedure Authentication modes The PITreader supports two authentication modes: Transponder data [ Pre-defined, group-based authentication in the transponder key External [ Authentication takes place externally e.g. via PLC, HMI When delivered, the transponder data authentication mode is set. The authentication mode can be changed in the web application.
Page 15
PITreader devices are combined within a device group. One user (one transponder key) has the same permission on all PITreader devices within a group. Another user can have a different permission. Device groups can be used for a machine type, for example (in this...
Page 16
External In external authentication mode, a user can authenticate himself on the connected control system or on the HMI by inserting a transponder key into the read area of the PITreader. The following connection options are available: External authentication (Modbus/TCP) PITreader Fig.: External authentication (Modbus/TCP)
Page 17
API Client (e.g. HMI) and the data from the transponder key (e.g. security ID). Authentication occurs on the REST API Client. The information about the authentication status is adopted by the PITreader and forwarded to the controller and the safe evaluation unit (e.g. PIT m4SEU). The externally calculated authentication status is displayed via the device LED on the PITreader.
Page 18
LED lights up red. Activate authentication block: Log in for single authentication by inserting the transponder key on the PITreader. By log- ging in, an authentication block is activated for all other transponder keys. If the transpon- der key is removed, the authentication block remains activated.
Page 19
Permission on the second transponder key: 5 -> Authentication occurs with permission 5 – Permission on the first transponder key: 1 Permission on the second transponder key: 5 -> Authentication occurs with permission 1 Operating Manual PITreader, PITreader Firmware V1.5.x | 19 1004806-EN-08...
Page 20
With the exception of "PITreader key ye g", all transponder keys are pre-programmed in the factory and the permission cannot be modified. The permission applies to all PITreader groups. In the case of "PITreader key ye g", the permission for the PITreader groups can be modi- fied and also locked as an option. Factory-locked...
Page 21
The ID is a number in the range 1 ... 65535. It uniquely identifies a parameter. Users can freely assign the ID. Note: Users should not use IDs 1 ... 9999 because they might be used by Pilz for system parameters.
Page 22
4 Byte 0 ... 64 (Hamming-coded) In order for the user data to be employed it must be configured on the PITreader. The indi- vidual parameters are created in the configuration. A maximum of 64 parameters can be created on the PITreader.
Page 23
Details of when the permission for a device group will start to be valid. This value can be defined for groups 0 ... 9999. Note: The start date is only evaluated if the Evaluate validity date option is activated for the PITreader. DATETIME End date Details of when the permission for a device group will cease to be valid.
Page 24
Basic coding [ OEM coding [ The identifiers for both codings can be stored on a PITreader. Only the identifier for one of the codings can be stored on the transponder key. The effect of the codings is the same, but they differ in the way the identifiers are changed and deleted on the PITreader and the way in which the transponder key is taught in.
Page 25
5.6.2 OEM coding With OEM coding, a second identifier can be stored in the PITreader to check the transpon- der keys. PITreader devices with OEM coding accept transponder keys with the same OEM identifier or with the right basic identifier (see Basic coding [ 25]).
Page 26
You can lock the authentication of certain transponder keys. Once a transponder key is in the block list, it can no longer be authenticated on the PITreader. This function can be use- ful, for example, when a user has lost his transponder key. It can stop unauthorised per- sons authenticating themselves on the PITreader.
Page 27
Function description 5.9.2 Function codes (Client connections) The Modbus/TCP Server in the PITreader supports the following function codes (FC): Function code Function Read Discrete Input The connection Client reads bit data from the connection Server, data length ≥ 1 bit,...
Page 28
Function description Input Register (Word/16 Bits) PITreader -> Modbus Client, register access read (with FC04) Address Content 3x0001 … 3x0002 PITreader order number (coded) Bits 31 to 24: Product group (00 = empty, 01 = G1) Bits 23 to 20: Revision (00 = empty )
Page 29
The address of the Modbus/TCP Register is displayed in the web applica- tion under Configuration -> User data. The address can also be calculated using the following formula: Address_n = Address_(n-1) + RoundUp_2-Byte ( Length_(n-1) ) Operating Manual PITreader, PITreader Firmware V1.5.x | 29 1004806-EN-08...
Page 30
HTTP(S) connection A connection to a configuration computer can be established via the Ethernet interface. The PITreader can be configured via a web application and it is possible to read and write transponder keys (see also chapters entitled Configuration [...
Page 31
5.11 24 V I/O port The PITreader has a 24 V I/O port. No function is assigned to the I/O port upon delivery. The I/O port can be configured either as an output or an input in the web application. I/O port as output If the I/O port is configured as an output, the current authentication status can be output via this output.
Page 32
Order reference [ 56]). Plug the PITreader base unit (order no. 402 255) on to the neck of the PITreader key ad- apter h (order no. 402 308) and turn it 15° clockwise until it locks into position. Operating Manual PITreader, PITreader Firmware V1.5.x...
Page 33
Install the base unit Dimensions in mm 22.3 44.6 Operating Manual PITreader, PITreader Firmware V1.5.x | 33 1004806-EN-08...
Page 34
2. Connect the PITreader to a controller (PLC, HMI) via the Ethernet interface (X2). Base unit with safe evaluation unit Follow the instructions below: 1. Connect the PITreader to a safe evaluation unit PIT m4SEU (see also PIT m4SEU op- erating manual). Operating Manual PITreader, PITreader Firmware V1.5.x...
Page 35
Connect the configuration PC directly to the Ethernet interface X2 of the PITreader. 2. Adjust IP address of the configuration PC To access the PITreader, the IP address of the PC has to be in the same subnet as the IP address of the PITreader.
Page 36
If you use a self-signed certificate, you will be warned that the connection is not secure when you try to establish a connection to the PITreader. In order to establish a connection, you must add a security exception rule to your web browser.
Page 37
"2-person rule". Location description In the web application, under Configuration -> Settings -> Location description, you can enter a description of the location of the PITreader. A maximum of 47 characters are per- mitted. Data logging with personal data In the web application you can select whether personal data (security ID, user and IP ad- dress) is to be logged in the diagnostic log under Configuration ->...
Page 38
Transponder -> Permissions -> Program. If you are using a locked transponder key or a transponder key that Pilz has pre-pro- grammed in the factory and you have set a basic identifier, you can teach in the transpon- der key to the basic coding under Transponder ->...
Page 39
PITreader that is only used for this purpose. This guarantees that new transponder keys with the OEM identifier can only be created by a person who knows the OEM identifier or who is using a PITreader that has been con- figured specifically for this purpose.
Page 40
You can configure this option for transponder keys with both ba- sic and OEM coding. If you wish to limit coded transponder keys to identically coded PITreader devices, then go to Transponder -> Data, select Limit to PITreaders that are identically coded and then click on Program.
Page 41
Once set, the OEM identifier can no longer be read or displayed. The com- ment field can therefore be used to store a hint for the set OEM identifier. You will need to code all PITreader devices that you supply to your customer with this OEM identifier.
Page 42
In order for the user data to be employed, the parameters must be created on the PITreader. This can be done using the REST API (see operating manual PITreader REST API). Alternatively, a configuration file with the parameters can be imported in the web ap- plication.
Page 43
Under Configuration -> API Clients you can create appropriate connection settings for automated access to device data via the HTTPS interface. A detailed description can be found in the separate document “Operating manual PITreader REST API”. 8.15 Save and restore configuration All the settings that have been made in the web application can be saved in a file.
Page 44
8.16 Reset to default settings The PITreader base unit can be reset to its factory default settings via a short circuit at the terminals TxD/RxD or in the web application. Different data is deleted depending on which type of reset is selected.
Page 45
Firmware update Firmware update If a new firmware version is available, the firmware of the PITreader can be updated. The update is carried out in the web application under Maintenance -> Update firmware. An update package can be downloaded to the device from the download area on the Pilz website.
Page 46
When the transponder key is not inserted: Authentication on the device is blocked (e.g. via 24 V I/O port or single authentication) You’ll find further information in the web applica- tion under Status -> Authentication Operating Manual PITreader, PITreader Firmware V1.5.x | 46 1004806-EN-08...
Page 47
Try to open the web application with the default IP address or Reset the device to its factory default settings. If the PITreader is reset to its default settings via a short circuit at TxD/RxD, the LED as- sumes the following states: Description...
Page 48
Operation 10.3 Diagnostics The PITreader provides options for device diagnostics and statistical evaluation. Diagnostics using the device LED Information regarding evaluation of the device LED can be found under indicator [ 46]. Diagnostics using the diagnostic list (web application) The diagnostic list contains a list of the active alarms. You can read the diagnostic list in the web application under Diagnostics.
Page 49
- Definition of "Median" see [2] Note: If a transponder key is removed and re-inserted within a maximum of 2 s, then this is not evaluated as a new authentication in the statistics. Operating Manual PITreader, PITreader Firmware V1.5.x | 49 1004806-EN-08...
Page 50
Time format: <Day(d) Hour(h) Minute(m) Second(s)> Examples: 1h 0m 1s 1d 0h 20m 5s The median of a series of values is the value that is right in the middle, if you sort the val- ues by size. Operating Manual PITreader, PITreader Firmware V1.5.x | 50 1004806-EN-08...
Page 51
Environmental data Ambient temperature In accordance with the standard EN 60068-2-14 Temperature range -30 - 55 °C Storage temperature In accordance with the standard EN 60068-2-1/-2 Temperature range -30 - 70 °C Operating Manual PITreader, PITreader Firmware V1.5.x | 51 1004806-EN-08...
Page 52
Stripping length with spring-loaded terminals 8 mm Dimensions Height 54 mm Width 72 mm Depth 45 mm Weight 47 g Where standards are undated, the 2018-12 latest editions shall apply. Operating Manual PITreader, PITreader Firmware V1.5.x | 52 1004806-EN-08...
Page 53
2) this product must accept any interference received, including interference that may cause undesired operation. Changes or modifications made to this product not expressly approved by Pilz may void the FCC authorization to operate this equipment. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
Page 56
PITreader S base RFID authentication system, base unit with extended function 402 256 unit range. Required accessories: PITreader key adapter PITreader key ad- 1x PITreader key adapter horizontal + 1x nut for PITreader base 402 308 apter h unit 13.2 Transponder key...
Page 57
European Parliament and of the Council. 2014/53/EU on radio equipment The complete EC Declaration of Conformity is available on the Internet at www.pilz.com/downloads. Authorised representative: Norbert Fröhlich, Pilz GmbH & Co. KG, Felix-Wankel-Str. 2, 73760 Ostfildern, Germany Operating Manual PITreader, PITreader Firmware V1.5.x | 57...
Page 58
We are represented internationally. Please refer to our homepage www.pilz.com for further details or contact our headquarters. Headquarters: Pilz GmbH & Co. KG, Felix-Wankel-Straße 2, 73760 Ostfildern, Germany Telephone: +49 711 3409-0, Telefax: +49 711 3409-133, E-Mail: info@pilz.com, Internet: www.pilz.com...