Walkthrough on configuration card

To not say "there are two kinds of people in this world", I will say that according to your job you see RFID system in different ways.
If you come from Access Control industry, for you the reader with the firmware do all the work. It establishes connection to the card, does the authentication, retrieves the identification number, and transmits this information to the access control system which decides if you have access or not. The first time you used a computer with a desktop reader, you attempted to find this same behavior, but it's not the same, intelligence is now on the software not on the reader.
If you come from Software industry, you live in a LEGO world where the OSI model is the old good king. For you the software do all the work. The first time you used an access control system (AC), you attempted that the reader was managed by the AC.

Anyway, in both cases, RFID software and access control, you meet the same problematic: how to manage sensitive configuration ? On a secure and private RFID environment, you have to deal with data location on the card and access key. Those information are critical.
For software, if someone else than the administrator use it, you can't just store information into a database or configuration file, an insider attacker would quickly break you down. You can't neither impose the configuration on code, it's too rigid and just a time's question before reverse engineering gets all your secrets ; even if sometimes at this day you don't really have the choice depending of your application purpose. Sure, you can let the user enter the configuration each time he wants to use your application, but it's a heavy process, and maybe your customer doesn't want that everybody know the security configuration... Moreover it sounds like "okay, I don't know how to manage this stuff, so let the user decide. If he write keys on a piece of paper I don't care, at least it's not my fault".
For AC, because readers are rarely managed by the AC unit, you can't make your configuration on the AC user interface. Most readers are only unidirectional, you have to set your configuration directly into the reader. Well, if you can only update the reader through connection cables with the appropriate tools, the customer must share his security decision with another company (the AC installer or the reader manufacturer). Because it's a heavy process too, you will think twice before updating a deployed facility.

One solution is to use configuration card.
Configuration card is loaded at the software starting up, it's a secure storage place and nobody could get sensitive information without physically own the card. It's flexible, the same application can use different configuration card. The customer control his security decision alone and updating readers is easy: you just put the configuration card at the front of the reader.
Because you use the configuration card without knowing what is on it, different people can create the card, and using it, you can delegate without breaking the security. You could also add PIN code to configuration card to ensure that only few restricted users can use it.
Some readers with configuration card support have a "reader configuration key" used to authenticate configuration card. That key must be changed before deployment, to be safe against malicious reader reconfiguration.

The bad new is there is no standard about configuration card. If you want to support a configuration card type, you have to contact the company who created it. Thus you can also create your own... whereas each configuration card type contains fundamentally the same informations. Interoperability ?