Sagem Wireless MA520 MA520, OMA520 User Manual User Guide

Sagem Wireless MA520, OMA520 User Guide

Contents

User Guide

          Produced by SAGEM Sécurité  Copyright ©2007 SAGEM Sécurité  www.sagem-securite.com    MorphoAccessTM 500 Series User Guide  July 2007 SK-60806 MorphoAccessTM 500 SeriesUser Guide
 2  SAGEM Sécurité document. Reproduction and disclosure forbidden
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  3    Table of content  INTRODUCTION  552 CAUTION 662 MORPHOACCESSTM PRESENTATION  882 INTERFACES PRESENTATION 992 SYSTEM SYNOPTIC 11112 TERMINAL PRESENTATION 13132 ACCESS CONTROL PRESENTATION 15152 SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER 19192 TERMINAL CONFIGURATION  21212 EASY SETUP ASSISTANT 22222 ADMINISTRATION MENU 26262 UNDERSTANDING MORPHOACCESSTM CONFIGURATION 29292 MODIFYING A PARAMETER USING THE CONFIGURATION APPLICATION 31312 CONFIGURING A NETWORKED MORPHOACCESSTM 34342 UPGRADING THE FIRMWARE 36362 DOWNLOADING A LICENCE 37372 STAND ALONE MODES (NETWORKED OR NOT CONNECTED)  41412 PRELIMINARY: ADDING A BIOMETRIC TEMPLATE IN LOCAL DATABASE 42422 MACCESS APPLICATION: ACCESS CONTROL OR TIME & ATTENDANCE 43432 ACCESS CONTROL BY IDENTIFICATION 45452 ACCESS CONTROL BY IDENTIFICATION (MA-XTENDED LICENCE LOADED)  47472 INTRODUCTION TO CONTACTLESS AUTHENTICATION 50502 AUTHENTICATION WITH BIOMETRIC TEMPLATES ON CARD 52522 PIN VERIFICATION – PIN STORED ON CARD 53532 BIOPIN VERIFICATION - BIOPIN STORED ON CARD 54542 AUTHENTICATION WITH BIOMETRIC TEMPLATES IN LOCAL DATABASE 55552 AUTHENTICATION BASED ON CARD MODE 57572 MULTI-FACTOR MODE 59592 AUTHENTICATION WITH LOCAL DATABASE: ID ENTERED FROM KEYBOARD 60602 AUTHENTICATION WITH LOCAL DATABASE: ID INPUT FROM WIEGAND OR DATACLOCK 62622 BYPASSING THE BIOMETRIC CONTROL IN AUTHENTICATION 65652 RECOGNITION MODE SYNTHESIS 67672 SETTING UP RECOGNITION STRATEGY 68682 SETTING UP MATCHING PARAMETERS 69692
 4  SAGEM Sécurité document. Reproduction and disclosure forbidden   PROXY MODE  72722 PROXY MODE (OR SLAVE) PRESENTATION 73732 PROXY MODE ACTIVATION 74742 APPLICATION CUSTOMIZATION  75752 SETTING UP TIME MASK 76762 MULTILINGUAL APPLICATION 77772 RESULT EXPORTATION  78782 REMOTE MESSAGES: SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER 79792 RELAY ACTIVATION 80802 LOG FILE 81812 LED IN ACTIVATION 82822 SECURITY FEATURES  83832 TAMPER SWITCH MANAGEMENT 84842 PASSWORDS 86862 ANNEX  87872 MORPHOACCESSTM 220 320 COMPATIBILITY 88882 CONTACTLESS MODES TABLE 90902 REQUIRED TAGS ON CONTACTLESS CARD 91912 FAQ  92922 RELATED DOCUMENTS 93932
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  5  IINNTTRROODDUUCCTTIIOONN  Congratulations  for  choosing  the  SAGEM  MorphoAccess™  500  Automatic Fingerprint Recognition Terminal.  MorphoAccessTM 500 Series provides an innovative and effective solution for access control applications using Fingerprint Verification or/ and Identification. Among  a  range  of  alternative  biometric  techniques,  the  use  of  finger  imaging  has significant  advantages:  each  finger  constitutes  an  unalterable  physical  signature, which develops before birth and is preserved until death. Unlike DNA, a finger image is unique to each individual - even identical twins. The  MorphoAccessTM  terminal  integrates  SAGEM  image  processing  and  feature matching algorithms. This technology is based acquired knowledge during 20 years of experience in the field of biometric identification and the creation of literally millions of individual fingerprint identification records. We believe you will find the SAGEM MorphoAccessTM fast, accurate, easy to use and suitable for physical access control or time and attendance. To ensure the most effective use of your SAGEM MorphoAccessTM, we recommend that you read this User Guide entirely.
 6  SAGEM Sécurité document. Reproduction and disclosure forbidden   CCAAUUTTIIOONN  Europe information: SAGEM  hereby  declares  that  the  SAGEM  MorphoAccess™  has  been tested and found compliant with the following listed standards as required by  the  EMC  Directive  89/336/EEC:  EN55022  (1994)  /  EN55024  (1998), EN300-330 (1999) and by the low voltage Directive 73/23/EEC amended by 93/68/EEC: EN60950 (2000). Caution:    The  MA500  terminal  is  a Class  A  device.  In  a  residential environment, this device may cause interference. In this case, the user is encouraged  to try to correct  the interference with appropriated measures such as :  •  Reorient or relocate the receiving antenna. •  Increase the separation between the equipment and receiver. •  Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. •  Consult the dealer or an experienced radio/TV technician for help.  USA information: NOTE: FCC part 15 certificates are pending. This device complies with part 15 of the FCC Rules.  Operation is subject to the following two conditions:  (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Responsible Party: Sagem Morpho Inc, 1145 Broadway Plaza, Suite 200, Tacoma, Washington (USA), 98402, (800) 346-2674. Note: This equipment has been tested and found to comply with the limits for a Class B (MA520, MA521, OMA520, OMA521)  or Class A (MA500) digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  7  •  Reorient or relocate the receiving antenna. •  Increase the separation between the equipment and receiver. •  Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. •  Consult the dealer or an experienced radio/TV technician for help.  Canadian information: NOTE : Industrial Canadian certificates are pending. This  Class  B  (MA520,  MA521,  OMA520,  OMA521)    or  Class  A  (MA500) digital apparatus complies with Canadian ICES-003. Ces  appareils  numériques  de  Classe  B  (MA520,  MA521,  OMA520, OMA521)  ou Classe A (MA500) sont conformes à la norme NMB-003 du Canada.
 8  SAGEM Sécurité document. Reproduction and disclosure forbidden   MMOORRPPHHOOAACCCCEESSSSTTMM  PPRREESSEENNTTAATTIIOONN  MorphoAccessTM is a fingerprint identification device for physical access control, time and  attendance  offering  both  multi-factor  verification  and  identification  capabilities with unequaled level of performance.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  9  IINNTTEERRFFAACCEESS  PPRREESSEENNTTAATTIIOONN  MMaann--mmaacchhiinnee  iinntteerrffaaccee  The  MorphoAccessTM  500  offers  a  simple  and  ergonomic  man-machine interface dedicated to access control based on fingerprint recognition:   A high quality optical scanner to capture fingerprints (1),   A multicolor led (2),   A multi-toned buzzer,   A MifareTM contactless reader on 520 families terminal to read reference templates from a contactless card (3),   A keyboard for time and attendance purpose, configuration and PIN code (4),   A 128x64 display (5).
 10  SAGEM Sécurité document. Reproduction and disclosure forbidden   EElleeccttrriiccaall  iinntteerrffaacceess  The  terminal  offers  multiple  interfaces  dedicated  to  administration  and control information:   A multiplexed Wiegand / DataClock output to export user identifier to a controller (1),   A RS422 or RS485 output (2),   A LED signal output (3),   Two LED IN inputs to improve integration in an Central Security Controller (4),   A relay to directly command an access (door lock) (5),   A tamper switch to detect that the back cover has been removed (6),   A multiplexed Wiegand / DataClock input to receive user identifier from an external badge reader (7),   An Ethernet interface (LAN 10/100 Mbps) allowing remote management through TCP (8),   A Power Over Ethernet Interface (LAN 10/100 Mbps) allowing remote management and supplying power through TCP (9).             The  MA500  Series  Installation  Guide  describes  precisely  each  interface and connection procedure.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  11  SSYYSSTTEEMM  SSYYNNOOPPTTIICC  TTyyppiiccaall  aarrcchhiitteeccttuurree  iinncclluuddiinngg  aa  MMoorrpphhooAAcccceessss™™,,  aa  HHoosstt  SSyysstteemm  aanndd  aa  CCeennttrraall  SSeeccuurriittyy  CCoonnttrroolllleerr                 MMoorrpphhooAAcccceessss™™  bbiioommeettrriicc  ddaattaabbaassee  mmaannaaggeemmeenntt  The management of the MorphoAccess™ internal biometric database can be  done  either  locally  (through  the  terminal  Man  Machine  Interface),  or remotely  by  a  Host  System  (typically  MEMSTM).  These  two  exclusive management modes are defined as the: •  Local management mode •  Remote management mode MMoorrpphhooAAcccceessss™™  ooppeerraattiinngg  mmooddee  The MorphoAccess™ works according two exclusive operating modes.  •  In  Stand  Alone  Mode  (terminal  networked  or  not  connected)  the terminal  can  operate  two  applications:  Access  Control  or  Time  & Attendance. When the terminal is networked the biometric database can  be  managed  by  a  Host  System  and  downloaded  to  the MorphoAccess™. When the terminal is not networked the database is managed locally.
 12  SAGEM Sécurité document. Reproduction and disclosure forbidden   •  Unlike  the  Stand  Alone  Mode  in  Proxy  Mode  the  terminal  is remotely  operated  by  a  host  application  that  sends  individual commands to the MorphoAccess™. MMoorrpphhooAAcccceessss™™  rreessuulltt  sseennddiinngg  When the biometric identification is positive, the person ID can be sent to a Central Security Controller, for further action such as opening doors. MMoorrpphhooAAcccceessss™™  kkeeyybbooaarrdd  sshhoorrtt  ccuutt  The keyboard short cuts are: Key   and    activates LLT mode Key   and    increases the screen contrast Key   and    reduces the screen contrast Key     and   reboots the terminal.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  13  TTEERRMMIINNAALL  PPRREESSEENNTTAATTIIOONN  A MorphoAccessTM 500 is running with 4 applications dedicated to a given need. MMAACCCCEESSSS  This is the main application, dedicated to biometric control. It is possible to leave this application to launch other application. The current User Guide details the application features. EENNRROOLLMMEENNTT  This  application  allows  enrolling  users  in  the  terminal  when MorphoAccessTM  is  not  connected  to  an  external  network  (Local management mode). The created database can be saved ciphered on a USB key and exported to other stand alone MorphoAccessTM. The User Management Password protects this application. Please  refer  to  Enrolment  Application  User  Guide  for  more  information about this application. CCOONNFFIIGGUURRAATTIIOONN  This application allows modifying the main application parameters. Parameters are divided into files, sections and keys. The Terminal Configuration Password protects this application. Please refer to Configuration Application User Guide for more information about this application. LLOOGGSS  VVIIEEWWEERR  This  application  allows  consulting  the  local  event  diary  stored  by  the MorphoAccessTM. The User Management Password protects this application. Please refer to Logs Viewer Application User Guide for more information about this application.
 14  SAGEM Sécurité document. Reproduction and disclosure forbidden   MMuullttii--aapppplliiccaattiivvee  aarrcchhiitteeccttuurree  ssyynntthheessiiss
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  15  AACCCCEESSSS  CCOONNTTRROOLL  PPRREESSEENNTTAATTIIOONN  The  MorphoAccessTM  works  according  two  biometric  recognition  modes: identification  or  authentication.  Identification  and  authentication  can  be activated at the same time (multi-factor mode). IIddeennttiiffiiccaattiioonn  ((11  vvss..  NN))  The captured fingerprint is matched against a database – 1 vs. N. Biometric  templates  are  stored  in  terminal  local  database. Depending on the installed licence, the terminal can store 3000 users (2 fingers per user) in  its  local  database  or  50  000  users  divided  in  5  bases  of  10000  users each. In  this  mode  the  sensor  will  be  always  switched  on,  waiting  for  a  finger. The captured fingerprint is matched against the whole database.         If the user is matched the ID is returned to the Central Security Controller. If  the  user  is  not  recognized  a  no-match  message  is  sent  to  the  Central Security Controller. See section Access Control By Identification.
 16  SAGEM Sécurité document. Reproduction and disclosure forbidden   AAuutthheennttiiccaattiioonn  wwiitthh  rreeffeerreennccee  tteemmppllaatteess  iinn  ccaarrdd  ((11  vvss..  11))  The captured fingerprint is matched against a reference template – 1 vs. 1. User biometric templates are stored on a contactless card.           If the user is matched the ID is returned to the Central Security Controller. If  the  user  is  not  recognized  a  no-match  message  is  sent  to  the  Central Security Controller. See section Access Control By Authentication.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  17  AAuutthheennttiiccaattiioonn  wwiitthh  rreeffeerreennccee  tteemmppllaatteess  iinn  tteerrmmiinnaall  ((11  vvss..  11))  The captured fingerprint is matched against a reference template – 1 vs. 1. User  minutiae  are  stored  into  the  local  database.  In  this  case  the  user identifier is used as a key to find the minutiae. The user identifier can be sent  through  Wiegand,  DataClock,  typed  on  keyboard  or  stored  on  a contactless card. MMuullttii--FFaaccttoorr  rreeccooggnniittiioonn  It  is  possible  to  combine  multifactor  such  as,  what  I  have  (a  contactless smart card), what I know (PIN code), and what I am (biometric templates).
 18  SAGEM Sécurité document. Reproduction and disclosure forbidden   PPrrooxxyy  mmooddee  Proxy Mode is not strictly speaking a recognition mode. In this mode, the MorphoAccessTM  works  as  a  slave  waiting  for  external  commands  such as:   Identification,   Verification,    Relay activation,   Read data on a contactless card,   …            Chapter Proxy mode gives more information about remote management. Please refer to MorphoAccess™ Host System Interface Specification for a complete description of command. TCP-IP Proxy commands:    Identification    Verification    Relay activation    Read card    …
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  19  SSEENNDDIINNGG  TTHHEE  IIDD  TTOO  TTHHEE  CCEENNTTRRAALL  SSEECCUURRIITTYY  CCOONNTTRROOLLLLEERR  If  the  user  has  been  recognized,  the  terminal  may  trigger  the  access  or returns the corresponding ID to the Central Security Controller. Welcome John Doe IDENTIFIED      If the user has not been recognized, the terminal can return the failure to Central Security Controller. NOT IDENTIFIED  Please retry               Various  messages  or  interfaces  can  be  activated  to  send  or  store  the control result. Relay After  a  successful  control  the  MorphoAccess™  relay  may  be  activated during a given period. Wiegand Id Emission The  ID  of  the  recognized  user  can  be  sent  through  the Wiegand  output. The format of the frame may be defined. DataClock Id Emission The ID of the recognized user can be sent through the DataClock output.  Control result:   RS485/422   Wiegand   DataClock   Ethernet
 20  SAGEM Sécurité document. Reproduction and disclosure forbidden   Ethernet Id Emission The ID of the recognized user can be sent through the Ethernet link. The administrator may set the port and defined the protocol. RS485/422 Control information can be sent through RS485/422 link. Local Diary (log) A local file will store logs. This  diary  can  be  downloaded  by  the  Host  System  or  consulted  on  the terminal.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  21  TTEERRMMIINNAALL  CCOONNFFIIGGUURRAATTIIOONN  This  chapter  details  how  to  configure  the  MorphoAccessTM.  A  parameter  can  be changed directly on the terminal or remotely through a network. A “first start assistant” named “Easy Setup” helps the administrator to define quickly a configuration “plug’n play” with an existing physical Access Control System.
 22  SAGEM Sécurité document. Reproduction and disclosure forbidden   EEAASSYY  SSEETTUUPP  AASSSSIISSTTAANNTT  AAssssiissttaanntt  iinniittiiaalliizzaattiioonn  When the MorphoAccessTM starts for the first time an “assistant” helps the administrator to configure easily the main functions. EASY SETUP GREEN: VALID YELLOW: CORR., NEXT RED: ABORT, PREVIOUS NEXT  Key   validates the choice. Key   goes to next step. Key   returns to previous step. LLaanngguuaaggee  sseelleeccttiioonn  It  is  possible  to  choose  the  language  of  the  application  among  installed languages. APPLICATION LANGUAGE 1 – ENGLISH 2 – DEUTSCH 3 – ESPANOL 4 - FRANCAIS DDaattee  aanndd  ttiimmee  ccoonnffiigguurraattiioonn  Date and time can be configured. Date format is MM/DD/YYY. Key   deletes a character. Key   validates the selection. ENTER DATE 08/25/200_ MM/DD/YYYY  VALID
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  23  NNeettwwoorrkk  sseettttiinnggss  Static or dynamic configuration It is possible to choose between static or dynamic network configurations. DHCP 1 – Enable  [●] 2 – Disable  [  ]   DHCP disabled If DHCP is disabled following parameters must be set:   IP address,   Network mask,   Default gateway. ENTER IP ADDRESS 10.10.161.3_   VALID  DHCP enabled With DHCP only the terminal hostname on the network is required. ENTER HOSTNAME MA0789652_   VALID  RReeccooggnniittiioonn  mmooddee  Once  IP  parameters  are  defined  next  step  is  to  define  the  recognition mode. RECOGNITION MODE 1 – Identification  [●] 2 – Contactless  [  ] 3 – MultiFactor  [  ]
 24  SAGEM Sécurité document. Reproduction and disclosure forbidden   MorphoAccessTM 500 can only be configured in identification mode (other modes could be configured later). MorphoAccessTM 520 can be configured in identification mode, contactless authentication  or  multi-factor  mode  (identification  and  contactless authentication modes are merged ). OOuuttppuutt  iinntteerrffaaccee  Last step allows defining the interface required to export the control result. INTERFACE PARAMETERS 1 – Wiegand [OFF] 2 – DataClock [OFF] 3 – ID on UDP [OFF] 4 – Next Each interface can be configured and activated independently. Select 4 – Next to go to next step. Wiegand configuration Three protocols are available 26, 32 and 34 bits. For other Wiegand configurations,  please refer to  chapter Authentication: ID input from Wiegand. WIEGAND 1 – 26 bits  [●] 2 – 34 bits  [  ] 3 – 32 bits  [  ] 4 – OFF  [  ] DataClock configuration DataClock  interface  can  be  activated  –  but  is  multiplexed  with  Wiegand output. UDP activation UDP remote messages can also be activated. The server IP address must be specified. SERVER IP ADDRESS 10.10.161.7_   VALID
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  25  PPaasssswwoorrdd  ccoonnffiigguurraattiioonn  Last step consists in changing the passwords. PASSWORDS 1 – Terminal Config. 2 – User Management 3 – Reset User Mgt. 4 – Next Select 4 – Next to leave the assistant. The terminal must reboot to apply the changes. EASY SETUP END REBOOT THE TERMINAL?  NEXT  ABORT Press NEXT to reboot the terminal. Press ABORT to return to password management. RReessttaarrttiinngg  ““EEaassyy  SSeettuupp””  MorphoAccessTM “Easy Setup” can be restarted using the End Menu.
 26  SAGEM Sécurité document. Reproduction and disclosure forbidden   AADDMMIINNIISSTTRRAATTIIOONN  MMEENNUU  AAcccceessss  ttoo  AAddmmiinniissttrraattiioonn  MMeennuu  Place your finger for Identification Please      The  main  application  can  be  interrupted  using the  escape  sequence. Hit the following keys in sequence: ,   then  . If  the  biometric  database  is  not  empty,  the  terminal  accepts  a  finger registered  as  administrator  instead  of  the  valid  User  Management Password Code.  By default User Management Password is “12345”. USER MANAGEMENT CODE Present your finger please Or enter password: ***|  If  the  Administrator  uses  the  default  password  it  is  possible  to  change  it immediately. USER MANAGEMENT CODE Default password! Do you want to change it?  ? YES  LATER   For  security,  we  strongly  recommend  you  to  change  the  terminal default password. AAddmmiinniissttrraattiioonn  MMeennuu  ffeeaattuurreess  MA5XX APPLICATION 1 – Information 2 – Settings 3 – More functions…
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  27  IInnffoorrmmaattiioonn  MMeennuu  MA5XX APPLICATION 1 – Information 2 – Settings 3 – More functions…  Select Information to access to terminal and sensor information: INFORMATION 1 – Terminal Info 2 – Sensor Info   Terminal information Select Terminal Info to access to the following information: Terminal information  Description  Example 1 – Type  Terminal type  520 2 – Serial Number  Terminal serial number 053535353A 3 – Soft. Version  Terminal main software version (MACCESS) V01.20.04 4 – IP Address  Terminal IP address  134.1.32.214 5 – MAC Address  Terminal MAC address 00:60:4C:69:53:53
 28  SAGEM Sécurité document. Reproduction and disclosure forbidden   Sensor information Select Sensor Info to access to the following information: Sensor information  Description  Example 1 – Product Info  MSO Biometric product information (type, licence, serial number, ID) MSO300 MSO_MA_IDENTLITE OEM SN: 0709F151008 OEM ID: 25194664 2 – Sensor Info  Sensor information (flash size, serial number, ID) Flash: 4096 Ko SN: 0710A010026 ID: 25115841-4 3 – Soft. Info  Sensor software version MSO V08.01.d-C
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  29  UUNNDDEERRSSTTAANNDDIINNGG  MMOORRPPHHOOAACCCCEESSSSTTMM  CCOONNFFIIGGUURRAATTIIOONN  PPrreesseennttaattiioonn  MorphoAccessTM  parameters  are  stored  into  files  organized  in  sections and values. For  example  a  file  named  “app.cfg”  contains  all  the  parameters  defining the main application settings. [bio ctrl] identification=1 nb attempts=2 … [log file] enabled=1 … CCoonnffiigguurraattiioonn  oorrggaanniizzaattiioonn  The application creates several files:   app.cfg,   adm.cfg,   bio.cfg,   net.cfg,   fac.cfg, The  app.cfg  file  contains  the  application  settings,  adm.cfg  contains administration  parameters,  bio.cfg  the  biometric  sensor  settings,  net.cfg Ethernet parameters, fac.cfg the factory parameters. Two files are reserved by the system to store factory settings and network parameters:   fac.cfg,   net.cfg. MMooddiiffyyiinngg  aa  ppaarraammeetteerr  There are two ways to modify a parameter:   Directly on the terminal using the Configuration Application,   Remotely  through  Ethernet  or  Serial  link  with  a  client  application running on the Host System.
 30  SAGEM Sécurité document. Reproduction and disclosure forbidden   NNoottaattiioonn  In this manual a parameter is presented using this formality: “Short parameter description” file/section/parameter  Value For example to activate recognition mode based on identification this key must be set to 1: Access control by identification app/bio ctrl/identification  1
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  31  MMOODDIIFFYYIINNGG  AA  PPAARRAAMMEETTEERR  UUSSIINNGG  TTHHEE  CCOONNFFIIGGUURRAATTIIOONN  AAPPPPLLIICCAATTIIOONN  The Configuration Application allows changing a parameter directly on the terminal. You  must  exit  a  possible  running  application  to  display  the  application selection menu. If  the  main  application  is  running,  it  must  be  quit  using  the  escape sequence: ,   then  . Then  enter  the  Terminal  Configuration  Password  to  access  to  the Administration Menu. Select “Quit” to exit the Access Control application. Press   to display the functions menu. Select 3 − CONFIGURATION to launch the Configuration Application. The  Configuration  Application  is  fully  detailed  in  the  Configuration Application User Guide. This chapter only offers a brief description. FUNCTIONS 0 −−−− TELIUM MANAGER 1 −−−− ENROLMENT  2 −−−− MACCESS 3 −−−− CONFIGURATION                           ↓↓↓↓ KKeeyyss  rroollee  Keys   and   change the current selection. Key   deletes a character or goes to previous screen. Key   confirms the change. Key   quits the application.
 32  SAGEM Sécurité document. Reproduction and disclosure forbidden   CChhaannggiinngg  aa  ppaarraammeetteerr  A main menu allows selecting the file to modify. FILE SELECTION 1 −−−− bio 2 −−−− app 3 −−−− adm 4 −−−− exe When a file has been selected it is possible to choose a section. [APP] 1 −−−− bio ctrl 2 −−−− contactless 3 −−−− relay 4 −−−− send ID UDP The parameter list contains all parameters available in a section. [APP]/BIO CTRL 1 −−−− authent ID keyboard 2 −−−− identification 3 −−−− authent card mode 4 −−−− nb attempts It is possible to display parameter one by one in a given section. [app]/bio ctrl authent ID keyboard True  EDIT  <<  >> EXIT The edition menu will depend on the parameter type.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  33  Binary choice [app]/bio ctrl authent ID keyboard True  [●] False  [  ]   IP address [app]/send ID udp host address 134.  .1  .32  .214
 34  SAGEM Sécurité document. Reproduction and disclosure forbidden   CCOONNFFIIGGUURRIINNGG  AA  NNEETTWWOORRKKEEDD  MMOORRPPHHOOAACCCCEESSSSTTMM  IInnttrroodduuccttiioonn  A  PC  (running  with  MEMSTM  for  example)  connected  to  a MorphoAccess™  can  manage  the  terminal.  Available  remote  operations are:   Biometric template addition,   Control settings modification,   Configuration reading,   Local database deletion,   Record deletion,   Control diary downloading,   Firmware upgrade. The PC acts as a client for the MorphoAccess™.            The MorphoAccessTM works as a server waiting for request from a client. The  client  will  send  biometric  templates  to  the  terminal  and  manage  the local database. Please refer to MorphoAccess™ Host System Interface Specification for a complete description of TCP administration. This document  explains how to create a database and store biometric records in this base. TCP-IP Remote management:   Change mode   Add template   Get configuration  …
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  35  NNeettwwoorrkk  ffaaccttoorryy  sseettttiinnggss  By default  the  terminal IP  address  is  134.1.32.214. This  address  can  be changed through Ethernet or with the Configuration Application. The default server port is 11010. MMooddiiffyyiinngg  aa  kkeeyy  uussiinngg  ““ccoonnffiigguurraattiioonn  ttooooll””  Configuration  Tool  allows  changing  parameters.  This  program  is  an illustration of utilization of the TCP API. Please refer to Configuration Tool User Guide for more information about this program.
 36  SAGEM Sécurité document. Reproduction and disclosure forbidden   UUPPGGRRAADDIINNGG  TTHHEE  FFIIRRMMWWAARREE  It is possible to upgrade your MorphoAccessTM firmware through Ethernet. Two  package  types  are  available.  One  dedicated  to  terminal  system, another one dedicated to biometric library. Use the Downloader to upgrade your terminal system. Use the BioLoader to upgrade your terminal biometric library. Please  refer  to  the  MA500  Series  Upgrade  Tools  User  Guide  for  more information about upgrade procedures.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  37  DDOOWWNNLLOOAADDIINNGG  AA  LLIICCEENNCCEE  By  default  the  MorphoAccessTM  can  match  a  fingerprint  against  3000 users  database.  This  database  configuration  corresponds  to  a  basic licence (MSO_MA_IDENTLITE). MA-Xtended  licence  (MSO_MA_IDENTPLUS)  allows  to  extend MorphoAccessTM  recognition  capabilities  to 5  databases of  10  000 users (2 fingers per user). CChheecckkiinngg  tthhee  lliicceennccee  iinnssttaalllleedd  iinn  tthhee  MMoorrpphhooAAcccceessss™™  To  display  the  licence  installed  in  the  MorphoAccess™,  display  the Administration  Menu,  select  “Information”,  “Sensor  Info”  then  “Product Info”. PRODUCT INFO MSO 300 MSO_MA_IDENTPLUS OEM SN: 0725F152306 OEM ID: 251946640 VALID  AAvvaaiillaabbllee  lliicceenncceess  Licence Default ( MSO_MA_IDENTLITE )  1 database of 3000 users MA-Xtended  ( MSO_MA_IDENTPLUS )  5 databases of 10 000 users ( UNKNOWN LICENCE )  contact the SAGEM support MSO_MA_IDENTPLUS licence can be loaded in the MorphoAccess™.
 38  SAGEM Sécurité document. Reproduction and disclosure forbidden   UUppggrraaddee  ttoo  MMAA--XXtteennddeedd  lliicceennccee  ((11//22))::  oobbttaaiinniinngg  ddeevviiccee  sseerriiaall  nnuummbbeerr  The MorphoAccess™ 500 must be connected to a LAN. Launch  the  Terminal Licence  Manager  tool,  connect  to  the MorphoAccess™ and retrieve the terminal device serial number.  Device serial number has the following format “OEM ID-OEM SN”. Copy this string to the “clipboard”.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  39  UUppggrraaddee  ttoo  MMAA--XXtteennddeedd  lliicceennccee  ((22//22))::  ddoowwnnllooaaddiinngg  aa  MMAA--XXtteennddeedd  lliicceennccee  Connect  to  our  customer  support  web  site:  https://www.sagem-ds.com/biometrics-customersupport.      In the licence generator section enter your customer login and password. Xtended licence corresponds to MSO_MA_IDENTPLUS licence. Select this licence and copy the device serial number. You will receive obtain your licence number by email. You have to introduce the licence data send by the web server in the dialog box (Step 2).  You  can use the Get  data  from file  button  to copy the  data from a file.  If you received the licence by the Hotline then introduce it in the dialog box formatted MSO_MA_IDENTPLUS licence Then,  use  the  Transfer button  to  really  process  the  loading  of  the device (Step 3).  At any time, you can stop the procedure by using the Cancel button Copy the complete string in Licence Manager tool. If you receive your licence by email, select Get data from file. Load the licence in the MorphoAccess.
 40  SAGEM Sécurité document. Reproduction and disclosure forbidden    The  software  confirms  the  operation  with  the  following  dialog  box  (the license is now loaded in your MorphoAccessTM device)   or signals a problem with a dialog box.   The  display  of  the  base  number  ‘00’  display  on  the  MorphoAccess™ screen  means  the  license  “MSO_MA_IDENTPLUS”  has  been  correctly set.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  41  SSTTAANNDD  AALLOONNEE  MMOODDEESS  ((NNEETTWWOORRKKEEDD  OORR  NNOOTT  CCOONNNNEECCTTEEDD))  The  MorphoAccessTM  works  according  two  biometric  recognition  modes: identification  or  authentication.  Identification  and  authentication  can  be  activated  at the same time (multi-factor mode). In  Stand  Alone  Mode  the  terminal  can  operate  two  applications:  Access  Control  or Time & Attendance.
 42  SAGEM Sécurité document. Reproduction and disclosure forbidden   PPRREELLIIMMIINNAARRYY::  AADDDDIINNGG  AA  BBIIOOMMEETTRRIICC  TTEEMMPPLLAATTEE  IINN  LLOOCCAALL  DDAATTAABBAASSEE  The management of the MorphoAccess™ internal biometric database can be  done  either  locally  (through  the  terminal  Man  Machine  Interface),  or remotely by a Host System. These two exclusive management modes are defined as the: •  Local management mode •  Remote management mode LLooccaall  eennrroollmmeenntt        The  local  database  can  be  exported  ciphered  to  other  MA5xx  devices using a USB key. The Enrolment Application is dedicated to this function. Please  refer  to  Enrolment  Application  User  Guide  for  a  complete description of local enrolment facilities. RReemmoottee  mmaannaaggeemmeenntt  The  user  is  enrolled  on  an  Enrolment  Station  (typically  a  station  with MEMSTM) and biometrics templates are exported to  the MorphoAccessTM via Ethernet network or USB key.          This architecture allows managing many MorphoAccessTM databases from one PC client station.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  43  MMAACCCCEESSSS  AAPPPPLLIICCAATTIIOONN::  AACCCCEESSSS  CCOONNTTRROOLL  OORR  TTIIMMEE  &&  AATTTTEENNDDAANNCCEE  MorphoAccess™ application can be configured to work in physical access control  mode  or  in  time  and  attendance  mode.  In  this  configuration, MorphoAccessTM  events  logged  can  be  enriched  with  some  attendance information (entry, exit...). When  the  time  attendance  feature  is  activated  the  main  screen  may display 2 or 4 functions. FFoouurr  ffuunnccttiioonnss  mmooddee::  Time Attendance (4 functions) app/modes/time and attendance  2  TIME ATTENDANCE 15:26 OCT 08 2006         TTwwoo  ffuunnccttiioonnss  mmooddee::  Time Attendance (2 functions) app/modes/time and attendance  1  TIME ATTENDANCE 15:27 OCT 08 2006
 44  SAGEM Sécurité document. Reproduction and disclosure forbidden   When entering, the user has to press key   to log his entry time.  When exiting, the user has to press key   to log his exit time. For particular uses such as temporary absences, two additional functions corresponding to function keys 2 and 3 can be displayed. After  selection,  the  MorphoAccessTM  switches  in  biometric  mode (identification or authentication). The selected function is written in the log file and sent to the host. If the user has selected the wrong operation (IN/OUT...), key   can be pressed at any moment during biometric invitation to abort the verification. In this case, nothing is logged or sent to the controller. After 10 seconds of inactivity on identification mode (no finger detected on the  sensor),  the  terminal  switches  back  to  the  selection  screen.  In  this case the operation result is logged and/or sent to the controller (time-out). To disable Time Attendance mode set app/modes/time and attendance to 0. NNoottee  aabboouutt  tteerrmmiinnaall  cclloocckk  ddeevviiaattiioonn  The terminal clock has a +/- 4 sec per day typical time deviation at +25°C. At 50°C, the time deviation may be up to -8 sec per day. For  application  requiring  time  precision,  MorphoAccess™  clock  must  be synchronised regularly with an external clock.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  45  AACCCCEESSSS  CCOONNTTRROOLL  BBYY  IIDDEENNTTIIFFIICCAATTIIOONN  Access control by identification app/bio ctrl/identification  1 To  configure  MorphoAccessTM  terminal  in  this  mode,  set  the  parameter app/bio ctrl/identification to 1. After  starting  the  MorphoAccessTM  terminal waits  for fingerprint  detection in identification mode. The sensor is lighted on. Place your finger for Identification Please      The user can present a finger to launch identification process. Remove finger Analyzing …       If the identification is successful, the terminal triggers the access or returns the corresponding ID to central security controller.  The  ID  can  be  sent  through  various  interfaces.  Please  refer  to MorphoAccess™  Remote  Messages  Specification  for  a  complete description of “hit” and “no hit” messages. Result is displayed on terminal screen. Welcome John Doe  Identified.       Once the user identification is done, the terminal automatically loops back and waits for a new finger. At  least  one  user  (biometric  template)  must  be  stored  in  the  local database. In this configuration up to 3000 users with 2 biometric templates each can be stored.
 46  SAGEM Sécurité document. Reproduction and disclosure forbidden   If  the  terminal  is  running  in  identification  mode  with  an  empty  database, the sensor is off and the following screen is displayed. Empty Database Please contact Administrator      DDiissaabblliinngg  iiddeennttiiffiiccaattiioonn  Set app/bio ctrl/identification to 0 to disable identification (Proxy Mode).
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  47  AACCCCEESSSS  CCOONNTTRROOLL  BBYY  IIDDEENNTTIIFFIICCAATTIIOONN  ((MMAA--XXTTEENNDDEEDD  LLIICCEENNCCEE  LLOOAADDEEDD))  It  is  possible  to  increase  MorphoAccess™  500  biometric  database  size thanks  to  a  licence  (MA-Xtended  licence):  the  MorphoAccess™  then manages 5 bases of 10 000 users. Access control by identification with MA-Xtended licence app/bio ctrl/identification  1 To  configure  MorphoAccess™  terminal  in  this  mode,  set  the  parameter app/bio ctrl/identification to 1 and verify that MA-Xtended licence has been loaded. Please refer to chapter Downloading a licence to know how to upgrade the MorphoAccessTM with MA-Xtended licence. After  starting  the  MorphoAccess™  terminal waits  for  fingerprint  detection in identification mode. The sensor is lighted on. If  an  MA-Xtended  licence  is  loaded  it  is  possible  to  choose  the  active database. To select a user database, just press a key number to toggle the database number. By default, databases 0 to 4 can be selected and used.  Database 0 is the default database. Place your finger for Identification Please 4  14:25   The user can present a finger to launch identification process. If the identification is successful, the terminal triggers the access or returns the corresponding ID to Central Security Controller.  Once the user identification is done, the terminal automatically loops back to database 0 and waits for a new finger. At least one fingerprint must be stored in the local database. If the selected database is empty or does not exist, the sensor is off and the following screen is displayed. Empty Database Please contact Administrator 2      Set app/bio ctrl/identification to 0 to disable identification (Proxy Mode).
 48  SAGEM Sécurité document. Reproduction and disclosure forbidden   DDaattaabbaassee  nnuummeerraattiioonn  MA-Xtended  licence extends  biometric database capacity from 1 base  of 3000 users to 5 bases of 10000 users. In this configuration the user must select  his  database  number  (from  0  to  4)  before  presenting  a  finger  to launch identification process. For  user  convenience    MorphoAccess™  300  series  it  is  also  possible  to activate a “16 databases mode”. In this mode the user selects a database number  between  0  and  15,  and  presents a finger  to  launch  identification process. Database selection  The  base  identification  is  a  two  digit  number,  with  a  leading  zero  when required.  The  default  selected  base  is  the  base  with  the  identification  is “00”. Pressing a decimal key changes the base to use by modifying the current identification number: the higher digit is replaced by the unit digit and the unit number is replaced by the entered digit. It means that is the “x” key is pressed  while  the  selected  base  number  is  “yz”,  then  the  new  selected base will be “zx”, if it exists. Valid base numbers are from 00 to 15, then if the selected base number is higher than “15”, then the number of the default base (00) is automatically forced. Key   allows to select a database from 10 to 15. For To select database 13  press    then  ,  just  press  a  key  number  to  toggle  the  database number. By default, databases 0 to 4 can be selected and used. Access control by identification with MA-Xtended licence app/bio ctrl/identification  1 From the terminal point of there is still 5 biometric databases. MorphoAccess™ 300 series Or  MorphoAccess™ 500 series MorphoAccess™ 500 series (MA-Xtended licence) Database   0,1,2 0 3,4,5  1 6,7,8  2 9,10,11  3 12,13,14,15  4
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  49  MEMS™  will  automatically  associates  the  user  to  the  right  base.  For example a user stored into database 4 on a MorphoAccess™ 300 will be stored into database 1 on a MorphoAccess™ 500.
 50  SAGEM Sécurité document. Reproduction and disclosure forbidden   IINNTTRROODDUUCCTTIIOONN  TTOO  CCOONNTTAACCTTLLEESSSS  AAUUTTHHEENNTTIICCAATTIIOONN  Various  recognition  modes  can  be  applied  depending  on  the  templates location (card or terminal database) and the required security level. This mode supposes that the user swipes a MifareTM card containing some structured data (identifier, biometric templates, PIN code)... Data  are  localized  on  the  card  by  a  block  (“B”  parameter)  and  are protected by a key (defined by “C” parameter). The “C” parameter defines which key is used during the authentication with the card. For a complete description of card structure and access mode,please refer to MorphoAccess™ Contactless Card Specification. First bloc to read app/contactless/B  1-215 Key number to present app/contactless/C  1, 2, 3 Following recognition modes are available: Authentication with biometric templates on card: Captured  fingerprints are matched against templates read  on  the card (PK). Identifier and biometric templates must be stored on the card. In  this  mode  it  is  also  possible  to  check  a  PIN  code  before  the authentication and to replace the biometric authentication by a BIOPIN code check. The BIOPIN code is used when user’s biometric templates are not available (a visitor for example). Authentication with biometric templates on local database: Captured fingerprints are matched against templates read from the local database. Only the identifier is required on the card. Authentication based on “tag” card mode: Depending on the card mode either templates are read on the card or the  control  can  be  bypassed  (visitor mode).  The  card  mode  tag must be stored on the card. It is possible to check PIN code before the authentication and to replace the biometric authentication by a BIOPIN check. It  is  also  possible  to  skip  the  biometric  control:  in  this  case  the  terminal acts as a contactless card reader.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  51  Contactless  authentication  can  be  combined  with  a  local  identification (multi-factor mode).
 52  SAGEM Sécurité document. Reproduction and disclosure forbidden   AAUUTTHHEENNTTIICCAATTIIOONN  WWIITTHH  BBIIOOMMEETTRRIICC  TTEEMMPPLLAATTEESS  OONN  CCAARRDD  Authentication with biometric templates on contactless card app/bio ctrl/authent PK contactless  1 MorphoAccessTM  520  can  work  in  contactless  authentication  mode:  the user  presents  its  card,  the  terminal  reads  the  reference  biometric templates on the card and launches a biometric control based on the read templates. In  this  case  the  card  will  contain  the  user  identifier  and  biometric templates: no local database is required. To trigger authentication, user should present his card to the terminal. Please Present Contactless Smart Card      If  card  contains  user  templates,  user  is  invited  to  present  his  finger  for biometric authentication. Place your finger For Authentication Please      If  the  authentication  is  successful,  the  terminal  triggers  the  access  or returns the corresponding ID to central security controller. Once  the user  authentication  is finished,  the terminal  automatically loops back and waits for a new card presentation. Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN Contactless authentication  Yes No  Yes Yes No  No Card  structure  is  described  in  MorphoAccess™  Contactless  Card Specification.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  53  PPIINN  VVEERRIIFFIICCAATTIIOONN  ––  PPIINN  SSTTOORREEDD  OONN  CCAARRDD  If  a  reference  PIN  code  is stored  on  the  card  it  is  possible  to  check  this code before controlling the fingerprints. PIN code verification app/bio ctrl/control PIN  1 To trigger authentication, user should present his card to the terminal. Please Present Contactless Smart Card      If card contains a PIN code, user is invited to enter his PIN code.  Please enter PIN ***  VAL        COR If the PIN code is correct, user is invited to presents his finger for biometric authentication. Place your finger For Authentication Please      If  the  authentication  is  successful,  the  terminal  triggers  the  access  or returns the corresponding ID to central security controller. It  is  also  possible  to  activate  this  mode  independently  of  biometric authentication. In this case, only the PIN code is checked. Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN PIN code verification  Yes No  No  No  Yes No PIN then authentication  Yes No  Yes Yes Yes No
 54  SAGEM Sécurité document. Reproduction and disclosure forbidden   BBIIOOPPIINN  VVEERRIIFFIICCAATTIIOONN  --  BBIIOOPPIINN  SSTTOORREEDD  OONN  CCAARRDD  In this mode the card should contain a BIOPIN code. The goal of this code is to replace fingerprints authentication by BIOPIN code verification. BIOPIN code verification app/bio ctrl/control BIOPIN  1 To trigger the BIOPIN code verification, user should present his card to the terminal. If card contains user BIOPIN, user is invited to enter it.  Please enter biometric PIN ***  VAL        COR If  the  BIOPIN  is  correct,  the  terminal  triggers  the  access  or  returns  the user ID to the central security controller. BIOPIN control replaces fingerprint authentication. This mode can be combined with a preliminary PIN code verification. It  is  also  possible  to  activate  the  fingerprint  control  (configuration  key “authent  PK  contactless”  set  to  1):  in  this  case  the  terminal  will  control fingerprint if templates are stored on the card or BIOPIN if only a BIOPIN is stored on the card. Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN BIOPIN code verification  Yes No  No  No  No  Yes
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  55  AAUUTTHHEENNTTIICCAATTIIOONN  WWIITTHH  BBIIOOMMEETTRRIICC  TTEEMMPPLLAATTEESS  IINN  LLOOCCAALL  DDAATTAABBAASSEE  In this mode only the ID is read on the card. If the ID exists in the biometric database,  the  MorphoAccess™  performs  an  authentication  using  the biometric templates associated to this ID. The  ID  can  be  stored  into  a  TLV  structure  (typically  a  card  encoded  by MEMS™) or directly read at a given offset of the card (binary ID). AASSCCIIII  IIDD,,  ssttrruuccttuurreedd  ddaattaa  Contactless authentication with templates on local database app/bio ctrl/authent ID contactless  1 The identifier must be stored into a TLV structure. ASCII identifier in tagged structure. app/contactless/data format app/contactless/data length app/contactless/data offset 0 0 0 The  user  identifier  is  used  as  an  index  in  the  local  database  of  the MorphoAccessTM:  reference  biometric  templates  are  stored  in  the  local database. To trigger authentication, user should present his card to the terminal. Please Present Contactless Smart Card      If  the corresponding ID  exists in  the  terminal  database,  user  is invited  to place his finger for biometric authentication. Place your finger For Authentication Please      If  the  authentication  is  successful,  the  terminal  triggers  the  access  or returns the corresponding ID to Central Security Controller.  Once  the  user  authentication  is  done,  the  terminal  automatically  loops back and waits for a new card presentation.
 56  SAGEM Sécurité document. Reproduction and disclosure forbidden   Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN authent ID contactless  Yes  No  No  No  No  No Note: a database must exist in the terminal. BBiinnaarryy  iiddeennttiiffiieerr,,  nnoonn--ssttrruuccttuurreedd  ddaattaa  Contactless authentication with templates on local database app/bio ctrl/authent ID contactless  1 In  this  mode  the  identifier  is  read  at  a  given  offset  on  the  card  and  is supposed to be binary. No TLV structure is required on the card. This mode is useful for using the card serial number as an identifier. ASCII identifier in tagged structure. app/contactless/data format app/contactless/data length app/contactless/data offset 1 [1-8]: ID size in bytes [0-15]: ID offset in the read block The  user  identifier  is  used  as  an  index  in  the  local  database  of  the MorphoAccessTM: in this case reference biometric templates are stored in the local database. Authentication progress is exactly the same as presented above. Example – 4 bytes identifier. The terminal is configured to read 4 bytes. Read bytes are F4 E1 65 34. Corresponding  user  identifier  in  the  local  database  is  “4108412212” (ASCII). Example – reading Mifare card Serial Number (little endian format). app/contactless/data format = 1 app/contactless/data length  = 4 app/contactless/data offset  = 0
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  57  AAUUTTHHEENNTTIICCAATTIIOONN  BBAASSEEDD  OONN  CCAARRDD  MMOODDEE  Contactless authentication with card mode app/bio ctrl/authent card mode  1 In this mode the card decides on the control progress. The CARD MODE tag is required. This tag can take several values:  PKS [0x02]: user identifier, template 1 and template 2 are required on  the  card.  Biometric  authentication  is  triggered  with  biometric templates.  If  a  BIOPIN  is  present  instead  of  templates,  BIOPIN  is controlled.  ID_ONLY  [0x01]:  only  the  user  identifier  is  required.  There  is  no biometric control, the control is immediately positive. This feature is useful for visitor requiring an access without enrolment. But it is still possible to store templates on the card.  PIN_CODE [0x10]: only PIN code is controlled.  PIN_THEN_PKS  [0x12]:  PIN  code  is  controlled  then  templates  or BIOPIN. To enable this mode set app/bio ctrl/authent card mode to 1. To disable this mode set app/bio ctrl/authent card mode to 0. Required tags on card if CARD MODE tag value is PKS.  ID  CARD MODE PK1  PK2  PIN  BIOPIN authent card mode (PKS)  Yes Yes Yes Yes No  No authent card mode (PKS) (BIOPIN) Yes Yes No  No  No  Yes Required tags on card if CARD MODE tag value is ID_ONLY.  ID  CARD MODE PK1  PK2  PIN  BIOPIN authent card mode (ID_ONLY) Yes Yes No  No  No  No
 58  SAGEM Sécurité document. Reproduction and disclosure forbidden   Required tags on card if CARD MODE tag value is PIN_CODE.  ID  CARD MODE PK1  PK2  PIN  BIOPIN authent card mode (PIN_CODE) Yes Yes No  No  Yes No Required tags on card if CARD MODE tag value is PIN_THEN_PKS.  ID  CARD MODE PK1  PK2  PIN  BIOPIN authent card mode (PIN_THEN_PKS) Yes Yes Yes Yes Yes No authent card mode (PIN_THEN_PKS) (BIOPIN) Yes Yes No  No  Yes Yes Card  structure  is  described  in  MorphoAccess™  Contactless  Card Specification. NNoottee  aabboouutt  ““bbyyppaassss””  ooppttiioonn  ccoommbbiinneedd  wwiitthh  ““ccaarrdd  mmooddee””  When  the  bypass  authentication  configuration  key  is  activated  (see Bypassing  the  biometric  control  in  authentication),  the  global  control  is bypassed and “card mode” is ignored.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  59  MMUULLTTII--FFAACCTTOORR  MMOODDEE  This  mode  is  the  fusion  of  identification  mode  and  contactless authentication without database mode. This mode allows:   Performing  an  identification  when  user  places his  finger  (operation identical to identification mode).   Performing  a  contactless  authentication  when  user  swipes  his contactless  card  (operation  identical  to  contactless  authentication without database mode). To  trigger  authentication, user  should  present  his  card  to  the  terminal  or place his finger on the sensor. Please place your finger or Present card      If the authentication or the identification is successful, the terminal triggers the access or returns the corresponding ID to central security controller. If there is no database contactless card presentation is still possible. Enabling one contactless mode and identification activate this mode. Merged mode app/bio ctrl/identification  1 And app/bio ctrl/authent PK contactless app/bio ctrl/authent card mode app/bio ctrl/control BIOPIN app/bio ctrl/control PIN  0 or 1 0 or 1 0 or 1 0 or 1 Required tags on card Required tag on card depends on the authentication mode, but at least an ID is necessary.  ID  CARD MODE PK1  PK2  PIN  BIOPIN bypass authentication    Yes No  No  No  No  No
 60  SAGEM Sécurité document. Reproduction and disclosure forbidden   AAUUTTHHEENNTTIICCAATTIIOONN  WWIITTHH  LLOOCCAALL  DDAATTAABBAASSEE::  IIDD  EENNTTEERREEDD  FFRROOMM  KKEEYYBBOOAARRDD  Biometric authentication with ID entered from keyboard app/bio ctrl/authent ID keyboard  1 In  this  mode  the  ID  of  the  user  is  entered  on  the  MorphoAccessTM keyboard. If the ID exists in the database (or in one of the five databases), the  MorphoAccess™  performs  an  authentication  using  the  biometric templates associated to this ID.    The default screen invites the user to enter his numerical identifier.  Please enter ID 3563_  VAL      COR Note: ID length is limited to 24 characters. Key   deletes one character. Once the ID is entered, the user confirms with green key  .
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  61  If  the corresponding ID  exists in  the  terminal  database,  user  is invited  to place his finger for biometric authentication. Place your finger For Authentication Please      If  the  authentication  is  successful,  the  terminal  triggers  the  access  or returns the corresponding ID to Central Security Controller.  If  the  identifier  is  not  present  in  the  local  database  authentication  is  not launched. User not found in current database 35639      Once  the  user  identification  is  done,  the  MorphoAccess™  automatically loops back and waits for a new ID. RReemmaarrkk  aabboouutt  MMoorrpphhooAAcccceessss™™  wwiitthh  MMAA--XXtteennddeedd  lliicceennccee  llooaaddeedd  A  MorphoAccess™  with  MA-Xtended  licence  loaded  will  scan  the  five biometric database to find the biometric templates associated to the ID. NNoottee  aabboouutt  ““bbyyppaassss””  ooppttiioonn  When  the  bypass  authentication  configuration  key  is  activated  (see Bypassing  the  biometric  control  in  authentication),  the  MorphoAccessTM verifies  that  the  ID  is  present  on  the  local  database  before  granting  the access.
 62  SAGEM Sécurité document. Reproduction and disclosure forbidden   AAUUTTHHEENNTTIICCAATTIIOONN  WWIITTHH  LLOOCCAALL  DDAATTAABBAASSEE::  IIDD  IINNPPUUTT  FFRROOMM  WWIIEEGGAANNDD  OORR  DDAATTAACCLLOOCCKK  Biometric authentication: ID input from Wiegand or DataClock app/bio ctrl/authent remote ID source  1 for Wiegand 2 for DataClock This  mode  requires  an  external  card  reader  that  will  send  the  ID  of  the user to authenticate to the MorphoAccessTM Wiegand or DataClock input.        The  default  screen  invites  the  user  to  pass  his  badge  so  the  external reader  sends  the  user  ID  on  MorphoAccess™  Wiegand  or  Dataclock input. Pass your badge For Authentication Please      If  the  ID  exists  in  the  database,  the  MorphoAccess™  performs  an authentication using the biometric templates associated to this ID. Place your finger For Authentication Please      If  the  authentication  is  successful,  the  terminal  triggers  the  access  or returns the user ID to Central Security Controller.  Once the  user authentication is  done, the MorphoAccess™  automatically loops back and waits for a new input ID. Wiegand or DataClock input
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  63  If  the  identifier  sent  by  the  reader  is  not  present  in  the  local  database authentication is not launched. User not found in current database 64235      RReemmaarrkk  aabboouutt  MMoorrpphhooAAcccceessss™™  wwiitthh  MMAA--XXtteennddeedd  lliicceennccee  llooaaddeedd  A  MorphoAccess™  with  MA-Xtended  licence  loaded  will  scan  the  five biometric database to find the biometric templates associated to the ID. NNoottee  aabboouutt  ““bbyyppaassss””  ooppttiioonn  When  the  bypass  authentication  configuration  key  is  activated  (see Bypassing  the  biometric  control  in  authentication),  the  MorphoAccessTM verifies that the ID sent on Wiegand or DataClock input is present on the local database before granting the access.
 64  SAGEM Sécurité document. Reproduction and disclosure forbidden   WWiieeggaanndd  ffrraammee  ccoonnffiigguurraattiioonn  It is possible to define the format of the Wiegand input and thus of the read identifier. Frame description is based on frame length (in bits), ID, site code position and size and party policy. RemarkNote:  Since  the  software  version  2.00.00  the  configuration  key name has been modified. The previous set key value is savedpreserved. Wiegand input parameters app/wiegand in/  frame length (before v2.00 : length) 1-128  Defines the number of bits of the frame. start format (before v2.00 :  start)  0.0 1.0 2.n 3.n 4.0 Defines the start control bit:  Reset to 0. Set to 1. Even parity calculated over the n first bits. Odd parity calculated over the n first bits. No start bit. stop format (before v2.00 : stop)  0.0 1.0 2.n 3.n 4.0 Defines the stop control bit: Reset to 0.  Set to 1. Even parity calculated over the n last bits.  Odd parity calculated over the n last bits.  No stop bit. site format (before v2.00 : site) n.m  Insert m bits of site value at offset n. ID format (before v2.00 : Id) n.m  Insert m bits of ID value at offset n. Custom format (before v2.00: Custom) n.m  RFU. WWiieeggaanndd  ffrraammee  eexxaammppllee  ((2266  bbiittss))  0  1  2  3  …  8  9  10  11  12  …  23  24  25 START SITE  ID STOP 1  8 bits  16 bits  1 START bit calculation range  STOP bit calculation range
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  65  BBYYPPAASSSSIINNGG  TTHHEE  BBIIOOMMEETTRRIICC  CCOONNTTRROOLL  IINN  AAUUTTHHEENNTTIICCAATTIIOONN  This mode requires only a user ID. This ID can be read on a smart card, entered on the keyboard or sent on Wiegand or DataClock input. The  bypass  authentication  configuration  key  must  be  combined  with  an authentication  mode.  Activating  this  flag  means  that  the  biometric verification is bypassed.  TThhee  tteerrmmiinnaall  ccoonnttrroollss  tthhaatt  tthhee  uusseerr  IIDD  eexxiissttss  iinn  tthhee  ddaattaabbaassee  When  combined  with  an  authentication  mode  with  templates  on  local database, the MorphoAccessTM verifies that the ID is present on the local database before granting the access. ID on a contactless card Disabling biometric control, but ID must be present in the local database app/bio ctrl/bypass authentication  1 app/bio ctrl/authent ID contactless  1 Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN bypass authentication    Yes No  No  No  No  No ID entered on the keyboard Disabling biometric control, but ID must be present in the local database app/bio ctrl/bypass authentication  1 app/bio ctrl/authent ID keyboard  1 ID sent on Wiegand or DataClock input Disabling biometric control, but ID must be present in the local database app/bio ctrl/bypass authentication  1 app/bio ctrl/authent remote ID source  1 for Wiegand 2 for DataClock
 66  SAGEM Sécurité document. Reproduction and disclosure forbidden   TThhee  tteerrmmiinnaall  wwoorrkkss  aass  aa  ssmmaarrtt  ccaarrdd  rreeaaddeerr..  When  combined  authent  PK  contactless  the  MorphoAccessTM  always authorizes  the  access:  the  MorphoAccessTM  works  as  a  simple  MifareTM card reader. Disabling biometric control, access is always granted app/bio ctrl/bypass authentication  1 app/bio ctrl/authent PK contactless  1 Required tags on card  ID  CARD MODE PK1  PK2  PIN  BIOPIN bypass authentication    Yes No  No  No  No  No
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  67  RREECCOOGGNNIITTIIOONN  MMOODDEE  SSYYNNTTHHEESSIISS  The MorphoAccessTM operating mode is driven by:   The authentication or identification mode required: Card Only, Card + Biometric, Biometric only.   Who defined the operating mode: Card or Terminal.    Mode defined by Card app/bio ctrl/authent card mode 1 Mode defined by Terminal app/bio ctrl/authent card mode 0 Operating mode     ID in card bypass authentication 1 authent ID contactless 1 Check ID on terminal Authentication Card only  ID in card Card Mode Tag = ID_ONLY ID in card bypass authentication 1 authent PK contactless 1 No ID check on terminal ID and BIO in card bypass authentication 0 authent PK contactless 1 Authentication Card  + Biometric  ID and BIO in Card Card Mode Tag = PKS ID on card and BIO in terminal bypass authentication 0 authent ID contactless 1 Identification Biometric only   ID and BIO in terminal identification 1
 68  SAGEM Sécurité document. Reproduction and disclosure forbidden   SSEETTTTIINNGG  UUPP  RREECCOOGGNNIITTIIOONN  SSTTRRAATTEEGGYY  TTwwoo  aatttteemmppttss  mmooddee  If the recognition fails, it is possible to give a “second chance” to the user. In identification mode if a bad finger is presented the user has 5 seconds to present a finger again. The result is sent if this period expires or if the user presents a finger again. In authentication mode, if  the user presents a bad finger, he can replace his  finger  without  presenting  his  card  again.  The  result  is  sent  only  after this second attempt. It is  possible  to set  the finger  presentation  timeout and  to deactivate this “two attempts mode”. If  the  user  is  not  identified,  a  second  step  follows  immediately  using  a smarter  coding  method.  This  coding  allows  recognizing  users  with  dry fingers  or  fingers  with  a  bad  placement  on  the  sensor.  However  this coding is slower than the light one. PPaarraammeetteerrss  This mode can be configured using the Configuration Tool for example. By default the two attempts mode is activated. Setting up the number of attempts app/bio ctrl/nb attempts  1 (only one attempts) 2 (two attempts mode) The period between two attempts in identification (two attempts mode) can be modified. Setting up the identification timeout app/bio ctrl/identification timeout  5 (1-60) In authentication mode a finger presentation period can be defined. Setting up the authentication timeout app/bio ctrl/authent timeout  10 (1-60)
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  69  SSEETTTTIINNGG  UUPP  MMAATTCCHHIINNGG  PPAARRAAMMEETTEERRSS  Setting up matching threshold bio/bio ctrl/matching th  3 (1-10) The  performances  of  a  biometric  system  are  characterized  by  two quantities, the False Non Match Rate - FNMR - (also called False Reject Rate)  and  the  False  Match  Rate  -  FMR  -  (also  called  False  Acceptance Rate). Different trade-off are possible between FNMR and FMR depending on  the  security  level  targeted  by  the  Central  Security  Controller.  When convenience  is  the  most  important  factor  the  FNMR  must  be  low  and conversely  if  security  is  more  important  then  the  FMR  has  to  be minimized. Different  tunings  are  proposed  in  the  MorphoAccess  terminal  depending on  the  security level targeted  by the system.  The  table  below details  the different possibilities. This parameter can be set to values from 1 to 10. This parameter specifies how  tight  the  matching  threshold  is.  Threshold  scoring  values  are identified hereafter 1  Very few persons rejected  FAR < 1% 2    FAR < 0.3% 3  Recommended value  FAR < 0.1% 4    FAR < 0.03% 5  Intermediate threshold  FAR < 0.01% 6    FAR < 0.001% 7    FAR < 0.0001% 8    FAR < 0.00001% 9  Very high threshold (few false acceptances). Secure application FAR < 0.0000001% 10  High threshold for test purpose only There are very little false recognition, and many rejections.
 70  SAGEM Sécurité document. Reproduction and disclosure forbidden   FFAAKKEE  FFIINNGGEERR  DDEETTEECCTTIIOONN  MMAA22xx11  ––  MMAA33xx11  ccoommppaattiibbiilliittyy  - Password Default  password  is  “12345”.  (On  MA2x1  and  MA3x1  terminals,  default specific password was “131664”.) SAGEM recommends strongly to the administrator to configure it with a different value, and specific at each customer. - Delay after fake finger detection The  function  associated  to  MA2x1  and  MA3x1  /cfg/Maccess/Security Policy/Delay in 10ms configuration key is no more supported. - FFD security level The function associated to app/bio ctrl/FFD security level is only for stand alone mode. (On MA2x1 and MA3x1 terminals, this parameter applied to standalone  mode  and  ILV.)  ILV  has  to  set  this  parameter  to  have  a security level different from default security level. FFFFDD  sseeccuurriittyy  lleevveell  The  fake  finger  detection  is  characterized  by  a  false  reject  rate (percentage  of  live  fingers  detected  as  fake  fingers)  and  a  false acceptance  rate  (percentage  of  fake  finger  detected  as  real  ones).  This FRR (resp.  FAR) is  called FFD-FRR  (resp. FFD-FAR).  The  overall reject rate of MAxx1 models is in fact : standard MA FRR + FFD-FRR. Three security levels are proposed and provide different trade-off between FFD-FAR and FFD-FRR. 0  Low fake finger detection security level 1 (default) Medium fake finger detection security level 2  High fake finger detection security level  Setting up FFD security level app/bio ctrl/FFD security level  1 (0-2) PPrreesseennccee  ddeetteeccttiioonn  Terminals  with  fake  finger  detection  option  allow  another  presence detection mode. 0 (default) Standard presence detection in identification mode. 1  In  identification  mode,  sensor  is  in  standby  (LEDs  are  off) while no finger is detected.  Setting up presence detection
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  71  app/bio ctrl/presence detection  0 (0-1) FFaaiilluurree  IIDD  The  administrator  may  chose  the  specific  ID  sent  on  Wiegand  and DataClock interfaces when a fake finger is detected. Setting up FFD failure ID app/failure ID/FFD ID  65535 (0-65535)
 72  SAGEM Sécurité document. Reproduction and disclosure forbidden   PPRROOXXYY  MMOODDEE  In  Proxy  mode  is  an  operating  mode  where  the  Host  System  performs  the  access control remotely.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  73  PPRROOXXYY  MMOODDEE  ((OORR  SSLLAAVVEE))  PPRREESSEENNTTAATTIIOONN  This operating mode allows to control the MorphoAccessTM remotely (the link  is  Ethernet  or  RS422)  using  a  set  of  biometric  and  databases management commands. In  Proxy  mode  the  access  control  is  performed  remotely  by  the  Host System: MorphoAccessTM works as a slave waiting for external commands such as:   User identification.   User verification.   Relay activation.   Read data on a contactless smart card.   Biometric database management.   Terminal configuration changes.   Read an entry from the keyboard.   Display a message.   Read a contactless smart card.     MorphoAccessTM  Host System Please  refer  to  refer  to  MorphoAccess™  Host  System  Interface Specification: this document explains how to manage a terminal on a TCP network.
 74  SAGEM Sécurité document. Reproduction and disclosure forbidden   PPRROOXXYY  MMOODDEE  AACCTTIIVVAATTIIOONN  Identification  and  authentication  must  be  disabled.  It  means  that  all controls must be turned off: the terminal becomes a slave. Proxy mode app/bio ctrl/identification  0 app/bio ctrl/authent card mode  0 app/bio ctrl/authent PK contactless  0 app/bio ctrl/authent ID contactless  0 app/bio ctrl/authent ID keyboard  0 app/bio ctrl/authent remote ID source  0 app/bio ctrl/ BIOPIN enabled  0 app/bio ctrl/control PIN  0 app/bio ctrl/bypass authentication  0
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  75  AAPPPPLLIICCAATTIIOONN  CCUUSSTTOOMMIIZZAATTIIOONN
 76  SAGEM Sécurité document. Reproduction and disclosure forbidden   SSEETTTTIINNGG  UUPP  TTIIMMEE  MMAASSKK  When  using  MEMSTM,  a  time  mask  feature  is  available.  This  mode enables  the access  according to its  time mask.  Time mask  is defined by slots of 15 minutes over a week.  Note: Since software version 2.00.00 the configuration key path has been modified. The previous set key value is preservedsaved. Time mask activation Since v2.00 : app/modes/time mask Before v2.00 : app/time mask/enabled 1
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  77  MMUULLTTIILLIINNGGUUAALL  AAPPPPLLIICCAATTIIOONN  The MorphoAccessTM can display texts in six languages (including French, Spanish, German, Italian). It is possible to download a user defined string table.  For  more  information  about  this  feature,  refer  to  the MorphoAccess™ Host System Interface Specifications. Default language app/G.U.I/default language  0 English (default) 1 Spanish 2 French 3 German 4 Italian 5 Portuguese INTL Language Generator allows defining the whole table.
 78  SAGEM Sécurité document. Reproduction and disclosure forbidden   RREESSUULLTT  EEXXPPOORRTTAATTIIOONN  The  MorphoAccessTM  can  export  the  result  of  the  control  to  an  Central  Security Controller, and can log the result in a local diary or directly command an access. This section is only an introduction about the MorphoAccessTM interface. Please refer to  MorphoAccess™  Remote  Messages  Specification  for  complete  details  of  each interface.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  79  RREEMMOOTTEE  MMEESSSSAAGGEESS::  SSEENNDDIINNGG  TTHHEE  IIDD  TTOO  TTHHEE  CCEENNTTRRAALL  SSEECCUURRIITTYY  CCOONNTTRROOLLLLEERR  PPrreesseennttaattiioonn  The  MorphoAccessTM  terminal  can  send  status messages  in  real  time  to an  Central  Security  Controller  by  different  means  and  through  different protocols.  This  information,  called  Remote  Messages  can  be  used,  for instance  to  display  on  an  external  screen  the  result  of  a  biometric operation, the name or the ID of the person identified… depending on the role of the controller in the system.             The  MorphoAccess™  Remote  Messages  Specification  describes  the different  solutions  offered  by  the  MorphoAccessTM  to  dialog  with  a controller, and how to make use of them. SSuuppppoorrtteedd  PPrroottooccoollss  The  terminal  can  send  messages  about  the  biometric  operations performed  by  the  MorphoAccess™  to  a  controller  through  the  following protocols:   Wiegand,   DataClock,   RS485/422,   Ethernet (TCP or UDP). Ethernet RS485/422 Wiegand/DataClock
 80  SAGEM Sécurité document. Reproduction and disclosure forbidden   RREELLAAYY  AACCTTIIVVAATTIIOONN  If  the  control  is  successful,  a relay  may  be  activated  to  directly  control  a door. This installation type offers a low security level. Relay activation app/relay/enabled  1 The relay aperture time can be defined and is set by default to 3 seconds (i.e. 300). Relay aperture time in 10 ms app/relay/aperture time in 10 ms  300 (50 to 60000)
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  81  LLOOGG  FFIILLEE  MorphoAccessTM is logging its activities app/log file/enabled  1 The MorphoAccessTM can log its biometric activities. It stores the result of the  command, the  possible time  and  attendance function, date  and time, the matching mark, the execution time, and the ID of the user. It  is  possible  to  download  the  diary  file.  For  more  information  on  this feature, refer to the MorphoAccess™ Host System Interface Specification. It is also possible to display the log file using the Logs Viewer Application. JANUARY 8 2007 15:25,OK,783170 15:28,KO, 15:45,OK,7895641 15:59,KO,783170
 82  SAGEM Sécurité document. Reproduction and disclosure forbidden   LLEEDD  IINN  AACCTTIIVVAATTIIOONN  Use this signal to wait a controller “ACK” before granting the access.         1.  If  the  user  is  recognized  the  MorphoAccessTM  sends  the  user identifier to the controller. 2.  The MorphoAccessTM waits for a GND signal on LED1 or LED2. A timeout can be defined. 3.  The controller checks the user rights. 4.  The  controller  sets  LED1  to  GND  to  authorize  the  access  or  sets LED2 to GND to forbid the access. This feature improves integration in an Central Security Controller (ACS). The ACS through LED IN signals validates result of biometric matching. LED IN mode activation app/led IN/enabled  1 When the ACS validates the control a timeout must be specified: it defines the  time  during  which  the  MorphoAccessTM  will  wait  for  an acknowledgement signal from the ACS through LED IN signals. LED IN acknowledgement timeout in 10 ms app/led IN/controller ack timeout  300 (0 to 3000) If the controller has only one LED signal dedicated to “access authorized”, this  signal  must  be  connected  to  LED1  input.  In  this  case  “access forbidden” signal will be based on a timeout. "controller ack timeout" value must  be  defined  as  short  as  possible  in  a  range  corresponding  to controller reply delay. A  controller  with  distinct  outputs  (one  for  “access  forbidden”,  one  for “access authorized”) will be connected to LED1 and LED2.  User ID LED1 to GND: Access authorized. LED2 to GND: Access refused.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  83  SSEECCUURRIITTYY  FFEEAATTUURREESS
 84  SAGEM Sécurité document. Reproduction and disclosure forbidden   TTAAMMPPEERR  SSWWIITTCCHH  MMAANNAAGGEEMMEENNTT  AAllaarrmm  aaccttiivvaattiioonn  The MorphoAccessTM can detect two intrusion attempts type: •  Someone  tries  to  steal  the  complete  terminal  (opto-sensor  is triggered). •  Someone tries to open the terminal (tamper switch is triggered). The device can send an alarm to the central controller in case of intrusion. It can also play a sound alarm while sending the alarm. Note:  either  the  tamper  switch  or  the  opto-sensor  triggers  the  alarm. Please refer to MA500 Series Installation Guide to identify these switches on the terminal.          To  send  an  alarm  on  an  output  (UDP,  RS485/RS422,  Wiegand, DataClock),  the  corresponding  interface  must  be  activated  otherwise  no alarm will be sent. Because Wiegand and DataClock are multiplexed on the same lines, only one of these protocols shall be enabled at one time, else priority is given to Wiegand, then DataClock. These keys are: app/send ID wiegand/enabled app/send ID dataclock/enabled app/send ID serial/enabled app/send ID serial/mode (to select RS422 or RS485 link) app/send ID UDP/enabled  Alarm message   UDP   RS485/RS422   Wiegand   DataClock
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  85  Setting  the  key  app/tamper  alarm/level  to  an  appropriate  value  configure tamper switch management feature. Tamper Alarm Level app/tamper alarm/level 0 No Alarm. 1 Send Alarm (No Sound Alarm). 2 Send Alarm and Activates Buzzer (Sound Alarm) 0 (0 – 2)  The key app/failure ID/alarm ID defines the value of the alarm ID to send in Wiegand or DataClock. This ID permits to distinguish between a user ID and an error ID. To be validated, key app/failure ID/enabled must be set to 1. Tamper Alarm ID app/failure ID/alarm ID app/failure ID/enabled 65535 (0 – 65535) 1  In Wiegand and DataClock the alarm ID is sent like other Failure Ids. See the documentation MorphoAccess™ Remote Messages Specification for a description of the packet format in UDP and RS485. EExxaammpplleess  Example  1:  Send  an  alarm  ID  (62221)  in  Wiegand,  and  play  sound warning, in case of intrusion detection. To send an alarm in Wiegand, the key app/send ID wiegand/enabled must be  set  to  1,  and  the  key  app/tamper alarm/level  must  be  set  to  2  (alarm and buzzer.) The key app/failure ID/alarm ID must be set to 62221 to link the intrusion event to this identifier. Example 2: Send an alarm in UDP quietly in case of intrusion detection. To send an alarm in UDP, the key app/send ID UDP/enabled must be set to 1. Then the key app/tamper alarm/level must be set to 1 (quiet alarm.)
 86  SAGEM Sécurité document. Reproduction and disclosure forbidden   PPAASSSSWWOORRDDSS  Two passwords protect the system:   The  Terminal  Configuration  Password  protects  MorphoAccessTM local administration and controls devices settings.   The  User  Management  Password  is  required  to  access  to  local database: it protects the Enrolment Application and the Log Viewer Application.  Default password value is “12345”.  If  a  password  is  lost  terminal  must  be  returned  to  SAGEM Sécurité.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  87  AANNNNEEXX
 88  SAGEM Sécurité document. Reproduction and disclosure forbidden   MMOORRPPHHOOAACCCCEESSSSTTMM  222200  332200  CCOOMMPPAATTIIBBIILLIITTYY  These tables present parameters equivalence between MA300/200 family. Multi-factor  mode  (/cfg/Maccess/Admin/mode  5  on  220  and  320)  is activated when app/bio ctrl/identification is set to 1.  MA 200/300  MA 500  Identification /cfg/Maccess/Admin/mode 0 app/bio ctrl/identification 1 app/bio ctrl/* 0  Contactless authentication with ID on card, template in local database /cfg/Maccess/Admin/mode 4 app/bio ctrl/authent ID contactless 1  Contactless authentication: Card mode /cfg/Maccess/Contactless/without DB mode 0 /cfg/Maccess/Admin/mode 3 or app/bio ctrl/authent card mode 1  /cfg/Maccess/Admin/mode 5 (mutli-factor mode) app/bio ctrl/identification 1  Contactless authentication: Biometric verification /cfg/Maccess/Contactless/without DB mode 2 /cfg/Maccess/Admin/mode 3 or app/bio ctrl/authent PK contactless 1 /cfg/Maccess/Admin/mode 5 (mutli-factor mode) app/bio ctrl/identification 1
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  89   Contactless authentication: ID “only”, no biometric verification /cfg/Maccess/Contactless/without DB mode 1 /cfg/Maccess/Admin/mode 3 or app/bio ctrl/authent PK contactless 1 app/bio ctrl/bypass authentication 1 /cfg/Maccess/Admin/mode 5 (mutli-factor mode) app/bio ctrl/identification 1  Authentication: ID input from Wiegand or DataClock /cfg/Maccess/Admin/mode 1  Jumper configuration defining the ID source (DataClock or Wiegand) app/bio  ctrl/authent  remote  ID source 1 or 2  Proxy mode /cfg/Maccess/Admin/mode 2 app/bio ctrl/identification 0 app/bio ctrl/authent card mode 0 app/bio ctrl/authent PK contactless 0 app/bio ctrl/authent ID contactless 0 app/bio ctrl/authent ID keyboard  0 app/bio  ctrl/authent  remote  ID source 0
 90  SAGEM Sécurité document. Reproduction and disclosure forbidden   CCOONNTTAACCTTLLEESSSS  MMOODDEESS  TTAABBLLEE  Operation Authent card mode Authent PK contactless Authent ID contactless Bypass authentication Authentication with templates in database  Read ID on contactless card. Retrieve corresponding templates in database. Biometric authentication using these templates.  Send ID if authentication is successful.  0  0  1  0 Authentication with templates on card  Read ID and templates on contactless card. Biometric authentication using these templates.  Send ID if authentication is successful.  0  1  0  0 Card mode authentication  Read card mode, ID, templates (if required by card mode) on contactless card. If card mode is « ID only », send ID. If card mode is « Authentication with templates on card », biometric authentication using templates read on card, then send ID if authentication is successful.  1  0  0  0 Authentication with templates in database – biometric control disabled  Read ID on contactless card. Check corresponding templates presence in database. Send ID if templates are present.  0  0  1  1 Authentication with templates on card – biometric control disabled  Read ID on contactless card. Send ID.  0  1  0  1 Card mode authentication – biometric control disabled  Read card mode, ID, templates (if required by card mode) on contactless card. Whatever card mode, send ID.  1 0  0  1
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  91  RREEQQUUIIRREEDD  TTAAGGSS  OONN  CCOONNTTAACCTTLLEESSSS  CCAARRDD  Operation ID  CARD MODE PK1  PK2  PIN  BIOPIN Authentication  with  templates in database Yes  No No No No No Authentication  with  templates on card Yes No  Yes Yes No No Card  mode  authentication (ID_ONLY) Yes Yes No No No No Card  mode  authentication (PKS) Yes Yes Yes Yes No No Authentication  with  templates in database – biometric control disabled Yes  No No No No No Authentication  with  templates on  card  –  biometric  control disabled Yes No  No No No No Card  mode  authentication (ID_ONLY) – biometric control disabled Yes Yes No No No No Card  mode  authentication (PKS)  –  biometric  control disabled Yes Yes Yes Yes No No BIOPIN check  Yes  No No No No  Yes PIN check  Yes  No No No  Yes  No
 92  SAGEM Sécurité document. Reproduction and disclosure forbidden   FFAAQQ  SSeennssoorr  iiss  ooffff  Verify that the base contents at least one record. Check that identification is enabled. TTeerrmmiinnaall  rreettuurrnnss  eerrrraattiicc  aannsswweerrss  ttoo  ppiinngg  rreeqquueessttss  Check the subnet mask. Ask to your administrator the right value.
   SAGEM Sécurité document. Reproduction and disclosure forbidden.  93  RREELLAATTEEDD  DDOOCCUUMMEENNTTSS  AAddmmiinniissttrraattoorr  IInnffoorrmmaattiioonn  MA500 Series Installation Guide This  document  describes  terminal  electrical  interfaces  and  connection procedures. MA500 Series Parameters Guide The complete description of terminal configuration files and registry keys. This document gives also parameters default values. DDeevveellooppeerr  IInnffoorrmmaattiioonn  MorphoAccess™ Host Interface Specification A complete description of remote management commands. MorphoAccess™ Remote Messages Specification Details  how  the  MorphoAccessTM  sends  the  access  control  result  to  a Central Security Controller. MorphoAccess™ Contactless Card Specification This document describes the MorphoAccessTM contactless card feature. SSuuppppoorrtt  TToooollss  Configuration Tool User Guide Configuration Tool user guide, via Ethernet. USB Tool User Guide Configuration Tool user guide, via USB key. MA500 Series Upgrade Tools User Guide Upgrade Tool user guide about firmware upgrading procedures.
 Siège social : Le Ponant de Paris 27, rue Leblanc - 75512 PARIS CEDEX 15 - FRANCE

Navigation menu