Sagem Wireless MA520 MA520, OMA520 User Manual User Guide
Sagem Wireless MA520, OMA520 User Guide
Contents
- 1. Installation Guide
- 2. User Guide
User Guide
Produced by SAGEM Sécurité
Copyright ©2007 SAGEM Sécurité
www.sagem-securite.com
MorphoAccess
TM
500 Series User Guide
July 2007
SK-60806
MorphoAccess
TM
500 Series
User Guide
2 SAGEM Sécurité document. Reproduction and disclosure forbidden
SAGEM Sécurité document. Reproduction and disclosure forbidden. 3
Table of content
INTRODUCTION 552
C
AUTION
662
MORPHOACCESS
TM
PRESENTATION 882
I
NTERFACES PRESENTATION
992
S
YSTEM SYNOPTIC
11112
T
ERMINAL
P
RESENTATION
13132
A
CCESS CONTROL PRESENTATION
15152
S
ENDING THE
ID
TO THE
C
ENTRAL
S
ECURITY
C
ONTROLLER
19192
TERMINAL CONFIGURATION 21212
E
ASY
S
ETUP ASSISTANT
22222
A
DMINISTRATION
M
ENU
26262
U
NDERSTANDING
M
ORPHO
A
CCESS
TM
C
ONFIGURATION
29292
M
ODIFYING A PARAMETER USING THE
C
ONFIGURATION
A
PPLICATION
31312
C
ONFIGURING A NETWORKED
M
ORPHO
A
CCESS
TM
34342
U
PGRADING THE FIRMWARE
36362
D
OWNLOADING A LICENCE
37372
STAND ALONE MODES (NETWORKED OR NOT CONNECTED) 41412
P
RELIMINARY
:
ADDING A BIOMETRIC TEMPLATE IN LOCAL DATABASE
42422
MACCESS
APPLICATION
:
ACCESS CONTROL OR
T
IME
& A
TTENDANCE
43432
A
CCESS CONTROL BY IDENTIFICATION
45452
A
CCESS CONTROL BY IDENTIFICATION
(MA-X
TENDED LICENCE LOADED
) 47472
I
NTRODUCTION TO CONTACTLESS AUTHENTICATION
50502
A
UTHENTICATION WITH BIOMETRIC TEMPLATES ON CARD
52522
PIN
VERIFICATION
– PIN
STORED ON CARD
53532
BIOPIN
VERIFICATION
- BIOPIN
STORED ON CARD
54542
A
UTHENTICATION WITH BIOMETRIC TEMPLATES IN LOCAL DATABASE
55552
A
UTHENTICATION BASED ON CARD MODE
57572
M
ULTI
-F
ACTOR MODE
59592
A
UTHENTICATION WITH LOCAL DATABASE
: ID
ENTERED FROM KEYBOARD
60602
A
UTHENTICATION WITH LOCAL DATABASE
: ID
INPUT FROM
W
IEGAND OR
D
ATA
C
LOCK
62622
B
YPASSING THE BIOMETRIC CONTROL IN AUTHENTICATION
65652
R
ECOGNITION MODE SYNTHESIS
67672
S
ETTING UP RECOGNITION STRATEGY
68682
S
ETTING UP MATCHING PARAMETERS
69692
4 SAGEM Sécurité document. Reproduction and disclosure forbidden
PROXY MODE 72722
P
ROXY MODE
(
OR SLAVE
)
PRESENTATION
73732
P
ROXY MODE ACTIVATION
74742
APPLICATION CUSTOMIZATION 75752
S
ETTING
U
P
T
IME
M
ASK
76762
M
ULTILINGUAL APPLICATION
77772
RESULT EXPORTATION 78782
R
EMOTE MESSAGES
:
SENDING THE
ID
TO THE
C
ENTRAL
S
ECURITY
C
ONTROLLER
79792
R
ELAY ACTIVATION
80802
L
OG FILE
81812
LED IN
ACTIVATION
82822
SECURITY FEATURES 83832
T
AMPER
S
WITCH
M
ANAGEMENT
84842
P
ASSWORDS
86862
ANNEX 87872
M
ORPHO
A
CCESS
TM
220 320
COMPATIBILITY
88882
C
ONTACTLESS MODES TABLE
90902
R
EQUIRED TAGS ON CONTACTLESS CARD
91912
FAQ 92922
R
ELATED DOCUMENTS
93932
SAGEM Sécurité document. Reproduction and disclosure forbidden. 5
I
IN
NT
TR
RO
OD
DU
UC
CT
TI
IO
ON
N
Congratulations for choosing the SAGEM MorphoAccess™ 500 Automatic
Fingerprint Recognition Terminal.
MorphoAccess
TM
500 Series provides an innovative and effective solution for access
control applications using Fingerprint Verification or/ and Identification.
Among a range of alternative biometric techniques, the use of finger imaging has
significant advantages: each finger constitutes an unalterable physical signature,
which develops before birth and is preserved until death. Unlike DNA, a finger image
is unique to each individual - even identical twins.
The MorphoAccess
TM
terminal integrates SAGEM image processing and feature
matching algorithms. This technology is based acquired knowledge during 20 years
of experience in the field of biometric identification and the creation of literally millions
of individual fingerprint identification records.
We believe you will find the SAGEM MorphoAccess
TM
fast, accurate, easy to use and
suitable for physical access control or time and attendance.
To ensure the most effective use of your SAGEM MorphoAccess
TM
, we recommend
that you read this User Guide entirely.
6 SAGEM Sécurité document. Reproduction and disclosure forbidden
C
CA
AU
UT
TI
IO
ON
N
Europe information:
SAGEM hereby declares that the SAGEM MorphoAccess™ has been
tested and found compliant with the following listed standards as required
by the EMC Directive 89/336/EEC: EN55022 (1994) / EN55024 (1998),
EN300-330 (1999) and by the low voltage Directive 73/23/EEC amended
by 93/68/EEC: EN60950 (2000).
Caution: The MA500 terminal is a Class A device. In a residential
environment, this device may cause interference. In this case, the user is
encouraged to try to correct the interference with appropriated measures
such as :
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that
to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
USA information:
NOTE: FCC part 15 certificates are pending.
This device complies with part 15 of the FCC Rules. Operation is subject
to the following two conditions: (1) This device may not cause harmful
interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
Changes or modifications not expressly approved by the party responsible
for compliance could void the user’s authority to operate the equipment.
Responsible Party: Sagem Morpho Inc, 1145 Broadway Plaza, Suite 200,
Tacoma, Washington (USA), 98402, (800) 346-2674.
Note: This equipment has been tested and found to comply with the limits
for a Class B (MA520, MA521, OMA520, OMA521) or Class A (MA500)
digital device, pursuant to part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference in
a residential installation. This equipment generates, uses and can radiate
radio frequency energy and, if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the
equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
SAGEM Sécurité document. Reproduction and disclosure forbidden. 7
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that
to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Canadian information:
NOTE : Industrial Canadian certificates are pending.
This Class B (MA520, MA521, OMA520, OMA521) or Class A (MA500)
digital apparatus complies with Canadian ICES-003.
Ces appareils numériques de Classe B (MA520, MA521, OMA520,
OMA521) ou Classe A (MA500) sont conformes à la norme NMB-003 du
Canada.
8 SAGEM Sécurité document. Reproduction and disclosure forbidden
M
MO
OR
RP
PH
HO
OA
AC
CC
CE
ES
SS
S
T
TM
M
P
PR
RE
ES
SE
EN
NT
TA
AT
TI
IO
ON
N
MorphoAccess
TM
is a fingerprint identification device for physical access control, time
and attendance offering both multi-factor verification and identification capabilities
with unequaled level of performance.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 9
I
IN
NT
TE
ER
RF
FA
AC
CE
ES
S
P
PR
RE
ES
SE
EN
NT
TA
AT
TI
IO
ON
N
M
Ma
an
n-
-m
ma
ac
ch
hi
in
ne
e
i
in
nt
te
er
rf
fa
ac
ce
e
The MorphoAccess
TM
500 offers a simple and ergonomic man-machine
interface dedicated to access control based on fingerprint recognition:
A high quality optical scanner to capture fingerprints (1),
A multicolor led (2),
A multi-toned buzzer,
A Mifare
TM
contactless reader on 520 families terminal to read
reference templates from a contactless card (3),
A keyboard for time and attendance purpose, configuration and PIN
code (4),
A 128x64 display (5).
10 SAGEM Sécurité document. Reproduction and disclosure forbidden
E
El
le
ec
ct
tr
ri
ic
ca
al
l
i
in
nt
te
er
rf
fa
ac
ce
es
s
The terminal offers multiple interfaces dedicated to administration and
control information:
A multiplexed Wiegand / DataClock output to export user identifier
to a controller (1),
A RS422 or RS485 output (2),
A LED signal output (3),
Two LED IN inputs to improve integration in an Central Security
Controller (4),
A relay to directly command an access (door lock) (5),
A tamper switch to detect that the back cover has been removed
(6),
A multiplexed Wiegand / DataClock input to receive user identifier
from an external badge reader (7),
An Ethernet interface (LAN 10/100 Mbps) allowing remote
management through TCP (8),
A Power Over Ethernet Interface (LAN 10/100 Mbps) allowing
remote management and supplying power through TCP (9).
The MA500 Series Installation Guide describes precisely each interface
and connection procedure.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 11
S
SY
YS
ST
TE
EM
M
S
SY
YN
NO
OP
PT
TI
IC
C
T
Ty
yp
pi
ic
ca
al
l
a
ar
rc
ch
hi
it
te
ec
ct
tu
ur
re
e
i
in
nc
cl
lu
ud
di
in
ng
g
a
a
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™,
,
a
a
H
Ho
os
st
t
S
Sy
ys
st
te
em
m
a
an
nd
d
a
a
C
Ce
en
nt
tr
ra
al
l
S
Se
ec
cu
ur
ri
it
ty
y
C
Co
on
nt
tr
ro
ol
ll
le
er
r
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
b
bi
io
om
me
et
tr
ri
ic
c
d
da
at
ta
ab
ba
as
se
e
m
ma
an
na
ag
ge
em
me
en
nt
t
The management of the MorphoAccess™ internal biometric database can
be done either locally (through the terminal Man Machine Interface), or
remotely by a Host System (typically MEMS
TM
). These two exclusive
management modes are defined as the:
• Local management mode
• Remote management mode
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
o
op
pe
er
ra
at
ti
in
ng
g
m
mo
od
de
e
The MorphoAccess™ works according two exclusive operating modes.
• In Stand Alone Mode (terminal networked or not connected) the
terminal can operate two applications: Access Control or Time &
Attendance. When the terminal is networked the biometric database
can be managed by a Host System and downloaded to the
MorphoAccess™. When the terminal is not networked the database
is managed locally.
12 SAGEM Sécurité document. Reproduction and disclosure forbidden
• Unlike the Stand Alone Mode in Proxy Mode the terminal is
remotely operated by a host application that sends individual
commands to the MorphoAccess™.
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
r
re
es
su
ul
lt
t
s
se
en
nd
di
in
ng
g
When the biometric identification is positive, the person ID can be sent to
a Central Security Controller, for further action such as opening doors.
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
k
ke
ey
yb
bo
oa
ar
rd
d
s
sh
ho
or
rt
t
c
cu
ut
t
The keyboard short cuts are:
Key and activates LLT mode
Key and increases the screen contrast
Key and reduces the screen contrast
Key and reboots the terminal.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 13
T
TE
ER
RM
MI
IN
NA
AL
L
P
PR
RE
ES
SE
EN
NT
TA
AT
TI
IO
ON
N
A MorphoAccess
TM
500 is running with 4 applications dedicated to a given
need.
M
MA
AC
CC
CE
ES
SS
S
This is the main application, dedicated to biometric control.
It is possible to leave this application to launch other application.
The current User Guide details the application features.
E
EN
NR
RO
OL
LM
ME
EN
NT
T
This application allows enrolling users in the terminal when
MorphoAccess
TM
is not connected to an external network (Local
management mode).
The created database can be saved ciphered on a USB key and exported
to other stand alone MorphoAccess
TM
.
The User Management Password protects this application.
Please refer to Enrolment Application User Guide for more information
about this application.
C
CO
ON
NF
FI
IG
GU
UR
RA
AT
TI
IO
ON
N
This application allows modifying the main application parameters.
Parameters are divided into files, sections and keys.
The Terminal Configuration Password protects this application.
Please refer to Configuration Application User Guide for more information
about this application.
L
LO
OG
GS
S
V
VI
IE
EW
WE
ER
R
This application allows consulting the local event diary stored by the
MorphoAccess
TM
.
The User Management Password protects this application.
Please refer to Logs Viewer Application User Guide for more information
about this application.
14 SAGEM Sécurité document. Reproduction and disclosure forbidden
M
Mu
ul
lt
ti
i-
-a
ap
pp
pl
li
ic
ca
at
ti
iv
ve
e
a
ar
rc
ch
hi
it
te
ec
ct
tu
ur
re
e
s
sy
yn
nt
th
he
es
si
is
s
SAGEM Sécurité document. Reproduction and disclosure forbidden. 15
A
AC
CC
CE
ES
SS
S
C
CO
ON
NT
TR
RO
OL
L
P
PR
RE
ES
SE
EN
NT
TA
AT
TI
IO
ON
N
The MorphoAccess
TM
works according two biometric recognition modes:
identification or authentication. Identification and authentication can be
activated at the same time (multi-factor mode).
I
Id
de
en
nt
ti
if
fi
ic
ca
at
ti
io
on
n
(
(1
1
v
vs
s.
.
N
N)
)
The captured fingerprint is matched against a database – 1 vs. N.
Biometric templates are stored in terminal local database. Depending on
the installed licence, the terminal can store 3000 users (2 fingers per user)
in its local database or 50 000 users divided in 5 bases of 10000 users
each.
In this mode the sensor will be always switched on, waiting for a finger.
The captured fingerprint is matched against the whole database.
If the user is matched the ID is returned to the Central Security Controller.
If the user is not recognized a no-match message is sent to the Central
Security Controller.
See section Access Control By Identification.
16 SAGEM Sécurité document. Reproduction and disclosure forbidden
A
Au
ut
th
he
en
nt
ti
ic
ca
at
ti
io
on
n
w
wi
it
th
h
r
re
ef
fe
er
re
en
nc
ce
e
t
te
em
mp
pl
la
at
te
es
s
i
in
n
c
ca
ar
rd
d
(
(1
1
v
vs
s.
.
1
1)
)
The captured fingerprint is matched against a reference template – 1 vs. 1.
User biometric templates are stored on a contactless card.
If the user is matched the ID is returned to the Central Security Controller.
If the user is not recognized a no-match message is sent to the Central
Security Controller.
See section Access Control By Authentication.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 17
A
Au
ut
th
he
en
nt
ti
ic
ca
at
ti
io
on
n
w
wi
it
th
h
r
re
ef
fe
er
re
en
nc
ce
e
t
te
em
mp
pl
la
at
te
es
s
i
in
n
t
te
er
rm
mi
in
na
al
l
(
(1
1
v
vs
s.
.
1
1)
)
The captured fingerprint is matched against a reference template – 1 vs. 1.
User minutiae are stored into the local database. In this case the user
identifier is used as a key to find the minutiae. The user identifier can be
sent through Wiegand, DataClock, typed on keyboard or stored on a
contactless card.
M
Mu
ul
lt
ti
i-
-F
Fa
ac
ct
to
or
r
r
re
ec
co
og
gn
ni
it
ti
io
on
n
It is possible to combine multifactor such as, what I have (a contactless
smart card), what I know (PIN code), and what I am (biometric templates).
18 SAGEM Sécurité document. Reproduction and disclosure forbidden
P
Pr
ro
ox
xy
y
m
mo
od
de
e
Proxy Mode is not strictly speaking a recognition mode. In this mode, the
MorphoAccess
TM
works as a slave waiting for external commands such
as:
Identification,
Verification,
Relay activation,
Read data on a contactless card,
…
Chapter Proxy mode gives more information about remote management.
Please refer to MorphoAccess™ Host System Interface Specification for a
complete description of command.
TCP
-
IP
Proxy commands:
Identification
Verification
Relay activation
Read card
…
SAGEM Sécurité document. Reproduction and disclosure forbidden. 19
S
SE
EN
ND
DI
IN
NG
G
T
TH
HE
E
I
ID
D
T
TO
O
T
TH
HE
E
C
CE
EN
NT
TR
RA
AL
L
S
SE
EC
CU
UR
RI
IT
TY
Y
C
CO
ON
NT
TR
RO
OL
LL
LE
ER
R
If the user has been recognized, the terminal may trigger the access or
returns the corresponding ID to the Central Security Controller.
Welcome
John Doe
IDENTIFIED
If the user has not been recognized, the terminal can return the failure to
Central Security Controller.
NOT IDENTIFIED
Please retry
Various messages or interfaces can be activated to send or store the
control result.
Relay
After a successful control the MorphoAccess™ relay may be activated
during a given period.
Wiegand Id Emission
The ID of the recognized user can be sent through the Wiegand output.
The format of the frame may be defined.
DataClock Id Emission
The ID of the recognized user can be sent through the DataClock output.
Control result:
RS485/422
Wiegand
DataClock
Ethernet
20 SAGEM Sécurité document. Reproduction and disclosure forbidden
Ethernet Id Emission
The ID of the recognized user can be sent through the Ethernet link. The
administrator may set the port and defined the protocol.
RS485/422
Control information can be sent through RS485/422 link.
Local Diary (log)
A local file will store logs.
This diary can be downloaded by the Host System or consulted on the
terminal.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 21
T
TE
ER
RM
MI
IN
NA
AL
L
C
CO
ON
NF
FI
IG
GU
UR
RA
AT
TI
IO
ON
N
This chapter details how to configure the MorphoAccess
TM
. A parameter can be
changed directly on the terminal or remotely through a network.
A “first start assistant” named “Easy Setup” helps the administrator to define quickly a
configuration “plug’n play” with an existing physical Access Control System.
22 SAGEM Sécurité document. Reproduction and disclosure forbidden
E
EA
AS
SY
Y
S
SE
ET
TU
UP
P
A
AS
SS
SI
IS
ST
TA
AN
NT
T
A
As
ss
si
is
st
ta
an
nt
t
i
in
ni
it
ti
ia
al
li
iz
za
at
ti
io
on
n
When the MorphoAccess
TM
starts for the first time an “assistant” helps the
administrator to configure easily the main functions.
EASY SETUP
GREEN: VALID
YELLOW: CORR., NEXT
RED: ABORT, PREVIOUS
NEXT
Key validates the choice.
Key goes to next step.
Key returns to previous step.
L
La
an
ng
gu
ua
ag
ge
e
s
se
el
le
ec
ct
ti
io
on
n
It is possible to choose the language of the application among installed
languages.
APPLICATION LANGUAGE
1 – ENGLISH
2 – DEUTSCH
3 – ESPANOL
4 - FRANCAIS
D
Da
at
te
e
a
an
nd
d
t
ti
im
me
e
c
co
on
nf
fi
ig
gu
ur
ra
at
ti
io
on
n
Date and time can be configured.
Date format is MM/DD/YYY.
Key deletes a character.
Key validates the selection.
ENTER DATE
08/25/200_
MM/DD/YYYY
VALID
SAGEM Sécurité document. Reproduction and disclosure forbidden. 23
N
Ne
et
tw
wo
or
rk
k
s
se
et
tt
ti
in
ng
gs
s
Static or dynamic configuration
It is possible to choose between static or dynamic network configurations.
DHCP
1 – Enable [●]
2 – Disable [ ]
DHCP disabled
If DHCP is disabled following parameters must be set:
IP address,
Network mask,
Default gateway.
ENTER IP ADDRESS
10.10.161.3_
VALID
DHCP enabled
With DHCP only the terminal hostname on the network is required.
ENTER HOSTNAME
MA0789652_
VALID
R
Re
ec
co
og
gn
ni
it
ti
io
on
n
m
mo
od
de
e
Once IP parameters are defined next step is to define the recognition
mode.
RECOGNITION MODE
1 – Identification [●]
2 – Contactless [ ]
3 – MultiFactor [ ]
24 SAGEM Sécurité document. Reproduction and disclosure forbidden
MorphoAccess
TM
500 can only be configured in identification mode (other
modes could be configured later).
MorphoAccess
TM
520 can be configured in identification mode, contactless
authentication or multi-factor mode (identification and contactless
authentication modes are merged ).
O
Ou
ut
tp
pu
ut
t
i
in
nt
te
er
rf
fa
ac
ce
e
Last step allows defining the interface required to export the control result.
INTERFACE PARAMETERS
1 – Wiegand [OFF]
2 – DataClock [OFF]
3 – ID on UDP [OFF]
4 – Next
Each interface can be configured and activated independently.
Select 4 – Next to go to next step.
Wiegand configuration
Three protocols are available 26, 32 and 34 bits.
For other Wiegand configurations, please refer to chapter Authentication:
ID input from Wiegand.
WIEGAND
1 – 26 bits [●]
2 – 34 bits [ ]
3 – 32 bits [ ]
4 – OFF [ ]
DataClock configuration
DataClock interface can be activated – but is multiplexed with Wiegand
output.
UDP activation
UDP remote messages can also be activated. The server IP address must
be specified.
SERVER IP ADDRESS
10.10.161.7_
VALID
SAGEM Sécurité document. Reproduction and disclosure forbidden. 25
P
Pa
as
ss
sw
wo
or
rd
d
c
co
on
nf
fi
ig
gu
ur
ra
at
ti
io
on
n
Last step consists in changing the passwords.
PASSWORDS
1 – Terminal Config.
2 – User Management
3 – Reset User Mgt.
4 – Next
Select 4 – Next to leave the assistant.
The terminal must reboot to apply the changes.
EASY SETUP END
REBOOT
THE TERMINAL?
NEXT ABORT
Press NEXT to reboot the terminal.
Press ABORT to return to password management.
R
Re
es
st
ta
ar
rt
ti
in
ng
g
“
“E
Ea
as
sy
y
S
Se
et
tu
up
p”
”
MorphoAccess
TM
“Easy Setup” can be restarted using the End Menu.
26 SAGEM Sécurité document. Reproduction and disclosure forbidden
A
AD
DM
MI
IN
NI
IS
ST
TR
RA
AT
TI
IO
ON
N
M
ME
EN
NU
U
A
Ac
cc
ce
es
ss
s
t
to
o
A
Ad
dm
mi
in
ni
is
st
tr
ra
at
ti
io
on
n
M
Me
en
nu
u
Place your finger
for Identification
Please
The main application can be interrupted using the escape sequence. Hit
the following keys in sequence:
, then .
If the biometric database is not empty, the terminal accepts a finger
registered as administrator instead of the valid User Management
Password Code.
By default User Management Password is “12345”.
USER MANAGEMENT CODE
Present your finger please
Or enter password:
***|
If the Administrator uses the default password it is possible to change it
immediately.
USER MANAGEMENT CODE
Default password!
Do you want
to change it?
?
YES LATER
For security, we strongly recommend you to change the terminal
default password.
A
Ad
dm
mi
in
ni
is
st
tr
ra
at
ti
io
on
n
M
Me
en
nu
u
f
fe
ea
at
tu
ur
re
es
s
MA5XX APPLICATION
1 – Information
2 – Settings
3 – More functions…
SAGEM Sécurité document. Reproduction and disclosure forbidden. 27
I
In
nf
fo
or
rm
ma
at
ti
io
on
n
M
Me
en
nu
u
MA5XX APPLICATION
1 – Information
2 – Settings
3 – More functions…
Select Information to access to terminal and sensor information:
INFORMATION
1 – Terminal Info
2 – Sensor Info
Terminal information
Select Terminal Info to access to the following information:
Terminal information Description Example
1 – Type Terminal type 520
2 – Serial Number Terminal serial number
053535353A
3 – Soft. Version Terminal main software
version (MACCESS)
V01.20.04
4 – IP Address Terminal IP address 134.1.32.214
5 – MAC Address Terminal MAC address
00:60:4C:69:53:53
28 SAGEM Sécurité document. Reproduction and disclosure forbidden
Sensor information
Select Sensor Info to access to the following information:
Sensor information Description Example
1 – Product Info MSO Biometric product
information (type,
licence, serial number,
ID)
MSO300
MSO_MA_IDENTLITE
OEM SN: 0709F151008
OEM ID: 25194664
2 – Sensor Info Sensor information
(flash size, serial
number, ID)
Flash: 4096 Ko
SN: 0710A010026
ID: 25115841-4
3 – Soft. Info Sensor software
version
MSO V08.01.d-C
SAGEM Sécurité document. Reproduction and disclosure forbidden. 29
U
UN
ND
DE
ER
RS
ST
TA
AN
ND
DI
IN
NG
G
M
MO
OR
RP
PH
HO
OA
AC
CC
CE
ES
SS
S
T
TM
M
C
CO
ON
NF
FI
IG
GU
UR
RA
AT
TI
IO
ON
N
P
Pr
re
es
se
en
nt
ta
at
ti
io
on
n
MorphoAccess
TM
parameters are stored into files organized in sections
and values.
For example a file named “app.cfg” contains all the parameters defining
the main application settings.
[bio ctrl]
identification=1
nb attempts=2
…
[log file]
enabled=1
…
C
Co
on
nf
fi
ig
gu
ur
ra
at
ti
io
on
n
o
or
rg
ga
an
ni
iz
za
at
ti
io
on
n
The application creates several files:
app.cfg,
adm.cfg,
bio.cfg,
net.cfg,
fac.cfg,
The app.cfg file contains the application settings, adm.cfg contains
administration parameters, bio.cfg the biometric sensor settings, net.cfg
Ethernet parameters, fac.cfg the factory parameters.
Two files are reserved by the system to store factory settings and network
parameters:
fac.cfg,
net.cfg.
M
Mo
od
di
if
fy
yi
in
ng
g
a
a
p
pa
ar
ra
am
me
et
te
er
r
There are two ways to modify a parameter:
Directly on the terminal using the Configuration Application,
Remotely through Ethernet or Serial link with a client application
running on the Host System.
30 SAGEM Sécurité document. Reproduction and disclosure forbidden
N
No
ot
ta
at
ti
io
on
n
In this manual a parameter is presented using this formality:
“Short parameter description”
file/section/parameter Value
For example to activate recognition mode based on identification this key
must be set to 1:
Access control by identification
app/bio ctrl/identification 1
SAGEM Sécurité document. Reproduction and disclosure forbidden. 31
M
MO
OD
DI
IF
FY
YI
IN
NG
G
A
A
P
PA
AR
RA
AM
ME
ET
TE
ER
R
U
US
SI
IN
NG
G
T
TH
HE
E
C
CO
ON
NF
FI
IG
GU
UR
RA
AT
TI
IO
ON
N
A
AP
PP
PL
LI
IC
CA
AT
TI
IO
ON
N
The Configuration Application allows changing a parameter directly on the
terminal.
You must exit a possible running application to display the application
selection menu.
If the main application is running, it must be quit using the escape
sequence:
, then .
Then enter the Terminal Configuration Password to access to the
Administration Menu.
Select “Quit” to exit the Access Control application.
Press to display the functions menu.
Select 3 − CONFIGURATION to launch the Configuration Application.
The Configuration Application is fully detailed in the Configuration
Application User Guide. This chapter only offers a brief description.
FUNCTIONS
0 −
−−
− TELIUM MANAGER
1 −
−−
− ENROLMENT
2 −
−−
− MACCESS
3 −
−−
− CONFIGURATION ↓
↓↓
↓
K
Ke
ey
ys
s
r
ro
ol
le
e
Keys and change the current selection.
Key deletes a character or goes to previous screen.
Key confirms the change.
Key quits the application.
32 SAGEM Sécurité document. Reproduction and disclosure forbidden
C
Ch
ha
an
ng
gi
in
ng
g
a
a
p
pa
ar
ra
am
me
et
te
er
r
A main menu allows selecting the file to modify.
FILE SELECTION
1 −
−−
− bio
2 −
−−
− app
3 −
−−
− adm
4 −
−−
− exe
When a file has been selected it is possible to choose a section.
[APP]
1 −
−−
− bio ctrl
2 −
−−
− contactless
3 −
−−
− relay
4 −
−−
− send ID UDP
The parameter list contains all parameters available in a section.
[APP]/BIO CTRL
1 −
−−
− authent ID keyboard
2 −
−−
− identification
3 −
−−
− authent card mode
4 −
−−
− nb attempts
It is possible to display parameter one by one in a given section.
[app]/bio ctrl
authent ID keyboard
True
EDIT << >>
EXIT
The edition menu will depend on the parameter type.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 33
Binary choice
[app]/bio ctrl
authent ID keyboard
True [●]
False [ ]
IP address
[app]/send ID udp
host address
134. .1 .32 .214
34 SAGEM Sécurité document. Reproduction and disclosure forbidden
C
CO
ON
NF
FI
IG
GU
UR
RI
IN
NG
G
A
A
N
NE
ET
TW
WO
OR
RK
KE
ED
D
M
MO
OR
RP
PH
HO
OA
AC
CC
CE
ES
SS
S
T
TM
M
I
In
nt
tr
ro
od
du
uc
ct
ti
io
on
n
A PC (running with MEMS
TM
for example) connected to a
MorphoAccess™ can manage the terminal. Available remote operations
are:
Biometric template addition,
Control settings modification,
Configuration reading,
Local database deletion,
Record deletion,
Control diary downloading,
Firmware upgrade.
The PC acts as a client for the MorphoAccess™.
The MorphoAccess
TM
works as a server waiting for request from a client.
The client will send biometric templates to the terminal and manage the
local database.
Please refer to MorphoAccess™ Host System Interface Specification for a
complete description of TCP administration. This document explains how
to create a database and store biometric records in this base.
TCP
-
IP
Remote management:
Change mode
Add template
Get configuration
…
SAGEM Sécurité document. Reproduction and disclosure forbidden. 35
N
Ne
et
tw
wo
or
rk
k
f
fa
ac
ct
to
or
ry
y
s
se
et
tt
ti
in
ng
gs
s
By default the terminal IP address is 134.1.32.214. This address can be
changed through Ethernet or with the Configuration Application.
The default server port is 11010.
M
Mo
od
di
if
fy
yi
in
ng
g
a
a
k
ke
ey
y
u
us
si
in
ng
g
“
“c
co
on
nf
fi
ig
gu
ur
ra
at
ti
io
on
n
t
to
oo
ol
l”
”
Configuration Tool allows changing parameters. This program is an
illustration of utilization of the TCP API. Please refer to Configuration Tool
User Guide for more information about this program.
36 SAGEM Sécurité document. Reproduction and disclosure forbidden
U
UP
PG
GR
RA
AD
DI
IN
NG
G
T
TH
HE
E
F
FI
IR
RM
MW
WA
AR
RE
E
It is possible to upgrade your MorphoAccess
TM
firmware through Ethernet.
Two package types are available. One dedicated to terminal system,
another one dedicated to biometric library.
Use the Downloader to upgrade your terminal system.
Use the BioLoader to upgrade your terminal biometric library.
Please refer to the MA500 Series Upgrade Tools User Guide for more
information about upgrade procedures.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 37
D
DO
OW
WN
NL
LO
OA
AD
DI
IN
NG
G
A
A
L
LI
IC
CE
EN
NC
CE
E
By default the MorphoAccess
TM
can match a fingerprint against 3000
users database. This database configuration corresponds to a basic
licence (MSO_MA_IDENTLITE).
MA-Xtended licence (MSO_MA_IDENTPLUS) allows to extend
MorphoAccess
TM
recognition capabilities to 5 databases of 10 000 users
(2 fingers per user).
C
Ch
he
ec
ck
ki
in
ng
g
t
th
he
e
l
li
ic
ce
en
nc
ce
e
i
in
ns
st
ta
al
ll
le
ed
d
i
in
n
t
th
he
e
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
To display the licence installed in the MorphoAccess™, display the
Administration Menu, select “Information”, “Sensor Info” then “Product
Info”.
PRODUCT INFO
MSO 300
MSO_MA_IDENTPLUS
OEM SN: 0725F152306
OEM ID: 251946640
VALID
A
Av
va
ai
il
la
ab
bl
le
e
l
li
ic
ce
en
nc
ce
es
s
Licence
Default ( MSO_MA_IDENTLITE ) 1 database of 3000 users
MA-Xtended ( MSO_MA_IDENTPLUS ) 5 databases of 10 000 users
( UNKNOWN LICENCE ) contact the SAGEM support
MSO_MA_IDENTPLUS licence can be loaded in the MorphoAccess™.
38 SAGEM Sécurité document. Reproduction and disclosure forbidden
U
Up
pg
gr
ra
ad
de
e
t
to
o
M
MA
A-
-X
Xt
te
en
nd
de
ed
d
l
li
ic
ce
en
nc
ce
e
(
(1
1/
/2
2)
):
:
o
ob
bt
ta
ai
in
ni
in
ng
g
d
de
ev
vi
ic
ce
e
s
se
er
ri
ia
al
l
n
nu
um
mb
be
er
r
The MorphoAccess™ 500 must be connected to a LAN.
Launch the Terminal Licence Manager tool, connect to the
MorphoAccess™ and retrieve the terminal device serial number.
Device serial number has the following format “OEM ID-OEM SN”.
Copy this string to the “clipboard”.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 39
U
Up
pg
gr
ra
ad
de
e
t
to
o
M
MA
A-
-X
Xt
te
en
nd
de
ed
d
l
li
ic
ce
en
nc
ce
e
(
(2
2/
/2
2)
):
:
d
do
ow
wn
nl
lo
oa
ad
di
in
ng
g
a
a
M
MA
A-
-X
Xt
te
en
nd
de
ed
d
l
li
ic
ce
en
nc
ce
e
Connect to our customer support web site: https://www.sagem-
ds.com/biometrics-customersupport.
In the licence generator section enter your customer login and password.
Xtended licence corresponds to MSO_MA_IDENTPLUS licence.
Select this licence and copy the device serial number.
You will receive obtain your licence number by email.
You have to introduce the licence data send by the web server in the dialog
box (Step 2). You can use the Get data from file button to copy the data
from a file.
If you received the licence by the Hotline then introduce it in the dialog box
formatted MSO_MA_IDENTPLUS licence
Then, use the Transfer button to really process the loading of the device
(Step 3).
At any time, you can stop the procedure by using the Cancel button
Copy the complete string in Licence Manager tool.
If you receive your licence by email, select Get data from file.
Load the licence in the MorphoAccess.
40 SAGEM Sécurité document. Reproduction and disclosure forbidden
The software confirms the operation with the following dialog box (the
license is now loaded in your MorphoAccess
TM
device)
or signals a problem with a dialog box.
The display of the base number ‘00’ display on the MorphoAccess™
screen means the license “MSO_MA_IDENTPLUS” has been correctly
set.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 41
S
ST
TA
AN
ND
D
A
AL
LO
ON
NE
E
M
MO
OD
DE
ES
S
(
(N
NE
ET
TW
WO
OR
RK
KE
ED
D
O
OR
R
N
NO
OT
T
C
CO
ON
NN
NE
EC
CT
TE
ED
D)
)
The MorphoAccess
TM
works according two biometric recognition modes:
identification or authentication. Identification and authentication can be activated at
the same time (multi-factor mode).
In Stand Alone Mode the terminal can operate two applications: Access Control or
Time & Attendance.
42 SAGEM Sécurité document. Reproduction and disclosure forbidden
P
PR
RE
EL
LI
IM
MI
IN
NA
AR
RY
Y:
:
A
AD
DD
DI
IN
NG
G
A
A
B
BI
IO
OM
ME
ET
TR
RI
IC
C
T
TE
EM
MP
PL
LA
AT
TE
E
I
IN
N
L
LO
OC
CA
AL
L
D
DA
AT
TA
AB
BA
AS
SE
E
The management of the MorphoAccess™ internal biometric database can
be done either locally (through the terminal Man Machine Interface), or
remotely by a Host System. These two exclusive management modes are
defined as the:
• Local management mode
• Remote management mode
L
Lo
oc
ca
al
l
e
en
nr
ro
ol
lm
me
en
nt
t
The local database can be exported ciphered to other MA5xx devices
using a USB key.
The Enrolment Application is dedicated to this function.
Please refer to Enrolment Application User Guide for a complete
description of local enrolment facilities.
R
Re
em
mo
ot
te
e
m
ma
an
na
ag
ge
em
me
en
nt
t
The user is enrolled on an Enrolment Station (typically a station with
MEMS
TM
) and biometrics templates are exported to the MorphoAccess
TM
via Ethernet network or USB key.
This architecture allows managing many MorphoAccess
TM
databases from
one PC client station.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 43
M
MA
AC
CC
CE
ES
SS
S
A
AP
PP
PL
LI
IC
CA
AT
TI
IO
ON
N:
:
A
AC
CC
CE
ES
SS
S
C
CO
ON
NT
TR
RO
OL
L
O
OR
R
T
TI
IM
ME
E
&
&
A
AT
TT
TE
EN
ND
DA
AN
NC
CE
E
MorphoAccess™ application can be configured to work in physical access
control mode or in time and attendance mode. In this configuration,
MorphoAccess
TM
events logged can be enriched with some attendance
information (entry, exit...).
When the time attendance feature is activated the main screen may
display 2 or 4 functions.
F
Fo
ou
ur
r
f
fu
un
nc
ct
ti
io
on
ns
s
m
mo
od
de
e:
:
Time Attendance (4 functions)
app/modes/time and attendance 2
TIME ATTENDANCE
15:26
OCT 08 2006
T
Tw
wo
o
f
fu
un
nc
ct
ti
io
on
ns
s
m
mo
od
de
e:
:
Time Attendance (2 functions)
app/modes/time and attendance 1
TIME ATTENDANCE
15:27
OCT 08 2006
44 SAGEM Sécurité document. Reproduction and disclosure forbidden
When entering, the user has to press key to log his entry time.
When exiting, the user has to press key to log his exit time.
For particular uses such as temporary absences, two additional functions
corresponding to function keys 2 and 3 can be displayed.
After selection, the MorphoAccess
TM
switches in biometric mode
(identification or authentication).
The selected function is written in the log file and sent to the host.
If the user has selected the wrong operation (IN/OUT...), key can be
pressed at any moment during biometric invitation to abort the verification.
In this case, nothing is logged or sent to the controller.
After 10 seconds of inactivity on identification mode (no finger detected on
the sensor), the terminal switches back to the selection screen. In this
case the operation result is logged and/or sent to the controller (time-out).
To disable Time Attendance mode set app/modes/time and attendance to
0.
N
No
ot
te
e
a
ab
bo
ou
ut
t
t
te
er
rm
mi
in
na
al
l
c
cl
lo
oc
ck
k
d
de
ev
vi
ia
at
ti
io
on
n
The terminal clock has a +/- 4 sec per day typical time deviation at +25°C.
At 50°C, the time deviation may be up to -8 sec per day.
For application requiring time precision, MorphoAccess™ clock must be
synchronised regularly with an external clock.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 45
A
AC
CC
CE
ES
SS
S
C
CO
ON
NT
TR
RO
OL
L
B
BY
Y
I
ID
DE
EN
NT
TI
IF
FI
IC
CA
AT
TI
IO
ON
N
Access control by identification
app/bio ctrl/identification 1
To configure MorphoAccess
TM
terminal in this mode, set the parameter
app/bio ctrl/identification to 1.
After starting the MorphoAccess
TM
terminal waits for fingerprint detection
in identification mode. The sensor is lighted on.
Place your finger
for Identification
Please
The user can present a finger to launch identification process.
Remove finger
Analyzing …
If the identification is successful, the terminal triggers the access or returns
the corresponding ID to central security controller.
The ID can be sent through various interfaces. Please refer to
MorphoAccess™ Remote Messages Specification for a complete
description of “hit” and “no hit” messages.
Result is displayed on terminal screen.
Welcome
John Doe
Identified.
Once the user identification is done, the terminal automatically loops back
and waits for a new finger.
At least one user (biometric template) must be stored in the local
database. In this configuration up to 3000 users with 2 biometric templates
each can be stored.
46 SAGEM Sécurité document. Reproduction and disclosure forbidden
If the terminal is running in identification mode with an empty database,
the sensor is off and the following screen is displayed.
Empty Database
Please contact
Administrator
D
Di
is
sa
ab
bl
li
in
ng
g
i
id
de
en
nt
ti
if
fi
ic
ca
at
ti
io
on
n
Set app/bio ctrl/identification to 0 to disable identification (Proxy Mode).
SAGEM Sécurité document. Reproduction and disclosure forbidden. 47
A
AC
CC
CE
ES
SS
S
C
CO
ON
NT
TR
RO
OL
L
B
BY
Y
I
ID
DE
EN
NT
TI
IF
FI
IC
CA
AT
TI
IO
ON
N
(
(M
MA
A-
-X
XT
TE
EN
ND
DE
ED
D
L
LI
IC
CE
EN
NC
CE
E
L
LO
OA
AD
DE
ED
D)
)
It is possible to increase MorphoAccess™ 500 biometric database size
thanks to a licence (MA-Xtended licence): the MorphoAccess™ then
manages 5 bases of 10 000 users.
Access control by identification with MA-Xtended licence
app/bio ctrl/identification 1
To configure MorphoAccess™ terminal in this mode, set the parameter
app/bio ctrl/identification to 1 and verify that MA-Xtended licence has been
loaded.
Please refer to chapter Downloading a licence to know how to upgrade the
MorphoAccess
TM
with MA-Xtended licence.
After starting the MorphoAccess™ terminal waits for fingerprint detection
in identification mode. The sensor is lighted on.
If an MA-Xtended licence is loaded it is possible to choose the active
database.
To select a user database, just press a key number to toggle the database
number. By default, databases 0 to 4 can be selected and used.
Database 0 is the default database.
Place your finger
for Identification
Please
4 14:25
The user can present a finger to launch identification process.
If the identification is successful, the terminal triggers the access or returns
the corresponding ID to Central Security Controller.
Once the user identification is done, the terminal automatically loops back
to database 0 and waits for a new finger.
At least one fingerprint must be stored in the local database.
If the selected database is empty or does not exist, the sensor is off and
the following screen is displayed.
Empty Database
Please contact
Administrator
2
Set app/bio ctrl/identification to 0 to disable identification (Proxy Mode).
48 SAGEM Sécurité document. Reproduction and disclosure forbidden
D
Da
at
ta
ab
ba
as
se
e
n
nu
um
me
er
ra
at
ti
io
on
n
MA-Xtended licence extends biometric database capacity from 1 base of
3000 users to 5 bases of 10000 users. In this configuration the user must
select his database number (from 0 to 4) before presenting a finger to
launch identification process.
For user convenience MorphoAccess™ 300 series it is also possible to
activate a “16 databases mode”. In this mode the user selects a database
number between 0 and 15, and presents a finger to launch identification
process. Database selection
The base identification is a two digit number, with a leading zero when
required. The default selected base is the base with the identification is
“00”.
Pressing a decimal key changes the base to use by modifying the current
identification number: the higher digit is replaced by the unit digit and the
unit number is replaced by the entered digit. It means that is the “x” key is
pressed while the selected base number is “yz”, then the new selected
base will be “zx”, if it exists.
Valid base numbers are from 00 to 15, then if the selected base number is
higher than “15”, then the number of the default base (00) is automatically
forced.
Key allows to select a database from 10 to 15. For To select database
13 press then , just press a key number to toggle the database
number. By default, databases 0 to 4 can be selected and used.
Access control by identification with MA-Xtended licence
app/bio ctrl/identification 1
From the terminal point of there is still 5 biometric databases.
MorphoAccess™ 300 series
Or
MorphoAccess™ 500 series
MorphoAccess™ 500 series
(MA-Xtended licence)
Database
0,1,2 0
3,4,5 1
6,7,8 2
9,10,11 3
12,13,14,15 4
SAGEM Sécurité document. Reproduction and disclosure forbidden. 49
MEMS™ will automatically associates the user to the right base. For
example a user stored into database 4 on a MorphoAccess™ 300 will be
stored into database 1 on a MorphoAccess™ 500.
50 SAGEM Sécurité document. Reproduction and disclosure forbidden
I
IN
NT
TR
RO
OD
DU
UC
CT
TI
IO
ON
N
T
TO
O
C
CO
ON
NT
TA
AC
CT
TL
LE
ES
SS
S
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
Various recognition modes can be applied depending on the templates
location (card or terminal database) and the required security level.
This mode supposes that the user swipes a Mifare
TM
card containing some
structured data (identifier, biometric templates, PIN code)...
Data are localized on the card by a block (“B” parameter) and are
protected by a key (defined by “C” parameter). The “C” parameter defines
which key is used during the authentication with the card.
For a complete description of card structure and access mode,please refer
to MorphoAccess™ Contactless Card Specification.
First bloc to read
app/contactless/B 1-215
Key number to present
app/contactless/C 1, 2, 3
Following recognition modes are available:
Authentication with biometric templates on card:
Captured fingerprints are matched against templates read on the card
(PK). Identifier and biometric templates must be stored on the card.
In this mode it is also possible to check a PIN code before the
authentication and to replace the biometric authentication by a BIOPIN
code check. The BIOPIN code is used when user’s biometric templates
are not available (a visitor for example).
Authentication with biometric templates on local database:
Captured fingerprints are matched against templates read from the local
database. Only the identifier is required on the card.
Authentication based on “tag” card mode:
Depending on the card mode either templates are read on the card or
the control can be bypassed (visitor mode). The card mode tag must
be stored on the card.
It is possible to check PIN code before the authentication and to replace
the biometric authentication by a BIOPIN check.
It is also possible to skip the biometric control: in this case the terminal
acts as a contactless card reader.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 51
Contactless authentication can be combined with a local identification
(multi-factor mode).
52 SAGEM Sécurité document. Reproduction and disclosure forbidden
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
W
WI
IT
TH
H
B
BI
IO
OM
ME
ET
TR
RI
IC
C
T
TE
EM
MP
PL
LA
AT
TE
ES
S
O
ON
N
C
CA
AR
RD
D
Authentication with biometric templates on contactless card
app/bio ctrl/authent PK contactless 1
MorphoAccess
TM
520 can work in contactless authentication mode: the
user presents its card, the terminal reads the reference biometric
templates on the card and launches a biometric control based on the read
templates.
In this case the card will contain the user identifier and biometric
templates: no local database is required.
To trigger authentication, user should present his card to the terminal.
Please Present
Contactless
Smart Card
If card contains user templates, user is invited to present his finger for
biometric authentication.
Place your finger
For Authentication
Please
If the authentication is successful, the terminal triggers the access or
returns the corresponding ID to central security controller.
Once the user authentication is finished, the terminal automatically loops
back and waits for a new card presentation.
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
Contactless authentication Yes No Yes Yes No No
Card structure is described in MorphoAccess™ Contactless Card
Specification.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 53
P
PI
IN
N
V
VE
ER
RI
IF
FI
IC
CA
AT
TI
IO
ON
N
–
–
P
PI
IN
N
S
ST
TO
OR
RE
ED
D
O
ON
N
C
CA
AR
RD
D
If a reference PIN code is stored on the card it is possible to check this
code before controlling the fingerprints.
PIN code verification
app/bio ctrl/control PIN 1
To trigger authentication, user should present his card to the terminal.
Please Present
Contactless
Smart Card
If card contains a PIN code, user is invited to enter his PIN code.
Please enter PIN
***
VAL COR
If the PIN code is correct, user is invited to presents his finger for biometric
authentication.
Place your finger
For Authentication
Please
If the authentication is successful, the terminal triggers the access or
returns the corresponding ID to central security controller.
It is also possible to activate this mode independently of biometric
authentication. In this case, only the PIN code is checked.
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
PIN code verification Yes No No No Yes No
PIN then authentication Yes No Yes Yes Yes No
54 SAGEM Sécurité document. Reproduction and disclosure forbidden
B
BI
IO
OP
PI
IN
N
V
VE
ER
RI
IF
FI
IC
CA
AT
TI
IO
ON
N
-
-
B
BI
IO
OP
PI
IN
N
S
ST
TO
OR
RE
ED
D
O
ON
N
C
CA
AR
RD
D
In this mode the card should contain a BIOPIN code. The goal of this code
is to replace fingerprints authentication by BIOPIN code verification.
BIOPIN code verification
app/bio ctrl/control BIOPIN 1
To trigger the BIOPIN code verification, user should present his card to the
terminal.
If card contains user BIOPIN, user is invited to enter it.
Please enter
biometric PIN
***
VAL COR
If the BIOPIN is correct, the terminal triggers the access or returns the
user ID to the central security controller.
BIOPIN control replaces fingerprint authentication.
This mode can be combined with a preliminary PIN code verification.
It is also possible to activate the fingerprint control (configuration key
“authent PK contactless” set to 1): in this case the terminal will control
fingerprint if templates are stored on the card or BIOPIN if only a BIOPIN
is stored on the card.
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
BIOPIN code verification Yes No No No No Yes
SAGEM Sécurité document. Reproduction and disclosure forbidden. 55
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
W
WI
IT
TH
H
B
BI
IO
OM
ME
ET
TR
RI
IC
C
T
TE
EM
MP
PL
LA
AT
TE
ES
S
I
IN
N
L
LO
OC
CA
AL
L
D
DA
AT
TA
AB
BA
AS
SE
E
In this mode only the ID is read on the card. If the ID exists in the biometric
database, the MorphoAccess™ performs an authentication using the
biometric templates associated to this ID.
The ID can be stored into a TLV structure (typically a card encoded by
MEMS™) or directly read at a given offset of the card (binary ID).
A
AS
SC
CI
II
I
I
ID
D,
,
s
st
tr
ru
uc
ct
tu
ur
re
ed
d
d
da
at
ta
a
Contactless authentication with templates on local database
app/bio ctrl/authent ID contactless 1
The identifier must be stored into a TLV structure.
ASCII identifier in tagged structure.
app/contactless/data format
app/contactless/data length
app/contactless/data offset
0
0
0
The user identifier is used as an index in the local database of the
MorphoAccess
TM
: reference biometric templates are stored in the local
database.
To trigger authentication, user should present his card to the terminal.
Please Present
Contactless
Smart Card
If the corresponding ID exists in the terminal database, user is invited to
place his finger for biometric authentication.
Place your finger
For Authentication
Please
If the authentication is successful, the terminal triggers the access or
returns the corresponding ID to Central Security Controller.
Once the user authentication is done, the terminal automatically loops
back and waits for a new card presentation.
56 SAGEM Sécurité document. Reproduction and disclosure forbidden
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
authent ID contactless Yes No No No No No
Note: a database must exist in the terminal.
B
Bi
in
na
ar
ry
y
i
id
de
en
nt
ti
if
fi
ie
er
r,
,
n
no
on
n-
-s
st
tr
ru
uc
ct
tu
ur
re
ed
d
d
da
at
ta
a
Contactless authentication with templates on local database
app/bio ctrl/authent ID contactless 1
In this mode the identifier is read at a given offset on the card and is
supposed to be binary. No TLV structure is required on the card.
This mode is useful for using the card serial number as an identifier.
ASCII identifier in tagged structure.
app/contactless/data format
app/contactless/data length
app/contactless/data offset
1
[1-8]: ID size in bytes
[0-15]: ID offset in the read block
The user identifier is used as an index in the local database of the
MorphoAccess
TM
: in this case reference biometric templates are stored in
the local database.
Authentication progress is exactly the same as presented above.
Example – 4 bytes identifier.
The terminal is configured to read 4 bytes.
Read bytes are F4 E1 65 34.
Corresponding user identifier in the local database is “4108412212”
(ASCII).
Example – reading Mifare card Serial Number (little endian format).
app/contactless/data format = 1
app/contactless/data length = 4
app/contactless/data offset = 0
SAGEM Sécurité document. Reproduction and disclosure forbidden. 57
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
B
BA
AS
SE
ED
D
O
ON
N
C
CA
AR
RD
D
M
MO
OD
DE
E
Contactless authentication with card mode
app/bio ctrl/authent card mode 1
In this mode the card decides on the control progress.
The CARD MODE tag is required. This tag can take several values:
PKS [0x02]: user identifier, template 1 and template 2 are required
on the card. Biometric authentication is triggered with biometric
templates. If a BIOPIN is present instead of templates, BIOPIN is
controlled.
ID_ONLY [0x01]: only the user identifier is required. There is no
biometric control, the control is immediately positive. This feature is
useful for visitor requiring an access without enrolment. But it is still
possible to store templates on the card.
PIN_CODE [0x10]: only PIN code is controlled.
PIN_THEN_PKS [0x12]: PIN code is controlled then templates or
BIOPIN.
To enable this mode set app/bio ctrl/authent card mode to 1.
To disable this mode set app/bio ctrl/authent card mode to 0.
Required tags on card if CARD MODE tag value is PKS.
ID CARD
MODE
PK1 PK2 PIN BIOPIN
authent card mode (PKS) Yes Yes Yes Yes No No
authent card mode (PKS)
(BIOPIN)
Yes Yes No No No Yes
Required tags on card if CARD MODE tag value is ID_ONLY.
ID CARD
MODE
PK1 PK2 PIN BIOPIN
authent card mode (ID_ONLY)
Yes Yes No No No No
58 SAGEM Sécurité document. Reproduction and disclosure forbidden
Required tags on card if CARD MODE tag value is PIN_CODE.
ID CARD
MODE
PK1 PK2 PIN BIOPIN
authent card mode
(PIN_CODE)
Yes Yes No No Yes No
Required tags on card if CARD MODE tag value is PIN_THEN_PKS.
ID CARD
MODE
PK1 PK2 PIN BIOPIN
authent card mode
(PIN_THEN_PKS)
Yes Yes Yes Yes Yes No
authent card mode
(PIN_THEN_PKS) (BIOPIN)
Yes Yes No No Yes Yes
Card structure is described in MorphoAccess™ Contactless Card
Specification.
N
No
ot
te
e
a
ab
bo
ou
ut
t
“
“b
by
yp
pa
as
ss
s”
”
o
op
pt
ti
io
on
n
c
co
om
mb
bi
in
ne
ed
d
w
wi
it
th
h
“
“c
ca
ar
rd
d
m
mo
od
de
e”
”
When the bypass authentication configuration key is activated (see
Bypassing the biometric control in authentication), the global control is
bypassed and “card mode” is ignored.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 59
M
MU
UL
LT
TI
I-
-F
FA
AC
CT
TO
OR
R
M
MO
OD
DE
E
This mode is the fusion of identification mode and contactless
authentication without database mode.
This mode allows:
Performing an identification when user places his finger (operation
identical to identification mode).
Performing a contactless authentication when user swipes his
contactless card (operation identical to contactless authentication
without database mode).
To trigger authentication, user should present his card to the terminal or
place his finger on the sensor.
Please place
your finger or
Present card
If the authentication or the identification is successful, the terminal triggers
the access or returns the corresponding ID to central security controller.
If there is no database contactless card presentation is still possible.
Enabling one contactless mode and identification activate this mode.
Merged mode
app/bio ctrl/identification 1
And
app/bio ctrl/authent PK contactless
app/bio ctrl/authent card mode
app/bio ctrl/control BIOPIN
app/bio ctrl/control PIN
0 or 1
0 or 1
0 or 1
0 or 1
Required tags on card
Required tag on card depends on the authentication mode, but at least an
ID is necessary.
ID CARD
MODE
PK1 PK2 PIN BIOPIN
bypass authentication Yes No No No No No
60 SAGEM Sécurité document. Reproduction and disclosure forbidden
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
W
WI
IT
TH
H
L
LO
OC
CA
AL
L
D
DA
AT
TA
AB
BA
AS
SE
E:
:
I
ID
D
E
EN
NT
TE
ER
RE
ED
D
F
FR
RO
OM
M
K
KE
EY
YB
BO
OA
AR
RD
D
Biometric authentication with ID entered from keyboard
app/bio ctrl/authent ID keyboard 1
In this mode the ID of the user is entered on the MorphoAccess
TM
keyboard. If the ID exists in the database (or in one of the five databases),
the MorphoAccess™ performs an authentication using the biometric
templates associated to this ID.
The default screen invites the user to enter his numerical identifier.
Please enter ID
3563_
VAL COR
Note:
ID length is limited to 24 characters
.
Key deletes one character.
Once the ID is entered, the user confirms with green key .
SAGEM Sécurité document. Reproduction and disclosure forbidden. 61
If the corresponding ID exists in the terminal database, user is invited to
place his finger for biometric authentication.
Place your finger
For Authentication
Please
If the authentication is successful, the terminal triggers the access or
returns the corresponding ID to Central Security Controller.
If the identifier is not present in the local database authentication is not
launched.
User not found in
current database
35639
Once the user identification is done, the MorphoAccess™ automatically
loops back and waits for a new ID.
R
Re
em
ma
ar
rk
k
a
ab
bo
ou
ut
t
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
w
wi
it
th
h
M
MA
A-
-X
Xt
te
en
nd
de
ed
d
l
li
ic
ce
en
nc
ce
e
l
lo
oa
ad
de
ed
d
A MorphoAccess™ with MA-Xtended licence loaded will scan the five
biometric database to find the biometric templates associated to the ID.
N
No
ot
te
e
a
ab
bo
ou
ut
t
“
“b
by
yp
pa
as
ss
s”
”
o
op
pt
ti
io
on
n
When the bypass authentication configuration key is activated (see
Bypassing the biometric control in authentication), the MorphoAccess
TM
verifies that the ID is present on the local database before granting the
access.
62 SAGEM Sécurité document. Reproduction and disclosure forbidden
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
W
WI
IT
TH
H
L
LO
OC
CA
AL
L
D
DA
AT
TA
AB
BA
AS
SE
E:
:
I
ID
D
I
IN
NP
PU
UT
T
F
FR
RO
OM
M
W
WI
IE
EG
GA
AN
ND
D
O
OR
R
D
DA
AT
TA
AC
CL
LO
OC
CK
K
Biometric authentication: ID input from Wiegand or DataClock
app/bio ctrl/authent remote ID source 1 for Wiegand
2 for DataClock
This mode requires an external card reader that will send the ID of the
user to authenticate to the MorphoAccess
TM
Wiegand or DataClock input.
The default screen invites the user to pass his badge so the external
reader sends the user ID on MorphoAccess™ Wiegand or Dataclock
input.
Pass your badge
For Authentication
Please
If the ID exists in the database, the MorphoAccess™ performs an
authentication using the biometric templates associated to this ID.
Place your finger
For Authentication
Please
If the authentication is successful, the terminal triggers the access or
returns the user ID to Central Security Controller.
Once the user authentication is done, the MorphoAccess™ automatically
loops back and waits for a new input ID.
Wiegand or
DataClock
input
SAGEM Sécurité document. Reproduction and disclosure forbidden. 63
If the identifier sent by the reader is not present in the local database
authentication is not launched.
User not found in
current database
64235
R
Re
em
ma
ar
rk
k
a
ab
bo
ou
ut
t
M
Mo
or
rp
ph
ho
oA
Ac
cc
ce
es
ss
s™
™
w
wi
it
th
h
M
MA
A-
-X
Xt
te
en
nd
de
ed
d
l
li
ic
ce
en
nc
ce
e
l
lo
oa
ad
de
ed
d
A MorphoAccess™ with MA-Xtended licence loaded will scan the five
biometric database to find the biometric templates associated to the ID.
N
No
ot
te
e
a
ab
bo
ou
ut
t
“
“b
by
yp
pa
as
ss
s”
”
o
op
pt
ti
io
on
n
When the bypass authentication configuration key is activated (see
Bypassing the biometric control in authentication), the MorphoAccess
TM
verifies that the ID sent on Wiegand or DataClock input is present on the
local database before granting the access.
64 SAGEM Sécurité document. Reproduction and disclosure forbidden
W
Wi
ie
eg
ga
an
nd
d
f
fr
ra
am
me
e
c
co
on
nf
fi
ig
gu
ur
ra
at
ti
io
on
n
It is possible to define the format of the Wiegand input and thus of the read
identifier.
Frame description is based on frame length (in bits), ID, site code position
and size and party policy.
RemarkNote: Since the software version 2.00.00 the configuration key
name has been modified. The previous set key value is savedpreserved.
Wiegand input parameters
app/wiegand in/
frame length
(before v2.00 :
length)
1-128 Defines the number of bits of the frame.
start format
(before v2.00 :
start)
0.0
1.0
2.n
3.n
4.0
Defines the start control bit:
Reset to 0.
Set to 1.
Even parity calculated over the n first bits.
Odd parity calculated over the n first bits.
No start bit.
stop format (before
v2.00 : stop)
0.0
1.0
2.n
3.n
4.0
Defines the stop control bit:
Reset to 0.
Set to 1.
Even parity calculated over the n last bits.
Odd parity calculated over the n last bits.
No stop bit.
site format (before
v2.00 : site)
n.m Insert m bits of site value at offset n.
ID format (before
v2.00 : Id)
n.m Insert m bits of ID value at offset n.
Custom format
(before v2.00:
Custom)
n.m RFU.
W
Wi
ie
eg
ga
an
nd
d
f
fr
ra
am
me
e
e
ex
xa
am
mp
pl
le
e
(
(2
26
6
b
bi
it
ts
s)
)
0 1 2 3 … 8 9 10 11 12 … 23 24 25
START
SITE ID
STOP
1 8 bits 16 bits 1
START bit calculation range STOP bit calculation range
SAGEM Sécurité document. Reproduction and disclosure forbidden. 65
B
BY
YP
PA
AS
SS
SI
IN
NG
G
T
TH
HE
E
B
BI
IO
OM
ME
ET
TR
RI
IC
C
C
CO
ON
NT
TR
RO
OL
L
I
IN
N
A
AU
UT
TH
HE
EN
NT
TI
IC
CA
AT
TI
IO
ON
N
This mode requires only a user ID. This ID can be read on a smart card,
entered on the keyboard or sent on Wiegand or DataClock input.
The bypass authentication configuration key must be combined with an
authentication mode. Activating this flag means that the biometric
verification is bypassed.
T
Th
he
e
t
te
er
rm
mi
in
na
al
l
c
co
on
nt
tr
ro
ol
ls
s
t
th
ha
at
t
t
th
he
e
u
us
se
er
r
I
ID
D
e
ex
xi
is
st
ts
s
i
in
n
t
th
he
e
d
da
at
ta
ab
ba
as
se
e
When combined with an authentication mode with templates on local
database, the MorphoAccess
TM
verifies that the ID is present on the local
database before granting the access.
ID on a contactless card
Disabling biometric control, but ID must be present in the local database
app/bio ctrl/bypass authentication 1
app/bio ctrl/authent ID contactless 1
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
bypass authentication Yes No No No No No
ID entered on the keyboard
Disabling biometric control, but ID must be present in the local database
app/bio ctrl/bypass authentication 1
app/bio ctrl/authent ID keyboard 1
ID sent on Wiegand or DataClock input
Disabling biometric control, but ID must be present in the local database
app/bio ctrl/bypass authentication 1
app/bio ctrl/authent remote ID source 1 for Wiegand
2 for DataClock
66 SAGEM Sécurité document. Reproduction and disclosure forbidden
T
Th
he
e
t
te
er
rm
mi
in
na
al
l
w
wo
or
rk
ks
s
a
as
s
a
a
s
sm
ma
ar
rt
t
c
ca
ar
rd
d
r
re
ea
ad
de
er
r.
.
When combined authent PK contactless the MorphoAccess
TM
always
authorizes the access: the MorphoAccess
TM
works as a simple Mifare
TM
card reader.
Disabling biometric control, access is always granted
app/bio ctrl/bypass authentication 1
app/bio ctrl/authent PK contactless 1
Required tags on card
ID CARD
MODE
PK1 PK2 PIN BIOPIN
bypass authentication Yes No No No No No
SAGEM Sécurité document. Reproduction and disclosure forbidden. 67
R
RE
EC
CO
OG
GN
NI
IT
TI
IO
ON
N
M
MO
OD
DE
E
S
SY
YN
NT
TH
HE
ES
SI
IS
S
The MorphoAccess
TM
operating mode is driven by:
The authentication or identification mode required: Card Only, Card
+ Biometric, Biometric only.
Who defined the operating mode: Card or Terminal.
Mode defined by Card
app/bio ctrl/authent card mode
1
Mode defined by Terminal
app/bio ctrl/authent card mode
0
Operating mode
ID in card
bypass authentication 1
authent ID contactless 1
Check ID on terminal
Authentication
Card only
ID in card
Card Mode Tag = ID_ONLY
ID in card
bypass authentication 1
authent PK contactless 1
No ID check on terminal
ID and BIO in card
bypass authentication 0
authent PK contactless 1
Authentication
Card
+ Biometric
ID and BIO in Card
Card Mode Tag = PKS
ID on card and BIO in terminal
bypass authentication 0
authent ID contactless 1
Identification
Biometric only
ID and BIO in terminal
identification 1
68 SAGEM Sécurité document. Reproduction and disclosure forbidden
S
SE
ET
TT
TI
IN
NG
G
U
UP
P
R
RE
EC
CO
OG
GN
NI
IT
TI
IO
ON
N
S
ST
TR
RA
AT
TE
EG
GY
Y
T
Tw
wo
o
a
at
tt
te
em
mp
pt
ts
s
m
mo
od
de
e
If the recognition fails, it is possible to give a “second chance” to the user.
In identification mode if a bad finger is presented the user has 5 seconds
to present a finger again. The result is sent if this period expires or if the
user presents a finger again.
In authentication mode, if the user presents a bad finger, he can replace
his finger without presenting his card again. The result is sent only after
this second attempt.
It is possible to set the finger presentation timeout and to deactivate this
“two attempts mode”.
If the user is not identified, a second step follows immediately using a
smarter coding method. This coding allows recognizing users with dry
fingers or fingers with a bad placement on the sensor. However this
coding is slower than the light one.
P
Pa
ar
ra
am
me
et
te
er
rs
s
This mode can be configured using the Configuration Tool for example.
By default the two attempts mode is activated.
Setting up the number of attempts
app/bio ctrl/nb attempts 1 (only one attempts)
2 (two attempts mode)
The period between two attempts in identification (two attempts mode) can
be modified.
Setting up the identification timeout
app/bio ctrl/identification timeout 5 (1-
60)
In authentication mode a finger presentation period can be defined.
Setting up the authentication timeout
app/bio ctrl/authent timeout 10 (1-
60)
SAGEM Sécurité document. Reproduction and disclosure forbidden. 69
S
SE
ET
TT
TI
IN
NG
G
U
UP
P
M
MA
AT
TC
CH
HI
IN
NG
G
P
PA
AR
RA
AM
ME
ET
TE
ER
RS
S
Setting up matching threshold
bio/bio ctrl/matching th 3 (1-10)
The performances of a biometric system are characterized by two
quantities, the False Non Match Rate - FNMR - (also called False Reject
Rate) and the False Match Rate - FMR - (also called False Acceptance
Rate). Different trade-off are possible between FNMR and FMR depending
on the security level targeted by the Central Security Controller. When
convenience is the most important factor the FNMR must be low and
conversely if security is more important then the FMR has to be
minimized.
Different tunings are proposed in the MorphoAccess terminal depending
on the security level targeted by the system. The table below details the
different possibilities.
This parameter can be set to values from 1 to 10. This parameter specifies
how tight the matching threshold is. Threshold scoring values are
identified hereafter
1 Very few persons rejected FAR < 1%
2 FAR < 0.3%
3 Recommended value FAR < 0.1%
4 FAR < 0.03%
5 Intermediate threshold FAR < 0.01%
6 FAR < 0.001%
7 FAR < 0.0001%
8 FAR < 0.00001%
9 Very high threshold (few false
acceptances). Secure
application
FAR < 0.0000001%
10 High threshold for test purpose
only
There are very little false
recognition, and many rejections.
70 SAGEM Sécurité document. Reproduction and disclosure forbidden
F
FA
AK
KE
E
F
FI
IN
NG
GE
ER
R
D
DE
ET
TE
EC
CT
TI
IO
ON
N
M
MA
A2
2x
x1
1
–
–
M
MA
A3
3x
x1
1
c
co
om
mp
pa
at
ti
ib
bi
il
li
it
ty
y
- Password
Default password is “12345”. (On MA2x1 and MA3x1 terminals, default
specific password was “131664”.) SAGEM recommends strongly to the
administrator to configure it with a different value, and specific at each
customer.
- Delay after fake finger detection
The function associated to MA2x1 and MA3x1 /cfg/Maccess/Security
Policy/Delay in 10ms configuration key is no more supported.
- FFD security level
The function associated to app/bio ctrl/FFD security level is only for stand
alone mode. (On MA2x1 and MA3x1 terminals, this parameter applied to
standalone mode and ILV.) ILV has to set this parameter to have a
security level different from default security level.
F
FF
FD
D
s
se
ec
cu
ur
ri
it
ty
y
l
le
ev
ve
el
l
The fake finger detection is characterized by a false reject rate
(percentage of live fingers detected as fake fingers) and a false
acceptance rate (percentage of fake finger detected as real ones). This
FRR (resp. FAR) is called FFD-FRR (resp. FFD-FAR). The overall reject
rate of MAxx1 models is in fact : standard MA FRR + FFD-FRR.
Three security levels are proposed and provide different trade-off between
FFD-FAR and FFD-FRR.
0 Low fake finger detection security level
1 (default)
Medium fake finger detection security level
2 High fake finger detection security level
Setting up FFD security level
app/bio ctrl/FFD security level 1 (0-
2)
P
Pr
re
es
se
en
nc
ce
e
d
de
et
te
ec
ct
ti
io
on
n
Terminals with fake finger detection option allow another presence
detection mode.
0 (default)
Standard presence detection in identification mode.
1 In identification mode, sensor is in standby (LEDs are off)
while no finger is detected.
Setting up presence detection
SAGEM Sécurité document. Reproduction and disclosure forbidden. 71
app/bio ctrl/presence detection 0 (0-
1)
F
Fa
ai
il
lu
ur
re
e
I
ID
D
The administrator may chose the specific ID sent on Wiegand and
DataClock interfaces when a fake finger is detected.
Setting up FFD failure ID
app/failure ID/FFD ID 65535 (0-
65535)
72 SAGEM Sécurité document. Reproduction and disclosure forbidden
P
PR
RO
OX
XY
Y
M
MO
OD
DE
E
In Proxy mode is an operating mode where the Host System performs the access
control remotely.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 73
P
PR
RO
OX
XY
Y
M
MO
OD
DE
E
(
(O
OR
R
S
SL
LA
AV
VE
E)
)
P
PR
RE
ES
SE
EN
NT
TA
AT
TI
IO
ON
N
This operating mode allows to control the MorphoAccess
TM
remotely (the
link is Ethernet or RS422) using a set of biometric and databases
management commands.
In Proxy mode the access control is performed remotely by the Host
System: MorphoAccess
TM
works as a slave waiting for external commands
such as:
User identification.
User verification.
Relay activation.
Read data on a contactless smart card.
Biometric database management.
Terminal configuration changes.
Read an entry from the keyboard.
Display a message.
Read a contactless smart card.
MorphoAccess
TM
Host System
Please refer to refer to MorphoAccess™ Host System Interface
Specification: this document explains how to manage a terminal on a TCP
network.
74 SAGEM Sécurité document. Reproduction and disclosure forbidden
P
PR
RO
OX
XY
Y
M
MO
OD
DE
E
A
AC
CT
TI
IV
VA
AT
TI
IO
ON
N
Identification and authentication must be disabled. It means that all
controls must be turned off: the terminal becomes a slave.
Proxy mode
app/bio ctrl/identification 0
app/bio ctrl/authent card mode 0
app/bio ctrl/authent PK contactless 0
app/bio ctrl/authent ID contactless 0
app/bio ctrl/authent ID keyboard 0
app/bio ctrl/authent remote ID source 0
app/bio ctrl/ BIOPIN enabled 0
app/bio ctrl/control PIN 0
app/bio ctrl/bypass authentication 0
SAGEM Sécurité document. Reproduction and disclosure forbidden. 75
A
AP
PP
PL
LI
IC
CA
AT
TI
IO
ON
N
C
CU
US
ST
TO
OM
MI
IZ
ZA
AT
TI
IO
ON
N
76 SAGEM Sécurité document. Reproduction and disclosure forbidden
S
SE
ET
TT
TI
IN
NG
G
U
UP
P
T
TI
IM
ME
E
M
MA
AS
SK
K
When using MEMS
TM
, a time mask feature is available. This mode
enables the access according to its time mask. Time mask is defined by
slots of 15 minutes over a week.
Note: Since software version 2.00.00 the configuration key path has been
modified. The previous set key value is preservedsaved.
Time mask activation
Since v2.00 : app/modes/time mask
Before v2.00 :
app/time mask/enabled
1
SAGEM Sécurité document. Reproduction and disclosure forbidden. 77
M
MU
UL
LT
TI
IL
LI
IN
NG
GU
UA
AL
L
A
AP
PP
PL
LI
IC
CA
AT
TI
IO
ON
N
The MorphoAccess
TM
can display texts in six languages (including French,
Spanish, German, Italian). It is possible to download a user defined string
table. For more information about this feature, refer to the
MorphoAccess™ Host System Interface Specifications.
Default language
app/G.U.I/default language 0 English (default)
1 Spanish
2 French
3 German
4 Italian
5 Portuguese
INTL Language Generator allows defining the whole table.
78 SAGEM Sécurité document. Reproduction and disclosure forbidden
R
RE
ES
SU
UL
LT
T
E
EX
XP
PO
OR
RT
TA
AT
TI
IO
ON
N
The MorphoAccess
TM
can export the result of the control to an Central Security
Controller, and can log the result in a local diary or directly command an access.
This section is only an introduction about the MorphoAccess
TM
interface. Please refer
to MorphoAccess™ Remote Messages Specification for complete details of each
interface.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 79
R
RE
EM
MO
OT
TE
E
M
ME
ES
SS
SA
AG
GE
ES
S:
:
S
SE
EN
ND
DI
IN
NG
G
T
TH
HE
E
I
ID
D
T
TO
O
T
TH
HE
E
C
CE
EN
NT
TR
RA
AL
L
S
SE
EC
CU
UR
RI
IT
TY
Y
C
CO
ON
NT
TR
RO
OL
LL
LE
ER
R
P
Pr
re
es
se
en
nt
ta
at
ti
io
on
n
The MorphoAccess
TM
terminal can send status messages in real time to
an Central Security Controller by different means and through different
protocols. This information, called Remote Messages can be used, for
instance to display on an external screen the result of a biometric
operation, the name or the ID of the person identified… depending on the
role of the controller in the system.
The MorphoAccess™ Remote Messages Specification describes the
different solutions offered by the MorphoAccess
TM
to dialog with a
controller, and how to make use of them.
S
Su
up
pp
po
or
rt
te
ed
d
P
Pr
ro
ot
to
oc
co
ol
ls
s
The terminal can send messages about the biometric operations
performed by the MorphoAccess™ to a controller through the following
protocols:
Wiegand,
DataClock,
RS485/422,
Ethernet (TCP or UDP).
Etherne
t
RS485/422
Wiegand/DataClock
80 SAGEM Sécurité document. Reproduction and disclosure forbidden
R
RE
EL
LA
AY
Y
A
AC
CT
TI
IV
VA
AT
TI
IO
ON
N
If the control is successful, a relay may be activated to directly control a
door. This installation type offers a low security level.
Relay activation
app/relay/enabled 1
The relay aperture time can be defined and is set by default to 3 seconds
(i.e. 300).
Relay aperture time in 10 ms
app/relay/aperture time in 10 ms 300
(50 to 60000)
SAGEM Sécurité document. Reproduction and disclosure forbidden. 81
L
LO
OG
G
F
FI
IL
LE
E
MorphoAccess
TM
is logging its activities
app/log file/enabled 1
The MorphoAccess
TM
can log its biometric activities. It stores the result of
the command, the possible time and attendance function, date and time,
the matching mark, the execution time, and the ID of the user.
It is possible to download the diary file. For more information on this
feature, refer to the MorphoAccess™ Host System Interface Specification.
It is also possible to display the log file using the Logs Viewer Application.
JANUARY 8 2007
15:25,OK,783170
15:28,KO,
15:45,OK,7895641
15:59,KO,783170
82 SAGEM Sécurité document. Reproduction and disclosure forbidden
L
LE
ED
D
I
IN
N
A
AC
CT
TI
IV
VA
AT
TI
IO
ON
N
Use this signal to wait a controller “ACK” before granting the access.
1. If the user is recognized the MorphoAccess
TM
sends the user
identifier to the controller.
2. The MorphoAccess
TM
waits for a GND signal on LED1 or LED2. A
timeout can be defined.
3. The controller checks the user rights.
4. The controller sets LED1 to GND to authorize the access or sets
LED2 to GND to forbid the access.
This feature improves integration in an Central Security Controller (ACS).
The ACS through LED IN signals validates result of biometric matching.
LED IN mode activation
app/led IN/enabled 1
When the ACS validates the control a timeout must be specified: it defines
the time during which the MorphoAccess
TM
will wait for an
acknowledgement signal from the ACS through LED IN signals.
LED IN acknowledgement timeout in 10 ms
app/led IN/controller ack timeout 300
(0 to 3000)
If the controller has only one LED signal dedicated to “access authorized”,
this signal must be connected to LED1 input. In this case “access
forbidden” signal will be based on a timeout. "controller ack timeout" value
must be defined as short as possible in a range corresponding to
controller reply delay.
A controller with distinct outputs (one for “access forbidden”, one for
“access authorized”) will be connected to LED1 and LED2.
User ID
LED1 to GND: Access authorized.
LED2 to GND: Access refused.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 83
S
SE
EC
CU
UR
RI
IT
TY
Y
F
FE
EA
AT
TU
UR
RE
ES
S
84 SAGEM Sécurité document. Reproduction and disclosure forbidden
T
TA
AM
MP
PE
ER
R
S
SW
WI
IT
TC
CH
H
M
MA
AN
NA
AG
GE
EM
ME
EN
NT
T
A
Al
la
ar
rm
m
a
ac
ct
ti
iv
va
at
ti
io
on
n
The MorphoAccess
TM
can detect two intrusion attempts type:
• Someone tries to steal the complete terminal (opto-sensor is
triggered).
• Someone tries to open the terminal (tamper switch is triggered).
The device can send an alarm to the central controller in case of intrusion.
It can also play a sound alarm while sending the alarm.
Note: either the tamper switch or the opto-sensor triggers the alarm.
Please refer to MA500 Series Installation Guide to identify these switches
on the terminal.
To send an alarm on an output (UDP, RS485/RS422, Wiegand,
DataClock), the corresponding interface must be activated otherwise no
alarm will be sent.
Because Wiegand and DataClock are multiplexed on the same lines, only
one of these protocols shall be enabled at one time, else priority is given
to Wiegand, then DataClock.
These keys are:
app/send ID wiegand/enabled
app/send ID dataclock/enabled
app/send ID serial/enabled
app/send ID serial/mode (to select RS422 or RS485 link)
app/send ID UDP/enabled
Alarm message
UDP
RS485/RS422
Wiegand
DataClock
SAGEM Sécurité document. Reproduction and disclosure forbidden. 85
Setting the key app/tamper alarm/level to an appropriate value configure
tamper switch management feature.
Tamper Alarm Level
app/tamper alarm/level
0 No Alarm.
1 Send Alarm (No Sound Alarm).
2 Send Alarm and Activates Buzzer (Sound Alarm)
0 (0 – 2)
The key app/failure ID/alarm ID defines the value of the alarm ID to send
in Wiegand or DataClock. This ID permits to distinguish between a user ID
and an error ID. To be validated, key app/failure ID/enabled must be set to
1.
Tamper Alarm ID
app/failure ID/alarm ID
app/failure ID/enabled
65535 (0 – 65535)
1
In Wiegand and DataClock the alarm ID is sent like other Failure Ids. See
the documentation MorphoAccess™ Remote Messages Specification for a
description of the packet format in UDP and RS485.
E
Ex
xa
am
mp
pl
le
es
s
Example 1: Send an alarm ID (62221) in Wiegand, and play sound
warning, in case of intrusion detection.
To send an alarm in Wiegand, the key app/send ID wiegand/enabled must
be set to 1, and the key app/tamper alarm/level must be set to 2 (alarm
and buzzer.)
The key app/failure ID/alarm ID must be set to 62221 to link the intrusion
event to this identifier.
Example 2: Send an alarm in UDP quietly in case of intrusion detection.
To send an alarm in UDP, the key app/send ID UDP/enabled must be set
to 1.
Then the key app/tamper alarm/level must be set to 1 (quiet alarm.)
86 SAGEM Sécurité document. Reproduction and disclosure forbidden
P
PA
AS
SS
SW
WO
OR
RD
DS
S
Two passwords protect the system:
The Terminal Configuration Password protects MorphoAccess
TM
local administration and controls devices settings.
The User Management Password is required to access to local
database: it protects the Enrolment Application and the Log Viewer
Application.
Default password value is “12345”.
If a password is lost terminal must be returned to SAGEM
Sécurité.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 87
A
AN
NN
NE
EX
X
88 SAGEM Sécurité document. Reproduction and disclosure forbidden
M
MO
OR
RP
PH
HO
OA
AC
CC
CE
ES
SS
S
T
TM
M
2
22
20
0
3
32
20
0
C
CO
OM
MP
PA
AT
TI
IB
BI
IL
LI
IT
TY
Y
These tables present parameters equivalence between MA300/200 family.
Multi-factor mode (/cfg/Maccess/Admin/mode 5 on 220 and 320) is
activated when app/bio ctrl/identification is set to 1.
MA 200/300 MA 500
Identification
/cfg/Maccess/Admin/mode 0 app/bio ctrl/identification 1
app/bio ctrl/* 0
Contactless authentication with ID on card, template in local database
/cfg/Maccess/Admin/mode 4 app/bio ctrl/authent ID contactless 1
Contactless authentication: Card mode
/cfg/Maccess/Contactless/without
DB mode 0
/cfg/Maccess/Admin/mode 3 or
app/bio ctrl/authent card mode 1
/cfg/Maccess/Admin/mode 5
(mutli-factor mode)
app/bio ctrl/identification 1
Contactless authentication: Biometric verification
/cfg/Maccess/Contactless/without
DB mode 2
/cfg/Maccess/Admin/mode 3 or
app/bio ctrl/authent PK contactless 1
/cfg/Maccess/Admin/mode 5
(mutli-factor mode)
app/bio ctrl/identification 1
SAGEM Sécurité document. Reproduction and disclosure forbidden. 89
Contactless authentication: ID “only”, no biometric verification
/cfg/Maccess/Contactless/without
DB mode 1
/cfg/Maccess/Admin/mode 3 or
app/bio ctrl/authent PK contactless 1
app/bio ctrl/bypass authentication 1
/cfg/Maccess/Admin/mode 5
(mutli-factor mode)
app/bio ctrl/identification 1
Authentication: ID input from Wiegand or DataClock
/cfg/Maccess/Admin/mode 1
Jumper configuration defining the ID
source (DataClock or Wiegand)
app/bio ctrl/authent remote ID
source 1 or 2
Proxy mode
/cfg/Maccess/Admin/mode 2 app/bio ctrl/identification 0
app/bio ctrl/authent card mode 0
app/bio ctrl/authent PK contactless 0
app/bio ctrl/authent ID contactless 0
app/bio ctrl/authent ID keyboard 0
app/bio ctrl/authent remote ID
source 0
90 SAGEM Sécurité document. Reproduction and disclosure forbidden
C
CO
ON
NT
TA
AC
CT
TL
LE
ES
SS
S
M
MO
OD
DE
ES
S
T
TA
AB
BL
LE
E
Operation
Authent card
mode
Authent PK
contactless
Authent ID
contactless
Bypass
authentication
Authentication with templates in database
Read ID on contactless card.
Retrieve corresponding templates in database.
Biometric authentication using these templates.
Send ID if authentication is successful.
0 0 1 0
Authentication with templates on card
Read ID and templates on contactless card.
Biometric authentication using these templates.
Send ID if authentication is successful.
0 1 0 0
Card mode authentication
Read card mode, ID, templates (if required by card mode)
on contactless card.
If card mode is « ID only », send ID.
If card mode is « Authentication with templates on card »,
biometric authentication using templates read on card, then
send ID if authentication is successful.
1 0 0 0
Authentication with templates in database – biometric
control disabled
Read ID on contactless card.
Check corresponding templates presence in database.
Send ID if templates are present.
0 0 1 1
Authentication with templates on card – biometric
control disabled
Read ID on contactless card.
Send ID.
0 1 0 1
Card mode authentication – biometric control disabled
Read card mode, ID, templates (if required by card mode)
on contactless card.
Whatever card mode, send ID.
1 0 0 1
SAGEM Sécurité document. Reproduction and disclosure forbidden. 91
R
RE
EQ
QU
UI
IR
RE
ED
D
T
TA
AG
GS
S
O
ON
N
C
CO
ON
NT
TA
AC
CT
TL
LE
ES
SS
S
C
CA
AR
RD
D
Operation
ID CARD
MODE
PK1 PK2 PIN BIOPIN
Authentication with templates
in database
Yes No No No No No
Authentication with templates
on card
Yes No Yes Yes No No
Card mode authentication
(ID_ONLY)
Yes Yes No No No No
Card mode authentication
(PKS)
Yes Yes Yes Yes No No
Authentication with templates
in database –
biometric control
disabled
Yes No No No No No
Authentication with templates
on card –
biometric control
disabled
Yes No No No No No
Card mode authentication
(ID_ONLY) –
biometric control
disabled
Yes Yes No No No No
Card mode authentication
(PKS) –
biometric control
disabled
Yes Yes Yes Yes No No
BIOPIN check Yes No No No No Yes
PIN check Yes No No No Yes No
92 SAGEM Sécurité document. Reproduction and disclosure forbidden
F
FA
AQ
Q
S
Se
en
ns
so
or
r
i
is
s
o
of
ff
f
Verify that the base contents at least one record.
Check that identification is enabled.
T
Te
er
rm
mi
in
na
al
l
r
re
et
tu
ur
rn
ns
s
e
er
rr
ra
at
ti
ic
c
a
an
ns
sw
we
er
rs
s
t
to
o
p
pi
in
ng
g
r
re
eq
qu
ue
es
st
ts
s
Check the subnet mask. Ask to your administrator the right value.
SAGEM Sécurité document. Reproduction and disclosure forbidden. 93
R
RE
EL
LA
AT
TE
ED
D
D
DO
OC
CU
UM
ME
EN
NT
TS
S
A
Ad
dm
mi
in
ni
is
st
tr
ra
at
to
or
r
I
In
nf
fo
or
rm
ma
at
ti
io
on
n
MA500 Series Installation Guide
This document describes terminal electrical interfaces and connection
procedures.
MA500 Series Parameters Guide
The complete description of terminal configuration files and registry keys.
This document gives also parameters default values.
D
De
ev
ve
el
lo
op
pe
er
r
I
In
nf
fo
or
rm
ma
at
ti
io
on
n
MorphoAccess™ Host Interface Specification
A complete description of remote management commands.
MorphoAccess™ Remote Messages Specification
Details how the MorphoAccess
TM
sends the access control result to a
Central Security Controller.
MorphoAccess™ Contactless Card Specification
This document describes the MorphoAccess
TM
contactless card feature.
S
Su
up
pp
po
or
rt
t
T
To
oo
ol
ls
s
Configuration Tool User Guide
Configuration Tool user guide, via Ethernet.
USB Tool User Guide
Configuration Tool user guide, via USB key.
MA500 Series Upgrade Tools User Guide
Upgrade Tool user guide about firmware upgrading procedures.
Siège social : Le Ponant de Paris
27, rue Leblanc - 75512 PARIS CEDEX 15 - FRANCE