Professional Documents
Culture Documents
User Guide
MA 500+ Series
MA 500 Series
October 2009
Table of Contents
REVISIONS HISTORY
INTRODUCTION
7
8
MORPHOACCESS PRESENTATION
10
INTERFACES PRESENTATION
SYSTEM SYNOPTIC
TERMINAL PRESENTATION
ACCESS CONTROL PRESENTATION
RESULT OF THE ACCESS CONTROL
11
13
15
17
20
TERMINAL CONFIGURATION
23
24
39
42
44
47
50
51
52
53
54
55
57
61
63
66
68
69
70
71
74
76
78
80
SSE-0000060806-05
83
86
87
88
89
IDLE MODE
91
92
93
PROXY MODE
94
95
96
APPLICATION CUSTOMIZATION
97
98
99
100
RESULT EXPORTATION
101
102
103
105
106
SECURITY FEATURES
107
108
110
MESSAGES SENDING
111
PRINCIPLE
EVENTS
SENDING INTERFACES
112
113
114
APPENDIX
115
116
118
SSE-0000060806-05
120
121
122
123
CONTACTS
125
SUPPORT
126
SSE-0000060806-05
REVISIONS HISTORY
Date
July 08
Firmware
Description
2.07
2.09
June 09
2.10
October
09
2.11
SSE-0000060806-05
INTRODUCTION
SSE-0000060806-05
Biometrics
MA 500+
Series
OMA 500
Series
MA 500
Series
Contactless Smartcard
Reader
MIFARE
DESFire
MA 500+
MA 520+ D
MA 521+ D
OMA 520 D
OMA 521 D
OMA 520
OMA 521
MA 500
MA 520
MA 521
SSE-0000060806-05
False Finger
Detection
Outdoor
SAFETY INSTRUCTIONS
Europe information
Sagem Scurit hereby declares that the MorphoAccess has been
tested and found compliant with the following listed standards as required
by the EMC Directive 89/336/EEC: EN55022 (1994) / EN55024 (1998),
EN300-330 (1999) and by the low voltage Directive 73/23/EEC amended
by 93/68/EEC: EN60950 (2000).
These terminals are Class A devices. In a residential environment,
these devices may cause interference. In this case, the user is
encouraged to try to correct the interference with appropriated measures
such as:
USA information
Responsible Party: Sagem Scurit , Le Ponant de Paris, 27, rue Leblanc
F 75512 PARIS CEDEX 15 FRANCE
Changes or modifications not expressly approved by the party
responsible for compliance could void the users authority to operate the
equipment.
This device complies with part 15 Class A of the FCC Rules. Operation is
subject to the following two conditions: (1) This device may not cause
harmful interference, and (2) this device must accept any interference
received, including interference that may cause undesired operation.
NOTE:
This equipment has been tested and found to comply with the
limits for a Class A digital device, pursuant to part 15 of the FCC
Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial
installation. This equipment generates, uses and can radiate
radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful
interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct
the interference at their own expense.
SSE-0000060806-05
Canadian information
This Class A digital apparatus complies with Canadian ICES-003.
Cet appareil numrique de Classe A est conforme la norme NMB-003 du
Canada.
SSE-0000060806-05
MORPHOACCESS PRESENTATION
10
SSE-0000060806-05
INTERFACES PRESENTATION
Man-machine interface
The MorphoAccess 500 Series offers a simple and ergonomic manmachine interface dedicated to access control based on fingerprint
recognition:
a multi-toned buzzer,
SSE-0000060806-05
11
Electrical interfaces
The terminal offers multiple interfaces dedicated to administration and
control information:
a opto-sensor to detect that the back cover has been removed (6),
12
SSE-0000060806-05
SYSTEM SYNOPTIC
Typical architecture including a MorphoAccess, a Host
System and a Central Security Controller
SSE-0000060806-05
13
14
SSE-0000060806-05
TERMINAL PRESENTATION
A MorphoAccess 500 Series terminal is running with 4 applications
dedicated to a given need.
MACCESS
This is the main application, dedicated to access control including
biometric control.
It is possible to leave this application to launch another application.
The current User Guide details this application features.
ENROLMENT
This application allows enrolling users in the terminal when the database
of the MorphoAccess is not managed by an external system (Local
management mode).
The created database can be saved ciphered on a USB flash drive and
exported to other stand alone MorphoAccess 500 Series.
This application can also encode some MIFARE and/or DESFire
contactless cards with users finger templates (depending on terminal
see section Scope of the document).
A synchronisation message can be sent to a distant host to inform it about
changes on biometric databases. Refer to Enrolment on terminal with
synchronization section.
The User Management Password protects the execution of this
application.
Please refer to Enrolment Application User Guide for more information
about this application.
CONFIGURATION
This application allows modifying the main application parameters.
Parameters are divided into files, sections and keys.
The Terminal Configuration Password protects the execution of this
application.
Please refer to Configuration Application User Guide for more information
about this application.
SSE-0000060806-05
15
LOGS VIEWER
This application allows consulting the local event diary stored by the
MorphoAccess: there is one record for each access request. It is also
possible to export this file on a standard USB flash drive.
The User Management Password protects the execution of this
application.
Please refer to Logs Viewer Application User Guide for more information
about this application.
16
SSE-0000060806-05
Identification (1 versus N)
The user provides one of his fingerprints and the terminal is in charge to
find the users identifier.
In identification mode, the access request starts with a finger on the
sensor.
The reference biometric templates of each allowed users are stored in the
local database. The captured fingerprint is compared to all reference
templates to search for a match (1 versus N matching mode). If a match is
found, the users identifier is retrieved.
Depending on the installed licence, the terminal can store up to 3000
users (2 fingers per user) in its local database or up to 50 000 users
divided in 5 bases of 10 000 users each.
In this mode the sensor is always switched on, waiting for a finger.
SSE-0000060806-05
17
Authentication (1 versus 1)
The user provides his identifier, and the terminal is in charge to check it by
comparing a capture fingerprint with one or two references templates.
In authentication mode, the access request starts when the users
identifier is provided.
Multi-Factor recognition
It is possible to combine several factors such as, what I have (a
contactless smart card), what I know (PIN code), and what I am (biometric
templates).
18
SSE-0000060806-05
Proxy mode
Proxy Mode is not strictly speaking a recognition mode. In this mode, the
MorphoAccess works as a slave waiting for external commands such
as:
identification,
verification,
relay activation,
Proxy commands:
Identification
Verification
Relay activation
Read card
SSE-0000060806-05
19
or
NOT IDENTIFIED
Relay
If enabled, the MorphoAccess internal relay is activated, during the
specified period, in case of successful control result (access is granted).
20
SSE-0000060806-05
Ethernet port
The access request result message can be sent through an IP connection
using either the UDP, the TCP, or the SSL protocol.
Please refer to MorphoAccess Remote Messages Specification to know
the information sent by the terminal.
For IP, the administrator can set the port and define the protocol.
Please refer to SSL Solution for MorphoAccess documentation, for
further details about the SSL on the MorphoAccess.
WI-FI connection
Instead of Ethernet connection, the terminal can be connected using a
wireless b/g connection. Please refer to paragraphs Network WI-FI
configuration and WI-FI configuration
The message format and the protocols supported are the same: UDP,
TCP or SSL.
It is not possible for a terminal to be connected through Ethernet and
through WI-FI at the same time.
21
The record file can be erased using the Logs Viewer embedded
application. Please refer to MorphoAccess 500 Series Logs Viewer User
Guide for further details.
22
SSE-0000060806-05
TERMINAL CONFIGURATION
SSE-0000060806-05
23
Key
Key
Key
Language selection
It is possible to choose the language of the application among installed
languages.
APPLICATION LANGUAGE
1 ENGLISH
2 SPANISH
3 FRENCH
4 GERMAN
24
SSE-0000060806-05
deletes a character.
Key
SSE-0000060806-05
25
[]
2 Disable
[ ]
DHCP disabled
If DHCP is disabled following parameters must be set:
IP address,
Network mask,
Default gateway.
ENTER IP ADDRESS
10.10.161.3_
VALID
DHCP enabled
With DHCP only the terminal hostname on the network is required.
The DNS server must be updated so that users can communicate with the
MorphoAccess using the terminal hostname. Please contact your
network administrator.
ENTER HOSTNAME
MA0789652_
VALID
26
SSE-0000060806-05
Recognition mode
Once IP parameters are defined next step is to define the recognition
mode.
Recognition mode selection screen(s) depends on the type of terminal
(see section Scope of the document).
On terminals that do not have any contactless smartcard reader:
RECOGNITION MODE
1 Identification
[]
[]
2 Contactless
[ ]
3 Multifactor
[ ]
SSE-0000060806-05
27
YES
NO
YES
NO
?
NO
For example, if YES is answered to all the questions, the terminal will be in
Multifactor mode (Identification + DESFire cards + MIFARE cards).
28
SSE-0000060806-05
Output interface
Last step allows defining the interface required to export the control result.
INTERFACE PARAMETERS
1 Wiegand [OFF]
2 Dataclock [OFF]
3 ID on UDP [OFF]
4 Next
[]
2 34 bits
[ ]
3 37 bits
[ ]
4 OFF
[ ]
Dataclock configuration
Dataclock interface can be activated but is multiplexed with Wiegand
output.
UDP activation
UDP remote messages can also be activated. The server IP address must
be specified.
SERVER IP ADDRESS
10.10.161.7_
VALID
SSE-0000060806-05
29
Password configuration
This step consists in changing the passwords.
PASSWORDS
1 Terminal Config.
2 User Management
3 Reset User Mgt.
4 Next
ABORT
30
SSE-0000060806-05
?
LATER
!
ABORT
SSE-0000060806-05
31
?
LATER
!
ABORT
32
SSE-0000060806-05
WIFI CONFIGURATION
4 Get profile info
5 Modify profile
6 Remove profile
7 Next
[]
SSE-0000060806-05
33
[]
2 WIFI_1
[..]
[..]
NEW PROFILE
4 algorithm
5 key
6 channel
7 valid
the algorithm can be: None , WEP64 , WEP128 or WPAPSK (since 2.11 firmware revision),
34
SSE-0000060806-05
NEW PROFILE
4 algorithm
5 channel
35
If WEP or WPA algorithm is chosen, the key must be entered (the key is
not retrieved from access point).
The profile must have the same value parameters as its access point.
For the selection of one of the three first choices, data capturing screens
or menu screens are displayed. The choice 4 valid allows creating and
activating the profile with its parameters.
Remove an existing profile
The choice 6 Remove allows removing a profile.
A screen showing the profiles saved in the MorphoAccess is displayed
and the profile to remove can be selected.
Configure active profiles network settings (since 2.11 firmware
revision)
The choice 7 Next allows choosing between static or dynamic network
configurations.
DHCP
36
1 Enable
[]
2 Disable
[..]
SSE-0000060806-05
DHCP disabled
If DHCP is disabled following parameters must be set:
IP address,
Network mask,
Default gateway.
ENTER IP ADDRESS
10.10.161.3_
VALID
DHCP enabled
When choosing the DHCP mode, the assistant asks for the terminal
hostname.
ENTER HOSTNAME
MA0789652_
VALID
The DNS server must be updated so that users can communicate with the
MorphoAccess using the terminal hostname. Please contact your
network administrator.
The terminal has to be restarted to take changes in account.
Note 1: If this step is never performed, the MorphoAccess configures the
Wi-Fi active profile in DHCP mode.
Note 2: The network configuration is only for the active profile, not for the
others profiles.
SSE-0000060806-05
37
38
SSE-0000060806-05
ADMINISTRATION MENU
Access to Administration Menu
Place your finger
for Identification
Please
The main application can be interrupted using the escape sequence. Hit
the following keys in sequence:
,
then
.
If the biometric database is not empty, the terminal accepts a finger
registered as administrator instead of the valid User Management
Password Code.
By default User Management Password is 12345.
USER MANAGEMENT CODE
Present your finger please
Or enter password:
***|
?
LATER
SSE-0000060806-05
39
Information Menu
MA5XX APPLICATION
1 Information
2 Settings
3 Enrolment
4 More functions
Terminal information
Select Terminal Info to access to the following information:
40
Terminal information
Description
Example
1 Type
Terminal type
520
2 Serial Number
3 Soft. Version
4 IP Address
Terminal IP address
5 MAC Address
134.1.32.214
SSE-0000060806-05
Sensor information
Select Sensor Info to access the following information:
Sensor information
Description
1 Licence Info
Licence information
MSO_MA_IDENTLITE
(licence name, Licence Device
Licence
ID:
ID)
251946640
0728EC51008
2 Sensor Info
Sensor information
(type, flash size, serial
number, sensor ID)
3 Soft. Info
Example
MSO300
Flash: 32768 Ko
SN: 0730A010026
ID: 25115841-4
Sensor software
MSO V08.02.d-C
version. After a
software upgrade, a
reboot is necessary to
get the current version.
Settings menu
SETTINGS
1 Factory Settings
2 Easy Setup
3 Change Passwords
4 Wifi Setup
41
[log file]
enabled=1
Configuration organization
The application creates several files:
app.cfg,
adm.cfg,
bio.cfg,
net.cfg,
fac.cfg,
Please refer to MorphoAccess Parameters Guide for further details on
those files.
42
SSE-0000060806-05
Modifying a parameter
There are two ways to modify a parameter:
Notation
In this manual a parameter is presented using this format:
Short parameter description
file/section/parameter
Value
SSE-0000060806-05
43
then
Keys role
Keys
selection)
Key
Key
Key
44
and
SSE-0000060806-05
Changing a parameter
To change a parameter, select the Configuration item.
MAIN MENU
1 Configuration
2 More
3 Quit
A menu allows selecting the file to modify. Note that the order of the menu
may change.
FILE SELECTION
1 bio
2 app
3 adm
4 net
<<
>>
EXIT
SSE-0000060806-05
45
NOTE:
Binary choice
[app]/bio ctrl
authent ID keyboard
True
[]
False
[ ]
IP address
[app]/send ID udp
host address
134.
46
.1
.32
.214
SSE-0000060806-05
Configuration reading,
Firmware upgrade.
The PC acts as a TCP/IP client for the MorphoAccess.
Remote management:
Change mode
Add template
Get configuration
SSE-0000060806-05
47
Date/Time settings
The date/time of the terminal can be initialized with the configuration
assistant (Easy setup) or by a distant host system using an application
such as the Configuration Tool (More button) described below.
The terminal start-up process searches for date modification and does
not accept a date older than the firmware generation date. In that case,
the current will be the firmware generation date.
48
SSE-0000060806-05
To solve this issue, unplug the WI-FI USB adapter and restart
the terminal and load a Wi-Fi licence.
See WI-FI parameters description in paragraph WI-FI configuration
SSE-0000060806-05
49
DOWNLOADING A LICENCE
By default the MorphoAccess can match a fingerprint against a
database of 3 000 users. This database configuration corresponds to a
basic licence (MSO_MA_IDENTLITE).
MA-Xtended
licence
(MSO_MA_IDENTPLUS)
extends
MorphoAccess recognition capabilities to 5 databases of 10 000 users
(2 fingers per user) or 16 databases of 3 000 users.
WI-FI network (WLAN) use is enabled with another licence.
Licence number depends on the Device Licence ID. This unique identifier
is checked by the Licence Manager tool. It can be displayed on the
information menu.
The Licence Manager tool allows downloading a licence in the
MorphoAccess as explained in Terminal Licence Management
documentation.
50
SSE-0000060806-05
SSE-0000060806-05
51
SCREEN CONTRAST
A keyboard shortcut controls the screen contrast.
52
Key
and
Key
and
SSE-0000060806-05
STARTING UP APPLICATION
By default, the MorphoAccess 500 Series terminal starts on the access
control application (MACCESS). But it can also start on another
application:
Starting up application
exe/init state/startup
1
(MACCESS application)
SSE-0000060806-05
53
54
SSE-0000060806-05
Local enrolment
SSE-0000060806-05
55
Remote management
The user is enrolled on an Enrolment Station (typically a PC station with
MEMS) and biometric templates are exported to the MorphoAccess
via a communication link.
56
SSE-0000060806-05
TIME ATTENDANCE
15:27
OCT 08 2006
SSE-0000060806-05
57
TIME ATTENDANCE
15:26
OCT 08 2006
58
SSE-0000060806-05
Extended mode:
Extended Time and Attendance
app/modes/time and attendance
In this mode each numeric key of the keyboard can be associated with
one of the time and attendance functions, and a bitmap image (which
usually specifies the keyboard mapping) is displayed on the screen. A
specific text message can be displayed on the screen, when an assigned
key is pressed. (Refer to MorphoAccess Series Parameters Guide for
further details). The key assignation and the bitmap picture are selected
by configuration keys.
To load the bitmap file in the MorphoAccess, use the program file
BMP2REQ_Generator.exe and MATM tool to load the REQ file. The
bitmap must be encoded as a MS Paint monochrome bitmap only and
the bitmap size must be less or equal to 128 x 50 pixels.
The following screen is an example of what can be made:
59
The icon set used for the time and attendance mode is
customizable. Icons from old MorphoAccess 200 and 300
Series can be displayed instead of the new ones (Refer to
MorphoAccess Series Parameters Guide for further details).
60
SSE-0000060806-05
Once the user identification is done, the terminal automatically loops back
and waits for a new finger.
At least one user (biometric template) must be stored in the local
database.
SSE-0000060806-05
61
Disabling identification
Set app/bio ctrl/identification to 0 to disable identification.
62
SSE-0000060806-05
14:25
SSE-0000060806-05
63
If the selected database is empty or does not exist, the sensor is off and
the following screen is displayed, before returning to the database 0.
Empty Database
Please contact
Administrator
2
Database numeration
MA-Xtended licence extends biometric database capacity from 1 base of
3 000 users to 5 bases of 10 000 users. In this configuration the user must
select his database number (from 0 to 4) before presenting a finger to
launch identification process.
For MorphoAccess 300 Series user convenience, it is also possible to
activate a 16 databases mode. In this mode the user selects a database
number between 0 and 15, and presents a finger to launch identification
process.
The base identification is a two-digit number, with a leading zero when
required. The default-selected base is the base with identification 00.
Numeric keys allow selecting a database from 0 to 9. To select
database 3, press
Key
13, press
then
Valid base numbers are from 0 to 15. If the selected base number is
higher than 15, the number of the default base (0) is automatically
forced.
Database numeration
app/G.U.I/database conversion
64
SSE-0000060806-05
Or
(MA-Xtended licence)
3,4,5
6,7,8
9,10,11
12,13,14,15
MEMS will automatically associate the user to the right base. For
example a user stored into database 4 on a MorphoAccess 300 Series
will be stored into database 1 on a MorphoAccess 500 Series.
SSE-0000060806-05
65
0-3
66
SSE-0000060806-05
Recognition modes
Various recognition modes using contactless card can be applied
depending on the templates location (card or terminal database) and the
required security level.
Recognition with DESFire cards supposes that the user swipes a
DESFire (depending on configuration) card containing some structured
data (identifier, biometric templates, PIN code...).
Recognition with MIFARE cards supposes that the user swipes a
MIFARE card containing some structured data (identifier, biometric
templates, PIN code...). Data are localized on the card by a block (B
parameter) and are protected by a key (defined by C parameter). The C
parameter defines which key is used during the authentication with the
card.
For a complete description of card structure and access mode, please
refer to MorphoAccess Contactless Card Specification.
The following recognition modes are available:
Authentication with biometric templates on card
Captured fingerprints are matched against templates read on the card
(PK). User identifier and user biometric templates must be stored on the
card.
In this mode it is also possible to check a PIN code before the
authentication and to replace the biometric authentication by a BIOPIN
code check. The BIOPIN code is used when user biometric templates
are not available (a visitor for example).
Authentication with biometric templates on local database
Captured fingerprints are matched against templates read from the local
database. Only the user identifier is required on the card.
Authentication based on tag card mode
Depending on the card mode, either templates are read on the card or
the control can be bypassed (visitor mode). The card mode tag must be
stored on the card.
It is possible to check PIN code before the authentication and to replace
the biometric authentication by a BIOPIN check.
It is also possible to skip the biometric control: in this case the terminal
acts as a contactless card reader.
Contactless authentication can be combined with a local identification
(multi-factor mode).
SSE-0000060806-05
67
1 (Enabled)
If the card contains user templates, the user is invited to present his finger
for biometric authentication.
Place your finger
For Authentication
Please
CARD
PK1
PK2
PIN
BIOPIN
Yes
Yes
No
No
MODE
Contactless authentication
Yes
No
SSE-0000060806-05
1 (Yes)
If card contains a PIN code, the user is invited to enter his PIN code.
COR
If the PIN code is correct, the user is invited to present his finger for
biometric authentication.
Place your finger
For Authentication
Please
CARD
PK1
PK2
PIN
BIOPIN
MODE
Yes
No
No
No
Yes
No
Yes
No
Yes
Yes
Yes
No
SSE-0000060806-05
69
1 (Yes)
This mode must be activated with the authentication that uses fingerprints
from contactless card (authent PK Contactless to 1). The terminal looks
for finger templates stored on the card. If there arent any, it looks for a
BIOPIN code.
To trigger the BIOPIN code verification, the user presents his card to the
terminal.
If the card contains a user BIOPIN, the user is invited to enter it.
Please enter
biometric PIN
***
VAL
COR
If the BIOPIN is correct, the terminal triggers the access or returns the
user ID to the Central Security Controller.
This mode can be combined with a preliminary PIN code verification.
Required tags on card
ID
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
Yes
MODE
70
Yes
No
SSE-0000060806-05
1 (Enabled)
0 (structured data)
app/contactless/data length
app/contactless/data offset
SSE-0000060806-05
71
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
No
MODE
authent ID contactless
Yes
No
1 (Enabled)
In this mode the identifier is read at a given offset on the card and is
supposed to be binary. No TLV structure is required on the card.
It is possible to read non-byte aligned data. It is useful to read a user ID
included in a Wiegand data or to use the card serial number as an
identifier.
Binary identifier, non-structured data
app/contactless/data format
1 (binary data)
Binary data are defined by their position from the first read block.
ID length is limited to 8 bytes (app/contactless/data length 8.0).
ID offset is limited to 15 bytes (app/contactless/data offset 15.0).
Data localization
app/contactless/B
app/contactless/data length
app/contactless/data offset
72
SSE-0000060806-05
= 0.1
=1
Site
Byte 4
5
10
32 bits ID
30
31
32
33
34
ID
35
36
37
38
39
The corresponding configuration will read only the 32 bits ID on the card.
app/contactless/data format = 1
Binary identifier
4 bytes length
app/contactless/B = 46
Read at sector 15
73
1 (Enabled)
CARD
PK1
PK2
PIN
BIOPIN
MODE
Yes
Yes
Yes
Yes
No
No
Yes
Yes
No
No
No
Yes
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
No
MODE
74
Yes
Yes
SSE-0000060806-05
CARD
PK1
PK2
PIN
No
No
Yes
BIOPIN
MODE
Yes
Yes
No
CARD
PK1
PK2
PIN
BIOPIN
MODE
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
No
No
Yes
Yes
SSE-0000060806-05
75
of
identification
mode
and
contactless
1 (Enabled)
And
76
0 (Disabled) or 1 (Enabled)
0 (Disabled) or 1 (Enabled)
0 (Disabled) or 1 (Enabled)
0 (Disabled) or 1 (Enabled)
SSE-0000060806-05
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
No
MODE
bypass authentication
SSE-0000060806-05
Yes
No
77
1 (Enabled)
The default screen invites the user to enter his numerical identifier.
Please enter ID
3563_
VAL
NOTE:
Key
COR
78
SSE-0000060806-05
SSE-0000060806-05
79
1 for Wiegand
2 for Dataclock
This mode requires an external card reader that will send the users ID to
authenticate to the MorphoAccess Wiegand or Dataclock input.
The default screen invites the user to pass his badge so the external
reader sends the user ID to the MorphoAccess Wiegand or Dataclock
input.
Pass your badge
For Authentication
Please
SSE-0000060806-05
If the identifier sent by the reader is not present in the local database,
authentication is not launched.
User not found in
current database
64235
SSE-0000060806-05
81
NOTE:
1-128
0.0
1.0
2.n
3.n
4.0
n.m
n.m
n.m
RFU.
0.0
1.0
2.n
3.n
4.0
stop format
(before v2.00:
stop)
site format
(before v2.00:
site)
ID format
(before v2.00:
ID)
custom format
(before v2.00:
custom)
START
SITE
10
11
12
23
ID
8 bits
82
24
25
STOP
16 bits
1
STOP bit calculation range
SSE-0000060806-05
1 (Enabled)
1 (Enabled)
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
No
MODE
bypass authentication
Yes
No
1 (Enabled)
1 (Enabled)
1 (Enabled)
1 for Wiegand
2 for Dataclock
SSE-0000060806-05
83
1 (Enabled)
1 (Enabled)
CARD
PK1
PK2
PIN
BIOPIN
No
No
No
No
MODE
bypass authentication
Yes
No
1 (Enabled)
1 (Enabled)
1 (Enabled)
84
1 (binary data)
SSE-0000060806-05
The terminal read Card UID on card and works as a smart card
reader
This feature is available since 2.09 firmware release
In this configuration the MorphoAccess reads the card UID (when the
contactless card complies with ISO/IEC 14443 type A card), and send it
without verification.
Disabling biometric control (biometric control result is positive), enabling
contactless card authentication
app/bio ctrl/bypass authentication
1 (Enabled)
1 (Enabled)
1 (Enabled)
1 (Card UID)
Includes CARDSN:STD; string,
or CARDSN:REV; string if the bytes of
the Card UID must be read in reverse
order.
The CARDDATA; string can be removed.
SSE-0000060806-05
85
Operating mode
Authentication
ID in card
ID in card
Card only
bypass authentication 1
authent ID contactless 1
Check ID on terminal
ID in card
bypass authentication 1
authent PK contactless 1
No ID check on terminal
Authentication
Card
bypass authentication 0
+ Biometric
authent PK contactless 1
ID on card and BIO in terminal
bypass authentication 0
authent ID contactless 1
86
Identification
Biometric only
identification 1
SSE-0000060806-05
Parameters
This mode can be configured using the Configuration Tool for example.
By default, the two attempts mode is activated.
Setting up the number of attempts
app/bio ctrl/nb attempts
The period between two attempts in identification (two attempts mode) can
be modified.
Setting up the identification timeout
app/bio ctrl/identification timeout
5 (1-60)
SSE-0000060806-05
10 (1-60)
87
3 (1-10)
2
3
4
5
88
FMR < 1%
FMR < 0.1%
FMR < 0.03%
Intermediate threshold
10
SSE-0000060806-05
SSE-0000060806-05
1 (0-2)
89
Presence detection
Terminals with fake finger detection option allow another presence
detection mode. Sensor off, a finger may be detected.
0 (default) Standard presence detection in identification mode. Sensor
LEDs are ON (MorphoAccess 500 without fake finger
detection standby state)
1
0 (0-1)
Failure ID
The administrator can choose the specific ID sent to Wiegand or
Dataclock interfaces when a fake finger was detected.
Setting up FFD failure ID
app/failure ID/FFD ID
90
65535 (0-65535)
SSE-0000060806-05
IDLE MODE
SSE-0000060806-05
91
Biometric sensor.
Those features can be activated again by using the remaining activated
features such as pressing the keyboard, receiving a distant command, and
so on.
It means, if only the backlight is deactivated, it can also be turned on by
putting a finger on the biometric sensor or by presenting a contactless
card in the antenna field.
92
SSE-0000060806-05
SSE-0000060806-05
93
PROXY MODE
Proxy mode is an operating mode where the Host System performs the access
control remotely.
94
SSE-0000060806-05
user identification,
user verification,
relay activation,
display a message,
SSE-0000060806-05
95
0 (Disabled)
0 (Disabled)
0 (Disabled)
0 (Disabled)
0 (Disabled)
96
0 (None)
0 (No)
0 (Disabled)
SSE-0000060806-05
APPLICATION CUSTOMIZATION
SSE-0000060806-05
97
Since software version 2.00 the configuration key path has been
modified. The previous set key value is preserved.
1 (Enabled)
To use this feature the local database must have been created with a
specific additional field. If this field does not exist activating this feature
will forbid the access to every user.
Please refer to MorphoAccess Host Interface Specification
understand how to create a database with time mask feature.
98
to
SSE-0000060806-05
MULTILINGUAL APPLICATION
The MorphoAccess can display texts in several languages. It is possible
to download a user defined language table. For more information about
this feature, refer to the MorphoAccess Host System Interface
Specifications.
Default language
app/G.U.I/default language
0 English (default)
1 Spanish
2 French
3 German
4 Italian
5 Portuguese
6 Arabic
7 Turkish
SSE-0000060806-05
99
DISPLAY HOUR
It is possible to display date and hour on terminal screen.
Display hour
app/G.U.I./display hour
100
14:25 DEC 10
SSE-0000060806-05
RESULT EXPORTATION
The MorphoAccess can export the result of the control to a Central Security
Controller, and can log the result in a local diary or directly command an access.
This section is only an introduction about the MorphoAccess interfaces. Please
refer to MorphoAccess Remote Messages Specification for complete details of
each interface.
SSE-0000060806-05
101
IP
RS485/422
Wiegand/Dataclock
Supported Protocols
The terminal can send messages about the biometric operations
performed by the MorphoAccess to a controller through the following
protocols:
Wiegand,
Dataclock,
RS485/422,
102
SSE-0000060806-05
RELAY ACTIVATION
If the control is successful, a relay may be activated to directly control a
door.
Relay activation
app/relay/enabled
1 (Enabled)
The relay aperture time can be defined and is set by default to 3 seconds
(i.e. 300).
Relay aperture time in 10 ms
app/relay/aperture time in 10 ms
300
(50 to 60000)
The default state of the relay can also be defined. By default, the relay is
opened when it is in idle state.
Relay default state
app/relay/relay default state
0 (Opened)
1 (Closed)
SSE-0000060806-05
103
1 (Enabled)
104
SSE-0000060806-05
LOG FILE
Enabling recording of all access request results in an internal log file
app/log file/enabled
1 (Enabled)
the result of the access control (granted or denied, and if denied for
which reason),
Depending on the configuration, when the 8000 records limit has been
reached, the MorphoAccess 500 Series terminal can:
105
LED IN ACTIVATION
Use this signal to wait a controller ACK before granting the access.
User ID
1 (Enabled)
When the ACS validates the control a timeout must be specified: it defines
the time during which the MorphoAccess will wait for an
acknowledgement signal from the ACS through LED IN signals.
LED IN acknowledgement timeout in 10 ms
app/led IN/controller ack timeout
300
(0 to 3000)
If the controller has only one LED signal dedicated to access authorized,
this signal must be connected to LED1 input. In this case access
forbidden signal will be based on a timeout. "controller ack timeout" value
must be defined as short as possible in a range corresponding to
controller reply delay.
A controller with distinct outputs (one for access forbidden, one for
access authorized) has to be connected to LED1 and LED2 I/O board
106
SSE-0000060806-05
SECURITY FEATURES
SSE-0000060806-05
107
Alarm message
IP (UDP, TCP, SSL)
RS485/RS422
Wiegand
DataClock
app/send ID wiegand/enabled,
app/send ID dataclock/enabled,
app/send ID serial/enabled,
108
SSE-0000060806-05
app/send ID serial/mode (to select RS422 or RS485 link),
app/send ID UDP/enabled,
app/tamper alarm/level
0 No Alarm.
1 Send Alarm (No Sound Alarm).
2 Send Alarm and Activates Buzzer (Sound Alarm)
The key app/failure ID/alarm ID defines the value of the alarm ID to send
to Wiegand or Dataclock. This ID permits to distinguish between a user ID
and an error ID. To be validated, key app/failure ID/enabled must be set
to 1.
Tamper Alarm ID
app/failure ID/alarm ID
65535 (0 65535)
app/failure ID/enabled
1 (Enabled)
In Wiegand and Dataclock the alarm ID is sent like other Failure Ids. See
the documentation MorphoAccess Remote Messages Specification for a
description of the packet format in UDP and RS485.
Examples
Example 1: Send an alarm ID (62221) in Wiegand, and play sound
warning, in case of intrusion detection.
To send an alarm in Wiegand, the key app/send ID wiegand/enabled must
be set to 1, and the key app/tamper alarm/level must be set to 2 (alarm
and buzzer).
The key app/failure ID/alarm ID must be set to 62221 to link the intrusion
event to this identifier and the key app/failure ID/enabled must be set to 1.
Example 2: Send an alarm in UDP quietly in case of intrusion
detection.
To send an alarm in UDP, the key app/send ID UDP/enabled must be set
to 1.
Then the key app/tamper alarm/level must be set to 1 (quiet alarm.)
SSE-0000060806-05
109
PASSWORDS
Two passwords protect the system:
the Terminal Configuration Password protects the MorphoAccess
local administration and controls devices settings,
the User Management Password is required to access to local
database: it protects the Enrolment Application and the Log Viewer
Application.
Both default passwords values are 12345.
If a password is forgotten, contact the hotline. Then it is strongly
recommended to put the new password in a safe place.
110
SSE-0000060806-05
MESSAGES SENDING
This section describes how the MorphoAccess 500 Series terminal can send
messages to another entity. Those messages are different than the result exportation
(cf. Result exportation).
SSE-0000060806-05
111
PRINCIPLE
When specific events occurred during the MorphoAccess access control
applications working, some messages can be generated and sent to
another physical entity.
The events that produce messages sending are:
112
SSE-0000060806-05
EVENTS
The messages sending process is customizable using two configuration
files:
Events.cfg
Remotemsg.cfg
This section only details the events.cfg file.
The terminal allows choosing which event generates a message to send.
By default, every event generates a message.
Events mask
FFFFFFFF
Events/general/active
0
(No sending attempt)
SSE-0000060806-05
113
SENDING INTERFACES
This section only details the remotemsg.cfg file.
The terminal allows choosing the number of interfaces that will be
available for the messages sending process (cf. Events).
By default, no interface is available.
Number of available interfaces
Remotemsg/interface/nb interfaces
Communication layer
Protocol used
114
SSE-0000060806-05
APPENDIX
SSE-0000060806-05
115
116
SSE-0000060806-05
Activation
To activate this feature, several parameters have to be set:
The
events
that
generates
messages
sending
(key
/events/general/active),
Stopping
The synchronization cannot be cancelled. The process stops either when
the host system confirms the synchronization message reception, or when
every attempt to send that message has failed.
SSE-0000060806-05
117
MA 200/300 Series
MA 500 Series
Identification
/cfg/Maccess/Admin/mode 0
app/bio ctrl/identification 1
/cfg/Maccess/Admin/mode 3 or
/cfg/Maccess/Admin/mode 5
app/bio ctrl/identification 1
(multi-factor mode)
Contactless authentication: Biometric verification
/cfg/Maccess/Contactless/without
DB mode 2
/cfg/Maccess/Admin/mode 3 or
/cfg/Maccess/Admin/mode 5
app/bio ctrl/identification 1
(multi-factor mode)
Contactless authentication: ID only, no biometric verification
/cfg/Maccess/Contactless/without
DB mode 1
/cfg/Maccess/Admin/mode 3 or
/cfg/Maccess/Admin/mode 5
app/bio ctrl/identification 1
(multi-factor mode)
118
SSE-0000060806-05
MA 200/300 Series
MA 500 Series
app/bio ctrl/authent
source 1 or 2
remote
ID
app/bio ctrl/identification 0
app/bio ctrl/authent card mode 0
app/bio ctrl/authent PK contactless 0
app/bio ctrl/authent ID contactless 0
app/bio ctrl/authent ID keyboard 0
app/bio ctrl/control PIN
SSE-0000060806-05
119
Authent PK
contactless
Authent ID
contactless
Bypass
authentication
Operation
Authent card
mode
120
SSE-0000060806-05
ID
CARD
PK1
PK2
PIN
BIOPIN
MODE
Yes
No
No
No
No
No
Yes
No
Yes
Yes
No
No
Card mode
(ID_ONLY)
authentication
Yes
Yes
No
No
No
No
Card mode
(PKS)
authentication
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Yes
No
No
No
No
Yes
Yes
Yes
No
No
BIOPIN check
Yes
No
No
No
No
Yes
PIN check
Yes
No
No
No
Yes
No
SSE-0000060806-05
121
FAQ
Sensor is off
Check that the base contents at least one record.
Check that identification mode is enabled.
122
SSE-0000060806-05
RELATED DOCUMENTS
Administrator Information
MorphoAccess 500 Series User Guide
This document describes operating mode and terminal settings
MorphoAccess Parameters Guide
The complete description of terminal configuration files and registry keys
This document gives also parameters default values
MorphoAccess 500 Series Configuration Application User Guide
This document describes the configuration application processing
MorphoAccess 500 Series Enrolment application User Guide
This document describes the local enrolment process and features
MorphoAccess 500 Series Log viewer User Guide
This document describes the log viewer process and features
Installation Information
MorphoAccess 500 Series Installation Guide
This document describes installation operating and MorphoAccess 500
Series interfaces features
Developer Information
MorphoAccess Host Interface Specification
A complete description of remote management commands
MorphoAccess Remote Messages Specification
Details how the MorphoAccess sends the access control result to a
Central Security Controller
SSE-0000060806-05
123
Support Tools
Configuration Tool User Guide
Configuration Tool user guide, via IP
USB Tool User Guide
Configuration Tool user guide, via USB key
MorphoAccess Upgrade Tools User Guide
Upgrade Tool user guide about firmware upgrading procedures
Licence Manager User Guide
Download a licence in MorphoAccess using Licence Manager.exe PC
application
124
SSE-0000060806-05
CONTACTS
SSE-0000060806-05
125
SUPPORT
Customer service
Sagem Scurit
SAV Terminaux Biomtriques
Boulevard Lnine - BP428
76805 Saint Etienne du Rouvray
FRANCE
Phone: +33 2 35 64 55 05
Hotline
Sagem Scurit
Support Terminaux Biomtriques
18, Chausse Jules Csar
95520 Osny
FRANCE
hotline.biometrics@t.my-technicalsupport.com
Phone: +33 1 58 11 39 19
http://www.biometric-terminals.com/
Copyright 2009 Sagem Scurit
http://www.sagem-securite.com/
126
SSE-0000060806-05