MorphoAccess TM 500 Series User Guide Produced by SAGEM Sécurité Copyright ©2007 SAGEM Sécurité www.sagem-securite.
SAGEM Sécurité document.
Table of content INTRODUCTION 552 CAUTION 662 MORPHOACCESSTM PRESENTATION 882 INTERFACES PRESENTATION SYSTEM SYNOPTIC TERMINAL PRESENTATION ACCESS CONTROL PRESENTATION SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER 992 11112 13132 15152 19192 TERMINAL CONFIGURATION 21212 EASY SETUP ASSISTANT ADMINISTRATION MENU UNDERSTANDING MORPHOACCESSTM CONFIGURATION MODIFYING A PARAMETER USING THE CONFIGURATION APPLICATION CONFIGURING A NETWORKED MORPHOACCESSTM UPGRADING THE FIRMWARE DOWNLOADING A LICENCE
PROXY MODE 72722 PROXY MODE (OR SLAVE) PRESENTATION PROXY MODE ACTIVATION 73732 74742 APPLICATION CUSTOMIZATION 75752 SETTING UP TIME MASK MULTILINGUAL APPLICATION 76762 77772 RESULT EXPORTATION 78782 REMOTE MESSAGES: SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER RELAY ACTIVATION LOG FILE LED IN ACTIVATION 79792 80802 81812 82822 SECURITY FEATURES 83832 TAMPER SWITCH MANAGEMENT PASSWORDS 84842 86862 ANNEX 87872 MORPHOACCESSTM 220 320 COMPATIBILITY CONTACTLESS MODES TABLE REQUIRED TAGS
INTRODUCTION Congratulations for choosing the SAGEM MorphoAccess™ 500 Automatic Fingerprint Recognition Terminal. MorphoAccessTM 500 Series provides an innovative and effective solution for access control applications using Fingerprint Verification or/ and Identification. Among a range of alternative biometric techniques, the use of finger imaging has significant advantages: each finger constitutes an unalterable physical signature, which develops before birth and is preserved until death.
CAUTION Europe information: SAGEM hereby declares that the SAGEM MorphoAccess™ has been tested and found compliant with the following listed standards as required by the EMC Directive 89/336/EEC: EN55022 (1994) / EN55024 (1998), EN300-330 (1999) and by the low voltage Directive 73/23/EEC amended by 93/68/EEC: EN60950 (2000). Caution: The MA500 terminal is a Class A device. In a residential environment, this device may cause interference.
• Reorient or relocate the receiving antenna. • Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. Canadian information: NOTE : Industrial Canadian certificates are pending. This Class B (MA520, MA521, OMA520, OMA521) or Class A (MA500) digital apparatus complies with Canadian ICES-003.
MORPHOACCESSTM PRESENTATION MorphoAccessTM is a fingerprint identification device for physical access control, time and attendance offering both multi-factor verification and identification capabilities with unequaled level of performance. 8 SAGEM Sécurité document.
INTERFACES PRESENTATION Man-machine interface The MorphoAccessTM 500 offers a simple and ergonomic man-machine interface dedicated to access control based on fingerprint recognition: A high quality optical scanner to capture fingerprints (1), A multicolor led (2), A multi-toned buzzer, A MifareTM contactless reader on 520 families terminal to read reference templates from a contactless card (3), A keyboard for time and attendance purpose, configuration and PIN code (4), A 128x64 display (5).
Electrical interfaces The terminal offers multiple interfaces dedicated to administration and control information: A multiplexed Wiegand / DataClock output to export user identifier to a controller (1), A RS422 or RS485 output (2), A LED signal output (3), Two LED IN inputs to improve integration in an Central Security Controller (4), A relay to directly command an access (door lock) (5), A tamper switch to detect that the back cover has been removed (6), A multiplexed Wiegand / DataClock input to receive u
SYSTEM SYNOPTIC Typical architecture including a MorphoAccess™, a Host System and a Central Security Controller MorphoAccess™ biometric database management The management of the MorphoAccess™ internal biometric database can be done either locally (through the terminal Man Machine Interface), or remotely by a Host System (typically MEMSTM).
• Unlike the Stand Alone Mode in Proxy Mode the terminal is remotely operated by a host application that sends individual commands to the MorphoAccess™. MorphoAccess™ result sending When the biometric identification is positive, the person ID can be sent to a Central Security Controller, for further action such as opening doors.
TERMINAL PRESENTATION A MorphoAccessTM 500 is running with 4 applications dedicated to a given need. MACCESS This is the main application, dedicated to biometric control. It is possible to leave this application to launch other application. The current User Guide details the application features. ENROLMENT This application allows enrolling users in the terminal when MorphoAccessTM is not connected to an external network (Local management mode).
Multi-applicative architecture synthesis 14 SAGEM Sécurité document.
ACCESS CONTROL PRESENTATION The MorphoAccessTM works according two biometric recognition modes: identification or authentication. Identification and authentication can be activated at the same time (multi-factor mode). Identification (1 vs. N) The captured fingerprint is matched against a database – 1 vs. N. Biometric templates are stored in terminal local database.
Authentication with reference templates in card (1 vs. 1) The captured fingerprint is matched against a reference template – 1 vs. 1. User biometric templates are stored on a contactless card. If the user is matched the ID is returned to the Central Security Controller. If the user is not recognized a no-match message is sent to the Central Security Controller. See section Access Control By Authentication. 16 SAGEM Sécurité document.
Authentication with reference templates in terminal (1 vs. 1) The captured fingerprint is matched against a reference template – 1 vs. 1. User minutiae are stored into the local database. In this case the user identifier is used as a key to find the minutiae. The user identifier can be sent through Wiegand, DataClock, typed on keyboard or stored on a contactless card.
Proxy mode Proxy Mode is not strictly speaking a recognition mode. In this mode, the MorphoAccessTM works as a slave waiting for external commands such as: Identification, Verification, Relay activation, Read data on a contactless card, … TCP-IP Proxy commands: Identification Verification Relay activation Read card … Chapter Proxy mode gives more information about remote management. Please refer to MorphoAccess™ Host System Interface Specification for a complete description of command.
SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER If the user has been recognized, the terminal may trigger the access or returns the corresponding ID to the Central Security Controller. Welcome John Doe IDENTIFIED If the user has not been recognized, the terminal can return the failure to Central Security Controller. NOT IDENTIFIED Please retry Control result: RS485/422 Wiegand DataClock Ethernet Various messages or interfaces can be activated to send or store the control result.
Ethernet Id Emission The ID of the recognized user can be sent through the Ethernet link. The administrator may set the port and defined the protocol. RS485/422 Control information can be sent through RS485/422 link. Local Diary (log) A local file will store logs. This diary can be downloaded by the Host System or consulted on the terminal. 20 SAGEM Sécurité document.
TERMINAL CONFIGURATION This chapter details how to configure the MorphoAccessTM. A parameter can be changed directly on the terminal or remotely through a network. A “first start assistant” named “Easy Setup” helps the administrator to define quickly a configuration “plug’n play” with an existing physical Access Control System. SAGEM Sécurité document. Reproduction and disclosure forbidden.
EASY SETUP ASSISTANT Assistant initialization When the MorphoAccessTM starts for the first time an “assistant” helps the administrator to configure easily the main functions. EASY SETUP GREEN: VALID YELLOW: CORR., NEXT RED: ABORT, PREVIOUS NEXT Key validates the choice. Key goes to next step. Key returns to previous step. Language selection It is possible to choose the language of the application among installed languages.
Network settings Static or dynamic configuration It is possible to choose between static or dynamic network configurations. DHCP 1 – Enable [●] 2 – Disable [ ] DHCP disabled If DHCP is disabled following parameters must be set: IP address, Network mask, Default gateway. ENTER IP ADDRESS 10.10.161.3_ VALID DHCP enabled With DHCP only the terminal hostname on the network is required.
MorphoAccessTM 500 can only be configured in identification mode (other modes could be configured later). MorphoAccessTM 520 can be configured in identification mode, contactless authentication or multi-factor mode (identification and contactless authentication modes are merged ). Output interface Last step allows defining the interface required to export the control result.
Password configuration Last step consists in changing the passwords. PASSWORDS 1 – Terminal Config. 2 – User Management 3 – Reset User Mgt. 4 – Next Select 4 – Next to leave the assistant. The terminal must reboot to apply the changes. EASY SETUP END REBOOT THE TERMINAL? NEXT ABORT Press NEXT to reboot the terminal. Press ABORT to return to password management. Restarting “Easy Setup” MorphoAccessTM “Easy Setup” can be restarted using the End Menu. SAGEM Sécurité document.
ADMINISTRATION MENU Access to Administration Menu Place your finger for Identification Please The main application can be interrupted using the escape sequence. Hit the following keys in sequence: , then . If the biometric database is not empty, the terminal accepts a finger registered as administrator instead of the valid User Management Password Code. By default User Management Password is “12345”.
Information Menu MA5XX APPLICATION 1 – Information 2 – Settings 3 – More functions… Select Information to access to terminal and sensor information: INFORMATION 1 – Terminal Info 2 – Sensor Info Terminal information Select Terminal Info to access to the following information: Terminal information Description Example 1 – Type Terminal type 520 2 – Serial Number Terminal serial number 053535353A 3 – Soft. Version Terminal main software V01.20.
Sensor information Select Sensor Info to access to the following information: 28 Sensor information Description Example 1 – Product Info MSO Biometric product information (type, licence, serial number, ID) MSO300 MSO_MA_IDENTLITE OEM SN: 0709F151008 OEM ID: 25194664 2 – Sensor Info Sensor information (flash size, serial number, ID) Flash: 4096 Ko SN: 0710A010026 ID: 25115841-4 3 – Soft. Info Sensor software version MSO V08.01.d-C SAGEM Sécurité document.
UNDERSTANDING MORPHOACCESSTM CONFIGURATION Presentation MorphoAccessTM parameters are stored into files organized in sections and values. For example a file named “app.cfg” contains all the parameters defining the main application settings. [bio ctrl] identification=1 nb attempts=2 … [log file] enabled=1 … Configuration organization The application creates several files: app.cfg, adm.cfg, bio.cfg, net.cfg, fac.cfg, The app.cfg file contains the application settings, adm.
Notation In this manual a parameter is presented using this formality: “Short parameter description” file/section/parameter Value For example to activate recognition mode based on identification this key must be set to 1: Access control by identification app/bio ctrl/identification 30 SAGEM Sécurité document.
MODIFYING A PARAMETER USING THE CONFIGURATION APPLICATION The Configuration Application allows changing a parameter directly on the terminal. You must exit a possible running application to display the application selection menu. If the main application is running, it must be quit using the escape sequence: , then . Then enter the Terminal Configuration Password to access to the Administration Menu. Select “Quit” to exit the Access Control application. to display the functions menu.
Changing a parameter A main menu allows selecting the file to modify. FILE SELECTION 1 − bio 2 − app 3 − adm 4 − exe When a file has been selected it is possible to choose a section. [APP] 1 − bio ctrl 2 − contactless 3 − relay 4 − send ID UDP The parameter list contains all parameters available in a section. [APP]/BIO CTRL 1 − authent ID keyboard 2 − identification 3 − authent card mode 4 − nb attempts It is possible to display parameter one by one in a given section.
Binary choice [app]/bio ctrl authent ID keyboard True [●] False [ ] IP address [app]/send ID udp host address 134. .1 .32 .214 SAGEM Sécurité document. Reproduction and disclosure forbidden.
CONFIGURING A NETWORKED MORPHOACCESSTM Introduction A PC (running with MEMSTM for example) connected to a MorphoAccess™ can manage the terminal. Available remote operations are: Biometric template addition, Control settings modification, Configuration reading, Local database deletion, Record deletion, Control diary downloading, Firmware upgrade. The PC acts as a client for the MorphoAccess™.
Network factory settings By default the terminal IP address is 134.1.32.214. This address can be changed through Ethernet or with the Configuration Application. The default server port is 11010. Modifying a key using “configuration tool” Configuration Tool allows changing parameters. This program is an illustration of utilization of the TCP API. Please refer to Configuration Tool User Guide for more information about this program. SAGEM Sécurité document. Reproduction and disclosure forbidden.
UPGRADING THE FIRMWARE It is possible to upgrade your MorphoAccessTM firmware through Ethernet. Two package types are available. One dedicated to terminal system, another one dedicated to biometric library. Use the Downloader to upgrade your terminal system. Use the BioLoader to upgrade your terminal biometric library. Please refer to the MA500 Series Upgrade Tools User Guide for more information about upgrade procedures. 36 SAGEM Sécurité document.
DOWNLOADING A LICENCE By default the MorphoAccessTM can match a fingerprint against 3000 users database. This database configuration corresponds to a basic licence (MSO_MA_IDENTLITE). MA-Xtended licence (MSO_MA_IDENTPLUS) allows to extend MorphoAccessTM recognition capabilities to 5 databases of 10 000 users (2 fingers per user).
Upgrade to MA-Xtended licence (1/2): obtaining device serial number The MorphoAccess™ 500 must be connected to a LAN. Launch the Terminal Licence Manager tool, connect MorphoAccess™ and retrieve the terminal device serial number. Device serial number has the following format “OEM ID-OEM SN”. Copy this string to the “clipboard”. 38 SAGEM Sécurité document.
Upgrade to MA-Xtended licence (2/2): downloading a MA-Xtended licence Connect to our customer support ds.com/biometrics-customersupport. web site: https://www.sagem- In the licence generator section enter your customer login and password. Xtended licence corresponds to MSO_MA_IDENTPLUS licence. Select this licence and copy the device serial number. You will receive obtain your licence number by email. You have to introduce the licence data send by the web server in the dialog box (Step 2).
The software confirms the operation with TM the following dialog box (the license is now loaded in your MorphoAccess device) or signals a problem with a dialog box. The display of the base number ‘00’ display on the MorphoAccess™ screen means the license “MSO_MA_IDENTPLUS” has been correctly set. 40 SAGEM Sécurité document.
STAND ALONE MODES (NETWORKED OR NOT CONNECTED) The MorphoAccessTM works according two biometric recognition modes: identification or authentication. Identification and authentication can be activated at the same time (multi-factor mode). In Stand Alone Mode the terminal can operate two applications: Access Control or Time & Attendance. SAGEM Sécurité document. Reproduction and disclosure forbidden.
PRELIMINARY: ADDING A BIOMETRIC TEMPLATE IN LOCAL DATABASE The management of the MorphoAccess™ internal biometric database can be done either locally (through the terminal Man Machine Interface), or remotely by a Host System. These two exclusive management modes are defined as the: • Local management mode • Remote management mode Local enrolment The local database can be exported ciphered to other MA5xx devices using a USB key. The Enrolment Application is dedicated to this function.
MACCESS APPLICATION: ACCESS CONTROL OR TIME & ATTENDANCE MorphoAccess™ application can be configured to work in physical access control mode or in time and attendance mode. In this configuration, MorphoAccessTM events logged can be enriched with some attendance information (entry, exit...). When the time attendance feature is activated the main screen may display 2 or 4 functions.
When entering, the user has to press key When exiting, the user has to press key to log his entry time. to log his exit time. For particular uses such as temporary absences, two additional functions corresponding to function keys 2 and 3 can be displayed. After selection, the MorphoAccessTM switches in biometric mode (identification or authentication). The selected function is written in the log file and sent to the host. can be If the user has selected the wrong operation (IN/OUT...
ACCESS CONTROL BY IDENTIFICATION Access control by identification app/bio ctrl/identification 1 To configure MorphoAccessTM terminal in this mode, set the parameter app/bio ctrl/identification to 1. After starting the MorphoAccessTM terminal waits for fingerprint detection in identification mode. The sensor is lighted on. Place your finger for Identification Please The user can present a finger to launch identification process.
If the terminal is running in identification mode with an empty database, the sensor is off and the following screen is displayed. Empty Database Please contact Administrator Disabling identification Set app/bio ctrl/identification to 0 to disable identification (Proxy Mode). 46 SAGEM Sécurité document.
ACCESS CONTROL BY IDENTIFICATION (MA-XTENDED LICENCE LOADED) It is possible to increase MorphoAccess™ 500 biometric database size thanks to a licence (MA-Xtended licence): the MorphoAccess™ then manages 5 bases of 10 000 users. Access control by identification with MA-Xtended licence app/bio ctrl/identification 1 To configure MorphoAccess™ terminal in this mode, set the parameter app/bio ctrl/identification to 1 and verify that MA-Xtended licence has been loaded.
Database numeration MA-Xtended licence extends biometric database capacity from 1 base of 3000 users to 5 bases of 10000 users. In this configuration the user must select his database number (from 0 to 4) before presenting a finger to launch identification process. For user convenience MorphoAccess™ 300 series it is also possible to activate a “16 databases mode”. In this mode the user selects a database number between 0 and 15, and presents a finger to launch identification process.
MEMS™ will automatically associates the user to the right base. For example a user stored into database 4 on a MorphoAccess™ 300 will be stored into database 1 on a MorphoAccess™ 500. SAGEM Sécurité document. Reproduction and disclosure forbidden.
INTRODUCTION TO CONTACTLESS AUTHENTICATION Various recognition modes can be applied depending on the templates location (card or terminal database) and the required security level. This mode supposes that the user swipes a MifareTM card containing some structured data (identifier, biometric templates, PIN code)... Data are localized on the card by a block (“B” parameter) and are protected by a key (defined by “C” parameter).
Contactless authentication can be combined with a local identification (multi-factor mode). SAGEM Sécurité document. Reproduction and disclosure forbidden.
AUTHENTICATION WITH BIOMETRIC TEMPLATES ON CARD Authentication with biometric templates on contactless card app/bio ctrl/authent PK contactless 1 MorphoAccessTM 520 can work in contactless authentication mode: the user presents its card, the terminal reads the reference biometric templates on the card and launches a biometric control based on the read templates. In this case the card will contain the user identifier and biometric templates: no local database is required.
PIN VERIFICATION – PIN STORED ON CARD If a reference PIN code is stored on the card it is possible to check this code before controlling the fingerprints. PIN code verification app/bio ctrl/control PIN 1 To trigger authentication, user should present his card to the terminal. Please Present Contactless Smart Card If card contains a PIN code, user is invited to enter his PIN code.
BIOPIN VERIFICATION - BIOPIN STORED ON CARD In this mode the card should contain a BIOPIN code. The goal of this code is to replace fingerprints authentication by BIOPIN code verification. BIOPIN code verification app/bio ctrl/control BIOPIN 1 To trigger the BIOPIN code verification, user should present his card to the terminal. If card contains user BIOPIN, user is invited to enter it.
AUTHENTICATION WITH BIOMETRIC TEMPLATES IN LOCAL DATABASE In this mode only the ID is read on the card. If the ID exists in the biometric database, the MorphoAccess™ performs an authentication using the biometric templates associated to this ID. The ID can be stored into a TLV structure (typically a card encoded by MEMS™) or directly read at a given offset of the card (binary ID).
Required tags on card ID CARD PK1 PK2 PIN BIOPIN No No No No MODE authent ID contactless Yes No Note: a database must exist in the terminal. Binary identifier, non-structured data Contactless authentication with templates on local database app/bio ctrl/authent ID contactless 1 In this mode the identifier is read at a given offset on the card and is supposed to be binary. No TLV structure is required on the card. This mode is useful for using the card serial number as an identifier.
AUTHENTICATION BASED ON CARD MODE Contactless authentication with card mode app/bio ctrl/authent card mode 1 In this mode the card decides on the control progress. The CARD MODE tag is required. This tag can take several values: PKS [0x02]: user identifier, template 1 and template 2 are required on the card. Biometric authentication is triggered with biometric templates. If a BIOPIN is present instead of templates, BIOPIN is controlled. ID_ONLY [0x01]: only the user identifier is required.
Required tags on card if CARD MODE tag value is PIN_CODE. ID CARD PK1 PK2 PIN No No Yes BIOPIN MODE authent card mode (PIN_CODE) Yes Yes No Required tags on card if CARD MODE tag value is PIN_THEN_PKS. ID CARD PK1 PK2 PIN BIOPIN MODE authent card mode (PIN_THEN_PKS) Yes Yes Yes Yes Yes No authent card mode (PIN_THEN_PKS) (BIOPIN) Yes Yes No No Yes Yes Card structure is described in MorphoAccess™ Contactless Card Specification.
MULTI-FACTOR MODE This mode is the fusion of identification mode and contactless authentication without database mode. This mode allows: Performing an identification when user places his finger (operation identical to identification mode). Performing a contactless authentication when user swipes his contactless card (operation identical to contactless authentication without database mode). To trigger authentication, user should present his card to the terminal or place his finger on the sensor.
AUTHENTICATION WITH LOCAL DATABASE: ID ENTERED FROM KEYBOARD Biometric authentication with ID entered from keyboard app/bio ctrl/authent ID keyboard 1 In this mode the ID of the user is entered on the MorphoAccessTM keyboard. If the ID exists in the database (or in one of the five databases), the MorphoAccess™ performs an authentication using the biometric templates associated to this ID. The default screen invites the user to enter his numerical identifier.
If the corresponding ID exists in the terminal database, user is invited to place his finger for biometric authentication. Place your finger For Authentication Please If the authentication is successful, the terminal triggers the access or returns the corresponding ID to Central Security Controller. If the identifier is not present in the local database authentication is not launched.
AUTHENTICATION WITH LOCAL DATABASE: ID INPUT FROM WIEGAND OR DATACLOCK Biometric authentication: ID input from Wiegand or DataClock app/bio ctrl/authent remote ID source 1 for Wiegand 2 for DataClock This mode requires an external card reader that will send the ID of the user to authenticate to the MorphoAccessTM Wiegand or DataClock input.
If the identifier sent by the reader is not present in the local database authentication is not launched. User not found in current database 64235 Remark about MorphoAccess™ with MA-Xtended licence loaded A MorphoAccess™ with MA-Xtended licence loaded will scan the five biometric database to find the biometric templates associated to the ID.
Wiegand frame configuration It is possible to define the format of the Wiegand input and thus of the read identifier. Frame description is based on frame length (in bits), ID, site code position and size and party policy. RemarkNote: Since the software version 2.00.00 the configuration key name has been modified. The previous set key value is savedpreserved. Wiegand input parameters app/wiegand in/ frame length (before v2.00 : length) start format (before v2.00 : start) 1-128 0.0 1.0 2.n 3.n 4.
BYPASSING THE BIOMETRIC CONTROL IN AUTHENTICATION This mode requires only a user ID. This ID can be read on a smart card, entered on the keyboard or sent on Wiegand or DataClock input. The bypass authentication configuration key must be combined with an authentication mode. Activating this flag means that the biometric verification is bypassed.
The terminal works as a smart card reader. When combined authent PK contactless the MorphoAccessTM always authorizes the access: the MorphoAccessTM works as a simple MifareTM card reader. Disabling biometric control, access is always granted app/bio ctrl/bypass authentication 1 app/bio ctrl/authent PK contactless 1 Required tags on card ID CARD PK1 PK2 PIN BIOPIN No No No No MODE bypass authentication 66 Yes No SAGEM Sécurité document.
RECOGNITION MODE SYNTHESIS The MorphoAccessTM operating mode is driven by: The authentication or identification mode required: Card Only, Card + Biometric, Biometric only. Who defined the operating mode: Card or Terminal.
SETTING UP RECOGNITION STRATEGY Two attempts mode If the recognition fails, it is possible to give a “second chance” to the user. In identification mode if a bad finger is presented the user has 5 seconds to present a finger again. The result is sent if this period expires or if the user presents a finger again. In authentication mode, if the user presents a bad finger, he can replace his finger without presenting his card again. The result is sent only after this second attempt.
SETTING UP MATCHING PARAMETERS Setting up matching threshold bio/bio ctrl/matching th 3 (1-10) The performances of a biometric system are characterized by two quantities, the False Non Match Rate - FNMR - (also called False Reject Rate) and the False Match Rate - FMR - (also called False Acceptance Rate). Different trade-off are possible between FNMR and FMR depending on the security level targeted by the Central Security Controller.
FAKE FINGER DETECTION MA2x1 – MA3x1 compatibility - Password Default password is “12345”. (On MA2x1 and MA3x1 terminals, default specific password was “131664”.) SAGEM recommends strongly to the administrator to configure it with a different value, and specific at each customer. - Delay after fake finger detection The function associated to MA2x1 and MA3x1 /cfg/Maccess/Security Policy/Delay in 10ms configuration key is no more supported.
app/bio ctrl/presence detection 0 (0-1) Failure ID The administrator may chose the specific ID sent on Wiegand and DataClock interfaces when a fake finger is detected. Setting up FFD failure ID app/failure ID/FFD ID SAGEM Sécurité document. Reproduction and disclosure forbidden.
PROXY MODE In Proxy mode is an operating mode where the Host System performs the access control remotely. 72 SAGEM Sécurité document.
PROXY MODE (OR SLAVE) PRESENTATION This operating mode allows to control the MorphoAccessTM remotely (the link is Ethernet or RS422) using a set of biometric and databases management commands. In Proxy mode the access control is performed remotely by the Host System: MorphoAccessTM works as a slave waiting for external commands such as: User identification. User verification. Relay activation. Read data on a contactless smart card. Biometric database management. Terminal configuration changes.
PROXY MODE ACTIVATION Identification and authentication must be disabled. It means that all controls must be turned off: the terminal becomes a slave.
APPLICATION CUSTOMIZATION SAGEM Sécurité document. Reproduction and disclosure forbidden.
SETTING UP TIME MASK When using MEMSTM, a time mask feature is available. This mode enables the access according to its time mask. Time mask is defined by slots of 15 minutes over a week. Note: Since software version 2.00.00 the configuration key path has been modified. The previous set key value is preservedsaved. Time mask activation Since v2.00 : app/modes/time mask Before v2.00 : app/time mask/enabled 76 SAGEM Sécurité document.
MULTILINGUAL APPLICATION The MorphoAccessTM can display texts in six languages (including French, Spanish, German, Italian). It is possible to download a user defined string table. For more information about this feature, refer to the MorphoAccess™ Host System Interface Specifications. Default language app/G.U.I/default language 0 English (default) 1 Spanish 2 French 3 German 4 Italian 5 Portuguese INTL Language Generator allows defining the whole table. SAGEM Sécurité document.
RESULT EXPORTATION The MorphoAccessTM can export the result of the control to an Central Security Controller, and can log the result in a local diary or directly command an access. This section is only an introduction about the MorphoAccessTM interface. Please refer to MorphoAccess™ Remote Messages Specification for complete details of each interface. 78 SAGEM Sécurité document.
REMOTE MESSAGES: SENDING THE ID TO THE CENTRAL SECURITY CONTROLLER Presentation The MorphoAccessTM terminal can send status messages in real time to an Central Security Controller by different means and through different protocols. This information, called Remote Messages can be used, for instance to display on an external screen the result of a biometric operation, the name or the ID of the person identified… depending on the role of the controller in the system.
RELAY ACTIVATION If the control is successful, a relay may be activated to directly control a door. This installation type offers a low security level. Relay activation app/relay/enabled 1 The relay aperture time can be defined and is set by default to 3 seconds (i.e. 300). Relay aperture time in 10 ms app/relay/aperture time in 10 ms 300 (50 to 60000) 80 SAGEM Sécurité document.
LOG FILE MorphoAccessTM is logging its activities app/log file/enabled 1 The MorphoAccessTM can log its biometric activities. It stores the result of the command, the possible time and attendance function, date and time, the matching mark, the execution time, and the ID of the user. It is possible to download the diary file. For more information on this feature, refer to the MorphoAccess™ Host System Interface Specification. It is also possible to display the log file using the Logs Viewer Application.
LED IN ACTIVATION Use this signal to wait a controller “ACK” before granting the access. User ID LED1 to GND: Access authorized. LED2 to GND: Access refused. 1. If the user is recognized the MorphoAccessTM sends the user identifier to the controller. 2. The MorphoAccessTM waits for a GND signal on LED1 or LED2. A timeout can be defined. 3. The controller checks the user rights. 4. The controller sets LED1 to GND to authorize the access or sets LED2 to GND to forbid the access.
SECURITY FEATURES SAGEM Sécurité document. Reproduction and disclosure forbidden.
TAMPER SWITCH MANAGEMENT Alarm activation The MorphoAccessTM can detect two intrusion attempts type: • Someone tries to steal the complete terminal (opto-sensor is triggered). • Someone tries to open the terminal (tamper switch is triggered). The device can send an alarm to the central controller in case of intrusion. It can also play a sound alarm while sending the alarm. Note: either the tamper switch or the opto-sensor triggers the alarm.
Setting the key app/tamper alarm/level to an appropriate value configure tamper switch management feature. Tamper Alarm Level app/tamper alarm/level 0 (0 – 2) 0 No Alarm. 1 Send Alarm (No Sound Alarm). 2 Send Alarm and Activates Buzzer (Sound Alarm) The key app/failure ID/alarm ID defines the value of the alarm ID to send in Wiegand or DataClock. This ID permits to distinguish between a user ID and an error ID. To be validated, key app/failure ID/enabled must be set to 1.
PASSWORDS Two passwords protect the system: The Terminal Configuration Password protects MorphoAccessTM local administration and controls devices settings. The User Management Password is required to access to local database: it protects the Enrolment Application and the Log Viewer Application. Default password value is “12345”. If a password is lost terminal must be returned to SAGEM Sécurité. 86 SAGEM Sécurité document.
ANNEX SAGEM Sécurité document. Reproduction and disclosure forbidden.
MORPHOACCESSTM 220 320 COMPATIBILITY These tables present parameters equivalence between MA300/200 family. Multi-factor mode (/cfg/Maccess/Admin/mode 5 on 220 and 320) is activated when app/bio ctrl/identification is set to 1.
Contactless authentication: ID “only”, no biometric verification /cfg/Maccess/Contactless/without DB mode 1 app/bio ctrl/authent PK contactless 1 app/bio ctrl/bypass authentication 1 /cfg/Maccess/Admin/mode 3 or /cfg/Maccess/Admin/mode 5 app/bio ctrl/identification 1 (mutli-factor mode) Authentication: ID input from Wiegand or DataClock /cfg/Maccess/Admin/mode 1 app/bio ctrl/authent source 1 or 2 remote ID Jumper configuration defining the ID source (DataClock or Wiegand) Proxy mode /cfg/Maccess/A
Authent PK contactless Authent ID contactless Bypass authentication Operation Authent card mode CONTACTLESS MODES TABLE 0 0 1 0 0 1 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 0 0 1 Authentication with templates in database Read ID on contactless card. Retrieve corresponding templates in database. Biometric authentication using these templates. Send ID if authentication is successful. Authentication with templates on card Read ID and templates on contactless card.
REQUIRED TAGS ON CONTACTLESS CARD Operation ID CARD PK1 PK2 PIN BIOPIN MODE Authentication with templates Yes in database No No No No No Authentication with templates Yes on card No Yes Yes No No Card mode (ID_ONLY) authentication Yes Yes No No No No Card mode (PKS) authentication Yes Yes Yes Yes No No Authentication with templates Yes in database – biometric control disabled No No No No No Authentication with templates Yes on card – biometric control disabled No N
FAQ Sensor is off Verify that the base contents at least one record. Check that identification is enabled. Terminal returns erratic answers to ping requests Check the subnet mask. Ask to your administrator the right value. 92 SAGEM Sécurité document.
RELATED DOCUMENTS Administrator Information MA500 Series Installation Guide This document describes terminal electrical interfaces and connection procedures. MA500 Series Parameters Guide The complete description of terminal configuration files and registry keys. This document gives also parameters default values. Developer Information MorphoAccess™ Host Interface Specification A complete description of remote management commands.
Siège social : Le Ponant de Paris 27, rue Leblanc - 75512 PARIS CEDEX 15 - FRANCE
