manualshive.com logo in svg

Safran MorphoAccess SIGMA Series, Administration Manual, Page: 387 / 517

Share
Download
Safran MorphoAccess SIGMA Series Administration Manual Download Page 387

MorphoAccess® SIGMA Series - Administrator Guide 

 

Access Control by Authentication 

 

2017_2000025464-v03 

This document and the information therein are the property of Morpho. They must not 

be copied or communicated to a third party without the prior authorization of Morpho 

387

 

July 17 

 

 

 

Authentication process specified by User's card 

Description 

 

When  the  administrator  enables  this  mode,  the  conditions  for  allowing  access  are 
specified  by  a  dedicated  data  on  the  user’s  card.  This  implies  that  different 
authentication checks can be performed on the same terminal for different users, based 
on a ‘specific’ data present on the user’s card. Following are the possible authentication 
checks 

 

The  biometric  check  is  performed  with  the  reference  biometric  data  found  on  user’s 
card. 

 

The PIN check is performed with the reference PIN data found on user’s card. 

 

The PIN + biometric check is performed with the reference PIN + biometric data found 
on user’s card. 

 

The biometric check is disabled, and only the presence of the User ID on the user’s card 
is checked. 

A user’s card which disables the biometric control is useful when the biometric data capture is 
not required in case of a short term visitor, or impossible from physical or legal aspects. Such 
cards  can  be  encoded  without  user’s  presence  and  the  same  card  can  be  used  for  different 
visitors. The internal database of the terminal is not utilized in such case. 

Note: PIN check is applicable to MorphoAccess® SIGMA, SIGMA Lite+ and SIGMA Extreme Series 
terminals only. 

User’s data required in the terminal 

Since  this  authentication  mode  does  not  use  the  internal  database  of  the  MorphoAccess® 
SIGMA Family terminal, the administrator need not save any user specific data to the terminal 
database. 

 

User’s data required on the user’s card 

 

The administrator needs to choose a Card Type that can accommodate at least the User 
ID  (user’s  identifier)  as  well  as  the  data  that  determines  the  ‘type’  of  authentication 
method to be used. For example, if the administrator sets the PIN + biometric check as 
ON, the User biometric data of two fingers as well PIN must be encoded onto the user’s 
card. 

 

If  the  administrator  selects  the  biometric  check  as  ON,  it  must  be  ensured  that  the 
biometric data of two fingers of the user, must be encoded onto the user’s card. 

Summary of Contents for MorphoAccess SIGMA Series

Page 1: ...COPYRIGHT 2016 2017 Morpho Osny France MorphoAccess SIGMA Family Administration Guide ...

Page 2: ...ectronic or mechanical including photocopying or recording for any purpose without the express written permission of Morpho This legend is applicable to all pages of this document This manual makes reference to names and products that are trademarks of their respective owners PROPRIETARY RIGHTS This document contains information of a proprietary nature to Morpho and is submitted in confidence for ...

Page 3: ...inistration Guide 2015_2000010196_v8 MorphoAccess SIGMA Lite Series Administrator Guide 02 June 2017 OSDP support added Seos card support added Note about partionned usb key that should not be used Note about encoding card with only one finger that is not supported Note about encoded name and first name that are limited to 20 caracters Note about the behavior during second biometric attempt with M...

Page 4: ...G THE TERMINAL TO A PC 22 General 23 Why would one connect the terminal to a PC 23 Connection methods 23 Network parameter initialization 23 Point to Point Ethernet Connection 24 Connection through only one Ethernet switch 25 Connection through a LAN 26 Description 26 LAN with DNS Server 26 LAN without DNS Server 27 Static IP address DHCP disabled 27 Dynamic IP address DHCP enabled 27 Wi Fi Networ...

Page 5: ...ce T A license 39 Basic Licenses 39 Getting a license for a MorphoAccess SIGMA Family terminal 39 Checking licenses installed in the terminal with license manager application 39 Installing a new license 42 Terminal Firmware Upgrade 43 How to get latest version of firmware 43 How to upgrade the firmware 43 Firmware upgrade using a USB Mass Storage Key 43 Firmware upgrade tool for expert users 43 Mo...

Page 6: ...r Enrolment in Card Database 100 Update User Information 102 Authenticate User 105 Delete User 106 Card Manager 111 Multimedia menu 146 Audio Settings 147 Video Settings 150 Images Settings 153 System Menu 156 Terminal Configurations 157 Network Time Protocol Server NTP Server 160 Transaction Log 178 Miscellaneous Settings 184 Web Server 188 Error Log Configuration 189 Sensor Log Configuration 191...

Page 7: ...e 262 Export Data in USB Mass Storage Device 265 How to Export View Transaction Logs 266 How to Export Error Logs 269 How to Export User Database 271 How to Export Contectless key 273 Information Menu 276 View Device Details 277 View Firmware Information 279 View Sensor Revision Information 280 View Communication Parameters 281 View Memory Status 284 View User Status 285 View Transaction Log Statu...

Page 8: ... SECTION 9 USB SCRIPTS 343 USB Scripts 344 SECTION 10 ACCESS CONTROL 345 Access control presentation 346 Typical architecture of an access control system 346 Typical access control process 347 Preliminary adding a biometric template in local database 348 MorphoAccess SIGMA Family terminal operating modes 349 Standalone mode or Slave mode 349 Standalone mode Identification and or Authentication 349...

Page 9: ...contactless cards validated 361 Authentication Process Options 363 Manual bypass of biometric control 363 Automatic bypass of biometric control 365 Result of access control check 365 Compatibility with Access Control Systems 365 Selection of user s contactless card type MIFARE and or DESFire 366 Biometric check biometric data on user s card 368 Description 368 User s data required in the terminal ...

Page 10: ... from Wiegand or Clock Data 378 Description 378 Activation key 378 Wiegand Frame Configuration 380 Site code Propagation 381 Wiegand frame example 26 bits 381 No biometric check no User ID check 382 Description 382 User s data required in the terminal 382 User s data required on the user s card 382 Activation key 383 User Interface 383 No biometric check User Identifier in the database 384 Descrip...

Page 11: ...h Webserver 402 SECTION 16 THREAT LEVEL CONFIGURATIONS 405 Threat Level Configuration 406 Threat Level Configuration through Webserver 406 SECTION 17 TIME AND ATTENDANCE CONFIGURATION 408 Time and Attendance Synoptic 409 T A Mode in MorphoAccess SIGMA Lite Series 411 T A Mode Mandatory or Optional Scenarios 415 Time and Attendance configuration through Webserver 416 T A Mandatory Mode Work Flow Di...

Page 12: ...5 POLLING MODE 456 Presentation of Polling mode 457 Process 457 Polling mode activation 458 SECTION 26 MESSAGES SENDING 459 Principle 460 Events 461 Sending Interfaces 462 SECTION 27 COMPATIBILITY WITH AN ACCESS CONTROL SYSTEM 463 Internal Relay activation on Access Granted result 464 Description 464 Activation key 465 Configuration key 466 External activation of the internal relay 467 Description...

Page 13: ...ITY ACCESSORIES SOFTWARE LICENSES AND SOFTWARE APPLICATIONS 486 Compatible Accessories Software Licenses 487 Compatible software applications 488 SECTION 30 RECOMMENDATIONS 489 Warning 490 General precautions 490 Areas containing combustibles 490 Specific precautions for terminals fitted with a contactless smartcard reader 490 SD card 491 Ethernet connection 491 Date Time synchronization 491 Clean...

Page 14: ... Guide Introduction 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 14 July 17 Section 1 Introduction ...

Page 15: ...loped before birth and preserved until death Unlike DNA a finger image is unique for each individual even identical twins The MorphoAccess SIGMA Family Series terminals integrate Morpho image processing and feature matching algorithms This technology is based on lessons learned during 25 years of experience in the field of biometric identification and the creation of literally millions of individu...

Page 16: ...strator can learn about access control processes compatibility with access control systems Time Attendance mode and how terminal is configurable through Webserver In order to setup and use the MorphoAccess SIGMA Family terminal in the most efficient way it is recommended for the Administrator to thoroughly read this guide Terminal Series Terminal Name Biometrics Contactless smartcard reader Outdoo...

Page 17: ...r Outdoor iCLASS iCLASS SE MIFARE DESFire NFC Prox MorphoAccess SIGMA Lite iCLASS MorphoAccess SIGMA Lite iCLASS MorphoAccess SIGMA Lite Multi MorphoAccess SIGMA Lite Multi MorphoAccess SIGMA Lite Prox MorphoAccess SIGMA Lite Prox MorphoAccess SIGMA Extreme Series MorphoAccess SIGMA Extreme iCLASS MorphoAccess SIGMA Extreme Multi MorphoAccess SIGMA Extreme Prox MorphoAccess SIGMA Extreme FFD iCLAS...

Page 18: ... a fingerprint wherein the ridges become either bifurcation or endings as illustrated in Figure 1 These minutiae are the unique features which form the basis of any system using fingerprint comparison techniques for identification and verification purposes Figure 1 Minutiae are classified in two categories i e ridge ending and bifurcation Fingerprint is a mature biometrics in use for various appli...

Page 19: ...ultimodal template formats PK_FVP multimodal template format L 1 Bioscrypt private fingerprint template formats TEM from 4G fingerprint template format pattern only used for 1 1 matching VUR from 4G fingerprint template format pattern only used for 1 1 matching BUR from 4G fingerprint template format pattern and minutiae used for 1 1 and 1 N matching Public fingerprint template formats ANSI INCITS...

Page 20: ...of feature for SIGMA SIGMA Extreme and SIGMA Lite product is described using following table format Feature Function name SIGMA Series SIGMA Extreme Series SIGMA Lite Series Feature 1 Feature 2 As MorphoAccess SIGMA Series and MorphoAccess SIGMA Extreme Series have almost the same functionalities they are ususally in the same column except when it is necessary to detail MorphoAccess SIGMA Series h...

Page 21: ...nt a parameter is described using this format Parameter name Value Description _ _ _ For example to allow additional attempt for biometric authentication Parameter name Value Description auth_param additional_bio_c heck_nb_attempt 1 2 or 3 A value of 2 means that after a first incorrect identification or authentication a second chance is given to place finger on the biometric sensor Set this param...

Page 22: ...he Terminal to a PC 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 22 July 17 Section 2 Connecting the Terminal to a PC ...

Page 23: ... log files Configuring the Wi Fi connection Connection methods The MorphoAccess SIGMA Family terminal can be connected to a PC by an Ethernet cable either directly or through a LAN The LAN can be reduced to only one Ethernet switch Once physically connected the MorphoAccess SIGMA Family terminal can be configured using an application such as MorphoBioToolbox A POE Power over Ethernet current injec...

Page 24: ...ia an Ethernet cable If the Ethernet port of the PC does not support the Auto MDIX feature then a crossover Ethernet cable is mandatory If no crossover Ethernet cable is available then a switch can be used please refer to Connection through only one Ethernet switch If the PC that the administrator uses is already connected to a LAN then it must be either disconnected from the LAN or equipped with ...

Page 25: ...Ethernet switch The MorphoAccess SIGMA Family terminal can be connected to a PC through an Ethernet switch This is useful when no crossover cable is available in that case the administrator can use one Ethernet switch and two Ethernet standard cables WARNING an Ethernet HUB doesn t allow a connection between two of its ports An Ethernet switch is really mandatory Figure 3 Connection through an Eth...

Page 26: ...nistrator Figure 4 Connection through LAN The administrator is recommended to connect MorphoAccess SIGMA Family terminals on a dedicated network in order to reduce possibilities of fraudulent access to the configuration of the terminal It is advised to contact the network administrator for more information on LAN security strategies Before the administrator connects the MorphoAccess SIGMA Family t...

Page 27: ...use in the DHCP mode the IP address for the terminal can change each time it is restarted Static IP address DHCP disabled This is the easiest way for an administrator to connect a MorphoAccess SIGMA Family terminal to a LAN In this case the IP address of the terminal remains the same after each reboot and the Host System needs to know only this IP address in order to establish a connection with th...

Page 28: ...eries Quick User Guide The administrator must ensure that a Wi Fi license dedicated to this terminal must be present in the terminal as described in Communication licenses After the above operations ensure to reboot the terminal Configuration The Wi Fi network configuration is described in the section Wi Fi Network Configuration The Wi Fi configuration parameters are described in the MorphoAccess ...

Page 29: ... and Administration 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 29 July 17 Section 3 Terminal Configuration and Administration ...

Page 30: ...ver can be termed as a remote configuration panel of MorphoAccess SIGMA Family terminal Using Webserver the administrator can configure any parameter of the terminal while connected remotely Webserver is connected to the terminal through Ethernet or Wi Fi network Only an administrator with full administrative rights can login to Webserver Webserver also has a Complete Configuration tab from which ...

Page 31: ...edded Webserver in MA5G mode or MorphoBioToolbox in case terminal is in MA5G or legacy Morpho modes The remote operations available are mainly Time and Attendance configuration Read and Modify parameter values Manage access schedules Manage network configuration User Management Log Management Tamper settings etc The terminal works as a TCP IP server which waits for a request from the Host System a...

Page 32: ... or with a USB flash drive USB Scripts The default server port is 11010 Date Time settings The administrator can update the date time of the terminal by a distant system by the local Administrator Menu or Webserver SSL Securing Secure Sockets Layer SSL and its successor Transport Layer Security TLS are cryptographic protocols designed to provide communication security over Ethernet or Wi Fi channe...

Page 33: ...the MorphoAccess SIGMA Lite Series Installation Guide The administrator had loaded MorphoAccess WI FI License in the terminal NOTE 1 A DHCP server and a DNS server are mandatory when the Wi Fi interface is configured in DHCP mode The DHCP server automatically attributes an IP address to the MorphoAccess SIGMA Family terminal The DNS server links the terminal hostname to its real IP address It is a...

Page 34: ...of the user and a unique identifier Users stored in the database are of following types Normal Users are the ones to whom access is granted or rejected based on access rights check Authorized Users are the ones which are checked by the centralized access controller before granting access VIP Users are allowed access without performing biometric PIN check by the terminal Read more about VIP users u...

Page 35: ...ximum User indicates the basic capacity of terminal users database including administrators Maximum Authorized User List Capacity indicates the maximum number of users which can be added to authorize user list The default capacity is 250 000 users Maximum VIP User capacity indicates the maximum capacity of the users which can be enrolled as VIP users The default capacity is 100 users Transaction L...

Page 36: ...e terminal in order to unlock one or several optional features of the MorphoAccess SIGMA Family terminal The MorphoAccess SIGMA Family terminal supports the following license types License type SIGMA Series SIGMA Extreme Series SIGMA Lite Series MA_3K_USERS MA_10K_USERS MA_50K_USERS MA_100K_USERS extends the maximum size of the database MA_250K_LOGS MA_500K_LOGS MA_1M_LOGS extends the maximum size...

Page 37: ...he database to 10 000 user records The MA_50K_USERS license extends the maximum size of the database to 50 000 user records The MA_100K_USERS license extends the maximum size of the database to 100 000 user records WARNING It is a pre requisite that the MorphoAccess SIGMA Family terminal should have SD card plugged in it prior to a license upgrade Log licenses By default MorphoAccess SIGMA Family ...

Page 38: ...icenses are available MA_WI FI The MA_WI FI license enables the Wi Fi network WLAN which replaces the standard Ethernet connection The terminal can communicate with distant systems through WLAN NOTE The license alone is not enough a USB Wi Fi adapter compatible with MorphoAccess SIGMA Family terminals is mandatory The adaptor and license can both be ordered under reference MA WI FI PACK MA_3G The ...

Page 39: ...llows ordering any type of license for any kind of Morpho biometric product The file containing the license is automatically sent by email To access the Online License Generator the administrator requires an account in the biometric terminals support website Administrator also needs to create an account in the License Generator sub website www biometric terminals com see License Generator section ...

Page 40: ... licenses from a PC an Ethernet or Wi Fi connection and License Manager Application are needed The application can be downloaded from our biometric terminals website www biometric terminals com Screens Steps Figure 6 License Manager adding a MorphoAccess SIGMA Family terminal 1 Launch the License Manager application right click in the main window and select the Select a MA2G operation Figure 7 Lic...

Page 41: ...thout the prior authorization of Morpho 41 July 17 Figure 8 Licenses installed in a MorphoAccess SIGMA Family terminal 3 Refer to the screenshot above the licenses on the MorphoAccess SIGMA Family terminal are listed in the license in hardware line in the main window For further information concerning the license management tool License Manager PC tool please see the document MorphoAccess SIGMA an...

Page 42: ...ication then add the MorphoAccess SIGMA Family terminal IP address as specified in the previous section Click Add license then Browse to select the license file LIC A specific window will open to indicate whether or not the license has been loaded successfully The main window will then indicate the presence of the new license The terminal must be restarted to activate the different functions unloc...

Page 43: ... MorphoAccess SIGMA Family terminal firmware when required This can be done from PC through an IP link i e Ethernet or Wi Fi The easiest way to update the firmware is to use MorphoBioToolBox software application Find terminal firmware update proposed by the interface of the software application select the file with the new firmware and validate Note The administrator must not switch the terminal o...

Page 44: ...d minimal value is 10s p port_number TCP port number to be used to connect the terminal This is an optional parameter Its default value is 11001 Samples The following command upgrades firmware of terminal at IP address 192 168 1 2 using file new_firmware bin f new_firmware bin e 192 168 1 2 Upgrades firmware of terminal at IP address 192 168 1 2 using file new_firmware bin with a 15 seconds timeou...

Page 45: ...ode The MorphoAccess SIGMA Family terminal can be operated in MA500 mode also referred as Legacy Morpho When the administrator configures the legacy mode the terminal will support configurations and operations of MA500 terminals It can authenticate users enrolled in the MA500 terminals using biometric check as well as contactless card New users can also be enrolled in MA500 mode Access Path Access...

Page 46: ...ported when terminal is configured in the L1 mode There are certain other limitations when MorphoAccess SIGMA Family terminal is run in L1 Legacy mode For details about these limitations refer to MorphoAccess 5G Series Morpho L 1 Bioscrypt Legacy Mode Limitations document NB MorphoAccess SIGMA Extreme Series cannot be operated in Bioscrypt 4G mode Access Path Access point Access Path SIGMA Series ...

Page 47: ...e this native mode is designed by MA5G which means MorphoAccess 5th generation This mode supports new features and a remote management application called Webserver Access Path Access point Access Path SIGMA Series SIGMA Lite Series Terminal Menu First Boot Assistant Protocol Configuration MA5G USB Script MorphoBioToolbox USB Script Standard NOTE When terminal mode is switched from MA5G to any of t...

Page 48: ...irst Boot Assistant 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 48 July 17 Section 4 MorphoAccess Terminal First Boot Assistant ...

Page 49: ... mentioned below in order to access First Boot Assistant from the Management menu Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu First Boot Assistant Pre requisites The administrator needs to verify that the battery is plugged in the terminal beforehand Battery backup is necessary for preventing data loss in the event of a power c...

Page 50: ...document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 50 July 17 2 The administrator can configure the basic parameters via the First Boot Assistant Screen For more details please refer to the sections below ...

Page 51: ...e in the terminal on the first boot or a reboot of the terminal NOTE The time stored in the product is not lost if power supply is removed for up to 48 hours Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu First Boot Assistant OR System Menu Terminal Settings Date and Time Settings Screens Steps 1 Select Date Configuration Figure 1...

Page 52: ...Y c MMM DD YY d DD MMM YY e YYYY MM DD this format is not available if terminal is set in L1 mode 4 Click on the Check button to save the setting 5 Select Time Configuration Figure 12 Configuring Current Time 6 Scroll up or down to select current Hour Minute and Second 7 Set Hour Format as analogue i e 12 Hour or digital i e 24 hour 8 Set Time Format in the selection area which is used to select d...

Page 53: ... saving months By doing this the terminal s time is automatically set to an hour later than the actual time while in the daylight saving time frame For example if the current time is 10 am then in the day light saving period the time is automatically set to 11 am 12 Select Time Zone Type as Predefined or Custom If the administrator selects Predefined the list of Predefined time zones of the entire...

Page 54: ...16 Scroll up or down to select required Time Zone from the list 17 Click on the Check button to save the setting Figure 15 Custom Time Zone Setting 18 If the administrator selects the Time Zone Type as Custom then an administrator need to define the below mentioned time zone parameters 19 Select Time Zone NOTE While setting a customized time zone the administrator needs to ensure that the GMT offs...

Page 55: ...n define as to when the terminal would commence performing access checks The administrator can chose from the following events Biometric a finger is detected on the biometric sensor which starts biometric identification process Contactless card a contactless card is detected which starts authentication process using user s data found on the card Keypad a User ID is entered with the keypad External...

Page 56: ...he property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 56 July 17 Figure 16 Selecting the event s that starts access control rights check process 1 The administrator can select from the above stated events The event can be selected to be ON or OFF 2 Click on the Check button to save settings ...

Page 57: ...nctionality Multiple language options are available to select from e g English French Spanish and Arabic Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu First Boot Assistant Language Configuration OR Home Screen Language Screens Steps Figure 17 Configure Language 1 On the FBA screen the administrator needs to select Language Config...

Page 58: ...selection on main screen 1 On the Home Screen the administrator can select from the language options such as Arabic French Spanish or English Results The preferred language is saved The text display on the screen will be in the language selected by the administrator Note The administrator must ensure that the audio messages played on the terminal must be in the same language as the one chosen Admi...

Page 59: ...ge Icon The administrator can chose whether to display the language icon on the home screen or not This can be done via the Web Server application The value of this parameter misc language_config_display can be 0 or 1 The language icon will not be displayed on the home screen if the administrator sets misc language_config_display to 0 The default value of this parameter is 1 Access Path Web Server...

Page 60: ...hernet channel by means of the FBA screen An administrator can set the IP attribution protocol as DHCP or Static The administrator needs to allocate the IP address of the terminal manually when the selected IP mode is Static When the administrator choses the DHCP mode the IP address is assigned automatically There is no need to manually enter it IP Mode is selected to be Staic by default Access Pa...

Page 61: ...t not be copied or communicated to a third party without the prior authorization of Morpho 61 July 17 Screens Steps Figure 20 Selecting Ethernet Network Configuration 1 Select Ethernet 2 Select IP Configuration Figure 21 Ethernet Configuration 3 Under Ethernet tab the administrator can select IPV4 or IPV6 4 On next screen default IP Mode is selected as DHCP Press on IP Mode for update ...

Page 62: ... Mode as Static or DHCP 6 Use Check button to save the setting Figure 23 Configuring IP Address under Static IP Mode The administrator can manually configure IP Address of the terminal Subnet Mask Network Mask Gateway Address and DNS Servers under the Static IP Mode Results Once the Ethernet Configuration is done the terminal can be connected to a distant server An administrator can also configure...

Page 63: ...e terminal to communicate through WLAN by means of the FBA screen There are two ways to configure WLAN Automatic Administrator can select a specific network from the list of available networks and connect by entering the encryption key Manual The administrator can chose the manual configuration in order to connect to a hidden Wi Fi network This can be done by entering SSID Encryption Mode and Encr...

Page 64: ...e property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 64 July 17 Screens Steps Automatic Configuration Figure 24 Selecting available Wi Fi network 1 Select from the list of scanned Wi Fi networks Figure 25 Enter Encryption Key 2 Enter an Encryption Key to connect to the selected Wi Fi network ...

Page 65: ...rmation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 65 July 17 Figure 26 Success message is displayed showing Wi Fi network is configured Figure 27 Connected to Wi Fi network Manual Configuration 1 Select WLAN Configuration to set up Wi Fi Network ...

Page 66: ...ho 66 July 17 Figure 28 Selecting Other Network to set up Wi Fi network manually 2 The list of available Wi Fi networks will be displayed Select Other Network to set up Wi Fi network manually Figure 29 WLAN Parameter Configuration 3 Under the Other Networks tab the administrator needs to configure SSID Encryption Mode and Encryption Key provided by the Wi Fi network provider Figure 30 Setting SSID...

Page 67: ...gure 31 Selecting Encryption Mode 5 The administrator needs to select the Encryption Mode as supported by a Wi Fi Router In order to avoid unauthorized access Encryption mode is selected The available Encryption modes are a Open no encryption b WEP c WPA Personal d WPA2 Personal Figure 32 Define Encryption Key 6 Administrator needs to enter Encryption Key to connect to Wi Fi Only by entering Encry...

Page 68: ...n WLAN IP Configuration 8 On WLAN screen select IP Configuration to set up the IP which is required to be connected through WLAN 9 Select IPV 4 or IPV 6 Figure 34 WLAN IP Configuration 10 An administrator can select IP Mode as Static or DHCP a If IP Mode is Static then enter parameters such as IP Address Subnet Mask Gateway Address Preferred DNS Address and Alternate DNS Address b If IP Mode is DH...

Page 69: ...ssistant 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 69 July 17 Figure 35 Success message is displayed showing Wi Fi network is configured ...

Page 70: ...ts the terminals in legacy mode it will support the legacy terminal s features and database Refer to MorphoAccess SIGMA Family Modes section for detailed explanation on supported modes Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu First Boot Assistant Protocol Configuration MorphoBioTo olbox MorphoBioToolbox Device Settings Usb S...

Page 71: ...ation of Morpho 71 July 17 Screens Steps Figure 36 Protocol Configuration 1 Select Protocol from the list of modes 2 Click on the Check button to save the setting Results The protocol selected is saved The administrator needs to reboot the terminal in order to use it in any of the legacy modes When the administrator switches from one protocol to another all the configuration and user database exce...

Page 72: ...ations It is highly recommended to change the default login password in order to avoid any unauthorized access to the administration menu of the terminal The administrator must change the login password periodically to ensure better security The administrator can change password anytime from Change LCD Password under Security Menu The password is a numeric value with 4 digits minimum and 8 digits ...

Page 73: ... July 17 1 Administrator needs to enter Current Password and use button to move on next screen By default the login password of the terminal is set as 12345 Figure 38 Entering New Password 2 Enter a New Password of your choice 3 Use button to move on next screen Figure 39 Verifying New Password 4 Administrator needs to re enter the New Password for verification 5 Use button to Save Results The adm...

Page 74: ...cribed below ON If the administrator sets this to ON then at the next startup of the terminal the First Boot Assistant FBA screen will be displayed with the configurations stored User can change the required parameters OFF If the administrator sets this to OFF then at the next startup of the terminal the First Boot Assistant FBA screen will not be displayed and the configurations stored previously...

Page 75: ...document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 75 July 17 Results The preferred value of First Boot Assistant At Next Boot is saved The terminal will display FBA menu based on the value this parameter ...

Page 76: ...ard Keys Terminal Password SSL Certificate and User Database This could have been corrupted in the event of a power failure or interrupt in ongoing operation When booting up the terminal device if corruption is detected in any of these data security components the following message will be displayed on the screen Figure 41 Protected Data Corrupted Error The administrator can view the list of corru...

Page 77: ...Administration Menu 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 77 July 17 Section 5 MorphoAccess Terminal Administration Menu ...

Page 78: ...inal menu for MorphoAccess SIGMA Family User Menu For enrolling and managing users Multimedia Menu For uploading and managing Audio Video and Images in the terminal System Menu Allows configuration of the Terminal Transaction Log and perform miscellaneous configurations Communication Menu For setting network interface and serial parameters Security Menu Allows the administrator to configure Biomet...

Page 79: ...y without the prior authorization of Morpho 79 July 17 Figure 43 Logging in Device 1 Press on key lock icon Figure 44 Entering Password 2 Enter Password and Press on validation button NB Identification policy depends of misc LCD_login_optionvalue 0 Password only 0 Default 1 ID Password 2 ID BIO Password 3 ID BIO Figure 45 Administrator Menu 3 On successful login The administration menu is displaye...

Page 80: ... prior authorization of Morpho 80 July 17 User Menu User menu offers all functions related to the end users An administrator can use this to enroll new user in the system edit user information delete users from the terminal database and reset user information from contactless smart cards The administrator can only access this menu if enrolled with either Full Administrator Rights or Database Admin...

Page 81: ...access to the user by comparing the data provided by the user at the time of access request with the data provided by the user at the time of enrolment Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Add Enroll User Only DB User Management Menu of the Webserver User Management User Enrollment Enrollment mode DB Only Pre requisites On...

Page 82: ... Numeric value up to 24 digits NOTE Wiegand protocol doesn t support special characters such as and then is not recommended to insert these characters in the User ID value There is a configuration key misc user_id_edit to make user ID field read only With this parameter the user id can be extracted from the Smartcard and restrict user to edit this field misc user_id_edit is accessible from PC appl...

Page 83: ...orization of Morpho 83 July 17 Figure 49 Enter First Name of User 4 First Name of user and Press on button to move to the next screen 5 Similarly on next screen Enter Last Name of user and Press on button to move to the next screen 6 Press on Capture Fingers to enroll fingerprints of the user Figure 50 Enrolling Finger Index 7 A user is required to provide the biometric data of at least two differ...

Page 84: ...re 52 Biometric data capture 9 Place user s finger on biometric Sensor If finger is not placed properly or within the time limit an error message is displayed Refer to Finger Placement Recommendation section to know the correct position of finger 10 Fingerprint is captured three times and the best quality image is auto selected by the terminal 11 Once the fingerprint is stored the administrator wi...

Page 85: ... needs to select ON if it is required to capture duress finger Follow steps 8 to 10 for enrolling duress finger Figure 54 Assigning Access Rights 14 Admin Rights enables the administrator to select the rights that can be given to the user a No Administrator Rights The user is a regular user who has no right to access administration menu or modify the terminal configuration Regular users can only u...

Page 86: ... is capable of accessing User menu and performing all available actions in the User menu except for Edit User Delete User or Update Admin Rights operation The following tables sum up available features according to the administrator profile User related features Profile User Menu Add Edit Delete Authenticate Card manager Update admin rights No Admin right Limited Database Admin Database Admin Full...

Page 87: ...s Numeric keypad for User PIN On setting value to 0 terminal will enable Alphanumeric Keypad The value will be of up to 15 digits alphanumeric numeric This PIN can be used by user when PIN based authentication mode is enabled The user will be required to enter PIN along with fingerprints for authentication 17 Press on to save setting Figure 56 Setting Job Code 18 The administrator can set a Job Co...

Page 88: ... code during authentication is optional despite the Job Code Check being enabled It is based on the value of parameter time_and_attendance jobcode_by_key and selected time and attendance key during authentication Figure 57 Setting Job Code in user profile 19 The list of Job Codes configured in terminal is displayed An administrator can select a job code to associate with the profile NOTE The Job C...

Page 89: ...22 Press on to save Figure 59 Enrolment Information Screen Configuring parameters 23 The administrator can configure the Observe Holiday Schedule as ON or OFF If this parameter is set as ON then access on a holiday will be provided as per the defined holiday schedule If this parameter is set as OFF then authentication is done without any check on holiday schedule NOTE Refer to Define Holiday Sched...

Page 90: ...They must not be copied or communicated to a third party without the prior authorization of Morpho 90 July 17 Figure 60 Configuring Dynamic Message for User 25 Set Dynamic Message as On Figure 61 Setting duration for dynamic message 26 Select the duration for which the Dynamic Message is to be displayed on LCD screen by selecting the Start Date and End Date 27 Press on to save ...

Page 91: ... Message a If Normal Message is selected then on the next screen the message to be displayed needs to be entered by the administrator Press on icon to save message b If Picture Message is selected then the image uploaded in Multimedia Menu Images will be displayed on terminal LCD screen every time when access is granted to the user NOTE Refer to Images Settings section in this document to know how...

Page 92: ...istrator can configure Authorized List User as ON or OFF Only if the user is in the Authorized list access will be granted This parameter is set as ON by default NOTE The authorized list parameter will be effective only if the parameter Authorized List Check Mode is set as ON under Additional User Control settings 33 The administrator can configure VIP User as ON or OFF If the user is enrolled as ...

Page 93: ...rticular user NOTE In case the MorphoAccess SIGMA Family terminal is configured in the Legacy L1 mode a generic user rule is required to be set as authentication using Card Only The administrator can set this from the following access path Biometric Security Trigger event And biometric check of the users except the ones whose biometric check has been bypassed is required to be enabled using specif...

Page 94: ...figure whether user s information should be looked up in the Terminal database and or on the Smart Card using Record Reference Source a Select Terminal as ON if it is required for the terminal to look up the user s profile in database b Select Smart Card as ON if it is required for the terminal to look up the user s profile in smart card Figure 68 Defining User Rule Control Mode 38 The administrat...

Page 95: ...e Please refer to Additional User Control Settings to understand Face Detection workflow 39 The administrator can set Allow Bio Substitution parameter as ON It indicates that instead of Biometric the user can be authenticated through a substitute such as BIO PIN Figure 70 Defining User Rule Biometric Substitution 40 Press on to Save user information Results A confirmation message is displayed show...

Page 96: ...rty of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 96 July 17 Recommendation In case of authentication failure due to bad biometrics the administrator can re enroll the user In case of L1 mode the re enrolment can be done using Secure Admin station equipped with a MorphoSmart MSO biometric sensor only ...

Page 97: ...minal will check the biometric provided by the user with the biometric stored in the users card Access Path Access point Access Path SIGMA Series SIGMA Lite Series Terminal Menu User Menu Add Enroll User Card Only Webserver User Management User Enrollment Enrollment Mode Card Only Pre requisites Only an Administrator with Full Admin Rights or Database Admin Rights can enroll new users User name an...

Page 98: ...be used for user authentication Following are the options available a ID Template When the administrator selects this format it implies that the user authentication is done by verifying the User ID and biometric template i e fingerprint registered by user Three biometric templates can be stored for a user including two mandatory biometric templates fingerprints and one duress finger Figure 72 Enro...

Page 99: ...he User ID PIN and BIOPIN f ID PIN When the administrator selects this format it implies that the user authentication is done by verifying the User ID and PIN 2 According to the selected Card Data Format next user s data will be captured and stored in the card The below screens are for ID Template format 3 Please refer steps 1 to 11 of section User Enrolment in Database 4 A message to place card a...

Page 100: ...red in the card as well as in terminal database For example when user places finger on biometric sensor the terminal will check the biometric provided by the user matches with the biometric stored in the users card Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Add Enroll User Card DB Webserver User Management User Enrollment Enroll...

Page 101: ...e message to place card at terminal to get displayed Place Smart Card now 4 On placing card the user s data is stored in the card Results The user is enrolled successfully and user s data are stored in the terminal database as well as in the smartcard The user can initiate access request by placing the card on the terminal The terminal will read User ID and ask user to enter required data i e biom...

Page 102: ...it user information stored in database by using this functionality The administrator cannot update the user information if the user has been enrolled only in the card However it is possible to erase and rewrite the user s card with new data Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Edit User Webserver User Management Users Scre...

Page 103: ...r communicated to a third party without the prior authorization of Morpho 103 July 17 Figure 75 Entering first digits of the searched User ID 3 Enter the User ID of the user account which is required to be edited 4 Press on button to move to next screen Figure 76 Selecting User ID 5 The list of User IDs matching with the entered id will be displayed Select User ID from the list and Press on to pro...

Page 104: ...e the following user details by means of the Enrolment Information screen as depicted in the above snapshot a First Name and Last Name of the user b Capture Fingerprints c Update Admin Rights d Update User Pin e Assign Job Code f Configure Access Schedule g Set Observe Holiday Schedule h Set Door Open Timeout i Set Infinite Expiry Date j Configure Authorized list k Configure VIP User l Configure U...

Page 105: ...uly 17 Authenticate User The administrator can authenticate user by using this functionality This feature can be used by the administrator to test whether the enrolled user is allowed access or not However the user can authenticate from the home screen by entering in User ID and then placing finger when asked Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series ...

Page 106: ...ated and Press on button 2 Terminal will ask user to place finger on biometric sensor Results A success message is displayed and user will be granted access on successful authentication In case authentication is not successful access is denied Delete User The administrator can delete user information by using this functionality There are several options for deleting users Delete a User Delete All ...

Page 107: ... document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 107 July 17 Screens Steps Figure 80 Deleting User 1 If the administrator needs to delete a single user Select Delete User Figure 81 Searching User ID ...

Page 108: ... July 17 2 The administrator needs to enter the User ID that needs to be deleted Figure 82 Deleting User ID 3 The list of User IDs matching entered User ID is displayed Select a User ID 4 Press on button to move to next screen Figure 83 A confirmation message pop up for delete 5 A confirmation message is displayed asking to confirm the action 6 Press on check to confirm delete action Results The U...

Page 109: ...orization of Morpho 109 July 17 Delete All User ID The administrator can use this functionality to delete all the users stored in terminal database Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Delete User Delete All User Webserver User Management Users Screens Steps Figure 84 Select Delete action 1 The administrator needs to Selec...

Page 110: ...perty of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 110 July 17 Figure 85 Confirm All User Deletion 2 A confirmation message is displayed asking the administrator to confirm the action 3 Press on check to confirm delete all users action 4 A success message is displayed showing all users are deleted ...

Page 111: ...he card The terminal will now refer to the information on the card for user authentication if configured to do so The administrator can configure the contactless smart card parameters that are supported by MorphoAccess SIGMA Family terminals by means of the Card Manager Menu Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manage...

Page 112: ...can be done using the Renewal of User Card functionality By renewing user card the expiry of the card is reset and card can be used for verification This feature is also useful when a user loses his card In that case it is recommended to add the lost card to the Banned list in order to avoid fraudulent use of the lost card Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGM...

Page 113: ...ed or communicated to a third party without the prior authorization of Morpho 113 July 17 Figure 87 Renewal of User Card 1 Select Renew User Card Figure 88 Select Card Data Format 2 Select the card data format from available options as below a ID Template fingerprint b ID BIOPIN c ID Only d ID PIN Template e ID PIN BIOPIN f ID PIN 3 Press on check box to move next Figure 89 Select search criteria ...

Page 114: ...First Name or Last Name 5 Press on check button to move next Figure 90 Entering User ID to be searched 6 Enter the first characters of the selected search criteria E g if search by User ID is selected then enter User ID Prefix Figure 91 Selecting User ID 7 The list of User IDs matching the first characters entered in search criteria are displayed The administrator will now have to select a User ID...

Page 115: ...property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 115 July 17 Figure 92 A success message is displayed showing user is stored in card Results User s data stored in terminal database are copied on the card The card is renewed with new expiry date Now user can use this card for authentication ...

Page 116: ...ard NOTE The administrator can change site key using Administrator card provided the terminal supports the same card type For example using MIFARE Administrator card an administrator can change site key of the terminal that supports MIFARE card But an administrator cannot change site key of MorphoAccess SIGMA Family iCLASS terminal that supports only iCLASS cards If you are using administration DE...

Page 117: ... be encoded 2 Select the Card Type for which site key is to be generated Options are MIFARE Classic MIFARE Plus DESFire 3DES and DESFire AES NOTE The administrator must be careful while encoding MIFARE 1K Cards If the number of start block is set as 20 or more then an error message i e Error in Encoding Administrator card is displayed Refer to No of Start Block for MIFARE Cards to know how to conf...

Page 118: ...st not be copied or communicated to a third party without the prior authorization of Morpho 118 July 17 Figure 95 Administrator card is encoded Results A success message is displayed showing that the administrator card is encoded The site key in the terminal is copied in the administrator card The administrator can change the site key of other terminals using same administrator card ...

Page 119: ...ess card for a visitor by means of this functionality Basically such a card is for a guest user who needs to enter the premises temporarily For a visitor card the Terminal does not require information such as Name Biometric data PIN or BIOPIN On presenting visitor card terminal will authenticate the visitor card read User ID and allow access Access Path Access point Access Path SIGMA Series SIGMA ...

Page 120: ...7 1 Select Encode Visitor Card Figure 97 User ID for Visitor Card 2 Terminal will prompt to enter User ID NOTE Contactless card CSN can also be used as User ID by configuring a specific parameter For more details please refer to Smart Card section in MorphoAccess 5G Series Parameters Guide 3 Press on button to save and next 4 Terminal will ask user to present card on card reader Present Card on ca...

Page 121: ...of card that MorphoAccess SIGMA Family terminal will be able to read by means of this functionality This implies that these cards can be used for authentication purpose only The data on the card cannot be changed Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Smart Card Read Profile Webserver Control Configuration Conta...

Page 122: ...ior authorization of Morpho 122 July 17 Figure 99 Smartcard Read Profile_Multi b In case of iClass product Figure 100 Smartcard Read Profile_iClass 2 The administrator must set the following card read profile as ON if it is required to be readable by the terminal In case of Multi Product a MIFARE Classic b MIFARE Plus c MIFARE DESFire 3DES d MIFARE DESFire AES In case of iClass Product a IClass b ...

Page 123: ...f card that MorphoAccess SIGMA Family terminal will be able to encode by using this functionality These cards can be used to store user s profile and for user authentication The administrator can update or reset the data on the card Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Smart Card Encode Profile Webserver Contr...

Page 124: ...authorization of Morpho 124 July 17 Figure 102 Smartcard Encode Profile 2 The administrator needs to set the following smartcards encode profile as ON if they are to be encoded by the terminal a MIFARE Classic b MIFARE Plus c MIFARE DESFire 3DES d MIFARE DESFire AES NOTE It is not possible to encode several type of MIFARE Classic or DESFire 3DES and AES cards at the same time MIFARE Plus cards are...

Page 125: ...tored in card and the one in the terminal must match There is a default site key which is present in the terminal as well as on the smart card The administrator can generate a new site key in the terminal for all card types and upload the same key in the card by using Generate Site Key functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal M...

Page 126: ...erein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 126 July 17 Figure 104 Generating Site Key 4 Enter the Passphrase to generate Site key using keyboard 5 Use check button to save Figure 105 Success message is displayed showing site key is generated in the terminal ...

Page 127: ...or can reset security keys stored in terminal to factory default settings by using this functionality The administrator can select the card type from the available card types Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Reset Site Key Screens Steps Figure 106 Resetting keys in selected cards 1 Select card type to be r...

Page 128: ...4 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 128 July 17 Figure 107 Confirming reset key action 3 Confirm reset site key by click on Figure 108 Site Key is reset successfully ...

Page 129: ...d the terminal will start accepting specific iCLASS card ELITE card and starts rejecting the regular cards There are two steps and two configuration card to enable disable this functionality as Key Roller Card Configuration Card This is applicable to only iClass terminal Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Pr...

Page 130: ...ve Card 3 Use to save settings 4 Now terminal will accept iCLASS Card encoded with ELITE Key and reject iCLASS Standard Cards Screens Steps to Disable ELITE Mode Figure 110 Disable ELITE Mode 1 Select Present Key Roller Card a Terminal will ask to Place Card b Present the Key roller card Elite STD Card c Check that terminal display Hold Card and then Remove Card 2 Select Present Configuration Card...

Page 131: ...rd By default the 1st block to read is block 4 NOTE 1 The value specified for the start block applies also to the administrator cards Hence the administrator needs to ensure that the administrator data is also stored from the same block number as user data on user cards NOTE 2 In case of 1 K MIFARE the administrator can set start block no 4 to block 48 In case of 4 K MIFARE the administrator can s...

Page 132: ...ation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 132 July 17 Screens Steps Figure 111 Setting No of Start Block 1 Select Starting block number 2 On next screen the administrator can enter the start block number using keypad 3 Use to save settings ...

Page 133: ... key set that is used by terminal for authentication and reading MIFARE cards by means of this functionality Following are the key set values that can be configured Keys A only Keys B only Keys A then Keys B if failed Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Key set Webserver Control Configuration Contactless Card...

Page 134: ...ion of Morpho 134 July 17 Select Enroll ID Format The administrator can set the User ID format to be encoded on card by using this functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Enroll User ID Format Webserver Control Configuration Contactless Card General Parameters Enroll User ID Screens Steps Figure 113...

Page 135: ...D b Standard CSN This indicates that the serial number on the contactless card is considered as User ID at the time of enrolment and authentication c Reverse CSN This indicates that the serial number on the contactless card in reverse byte order is considered as User ID at the time of enrolment and authentication d 4G CSN This indicates that the contactless card serial number read is manipulated a...

Page 136: ... PC application or webserver Partial CSN Configuration keys are available to use partial CSN in enroll and verify modes For each of mode there are start bit key and a length key in bits as below For Enrollment sc enroll_csn_start and sc enroll_csn_length For Verification sc verify_csn_start and sc verify_csn_length start bit key range 0 to 79 default value 0 length key range 0 to 80 default value ...

Page 137: ...g DESFire cards by means of this functionality When the DESFire card is presented to the reader during authentication the application ID is read from the configured location from where the active File ID is fetched which further contains the user data Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Application ID OR User...

Page 138: ...opied or communicated to a third party without the prior authorization of Morpho 138 July 17 Figure 115 Configuring Application ID and File ID 1 Select Application ID 2 Enter Application ID from range of 0x000001 0xFFFFFF By default application ID 0xEEE600 3 Now select File ID 4 Enter File ID using keypad from range of 0 15 By default File ID is set as 0 5 Press on check button to save changes ...

Page 139: ... 2APP iCLASS cards by using this functionality When the iCLASS card is presented to the reader the application area 2 is read after the card is authenticated with the key 2 Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Offset Webserver Control Configuration Contactless Card TLV contactless card configurations I Class P...

Page 140: ...d the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 140 July 17 Figure 117 Set Key Offset 2 Enter Offset value An administrator can configure offset from 0x13 to 0x9F hex values 3 Press on check button to save the Offset value ...

Page 141: ...o the reader the application area 2 is read after the card is authenticated with the key 2 Depending on the template and size of data stored the number of pages shall be used in case the card is 16App iCLASS Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu User Menu Card Manager Active Page Webserver Control Configuration Contactless Card TLV c...

Page 142: ... iCLASS SEOS Cards The administrator can specify the value of ADF OID and DO TAG in the MorphoAccess SIGMA Family terminal for reading HID iCLASS SEOS cards by means of this functionality Encoding from terminal is not supported Access Path Access point Access Path SIGMA Series SIGMA Lite Series Terminal Menu User Menu Card Manager ADF OID User Menu Card Manager DO TAG Pre requisites The administra...

Page 143: ...tion therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 143 July 17 Screens Steps Figure 120 Configure ADF OID DO TAG for HID iCLASS SEOS cards 1 Select ADF OID Figure 121 Enter ADF OID 2 Enter ADF OID number 3 Press on check button to save 4 Select DO TAG ...

Page 144: ...G number 6 Press on check button to save Reset Card The administrator can reset a contactless card by using this functionality The user data stored in the card is erased Terminal will also overwrite the current site key on the card with the default site key Access Path Access point Access Path SIGMA Series SIGMA Lite Series Terminal Menu User Menu Card Manager Erase Card Webserver User Management ...

Page 145: ...authorization of Morpho 145 July 17 Screens Steps Figure 123 Reset card 1 Select Reset Card 2 Terminal will ask to Place Card at card reader 3 Once the administrator places the card terminal will read and reset the card by erasing the stored data This will also reset the card key to default value Figure 124 Success message is displayed showing card is reset successfully Results Card is reset succe...

Page 146: ... upload and manage audio video and images on MorphoAccess SIGMA Family terminal by using the multimedia menu These multimedia contents are used to perform various tasks such as to play an alarm when the terminal is tampered The administrator needs to refer to the following sections in order to understand as to how one can upload the multimedia contents in the terminal and the supported formats Ter...

Page 147: ...lders that can be found in the Multimedia Menu Audio path Please note that each folder will be having a unique name that corresponds to the action or event which leads to a notification sound For e g the administrator must ensure that the audio that is to be played on event of a tamper need to be uploaded in the Multimedia Menu Audio Tamper folder Set the volume at which the sound should be played...

Page 148: ... formats are FLAC PCM and VORBIS The administrator must ensure that the audio messages must be in the same language as configured in the terminal Screens Steps Figure 126 Uploading Audio File in device 1 Select USB mode 2 The administrator can view the folders present in USB mass storage device 3 Select an Audio file that is required to be uploaded on terminal 4 The administrator can play the audi...

Page 149: ...nicated to a third party without the prior authorization of Morpho 149 July 17 6 A confirmation pop up will appear Press on icon to copy file from USB mass storage device to terminal Figure 128 Success message is displayed Results Success message is displayed showing Audio file is copied to terminal Audio is played on respective action on terminal The administrator can use the button to Delete an ...

Page 150: ... In this case No video will be played when the screen is idle Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Multimedia Menu Video Pre requisites The administrator must ensure that the USB mass storage device must be properly initialized This implies that the USB mass storage device must have the same folder structure as displayed on the term...

Page 151: ...s Figure 129 Uploading Video File in device 1 Select USB Mode 2 The administrator can view the folders present in USB mass storage device 3 Select a Video File that is required to be uploaded on terminal 4 The administrator can play video file and also adjust its volume 5 Press on Copy button to copy file from USB mass storage device to Terminal Figure 130 Confirmation Pop up A confirmation pop up...

Page 152: ... July 17 Figure 131 Success message is displayed Results Success message is displayed showing Video file is copied to terminal The uploaded video is played on idle screen time out The administrator can click on the button to Delete a video file References Refer to Idle Screen Time Out parameter under LCD Configuration The administrator needs to refer to the parameter Set Infinite Video Play under ...

Page 153: ... an image when the user is granted access Wallpaper This is to set wallpaper to be displayed on the home page The administrator can perform the following actions using Image Settings Upload image files using USB mass storage device Remove image file No image will be displayed in this case Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Multime...

Page 154: ...prior authorization of Morpho 154 July 17 Screens Steps Figure 132 Uploading Image File in device 1 Select USB mode 2 The administrator can view the folders present in USB mass storage device 3 Press on Copy button Step 3 in above figure to copy file from USB mass storage device to Terminal Figure 133 Confirmation Pop up 4 A confirmation pop up will appear Press on icon to copy file from USB mass ...

Page 155: ... be copied or communicated to a third party without the prior authorization of Morpho 155 July 17 Figure 134 Success message is displayed Figure 135 Image uploaded is displayed as wallpaper Results Success message is displayed showing image file is copied to terminal The uploaded image is displayed as wallpaper or dynamic message The administrator can select and Delete images using button ...

Page 156: ...y without the prior authorization of Morpho 156 July 17 System Menu The administrator can configure fundamental parameters of Terminal such as LCD screen parameters and transaction log settings using the System menu System menu also allows an administrator to launch the First Boot Assistant that has all basic parameters in one screen Only an administrator with full administrative rights can access...

Page 157: ... administrator can use this functionality for resetting all the parameters of MorphoAccess SIGMA Family terminal to their default value An administrator can also select particular parameters manually for which values are needed to be reset as factory default value Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings Se...

Page 158: ...uthorization of Morpho 158 July 17 Figure 138 Select Items to reset 2 The administrator can select parameters from the list and set as ON The parameters that are marked ON will be reset 3 Press on check button to move next Figure 139 Confirmation message displayed 4 Select check button to confirm resetting of selected parameters of the terminal to factory default settings Results The values of sel...

Page 159: ...s functionality Besides this there are options to set the format of date and time The administrator needs to configure these basic parameters on the first boot of the terminal NOTE The time stored in the product is not lost if power supply is removed for up to 48 hours Set Time Zone Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu T...

Page 160: ... to synchronize the terminal date and time with external server using SNTP NTP protocol to update the terminal date and time automatically with the NTP server time This can be done from the Webserver using the same path as mentioned above Set Date The administrator can configure the current date and the format in which it is to be displayed on the terminal by using this functionality Access Path A...

Page 161: ...of Morpho 161 July 17 Set Time Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings Date and Time Settings Clock Parameters Time Configuration Webserver Terminal Settings Date Time Screens Steps Please refer to Date and Time Configuration section step 4 to 9 for more detail Results The administrator can view the config...

Page 162: ...ines for same action or multiple actions The signal is sent when following actions are triggered on terminal Delete Templates On selection of this action terminal will erase all the biometric templates of specified template ID i e if more than one template are available with different index then all those templates will be removed The signal is sent when following actions are triggered on terminal...

Page 163: ...is not in Authorized listed action is triggered on GPO line Pin Mismatch When PIN entered by user is not matched an action is triggered through GPO line to the door panel Time and Attendance Action If parameters are configured in time and attendance configuration then on every T A action an action is triggered GPO line to door panel distant systems NOTE The settings of GPIO can be done from Web Se...

Page 164: ...rpho They must not be copied or communicated to a third party without the prior authorization of Morpho 164 July 17 Screens Steps Figure 141 SDC Parameters configuration 1 Press on GPIO State to select modes Figure 142 Selecting GPIO State 2 By default GPIO General Mode is selected In order to configure SDC on a terminal select SDC Mode 3 Use Check Button to save settings ...

Page 165: ...r Unlock Time has elapsed and the door has not been closed the terminal will start counting the Door Held Open Duration If user has not closed the door within this duration an auto alert Door Held Open Too Long will be generated on terminal 6 Select the Exit Mode as None Push button Manual or Push button Electric 7 The administrator needs to set the Egress Time Out when Exit Mode is in Push Button...

Page 166: ... user for a specific time period by using the Time Override Mode TOM Whenever TOM is triggered on terminal then door gets unlocked and user can open Door without any authentication till TOM remains active Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings SDC TOM Tamper TOM Parameters Webserver Terminal Settings SDAC...

Page 167: ... of Morpho 167 July 17 Figure 145 Setting TOM Duration 2 Press on TOM Duration to set the duration for which door should be under TOM 3 Enter the number of minutes TOM will be active into the Time Override Duration field and use button to save 4 Use Check button to activate TOM on the terminal Results The TOM is set successfully Thirty seconds before TOM is set to expire the terminal beeps After T...

Page 168: ...trusion tamper Tamper switch is triggered on terminal and Tamper alarm is played on the terminal Terminal can also transmit an alarm indication to the central controller using a Wiegand output For that purpose contact connections are provided on I O board open circuit equals detection NOTE Tamper switch triggers the alarm message Please refer to the MorphoAccess Installation Guide corresponding to...

Page 169: ...t screen an administrator can set Tamper State as Disable or Enable 3 Select Enable and use button to Save Figure 147 Tamper Parameters Configuration The administrator needs to configure the following parameters once the Tamper State is enabled 4 130 bit Wiegand String can be set as ON or OFF When this parameter is set as ON then on tamper detection 130 bit Wiegand string is generated for tamper a...

Page 170: ... detection The audio file uploaded by the administrator in the system will be played 8 Erase Security Data The administrator can set this as ON or OFF When this parameter is set as ON then on tamper detection the custom site keys stored for all contactless cards will be deleted and reset to the default value 9 Use button to Save Results Once the Tamper Parameters are configured possible intrusions...

Page 171: ...ness of the touch screen LCD Disable Biometric Sensor when terminal is idle Enable or Disable Idle Mode Basically an idle mode is when there is no action triggered on LCD If enabled a video is played when terminal is in Idle Mode Set brightness of the video to be played Set duration of the video to be played Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series S...

Page 172: ...party without the prior authorization of Morpho 172 July 17 Screens Steps Screen Brightness Control Figure 148 LCD Brightness adjustment 1 Press on Brightness 2 On next screen an administrator can adjust the brightness of LCD back light by scrolling the curser left or right Figure 149 LCD Brightness adjustment 3 Move curser left to reduce brightness and right to increase brightness of the LCD 4 Us...

Page 173: ...Idle Mode The administrator can disable the biometric sensor backlight when terminal is in idle mode by configuring this parameter When turned ON the biometric sensor will automatically power off if the terminal is in idle mode This is recommended for power saving As soon as terminal is in use the biometric sensor is powered on Figure 150 Disable Sensor in Idle Mode 1 Set ON to disable the biometr...

Page 174: ...n the terminal is in idle mode the biometric sensor is powered off if the administrator has turned the Disable Sensor in Idle mode parameter ON One can exit the idle mode by touching the text zone on the LCD touch screen Figure 151 Configuring Idle Screen Status 1 The administrator can set Idle Screen Status as ON or OFF 2 Select status as ON if it is required to auto lock the terminal when idle 3...

Page 175: ...ted to a third party without the prior authorization of Morpho 175 July 17 Video Play Brightness Control Figure 152 Video Play Brightness Control 1 Press on Video Play Brightness 2 In the next screen the administrator can adjust the brightness of the video by scrolling the curser left or right 3 Move curser left to reduce brightness and right to increase brightness of the Video 4 Use icon to Save ...

Page 176: ...ior authorization of Morpho 176 July 17 Idle Screen Time Out Figure 153 Configuring Idle Screen Timeout 1 Idle Screen Timeout parameter indicates that if there is no action taken on LCD for specified duration then screen should be auto locked and video play starts 2 Press on Idle Screen Timeout parameter 3 On next screen enter duration in seconds only 4 Use icon to Save setting Set Infinite Video ...

Page 177: ...igure 155 Setting Video Play Duration 1 Press on Video Play Duration and enter the number of seconds it is required for the video to be played when terminal is idle 2 Use icon to Save setting 3 Use icon on LCD Configuration screen to Save all parameters Results Video will be played on the LCD screen as per the configuration done Once the video play duration is completed the video will be stopped a...

Page 178: ...on fields such as User ID Name of User Role of User Time of trigger Biometric Matching Score etc The MorphoAccess SIGMA Family terminal can store up to 100 000 transaction logs in the database by default However the administrator can increase the capacity of storing logs in terminal database by installing Log licenses The administrator has to export logs using Morpho Bio Tool Box webserver or a US...

Page 179: ...ons will be recorded and stored on terminal Access Control Log This mode indicates that only user access request pass and fail should be recorded and stored Full Log This mode indicates that all the events taken place on terminal including configurations done time and attendance actions errors etc are captured and stored in terminal Access Path Access point Access Path SIGMA Series SIGMA Extreme S...

Page 180: ...nd the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 180 July 17 Results As per the selected mode of logging transaction logs are created by terminal In case terminal fails to store log parameter an error message is displayed ...

Page 181: ... functionality Delete Partial Logs Delete Full Logs Based on this configuration terminal will delete logs entirely or partially when log full event occurs Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Transaction log Actions on Log Full Event Webserver Logs Action on Transaction Log Full Screens Steps Figure 157 Setting Delete Lo...

Page 182: ...orpho They must not be copied or communicated to a third party without the prior authorization of Morpho 182 July 17 2 Press on button to save settings Figure 158 Defining number of logs to be deleted 3 The administrator needs to define Number of Logs to be Deleted when delete action is triggered and Delete Partial Logs is set to be ON 4 Press on button to save settings ...

Page 183: ...database by using this functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Transaction log Delete All Logs Webserver Logs Transaction Log Delete All Transaction Logs Screens Steps Figure 159 Deleting Transaction logs 1 Press on Delete All Logs 2 A confirmation message will pop up to confirm an action to delete all transac...

Page 184: ... authorization of Morpho 184 July 17 Miscellaneous Settings Global Device Volume The administrator can set volume of all the audio video files that are uploaded in the terminal by using Global Terminal Volume Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Miscellaneous Settings Webserver MMI Audio Volume Screens Steps Figure 160 T...

Page 185: ... a third party without the prior authorization of Morpho 185 July 17 Figure 161 Set Global Device Volume 2 Scroll the radio button to right side for increasing the volume and scroll towards left to decrease the volume 3 Press on check button to save settings Results Sound will be played as per the configured Global Terminal Volume References Refer to Multimedia menu to know how to upload audio vid...

Page 186: ... 17 Enable AZERTY Keyboard The administrator can enable AZERTY French standard keyboard type by using this functionality The default keyboard in MorphoAccess SIGMA Family terminal is QWERTY English standard keyboard Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Miscellaneous Settings Screens Steps Figure 162 Enable AZERTY Keyboar...

Page 187: ...ess Terminal Administration Menu 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 187 July 17 Figure 163 AZERTY keypad ...

Page 188: ...er allows an administrator to configure any parameter of the terminal by connecting remotely Please refer the Access to Administration Menu through Webserver in this document By default the access to Web Server is disabled in a MorphoAccess SIGMA Family terminal Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Miscellaneous Settings...

Page 189: ...mily terminal is capable of capturing logs of the events when access is denied or any error has occurred during operations The administrator can enable disable error logging and configure related parameters using Error log Configuration feature Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Miscellaneous Settings Error Log Configu...

Page 190: ...y of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 190 July 17 Figure 166 Enable Error Logging 2 Select Error Log as ON to enable error logging Figure 167 Setting Error Log Debug Level 3 Select Debug Level from the available list a Fatal b Alert c Critical d Error e WARNING f Notice g Info h Debug i Trace ...

Page 191: ...isplayed 4 Press on button to save settings Results The Error logs are captured and stored on the terminal The administrator can use the Export functionality under USB menu to export the logs Refer to Export Data in USB Mass Storage Device Sensor Log Configuration MorphoAccess SIGMA Family terminal is capable of capturing logs of the CBI sensor when any operation is performed on CBI sensor The adm...

Page 192: ...ging Figure 170 Sensor Modules Log Activation 3 Set Module Log Activation value in between 0 to 65535 NOTE The sensor logs of modules WRAPPER SDK IHM SCFG LOG SETTING_SENSOR IMG_PROCESSING FFD DTPR ACQ_MGR LIBBIO BIODB SRV PARAM PAL Modules based on the value set in Module Log Activation will be included in the Error Log File For example if an administrator set the value 57343 in Module Log Activa...

Page 193: ...th distant systems can be done to perform the following functions Connect to Central Access Controller in order to grant or deny the access to the user across multiple locations Terminal configuration Terminal maintenance firmware upgrade add a license to unlock an optional feature Database management add modify or remove a user Log file management get or delete log file Configuring the Wi Fi conn...

Page 194: ...k Configuration The MorphoAccess SIGMA Family terminal can be connected to devices such as central access controller and door controller via Ethernet The administrator can configure an IP Mode which can be static or DHCP dynamic This can be done via Ethernet in the Network Configuration depicted below For more information on Ethernet Configuration please refer to Ethernet Interface Settings under ...

Page 195: ...unicated to a third party without the prior authorization of Morpho 195 July 17 6 Select IP Configuration Figure 173 Ethernet Configuration 7 Under Ethernet tab the administrator can select IPV4 or IPV6 8 On next screen default IP Mode is selected as static Press on IP Mode for update Figure 174 IP Mode Selection 9 An administrator can select IP Mode as Static or DHCP 10 Use Check button to save t...

Page 196: ...om Security menu refer Network Communication Security Settings Wi Fi Network Configuration MorphoAccess SIGMA Family terminal can be connected to devices such as central access controller and door controller via WLAN Wi Fi network The terminal needs the Wi Fi connection to make operations such as requesting access to the access controller and receiving the result message At First Boot Assistant an...

Page 197: ...ation of Morpho 197 July 17 NOTE The Administrator needs to contact mobile network provider for the settings for their network Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Communication Menu Network Interface Mobile Network Pre requisites 3G USB modem must be plugged into the terminal MA_3G license must be installed on terminal Screens Step...

Page 198: ...ocument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 198 July 17 Figure 177 Enter User Name 2 Enter User Name Press on button to set Figure 178 Enter Password PIN 3 Enter Password PIN Press on button to set ...

Page 199: ...ument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 199 July 17 Figure 179 Enter Access Number 4 Enter Access Number Press on button to set 5 Press on button to save all setting on Mobile Network parameter menu ...

Page 200: ...nistrator can configure the Hostname when the IP Mode is selected as DHCP The host name is used instead of the IP address when a DNS Domain Name Server exists in the network Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Communication Menu Network Interface Hostname Webserver Terminal Settings Communication IPv4 Network Screens Steps Figure 1...

Page 201: ...RS422 it will not be able to communicate through RS485 and vice versa Serial channel is also used for sending distant commands to terminal The administrator can configure parameters of the serial channel from terminal or via Webserver interface NOTE Webserver application cannot use the Serial channel for configuring the terminal Access Path Access point Access Path SIGMA Series SIGMA Extreme Serie...

Page 202: ...rpho They must not be copied or communicated to a third party without the prior authorization of Morpho 202 July 17 Figure 182 Select Baud Rate 2 The list of supported Baud Rates is displayed Select the required Baud Rate 3 Use Check button to save Figure 183 Selecting Communication Type 4 Select Communication Type as Half Duplex or Full Duplex 5 Use Check button to save ...

Page 203: ...rpho 203 July 17 Figure 184 Enter Net ID 6 Enter a Net ID will be used to identify the terminal in a RS485 network connection 7 Press on button to save 8 Use Check button on Serial Parameters screen to save all settings Results The serial channel parameters are configured successfully Terminal can communicate with distant systems using serial channel NOTE The Serial configuration done will be lost...

Page 204: ...or communicated to a third party without the prior authorization of Morpho 204 July 17 Security Menu The administrator can configure security parameters to guard the MorphoAccess SIGMA Family terminal against unauthorized access by means of the Security Menu Security menu deals with Biometric control Network security multi user verification LCD Login Password and User Control Figure 185 Security M...

Page 205: ...ensor this starts the biometric identification process Contactless card detection of a contactless card this starts the authentication process with user s data read on the contactless card Keypad detection of a user id entered with touch screen keypad The entered User ID serves as references for authentication External Port reception of a User ID from Wiegand Clock and Data port The received User ...

Page 206: ...e as ON or OFF 2 Use Check button to save settings Set Duress Mode The administrator can enable Duress Mode in MorphoAccess SIGMA Family terminal by using this parameter The administrator can allow capturing of a user s duress finger in addition to two normal fingers by setting the Duress Mode On detection of a Duress finger the terminal will send a Duress Finger Event to the controller using a co...

Page 207: ...ul identification and action VERIFY_DURESS_ID VERIFY_DURESS_TEMPLATE on successful authentication Refer to How to Export View Transaction Logs section for more information on exporting and viewing transaction log Access Path Access point Access Path SIGMA SeriesSIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu User Control Settings Set Duress Mode Webserver Control Configurations ...

Page 208: ...er authentication The administrator can set Biometric Check Mode as ON or OFF However it is a must to have user s biometric data in the terminal database or in user s card if this mode is ON If the biometric check mode is OFF then terminal will not ask user to place finger on the biometric sensor Instead user can be authenticated using Card and Keypad modes Access Path Access point Access Path SIG...

Page 209: ... has configured this mode the user is allowed to place finger up to two times This means that if authentication fails on the first attempt terminal will ask user to place again his finger on the biometric sensor and perform biometric check again Advanced Matching Strategy with MFU 2 Attempts If the administrator has configured this mode the user is allowed up to two attempts If authentications fai...

Page 210: ...s SIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu User Control Settings Biometric Matching Strategy Webserver Terminal Settings Biometric Biometric Security Settings Biometric Matching Strategy Pre requisites The administrator needs to set the Biometric Check Mode as ON Screens Steps Figure 189 Selecting Biometric Matching Strategy 1 Select Biometric Matching Strategy as Standar...

Page 211: ... s finger In case of biometric identification process if user s finger is not recognized the user has 5 seconds to place again one of his fingers on the biometric sensor If a finger is placed on the sensor after this delay then the terminal processes it as a new access request The value of this delay is defined by a dedicated parameter Parameter name Value Description auth_param additional_bio_c h...

Page 212: ... 212 July 17 Screens Steps Figure 190 Biometric Time Out 1 Enter the duration for Biometric Check Timeout The entered duration is in terms of seconds 2 Use to save settings NOTE Whatever the duration for Biometric Check Timeout MALite will blink yellow 5 seconds after first unsuccessful biometric attempt before to come back to blue default light Second biometric attempt could be done during all Bi...

Page 213: ... user If the administrator has disabled the biometric mode the user identification is done based on the entered value of the PIN Note The administrator must set the trigger event through biometric for performing identification In Authentication Mode The user will have to enter User ID followed by Fingerprint If fingerprint of the user matches with the corresponding one in the database then termina...

Page 214: ...ck Attempts The administrator can set this parameter it indicates the maximum number of attempts a user can get before entering the correct PIN This feature is helpful in reducing False Rejection Rate by allowing users to enter PIN accurately on 2nd try Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Security Menu User Contro...

Page 215: ...cument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 215 July 17 Screens Steps Figure 192 Setting number of PIN Check Attempts 1 Select number of PIN Check Attempts as 1 or 2 2 Press on button to Save settings ...

Page 216: ... 5 seconds the terminal will deny access if user fails to enter PIN within the time limit On access denied user is again required to enter User ID fingerprint and PIN for authentication Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Security Menu User Control Settings PIN Check Time Out Webserver Terminal Settings Biometric ...

Page 217: ...y the administrator who typically is at the customer s end However the value of these two characteristics is inversely related when one value is tuned in one direction the other value will change in the other direction When user s convenience is the most important factor the FAR value must be set to a high value which reduces the FRR value and conversely if security is more important then the FAR ...

Page 218: ...se rejects is very low but the number of false acceptances is too high for a secure usage It is strongly advised not to use this value because the terminal becomes too tolerant 1 FAR 1 2 FAR 0 5 3 FAR 0 1 Default value Recommended value for physical access control applications using identification 4 FAR 0 05 5 FAR 0 01 6 FAR 0 001 7 FAR 0 0001 8 FAR 0 00001 9 FAR 0 0000001 10 Highest threshold val...

Page 219: ...pho 219 July 17 Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu User Control Settings Global Security Threshold Webserver Terminal Settings Biometric Screens Steps Figure 194 Setting Security Threshold 1 Select Global Security Threshold from values 0 to 10 2 Press on button to Save settings Results Terminal performs biometric com...

Page 220: ...upon the occurrence of such an event Ignore the event default setting useful during normal maintenance operations Send an alarm message to a distant system through the channel already used by the access control result messages see Sending an Access Control Result Message section Emits a local audible signal see Terminal States section Deletes biometric database Erase security data such as contactl...

Page 221: ... tamper detection Parameter value 1 indicates that authentication is disabled on tamper detection tamper action_erase_biom etrics 0 or 1 Parameter value 0 indicates biometric database is not erased on tamper detection Parameter value 1 indicates biometric database is erased on tamper detection tamper action_erase_secur ity_data 0 or 1 Parameter value 0 indicates security data is not erased on tamp...

Page 222: ... Tamper Cleared event to be triggered and send to controller Only when Tamper Clear button is pressed the tamper alarm is stopped and tamper cleared event is sent to controller Wiegand Output is activated and External Port Output type is selected as Wiegand Configure Wiegand Parameter wiegand event_tamper It allows setting a Wiegand Output Format which will be used to send the Device Serial Number...

Page 223: ... which indicates communication is done using Wiegand channel An administrator can also set Clock and Data Identifier for sending alarm message 65535 0 65535 See Event Configuration For output to be sent in Clock and Data format External port output type should be selected as Clock and Data See Wiegand Parameter Settings Tamper Alarm message using UDP The administrator can configure the terminal to...

Page 224: ...e allowed to communicate with the terminal Connection requests to the terminal will be rejected for the computers with an IP address not present in the list despite having a compatible configuration application This is a security feature that prevents situations such as modification to the terminal configuration from an unauthorized source Access Path Access point Access Path SIGMA Series SIGMA Ex...

Page 225: ...lection 2 The administrator can set the Authorized IP Mode as ON or OFF If this is set as OFF then any IP address is allowed to connect and communicate with the terminal If this is set as ON then the administrator requires adding IP addresses that are authorized to communicate with the terminal Add Authorized IP Address The administrator can add several IP addresses which are authorized to communi...

Page 226: ...e the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 226 July 17 Figure 198 Add IP address 3 The administrator can Add IP Address of the computer that can talk to the terminal 4 Press on icon to save Figure 199 A success message is displayed showing IP Address is added successfully ...

Page 227: ...or authorization of Morpho 227 July 17 Configure IP Addresses Range The administrator can add an IP Address Range this is to authorize computers having IP addresses in the specified range to communicate with Morpho Access terminal None other than the specified range of computers can communicate with the terminal Figure 200 Entering IP Range for authorizing 1 Select Add IP Range Enter Start IP Addr...

Page 228: ...inistrator can view the IP Addresses that are added and authorized to communicate with the terminal by using this functionality Figure 201 Viewing authorized IP Addresses 1 Press on View IP Addresses List of IP Addresses authorized is displayed View IP Range The administrator can view the Range of IP Addresses that are added and authorized to communicate with terminal by using this functionality F...

Page 229: ...orization of Morpho 229 July 17 Delete IP Address The administrator can delete an IP Address by using this functionality It allows the administrator to select several IP addresses and delete them Once deleted that computer cannot communicate with the terminal Figure 203 Deleting an IP Address 1 Select an IP Address that the administrator needs to delete 2 Press on to delete an IP address 3 A confi...

Page 230: ... Delete IP Address Range The administrator can delete an IP Address Range by using this functionality It allows an administrator to select several IP addresses range and delete them Once deleted computers having IP addresses in that range are not allowed to communicate with terminal Figure 204 Delete an IP Address Ranges 1 Select an IP Address Range that the administrator needs to delete 2 Use to ...

Page 231: ...otocols supported by the terminal are listed below SSLv3 SSLv23 TLS 1 0 TLS 1 1 TLS 1 2 The terminal supports the algorithms listed below for communication security AES128 SHA OpenSSL cipher suite AES256 SHA OpenSSL cipher suite AES128 SHA256 OpenSSL cipher suite AES256 SHA256 OpenSSL cipher suite AES128 GCM SHA256 OpenSSL cipher suite ECDHE ECDSA AES256 SHA OpenSSL cipher suite ECDHE ECDSA AES128...

Page 232: ...rotocol versions Cipher Algorithm List Protocol Version sslv23 sslv3 tlsv1 tlsv1 1 tlsv1 2 AES128 SHA Y Y Y Y Y AES256 SHA Y Y Y Y Y AES128 SHA256 N N N N Y AES256 SHA256 N N N N Y AES128 GCM SHA256 N N N N Y ECDHE ECDSA AES256 SHA ECDH ECDSA AES256 SHA Y Y Y Y Y ECDHE ECDSA AES128 GCM SHA256 ECDH ECDSA AES128 GCM SHA256 N N N N Y ECDHE ECDSA AES128 SHA256 ECDH ECDSA AES128 SHA256 N N N N Y ECDHE ...

Page 233: ... N Y The above table describes the protocol versions supported by the client side application when communication is started by the terminal using a specific protocol E g If the terminal starts communication using sslv23 protocol then client side application will be able to communicate using all the protocol versions While if communication is initiated using sslv3 protocol then client application w...

Page 234: ...erty of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 234 July 17 Screens Steps Figure 205 SSL Configuration 1 Select SSL Configuration 2 On next screen select Input Channel Figure 206 Configuring SSL Mode and parameters 3 Select SSL Mode as ON or OFF Only if the SSL Mode is ON the SSL protocol is used ...

Page 235: ...ment and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 235 July 17 Figure 207 Entering Secure Communication Port 4 Enter Secure Communication Port port that will be used for TLS or SSL protocol 5 Use button to save ...

Page 236: ...236 July 17 Default Communication Port The administrator can define a default communication port that will be used for Ethernet connection by using this functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu Communication TCP Channel Webserver Terminal Settings Communication Communication Channels Configuration Screens Ste...

Page 237: ...tocol TCP is a protocol that is used for transmission of the input output messages between the MorphoAccess SIGMA Family terminal and distant systems such as external controllers or Webserver application connected through Ethernet Wi Fi By default the TCP Channel is enabled If the administrator has disabled this parameter the terminal will not be able to communicate i e input or output of messages...

Page 238: ...formation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 238 July 17 Screens Steps Figure 210 Configuring TCP Channels 1 The administrator needs to select the TCP Channel as ON if it is required to use TCP protocol for communication 2 Use to Save ...

Page 239: ...ernal controllers connected through RS422 and RS485 By default Serial Channel is disabled If the administrator enables this parameter the terminal will able to communicate i e input output messages with distant systems using Serial channel NOTE Serial channel cannot be used for configuration of the terminal with the Webserver Access Path Access point Access Path SIGMA Series SIGMA Extreme Series S...

Page 240: ...ies that when access rights are based on the biometric data check the terminal requires the fingerprint of two different users to grant the access Set Additional Users Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Security Menu Communication Additional User Verification Additional Users Webserver Control Configuration User ...

Page 241: ...as to place finger on the biometric sensor If the finger is not presented on the sensor within the time limit access will be denied Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Security Menu Communication Additional User Verification Additional Users Verification Timeout Webserver Control Configuration User Control Configu...

Page 242: ...017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 242 July 17 Figure 214 Additional User Verification Timeout 2 Enter the Time limit 3 Use button to save ...

Page 243: ... In order to prevent any unauthorized access it is recommended to change the password periodically The administrator can change the LCD password by using this functionality The password is a numeric value with 4 digits minimum and 8 digits maximum Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu Communication Change LCD Password P...

Page 244: ... They must not be copied or communicated to a third party without the prior authorization of Morpho 244 July 17 Figure 216 Entering New Password 2 Enter the New Password of choice 3 Use button to move on next screen Figure 217 Verifying New Password 4 Re enter the New Password for verification 5 Use button to Save Results Administrator can login to LCD using the new password ...

Page 245: ...s functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Security Menu Additional User Control Webserver Control Configuration User Control Pre requisites Multiple Users feature must be enabled Additional User Verification should be set to 1 Screens Steps Figure 218 Additional User Control The administrator can configure the parameters ...

Page 246: ...k Activation When the administrator enables this parameter each time the user tries to access user will have to place finger as well provide Job Code for verification The administrator can set a job code for a given user at the time of enrollment Note When the Time and Attendance mode is enabled entering the job code during authentication is optional even though the Job Code Check is enabled It is...

Page 247: ...in order to understand the face detection workflow User Rule_Face Detection Terminal_Face Detection ucc users_ photo_policy Successful Identification Failed Identification Failed Authentication Disable Disable 1 No No No Disable Disable 2 No No No Disable Disable 3 No No No Disable Photo Taking 1 Yes No No Disable Photo Taking 2 No Yes Yes Disable Photo Taking 3 Yes Yes Yes Disable Face Detection ...

Page 248: ... No No Yes Face Detection Optional Disable 3 Yes No Yes Face Detection Optional Photo Taking 1 Yes No No Face Detection Optional Photo Taking 2 No Yes Yes Face Detection Optional Photo Taking 3 Yes Yes Yes Face Detection Optional Face Detection Optional 1 Yes No No Face Detection Optional Face Detection Optional 2 No Yes Yes Face Detection Optional Face Detection Optional 3 Yes Yes Yes Face Detect...

Page 249: ...n Mandatory 3 Yes Yes Yes Table 1 Face Authentication Workflow Refer below table for face authentication workflow for normal user and VIP user Face Detection Mode Behavior Behavior for VIP user Disabled Do not take pictures Disabled Photo Taking Take one picture and save it according to logging policies ucc users_photo_policy As per Photo Taking Face Detection Optional Take multiple pictures and p...

Page 250: ...eve correct face detection 9 User Rule Check This parameter defines the user rule check flow whether to apply the user rules configured on terminal or on trigger event The possible values are Disabled Trigger Event and Terminal Figure 220 User Rule Check If the per user rule ucc per_user_rule is defined to Terminal then Terminal will verify user data source of data defined from ucc user_record_ref...

Page 251: ...l is equipped with a USB Port that is to connect a USB Mass Storage temporarily Following are the uses of USB connection The administrator can upgrade firmware The administrator can import data to the terminal such as the User Database It is also used to import the Audio files Video files and Images that are used in Multimedia Configuration The administrator can export data from the terminal Trans...

Page 252: ...rage device The administrator can use the Format USB Mass Storage device functionality to delete the entire data stored in a USB Mass Storage device Once the device is formatted it can be initialized to store the same folder structure as in the terminal Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Format USB Screens Steps Figure 22...

Page 253: ...rization of Morpho 253 July 17 Figure 223 Confirmation message pop up 3 A confirmation message pop up is displayed notifying that the previous data in the USB Mass Storage device will be lost 4 Confirm action by using button Figure 224 Success Message of USB Mass Storage device Formatted Results A success message is displayed showing that the USB Mass Storage device is formatted Now the USB Mass S...

Page 254: ...ize USB Mass Storage device functionality By using this the terminal will copy the same folder structure in the USB Mass Storage device Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Initialize USB Pre requisite USB Mass Storage device must be empty Prior to store any data on USB Mass Storage device it is mandatory that the device is...

Page 255: ...copied or communicated to a third party without the prior authorization of Morpho 255 July 17 Figure 226 A confirmation message is displayed 3 Confirm Initialize USB Mass Storage device by using button Results A success message is displayed showing USB Mass Storage device is initialized Now the administrator can use the USB Mass Storage device to upload or download data to or from the terminal ...

Page 256: ...y the card Terminal can performe the card operation which is not encoded it self by importing the security key of the card Language File Terminal can support multiple languages The administrator can customize and upload the language file in the terminal by using Import Language file The uploaded language will be displayed to the user to select from See Language Configuration for more information M...

Page 257: ...the prior authorization of Morpho 257 July 17 How to Import User Database Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Import Pre requisite USB Mass Storage device should be initialized and must have the user database file in the correct folder USB Mass Storage device should be plugged into the terminal Screens Steps Figure 227 Imp...

Page 258: ...rior authorization of Morpho 258 July 17 Figure 228 Selecting file to be imported in the terminal 2 The list of files present in the user database folder in USB Mass Storage device is displayed 3 Select a file to be imported Figure 229 Confirmation message to import User Database 4 A confirmation message is displayed asking to confirm action It also notifies that on importing file the previous use...

Page 259: ...thorization of Morpho 259 July 17 Figure 230 Enter password 6 Enter a Passphrase The passphrase set at the time of exporting user database is required to be entered for importing the same user database file in terminal 7 Use button to complete an action Figure 231 Success message of user data imported is displayed Results Once the user s database is imported the user information can be edited and ...

Page 260: ...prior authorization of Morpho 260 July 17 How to Import Contectless key Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Import Pre requisite USB Mass Storage device should be initialized and must have the contactless key file in the correct folder USB Mass Storage device should be plugged into the terminal Screens Steps Figure 232 Imp...

Page 261: ... prior authorization of Morpho 261 July 17 Figure 233 Selecting file to be imported in the terminal 2 The list of files present in the user database folder in USB Mass Storage device is displayed 3 Select a file to be imported Figure 234 Enter password 4 Enter a Passphrase The passphrase set at the time of exporting user database is required to be entered for importing the same user database file ...

Page 262: ...262 July 17 Figure 235 Success message of contactless key imported is displayed Results Once the user s site key is imported the card can be edit erase and renew How to Import Language Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Import Pre requisite USB Mass Storage device should be initialized and must have the language file in t...

Page 263: ...d or communicated to a third party without the prior authorization of Morpho 263 July 17 Screens Steps Figure 236 Importing Language file 1 Select Language to be imported Figure 237 Selecting Language file to import 2 The language files present in USB Mass Storage device is displayed The language file will be in qm format 3 Select a language file that is required to be uploaded 4 Press on check bo...

Page 264: ...t not be copied or communicated to a third party without the prior authorization of Morpho 264 July 17 Figure 238 Confirm import action 5 A confirmation message is displayed as a pop up select the check box to confirm import of language file This action will replace the previous language file with the new file Figure 239 A success message is displayed showing language file is imported ...

Page 265: ...ging Error Logs Contains the record of failed attempts to access as well as other errors that have occurred User Database This contains user database Contectless key This contains the contactless card security keys The logs and user database can be exported in Binary bin format which is a non readable file Transaction log can also be exported in CSV format The data exported in USB Mass Storage dev...

Page 266: ...authorization of Morpho 266 July 17 How to Export View Transaction Logs Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Export Transaction Logs Pre requisites The administrator must enable the Transaction Logging Mode for the transaction logs to be recorded in the terminal Screens Steps Figure 240 Exporting transaction logs into USB M...

Page 267: ...ion of Morpho 267 July 17 Figure 241 Selecting a file format for exporting transaction logs 2 Select the format in which data should be exported in such as Binary Format or CSV Format NOTE Only Transaction Log has option to be exported in bin or csv format Error logs and User database is exported in encrypted format by default Figure 242 A confirmation message pop up 3 A confirmation message pop u...

Page 268: ...y of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 268 July 17 Figure 243 A success message is displayed showing transaction log is exported Figure 244 Transaction Log in CSV Format Sample Results The file for the exported transaction logs is created and stored in the USB Mass Storage Device in csv format ...

Page 269: ...ior authorization of Morpho 269 July 17 How to Export Error Logs Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Export Error Log Pre requisites The administrator must explicitly enable the Error Logging Refer to Error Log Configuration for more information about error log configuration Screens Steps Figure 245 Exporting data into USB...

Page 270: ... without the prior authorization of Morpho 270 July 17 Figure 246 A confirmation message pop up 2 A confirmation message pop up is displayed 3 Confirm an action to export log by using button Figure 247 A success message is displayed showing error log is exported Results The file for the exported error logs is created and stored in the USB Mass Storage Device in tar format The file is encrypted and...

Page 271: ...o They must not be copied or communicated to a third party without the prior authorization of Morpho 271 July 17 How to Export User Database Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Export User Database Screens Steps Figure 248 Exporting data into USB Mass Storage Device 1 Select the User Database option ...

Page 272: ...hird party without the prior authorization of Morpho 272 July 17 Figure 249 A confirmation message pop up 2 A confirmation message pop up is displayed 3 Confirm an action to export database by pressing button Figure 250 Enter Passphrase 4 Enter Passphrase The same passphrase will be required on importing the user database in terminal 5 Press on button Figure 251 A success message is displayed show...

Page 273: ... Results The file for the user database is created in BIN format and stored in the USB Mass Storage Device The file is encrypted and non readable for security purpose How to Export Contectless key Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu USB Menu Export Contactless key Screens Steps Figure 252 Exporting data into USB Mass Storage Device...

Page 274: ...nt and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 274 July 17 Figure 253 Enter Passphrase 3 Enter Passphrase The same passphrase will be required on importing the user contactless key in terminal 4 Press on button ...

Page 275: ...rty of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 275 July 17 Figure 254 A success message is displayed showing error log is exported Results The file for the contactless key is created in BIN format and stored in the USB Mass Storage Device The file is encrypted and non readable for security purpose ...

Page 276: ...d below from a single panel This can be achieved by means of the Information Menu Information related to Terminal s commercial name and license Sensor Information Firmware version Network settings done in terminal that includes Ethernet Wi Fi Serial Channel 3G GSM and GPRS connections Memory Status of the terminal User Status showing count of enrolled authorized and VIP users Also shows maximum ca...

Page 277: ... prior authorization of Morpho 277 July 17 View Device Details The administrator can view the information related to the MorphoAccess SIGMA Family Terminal by using this functionality Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Information Menu Terminal Webserver Webserver Terminal Info Screens Steps Figure 256 View Device Informatio...

Page 278: ...he property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 278 July 17 1 Following information of the terminal are displayed a Device Commercial Name b Device Description Name c Device Serial Number d Device Unique Product identifier e License Name f License Identifier g Regulatory Information ...

Page 279: ...ormation The administrator can view information regarding the current version of the Terminal firmware by using this functionality The firmware version is upgradeable Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series SIGMA Lite Series Terminal Menu Information Menu Terminal Firmware Version Webserver Webserver Terminal Info Screens Steps Figure 258 MorphoAccess SIGMA Fam...

Page 280: ...authorization of Morpho 280 July 17 View Sensor Revision Information The administrator can view the information related to the biometric sensor by using this functionality Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Information Menu Sensor Revision Webserver Terminal Info Terminal Screens Steps Figure 259 Biometric Sensor data 1 Sensor Unique Serial N...

Page 281: ... The administrator can view the information of various Networks interface through which the terminal is connected with distant systems Under Communication tab Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Information Menu Communication Webserver Terminal Settings Communication IPv4 IPv6 Network Screens Steps Figure 260 Selecting communication network 1 ...

Page 282: ...horization of Morpho 282 July 17 Figure 261 Viewing information of Ethernet network 2 Under Ethernet select IPV4 or IPV6 3 Following information is displayed of an IP connection a IP Mode i e Static or DHCP b IP Address of the terminal c MAC Address of the terminal d Subnet Mask e Gateway Address f Preferred DNS Address g Alternate DNS Address Figure 262 Viewing information of GPRS GSM network 4 F...

Page 283: ...Morpho 283 July 17 a IP Address of the terminal b MAC Address of the terminal c Subnet Mask d Gateway Address e Preferred DNS Address f Alternate DNS Address Figure 263 Viewing Serial Protocol Configuration 5 If terminal is communicating with distant server using serial port then parameters listed below are displayed a Communication Type i e Half Duplex or Full Duplex b Baud Rate i e data transmis...

Page 284: ...yed View Memory Status The administrator can view the remaining memory of the terminal by using this functionality Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Information Menu Memory Status Webserver Terminal Info SD Card Information Pre requisites The administrator must have the SD card plugged in the terminal Screens Steps Figure 265 Memory Status o...

Page 285: ...mation Menu View User Status Webserver Terminal Info User s Information Screens Steps Figure 266 View User Status Under User Status information section following information is displayed 1 Number of Users Enrolled in the terminal is displayed 2 Enrolled user Capacity indicates the maximum number of users that can be enrolled Basic capacity of the terminal is to store 5 000 users database The admin...

Page 286: ...ho They must not be copied or communicated to a third party without the prior authorization of Morpho 286 July 17 5 Number of VIP users the number of users enrolled as VIP users Read more on Access Control Process for VIP Users 6 Maximum VIP user capacity indicates the maximum capacity of the users that can be enrolled as VIP users By default the number of VIP users is 100 ...

Page 287: ...g the access path mentioned below It displays the number of current logs recorded in the terminal database as well as the maximum capacity of logs that can be stored in the terminal Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Information Menu Transaction Log Status Webserver Terminal Info Transaction Log Information Screens Steps Figure 267 Transactio...

Page 288: ...or Legacy Morpho or MA5G After installation of a new license that upgrades the terminal features Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu Home Screen Webserver Webserver Home Screen Welcome Admin Figure 268 Reboot Device After reboot all the settings are unchanged If the administrator needs to reset the terminal to default factory settings please u...

Page 289: ...d the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 289 July 17 screen by pressing button By pressing button the user can stay in the current screen to validate changes Figure 269 Confirmation Message To Return to Home Screen ...

Page 290: ...ideophone Facility 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 290 July 17 Section 6 MorphoAccess Terminal Videophone Facility ...

Page 291: ...r to initiate a video call by pressing an icon on the main screen of the terminal This feature requires a Videophone server which is a PC with a VOIP client application using SIP protocol such as Linphone This feature is useful for users to call access control administrator for help using the terminal or to allow the administrator to check his face a police badge or any item which can be checked b...

Page 292: ...ministrator needs to configure the server parameters on which VoIP client application is installed These servers are named as video phone servers An administrator can configure several video phone servers using Add functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings Video Phone Configuration Webserver MM...

Page 293: ...information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 293 July 17 Figure 272 Enter Server Name 2 Enter Server Name 3 Use button to move to next screen Figure 273 Enter Server IP 4 Enter Server IP Address 5 Use button to move to next screen ...

Page 294: ... They must not be copied or communicated to a third party without the prior authorization of Morpho 294 July 17 Figure 274 Entering Server Port 6 Enter Server Port 7 Use button to save Figure 275 Videophone Server is added successfully Results A success message is displayed showing video phone server is added successfully Video call can be connected once server is configured ...

Page 295: ...n view parameters of the video phone server configured on MorphoAccess SIGMA Family terminal by using this feature Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings Video Phone Configuration Webserver MMI Man Machine Interface Video Phone Configuration Screens Steps Figure 276 Viewing Video Phone Server Parameters 1...

Page 296: ...deo Phone Server The administrator can delete registered videophone from the terminal by using this functionality Access Path Access point Access Path SIGMA Series SIGMA Extreme Series SIGMA Lite Series Terminal Menu System Menu Terminal Settings Video Phone Configuration Webserver MMI Man Machine Interface Video Phone Configuration Screens Steps Figure 277 Deleting Video Phone Server 1 Press on D...

Page 297: ...authorization of Morpho 297 July 17 Figure 278 Video Server Deleted Success Message Results A success message is displayed on the screen showing video server is deleted The record of the server is no longer available on the terminal NOTE The videophone icon on idle screen shall not be displayed if the videophone feature is not configured The videophone icon is displayed on terminal only if at leas...

Page 298: ... Videophone feature of MorphoAccess SIGMA Family terminal enables end users to make a video call to a customer care center The executive at customer care center can view the user and solve all functional queries on call NOTE During the video phone call terminal does not allow any access control operations Pre requisites Video Phone Server must be pre configured Refer to Configure Video Phone Serve...

Page 299: ...ted to a third party without the prior authorization of Morpho 299 July 17 Figure 280 Select Server to make Video Call 2 The list of servers is displayed Video call is connected to customer care center through these servers 3 Select a Server Name 4 Press on Dial icon Figure 281 Connecting to remote server 5 Press on Push to talk icon once video phone call is established with remote server Figure 2...

Page 300: ...at this communication is one way in nature hence when he speaks by enabling the microphone he cannot hear the executive s response Figure 283 Release to hear In order to enable hearing the user must release the same button from the terminal end Results A Video Phone Call is established with remote server Video of end user is displayed on terminal and transmitted from terminal to the PC of customer...

Page 301: ... SIGMA Lite Series 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 301 July 17 Section 7 Terminal Menu for MorphoAccess SIGMA Lite Series ...

Page 302: ...r up the Morpho Logo and boot up animation will be displayed Idle screen will display wallpaper date and time with different icons There will be four icons on the MorphoAccess SIGMA Lite Series home screen Information icon To show basic information about terminal Authentication icon To initiate authentication from touch screen T A icons If Time Attendance feature is enabled on the terminal then tw...

Page 303: ...3 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 303 July 17 Figure 285 Information Menu Terminal Details The Terminal details will be displayed when icon is pressed Figure 286 Terminal Details ...

Page 304: ...ocument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 304 July 17 Communication Details The communication parameters and their default settings will be displayed when icon is pressed Figure 287 Communication Details ...

Page 305: ...s to Setup Wallpaper On boot up the MorphoAccess SIGMA Lite Series home screen may either display the wallpaper if set or the default company logo The wallpaper can be set by external commands Following are the steps to set the wallpaper Login to MorphoBioToolbox Navigate to File Management Files Management Select an image to set as wallpaper Select Picture as File Type and Select Wallpaper as Fil...

Page 306: ...cure container components like Smartcard Keys Terminal Password SSL Certificate and User Database Due to issues such as power failure or interrupt in operation corruption may occur While booting up device if there is any corruption found in secure container component terminal will display following screen in MorphoAccess SIGMA Lite Series terminal Figure 288 Protected Data Corrupted Error And on c...

Page 307: ...out the prior authorization of Morpho 307 July 17 Display Screens and Actions The following table enlists the various actions and indications on the MorphoAccess SIGMA Lite Series terminal and the corresponding screen appearance Display Screen Action Indication Keypad Authentication Keypad Authentication for second user In case of Multi User Mode Access Granted Access Denied USB Information Live F...

Page 308: ... property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 308 July 17 Display Screen Action Indication BIOPIN Entry Request Bootup Animation Screen default Please Wait Action in Progress Tamper Detected Distant Session Is Opened Controller Feedback Animation with Door Open Configuration Failed for Device ...

Page 309: ... information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 309 July 17 Display Screen Action Indication Configuration Failed for Communication Place Card Remove Card Prompt for second attempt Admin Card Detected Firmware Upgrade Started Remove Finger ...

Page 310: ...2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 310 July 17 Display Screen Action Indication Invalid Input Time Override Mode Active Sensor DB Upgrade Terminal Blocked ...

Page 311: ... through Webserver 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 311 July 17 Section 8 Terminal Configuration through Webserver ...

Page 312: ...arty without the prior authorization of Morpho 312 July 17 Access to Administration Menu through Webserver The Webserver allows user to perform various actions and configurations on terminal through below listed menus Figure 290 Webserver Administration Menu User Management Menu For enrolling and managing users Terminal Info Menu Used for viewing information of terminal Reboot Product Allows an ad...

Page 313: ...dd edit delete user defined Access Schedules Holiday Schedules and Door Open Schedules Control Configuration Menu Used to configure the Controller Panel Feedback User Control Parameters Events and Contactless Card parameters Terminal Settings Menu Used to configure the Biometric Communication Wiegand Threat Level GPIO SDAC and Terminal Date and Time Reset Default Menu Used to reset all any paramet...

Page 314: ...tor can login to MorphoAccess SIGMA Family terminal through Webserver using the default password Please refer to the section Password Configuration An administrator can enroll new user in the system edit user information delete users from the terminal database and reset user information from contactless smart cards Screens Steps Figure 291 Logging in Webserver 1 Enter Password and Press on Login t...

Page 315: ...ime of enrollment Access Path User Management User Enrollment Enrollment mode DB Only Pre requisites If terminal is in Legacy L1 mode then enrolment of users can be done only if Secure Admin station is equipped with a MorphoSmart MSO biometric sensor The data of the users enrolled in MA5G mode cannot be exported in L1 systems Screens Steps Figure 293 Adding user information 1 Enter User Identifier...

Page 316: ... is required to provide the biometric data of at least two different fingers Select first finger for biometric data capture 4 Select second finger for biometric data capture Figure 295 Biometric data capture 5 Place the finger on biometric Sensor If the finger is not placed properly or within the time limit an error message is displayed Refer to Finger Placement Recommendation section to know the ...

Page 317: ...ger Figure 296 Enter User PIN 10 Enter User PIN which should be of up to 15 digits numeric This PIN can be used by user when PIN based authentication mode is enabled The user will be required to enter PIN for authentication Figure 297 Assigning Access Schedule 11 Select an Access Schedule if the access is allowed within particular hours of the day By default the access schedule is selected as Sche...

Page 318: ...n the user expiry is considered as infinite b If any Expiry Date is set then the user record shall expire by the end of the set date 15 Configure Include in Authorized List as ON or OFF Only if the user is in Authorized list access will be granted By default this parameter is set as OFF NOTE The authorized list parameter will be effective only if the parameter Check User ID Authorized List is ON u...

Page 319: ... bypass is required to be enabled using specific user rule configuration b Set Contactless Card as ON if an administrator wants to allow user to request access by presenting card authentication c Set Keypad as ON if an administrator wants to allow user to request access by entering User ID using keypad The authentication is done by matching the User ID of the stored user in the database d Set Exte...

Page 320: ...ute such as BIO PIN or PIN 23 Press on Enroll User to Enroll the user with the details inputted Results A confirmation message is displayed showing User is enrolled successfully The user information is stored in the database Whenever user tries to access by providing fingerprint terminal will match the fingerprint with the records stored in the database and allow access on successful identificatio...

Page 321: ...e only if the biometric sensor is a MorphoSmart MSO terminal The data of the users enrolled in MA5G mode cannot be exported in L1 systems Screens Steps Figure 301 Select Card Data Format 1 Card Data Format allows an administrator to select the data that will be used for user authentication Below options are available a ID Template This format indicates that the user authentication is done by verif...

Page 322: ... captured and stored in the card The below steps are for ID Template format 3 Refer steps 1 to 26 of section User Enrolment in Database 4 A message to place card at terminal is displayed 5 Place Smart Card on the card reader You may have to place card for 1 to 10 seconds till the success message is displayed showing the user s data is stored in the card Results The user is enrolled successfully an...

Page 323: ...en enrolment of users can be done only if Secure Admin station is equipped with a MorphoSmart MSO biometric sensor The data of the users enrolled in MA5G mode cannot be exported in L1 systems Screens Steps Figure 302 Select Card Data Format 1 Card Data Format allows an administrator to select the user s data required for access rights check and then required to be written on user s card Please ref...

Page 324: ... not be copied or communicated to a third party without the prior authorization of Morpho 324 July 17 The user s data stored on card are not editable or viewable Recommendation In case of authentication failed due to bad biometric the user can be re enrolled In case of L1 mode the re enrolment can be done using Secure Admin station equipped with a MorphoSmart MSO biometric sensor only ...

Page 325: ...tion of the user stored on the Card but it is possible to erase and rewrite the user s card with new data Access Path Webserver User Management Users Screens Steps Figure 303 Selecting User ID 1 Select Search User by ID First Name or Last Name 2 Press on Search button to Search the users enrolled 3 Enter the User ID of the user account which is required to be edited 4 Press on Search button to get...

Page 326: ...First Name and Last Name of the user b Capture Fingerprints c Update User Pin d Configure Access Schedule e Set Observe Holiday Schedule f Set Door Open Timeout g Set Infinite Expiry Date h Configure Authorized list i Configure VIP User j Configure User Rules 2 To update a user field without capture fingerprint uncheck the Fingers Information box 3 Press on Enroll User to Save user information Res...

Page 327: ...User Delete All Users Delete a User Access Path Webserver User Management Users Screens Steps Figure 305 Deleting User 1 Get the list of Users enrolled in the terminal 2 Select the User ID that the administrator need to delete 3 Press on Delete button to delete the user 4 A confirmation message is displayed asking to confirm the action 5 Press on OK to confirm delete action Results The User ID is ...

Page 328: ...erty of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 328 July 17 Screens Steps Figure 306 Select Delete All Users action 1 Select Delete All Users to delete all the user in the database 2 A confirmation message is displayed asking to confirm the action 3 Press on OK to confirm delete all users action ...

Page 329: ...ily terminals allows user enrolment and authentication using contactless smart cards When a user is enrolled on smart card the User Identifier Fingerprint Template and PIN BIOPIN are stored in the card Terminal can check this information on card for authenticating a user Using Card Manager Menu an administrator can configure the contactless smart card parameters which are supported by MorphoAccess...

Page 330: ...or verification Using Renewal of User Card functionality an administrator can renew a contactless card that is expired with the same user data such as User ID fingerprint PIN and BIOPIN stored in it By renewing user card the expiry of the card is reset and card can be used for verification This feature is also useful when a user lose his card In that case it is recommended to add the lost card to ...

Page 331: ...pe 3 Select Card Only to Renew the Card 4 Now terminal open a new page to renew the card for the user 5 Select the card data format from available options as below a ID Template fingerprint b ID BIOPIN c ID Only d ID PIN Biometric e ID PIN BIOPIN f ID PIN 6 Enter the details required 7 Click on Card Renewal to renew the card 8 Terminal will ask to place the card on card reader Place card Results U...

Page 332: ...ing this functionality It means these cards can be used for authentication purpose only The data on the card cannot be changed Access Path Webserver Control Configuration Contactless Card General Parameters Read Profile Screens Steps Figure 309 Smartcard Read Profile Select Smartcard Read Profile 1 Set the following cards read profile as ON if an administrator require terminal to read them In case...

Page 333: ...and used for user authentication It is possible to update reset card s data Access Path Webserver Control Configuration Contactless Card General Parameters Encode Profile Screens Steps Figure 310 Smartcard Encode Profile Select Smartcard Encode Profile 1 Set the following smartcards encode profile as ON if an administrator require terminal to encode them a MIFARE Classic b DESFire 3DES c DESFire A...

Page 334: ...y default the 1st block to read is block 4 and total number of blocks is 31 NOTE 1 The value specified for the start block and number of blocks also applies to the administrator cards then ensure that administrator data is stored from the same block number as user data on user cards and on given number of blocks NOTE 2 In case of 1 K MIFARE an administrator can set start block no 4 to block 48 In ...

Page 335: ...35 July 17 Select Keyset for Reading MIFARE Cards The administrator can select a key set that is used by terminal for authentication and reading MIFARE cards using this functionality The below key set values can be configured Key A Key B Key A and Key B Access Path Webserver Control Configuration Contactless Card TLV contactless card configuration MIFARE Key Policy Screens Steps Figure 312 Key Pol...

Page 336: ... 1 Select Enroll User ID Format 2 Select User ID format used for enrolling users on card a No CSN this value indicates that contactless card serial number will not be used as User ID b Standard CSN If this option is selected the contactless card serial number is considered as User ID at the time of enrolment and authentication c Reverse CSN If this option is selected the contactless card serial nu...

Page 337: ...if DESFire OR any 7 BYTE CSN card Add 0 in beginning of CSN reverse the first 4 bytes and reverse the next 4 bytes reverse the whole 8 byte after above manipulation generate decimal from the manipulated HEX Else ICLASS CARD reverse the first 4 bytes and reverse the next 4 bytes reverse the whole 8 byte after above manipulation generate decimal from the manipulated HEX e HID card number if this opt...

Page 338: ...ration Screens Steps Figure 314 Configure Partial CSN for Enroll and Verify 1 Select Start Length for Enroll and Verify a Default value of Start and Length is 0 b Start can be configured in range 0 to 79 c Length can be configured in range 0 to 80 2 Press on Save button to save changes Note These keys are only used when the keys Enroll or Verify are set to Reverse CSN or Standard CSN Example CSN c...

Page 339: ... presented to the reader during authentication the application ID is read from the configured location from where the active File ID is fetched which further contains the user data Access Path Webserver Control Configuration Contactless Card TLV contactless card configuration DESFire AID And Webserver Control Configuration Contactless Card TLV contactless card configuration DESFire FID Screens Ste...

Page 340: ...read the data from 2APP iCLASS cards using this functionality When the iCLASS card is presented to the reader the application area 2 is read after the card is authenticated with the key 2 Access Path Webserver TLV contactless card configuration I Class Page Offset Pre requisites MorphoAccess SIGMA Family iCLASS terminal required to configure Offset for reading iCLASS card Screens Steps Figure 316 ...

Page 341: ...the iCLASS card is presented to the reader the application area 2 is read after the card is authenticated with the key 2 Depending on the template and size of data stored the number of pages shall be used in case the card is 16App iCLASS Access Path Webserver Control Configuration Contactless Card TLV contactless card configuration I Class Page Layout Pre requisites MorphoAccess SIGMA Family iCLAS...

Page 342: ... is erased using this functionality Terminal will also overwrite the current site key on the card with default Access Path Webserver User Management User Enrollment Pre requisites A smart card has user details stored Card is secured with the same key as on terminal Screens Steps Figure 318 Reset card Click on Reset Card 1 Terminal will ask to Place Card at card reader 2 Once an administrator place...

Page 343: ... Guide USB Scripts 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 343 July 17 Section 9 USB Scripts ...

Page 344: ...esponse functionality Using this feature user can change the configuration of those terminals which are not connected to the network Please refer to the MorphoBioToolbox User guide for more details Note User can use the same USB Scripts to configure one or more terminals In such cases user needs to ensure that the result of each USB Script execution will overwrite the previous result User can crea...

Page 345: ...ide Access Control 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 345 July 17 Section 10 Access Control ...

Page 346: ...Morpho 346 July 17 Access control presentation Typical architecture of an access control system Typical access control system architecture includes One MorphoAccess terminal per area for access control A user management or administration menu A Central Security Controller to take centralized decision in order to provide physical access commands open the door Figure 319 Typical access control syste...

Page 347: ... means that a record is created for each user containing a unique identifier and biometric data for two of his fingers 2 When a user requests the access to the area the terminal checks user s access rights using a biometric check 3 If the result of the check is successful access granted a message is sent to the Central Security Controller for additional access rights check 4 If the user is allowed...

Page 348: ...on the User Menu or by means of the User Management Menu of the Webserver This includes User enrolment and encoding Contactless cards containing user templates The local database can be exported ciphered to other MorphoAccess SIGMA Family terminals using a USB Mass Storage Device For MorphoAccess SIGMA Lite Series The management of internal biometric database can be done externally through the Web...

Page 349: ...the high level functions of the terminal This mode is described in detail in the Proxy Mode section Standalone mode Identification and or Authentication When in standalone mode the MorphoAccess SIGMA Family terminal supports mainly two types of access control processes These can be used separately or together The identification process starts when the user places his finger on the biometric sensor...

Page 350: ...nt and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 350 July 17 Access Control Process in Identification Mode Figure 320 Access Control Flow Diagram when Terminal is in Identification Mode ...

Page 351: ... Control 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 351 July 17 Access Control Process in Authentication Mode ...

Page 352: ...e identified as a VIP user terminal will not ask for any biometric data 3 Other checks such as if configured access schedule holiday schedule banned card authorized list expiry date trigger event check etc are done as per the authentication process Please refer to Step 5 in Access Control Flow Diagram in Authentication Mode 4 On successful authentication access is granted to a VIP user Note If the...

Page 353: ... MorphoAccess SIGMA Family terminal creates a record for each access request in an internal log file Each record contains the date and the time the user s identifier if available and the result of the local access control check This feature is described in the Access Request Result Log File section Integration in an Access Control System At the end of the access rights control the MorphoAccess SIG...

Page 354: ...rmation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 354 July 17 Access Granted Figure 322 Access Granted Diagram for MorphoAccess SIGMA Family Access Denied Figure 323 Access Denied diagram for MorphoAccess SIGMA Family ...

Page 355: ... by Identification 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 355 July 17 Section 11 Access Control by Identification ...

Page 356: ...e using the biometric sensor The access control by identification process is started when a finger is detected on the biometric sensor When the user requests the access his identity is unknown and it is the terminal that searches for his identity The terminal grants the access if a match is found the user is identified otherwise the access is denied the user remains unknown Result of the access co...

Page 357: ... For more details on supported licenses please refer to Terminal License Management section Compatibility with Access Control Systems When the identification mode is activated the MorphoAccess SIGMA Family terminal supports the optional features listed below internal relay activation when the access is granted as described in Internal Relay activation on Access Granted result section external acti...

Page 358: ...ometric database on the terminal If a match is found then the user is identified the terminal has its identifier and access is granted to the user Otherwise if no match found the user remains unknown the user s identifier is unavailable and the access is denied The result of the identification process is notified to the user by a specific signal as described in Terminal States section When the ide...

Page 359: ... by Authentication 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 359 July 17 Section 12 Access Control by Authentication ...

Page 360: ...ent In the whole document the word card refers to contactless smart card Authentication process Unlike the identification mode the User Identity must be known in order to execute the authentication process Authentication is an identity verification process the user provides his identity and the terminal checks it with the relevant process This mode doesn t compare the user s data to the data of se...

Page 361: ...uthenticated users user s identity confirmed The MorphoAccess SIGMA Family terminal allows the identification and authentication modes to begin concurrently as specified in Multifactor Access Control Mode section Contactless Smart Card The terminal ignores contactless cards encrypted with unknown Card terminal authentication keys The terminal shall not allow access if the user authentication key o...

Page 362: ...d 3003 3053 32k bit 4k Bytes 16k 2 16k 1 ISO 15693 14443B supported 3004 3054 32k bit 4k Bytes 16k 16 16k 1 ISO 15693 14443B supported iCLASS Card HID MODELS card description Standard for contactless communications Morpho readers PVC Techn ology Composite Technology MA SIGMA MA SIGMA Lite 2000 2100 2k bit 256 Bytes card ISO 15693 Not supported 2001 2101 16k bit 2k Bytes card with 2 application are...

Page 363: ...ble the Biometric control which is enabled by default The administrator can also define a user rule for a particular user In this rule the trigger event through biometric can be disabled while the trigger event through Card can be enabled For per user rule configuration refer to User Enrollment in Database section Bypass Biometric Check Rule set for terminal in L1 Legacy mode In L1 Legacy mode use...

Page 364: ...s to be bypassed Above workflow is achieved in L1 terminal by just disabling BIO check for users for whom BIO checks needs to be bypassed and for all other users keep user rule to default When the administrator has enabled the Bypass Biometric Check in a user profile terminal will behave as below The terminal doesn t require the user to place a finger on the biometric sensor The access is granted ...

Page 365: ... described in section Authentication process specified by User s card Result of access control check The result of the access control check is notified to the user by audible and visible signals as described in the Terminal User Interface Compatibility with Access Control Systems When the identification mode is activated the MorphoAccess SIGMA Family terminal supports the optional features listed ...

Page 366: ...re AES and 3DES cards The MorphoAccess SIGMA Family terminals are able to read both DESFire and DESFire EV1 smartcards The AES cipher is only supported on DESFire EV1 cards The 3DES cipher used on DESFire EV1 cards is the same as the one used on DESFire cards i e it is the backward compatibility mode not the new 3DES cipher Parameter Configuration The administrator can configure the following para...

Page 367: ... party without the prior authorization of Morpho 367 July 17 Compatibility with Authentication modes Using a binary value read on the card as user s identifier is allowed only with MIFARE smart cards and when the sc encode_profile configuration key is set to 0 zero All other values of this configuration keys requires TLV formatted data as described in the MorphoAccess terminals Contactless Card Sp...

Page 368: ... ID check section User s data required in the terminal Since the data on the card is used as a reference source the internal database of the MorphoAccess SIGMA Family terminal is not used This implies that the administrator need not encode any of the user information onto the terminal database at the time of enrolment User s data required on the user s card The administrator must encode the follow...

Page 369: ...igure 326 Authentication with user s fingerprints on contactless card The terminal compares the biometric data of the finger placed on the sensor with the reference biometric data of the two reference fingers read on user s card The authentication process is successful identity confirmed if the captured finger data matches with one of the two reference finger data The authentication process fails ...

Page 370: ...e administrator needs to carefully encode the User ID PIN Code and biometric data of two fingerprints at the enrolment time This authentication mode doesn t use the internal database of the terminal as a source of reference If required the biometric check can be disabled as described in the No biometric check no User ID check section Note This section is applicable for MorphoAccess SIGMA and SIGMA...

Page 371: ...tion of Morpho 371 July 17 Activation key The administrator must select a card type that can accommodate at least User ID PIN or User ID Biometric PIN This needs to be done at user enrolment time The administrator needs to configure the User Record Reference parameter appropriately such that it indicates using a contactless smart card for authentication This can be done via Terminal Menu or Webser...

Page 372: ... his finger on the biometric sensor for biometric authentication provided PIN Code is verified and biometric check is enabled The terminal compares the biometric data of the finger placed on the sensor with the reference biometric data on the user s card The authentication process is successful identity confirmed if the PIN is verified and the captured finger data matches with one of the two refer...

Page 373: ...s is granted This authentication mode does not use the database of the terminal The administrator can enable this feature in order to support two kind of users in the same access control system i e normal user with fingerprints biometric check and special user without fingerprints but with a BIOPIN BIOPIN checking instead of fingerprint matching User s data required in the terminal The administrat...

Page 374: ...hen the user presents his contactless card instead of placing his fingers on the biometric sensor of the terminal The card is placed near the antenna of the contactless card reader If it is compatible same authentication keys and mandatory data present on card the user is asked to enter Biometric PIN BIOPIN using keypad instead of requesting the user to place his finger on the biometric sensor Fig...

Page 375: ...match found the access is denied User s data required in the terminal Since this mode uses the terminal s internal database for reference the administrator must encode the following user information at the time of enrolment Same User ID on the terminal as on the card The biometric data of two user s fingers If the user s identifier read on the user s card is not found in the database then the acce...

Page 376: ...abase then the user will be asked to place his finger on the biometric sensor for biometric authentication Figure 329 Authentication with biometric check reference in database The terminal then compares the biometric data of the finger on the sensor with the reference biometric data found in the terminal database The authentication process is successful identity confirmed if the captured finger da...

Page 377: ...ntifier is found on the terminal s internal database then the user will be requested to place his finger on the biometric sensor for biometric authentication The terminal then compares the biometric data of the finger on the sensor with the reference biometric data found in the terminal database The authentication process is successful identity confirmed if the captured finger data matches with on...

Page 378: ... authentication is successful the terminal triggers the access or returns the User ID to the Central Access Controller Once the user authentication is done terminal automatically loops back and waits for a new input ID If the identifier sent by the reader is not present in the local database authentication is not launched Activation key The activation of this mode is controlled by following parame...

Page 379: ...egand Port default Set 2 to send data only when verification is initiated from Wiegand source wiegand external_port_output_type 0 or 1 Storing current external port output type as Set 0 for Wiegand format output Set 1 for Clock Data format output References Wiegand Parameters are configurable from Webserver refer to Wiegand Parameter Settings in this guide You can also refer MorphoAccess 5G Series...

Page 380: ... where the first bit is Bit 0 Total ID Bits the number of bits in the ID Field must be contiguous bits Using these parameters when a card is presented to the terminal it attempts to decode the ID Field and uses that information as the User Identifier User ID of a template All Site codes Parity and any other data are ignored Using the decoded ID the terminal will verify corresponding User IDs store...

Page 381: ...tracted from a Wiegand input frame and Prox card This site code will be used as output site code in the Wiegand frame corresponding to the wiegand event_verify_fail and wiegand event_verify_pass formats For more details please refer to Site code Propagation section on MA SIGMA Application note Wiegand formats Wiegand frame example 26 bits For Standard 26 bit 26 9 16 1 8 10 P1 0 Even 1 12 P2 25 Odd...

Page 382: ...r s presence and the same card can be used for different visitors The internal database of the terminal is not used The MorphoAccess SIGMA Family terminal acts as a simple contactless card reader that only looks for the User ID The access is granted provided the user s card is encrypted with the authentication keys stored in the terminal and the terminal is able to read the User ID Otherwise the c...

Page 383: ...check are required for a given user it is best to provide him with a Visitor card For more details please refer to Encode Visitor Card User Interface The authentication process starts when the user presents his contactless card to terminal As shown below To provide his identity the user presents his personal identity card that contains the User ID This action starts the authentication process Figu...

Page 384: ... allowed access User s data required in the terminal The administrator must ensure that the following user data is loaded into the terminal database at the time of user enrolment the same identifier as the one on the user s card the reference biometric data of two fingers of the user not used but required If there is no record in the terminal database that corresponds to the User ID access will be...

Page 385: ...select Card Type at the time of User Enrolment such that it can accommodate User ID The administrator needs to correctly configure the User Record Reference parameter by using Terminal Menu or Webserver The value should be such that authentication mode is chosen via terminal database Following parameter is required to be configured Parameter Name Parameter Value Description ucc user_record _refere...

Page 386: ...nna of the contactless smartcard reader is located Figure 332 Authentication without biometric control and with the user login The User ID is read on the user s card and searched in the local database The authentication process succeeds if the User ID is found in the local database Otherwise the authentication process fails The result of the authentication process is notified to the user by an aud...

Page 387: ...cked A user s card which disables the biometric control is useful when the biometric data capture is not required in case of a short term visitor or impossible from physical or legal aspects Such cards can be encoded without user s presence and the same card can be used for different visitors The internal database of the terminal is not utilized in such case Note PIN check is applicable to MorphoA...

Page 388: ...arameter as trigger event by using Terminal Menu or Webserver Please refer to User Enrolment in Database Step 37 If PIN code check and biometric check are not required for the user then providing a Visitor Card is the best option For more details please refer to Encode Visitor Card User Interface Start The authentication process starts when the user presents his contactless card at card reader of ...

Page 389: ...process is positive identity confirmed if the user s identifier is found on the user s card The terminal doesn t require the user to place a finger on the biometric sensor and doesn t perform any biometric check The process executed in identical to the one described in No biometric check no User ID check PIN check mandatory Biometric check mandatory If the administrator enables this mode on User I...

Page 390: ...data on TLV card sc_tlv_desfire fid 0 to 31 0x00 to 0x1F 0x00 Default Sets DESFire file ID to read data on TLV card sc_tlv_iclass book_ number 0 1 0 Default Sets iCLASS card book number for 16APP for TLV card sc_tlv_iclass page_l ayout 1 5 1 Default Sets iCLASS card page layout for 16APP for TLV card sc_tlv_iclass page_ offset 19 255 19 Default Sets iCLASS card Page offset for 2APP for TLV card sc...

Page 391: ...erein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 391 July 17 The administrator can refer to the document MorphoAccess terminals Contactless Card Specification This is a dedicated document that describes the logical structure of the contactless smartcard ...

Page 392: ...er from a Wiegand frame written on the user s card A sample is described in Example 32 bits user s identifier within a 37 bits Wiegand frame section No TLV structure is required on user s card the MorphoAccess SIGMA Family terminal is able to proceed with user s cards written by other systems Card type compatibility This feature can only be used when the MIFARE card only mode is set User ID in bin...

Page 393: ...start of the block of 1st byte and 1st bit of data 15 bytes maximum i e 15 0 sc_binary_read data_type_direction Byte read acquisition method 0 1 binary data MSB first 0 0 binary data LSB first Example MIFARE card Serial Number In this sample the terminal read the first four bytes in MSB direction of the first sector of the MIFARE card which contains the serial number of the card If bytes to read a...

Page 394: ...s User ID The 32 bits identifier begins at bit four It is located after the start bit bit0 and the site code bit1 2 3 and is followed by the end of frame bit Acquisition of a 32 bits user s identifier inside a 37 bits Wiegand frame sc_binary_read data_format 1 Binary format sc_binary_read data_type_direction 0 1 Binary identifier MSB format sc_binary_read data_length_num_bytes 4 0 Size 4 bytes sc_...

Page 395: ...ccess Control Mode 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 395 July 17 Section 13 Multifactor Access Control Mode ...

Page 396: ...following the identification process if the user places his finger on the biometric sensor first Or the authentication process if the user shows his card first Figure 335 Multi factor mode identification or authentication In case the User database is empty the identification mode with finger is automatically disabled but the authentication mode is still available by showing the card User s data re...

Page 397: ...ocument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 397 July 17 Activation keys The administrator needs to enable the Trigger event through Biometric Contactless Card Keypad and External Database ...

Page 398: ... Terminal Security 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 398 July 17 Section 14 Tamper Settings for Terminal Security ...

Page 399: ...ithout the prior authorization of Morpho 399 July 17 Tamper Setting for Terminal Security The MorphoAccess SIGMA Family terminal can detect two intrusion attempt types Someone tries to steal the complete terminal Someone tries to open the terminal Besides Webserver these configurations are possible via MorphoBioToolbox and distant commands also For more information please refer to Anti Tamper Swit...

Page 400: ... Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 400 July 17 Section 15 Wiegand Configurations ...

Page 401: ...ormats Using Webserver an administrator can configure the desired Wiegand format for both input and output Standard 26 bits is the default format Besides Webserver these configurations are possible via distant commands also Format Type Site Code Range Template ID Number Range Extended ID Number Range Standard 26 bit default Standard 0 255 1 65535 N A Apollo 44 bit Standard 0 16383 1 65535 N A Nort...

Page 402: ...ugh Webserver 1 Configure below Wiegand Input parameters for action triggered through Wiegand to terminal a Select Prox Port Input Format from available format list as mentioned under Wiegand Format and Associated Values b Select External Port Input Format from available format list as mentioned Wiegand Format and Associated Values c Select External Port Input Type as Wiegand Mode or Clock Data mo...

Page 403: ...oned under Wiegand Format and Associated Values b Select Verification Fail format from available format list as mentioned under Wiegand Format and Associated Values c Select Identification Pass format from available format list as mentioned under Wiegand Format and Associated Values d Select Identification Fail format from available format list as mentioned under Wiegand Format and Associated Valu...

Page 404: ...vent Verification pass configuration Please refer to Wiegand Propagation section in MA SIGMA Application note Wiegand formats for more information Kindly follow the notes mentioned below 1 It is mandatory to define custom format slot 0 to enable Wiegand Last Format Input 2 If trigger source for authentication is keyboard or distant command the Wiegand last format output will considered as per cust...

Page 405: ...vel Configurations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 405 July 17 Section 16 Threat Level Configurations ...

Page 406: ...Biometrics and the TTL input for GPI0 is triggered a successful verification requires presenting a smart card and a finger to the terminal If TTL is not active both lines are 0 the verification follows command based inputs Besides Webserver these configurations are possible via MorphoBioToolbox and distant commands also Threat Level Configuration through Webserver Access Path Webserver Terminal Se...

Page 407: ... threat level corresponding to GPI line 1 and GPI line 0 3 Click on Save Figure 338 Configuring Command Based Threat Level 4 Select Threat Level Mode as Command based If Threat Level is set to Command Based the active threat level from the drop down box has to be set With Command Based threat level the terminal does not refer to TTL lines inputs 5 Command based threat level can also be modified us...

Page 408: ...e 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 408 July 17 Section 17 Time and Attendance Configuration ...

Page 409: ... bitmap file Along with biometric presentation user is also required to select applicable function key F Key Suppose user is entering office in the morning then F key displaying IN must be pressed Similarly on every exit and entry the appropriate option must be selected T A action inputs are logged by the terminal This information is used to track the attendance of an employee analyze employee pro...

Page 410: ...s disabled If an administrator selects parameter value as 1 the T A mode is enabled When T A is enabled it will show 2 F keys for MorphoAccess SIGMA Lite Series and 4 F keys for MorphoAccess SIGMA and SIGMA Extreme Series if Normal Mode is activated Time and Attendance Mandatory Normal Mode Selection time_and_attendance tna_mandatory_ mode If an administrator selects parameter value as 0 the manda...

Page 411: ...When T A data is required from the user the terminal displays the Time and Attendance screen below Figure 339 Two Function Key Mode for MALite In the above sample screen the IN function is associated to key OUT function is associated to key A user can select any of the Function Keys to input required T A action T A Mode in MorphoAccess SIGMA SIGMA Extreme Series Normal Mode In normal mode there ar...

Page 412: ...key OUT function is associated to F2 key IN Duty is to F3 and OUT Duty is to F4 A user can select any of the Function Key to input required T A action Instead of texts icons can be selected to be displayed to the user Parameter Configuration Time and Attendance Text Icon Mode Selection time_and_attendance message_tex t_mode Parameter to choose whether 4 actions mode uses texts or icons In text mod...

Page 413: ...o the user When T A data is required from the user the terminal displays the Time and Attendance screen below Figure 341 Time and Attendance Screen in Extended Mode 1x16 Figure 342 Time and Attendance Screen in Extended Mode 2x8 In the above sample screen IN1 function is associated to F1 key OUT1 function is associated to F2 key IN Duty1 is to associated to F3 OUT Duty1 is to associated to F4 In c...

Page 414: ...peration IN OUT back button can be used at any moment during wait for a finger or a card to abort the verification In this case nothing is logged or sent to the controller After 20 seconds of inactivity on identification mode no finger detected on the sensor the terminal switches back to the selection screen In this case the operation result is logged and or sent to the controller result timeout P...

Page 415: ...e sensor or present his card Instead of access rights check terminal will first prompt user to enter a T A action Once function key is selected user access rights check will begin and terminal will display access result T A after User Control without selecting F Key In this scenario user will place his finger on the sensor or present his card Terminal will first authenticate the user On access gra...

Page 416: ...fine the duration for which access result is displayed on the LCD screen of the terminal Key Select Timeout an administrator can define a duration for which F key selection option will be displayed If user does not input the key then access is denied in case T A is mandatory Valid range of timeout is 1 to 60 seconds Active Key Timeout within this duration the key should be pressed if operation fai...

Page 417: ...mode only 2 4 functional keys are required to be configured Enter Display Text In this section an administrator can customize the text associated with the Functional Keys The text length should be 1 to 20 characters only By default below text is displayed which is editable applicable to MorphoAccess SIGMA and SIGMA Extreme Series a F1 IN b F2 OUT c F3 IN DUTY d F4 OUT DUTY Click on Extended T A Mo...

Page 418: ...cument and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 418 July 17 T A Mandatory Mode Work Flow Diagram Figure 344 Time and Attendance in Mandatory Mode Workflow Diagram ...

Page 419: ...nt and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 419 July 17 T A Non Mandatory Mode Work Flow Diagram Figure 345 Time and Attendance in Non Mandatory Mode Workflow Diagram ...

Page 420: ...r Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 420 July 17 Section 18 Configuring Schedules ...

Page 421: ...ned as access denied at whichever time the access is requested By default Schedule no 63 is defined as FULL access time slot On user enrolment Access Schedule 63 is assigned by default Schedule no 59 to Schedule no 62 is reserved for internal use and cannot be assigned to any user On user enrolment administrator can select the required access schedule and associate it with the user details E g Acc...

Page 422: ...ation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 422 July 17 Adding a New Access Schedule through Webserver Access Path Webserver Schedules Access Schedules Screens Steps Figure 346 Adding Access Schedule ...

Page 423: ...ed on the days when N A is selected 5 Click on Apply NOTE In MA5G mode two time slots per day can be defined with one interval in between If terminal is in L1 Legacy mode then Access Schedule can be configured from Secure Admin Where an administrator can also define Schedule Tolerance duration that allows user access early late than the scheduled access time Moreover in L1 Legacy mode an administr...

Page 424: ...424 July 17 Editing Access Schedule through Webserver Figure 347 Editing Access Schedule 1 Select an access schedule from the list 2 Click on Edit the Selected Schedule tab NOTE The default access schedules cannot be modified 3 An administrator can edit Access Schedule Name and Time Slots 4 Once required information is updated click on Apply 5 The Access Schedule is updated and then click on Save ...

Page 425: ... defined for the public holidays of entire Year When user tries to access terminal will authenticate user and on successful authentication terminal will check if Holiday Schedule is to be considered Even if the user is authenticated the access is denied on the holiday if the user observes holiday Besides Webserver these configurations are possible via MorphoBioToolbox and distant commands also Mor...

Page 426: ...is YYYY MM DD One schedule allows to specify several consecutive days 3 Select Start Time and End Time applicable on selected dates By default the date format is HH MM ss During this time slab access is not granted NOTE If terminal is in L1 Legacy mode then Holiday schedule is defined using Secure Admin The Time slot with maximum interval can be set 4 Click on Apply Results A Holiday Schedule is c...

Page 427: ...ny access rights check That is users can access without biometric authentication In a real life scenario this feature can be implemented during lunch hours when all employees need to go out or come in for a lunch break Hence the door open schedule can be configured if no biometric check is required during specific interval Besides Webserver these configurations are possible via MorphoBioToolbox an...

Page 428: ... communicated to a third party without the prior authorization of Morpho 428 July 17 Results As per the Door Open Schedule terminal will send signal to door control panel to open the door at a start time of the schedule The door is opened or unlocked till the end time of the schedule On end time terminal will send signal to door panel to close or lock the door ...

Page 429: ...or Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 429 July 17 Section 19 Controller Feedback ...

Page 430: ...these configurations are possible via distant commands also Access Path Webserver Control Configuration Controller Feedback Screens Steps Figure 350 Controller Feedback Settings from Webserver 1 Select Remote Message Feedback Interface as a Disable If an administrator do not require to expect Controller Feedback then an administrator can set interface as Disabled b Feedback over IP Select Feedback...

Page 431: ...ge i e Granted Denied and PIN can have different pulse width and pulse interval An administrator can define the same as below a High If an administrator select High then Pulse Width and Pulse Interval of the feedback message will be as per system default value for high pulse b Low If an administrator select Low then Pulse Width and Pulse Interval of the feedback message will be as per system defau...

Page 432: ...der Timeout as Reject This function is valid for Access Denied feedback only If it is enabled then on timeout the LCD text specified for Access Rejected will be displayed on terminal LCD If Consider timeout as Reject is unchecked Timeout message will be displayed on LCD 7 Enter Keypad Timeout for user to enter the PIN This is used when Panel Mode selected as Accept Reject PIN and controller feedba...

Page 433: ...ies Administrator Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 433 July 17 ...

Page 434: ...P Protocol Support 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 434 July 17 Section 20 OSDP Protocol Support ...

Page 435: ...ng of one or more Peripheral Devices PD to a Control Panel CP The communication between CP and PD is in the form of interrogation reply mode Communication can only be initiated by CP through OSDP commands CP can communicate to the PD s in unicast mode or in a broadcast mode the CP needs to use the address 0x7F for broadcasting to all PD s The PD responds to the OSDP commands via OSDP responses NOT...

Page 436: ...al Status Report Request osdp_LSTAT 5 Reader Status Report Request osdp_RSTAT 6 Reader LED Control Command osdp_LED 7 Reader Buzzer Control Command osdp_BUZ 8 Reader Text Output Command osdp_TEXT 9 Communication Configuration Command osdp_COMSET 10 Scan and Match Biometric Template osdp_BIOMATCH The following are the OSDP responses supported by MorphoAccess SIGMA Family terminals 1 General Acknowl...

Page 437: ...rt Request of a command Syntax osdp_TEXT Reader Number Text Command Temp Text time Row Column Text Length String Example osdp_TEXT 0 2 0 1 1 64 HELLO WELCOME TO SAFRAN 2 PD CP Response to a command osdp_ACK in case of Success else osdp_NACK for failure Example osdp_ACK 3 CP PD Start Request of a command Syntax osdp_LED Reader number LED Number Temp Control Code On time Off time On colour Off colou...

Page 438: ...ader Number Text Command Temp Text time Row Column Text Length String Example osdp_TEXT 0 2 0 1 1 64 HELLO WELCOME TO SAFRAN 2 PD CP Response to a command osdp_ACK in case of Success else osdp_NACK for failure Example osdp_ACK 3 CP PD Start Request of a command Syntax osdp_LED Reader number LED Number Temp Control Code On time Off time On colour Off colour Timer LSB Timer MSB Perm Control code On ...

Page 439: ...cess SIGMA Lite Sequence Tx Rx Command Response Syntax with Example 1 CP PD Start Request of a command Syntax osdp_LED Reader number LED Number Temp Control Code On time Off time On colour Off colour Timer LSB Timer MSB Perm Control code On time Off time On colour Off colour Example osdp_LED 0 0 0 0 0 0 0 0 1 10 0 2 0 Note Timer value is applicable is only for Temporary LED operation 2 PD CP Respo...

Page 440: ... terminal puts the user s Id into the polling queue in the form of wiegand format The wiegand format is defined by the terminal s Wiegand configuration for Identification Pass Fail and Verification Pass Fail parameters 2 osdp_KEYPAD Terminal responds with this command when itcompletes the authentication process by keypad 3 osdp_LSTAT Terminal responds with this command when it detects tamper statu...

Page 441: ...uide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 441 July 17 Section 21 User Control Configurations ...

Page 442: ...list of parameters which terminal should check for authenticating and granting access to the user An administrator can enable or disable these parameters Besides Webserver these configurations are possible via MorphoBioToolbox and distantcommands also User Control Configurations through Webserver Access Path Webserver Control Configuration User Control Screens Steps Figure 353 User Control Configu...

Page 443: ...atabase if references from smartcard are not present E g for smartcard triggered authentication if BIO check is enabled and BIO data is not found on smartcard and if this parameter is enabled terminal will use biometric data corresponding to the user stored in the terminal database to perform BIO check The user with the same User ID needs to be available on both the contactless card and the termin...

Page 444: ...r 0 no additional users required or 1 one additional user required When this feature is activated the terminal evaluates the access rights with the data of two different users instead of the data of only one user It means that when access right is based on biometric data check the terminal requires the fingerprint of two different users to grant the access Transaction logs will contain one line fo...

Page 445: ...per_user_rules parameter shall also be enabled which allows only users with defined user rule from DB or CARD that allows BIO substitution Possible values are Disabled Use Bio PIN or Use PIN a If set to Disabled then BIO check substitution is not allowed b If set to Use Bio PIN then BIO check is substituted by BIOPIN check BIOPIN data is only stored on smartcard If substitution by BIOPIN is allowe...

Page 446: ...r Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 446 July 17 Section 22 Event Configurations ...

Page 447: ...ored in MorphoAccess SIGMA Family terminal are listed in Event screen of Webserver An administrator can enable or disable the monitoring and reporting events that can be triggered on terminal An administrator can also configure which events are to be sent to access controller GPO TTL lines and its data clock id Besides Webserver these configurations are possible via distant commands also Event Con...

Page 448: ...ation of Morpho 448 July 17 Figure 354 Events Monitoring Configuration 1 Enable the monitoring of Events by selecting the checkboxes corresponding the event 2 An administrator can also select the events which are required to be Reported to Controller 3 Select the GPO lines using which events are passed to controller 4 Enter Clock Data ID corresponding to event that is passed to controller through ...

Page 449: ...ace Configurations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 449 July 17 Section 23 MMI Man Machine Interface Configurations ...

Page 450: ...ox and distant commands also MMI Features Function name SIGMA Series SIGMA Lite Series Enable AZERTY Keyboard Administration If this parameter is enabled the information menu on the terminal shall be displayed Audio for successful Verification Audio for Message Attention Display Reason for Access Denied Display Name on Access Granted Brightness Range of this parameter is 5 100 Idle Screen Timeout ...

Page 451: ...y must not be copied or communicated to a third party without the prior authorization of Morpho 451 July 17 Audio for Tamper Display User ID on Access Granted Display Time Stamp on Access Granted Log in Option Idle Video Timeout Audio Volume Terminal Language Video Phone Dynamic Message MMI Configurations through Webserver Access Path Webserver MMI Man Machine Interface Screens ...

Page 452: ...trator Guide 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 452 July 17 Section 24 Proxy Mode ...

Page 453: ...performs access control remotely while the MorphoAccess SIGMA Family terminal works as a slave waiting for external commands These commands are enlisted as follows user identification user verification relay activation read data on a contactless smart card Biometric database management terminal configuration changes read an entry from the keyboard display a message read a contactless smart card Th...

Page 454: ...system there is no local signal biometric sensor backlight off status light off But when a command is in progress the terminal emits the signals related to the function This implies that when the Identify command is in progress the terminal state is same as in the standalone Identification mode when the terminal receives the access granted command from the distant system it emits the access grante...

Page 455: ...ted the administrator can deactivate the proxy mode While in proxy mode none of the actions can be performed using the terminal LCD touch screen The snapshot below describes a typical exchange between the terminal and the distant system for a basic access control by identification One would see that the distant system is the master while the terminal is the slave Figure 355 PROXY sample with a rem...

Page 456: ...Guide Polling Mode 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 456 July 17 Section 25 Polling Mode ...

Page 457: ... the ucc allow_fallback_rule and the user ref_check rule If ucc per_user_rules If set to Auto with trigger as smartcard then user rule from smartcard will be used and NOT from one provided by distant command If ucc per_user_rules If set to Terminal then user rule provided by distant command will be used If ucc per_user_rules If set to Disabled then user rule check is disabled Process Polling using...

Page 458: ...on of Morpho 458 July 17 Polling mode activation The administrator can activate the Polling mode through Webserver Complete Configuration This is done by setting the parameter ucc enable_external_database to 1 Please refer to MorphoAccess SIGMA and SIGMA Lite Series Parameters User Guide to know as to how to set this parameter NOTE When terminal is in L1 legacy mode then polling mode can be config...

Page 459: ...e Messages Sending 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 459 July 17 Section 26 Messages Sending ...

Page 460: ...e MorphoAccess SIGMA Family terminal to generate and send messages to another physical entity upon the occurrence of specific events during the access control process The events that lead to generation and sending of messages sending are as follows Result of access rights check after access request by a user Internal log file full Tamper detected Time and Attendance actions Duress Finger detected ...

Page 461: ... party without the prior authorization of Morpho 461 July 17 Events The MorphoAccess SIGMA Family terminal allows the administrator to select one or more events on which messages can be sent to the external controller An administrator can enable or disable events using Webserver or distant command Please refer to Event Configuration in this document to learn more on various events that can be sele...

Page 462: ...rface For each interface available the following parameters are customizable Communication layer Protocol used Parameters depending on the layer and the protocol used TCP protocol is available on the IP layer Following are the parameters that can be configured for host 1 in order to communicate via TCP protocol TCP parameters remote_msg_ip_conf host_1_ip The IP address of the distant system remote...

Page 463: ...ess Control System 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 463 July 17 Section 27 Compatibility with an Access Control System ...

Page 464: ...f the access rights check is successful the internal relay may be optionally activated for example to directly trigger a door switch The duration of the activation of the internal relay can be modified by a specific configuration key Access control installation using internal relay offers a lower security level than an installation with a central access controller In case of a centralized access t...

Page 465: ..._dur Parameter name Value Description gpio sdac_relay_default_state 0 or 1 The administrator can set a default state of the internal relay by using this parameter The internal relay can be either powered or unpowered Select 0 for Low This is the default value of this parameter and it indicates that by default the internal relay will be unpowered On access being granted the internal relay state wil...

Page 466: ... communicated to a third party without the prior authorization of Morpho 466 July 17 Select 2 to enable SDAC mode Configuration key Parameter name Value Description gpio sdac_door_unlock_dur 2 60 sec 10 Default The administrator can configure this parameter to set the duration for which SDAC door should be opened after access is granted This parameter can be set only when gpio func_mode is set as ...

Page 467: ...ND wires When this function has been enabled the internal relay is activated in two cases when the terminal authorizes the access after access rights check and when a contact is closed between the LED1 and GND terminals A typical application of this feature is to open the door from inside an area protected by a MorphoAccess SIGMA Family terminal as depicted in the figure below To enter in the prot...

Page 468: ...ameter value 1 means Push Button Push button exit mode is selected when a push button is located at exit gate and users are allowed to push the exit button to open the exit door Configuration key Parameter name Value Description gpio sdac_rte_egress_timeout 1 to 300 Seconds 25 Default The administrator can define an egress timeout by using this parameter The egress timeout is defined as the durati...

Page 469: ...e user not recognized or access requested outside the authorized time slot for an instance and other data used for statistical reasons The format of a log record is described in the MorphoAccess 5G Series Host System Interface Specifications document Log File management Three commands are available for log file management a command which returns the current status of the log feature enabled disabl...

Page 470: ...or can enable or disable the creation of a record for each access request by using only one configuration key Parameter name Value Description transaction_log logging 0 1 or 2 2 Default The administrator can configure this parameter to select the type of transaction logging that is carried by the terminal Set parameter value 0 to disable transaction logging Set parameter value 1 to enable access c...

Page 471: ... access control result This message can be used for different actions depending on the role of the receiver in the access control system simple logging of access requests no response expected or performing additional checks on access rights expected response access authorized or denied Figure 358 Sending access control result message to a distant system Ports and protocols The MorphoAccess SIGMA F...

Page 472: ...ocol The Wiegand frame includes only the User Identifier which must be a numeric value By default the message is sent only when the local access control result is positive access authorized But this message can also be sent when the result is negative access denied In this case the User Identifier is replaced by an error code indicating the reason for access denial The activation and format of the...

Page 473: ...ata RS422 RS485 protocol The administrator can configure to send the access control result message via RS422 RS485 protocol for MorphoAccess SIGMA Family terminal RS422 is not supported by MorphoAccess SIGMA Family terminals The message is sent irrespective of the access control result It contains more information than the Wiegand and the Clock Data frames date and time user Identifier if availabl...

Page 474: ...ype that will be used for communicating with remote controller host 1 by using this parameter Set to 0 for using TCP protocol for communication Set to 1 for using UDP protocol for communication Set to 2 for using TLS SSL over TCP for communication For details on configuration of other parameters that help in managing the process of sending remote message to access controller please refer to Morpho...

Page 475: ...ein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 475 July 17 Note about Terminal Clock Deviation The message sent through IP and RS422 or RS485 protocols includes the date time of access control result Please refer to Date Time synchronization section for more details ...

Page 476: ...nal User Interface 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 476 July 17 Section 28 Terminal User Interface ...

Page 477: ...o Man Machine Interface Audible signal The administrator can tune the volume of the audible signal by tweaking the following configuration key The terminal can be configured to emit an audio signal in the event of access being granted or denied or the terminal being tampered for an instance Parameter name Value Description audio volume 0 to 100 The administrator can set global audio volume that wi...

Page 478: ...ess After reading a user s card the terminal emits this signal while waiting for a finger or when the acquisition of the biometric data of the finger placed on the sensor is in process Do not remove the finger while this signal is emitted Identification Finger detected Acquisition of biometric data of the finger is in process After detection of a finger on the biometric sensor the terminal emits t...

Page 479: ...f the biometric database modification of a configuration key management of the log file etc In this state the terminal ignores all access requests by users Terminal in Low Consumption Mode When terminal is in idle mode a video is played till the configured video play duration Once Video play duration has elapsed terminal stops playing video and shifts to Low Consumption Mode indicated by LED blink...

Page 480: ...ptionally emitted when the terminal has detected opening of the terminal except lateral USB port cover or separation from the wall support Access Emergency This signal is optionally emitted when the terminal has detected opening of the door forcefully of door not closed properly Time Override Mode This signal is emitted when the Time Override is enabled The buzzer beeps only during the beginning o...

Page 481: ...sensor and is awaiting completion of the acquisition process notified by the Acquisition complete event Current positioning Acquisition complete but not enrolment sequence The current acquisition is complete and the user may remove their finger from the terminal Current capture complete Remove finger from terminal to proceed with next finger The current capture is complete and the user is invited ...

Page 482: ...orization of Morpho 482 July 17 The enrolment sequence has completed successfully Depending on how long the biometric data registration process has taken the terminal may emit the signal Enrolment complete Registration of biometric data in process Enrolment Error The enrolment sequence has not completed successfully Depending on how long the biometric data registration process has taken the termin...

Page 483: ...entation of a card waiting for a finger or biometric data acquisition of the finger is in progress Fixed Red Identification Finger detected Acquisition of biometric data of the finger is in process Fixed Red Identification or Authentication database blank or absent OFF Proxy mode waiting for distant system command OFF Incorrect finger position OFF Biometric Sensor start up error OFF Maintenance te...

Page 484: ...ting for a finger Fixed Red Acquisition in process Fixed Red Current positioning Acquisition complete but not enrolment sequence Fixed Red High 0 5 Sec Beep Current capture complete Remove finger from terminal to proceed with next finger Fixed Red Current finger Acquisition complete but not enrolment sequence Fixed Red Enrolment complete Fixed Red For MALite Series Action LED Buzzer Red Green Blue...

Page 485: ...ithout the prior authorization of Morpho 485 July 17 Action LED Buzzer Red Green Blue Yellow Purple Cyan USB Key Detected USB Script In Progress Blink USB Script Successful USB Script Error Change Key OK Change Key Not OK Alarm 15 times Blink Access Emergency TOM Access Granted Access Denied Access Timeout Place Finger Blink Change Finger End of Acquisition Enrolment Complete Enrolment Failed Miss...

Page 486: ...tware Applications 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 486 July 17 Section 29 Compatibility Accessories Software Licenses and Software Applications ...

Page 487: ...Over Ethernet module enabling POE capabilities on the terminal Contactless smartcards MIFARE 4K DESFire 2K 4K or 8K HID iCLASS Prox MA WI FI PACK containing a Wi Fi USB dongle and a Wi Fi license to activate Wi Fi capability on an administrator terminal MA 3G PACK Applies only to MorphoAccess SIGMA Series containing a 3G USB dongle and a 3G license to activate 3G network communication on an admini...

Page 488: ...he low level protocol using thrift commands for more information please refer to Host System Interface Guide Morpho Integrator s Kit MIK software development kit version 6 or later Using Legacy Morpho mode MorphoAccess SIGMA Family is also compatible with MEMS MIK 5 or later With the following limitations Refer to MorphoAccess 5G Series Morpho Legacy Mode Limitations document Using Legacy L1 mode ...

Page 489: ...de Recommendations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 489 July 17 Section 30 Recommendations ...

Page 490: ...inal with its original accessories Attempts to use unapproved accessories with an administrator terminal will void an administrator warranty Due to electrostatic discharge and depending on the environment synthetic carpeting should be avoided in areas where the MorphoAccess SIGMA Family terminal has been installed Areas containing combustibles It is strongly recommended that you do not install you...

Page 491: ...t be taken while connecting Ethernet wire to the MorphoAccess SIGMA Family terminal block board since low quality connection may strongly impact Ethernet signal sensibility It is recommended to connect Rx and Rx with the same twisted pair wire and to do the same with Tx Tx and the other twisted pair wire Date Time synchronization The terminal clock typically has a 4 sec time deviation per day at 2...

Page 492: ...o 492 July 17 Recommended Conditions for Face Detection User Face Position The user should face toward the terminal while identification authentication The user should stand at the distance where terminal can recognize face not too far or too close The user should not wear glasses Lighting Condition The user shall not be against the light The background of the user shall be as neutral as possible ...

Page 493: ...mmendations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 493 July 17 Annex 1 Finger Placement Recommendation ...

Page 494: ...Data The terminal is designed to capture the area containing the most useful biometric data In fingerprints this is usually at the center of the first phalanx This is illustrated in the figure below Figure 359 Most Relevant Biometric Data in a Fingerprint The sensor is designed so that when the fingertip is in contact with the rounded hollow guide the central zone of the first phalanx is aligned w...

Page 495: ... not be copied or communicated to a third party without the prior authorization of Morpho 495 July 17 Position of Finger Finger Height Figure 360 Finger Height Incorrect Position Do not place the finger tip on the top of the fingertip guide Do not place the finger tip on the surface of the sensor Correct Position Align center of 1st phalanx with sensor center ...

Page 496: ... property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 496 July 17 Finger Angle Figure 361 Finger Angle Incorrect Position Do not tilt the finger on right or left side of the sensor Correct Position The finger must be parallel to the sides of the sensor IDEAL POSITION ...

Page 497: ...y of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 497 July 17 Finger Inclination Figure 362 Finger Inclination Incorrect Position Do not leave the finger in the air Do not bend finger upward or downward Correct Position Finger must be parallel to the sensor surface IDEAL POSITION ...

Page 498: ...mation therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 498 July 17 Finger rotation Figure 363 Finger Rotation Incorrect Position Do not roll finger Correct Position Finger must be parallel to the sensor surface IDEAL POSITION ...

Page 499: ...on When finger biometric data acquisition is difficult please follow the recommendations listed below The finger is cold Solution warm up the finger The finger is wet Solution wipe the finger The finger is dry Solution warm up the finger and or add a little bit of humidity The finger is dirty Solution wash hands Remove bandages or adhesive tapes from the fingerprint area and from the 2nd phalanx o...

Page 500: ...2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 500 July 17 Annex 2 Comparison of Authentication mode with Contactless Card ...

Page 501: ... Biometric authentication using these templates Send ID if authentication is successful Card mode authentication Read card mode ID templates if required by card mode on contactless card If card mode is ID only send ID If card mode is Authentication with templates on card biometric authentication using templates read on card then send ID if authentication is successful Authentication with biometric...

Page 502: ...o No Card mode authentication ID_ONLY Yes Yes No No No No Card mode authentication PKS Yes Yes Yes Yes No No Authentication with templates in database biometric control disabled Yes No No No No No Authentication with templates on card biometric control disabled Yes No No No No No Card mode authentication ID_ONLY no PIN code check no biometric check Yes Yes No No No No Card mode authentication PKS ...

Page 503: ...Guide Recommendations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 503 July 17 Annex 3 Bibliography ...

Page 504: ...ird party without the prior authorization of Morpho 504 July 17 How to get latest version of the documents The last version of the documents is available on a CD ROM package from our factory or can be downloaded from our web site at the address below www biometric terminals com Login and password required To request a login please send us an email to the address below hotline biometrics morpho com...

Page 505: ... MorphoAccess 5G Series ApplicationNotes Morpho Legacy Mode Limitations This document describes the limitations of MorphoAccess SIGMA Family terminals operating in Legacy Morpho mode This document is in English MorphoAccess 5G Series Morpho L 1 Bioscrypt Legacy Mode Limitations ref 2016_2000022285 MorphoAccess 5G Series ApplicationNotes L1 Legacy Mode Limitations This document describes the limita...

Page 506: ...This document describes thrift commands supported by a MorphoAccess SIGMA Family terminals MorphoAccess 5G Series Serial Command Manual ref 2015_2000012655 MorphoAccess 5G Series SecureSDK_Serial_Command_Manual This document details all the distant commands supported by MorphoAccess SIGMA Family terminals in L1 legacy mode MorphoAccess 5G Series Command Support Matrix ref 2015_2000012654 MorphoAcc...

Page 507: ...g using the terminal MorphoAccess SIGMA Family Administration Guide ref 2017_2000025464 MorphoAccess SIGMA Family Administration Guide This document describes the different functions available on the terminal and procedures for configuring the terminal This document is in English MorphoAccess SIGMA Series Quick User Guide ref 2014_0000000530 MA SIGMA Quick User Guide This document is a short summa...

Page 508: ...ew upgrade mechanism with MorphoAccess SIGMA Series terminal This document is in English MorphoAccess 5G Series ApplicationNotes MobileNetworkConfiguration ref 2016_2000021923 MorphoAccess 5G Series ApplicationNotes MobileNetworkConfiguration This document describes how to configure a 3G dongle on MorphoAccess SIGMA Series terminal This document is in English Documents for Developer MorphoAccess S...

Page 509: ...document is in English ref 2016_2000015437 MA SIGMA Lite Installation Guide This is the French version of previous document Documents about administrating using the terminal MorphoAccess SIGMA Family Administration Guide ref 2017_2000025464 MorphoAccess SIGMA Family Administration Guide This document describes the different functions available on the terminal and procedures for configuring the ter...

Page 510: ...n English Documents about administrating using the terminal MorphoAccess SIGMA Family Administration Guide ref 2017_2000025464 MorphoAccess SIGMA Family Administration Guide This document describes the different functions available on the terminal and procedures for configuring the terminal This document is in English MorphoAccess SIGMA Extreme Series Quick User Guide ref 2017_2000024419 MorphoAcc...

Page 511: ...mendations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 511 July 17 Annex 4 Glossary Acronyms and Abbreviation ...

Page 512: ...ent Although the entire finger scan has significant data the core is the most data intensive area and thus is extremely important to the algorithm Normally the core is located in the middle of the fingerprint Duress Mode A mode that offers users a way of indicating a duress situation such as being forced to open a door The user verifies with a specially designated finger resulting in an inverted W...

Page 513: ...inked to user ID example fingerprint found on users card which provides the User ID at beginning of the process 1 N Mode In 1 N mode a user places his or her finger on the device without entering an ID The terminal compares the user s scanned finger with the many enrolled fingers in its internal database Identification Searching or 1 N The operation of Identifying a user by comparing a live finger...

Page 514: ...ded to replace IPv4 which still carries the large majority of Internet traffic 2013 DNS Domain Name Server It provides naming for all systems computers terminals in a network DHCP Dynamic Host Configuration Protocol TCP Transmission Control Protocol UDP User Datagram Protocol SSL Secure Sockets Layer VIP Very Important Person The users in the system can be enrolled under VIP list PIN Personal Iden...

Page 515: ...r Guide Recommendations 2017_2000025464 v03 This document and the information therein are the property of Morpho They must not be copied or communicated to a third party without the prior authorization of Morpho 515 July 17 Annex 5 Support ...

Page 516: ...aux Biométriques Boulevard Lénine BP428 76805 Saint Etienne du Rouvray FRANCE Phone 33 2 35 64 53 52 Hotline Morpho Support Terminaux Biométriques 18 Chaussée Jules César 95520 Osny FRANCE hotline biometrics morpho com Phone 33 1 58 11 39 19 9H00am to 6H00pm French Time Monday to Friday http www biometric terminals com A login and password are required to access the full site content If an adminis...

Page 517: ...July 17 Registered Office Morpho 11 boulevard Gallieni 92130 Issy les Moulineaux France www safran identity security com ...

Reviews:

No comments