background image

MorphoAccess® VP Series - User Guide 

 

 

Section 7: Access control by Authentication 

 

 

 

 

 

73 

M

ORPHO DOCUMENT

.

 

R

EPRODUCTION AND 

D

ISCLOSURE 

P

ROHIBITED

 

SSE-0000082427-01 

 

 

January 2011 

 

Binary data 

Description 

The MorphoAccess® terminal is able to use as user’s identified, a binary value to read 
on specific location on user’s card. 

This binary value could be the serial number of the card, as explained in the 

Example: 

MIFARE™ card Serial Number used as user’s identifier

 section. 

The  MorphoAccess®  terminal  is  able  to  read  a  binary  value  which  is  not  aligned  on 
complete  bytes.  This  ability  is  useful  to  extract  the  user’s  identifier  from  a  Wiegand 
frame  written  on  the  user’s  card.  A  sample  is  described  in 

Example:  32  bits  user’s 

identifier within a 37-bits Wiegand frame

 section. 

No  TLV  structure  is  required  on  user’s  card:  the  MorphoAccess®  terminal  is  able  to 
use user’s cards written by other systems. 

Card type compatibility 

This format can be only used only with the “MIFARE™ only default mode”. 

Type of contactless smartcard enabled 

app/contactless/enabled profiles = 0 

MIFARE™  only  (support  binary 
user’s identifier) 

 

Configuration keys 

The binary data to read is data defined by: 

• 

The offset of the first block which contains the data 

• 

The offset of the first byte/bit of the data, within the sector (15 bytes maximum). 
The  terminal  is  able  to  read  a  user’s  identifier  which  offset  is  different  from  a 
multiple of 8 bits. 

• 

The length (in bytes and bits) of the data (8 bytes maximum). The terminal is able 
to read a user’s identifier which length is different from a multiple of 8 bits. 

• 

The read direction (MSB or LSB) 

 

User’s identifier stored in ASCII format 

app/contactless/dataformat = 1 

Binary format 

app/contactless/B  

[1-215] First block to read on card 

app/contactless/data  length  [number  of 
bytes].[additional bits]  

User ID length in bytes and additional 
bits (8 bytes maximum) 

app/contactless/data  offset  [number  of 

Location of first byte/bit of the user’s 

Summary of Contents for MorphoAccess VP Series

Page 1: ...MorphoAccess VP Series User Guide January 2011 SSE 0000082427 01 Copyright 2011 Morpho Osny France MorphoAccess VP Series User Guide ...

Page 2: ...sent a commitment on the part of Morpho No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical including photocopying or recording for any purpose without the express written permission of Morpho This legend is applicable to all pages of this document This manual makes reference to names and products that are trademarks of their respective ow...

Page 3: ...3 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Revision History The table below contains the history of changes made to the present document Version Date Description 01 January 11 Creation of the present document ...

Page 4: ...gh a LAN 31 Setting up IP parameters with a USB Mass Storage Key 33 Wi Fi Network configuration 35 Section 4 MorphoAccess Terminal Configuration 36 MorphoAccess configuration parameters 37 Configuring a connected MorphoAccess terminal 38 Upgrading the firmware 41 MorphoAccess terminal database management 42 MorphoAccess terminal license management 43 Section 5 Access Control 45 Access control pres...

Page 5: ...l System 91 Internal Relay activation on Access Granted result 92 Internal Relay activation by external button 94 Access request result log file 95 Sending the access control result to a distant system 97 LED IN feature 101 Time mask feature 103 Section 12 MorphoAccess VP Series terminal sound and light Interface 104 Light and sound signals 105 The user is recognized and the access is allowed 111 ...

Page 6: ...iguration of a MorphoAccess terminal by a Host System 38 Figure 18 MorphoAccess configuration tool main window 39 Figure 19 Typical access control system architecture 46 Figure 20 Recognition mode synthesis 49 Figure 21 Access control result access granted 51 Figure 22 Access control result Access denied 51 Figure 23 Identification mode 55 Figure 24 Contactless card presentation starts authenticat...

Page 7: ...MorphoAccess VP Series User Guide Section 1 Introduction 7 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 1 Introduction ...

Page 8: ... allows a high security level without affecting comfort of use an enhanced resistance to spoofing by combining the protection mechanisms intrinsic to each technology and also by making the most of the new characteristics resulting from the fusion while offering the same easiness of use which makes finger biometrics based systems quickly adopted by end users In addition the MorphoAccess VP Series h...

Page 9: ...D SSE 0000082427 01 January 2011 Scope of the document This guide deals with the use of the MorphoAccess VP Series which is made up of following list of products MorphoAccess VP Series Multimodal Biometrics Contactless Smartcard Reader MIFARE DESFire MorphoAccess VP Bio Yes No No MorphoAccess VP Dual Yes Yes Yes ...

Page 10: ...ion Morpho hereby declares that the MorphoAccess VP Series terminal has been tested and found compliant with following listed standards EN302 291 2 V 1 1 1 2005 07 recommendation 1999 519 CE with standard EN 50364 EN 301 489 3 V 1 4 1 02 and low voltage Directive 2006 95 CE CEI609501 2005 2nd edition USA information This device complies with part 15 of the FCC Rules Operation is subject to the fol...

Page 11: ...eparation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device MA VP complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must ac...

Page 12: ...an be divided into major ridge pattern type such as Whorls Loops and Arches etc Unique characteristics known as Minutiae identify those points of a fingerprint where the ridges become bifurcation or endings as illustrated in Figure 1 These minutiae are the unique features which form the basis of any system using fingerprint comparison techniques for identification and verification purposes Fingerp...

Page 13: ... biometric authentication and identification The basic principle for finger vein pattern acquisition is to select an illumination wavelength for which absorption from deoxidized hemoglobin flowing freely in the blood stream will be maximum and background absorption all other cell tissues will be minimal This way the vascular pattern will appear in great contrast through the different layers of ski...

Page 14: ...by themselves and is also processing time consuming In the recent years biometric industry turned to an innovative approach Multimodality which consists in combining one biometrics with another complementary one The reason is that upstream studies showed that it could increase performances to a much larger extent than any of the other approaches considered until then It is particularly accomplishe...

Page 15: ...nswer to comfort and security concerns in any biometric application resistance to spoofing is increased by combining the protection mechanisms intrinsic to each technology and also by making the most of the new characteristics resulting from the fusion After having enlisted the cooperation of Hitachi for its perfect command of the finger vein imaging technology Morpho developed the first ever mult...

Page 16: ...f interest is usually located between the first and the third phalanxes Figure 3 areas of interest Ergonomics Image acquisition is performed with CMOS camera The optical imaging method depends on the kind of biometric data to be acquired The fingerprint imaging process requires finger s first phalanx fingerprint area to be in contact with the corresponding sensing area square portion of the transp...

Page 17: ... designed to hold finger into a flat position in order to avoid any contact inside the vein imaging active area It is highly recommended to wipe the device transparent surface with a dry cloth in case it is wet Figure 4 Cross section of the acquisition area Recommended fingers Our devices have been designed specifically for the use of fore middle and ring fingers So these 3 fingers are the ones re...

Page 18: ... use properly the device according to the rules stated below in order to acquire the best image quality This will result at the end in the best quality of service It is important to notice that it is possible to enroll more than one finger it provides an alternative for the ones who will have at a later stage their preferred finger hurt cut or even dirty It is recommended to enroll as 1st finger t...

Page 19: ... Series User Guide Section 2 MorphoAccess VP Series terminal presentation 19 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 2 MorphoAccess VP Series terminal presentation ...

Page 20: ...e that all connections of the MorphoAccess VP Series terminal described hereafter are of SELV Safety Electrical Low Voltage type User Interface see figure 6 Figure 6 MorphoAccess VP Series terminal front view The MorphoAccess VP Series terminals offer a simple and ergonomic man machine interface items dedicated to access control based on fingerprint recognition 1 a high quality optical scanner to ...

Page 21: ...e power supply over the spare pins When the terminal is connected to the network by the 5 wires block only power supply over the data pins is possible Please contact your network administrator to know which POE mode is provided by the network Hardware reset button see figure 8 A hardware reset button executes when pressed a power down power up sequence This reset button is located under the remova...

Page 22: ...ies User Guide Section 2 MorphoAccess VP Series terminal presentation SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 22 January 2011 Figure 7 MorphoAccess VP Series terminal rear view connectors ...

Page 23: ...ser Guide Section 2 MorphoAccess VP Series terminal presentation 23 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Figure 8 MorphoAccess VP Series terminal front view without bottom cover ...

Page 24: ...UDP or TCP or SSL protocol A Wi Fi link by connecting a USB Wi Fi adapter in the USB front port using the UDP or TCP or SSL protocol A serial port using the Wiegand or DataClock or RS485 protocol It is not allowed to use simultaneously the Ethernet link and the Wi Fi link But it is allowed to use the serial port and either the Ethernet or the Wi Fi link This feature is compatible with the manageme...

Page 25: ...nt USB port of the MorphoAccess terminal is dedicated to the connection of a USB Mass Storage key to configure the terminal with command scripts This feature is described in the Setting up IP parameters with a USB Mass Storage Key section and in the documents listed below MorphoAccess USB Network Tool User Guide MorphoAccess USB encoder User Guide Figure 9 MorphoAccess VP Series terminal front USB...

Page 26: ...UCTION AND DISCLOSURE PROHIBITED 26 January 2011 Plugging a USB Wi Fi adapter The front USB port of the MorphoAccess VP Series terminal is dedicated to the connection of a Wi Fi USB adapter The bottom cover must be removed to allow the access to the USB port Figure 10 MorphoAccess VP Series terminal USB port with a Wi Fi adapter ...

Page 27: ...hoAccess VP Series User Guide Section 3 Connecting a MorphoAccess to a PC 27 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 3 Connecting a MorphoAccess to a PC ...

Page 28: ...net cable either directly or through a LAN The LAN can be reduced to only one Ethernet router Once physically connected the MorphoAccess terminal can be configured using an application such as Configuration Tool or MATM A POE Power Over Ethernet current injector is mandatory if the MorphoAccess VP Series terminal is not powered by the 12VDC GND wires block Network parameter initialization The netw...

Page 29: ...e Auto MDIX feature then a crossover Ethernet cable is mandatory If no crossover Ethernet cable is available then a switch can be used please refer to next section If the PC to be used is already connected to a LAN then it must be either disconnected from the LAN or equipped with a 2nd network interface board which will be dedicated to the connection with the terminal It could be mandatory to modi...

Page 30: ... one Ethernet switch The MorphoAccess terminal can be connected to a PC through an Ethernet switch This is useful when no crossover cable is available but instead one Ethernet switch and two Ethernet standard cables are available WARNING an Ethernet HUB doesn t allow a connection between two of its ports An Ethernet switch is really mandatory Figure 12 Connection through an Ethernet switch ...

Page 31: ...figuration Please contact network administrator for more information about LAN security strategies Before connecting the terminal to a LAN through Ethernet it is necessary to specify the LAN parameters to the terminal The values of these parameters are to be provided and or approved by the administrator of the network LAN with DNS Server When a DNS server is available in the LAN the PC can request...

Page 32: ...N the IP address of the terminal remains the same after each restart and the Host System need only to know this IP address to establish a connection with the terminal The IP address of the terminal must be reserved in the router by the network administrator Please contact the network administrator to require the value of the network parameters listed below The MorphoAccess terminal IP address one ...

Page 33: ... and a dedicated PC application USB Network Configuration Tool This procedure is useful for MorphoAccess terminals without keyboard and screen but is applicable also to MorphoAccess terminals with keyboard and screen The procedure is detailed in the sections below and in the MorphoAccess USB Network Tool User Guide document First step build a configuration file on USB Mass Storage Key Run the USB ...

Page 34: ... Number value field is used only when SSL protocol is When all fields are filled with the data approved by the network administrator button Then select the root directory of the USB mass storage key After directory selection the application creates a configuration file Build a setting file on a USB mass storage key Second step apply changes to the terminal bottom cover of the MorphoAccess VP Serie...

Page 35: ...Fi license downloading and Wi Fi USB adapter installation make sure to reboot the terminal by pressing the reset button see paragraph Power supply interface for more information on reset button NOTE Both Wi Fi USB adapter and license can be ordered under the reference MA WI FI PACK Configuration The Wi Fi network configuration is described in the chapter 15 of the MorphoAccess Enrolment station Us...

Page 36: ...Access VP Series User Guide Section 4 MorphoAccess Terminal Configuration SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 36 January 2011 Section 4 MorphoAccess Terminal Configuration ...

Page 37: ...on bio ctrl contains the parameters related to the biometric control The full name of a configuration key includes the file name and the section name i e file name section name key name Example app bio ctrl nb attempts Please refer to MorphoAccess Parameters Guide for the full description of all configuration keys of a MorphoAccess terminal Modifying the value of a parameter There are two ways to ...

Page 38: ...Get Configuration parameter value Modify the value of a configuration parameter Get Access control log file content Change contactless card authentication keys Firmware upgrade Add a license The MorphoAccess terminal works as a TCP IP server which waits for a request from the Host System application which acts as a TCP IP client Figure 17 Configuration of a MorphoAccess terminal by a Host System T...

Page 39: ...figuration tool main window Please refer to MorphoAccess Configuration Tool User Guide document for further information about this PC application MATM PC application The MATM application is another application able to read and modify the value of any MorphoAccess terminal parameter In addition to Configuration Tool application the MATM application is able to configure Wi Fi parameters and to activ...

Page 40: ...l Configuration SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 40 January 2011 SSL securing The TCP link used for remote management can be secured using SSL protocol Please refer to SSL Solution for MorphoAccess document for further details ...

Page 41: ...et or Wi Fi or using a USB mass storage key The last MorphoAccess terminal firmware can be obtained on a CD ROM package from the customer service or can be downloaded from Morpho Website dedicated to biometric terminals http www biometric terminals com A login name and a password are required it can be provided by the customer service hotline biometrics t my technicalsupport com Please refer to th...

Page 42: ...etric data of two fingers of the user and a unique identifier The MEMS application adds a user to its own database and then it updates the database of all MorphoAccess terminals The MorphoEnroll application performs user enrollment directly on the MorphoAccess terminal this application doesn t manage any database on the PC Removing a user from the database Removing a user means deleting the user s...

Page 43: ...n of database with a higher size but it doesn t modify the size of a already created database The existing database must be deleted and then recreated with a higher size MorphoAccess MA_WIFI license The MA_WIFI license enables the Wi Fi network WLAN optional feature Warning The license alone is not enough a USB Wi Fi adapter compatible with MorphoAccess terminals is mandatory Adding a license in a...

Page 44: ... Guide Section 4 MorphoAccess Terminal Configuration SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 44 January 2011 Please refer to document MorphoAccess Terminal License Management for more information ...

Page 45: ...MorphoAccess VP Series User Guide Section 5 Access Control 45 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 5 Access Control ...

Page 46: ...ntrol system Typical access control system architecture includes one MorphoAccess terminal per area to protect an Enrollment Station dedicated to user enrollment and database synchronization with all MorphoAccess terminals it could be a PC with MEMS application a Central Security Controller for area access final check and physical access command open the door Figure 19 Typical access control syste...

Page 47: ...s 2 When required the Enrolment Station adds new user records into each MorphoAccess terminal and removes obsolete user records 3 When a user request the access to the area protected by the MorphoAccess terminal the terminal checks user s access rights using a biometric check 4 If the result of the local access rights check is successful a message is send to the Central Security Controller for add...

Page 48: ...Standalone mode Identification and or Authentication When in standalone mode the MorphoAccess terminal supports two main different access control processes The identification process which starts when the user places his finger on the biometric sensor This process is described in the Section 6 Access control by identification section The authentication process which starts with the presentation of...

Page 49: ...01 January 2011 How to select the standalone access control process The chart below describes the different processes available and the related configuration keys Figure 20 Recognition mode synthesis Identification and one authentication processes can be activated at the same time as described in Section 8 Multi factor mode section ...

Page 50: ...available and the result of the local access control check This feature is described in the Access request result log file section Integration in an access control system At the end of the access rights control the MorphoAccess terminal is able to Send a message with data related to the access request to a distant system which could be a simple storing system or a Central Security Controller This ...

Page 51: ...Section 5 Access Control 51 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Access granted Figure 21 Access control result access granted Access denied Figure 22 Access control result Access denied ...

Page 52: ...phoAccess VP Series User Guide Section 6 Access Control by Identification SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 52 January 2011 Section 6 Access Control by Identification ...

Page 53: ... The biometric data of allowed users are acquired by an enrolment station with the same kind of biometric sensor The access control by identification process is started when a finger is detected on the biometric sensor When the user requests the access his identity is unknown and it is the terminal that searches for his identity The terminal grants the access if a match is found the user is identi...

Page 54: ...l Relay activation on Access Granted result section External activation of the internal relay as described in Internal Relay activation by external button section Send access control result message to a remote system as described in Sending the access control result to a distant system section Wait for distant system confirmation before granting the access as described in LED IN feature section Ac...

Page 55: ...he terminal If a match is found then the user is identified and if there is no other access right check the access is granted to the user Otherwise if no match found the user remains unknown the user s identifier is unavailable and the access is denied The result of the identification process is notified to the user by a specific signal as described in Terminal states section When the identificati...

Page 56: ...phoAccess VP Series User Guide Section 7 Access control by Authentication SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 56 January 2011 Section 7 Access control by Authentication ...

Page 57: ... person It means that at the beginning of the process the person provides his identity and the authentication process verify it At the end of the process the identity is either confirmed authenticated or not confirmed not authenticated This mode doesn t compare the user s data to the data of several users it compare the data provided by the user with the reference data provided by the same user du...

Page 58: ... card is encrypted with the contactless authentication keys stored in the terminal The MorphoAccess terminal rejects user s cards without the data required by the authentication process selected All authentication modes require the presence of the user s identifier value The other data and the format of all the data required depends on the authentication mode selected All non mandatory data found ...

Page 59: ...phoAccess terminal detects a user s card it searches for a specific data which indicates if the biometric check is either mandatory or disabled This authentication mode is described in section Authentication process specified by User s card Result of access control check The result of the access control check is signified to the user by local audible and visible signals as described in Access cont...

Page 60: ... cards only DESFire cards only Configuration key The type of contactless smartcard enabled is defined by the following specific configuration key Type of contactless smartcard enabled app contactless enabled profiles 0 MIFARE cards only support binary format for user s identifier app contactless enabled profiles 1 DESFire cards only TLV format only app contactless enabled profiles 2 MIFARE cards o...

Page 61: ...be disabled as described in the No biometric check no user id check section User s data required in the terminal This authentication mode doesn t use the internal database of the MorphoAccess terminal None user s personal data is required in the terminal User s data required on the user s card To be compatible with this authentication mode the user s card must contain the user s identifier User ID...

Page 62: ...card The terminal compares the biometric data of the finger placed on the sensor with the reference biometric data of the two reference fingers read on user s card The authentication process is successful identity confirmed if the captured finger data matches with one of the two references finger data Otherwise if no match is found the authentication process fails identity not confirmed The result...

Page 63: ...he same user s identifier value as the one stored on user s card The biometric data of two user s fingers If the user s identifier read on the user s card is not found in the database then the access denied The size and the management of the MorphoAccess terminal internal database is described in MorphoAccess Terminal Database management section User s data required on card The only data required ...

Page 64: ...process is successful identity confirmed if the captured finger data matches with one of the two references finger data Otherwise no match found the authentication process fails identity not confirmed The result of the authentication process is notified to the user by a specific signal as described in Terminal states section When the authentication process is completed whatever is the result ident...

Page 65: ...al is able to read a user s identifier Otherwise the card is ignored and the access denied User s data required in the terminal In this authentication mode the internal database of the MorphoAccess terminal is not used User s data required on the user s card The user s identifier User ID is the only one data required on the user s record all other data are ignored The terminal is able to read the ...

Page 66: ...Authentication without biometric check and without User ID check The authentication process succeeds if the user s identifier is found Otherwise the authentication process fails The result of the authentication process is notified to the user by a specific signal as described in Terminal states section When the authentication process is completed whatever is the result identity confirmed or not th...

Page 67: ...rd contains The same identifier as the one on the user s card The reference biometric data of two fingers of the user If the terminal doesn t found a record with the user s identifier read on the card the access is denied The size and the management of the MorphoAccess terminal internal database is described in MorphoAccess Terminal Database management section User s data required on the user s ca...

Page 68: ... biometric check and without User ID check The user s identifier is read on the user s card and searched in the local database The authentication process succeeds if the user s identifier is found in the local database Otherwise the authentication process fails The result of the authentication process is notified to the user by a specific signal as described in Terminal states section Once the aut...

Page 69: ...cally or legally This kind of cards can be realized without user s presence and the same card used for different visitors The internal database of the MorphoAccess terminal is not used User s data required in the terminal This authentication mode doesn t use the internal database There is no personal data stored in the terminal User s data required on the user s card To be compatible with this mod...

Page 70: ... specified by user s card Biometric check mandatory The terminal requires the user to place a finger on the biometric sensor Then it executes a biometric comparison of the finger placed on the sensor and the reference biometric data read on user s card The process is identical to the one described in Biometric check biometric data on user s card section Biometric check disabled The result of the a...

Page 71: ...ithin a TLV structure User s identifier stored in TLV format app contactless data format 0 TLV structure app contactless data length 0 0 Automatic size app contactless data offset 0 0 Automatic offset The data written on user s card by MEMS application and by MorphoAccess 500 Series terminals enrolment embedded application are TLV formatted The contactless smartcard logical structure is described ...

Page 72: ...RE only support binary user s identifier When the key value is 0 the terminal is able to get the card UID of MIFARE cards and DESFire cards Configuration keys A configuration key specifies on which kind of identifier the access rights are assigned To use Card UID the CARDDATA tag must be removed and the CARDSN STD or the CARDSN REV must be added app bio ctrl AC_ID CARDDATA TLV structure must be re...

Page 73: ...written by other systems Card type compatibility This format can be only used only with the MIFARE only default mode Type of contactless smartcard enabled app contactless enabled profiles 0 MIFARE only support binary user s identifier Configuration keys The binary data to read is data defined by The offset of the first block which contains the data The offset of the first byte bit of the data with...

Page 74: ...he card are F4 E1 65 34 then the user identifier value Activation of identification mode app contactless data format 1 Binary format app contactless data type 0 1 Binary MSB format app contactless data length 4 0 Size 4 bytes no additional bit app contactless data offset 0 0 First byte of the block app contactless B 1 First block of the card 32 bits user s identifier within a 37 bits Wiegand frame...

Page 75: ...0 Size 4 bytes app contactless data offset 0 4 User s identifier begins at bit 4 of the first byte of the block specified below app contactless B 46 Read at block 46 first block of sector 15 It is possible to configure the MorphoAccess terminal to add automatically the start and stop bits to the Wiegand output frame if the user s identifier must be send to a distant system using Wiegand protocol ...

Page 76: ...MorphoAccess VP Series User Guide Section 8 Multi factor mode SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 76 January 2011 Section 8 Multi factor mode ...

Page 77: ...user presents his contactless card first then it is authentication process which is executed Figure 31 Multi factor mode identification and authentication When there is no database the identification mode is disabled but the authentication mode is still available User s data required in the terminal The requirements of the Identification mode and the requirements of the selected authentication mod...

Page 78: ... MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 78 January 2011 Activation of multi factor mode app bio ctrl identification 1 Enabled app bio ctrl authent card mode 1 or app bio ctrl authent ID contactless 1 or app bio ctrl authent PK contactless 1 Enabled Enabled Enabled ...

Page 79: ...MorphoAccess VP Series User Guide Section 9 Proxy or slave Mode 79 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 9 Proxy or slave Mode ...

Page 80: ...on the host system and used MorphoAccess terminal high level functions Identification function Authentication function Read data on a contactless card Access control result signal command Figure 32 Proxy slave mode The MorphoAccess VP Series terminal is driven through an Ethernet or Wi Fi link using TCP or SSL protocol The MorphoAccess terminal acts as a server it is either waiting for a command o...

Page 81: ...t means for example that When the Identify command is in progress the terminal displays the same signals as the standalone Identification mode When the terminal receives the access granted command from the distant system it emits the access granted signal as described in the Access control result section The local signals are described in the Section 12 MorphoAccess VP Series terminal sound and li...

Page 82: ...tivation The proxy mode is automatically enabled when the identification mode and all authentication modes are disabled Proxy mode all local standalone access control application are inhibited app bio ctrl identification 0 Disabled app bio ctrl authent card mode 0 Disabled app bio ctrl authent PK contactless 0 Disabled app bio ctrl authent ID contactless 0 Disabled ...

Page 83: ...ccess VP Series User Guide Section 10 MorphoAccess Terminal Customization 83 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 10 MorphoAccess Terminal Customization ...

Page 84: ... Setting up the number of biometric check attempts app bio ctrl nb attempts 1 Only one no retry allowed app bio ctrl nb attempts 2 Two one 2nd try is allowed default Identification mode If the finger of the user is not recognized he has 5 seconds to place again one of his fingers on the sensor If a finger is placed on the sensor after this delay then the terminal process it as a new access request...

Page 85: ... users divided by the number of access requests Both ratio values are linked Different trade offs are possible between FRR and FAR depending on the security level targeted When convenience is the most important factor the FAR must be low and conversely if security is more important then the FAR has to be minimized Different tunings are proposed in the MorphoAccess terminal depending on the securit...

Page 86: ...or a secure usage It is strongly advised to don t use this value because the terminal becomes too tolerant 1 FAR 1 2 FAR 0 5 3 FAR 0 1 Recommended value for physical access control application 4 FAR 0 05 5 FAR 0 01 Recommended value for logical access control application 6 FAR 0 001 7 FAR 0 0001 8 FAR 0 00001 9 FAR 0 0000001 10 Highest threshold value the number of false acceptance is very low but...

Page 87: ... switches When one of those events is detected the MorphoAccess VP Series terminal acts as required by the related configuration key see section below Ignore the event default useful during normal maintenance operations Send an alarm message to a distant system through the channel already used by the access control result messages see Sending the access control result to a distant system section E...

Page 88: ...m level 2 Silent message and local alarm signal in addition to previous level 1 the terminal buzzer emits an audible and visible alarm signal The alarm message is sent through the same channel as the access control result message Then if there is no channel defined for the result message the alarm message is not sent Please refer to Sending the access control result to a distant system section In ...

Page 89: ...t system app failure ID alarm ID 62221 The identifier of alarm message is 62221 app failure ID enabled 1 Error and alarm messages are allowed while using Wiegand or DataClock protocols app send ID wiegand enabled 1 Enables to send message though serial channel using Wiegand protocol Example 2 send an alarm message in UDP no local alarm signal In case of anti tamper or anti pulling detection the te...

Page 90: ...eries terminals allow to select the security level of the multimodal biometrics Configuration key The multimodal biometrics security level is selected by only one configuration key Multimodal biometrics security level app bio ctrl security level 0 Standard security level default value app bio ctrl security level 1 High security level To be use to increase the protection against fraud but it may af...

Page 91: ... Series User Guide Section 11 Compatibility with an Access Control System 91 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 11 Compatibility with an Access Control System ...

Page 92: ...an be modified by a specific configuration key Access control installation using internal relay offers a lower security level than an installation with a central access controller which is the only one allowed opening the door Figure 36 MorphoAccess terminal internal relay Activation key A configuration key enables internal relay activation on access granted Relay activation when access is granted...

Page 93: ...n Access Control System 93 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 The default state of the relay can also be defined Relay default state app relay relay default state 0 Open default app relay relay default state 1 Close ...

Page 94: ...nternal relay A typical application of this feature is to open the door from inside an area protected by a MorphoAccess terminal as described in figure below To enter in the building the user must be successfully recognized by the MorphoAccess terminal A simple push button connected to LED1 between LED1 and GND wires of the MorphoAccess terminal will trigger the door to leave the building Figure 3...

Page 95: ...ecord is described in the MorphoAccess Host System Interface Specification document Log File management Three commands are available for log file management A command which return the current status of the log feature enabled disabled number of records A command which returns the content of the log file A command that delete the log file For more information about these commands refer to the Morph...

Page 96: ...OCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 96 January 2011 Activation key The creation of a record for each access request is enabled and disabled by only one configuration key Enabling recording of all access request results in the internal log file app log file enabled 1 Enabled app log file enabled 0 Disabled ...

Page 97: ...of the distant device in the global access control system Figure 38 Sending access control result message to a distant system Please refer to MorphoAccess Remote Messages Specification for more information about the format and the protocol of the access control result messages The LED IN feature enables to expect a positive answer from the distant system before granting the access Available ports ...

Page 98: ...The format of the Wiegand frame is defined by several configuration keys DataClock protocol Same comment as for Wiegand protocol The sending of the message through the serial port using DataClock protocol is conditioned only one configuration keys Send access control result message using DataClock protocol on serial output port app send ID dataclock enabled 1 Enabled app send ID dataclock enabled ...

Page 99: ... TCP protocol Same comment as for RS485 protocol Send access control result message using TCP protocol on Ethernet port app send ID ethernet mode 0 Disabled app send ID ethernet mode 1 UDP app send ID ethernet mode 2 TCP SSL protocol For details about SSL protocol please refer to SSL Solution for MorphoAccess document Wi Fi channel Instead of Ethernet connection the terminal can be connected using...

Page 100: ...ssage send through IP and RS485 includes the date time of access control result The terminal clock has a 4 sec per day typical time deviation at 25 C At 50 C the time deviation may be up to 8 sec per day For features that requiring time precision such as SSL protocol or DESFire contactless card the clock of the MorphoAccess terminal must be synchronized regularly with an external clock using the a...

Page 101: ...access controller within the access result message Then the terminal starts to wait during an adjustable timeout for the closure of a switch between LED1 and GND or between LED2 and GND During terminal wait period the controller performs its own access rights checks for the identified user Depending on the result of the result the controller close the switch between LED1 and GND wires to grant the...

Page 102: ... for each possible answer then The access denied relay contact must be connected to LED1 and GND wires The access granted relay contact must be connected to LED2 and GND wires Activation key This feature is activated by a dedicated configuration key LED IN feature activation app led IN enabled 0 Disabled default app led IN enabled 1 Enabled Configuration key The value of the wait time for the answ...

Page 103: ...le with MEMS and MorphoEnroll applications Please refer to MorphoAccess Host Interface Specification document for mode information Database To use this feature the local database must be created with a specific additional user data field Each user may have a different time mask from other users The time mask is defined by slots of 15 minutes over a week For each of these 84 slots of 15 minutes the...

Page 104: ...ide Section 12 MorphoAccess VP Series terminal sound and light Interface SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 104 January 2011 Section 12 MorphoAccess VP Series terminal sound and light Interface ...

Page 105: ...ent Pulse 1 second OFF and 0 5 second ON Sample Intermittent blue Pulse Fast intermittent Pulse 0 5 second OFF and 0 5 second ON Sample Fast Intermittent yellow Pulse Slow intermittent Pulse 1 second OFF 1 second ON Sample Slow intermittent red Pulse Audible signal The volume of the audible signal can be tuned by a specific configuration key Level of the audible signal app GUI volume 0 Volume off ...

Page 106: ...lacement OFF Intermittent YELLOW pulse OFF Finger removed too quickly OFF YELLOW OFF Finger acquisition running GREEN OFF OFF No database or empty database OFF Intermittent YELLOW pulse OFF USB mass storage key can be removed OFF Fast intermittent CYAN pulse OFF A distant operation is running OFF Intermittent MAGENTA pulse OFF An upgrade of biometric component is running OFF Intermittent MAGENTA p...

Page 107: ...hentication waiting for user s contactless card One of the authentication modes is activated and the MorphoAccess terminal is waiting for the presentation of a contactless card Biometric Sensor backlight Not significant Status LED On permanent blue Buzzer Off Identification and Authentication No database or empty database The selected access control mode requires at least one record in the local d...

Page 108: ...ED On permanent blue Buzzer OFF Finger biometric data acquisition in progress The MorphoAccess VP Series terminal emits this signal when the acquisition of the biometric data of the finger placed on the sensor is in progress Don t remove the finger when this signal is displayed Biometric Sensor backlight ON GREEN Status LED OFF Buzzer OFF Finger misplaced The MorphoAccess VP Series terminal emits ...

Page 109: ...The terminal fails to start the biometric sensor If the trouble persists after several terminal start ups please contact customer service Biometric Sensor backlight OFF Status LED Slow intermittent red Pulse Buzzer OFF Terminal maintenance A configuration operation is in progress biometric database update configuration key value change access request log file acquisition etc Normal process will be...

Page 110: ...s LED Slow intermittent magenta Pulse Buzzer OFF Maintenance USB mass storage key can be removed This signal Is emitted when the USB Mass Storage key used to configure the terminal can be removed from the USB port The USB Mass Storage key must be removed to complete the maintenance process Biometric Sensor backlight OFF Status LED Fast intermittent cyan Pulse Buzzer two medium pitched notes only o...

Page 111: ...Green 1s flash Buzzer 1 second high pitched note Identification or Authentication Access denied The user is not recognized or the access is not allowed to this user by Time Mask feature or by the Central Access Controller Biometric Sensor backlight Not significant Status LED Red 1s flash Buzzer 1 second low pitched note Authentication Timeout while waiting for finger on the sensor Authentication m...

Page 112: ...0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 112 January 2011 Finger removed too earlier The terminal emits this signal if the finger is removed too earlier while the finger biometric data acquisition is in progress Biometric Sensor backlight OFF Status LED Yellow 1s Flash Buzzer OFF ...

Page 113: ...on 13 Compatible Accessories Software Licenses and Software Applications 113 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Section 13 Compatible Accessories Software Licenses and Software Applications ...

Page 114: ...lowing items can be ordered directly toMorpho or official distributor so as to enjoy all the features of your MorphoAccess VP Series terminal Power supply units Contactless smartcards MIFARE 1K or 4K DESFire 2K 4K or 8K MA WI FI PACK containing a Wi Fi USB dongle and a Wi Fi license to activate Wi Fi capability on your terminal MA 10K USERS License enabling database upgrade from 3 000 users capaci...

Page 115: ...PHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Compatible software applications MorphoAccess VP Series terminals are fully compatible with MorphoAccess Enrolment Management System MEMS application Morpho Integrator s Kit MIK software development kit MorphoEnroll enrolment application ...

Page 116: ...MorphoAccess VP Series User Guide Appendix 1 Finger placement rules SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 116 January 2011 Appendix 1 Finger placement rules ...

Page 117: ...MorphoAccess VP Series User Guide Appendix 1 Finger placement rules 117 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Finger placement recommendations ...

Page 118: ...ity please leave the finger on the biometric sensor until the backlight is turned off Finger condition The following recommendations regarding finger condition will also help to get optimal quality at acquisition If wet wipe finger If dry or cold warm up finger If dirty wash hands Remove bandages or adhesive tapes from finger Do not press or tense finger to avoid blood vessels constriction ...

Page 119: ...MorphoAccess VP Series User Guide Appendix 2 Bibliography 119 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED SSE 0000082427 01 January 2011 Appendix 2 Bibliography ...

Page 120: ...es and connection procedures Administrator Information MorphoAccess Parameters Guide ref SSE 0000062458 This document describes all configuration keys of MorphoAccess terminal SSL Solution for MorphoAccess ref SSE 0000069007 This document describes the SSL Solution deployment for MorphoAccess terminal with MATM security plug in MorphoAccess Terminal License Management ref SSE 0000066855 This docum...

Page 121: ...document describes the Configuration Tool application which enables to configure a MorphoAccess terminal through a IP link Ethernet or Wi Fi MorphoAccess Terminal Management User Guide ref SSE 0000068869 This document describes the MATM application which enables to configure a MorphoAccess terminal through Ethernet or Wi Fi MorphoAccess USB Network Tool User Guide ref SSE 0000043164 This document ...

Page 122: ...MorphoAccess VP Series User Guide Appendix 3 Support SSE 0000082427 01 MORPHO DOCUMENT REPRODUCTION AND DISCLOSURE PROHIBITED 122 January 2011 Appendix 3 Support ...

Page 123: ...USB Network Tool to set a valid network address in your terminal Refer to USB Network Tool User Guide Biometric Sensor backlight is off Verify that the base contents at least one record Check that identification mode is enabled Terminal returns erratic answers to ping requests Check the subnet mask Ask your network administrator for the right value Check that each device connected to the network h...

Page 124: ...805 Saint Etienne du Rouvray FRANCE Phone 33 2 35 64 53 52 Hotline and customer assistance Morpho Support Terminaux Biométriques 18 Chaussée Jules César 95520 OSNY FRANCE hotline biometrics t my technicalsupport com Phone 33 1 58 11 39 19 9H00am to 6H00pm French Time Monday to Friday http www biometric terminals com To access this service please contact us in order to get your login Please send us...

Page 125: ...Copyright 2011 Morpho Head office Le Ponant de Paris 27 rue Leblanc 75512 PARIS CEDEX 15 France www morpho com ...

Page 126: ...Head office Le Ponant de Paris 27 rue Leblanc 75512 PARIS CEDEX 15 France www morpho com ...

Reviews: