MorphoAccess

Parameters Guide

Produced by Sagem Scurit

Copyright 2009 Sagem Scurit
www.sagem-securite.com

MorphoAccess Parameters Guide

SSE-0000062458-05

November 2009

Table of Contents
REVISIONS HISTORY

SCOPE OF THE DOCUMENT

CONFIGURATION FILE ORGANIZATION

PARAMETER MODIFICATION
NOTATION
[SECTION IN CONFIGURATION FILE]
SSL SECURING CONFIGURATION KEYS
WI-FI CONFIGURATION KEYS
DESFIRE CONFIGURATION KEYS

9
9
9
9
10
10

APPLICATION FILE (APP.CFG)

11

[BIO CTRL]
[CONTACTLESS]
[RELAY]
[SEND ID UDP]
[SEND ID ETHERNET]
[TAMPER ALARM]
[SEND ID W IEGAND]
[SEND ID DATACLOCK]
[SEND ID SERIAL]
[FAILURE ID]
[LOG FILE]
[LED IN]
[G.U.I]
[MODES]
[DATACLOCK IN] (MORPHOACCESS 500 SERIES ONLY)
[W IEGAND IN] (MORPHOACCESS 500 SERIES ONLY)
[INFO]
[KEYBOARD] (MORPHOACCESS 500 SERIES ONLY)

11
15
18
18
18
20
20
23
24
25
26
27
27
28
30
30
31
31

BIOMETRIC SENSOR PARAMETERS (BIO.CFG)

33

[BIO CTRL]

33

ADMINISTRATION SETTINGS (ADM.CFG)

34

[REMOTE MANAGEMENT TCP]

[REMOTE MANAGEMENT SERIAL] (MORPHOACCESS 500 SERIES ONLY)
[DISTANT SESSION]

34
34
35

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[REMOTE MANAGEMENT SSL]

35

NETWORK PARAMETERS (NET.CFG)

37

[BOOT PROTO]
[PARAMETERS]
[DEVICE]

37
37
37

SSL PROFILES (SSLPROFILE.CFG) (SSL USE ONLY)

38

[MISCELLANEOUS]
[PROFILE0]
[PROFILE1]

38
38
40

G.U.I. FILE (GUI.CFG)

42

[KEY SCREENS] (MORPHOACCESS 500 SERIES ONLY)(ONLY IN EXTENDED TIME AND

ATTENDANCE MODE)

42

EXE FILE (EXE.CFG)

44

[INIT STATE]
[SW ITCH APP]

44
44

WI-FI FILE (WIFI.CFG) (WI-FI USE ONLY)

45

[ACCESS POINT: XXX]

[PROFILE: YYY]
[PROPERTIES]

45
46
47

ENROLMENT APPLICATION (ENR.CFG)

48

[CONTACTLESS]

48

LOGS FILE (LOG.CFG)

49

[LOGPARAM]
[SYNCHRO]

49
50

REMOTE MESSAGES (REMOTEMSG.CFG)

51

[INTERFACES]

51

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

EVENTS (EVENTS.CFG)

52

[GENERAL]
[BIO_CHG]
[LOG_FULL]

52
52
53

SUPPORT

54

CUSTOMER SERVICE
HOTLINE

54
54

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

REVISIONS HISTORY

Date
July 08

Firmware

Description

All

Add bio\bio ctrl\FFD security level configuration key description

(MA5x1 device only).
New description for app\failure ID\ configuration keys

2.07

Add SSL configuration keys

Add app\relay\external control by LED1 new configuration key

2.09

Add bio\bio ctrl\finger type new configuration key for compatibility

with the juvenile option of MA2xx and MA3xx devices.
Add Idle mode configuration key.
Add app\modes\timeouts new configuration key
Add extended Time and Attendance feature configuration keys
Add app\keyboard\timeouts new configuration key
Add app\send ID Wiegand\built frame new configuration key
Add app\contactless\event on new configuration key
Add WiFi configuration keys

June
2009

2.10

Add MA 500+ Series and DESFireTM terminals

October
2009

2.11

Add events, logs, remotemsg files.

Add exe\init\startup configuration key
Add app\log\full handling configuration key
Add new Wi-Fi configuration keys

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

SCOPE OF THE DOCUMENT

This guide relates to the use of MorphoAccess 500 and 100 Series
terminals.
MorphoAccess 500 Series is a generic appellation which gathers
MorphoAccess terminals belonging to MA 500+ Series, OMA 500 Series
and MA 500 Series. Corresponding list of products is depicted in the table
below.

Biometrics

MA 500+
Series

OMA 500
Series

MA 500
Series

Contactless Smartcard
Reader
MIFARE

DESFire

MA 500+

MA 520+ D

MA 521+ D

OMA 520 D

OMA 521 D

OMA 520

OMA 521

MA 500

MA 520

MA 521

False
Finger
Detection

Sagem Scurit document. Reproduction and disclosure forbidden

Outdoor

SSE-0000062458-05

MorphoAccess 100 Series is made up of following list of products.

Contactless Smartcard Reader
Biometrics
iClass

MA 100
Series

SSE-0000062458-05

MIFARE

MA 100

MA 110

MA 120

MA 120 D

DESFire

Sagem Scurit document. Reproduction and disclosure forbidden.

CONFIGURATION FILE ORGANIZATION

This document gives an exhaustive description of the MorphoAccess
500 and 100 Series configuration parameters.
MorphoAccess parameters are stored into files organized into sections
and values.
Each section corresponds to a given functionality described by various
parameters.
For example a file named app.cfg contains all the parameters defining
the main application settings.
[bio ctrl]
identification=1
nb attempts=2

[log file]
enabled=1

Each file is associated to a type file defining the parameters type.

[bio ctrl]
identification=bo(e)
nb attempts=in(1,2)

[log file]
enabled=bo(e)

NOTE: Since software version 2.00, some configuration keys have

been renamed or moved.
When configuration comes from software updating the previous set key
value is unchanged.

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Parameter modification
There are two main ways to modify a parameter.

For MorphoAccess 500 Series only, directly on the terminal using

the Configuration Application. Please refer to Configuration
Application User Guide for more information about this application.
[app]/send ID udp
host address
134.1.2.189
EDIT

<<

>>

EXIT

Remotely through IP or Serial link with a client application.

Notation
The notation below is employed:

[section in configuration file]

parameter name 1 default value [min_value-max_value]
Parameter details.
parameter name 2 default value (value_1, value_2)
Parameter details.

SSL securing configuration keys

Several keys let the administrator configuring the system to use SSL for
remote connections. This feature is enabled for MorphoAccess 500 and
100 Series.
To secure using SSL, refer to the specific documentation MATM SSL
Solution for MorphoAccess and use MATM Security Plugin.
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

Configuration keys marked SSL use only have not to be modified

manually. They should be managed only with the MATM Security Plugin.
It is recommended to use Sagem Scurits Active MACI as remote SSL
client communication layer and to configure SSL using MATM Security
Plugin.
Do not configure SSL using another way.

WI-FI configuration keys

Several keys let the administrator configuring the terminal to use WI-FI
USB adapter instead of the classical Ethernet cable.
To configure a WI-FI connection, please use the MATM WI-FI Wizard
Plugin or use the Easy Setup assistant (on MorphoAccess 500 Series
only)
Configuration keys marked Wi-Fi use only must not be modified
manually. They should be managed only with the MATM WI-FI Wizard
Plugin.

DESFire configuration keys

Special keys only appear on terminals that have a DESFire contactless
smart card reader. In that case, these keys are marked as DESFire
terminals only.

10

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

APPLICATION FILE (APP.CFG)

[bio ctrl]
identification 1 (0, 1) (default mode on MorphoAccess 100 and
500)
When activated the terminal works in identification mode: captured
fingerprint is matched against the terminal database. The access is
granted if the captured fingerprint matches with one of the templates
stored in the database.
On terminals equipped with a contactless smartcard reader, identification
is disabled by default.
identification timeout 5 [1-60]
Time given to the user to present his finger after a first incorrect
identification.
nb attempts 2 (1, 2)
A value of 2 means that after a first incorrect identification or
authentication a second chance is given. Set this parameter to 1 to offer
only one attempt.
bypass authentication 0 (0, 1)
If set to 1, the biometric check is disabled (this applies to authentication
modes only).
authent card mode 0 (0, 1) (only on terminals equipped with a
contactless smartcard reader)
If set to 1, the content of the "CARDMODE" tag of the contactless card
specifies which optional checks have to be successful to allow the access:
PIN check (yes or no) and Biometric check (yes or no).
Refer to MorphoAccess Contactless Card Specification for further
information about the CARDMODE tag.
authent PK contactless 1 (0, 1) (only on terminals equipped with a
contactless smartcard reader)
If set to 1, the access is granted if the captured fingerprint matches one
of the templates read on the contactless card (tag "PK1" and PK2).

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

11

authent ID contactless 0 (0, 1) (only on terminals equipped with a

contactless smartcard reader)
If set to 1, the access is granted if the captured fingerprint matches one
of the templates stored in the terminal database, indexed by the content of
the "ID" tag on the contactless card.
authent ID keyboard 0 (0, 1) (only in MorphoAccess 500 Series)
If set to 1, the access is granted if the captured fingerprint matches one
of the templates stored in the terminal database, indexed by the numeric
value entered on the keyboard.
authent remote ID source 0 [0-2] (only in MorphoAccess 500
Series)
Specified if the user ID has to be received on Wiegand/DataClock port,
and if yes, in which format: either Wiegand frame or DataClock frame. This
received user ID is used to retrieve the users templates in the database.
The access is granted if the captured fingerprint matches one of the
retrieved templates.
Value

Description

Signals received from Wiegand/Dataclock port are ignored

The user ID is received within a Wiegand frame on Wiegand/DataClock

port. The Wiegand frame format to be received is described in [wiegand

in] section.
2

The user ID is received within a DataClock frame on Wiegand/DataClock

port. The DataClock signal to be received is described in [dataclock in]

section.
authent timeout 10 [1-60] (only in MorphoAccess 500 Series, and
MorphoAccess 100 Series terminals equipped with a contactless
smartcard reader)
Defines (in seconds) the delay given to the user to place a finger on the
sensor, after user ID acquisition: read on users contactless card, seized
on the keyboard (MorphoAccess 500 Series only), or received through
Wiegand/DataClock port (MorphoAccess 500 Series only).
BIOPIN enabled 0 (0, 1) (only in MorphoAccess 500 Series
equipped with a contactless smartcard reader)
This feature allows replacing normal biometric check, by a numeric code
(BIOPIN) check. This is an option of authent PK contactless mode, and it
requires that the contactless card contains a BIOPIN code (tag BIOPIN),
and no templates (neither tag PK1, nor tag PK2).
As this check is an option, the key authent PK contactless must be set
to 1.

12

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

control PIN 0 (0, 1) (only in MorphoAccess 500 Series equipped

with a contactless smartcard reader)
If no contactless authentication feature is enabled, the access is granted
when the user enters a PIN code, using the keyboard, which matches the
PIN code value read on the contactless card (tag PIN).
If one of the authent PK contactless or authent ID contactless feature is
enabled (MorphoAccess that are able to encode cards only), the access
is granted when the PIN check (as described above) and the biometric
check are both successful.
AC_ID FINGER;CARDDATA;KBD;WGDTCLK;
This key specifies on which kind of identifier the access rights are
assigned. Indirectly it defines the actions which are allowed to start an
access control process (access request).
This key also specifies the priority level of each kind of identifier when
several identifiers are acquired: the highest priority is assigned to the first
identifier specified in the configuration key (default: FINGER), and the
lowest priority to the last identifier (default: WGDTCLK). For now, this
priority feature is limited to contactless card authentication modes only.
Identifier type

Description

FINGER

The access request starts when a fingerprint is detected on the

sensor. The fingerprint enables to retrieve the Users Identifier
stored in local database.
This identifier type is ignored when the identification mode is
not activated.
If this identifier type is missing in the configuration key, then
the identification mode is automatically out of order.

CARDDATA

The access request starts when a users identifier is read in the

contactless card data (either a TLV formatted data, or a binary
data according to the app/contactless/data format
configuration key).
This identifier type is ignored when none of the contactless
card authentication modes is activated.
This identifier type is ignored if the 2 bit flag value is not
included in the app/contactless/event on configuration key.
If this identifier type and CARDSN type are missing in the
configuration key, then all the contactless card authentication
modes are automatically out of order.

KBD

[MorphoAccess 500 Series only]

The access request starts when a users identifier is seized on
the keyboard.
If this identifier type is missing, the access control by
authentication mode activated by the app/bio ctrl/authent ID
keyboard configuration key is disabled.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

13

Identifier type

Description

WGDTCLK

[MorphoAccess 500 Series only]

The access request starts when a users identifier is received
from the Wiegand/DataClock port.
If this identifier type is missing, the access control by
authentication mode activated by the app/bio ctrl/authent ID
source configuration key is disabled.

CARDSN:STD

[Only for terminals equipped with a contactless smartcard

reader]
This mode can not be used when card profile reading is
configured.
The access request starts when an ISO14443 type A card
serial number is read. The users identifier is the ISO14443
type A card serial number, in standard format (Card UID bytes
are read in normal order).
It means that the hexadecimal card UID 0xFEA7B152 value
gives a users identifier equal to 4272402770.
This identifier type is ignored when none of the contactless
card authentication modes is activated.
The identifier type is ignored when the 1 bit flag value is not
included in the app/contactless/event on configuration key.
If this identifier type and CARDATA type are missing in the
configuration key, then all the contactless card authentication
modes are automatically out of order.

CARDSN:REV

[Only for terminals equipped with a contactless smartcard

reader]
This mode can not be used when card profile reading is
configured.
Same as CARDSN:STD except that the Card UID bytes are
read in reverse order.
It means that the hexadecimal card UID 0xFEA7B152 value
gives a users identifier equal to 1387374590.

NOTE:

Identifiers must be separated by a ; character, and the final

; character is mandatory.

Priority example:
On a MorphoAccess 520, the key AC_ID is set to:
FINGER;CARDDATA;CARDSN:STD;KBD;WGDTCLK;
The user presents a MIFARE card containing two templates and a user
ID stored in TLV format. It is assumed that the MorphoAccess 520 has
the relevant MIFARE authentication keys (it means that the data stored
on the card can be read by the terminal):

14

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05


the CARDDATA condition is satisfied because there is a user ID
stored in the contactless card, and its value can be read by the
terminal,

the CARDSN:STD condition is also satisfied because the Card

UID is available from any ISO14443 type A card, such a MIFARE
card,

but finally, the access control process uses the User ID

(CARDDATA identifier type) because the CARDDATA; identifier
type is before the CARDSN:STD; identifier type, in the AC_ID
configuration key.
Now the user presents a virgin MIFARE card:

the CARDDATA condition is not satisfied, as there is none data

stored on the card,

the CARDSN:STD condition is satisfied, because the Card UID is

available from any ISO14443 type A card, such a MIFARE card,

so, the access control process uses the Card UID (bytes read in
direct order) because the CARDSN:STD is the only one condition
satisfied.

[contactless]
This section applies only to MorphoAccess equipped with a contactless
smart card reader.
C 1 (1, 2, 3)
1: Key A then B are presented to read a MIFARE card.
2: Key A only.
3: Key B only.
B 4 [0-215]
First block read on MIFARE cards.
data format 0 (0, 1)
When this feature is activated, the identifier is read at a given offset
(defined by data offset) on the card and is supposed to be binary.
This mode can not be used when card profile reading is configured.
data offset 0.0 [number of bytes].[additional bits]
Defines the offset in the read block defined by B.
data length 8.0 [number of bytes].[additional bits]
ID size in bytes, with possible additional bits.
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

15

data type 0.1 [format].[direction]

0.1 (binary data, MSB first)
0.0 (binary data, LSB first RFU)
HID key valid 1 (0,1) (only for terminals equipped with a iClass
contactless smartcard reader)
1 means iClass security keys are valid
0 means the key is not valid. Default key will be restored.
HID start page 1 [1 5] (only for terminals equipped with a iClass
contactless smartcard reader)
First page read on iClass 16K16 cards.
HID start block 19 [19 177] (only for terminals equipped with a
iClass contactless smartcard reader)
First block read on iClass 16K2 cards.
HID mode 2 (only for terminals equipped with a iClass
contactless smartcard reader)
Do not edit this value.
event on 2 (0 - 65535)
This bit field mask specifies which kind of contactless data are available
for the future access control request.
Value Identifier on which is based the access control process
0

None.
This value disables all authentication modes based on a
contactless card (all contactless cards are ignored).

ISO 14443 type A Card UID (Unique IDentifier)

The MorphoAccess can use only the ISO 14443 type A
Card UID for the access control request, even if more
contactless data were read.

Card data: data read on the card (default value).

The MorphoAccess can use only Card data for the access
control request, even if the Card UID was read.
Either a TLV formatted data (usually the User Identifier) or a
binary formatted data (such as a serial number), as specified
by the app/contactless/data format configuration key.

The MorphoAccess can use both ISO 14443 type A Card

UID and Card data, if it can read the Card data.

This configuration key is used in combination with the app/bio ctrl/AC_ID

configuration key.
16

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

enabled profiles (only for terminals equipped with a DESFire

contactless smartcard reader)
It is possible to enable card reading for:
-

DESFire cards only,

MIFARE cards only,

DESFire and MIFARE cards.

The key enables cards reading profiles. This key is a bit field:
Value Enabled profiles
0

No profile is enabled.
If card reading is set by the standard existing registry keys (see
above). MIFARE card reading is enabled.

DESFire card profile enabled.

Terminal will only accept DESFire cards. The profile can be
customized by /app/contactless/desfire params key.

MIFARE card profile enabled.

The parameters are set in the standard existing registry keys
(see above).

Both DESFire card profile and MIFARE card profile are

enabled.
If one DESFire card and one MIFARE card are
presented at the same time, DESFire card will be read.

Default value on DESFire terminals: 0x03 (DESFire and MIFARE

card).
desfire params (only for terminals equipped with a DESFire
contactless smartcard reader)
This is a bit field to enable/disable DESFire card profiles features.
Value Enabled features
0

All following features are enabled.

Do not format card before writing it (for encoding only).

Default: the card is formatted.

Do not enable key rotation on the fly.

Default: the key rotation is disabled.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

17

16

Do not diversify cards Master PICC key.

Default: Master PICC key is diversified with the Sagem
Scurit diversification algorithm.
All the other bits are reserved for a future use.

Default value is 2 (do not enable key rotation on the fly).

See MorphoAccess Users Guide for details about these features.

[relay]
aperture time in 10ms 300 [50-60000]
The relay aperture time can be defined with this parameter.
enabled 1 (0, 1)
Activates the relay after a successful control during the previous time.
relay default state 0 (0, 1)
Defines the relay default state (when access is not authorized).
external control by LED1 0 (0,1)
The relay is switched during the previous time, when LED1 is set to the
ground, otherwise it remains in the default state. (This functionality is
not compatible with the LED IN functionality)

[send ID UDP]
host name 134.1.2.189 (IP address only)
Defines the IP address of the host that will receive the user ID messages.
host port 11020 [0-65535]
Defines the host port on which the user ID messages are sent.
enabled 0 (0, 1)
Activates the sending of user ID messages (access control check result),
thought IP link, using UDP protocol.

[send ID ethernet]
connect timeout 2000 ([1-65000]
Timeout used for connection, reading and writing data (at TCP/UDP level)
to/from the remote controller. This timeout is a multiple of 10 ms (2000
means 20 seconds).
18

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

controller 1 port 11020 [0-65000]

Defines the controllers port on the network.
controller 1 IP 134.1.2.189 (IP address only)
Defines the controllers IP on the network.
controller 2 port 11020 [0-65000]
Defines the alternative controllers port on the network.
controller 2 IP 134.1.2.189 (IP address only)
Defines an alternative destination controllers IP on the network.
mode 0 [0 - 4]
Value Description
0

Default value: ID messages sending disabled.

ID messages sending enabled, UDP protocol used.

ID messages sending enabled, TCP protocol used.

Same as 2, but in case of failure the terminal automatically

switches to mode 1 (protocol UDP).

Not used.

timeout back to controller 1 3600 [0-7200]

When alternative controller is activated (mode 2), on connection to default
controller failure, the terminal switches to alternative controller.
While the duration of timeout back to controller 1 timeout, the
MorphoAccess tries first to connect to the alternative controller, before
switching back to the default controller in case of error.
When timeout elapsed, the terminal automatically tries to connect first to
controller 1.
Value of 0 means that default controller is always reached before the
alternative controller.
controller on no response [0-1]
If enabled (default), the terminal is able to grant access in case of
communication failure. If disabled, the terminal will always deny access on
communication failure.
profile id [0-1] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Indicates the SSL profile (index in configuration file sslprofile.cfg) used

by the send ID Ethernet feature when SSL is enabled.
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

19

SSL enabled [0-1] (SSL use only)

Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

If enabled, the terminal will try to connect to the remote controller using
SSL. Note that both the terminal and the controller must be able to
communicate and authenticate themselves (requires certificates).

[tamper alarm]
level 0 (0, 1, 2)
Value Description
0

Default value: back cover removal detection disabled.

Sends alarm in case of back cover removal.

Sends alarm and activates buzzer in case of back cover removal.

interval 1500 [0-3000]

It defines the time (in 10ms) interval between two alarm messages
sending (reboot is mandatory).

[send ID wiegand]
valid format 1 (0,1) (read only)
The frame format, as specified by the configuration keys below, is valid.
custom format 0.0 (do not edit)
Reserved for Sagem Scurit custom protocols.
ID format 9.16 (n.m)
Inserts m bits of ID value at offset n (first bit is n=0, m 64).
site format 1.8 (n.m)
Inserts m bits of site value at offset n (first bit is n=0, m 64).
stop format 3.12 (0.0, 1.0, 2.n, 3.n, 4.0)
Defines the stop control bit format. Refer to MorphoAccess Remote
Messages Specification document.
start format 2.12 (0.0,1.0, 2.n, 3.n, 4.0)
Defines the start control bit format. Refer to MorphoAccess Remote
Messages Specification document.

20

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

frame length 26 [1 - 128]

Defines the total number of bits of the frame.
HID conversion 0 (0, 1)
Allows the User ID read on a HID contactless card to be process as a
raw Wiegand frame to be sent without being formatted (used on terminals
equipped with an iClass contactless smartcard reader).
site code 7 [0-65535]
Terminal site code value.
enabled 0 (0, 1)
Allows the sending of the User ID message (result of access control
check) using Wiegand protocol (the Send ID DataClock feature must be
disabled).
built frame
Activates the enhanced Wiegand sending. By using that key, the user can
send the AC_ID (refer to /app/bio ctrl/AC_ID key), the alarm ID (refer to
app/failure ID/alarm ID key), or the ISO14443 type A contactless card UID.
That key acts as a complement of the previous keys. It means that every
data needed by that key are additional data. But in some cases those data
can replace the previous data, such as ID format for example.
Set this value to AC_ID:X.Y; to insert Y bits of AC_ID at offset X.
Set this value to ALARM_ID:X.Y; to insert Y bits of alarm ID (if enabled)
at offset X, in case of alarm.
Set this value to CARDSN:X.Y; to insert Y bits of ISO14443 type A
contactless card UID (if captured) at offset X. Note that the card UID is in
binary format.
NOTE:

SSE-0000062458-05

Values are separated by a ;. The final ; is mandatory.

Sagem Scurit document. Reproduction and disclosure forbidden.

21

Example:
The administrator wants the MorphoAccess to match the MIFARE
contactless card UID and send it using the Wiegand output with no site
code, no start bit, and no stop bit. He also wants to send an alarm ID in
case of back cover removal.
The key /app/bio ctrl/AC_ID is configured to match the contactless card
UID.
Alarm keys are correctly configured.

22

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Wiegand configuration keys are configured as following:

-

enabled 1 Enable the Wiegand sending feature,

frame length 32 MIFARE contactless card UID is 4 bytes,

start format 4.0 No start bit,

stop format 4.0 No stop bit,

ID format 0.0 No classical ID,

site format 0.0 No site code,

built frame ALARM:0.32;AC_ID:0.32; In case of alarm, insert 32

bits of ALARM ID at offset 0. Else, insert 32 bits of the AC_ID at offset
0 (first bit), if AC_ID is captured.

[send ID dataclock]
data inverted 0 (0, 1)
Data level is inverted.
clock inverted 0 (0, 1)
Clock level is inverted.
enabled 0 (0, 1)
Allows the sending of the User ID message (result of access control
check) using DataClock protocol (the Send ID Wiegand feature must be
disabled).
card present signal 0 (0, 1) (MorphoAccess 500 Series only)
Activates the card present signal. The card present pin is set to 5V when
the ID is sent on the dataclock pins, and reset to 0V when the
transmission is finished. It is useful for some dataclock controllers.
NOTE: At the terminals startup, the signal is set to 5V during less than
1s then it is set to 0V.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

23

[send ID serial]
mode 485 (422, 485)
Defines the serial protocol to use.
Value Description
485

Default value: RS485 protocol.

422

RS422 protocol (available on MorphoAccess 500 series only).

Other values are ignored.

terminal identifier terminal dependent value [0 255]
Defines the terminal on a RS485 network.
parity 0 (0, 1, 2)
0 No, 1 Odd, 2 Even.
stopbits 1 (1, 2)
1 or 2 stop bits.
databits 8 (7, 8)
7 or 8 bits for data.
speed 115200 (300,1200,2400,4800,9600,19200,38400,57600,115200)
Serial port speed in bps.
enabled 0 (0, 1)
Activates the sending of User ID message, using RS485 or RS422
protocol, depending of the mode key value.
wait reply 0 (0, 1)
When the control succeeds and the ID is sent using RS422, the terminal is
able to wait for a reply from a controller on RS422.
display duration 3 [0-3600]
Corresponds to the display duration of the message sent by a controller to
the terminal. The key wait reply must be set to 1
reply timeout 5 [0-3600]
Corresponds to the time (in seconds) the terminal waits for a controller to
reply. The key wait reply must be set at 1.

24

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[failure ID]
send ID mask 255 [0-255] (only for send ID Ethernet modes)
This bit field mask defines which kind of ID messages are sent, when one
of the send ID Ethernet modes is enabled
Value Description
255

Default value: all types of message are sent.

Access granted message sending allowed

Access denied, user not recognized or not authorized message

sending allowed

Access denied, user not in time message sending allowed

(Time mask feature)

Access denied, timeout occurs during access control check

message sending allowed.

16

Access denied, FFD message sending allowed

(MorphoAccess equipped with fake finger detection only)

128

Tamper alarm message allowed

For example to send only the user ID message when the user is
authorized and when user is not recognized, set this key to 3, which
means 1 (User authorized message) + 2 ( User not recognized or not
authorized message).
The configurations keys listed below, apply only to the Send ID
Wiegand and to the Send ID DataClock features. These keys
specify the value to send for each case of access denied reason.
not on time ID 65535 [0-65535]
Value to send if the access is denied during the current time area (Time
Mask feature).
timeout ID 65535 [0-65535]
Value to send if the access is denied because timeout occurs during
access control check.
not in DB ID 65535 [0-65535]
Value to send if the access is denied because no record can be found in
the database for the specified user ID (i.e. no biometric operation can be
performed).
not recognized ID 65535 [0-65535]
Value to send if the access is denied because the user is not identified
(i.e. a biometric operation has failed).
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

25

generic error ID 65535 [0-65535]

Value to send as user ID if the access is denied because an unexpected
error occurs.
FFD ID 65535 [0-65535] (only on terminals capable to detect false
fingers)
Value to send if the access is denied because FFD check fails (not a valid
finger).
enabled 0 (0, 1)
Enables the sending of a ID message when access is denied to the user,
or when the alarm is triggered.
alarm ID 65535 [0-65535]
Value to send when the tamper alarm feature is enabled, and when the
MorphoAccess 100 or 500 Series is opened. This is not an access
control error code, but it is send through the same channel, using the
same format.

[log file]
enabled 1 (0, 1)
When set to 1, the key activates the recording of each access control
request in the internal log file.
full handling 00000000
This string represents a bit field. It defines the actions to perform when the
access control logs are full in a MorphoAccess terminal. To enable an
action, set the corresponding bit to 1 in value of the configuration key.
Value

Description

00000000

Nothing is performed

00000001

A warning message is displayed on the MorphoAccess

screen (if equipped).

00000002

A message is sent to a distant host using a defined

interface (cf. remotemsg.cfg file).

00000004

The log file is erased then current control result is written

The actions can be combined by combining the value. For example, set
the value to 00000003 to display a warning message and send a
message to a distant computer.

26

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[led IN]
controller ack timeout 300 [0-3000]
LED IN acknowledgement timeout in 10 ms. If no signal is detected (from
LED1 or LED2) within the specified time, the terminal denies the access to
the user.
enabled 0 (0, 1)
When set to 1, the terminal wait for a signal on LED1 (access granted) or
on LED2 (access denied), to return the final result of access control
request to the user.

[G.U.I]
database conversion 500 [300, 500] (MorphoAccess 500 Series
only)
300: 16 databases mode (for MA300 compatibility).
500: 5 databases mode.
display user info 2 [0 2] (MorphoAccess 500 Series only)
2: if database contains additional fields FNAME and NAME user name
and first name are displayed on successful recognition.
1: user identifier is displayed on successful recognition.
0: no personal information is displayed on successful recognition.
default language 0 [0-5] (MorphoAccess 500 Series only)
Defines the user interface language. 0 for English.
volume 10 [0-10]
0: The buzzer is off.
[1-10]: The volume is set to the corresponding value. 10 is the maximum
volume.
led out signal 0 (0, 1) (MorphoAccess 500 Series only)
Activates the led out signal. The led out pin is the copy of the multicolour
LED in case of positive match. It means that signal is set to 5V when the
led is on and set to 0V the rest of the time.
NOTE: At the startup of the terminal, the signal is set to 5V during a
very short period of time then it is set to 0V.
display hour 0 (0, 1) (MorphoAccess 500 Series only)
Displays hour and date on the main screen.
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

27

time attendance icons 1 (1, 2) (MorphoAccess 500 Series only)

Changes the icon set of the time and attendance mode.
1: MorphoAccess 500 Series icons
2: MorphoAccess 200/300 Series icons (with text)
wallpaper FILE:default.bmp;(MorphoAccess 500 Series only)
(Extended Time and Attendance only)
Defines the bitmap to be displayed on screen when extended time and
attendance is used.
This configuration key has the following format:
FILE:<Name of the bitmap>;
Example: FILE:default.bmp;
NOTE: If the key is badly formatted, extended time and attendance is
cancelled. The final ; is mandatory.

[modes]
time and attendance 0 (0, 1, 2, 3) (MorphoAccess 500 Series only)
Time and attendance mode can be activated with 2 (option 1) or 4 buttons
(option 2).
When the value is set to 3, the extended time and attendance is activated:
each numeric key of the keyboard is associated to one of the time and
attendance function (described in the app/keyboard/mapping
configuration key), and a customer designed bitmap picture is displayed
on the terminals screen. Usually, this picture indicates the assignation of
each key.
T&A operation timeout 20 (0-65535) (MorphoAccess 500 Series
only)
This value specifies the Time and Attendance timeout (value is in
seconds). This is the timeout after which the operation in progress is
cancelled and the MorphoAccess comes back to the Time and
Attendance main screen.
time mask 0 (0, 1)
This mode enables the access according to its time mask. Time mask is
defined by slots of 15 minutes over a week. Database must contain an
additional field TMSK.

28

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

idle peripherals 3 (0, 255)

This value specifies the features to deactivate after a customizable period
of time (idle mode). This value is a mask, several features can be
deactivated at the same time.
1: to deactivate the screen and keyboard backlight only
2: to deactivate the biometric sensor only
To deactivate both backlight and biometric sensor, set this value to 3.
Set this value to 255 to deactivate every feature. For the moment, those
features are backlight and biometric sensor.
idle timeout 0 (0-65535)
This value specifies the Idle timeout (value is in minutes).This is the
inactivity time that triggers the idle mode.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

29

[dataclock in] (MorphoAccess 500 Series only)

data inverted 0 (0, 1)
Set to 1 to expect an inverted Data signal.
clock inverted 0 (0, 1)
Set to 1 to expect an inverted Clock signal.

[wiegand in] (MorphoAccess 500 Series only)

custom format 0.0 (do not edit)
Reserved for Sagem Scurit custom protocols.
ID format 9.16 (n.m)
Inserts m bits of ID value at offset n (first bit is n=0, m 64).
site format 1.8 (n.m)
Inserts m bits of site value at offset n (first bit is n=0, m 64).
stop format 3.12 (0.0 1.0 2.n 3.n 4.0)
Defines the stop control bit. Refer to MorphoAccess Remote Messages
Specification.
start format 2.12 (0.0 1.0 2.n 3.n 4.0)
Defines the start control bit. Refer to MorphoAccess Remote Messages
Specification.
frame length 26 [1-128]
Defines the number of bits of the frame.
site code 7 [0-65535]
Terminal site code.
check Site Code 1 (0, 1)
To check the frame site code.

30

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[info]
type (read only)
Terminal type (MA100, MA110, )
release A (read only)
For internal use only.
minor Y (read only)
Minor software revision.
major X (read only)
Major software revision.

[keyboard] (MorphoAccess 500 Series only)

timeouts PIN:20;
This value specifies several timeouts (PIN and BIOPIN keyboarding time
for the moment).
Set this value to PIN:XX; to change the PIN and BIOPIN timeout (value
is in seconds). This is the timeout after which the keyboarding is
cancelled.
NOTE: Final ; is mandatory. If the string is badly formatted, the
timeout is considered to be the default value (20).
mapping 1:1;2:5;3:2;4:5;5:5;6:5;7:3;8:5;9:4; (Extended Time and
Attendance only).
Defines the keyboard keys associated to a set of time and attendance
functions when extended time and attendance is used.
This configuration key has the following format:
<Key code>:<Function code>;
Example: 1:1;2:2;3:3;4:4;5:5;6:5;
NOTE: If the configuration key is badly formatted, extended time and
attendance is cancelled. The final ; character is mandatory.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

31

Key codes are defined as follows (decimal value of the corresponding

ASCII numeric character):
Key
'1'

Code
1

'2'

'3'

'4'

'5'

'6'

'7'

'8'

'9'

Functions codes are defined as follows:

Function
In

Code
1

Out

Temporary In

Temporary Out

Key code

The four first functions are identical to the one supported by the 4 buttons
Time and Attendance mode (activated when the app/modes/time and
attendance key is equal to 2).
The key code function is specific to the extended Time and Attendance
mode: in the access check result message sent through IP, the letter
which identifies the In/Out function is replaced by corresponding digit of
the pressed function key (if the 3 key is pressed, then the message
contains 3 in Time and Attendance field).

32

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

BIOMETRIC SENSOR PARAMETERS (BIO.CFG)

[bio ctrl]
matching th 3 [1-10]
Defines the terminal matching threshold (as described in User Guide).
FFD security level 1 (0, 1, 2)
Defines the control level of the FFD feature of the MorphoAccess
equipped with fake finger detection: 0 is the lowest and 2 the highest.
finger type 0 (0, 1)
Select the fingerprint coder option to be used during fingerprint acquisition.
This configuration key is equivalent to the /cfg/Maccess/bio/juvenile
configuration key of MA200 and MA300 Series.
Value Description
0

Default value: standard biometric coder option (recommended)

Juvenile option activated for all fingerprint acquisitions.

This option provides a better enrolment quality with thin fingers
(but a little lower for normal finger).
When this option is activated, the fingerprint acquisition
process duration requires around 400ms extra-time.

Following keys are strictly reserved for Sagem Scurit use only.
Please do not change their values, the actual values are tuned to
obtain the best results:
uniformity correction 0
image contrast 0
image size 0
sensor sensibility 1
1st try strategy 0
2nd try strategy 1
presence detection 0

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

33

ADMINISTRATION SETTINGS (ADM.CFG)

[remote management TCP]
latency timeout 3600 [0-600000]
This value defines the delay (in seconds) allowed between two TCP
packets when a fragment of command is received (reboot is mandatory).
inactivity timeout 600000 [0-600000]
Do not change this parameter (reboot is mandatory).
port 11010 [0-65535]
Defines the terminal server port (reboot is mandatory).
enabled 1 (0,1)
Enabled the administration through the TCP link (reboot is mandatory).

[remote management serial] (MorphoAccess 500 Series only)

COM number 2 [0-2]
Do not edit this value.
parity 0 (0, 1, 2)
0 No, 1 Odd, 2 Even.
stopbits 1 (1, 2)
1 or 2 stop bits.
databits 8 [5-8]
5 to 8 databits.
baudrate 115200 (300, 1200, 2400, 4800, 9600, 19200, 38400, 57600,
115200)
Link speed in bps.
enable 0 (0, 1)
Enables remote management using serial link (reboot is mandatory)

34

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

flow control 0 (0, 1)

Flow control:
0: no flow control.
1: flow control via RTS/CTS management.

[distant session]
inactivity timeout 6000 [0-6000]
Duration let to a remote host to send another following command before
reactivating the terminals default running state (as biometric sensor for
identification).
Please do not change this value, the actual value is tuned to obtain
the best result.

[remote management SSL]

command write timeout [20] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Duration let to SSL server to send command frames (in case of big
frames).
Please do not change this value, the actual value is tuned to obtain the
best result.
command read timeout [20] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Duration let to SSL server to receive command frames (in case of big
frames).
Please do not change this value, the actual value is tuned to obtain the
best result.
profile id [0-1] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Indicates the SSL profile (index in configuration file sslprofile.cfg) used to

administrate the MorphoAccess using SSL.
peer authentication enabled [0-1] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

If enabled (default and only available value), mutual authentication will be

done. Must not be disabled.
SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

35

session cache enabled [0-1] (SSL use only)

Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

If enabled (default and only available value), session cache will be used.
Must not be disabled.
port 11010 [0-65535] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Defines the terminal server port. (reboot is mandatory)

enabled [0-1] (SSL use only)
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

If enabled, SSL server will start then wait for commands. If TCP server
and SSL server are enabled with same listening port, priority will be given
to TCP. It is recommended to use Sagem Scurits Active MACI as
remote SSL client communication layer.

36

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

NETWORK PARAMETERS (NET.CFG)

[boot proto]
DHCP activated 0 (0,1)
0: static IP address (reboot is mandatory).
1: the terminal starts using DHCP boot mode1 (reboot is mandatory).

[parameters]
network mask 255.255.240.0
Static network mask (reboot is mandatory).
default gateway 134.1.6.20
Static default gateway (reboot is mandatory).
network address 134.1.32.214
Static IP address (reboot is mandatory).
host name MA061110008
Hostname for DHCP (reboot is mandatory).

[device]
speed 10 (10, 100)
Ethernet device speed (Mbits/s) (reboot is mandatory).

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

37

SSL PROFILES (SSLPROFILE.CFG) (SSL USE ONLY)

[miscellaneous]
number of profile [2]
Read only value that sets the number of existing profiles.

[profile0]
This section is commonly used to define the SSL profile for the SSL server
(refer the ADM / Remote management SSL).
retry connection timeout [1]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
connection timeout [0]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
write timeout [50]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
read timeout [50]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
retry init timeout [1]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
init timeout [0]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

38

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
list name
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Reserved for a future use

list type
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Reserved for a future use

ca peer certificates
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

List of peer certificates for authentication, separated by semi-colons.

own certificate
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

PKCS#12 file filename of the terminal.

passphrase id [2]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Reference to the passphrase used to protect access to PKCS#12 file.

Other values are reserved for a future use.
strength level [000000FF]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Algorithm strength level. Other values are reserved for a future use.
supported cipher [00250021]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Supported cipher mask. Other values are reserved for a future use.
protocol version[2]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Value 2 means SSL version 3. Other values are reserved for a future use.
Name
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Information name (not used by terminal).

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

39

[profile1]
This section is commonly used to define the SSL profile for the SSL client
(refer the APP / Send ID Ethernet).
retry connection timeout [1]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
connection timeout [0]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
write timeout [50]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
read timeout [50]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
retry init timeout [1]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
init timeout [0]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Internal value. Must not be modified. Modifying this could turn the terminal
in a non working state.
list name
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Reserved for a future use.

list type
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.
40

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Reserved for a future use.

ca peer certificates
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

List of peer certificates for authentication, separated by semi-colons.

own certificate
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

PKCS#12 file filename of the terminal.

passphrase id [2]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Reference to the passphrase used to protect access to PKCS#12 file.

Other values are reserved for a future use.
strength level [000000FF]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Algorithm strength level. Other values are reserved for a future use.
supported cipher [00250021]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Supported cipher mask. Other values are reserved for a future use.
protocol version [2]
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Value 2 means SSL version 3. Other values are reserved for a future use.
name
Do not change this key manually. Please read section SSL securing configuration
keys at the beginning of this document.

Information name (not used by terminal).

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

41

G.U.I. FILE (GUI.CFG)

[key screens] (MorphoAccess 500 Series only)(only in extended
time and attendance mode)
nb key screens 0 (0, 9)
This configuration key defines the number of confirmation screens
available in the terminal. If the value is 0, then it is possible that the
key_screen_i configuration keys do not exist. Please refer to the section
below.
key_screen_<i> i from 1 to nb key screens
These configuration keys define the confirmation screen, to be displayed
immediately after a specific numeric key is pressed (to require a Time and
Attendance function). The assignation of a confirmation screen to a
numeric key is optional.
The configuration key value includes the numeric key code, the text of the
message to be displayed (30 Latin characters maximum, on the second
line of the screen), and the automatic confirmation time-out value.
This configuration key value has the following format:
KEY:<Key code>;TEXT1:<Text>;TIMEOUT:<time-out in seconds>;
Example: KEY:49;TEXT1:Key 1 selected;TIMEOUT:3;
Key codes are defined in [keyboard\mapping] section of application file.
Note: If the key is badly formatted, extended time and attendance is
cancelled. The final ; character is mandatory.
These configuration keys are ignored when the extended time and
attendance mode is not activated.
While the confirmation screen is displayed, if the user:

presses the Cancel Key (Red function key), the terminal return to
Time and Attendance main screen (key selection),

presses the Validation Key (Green function key), the terminal goes
immediately to next step (usually biometric check),

presses any other key: the terminal ignores it;

does not press any key: when the time-out value is reached, the
terminal goes automatically to next step (same as Validation Key
pressure).

42

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[MMI definition]
buzzer 0;0;0;0;0;0
Strictly reserved for Sagem Scurit use only.
led 0;0;0;0
Strictly reserved for Sagem Scurit use only
priority 200
Strictly reserved for Sagem Scurit use only
number 3
Strictly reserved for Sagem Scurit use only

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

43

EXE FILE (EXE.CFG)

[init state]
assistant 0
Strictly reserved for Sagem Scurit use only.
startup 0 (0,1) (reboot is mandatory)
This key defines which application the terminal launches after a reboot.
Value

Description

Start in Application selection menu

MACCESS application

Enrolment application

[switch app]
app. number 1
Strictly reserved for Sagem Scurit use only.

44

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

WI-FI FILE (WIFI.CFG) (WI-FI USE ONLY)

[access point: XXX]
This section is commonly used to define a reachable access point.
MAC
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

MAC address of the defined access point (XXX)

algo
Do not change this key manually. Please read section Wi-Fi configuration keys at
the beginning of this document.

Security algorithm used:

-

0 for none

1 for WEP64

2 for WEP128

authentication method
Do not change this key manually. Please read section Wi-Fi configuration keys at
the beginning of this document.

Authentication type (WEP connections only):

-

0 for Open authentication

1 for Shared authentication

channel
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

signal strength
Do not change this key.

Indicates the strength of the access point signal.

signal quality
Do not change this key.

Indicates the quality of the access point signal.

add profile
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Add a profile corresponding to that access point.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

45

[profile: YYY]
This section is commonly used to define a profile corresponding to a valid
and reachable access point.
SSID
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Wireless network name (SSID) of the corresponding access point.

MAC
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

MAC address of the corresponding access point

algo
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Security algorithm of the corresponding access point

authentication method
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Authentication type of the corresponding access point (WEP connections

only).
channel
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

key
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Security key to communicate with the corresponding access point

remove profile
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Removes this profile in the configuration file.

46

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

[properties]
active profile
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Sets the profile used by the terminal

boot proto
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Sets the protocol used to obtain an IP address.

Value

Description

The address is obtained from a DHCP server

The address is given by the administrator

network address
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Indicates the IP address of the Wi-Fi interface (IP address obtained

from the DHCP server, if DHCP mode is enabled).
network mask
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Static network mask.

default gateway
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Static default gateway

host name
Do not change this key manually. Please read section WI-FI configuration keys at
the beginning of this document.

Hostname for DHCP mode.

MAC address (read only)
MAC address of the Wi-Fi USB adapter.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

47

ENROLMENT APPLICATION (ENR.CFG)

This section is used to parameter the Enrolment application on the
MorphoAccess 500 Series terminals equipped with a contactless
smartcard reader.

[contactless]
encode type (Terminals equipped with a DESFire contactless
smartcard reader only)
This key let the user select the type of card he can encode using the
enrolment application.
Value Encode cards:
1

DESFire

MIFARE

Both DESFire and MIFARE at the same time (auto

recognition of the card type)

See MorphoAccess 500 Series Enrolment application User Guide for

details.

48

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

LOGS FILE (LOG.CFG)

[LogParam]
This section is used to parameter the Enrolment application on the
MorphoAccess 500 Series for the biometric database synchronization
feature (cf. MA500 Series Enrolment Application User Guide).
LogFile DefLogFile
Name of the file in which the changes made on the biometric database,
using the enrolment application, are written.
LogFileSize 524288 (1-2097152)
Max size in bytes of the previous file. Should be a multiple of 512.
LogMask 00000000
This string key is a bit field that selects what kind of changes are written in
the file.
Value

Description

00000001 Log when a user is added to a biometric database

successfully.
00000002 Log when a user is modified successfully.
00000004 Log when a user is removed from a biometric database
successfully.
00000008 Log when a contactless card is encoded successfully.
00000010 Log when a biometric database is created successfully.
00000020 Log when a biometric database is exported successfully.
00000040 Log when a biometric database is imported successfully.
00000080 Log when contactless keys are generated successfully.
00000100 Log when an admin contactless card is created successfully.
00000200 Log when contactless keys are imported successfully.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

49

[Synchro]
SynchroKey
Do not change this key manually.

This configuration key is used to perform the biometric databases

synchronization.

50

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

REMOTE MESSAGES (REMOTEMSG.CFG)

[interfaces]
This section describes the interfaces that the terminal can use to send a
message to a distant host.
nb interfaces 0 (0-255)
Defines the number of different interfaces to create.
intX
That key is created only if the nb interfaces key is more than 0.
It defines one interface. An interface is defined by its type, and some
parameters depending of the type.
Available types
IP

Type

Parameters

IP

Protocol, only TCP for the moment

Distant host IP address
Distant host port number
Sending timeout in seconds
Receiving timeout in seconds

The configuration key value has the following format:

<Type>;<Parameters>;
Each parameter is separated by a ;. The final ; is mandatory.
Example:
IP;TCP;10.126.59.45;11020;10;20;
It means that the interface is used to contact host 10.126.59.45 on port
11020 using TCP protocol. The sendings timeout is 10s, and the receiving
timeout is 20s.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

51

EVENTS (EVENTS.CFG)
[general]
active FFFFFFFF
This string key is used as a bit field that defines the events that can
generate a message sending.
Value

Description

00000001

Send a message on biometric databases changes (need

an administrator action)

00000002

Send a message when access control log file is full

[bio_chg]
That section is available only if the active key allows it.
nb sending 0 (0-255)
This key defines the number of sending performed when the administrator
decides to signal biometric databases changes to a distant host.
sendX
That configuration key is created only if nb sending is more than 0.
It defines one sending. A sending is defined by the number of attempts,
the attempt interval, a response needed flag, and an interface (cf.
[interfaces])
The configuration key value has the following format:
<Nb attempt>;<Attempt interval in seconds>;<Response needed 0-1
>;<Interface>;
Each parameter is separated by a ;, and the final ; is mandatory.
Example:
3;5;1;int1;
It means that the sending has 3 5s spaced attempts, a response message
is awaited, and the interfaces int1 from the remotemsg file will be used.

52

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Please refer to MA500 Series Enrolment Application User Guide to know

how the administrator activates this message, and MA500 Series User
Guide to know about the messages format.

[log_full]
That section is available only if the active key allows it.
nb sending 0 (0-255)
This key defines the number of sending performed when the access
control log file is full.
sendX
That configuration key is created only if nb sending is more than 0.
It defines one sending. A sending is defined by the number of attempts,
the attempt interval, a response needed flag, and an interface (cf.
[interfaces])
The configuration key value has the following format:
<Nb attempt>;<Attempt interval in seconds>;<Response needed 0-1
>;<Interface>;
Each parameter is separated by a ;, and the final ; is mandatory.
Example:
3;5;0;int2;
It means that the sending has 3 5s spaced attempts, no response
message is awaited, and the interfaces int2 from the remotemsg file will be
used.
Please refer to MA500 Series User Guide and MA100 Series User Guide
to know about the messages format.

SSE-0000062458-05

Sagem Scurit document. Reproduction and disclosure forbidden.

53

SUPPORT
Customer service
Sagem Scurit
SAV Terminaux Biomtriques
Boulevard Lnine - BP428
76805 Saint Etienne du Rouvray
FRANCE
Phone: +33 2 35 64 55 05

Hotline
Sagem Scurit
Support Terminaux Biomtriques
18, Chausse Jules Csar
95520 Osny
FRANCE
[email protected]
Phone: +33 1 58 11 39 19
http://www.biometric-terminals.com/
Copyright 2009 Sagem Scurit
http://www.sagem-securite.com/

54

Sagem Scurit document. Reproduction and disclosure forbidden

SSE-0000062458-05

Head office : Le Ponant de Paris

27, rue Leblanc - 75512 PARIS CEDEX 15 - FRANCE