SmartTOUCHTM Xtreme Manual Installation and operation March 20th 2007 Version 1.0 i ii This manual is applicable for the following SmartIDTM products:
o 800-2410 SmartTOUCHTM Xtreme Remark:
This manual is based on software version 2.14 this version supports the storage of one fingerprint template only. This document contains preliminary information regarding storage of two templates. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1) that this device does not cause harmful interference, and 2) that this device must accept any interference received, including interference that may cause undesired operation. Changes or modifications not expressly approved by the manufacturer could void the user's authority to loperate the equipment iii 1. Introduction 1.1 General information This document describes the installation procedure and operating instructions of the SmartTOUCHTM Xtreme combined ISO 14443 and biometric finger print reader. Certificate:
CE : pending FCC : pending Consult your National Authority if any listings are needed for this product. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1) that this device does not cause harmful interference, and 2) that this device must accept any interference received, including interference that may cause undesired operation. Copyright notice:
Copyright ' Integrated Engineering 2003, 2004, 2005, 2006, 2007. All rights reserved. No part of this document may be reproduced, translated into another language, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without the prior written consent of Integrated Engineering. Disclaimer:
The information in this document is subject to change without prior notification. Every precaution has been taken in the preparation of this document. Integrated Engineering assumes no responsibility for errors or omissions. Neither any liability will be assumed for direct or indirect damages resulting from the use of the information contained in this document. Trademarks:
SmartIDTM, SmartLOGONTM, and SmartTOUCHTM are trademarks of Integrated Engineering. MIFARE is a registered trademark of Philips Royal Electronics N.V. iv Table of Contents 1. Introduction 1.1 General information 2. SmartTOUCHTM Xtreme 2.1 2.2 ISO 14443 Cards Electrical Connections Introduction 2.1.1 2.1.2 Access Control Data format 2.1.3 2.1.4 Components Installation 2.2.1 Mounting and connections 2.2.2 Initializing the Reader 2.3 Using SmartTOUCHTM Xtreme Enroll mode: storing a fingerscan template in an ISO 14443 card 2.3.1 2.3.2 Access mode: Obtaining access 2.3.3 Erase mode: Erasing an ISO 14443 card 2.4 The Enroll card and the Erase card 2.4.1 Activating an Enroll card and an Erase card 2.4.2 Programming an Enroll card/Erase card 2.5 Requirements for ISO 14443 Cards 2.6 Appendix 2.6.1 SmartTOUCHTM Xtreme initialization sequence 2.6.2 SmartTOUCHTM Xtreme LED behavior 2.6.3 Possible Errors 2.6.4 SmartTOUCHTM Xtreme and other SmartTOUCHTM readers. Short product specifications and part numbers/article codes Cable Distance SIA recommended cable type for Wiegand signals Wiegand Signal Levels Reader output interface and pull-up resistors 3. Drawings Figure 1: Drawing 71309764, SmartTOUCHTM Xtreme: mounting and installation v iv iv 1 1 1 1 2 2 2 2 3 3 3 4 5 6 6 6 7 8 8 8 9 10 11 11 11 12 12 15 15 2. SmartTOUCHTM Xtreme 2.1 Introduction The SmartTOUCHTM Xtreme reader is an access control proximity reader, which provides a higher level of security: an authorized card alone is not sufficient to obtain access. A fingerprint of the cardholder, which must agree with the template stored on the card, is also required. Use of a card by unauthorized personnel is therefore not possible. The SmartTOUCHTM Xtreme reader is a combination of an ISO 14443 reader and a FingerScan module. The SmartTOUCHTM Xtreme reader makes it possible to store fingerprint templates on ISO 14443 cards in Enroll mode and verifies cards in Access Control mode. After comparing the stored template with the fingerscan of the user, the access control information in the card is sent to an external system. The external system is completely independent of the fingerprint information, which is only stored on the users card and no where else. This prevents problems with the privacy regulations. The reader is built with a narrow housing to provide easy mounting next to doors. Please note that the reader has to be mounted on the correct height for presenting the finger to the reader. The backplate is prepared for mounting the reader on a European of US wall socket. The SmartTOUCHTM Xtreme is prepared for outside use. For extreme, low temperature conditions an optional heater is needed. This document describes the installation procedure, the functions, and the specifications of the SmartTOUCHTM Xtreme reader. The information in this document is based on the software version V102. Please note that the SmartTOUCHTM Xtreme uses minutea based templates. The SmartTOUCHTM Xtreme templates are incompatable with the templates of the SmartID and Classic SmartTOUCHTM readers. 2.1.1 Electrical Connections The SmartTOUCHTM Xtreme reader is an identification and verification unit to be used in combination with an external system. For installation and connections see Figure 1: Drawing 71309764, SmartTOUCHTM Xtreme: mounting and installation and Table 1: SmartTOUCHTM Xtreme connector assignements. 2.1.2 Access Control Data format The reader can read two types of data: the serial number of the card, or data that is stored in the card. The data transfer protocol can be determined by information on the card itself or by the configuration of the reader. The SmartTOUCHTM Xtreme reader supports:
Contact Integrated Engineering for further information. clock and data ABA track 2 emulation Wiegand Clock and Data RS232 / RS422 / RS485 read-only output and PDP-1 RS485 multi-drop protocol 1 2.1.3 ISO 14443 Cards Your dealer, or Integrated Engineering, normally provides suitable cards with the reader. There are, however, certain requirements for cards that are to be used with the SmartTOUCHTM Xtreme reader. These requirements are summarized in chapter 2.5 Requirements for ISO 14443 Cards on page 7. 2.1.4 Components The SmartTOUCHTM Xtreme reader is delivered with the following components:
1. 2. The SmartTOUCHTM Xtreme reader with this manual. A Config card to configure this reader and possible other readers for a specific system/site. An Enroll card to write one or two fingerscan templates on an ISO 14443 card. For more information, see chapter 2.4 The Enroll card and the Erase card on 6. An Erase card to erase templates from an ISO 14443 card. 3. 4. 2.2 Installation 2.2.1 Mounting and connections The reader is built to provide easy mounting next to doors. Please note that the reader has to be mounted on the correct height for correctly presenting fingers to the reader. The usage in Europe is ergonomic optimal at a height of at least 135 cm (53 inches) from the ground. It is better to mount the reader too high than too low!!
The reader can also be mounted on an European or US wall socket. Mounting directly on the wall: Drill the fastening holes for the SmartTOUCHTM Xtreme reader see Figure 1: Drawing 71309764, SmartTOUCHTM Xtreme:
mounting and installation on page 15. Remove the detachable connector and wire the reader connector appropriately as shown in Table 1: SmartTOUCHTM Xtreme connector assignements on page 14. After that, attach the connector to the reader and mount the reader on the wall. Test the reader before closing the housing with bottom screws. Note: The supply voltage must be between 8 and 24 volt. The SmartTOUCHTM Xtreme will not function properly if the voltage is lower. The electronics can be damaged if higher voltages are used. 2 2.2.2 Initializing the Reader The SmartTOUCHTM Xtreme reader is shipped with factory default parameters. These parameters must first be initialized with the appropriate Config card to enable the reader to function properly with your system. The Config card provides parameters for:
o Which data to read for the access control information?
o How and where to store and retrieve the fingerscan data. o A unique key for the reader. This key ensures that only your Enroll card/
Erase card can be used to write fingerscan templates on an ISO 14443 card. If one Enroll card is to be used on several readers, these readers must all be configured using the appropriate Config card.
! Power on the SmartTOUCHTM Xtreme reader the reader enters the initialization sequence. See 2.6.1 SmartTOUCHTM Xtreme initialization sequence on page 8. After the initialization sequence, the reader will enter the Access mode (both LEDs are switched off) as described below.
! Hold a Config card in front of the reader. Both LEDs on the reader turn green, if the card is read successfully, the reader beeps once and the reader re-initializes. The SmartTOUCHTM Xtreme reader is now ready for use.
! If the card is not accepted, both LEDs on the reader remain switched off. 2.3 Using SmartTOUCHTM Xtreme The SmartTOUCHTM Xtreme reader has three operating modes:
o Enroll mode: for writing fingerscan templates on ISO 14443 cards. o Erase mode: for erasing fingerscan templates from ISO 14443 cards. o Access mode: for reading and verification of access control data from ISO 14443 cards. 2.3.1 Enroll mode: storing a fingerscan template in an ISO 14443 card Enroll mode is used for writing fingerscan templates on ISO 14443 cards. One or two finger scans can be written on an ISO 14443 card using the enroll card. See 2.4 The Enroll card and the Erase card on page 6 for more information concerning the Enroll card. Carrying out the procedure in this section will write one template to the card. The second fingerscan template is written to the card if the procedure is repeated. A valid Enroll card is necessary to switch the reader from the initial Access mode to Enroll mode. 3 Steps for enrolling a fingerprint template on an ISO 14443 card:
At the beginning the reader is in the default Access mode (all LEDs are off unless, for example, the red LED is connected as power-on (PIN 2 on the reader connector is connected to GND).
! Present a valid Enroll card to the reader. o When the Enroll card is read, the top LED will turn green and the bottom LED will blink green. This points out that the SmartTOUCHTM reader is in Enroll mode.
! The next step of enrolling is placing a finger on the scanner. The finger will be scanned and the quality of the fingerprint will be checked. o After a successful scan the reader will beep once and the bottom LED will blink red. While the bottom LED is blinking red, the to be access card has to be presented to the reader to write the fingerprint on the card. When the user does not present the card within 5 seconds, the reader will beep three times and will go back to the beginning of the Enroll mode (the bottom LED blinks green). o After an unsuccessful scan the reader will beep three times and the bottom LED will start blinking green again so the fingerscan can be started again.
! If an access ISO 14443 card is presented to the reader within the allocated time, the template will be written on the card. The bottom LED on the reader will be on
(in red) while writing the data to the card. o If the data is correctly written to the card, the reader will beep once and will return to the start of the Enroll mode (waiting for a new finger to scan while the bottom LED blinks green). If the data cannot be written, the reader will beep three times and the reader will also return to the start of the Enroll mode (waiting for a new finger to scan while the right LED blinks green). Note: As long as the SmartTOUCHTM Xtreme reader is in Enroll mode, other cards or a second fingerprint on one card can be processed. o Present the Enroll card to return to Access mode. The green LEDs will turn off. 2.3.2 Access mode: Obtaining access When the SmartTOUCHTM Xtreme reader is powered up it will automatically enter the Access mode. In this mode all LEDS will be off unless, for example, the red LED is connected as power-on (PIN 2 on the reader connector is connected to GND). The SmartTOUCHTM Xtreme reader performs the following tasks in the Access mode:
fingerprints templates. controlled by an external system. o LED and Buzzer input monitoring. Both LEDS and the buzzer can be o Read ISO 14443 cards with access control information and one or two o Verify the fingerprint scan of the person presenting the card against the o Output access control data after a successful verification of the fingerscan o Detect Enroll and Erase cards to switch to the Enroll or Erase mode. fingerscan template(s) in the card. 4 In order to obtain access, follow the following procedure:
! Present an ISO 14443 card with access control information and fingerscan template(s) to the reader. o If a valid card is read the reader will beep and the bottom LED starts blinking green (maximum 5 seconds). This indicates that the card holder must place his/her finger on the scanner. If this is not done within the allocated time (5 seconds), the bottom LED will turn off and the card must be presented again.
! Within 5 seconds place a finger on the scanner. o If the finger is scanned and the data is verified successfully, the reader will beep and the bottom LED will turn green for a short time to show that the card data will be sent to the external system. o If the scanned finger does not match the data on the card, the buzzer will beep three times and the bottom LED will blink red. Note: Scanning and processing of the fingerscan can be slower if two fingerscan templates are present on the card. If the fingerscan does not match with the first template on the card, the reader must match the second template. 2.3.3 Erase mode: Erasing an ISO 14443 card Stored fingerscan template(s) can be erased from ISO 14443 cards using the Erase mode. A valid Erase card is necessary in order to switch the reader from Access mode to Erase mode. After being powered on, the reader is in Access mode.
! Present a valid Erase card. o If the card is valid, the top LED will turn red and the bottom LED starts blinking red. This indicates that the reader is in Erase mode. The reader waits a maximum of 5 seconds for a card with templates to erase. The reader will return to Access mode if no card is presented to the reader within 5 seconds.
! Present an ISO 14443 card with fingerscan templates. o The bottom LED will turn red while the card is being erased. o The reader will beep once when the card has been erased. The reader will o The reader will beep three times and return to Access mode if an error then return to Access mode. occurs during the erase procedure. The SmartTOUCHTM Xtreme reader is programmed to return to Access mode in order to avoid accidental erasure of cards 5 2.4 The Enroll card and the Erase card The Enroll card is used for switching the reader from Access mode to Enroll mode. The enroll card can be used to write one or two fingerprint scan templates in a card. When storing fingerprint templates, the reader checks to see if there is already a template on the card. If the ISO 14443 card has no templates, the template is written on the card. If there is one or two templates on the card, the first template is erased and the new template written instead. o 0 templates on card => write first template to card. o 1 template on card => writes second template on the card. o 2 templates on card => erase first template and write new. The Erase Card erases all the templates from an ISO 14443 card. All used sectors with template data are erased. The AIDs of the SmartTOUCHTM Xtreme application are erased but other AIDs remain intact. 2.4.1 Activating an Enroll card and an Erase card Two security mechanisms are used to ensure that Enroll and Erase cards only work on those readers, which are desired. 1. Enroll code: Each SmartTOUCHTM Xtreme reader contains a four byte Enroll code. Only Enroll card/ Erase card that contains the exact same code are accepted When a SmartTOUCHTM Xtreme reader reads an Enroll card/ Erase card, these codes are compared. If the codes do not match, the Enroll card/
Erase card will not function on the reader. Enroll card Version: Each SmartTOUCHTM Xtreme unit contains a one byte version number. Only the Enroll card/ Erase card with the same or a higher Enroll card version are accepted. When the SmartTOUCHTM Xtreme reader reads an Enroll card/ Erase card, the version number is compared. If the version number on the card is not greater or equal to that in the reader, the card will not work. This mechanism makes it possible to disable older versions of an Enroll card/ Erase card when a card is lost. 2. The user must ensure that the two parameters in the reader are correct. This is done by using the Config card. If Integrated Engineering programs the Enroll cards, each SmartTOUCHTM Xtreme reader will be shipped with a Config card with a unique value for the Enroll code. 2.4.2 Programming an Enroll card/Erase card Both the Enroll card and Erase card are supplied with the SmartTOUCHTM Xtreme reader. 6 2.5 Requirements for ISO 14443 Cards The SmartTOUCHTM Xtreme writes one or two fingerscan templates in an ISO 14443 card. One fingerscan template requires approx 750 bytes storage space on a card. Blank cards can be used, but also cards that already contain data. Currently SmartTOUCHTM Extreme supports Mifare 4k and DESFire cards. Mifare 1k cards provide unsufficient storages space. Mifare 4k cards:
The SmartTOUCHTM Xtreme can be configured in two ways to store fingerscan templates(s) in a Mifare card:
o Allocation via the MAD: The SmartTOUCHTM Xtreme reader will use the MAD to allocate the required free space to store the fingerscan template(s). This is the default configuration. o Allocation via fixed sectors: The SmartTOUCHTM Xtreme will store a fingerscan template in fixed locations. With this configuration it is possible to register the fingerscan template in the MAD structure or to omit the registration in the MAD. If Mifare 4k cards with data are used, the following requirements must be met:
o If the reader is configured to use the MAD: the MAD structure must be present and the reader must know the write access key of the MAD. o The card must have sufficient free space to store the template (one o Each used sector must be registered in the MAD or the SmartTOUCHTM Xtreme unit must be configured to store the template in fixed locations. template takes approx 750 bytes). If blank Mifare 4k cards are used and the SmartTOUCHTM Xtreme reader is configured to use the MAD, the reader will create the MAD structure in the card. When the SmartTOUCHTM Xtreme is configured to use the MAD, ISO 14443 cards programmed with ProxBurn, must be programmed with the MAD!!!
ISO14443-4 cards:
For ISO14443-4 cards like DESFire the following requirements must be met:
reader to create files to store the fingerscan templates. o The access conditions of the card shall allow the SmartTOUCHTM Xtreme o The access conditions of the card shall allow the SmartTOUCHTM Xtreme reader to write data in the fingerscan template files if they already exist
(when using pre-personalized cards). 7 2.6 Appendix 2.6.1 SmartTOUCHTM Xtreme initialization sequence When the reader starts it displays the following initialization sequence:
o Top LED blinks three times red. o Bottom LED blinks three times green. o Buzzer sounds while top LED lights red and bottom LED lights green. o Top LED turns from red to green. o Bottom LED turns from red to green. o Both LEDs turn off and buzzer sounds. 2.6.2 SmartTOUCHTM Xtreme LED behavior Mode/status Wait for card Read card Wait for finger Timeout Read finger Finger verified Finger refused Wait for finger Read finger Wait for card Write template Top LED Off Off Off Bottom LED Access Mode Buzzer Remark Off Off Green Off Red Off Off Beep 3x Green Green Next state is Wait for card. Transmit Card ID. Next state is Wait for card. No output. Next state is Wait for card. Enrol mode: Present enrol card to switch to enrol mode. Green blinking Beep 3x Green Beep Red Off Beep Green Green Green Red blinking Beep 3x on failure next state is Wait for finger. Beep 3x on failure or timeout next state is always Wait for finger. Next state is Wait for finger. Erase mode: Present erase card to switch to erase mode. Green Beep Red Wait for card Red Red blinking Erase Erase successful Erase failed Red Red 8 Beep Beep 3x Beep 3x on timeout. Next state is Access mode. Next state is Access mode. Next state is Access mode. 2.6.3 Possible Errors Error Top LED blinks orange ISO 14443 card is not accepted:
(The reader does not respond to the card) ISO 14443 card is read but access control data is not sent to external system. (Reader beeps three times) Enroll card is not accepted.
(The reader does not respond to the card) A finger scan is not accepted.
(The reader beeps three times) Data is not written in the card.
(The reader beeps three times) Erase card is not accepted.
(The reader does not respond to the card) Erasing an ISO 14443 card fails 9 Possible Cause Hardware problem!
-Card does not contain a template.
-Card does contain a correct template.
-Card does contain access control data.
-Finger is not properly scanned.
-Template on card does not match with fingerscan
-The Enroll code on the Enroll card does not match with the EnrollCode in the SmartTOUCHTM reader.
-The EnrollCard version on the EnrollCard is less than the ECVC in the SmartTOUCHTM reader.
-The Enroll card is programmed with the wrong encryption keys.
-The finger is removed from the scanner before scanning is complete.
-The quality of the scan is not sufficient.
-The card is removed from the reader before the writing process is completed.
-There is insufficient free space available in the card.
- The MAD write access key in the card is not the same as the MAD write access key in the reader.
-A sector in the card is used but not registered in the MAD.
-The Enroll code on the Enroll card does not match the EnrollCode in the SmartTOUCHTM reader.
-The EnrollCard version on the EnrollCard is less than the ECVC in the SmartTOUCHTM reader.
-The Erase card is programmed with the wrong encryption keys.
-The card is removed from the reader before the erasing process is completed.
-A sector with a template is written with a different encryption key than the key in the reader
-The MAD write access key in the card is not the same as the MAD write access key in the reader. 2.6.4 SmartTOUCHTM Xtreme and other SmartTOUCHTM readers. Integrated Engineering manufactures and sells two other types of SmartTOUCHTM readers. The black colored "Classic" SmartTOUCHTM and the SmartID SmartTOUCHTM. The SmartTOUCHTM Xtreme use mintuea based templates that are not compatible with the pattern based templates of the Classic and SmartID SmartTOUCHTM readers. This means that the SmartTOUCHTM Xtreme can not be employed for cards that are enrolled with the "Classic" and SmartID SmartTOUCHTM readers and vice versa. This notice relates to the following products:
o 500-1065 Classic SmartTOUCH sector reader. (black) o 500-1066 Classic SmartTOUCH serial number reader. (black) o 800-8050 SmartTOUCH Mifare Biometric fingerprint reader o 800-8055 SmartTOUCH Mifare Biometric fingerprint reader with PIN o 800-8052 SmartTOUCH DESFire Biometric fingerprint reader o 800-8057 SmartTOUCH DESFire Biometric fingerprint reader with PIN o 800-8051 SmartTOUCH DESFire PIV II compliant Biometric fingerprint o 800-8051 SmartTOUCH DESFire PIV II compliant Biometric fingerprint reader reader with PIN 10 Short product specifications and part numbers/article codes Typical read range with an ISO Card ISO14443-3 up to 5 cm (1.97 inches) ISO14443-4 uo to 5 cm (1.97 inches) Read range depends on card type and communication speed. Power Supply 8 24 Volt DC Power consumption Average 2.5 Watt Peak 5 Watt Interface Inputs Outputs EMC Prot. 10Kohm pull-ups EMC Prot. open drain 0.5 A/max Dimensions 243 x 95 x 66 mm (9.57 x 3.74 x 2.60 inches) Material housing aluminium Operating temperature
-20 to 60 C (32 to 140 F) Humidity Up to 100% non-condensing Note: The SmarTOUCH Xtreme is also designed for outdoor use. Nevertheless special precautions are recommended for to allow for a convenient user experience. Snow, a cold or wet finger sensor will not invite to use the reader. For outdoor use we recommend to mount the reader under a cover. Cable Distance Up to 150 meter (492 foot); depending on output protocol and cable type. Recommended cable type: stranded conductor with overall stranded shield or equivalent SIA recommended cable type for Wiegand signals Cable Length Up to 61m (200.1 ft) Up to 91m (301.8 ft) Up to 153m (502 ft) Cable Diameter inch AWG22 AWG20 AWG18 0.025 0.03 0.04 Diameter mm 0.64 0.82 1.02 Recommended cable for clock and data ABA track 2 emulation: Up to 25 meter
(82 foot), AWG22. 11 Wiegand Signal Levels Voh = Output Voltage idle high Vol = Output Voltage active low Reader output interface and pull-up resistors The SmartIDTM readers provided true open collector outputs for Wiegand/Clock&Data ABA track 2 emulation. This means the data output is not voltage driven. External pull-up resistors are required when the controller does not provide internal pull-up resistors. The typical value for the pull-up resistors is 1 kOhm. The recommend position to place the pull-up resistors is at the controller side. The pull-up resistor #1 connects form Data/D1 (reader connector pin 3) to a 5 Volt reference. The pull-up resistor #2 connects form Clock/D0 (reader connector pin 4) to a 5 Volt reference. 12 Timing 13 Connector Assignments Clock/Data
(ABA) Wiegand RS232 RS422 RS485 Green LED Green LED Green LED Green LED Green LED 1 2 3 4 5 6 7 8 input Red LED input Data Clock Buzzer input Do not Connect Ground Power 8 to 24.00 input Red LED input D1 D0 Buzzer input Do not Connect Ground input Red LED input Do not connect TXD Do not connect RXD Ground Power 8 to 24.00 Power 8 to 24.00 VDC VDC VDC input Red LED input TXA TXB RXA RXB input Red LED input TRX TRX Ground Ground Power 8 to 24.00 VDC Power 8 to 24.00 VDC Table 1: SmartTOUCHTM Xtreme connector assignements Attention: 8 Volt DC is MINIMUM VOLTAGE AT READER CONNECTOR PINS Part number/Description 800-2410 SmartTOUCHTM Xtreme reader 14 3. Drawings Figure 1: Drawing 71309764, SmartTOUCHTM Xtreme: mounting and installation 15 Notes 16 Notes 17 Notes 18 The crossed-out wheeled bin means that within the European Union the product must be taken to separate collection at the product end-of life. This applies to your device but also to any enhancements marked with this symbol. Do not dispose of these products as unsorted. Pending
' Copyright 2007 Issue: April 2007 This manual supercedes and renders invalid all earlier versions. The information in this manual can be changed without prior notice. The information in this manual has been put together to the best of the authors knowledge and conscience. The manufacturers accepts no liability for the accuracy or completeness of the information in this manual. In particular, the manufacturer cannot be held liable for consequential damages caused as a result of incorrect or incomplete information. As it is impossible to avoid mistakes despite all our efforts, we are always grateful if these are pointed out. The installation recommendations contained in this manual assume the most favorable framework conditions. The manufacturer cannot guarantee that the system will function perfectly under other conditions. The manufacturer cannot guarantee that the information contained in this document is not protected by external property rights. The manufacturer is not granting licenses to its own or external patents or other property right. 19