Idemia SIGMA Series - User Manual

The SIGMA Series terminal is an advanced access control and time & attendance device designed for secure and efficient user authentication. It offers a comprehensive man-machine interface, integrating multiple authentication methods including fingerprint recognition, contactless card authentication, and PIN authentication. This versatile terminal is suitable for various deployment environments, from indoor settings to outdoor installations when properly protected.

Function Description

The SIGMA Series terminal serves as a core component in an Access Control system, processing user access requests and performing identity verification. Its primary role is to ensure secure access by evaluating biometric data, RF card information, and/or PINs. The terminal can operate in several access control modes:

• Identification: In this mode, the terminal runs a standalone application. A user places a finger on the biometric sensor, and the captured fingerprint template is matched against all fingerprint templates stored in the terminal's local database. Access is granted or denied based on this identification.
• Authentication: Similar to identification, this mode also runs a standalone application. A user places a contactless card in front of the reader, or enters their identifier on a keypad, or a Wiegand frame is received from an external device. The user's captured fingerprint template is then matched against their reference fingerprint templates stored on the contactless card or in the user record in the terminal's local database.
• Multifactor: This mode combines both identification and authentication triggers. The terminal runs a standalone application, and both biometric and card/PIN authentication methods are enabled, requiring multiple factors for access.
• Proxy: In this mode, a remote application controls the terminal through network commands. Triggering events are selected by the remote application, and the decision to grant or deny access is also made remotely.

The terminal interfaces with an Access Controller (a third-party product) using protocols such as TCP/IP, Wiegand, Data Clock, or RS485. After verifying a user's access rights, the terminal sends the result (including the User ID) to the Access Controller. The Access Controller then performs additional checks, returns the final decision (access granted/denied) to the terminal for display, and, if access is granted, sends a command to a door electric latch or equivalent device (e.g., deadbolt, door strike, or magnetic lock) to open the door. The terminal can also send an alarm message to the Access Controller if malicious activity, such as tampering or pulling, is detected.

Usage Features

The SIGMA Series terminal is designed for ease of use and administration.

• User Interface: It features a 5" WVGA touchscreen LCD, providing a clear and intuitive interface for user interaction and administration. A VGA camera and microphone are also integrated, enhancing its capabilities.
• Authentication Options: Users can authenticate using fingerprint recognition, contactless cards (iCLASS, MIFARE DESFire, Prox), or PINs. The terminal supports various card reader types, including HID iCLASS 13.56MHz, MIFARE DESFire 13.56MHz, and HID Prox 125kHz, depending on the product variant.
• Local Enrollment: New users can be easily added through the administration menu on the terminal. This process allows for the input of essential user data such as first name, last name, face data (for biometric check), administration rights, PIN, access schedule, holiday schedule, dynamic message settings, door open timeout, record expiry date, inclusion in authorized or VIP lists, and specific access rules. Optionally, a contactless card can be created during enrollment.
• Fingerprint Capture Basics: The biometric sensor is optimized to capture the most useful area of the fingerprint, typically the center of the fingertip. Recommended fingers for capture are the forefinger/index finger (first choice), middle finger (second choice), and ring finger (alternative second choice). Users are advised to avoid using the little finger (poor fingerprint quality) and thumb (ergonomically more difficult). Proper finger positioning is crucial for accurate capture, including correct height, angle, and inclination, ensuring the finger is parallel to the sensor surface and not tilted or lifted.
• Contactless Card and PIN Input: For contactless card authentication, users simply place their RF card in front of the embedded contactless card reader, located behind the contactless logo. If configured, users will also be prompted to enter a PIN code using an alphanumeric or numeric keypad displayed on the LCD touchscreen.
• Remote Administration: The terminal is compatible with MorphoManager application (version 15.5 or higher), allowing for remote administration and enrollment. This software enables comprehensive management of the terminal and its users from a central station.
• First Boot Assistant (FBA): Upon initial startup, the First Boot Assistant guides the administrator through the configuration of fundamental device settings, including date and time, time zone, trigger events, language, network parameters (LAN or WLAN), administration password, and communication protocols (Bioscrypt 4G, MA 500, J Series, or MorphoAccess SIGMA). This assistant can also be launched on demand from the administration menu.
• Secure Communication: IP communication is mandatorily based on TLS for secure data exchange. The communication configuration can be managed using MorphoBioToolBox, a Windows application that also supports full terminal configuration. MorphoManager (version 16 and higher) can also configure TLS communication once the terminal has a valid IP address.
• Enforced Security Configuration: Terminals with firmware version 4.12 or higher come with a default configuration that enforces security. This includes disabling the web server, restricting IP connections to TLS 1.2 only, disabling configuration from the on-screen menu (except for IP configuration), disabling Thrift commands from RS485, and preventing configuration via scripts hosted on a USB dongle. This default configuration is recommended by IDEMIA, but an "On-demand security state" can be unlocked with MorphoBioToolBox for advanced features, provided the end customer is aware and a system security assessment is performed.

Maintenance Features

The SIGMA Series terminal is designed for reliability and ease of maintenance, with specific guidelines to ensure optimal performance and longevity.

• Micro SD Card: A Micro SD card is installed in the terminal at startup, serving as a storage area for the internal database and terminal logs. For replacement, a Class 10 or higher card (1GB min, 32GB max) is required, which must be formatted by the terminal itself to prevent damage to content from Windows PC formatting. Only brand-name cards are recommended to ensure performance and lifespan.
• Power Supply: The terminal can be powered by an external 12-24 Volts regulated and filtered power supply (1 Amp min @12V) or via Power Over Ethernet (POE) through an RJ-45 connector, compliant with IEEE 802.3af or IEEE802.3at type 1. A battery backup or Uninterrupted Power Supply (UPS) with built-in surge protection is recommended for continuous operation. It is crucial to switch off the power supply before installation or working on connectors.
• Date/Time Backup: Volatile settings like date/time are protected against power failure by a dedicated component for at least 24 hours (at 25°C) without external power supply. For applications requiring high time precision, synchronization with an external clock is recommended.
• Relay Wiring: The internal relay is designed for 100,000 cycles and is limited to a maximum current of 2A @ 30V. If the deadbolt/door strike draws more than 2A, an external relay driven by GPO must be used to prevent device damage. Inductive load management requires a parallel diode for better contact lifetime.
• Cleaning: For cleaning, a dry cloth should be used, especially for the glass in front of the biometric sensor. The use of acid liquids, alcohol, or abrasive materials is prohibited. Dry air spray can be used to remove dust from the sensor glass.
• Firmware Updates: To ensure the best performance and access to the latest features, users are recommended to download and install the most recent firmware release.
• General Precautions: The terminal should not be exposed to extreme temperatures. In dry environments, synthetic carpeting near the terminal should be avoided to reduce electrostatic discharge. Installation in areas containing flammable gases or materials is prohibited. The terminal should be installed in controlled lighting conditions, avoiding blinking lights, direct sunlight, or UV light exposure to the biometric sensor. For outdoor installations, an enclosure is recommended to protect the terminal from extreme weather conditions (torrential rains, flooding, high humidity, direct sun exposure, frequent high temperatures) and ensure long-lasting performance.
• Repair and Accessories: Users are advised not to attempt repairs themselves, as this will void the warranty. Only original accessories should be used with the terminal to prevent damage and maintain warranty validity.
• Standalone Terminals: For terminals operating in standalone mode (not connected to a network), regular backups of the local database are strongly recommended, especially after significant changes to user records, using an external mass storage key.