eyeLock nano NXT User manual
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
2© 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 3
PORTABLE TEMPLATE MANUAL VER. 1.0.0
CONTENT
INTRODUCTION TO PORTABLE TEMPLATES 5
EV1 / EV2 5
MOBILE 5
DATAFLOW DIAGRAM 6
INSTALLATION 8
WIRING THE NANO NXT 8
MOUNTING THE WAVELYNX SINGLE GANG READER OR THE MULLION READER 8
INSTALLING THE MOBILE APPLICATION 9
INSTALLING THE DESKTOP PORTABLE TEMPLATE READER/WRITER 9
CONFIGURING 10
NANO NXT 10
EYENROLL CONFIGURATION 12
CREATING THE CUSTOM CERTIFICATE FOR PORTABLE TEMPLATES 13
USING A THIRD PARTY CERTIFICATE 13
ENROLLMENT 14
STEPS FOR WRITING A TEMPLATE 16
WRITING A TEMPLATE WITHOUT EDITING IT 21
WRITING A TEMPLATE WHILE EDITING IT 21
STORING A TEMPLATE TO THE MOBILE APPLICATION 22
AUTHENTICATION & USER STATE GRAPHICS 27
PORTABLE TEMPLATE - SMART CARD 27
PORTABLE TEMPLATE - BLUETOOTH LE WALKUP 28
PORTABLE TEMPLATE - BLUETOOTH LE TAP OR PIN TO SEND 29
EVENT LOG 30
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
4© 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
Information in this document is subject to change without notice. No part of this document may be reproduced or
transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written
permission of EyeLock LLC.
© 2016 EyeLock LLC. All Rights Reserved.
PATENTS: https://www.eyelock.com/index.php/company/patents
nano NXT® Desktop Portable Template
Reader/Writer
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 5
INTRODUCTION TO PORTABLE TEMPLATES
EyeLock’s Portable Template solution continues the evolution of the industry leading nano NXT. Portable Template
allows customers to save iris templates on EV1, EV2 smart cards or on BLE enabled mobile devices. Templates are trans-
ferred to the nano NXT® via Smart Card or Bluetooth LE, depending on the customer’s preference.
EV1 / EV2 SMART CARDS
Smart Card – A single user template can be written to a 4k (or larger) ISO/IEC 14443-4 Type A DESFire EV1 or EV2
card at the time of enrollment. This contactless technology utilizes the 13.56MHz transmission standard. During
authentication, the user presents their card to the reader and the template is transferred to the NXT for authentication.
The user then presents their eyes to the nano NXT to be authenticated. The template is not permanently stored on the
nano NXT as it is removed from memory shortly after the authentication is complete.
MOBILE
Mobile Device – A single user template can be written to a Bluetooth LE compatible mobile device (iOS: 8.0 and
Android: 5.0 (Lollipop)) at the time of enrollment. This low power variant of the Bluetooth standard allows a user
to transfer their template to the nano NXT for authentication at a distance of up to approximately 10 feet. The user
then presents their eyes to the nano NXT for authentication. The template is not permanently stored on the nano NXT;
it is automatically and permanently removed from memory shortly after the authentication is complete. Readers can be
configured to automatically transfer the template when in range or can be configured to prompt the user for transfer via
Tap-to-send or PIN.
All data stored on the Smart Card or Mobile Device is encrypted using industry standard AES-256 encryption.
Additionally, templates can be configured to be activated or deactivated based on specific date ranges, providing
customers with an unprecedented level of security. Data can optionally be stored on the customers’ database for
back-up and recovery.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
6© 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
DATAFLOW DIAGRAM
PORTABLE TEMPLATE ENROLLMENT
USB HUMAN INTERFACE DEVICE INTERFACE.
TEMPLATE AND CREDENTIAL DATA. EV1 or EV2
Card
EyEnroll®
USB HUMAN INTERFACE DEVICE INTERFACE.
TEMPLATE AND CREDENTIAL DATA. Desktop Portable
Template Reader/Writer
Desktop Portable
Template Reader/Writer
Mobile Devices
EyEnroll®
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 7
DATAFLOW DIAGRAM
PORTABLE TEMPLATE CONFIG
PORTABLE TEMPLATE AUTHENTICATION
RS-485
READER CONFIGURATION SETTINGS nano NXT®WebConfig
RS-485
TEMPLATE AND CREDENTIAL DATA
Wall Reader
(Single-gang or mullion)
nano NXT®
EV1 or EV2
Card
Mobile Devices
NOTE:
When a template is being transfered, the wall reader LED will turn amber.
Once the transfer is complete and valid, the wall reader LED will turn green.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
8© 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
INSTALLATION
WIRING THE NANO NXT
The nano NXT communicates with the portable template reader via an RS-485 connection. Wiring to the access control
system varies by protocol. Please refer to the nano NXT manual for detail.
MOUNTING THE SINGLE GANG READER OR THE MULLION READER
Both the single-gang reader and the mullion reader will include a mounting template inside the product box.
Please refer to it for proper installation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
1 2 3 4 5 6 7 8 9 10
1 2 3
1
2
3
4
5
6
7
8
9
1
0
1 2
SOUNDER BLUE
GREEN LED ORANGE
RED LED BROWN
TAMPER YELLOW
RS485 D- (RS232 TX) WHITE
RS485 D+ GREEN
GND BLACK
TO CARD READER
CR +12 VDC RED
TO CARD READER
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 9
INSTALLING THE MOBILE APPLICATION
1. For iOS mobile devices access the App Store. For Android mobile devices access the Google Play store.
2. Search for Eyelock Mobile Template.
3. Install the application through the store.
INSTALLING THE USB DESKTOP TEMPLATE READER / WRITER
Simply connect the Desktop Template Reader / Writer to any open USB port on the enrollment workstation. There are
no additional drivers needed to install it.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
10 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
CONFIGURATION
NANO NXT
Access the web config on the nano NXT. See p.19-22 of the nano NXT instruction manual (version 1.0.9 ) for detailed
instructions (nano NXT manual can be downloaded from https://www.eyelock.com/index.php/login). Once logged into
webconfig, navigate to the Database Tab and check Portable Templates.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 11
OPTIONS
Mobile Mode: The drop-down menu allows the user to select the activity mode for how the EyeLock mobile device ap-
plication works with the nano NXT and the wall reader. When using a mobile device (as opposed to an EV1 or EV2 card),
one of three modes must be selected:
• Walk-Up: The user’s template is automatically sent to the wall reader when the mobile device is in range.
Background scanning must be enabled in the mobile application.
• Tap-to-Send: The user must tap a button in the mobile application to send the template to the wall reader.
• Pin-to-Send: The user must enter a pin on the mobile application to send the template to the wall reader.
Iris Wait Time: This configuration determines how long the nano NXT will temporarily save the iris template while waiting
for the user to present their eyes. Default is set to 10 seconds and can be changed to any value between 10 seconds and
600 seconds (10 minutes).
Key Management Settings: Templates are encrypted with a Certificate through RSA and AES encryption to maximize the
security of the template. Select the certificate (“key”) that the nano NXT will use to decrypt the template.
• Use Default Key: Use the same certificate that is used for standard nano NXT communication.
• Use Custom Key: Use a certificate provided by EyEnroll or a third party certificate. Third party certificate must
be 1024 bit encryption. A custom certificate should be used to maximize security as the default certificate is
available to all Eyelock customers. EyEnroll can generate the required certificate.
Click Save to commit changes to Portable Template options.
CHANGES TO OPERATION WHEN USING PORTABLE TEMPLATES
NOTE: When engaging the portable template mode, the nano NXT’s local database is automatically cleared. The nano
NXT will no longer respond to database push requests from EyEnroll.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
12 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
EYENROLL CONFIGURATION
To configure portable templates, open the EyEnroll application and access the settings page. From the Database Type
dropdown menu, select one of the Portable Template options:
• Portable Template (Card): Templates will be enrolled to a card.
• Portable Template (Mobile): Templates will be enrolled to the mobile device application.
Selecting either option changes the settings screen shown below.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 13
CREATING A CUSTOM CERTIFICATE FOR PORTABLE TEMPLATES
To create a certificate for portable templates, click the Create New Certificate button. This will prompt the user to save
the certificate to the computer, which will be uploaded to the nano NXT(s) via Web Config. Once created, EyEnroll
automatically selects the new certificate as the Portable Template certificate. The certificates generated through the
Create New Certificate option are 1024 bit.
USING A THIRD PARTY CERTIFICATE
To use a third party certificate or a certificate generated from another EyEnroll install, click the Load Existing Certificate
button. If the certificate requires a password, enter it in the box to the left. If EyEnroll needs a password and one was not
provided, it will prompt you to create a password. Use only a 1024-bit certificate for portable templates. The system is
not compatible with other certificate bit lengths.
OTHER OPTIONS
• Use Default Certificate: This option will revert EyEnroll to use the Default nano NXT Certificate for portable
templates.
• Default Template Validity Duration: The templates encoded to cards or mobile devices have a built-in valid
date period. This period is displayed on the Edit User screen of EyEnroll. The portable template will not
authenticate a user outside of that date range. For convenience, the default date validity period can be entered
as a range (in days) from when the template is written. Date range may be modified at the time of writing. Any
updates to template credential or validity duration must be completed at enrollment station.
• ID Type: Set the card format for the underlying access system at the facility.
NOTE: When portable template mode is activated, EyEnroll deletes all devices from the On Device list. As a result,
EyEnroll will not write any access system test data to the nano NXTs. User templates will still be stored on the database
configured in EyEnroll.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
14 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
STEP 1 - SETUP HARDWARE
STEP 3A - ENROLL A NEW USER
STEP 3B - ENROLL AN EXISTING USER
Connect Portable Template
Reader/Writer to PC
Open
“Add User”
STEP 2 - SETUP EYENROLL®
Start
EyEnroll
Open
Settings
Select
Template Type
Save
Settings
Place Card on
Portable Template
Reader/Writer
OR
Enter User
Information
Save User
Information
Card
Written
Start Mobile
Application
Press Upload Button on
Mobile Device
Application
Written
Template Creation
Image Capture
Authentication
Place Card on
Portable Template
Reader/Writer
Activate Upload on
Application
Place Card on
Portable Template
Reader/Writer
Start Mobile
Application
Optional:
Edit User Info
Update
User Info
Open
“Edit User”
Select
the User
Push
User Updated
Card
Written
Application
Written
ENROLLMENT
Portable Template users require a one-time enrollment. Users must
enroll their template to either an EV1 card, EV2 card, or mobile phone
application. The following diagram highlights the steps required for a
successful enrollment.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 15
STEP 1 - SETUP HARDWARE
STEP 3A - ENROLL A NEW USER
STEP 3B - ENROLL AN EXISTING USER
Connect Portable Template
Reader/Writer to PC
Open
“Add User”
STEP 2 - SETUP EYENROLL®
Start
EyEnroll
Open
Settings
Select
Template Type
Save
Settings
Place Card on
Portable Template
Reader/Writer
OR
Enter User
Information
Save User
Information
Card
Written
Start Mobile
Application
Press Upload Button on
Mobile Device
Application
Written
Template Creation
Image Capture
Authentication
Place Card on
Portable Template
Reader/Writer
Activate Upload on
Application
Place Card on
Portable Template
Reader/Writer
Start Mobile
Application
Optional:
Edit User Info
Update
User Info
Open
“Edit User”
Select
the User
Push
User Updated
Card
Written
Application
Written
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
16 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
STEPS FOR WRITING A TEMPLATE
The portable template feature is compatible with both the myris and nano NXT as enrollment devices. Please refer to
pages 29 and 30 of the nano NXT installation manual (version 1.0.9) for detailed enrollment instructions with a nano NXT
device. Please refer to pages 10-13 (version 1.0.0) for detailed enrollment instructions with a myris device. In both cases,
steps 7, 8, and 9 of the enrollment process is supplemented by 7a, 8a, and 9a, respectively. Please add these steps while
conducting portable template enrollments.
Image 7a.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 17
Place a card on top of the Desktop Portable Template Reader/Writer.
Wait for about 5 seconds to ensure that the Desktop Portable Template Reader/Writer detects the card.
Image 8a.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
18 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
Click the Valid Dates button to change the valid date range for the card if desired. Change the dates in the window. The
dropdown arrows activate calendars. Click OK to confirm changes, Cancel to discard them.
Image 9a.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0 19
Click the Save button on the Iris Save screen to finish writing the template. If a screen appears asking to place the card
on the reader, make sure the card is on top of the reader and click OK. The message will continue to appear until the
reader detects the card. To abort writing to the card click the Cancel button.
PORTABLE TEMPLATE MANUAL / VER. 1.0.0
®
20 © 2016 EYELOCK LLC. ALL RIGHTS RESERVED.
From the Edit User window:
Table of contents
