Borealis - Credential Formats

Borealis - Credential Formats

1.0 Introduction

Borealis includes support for a vast range of credential formats including:
  1. Keri NXT
  2. Keri MS
  3. RAW Cardnumber 
  4. 26-Bit Wiegand 10301
  5. 37-Bit Wiegand 10304
  6. MIFARE 32-Bit
  7. MIFARE 56-Bit
  8. Generic 26, 32, 33, 34, 35, 36, 37, 44, 48, 56 (full card number bits and no formatting defined).

Credential formats include both the full card number format calculations across all supported controller types - and customized sets of parameters used by controllers such as the NXT-MSC controllers, to decode a credential that has been presented to a reader.

The setup steps covered in this document assume that you are working on a new system that is fully setup and functional (with hubs, controllers and readers all online and Cloud subscriptions paid for).



2.0 Glossary of Terms

  1. Bit Pattern - The sequence of bits that are programmed on the credential that define the location of the credential data (such as the location of the facility code and the imprint).

  2. Card Number - This is the entire, unique, raw card number that is processed by the Borealis access control system.

  3. Credential - A device used by a cardholder to gain access at a reader on the system (for example; a card, a fob, an RF transmitter, adhesive sticker or wristband, etc).

  4. Credential Format - Provides Borealis with the full credential data. The credential format defines the bit length and how the bits are formed to produce the unique card number. In access control the most common bit length is 26-bits. Other formats have a greater number of bits and may, or may not include a facility code.

  5. Facility Code - The facility code is used to avoid duplication of card numbers. For a 26-bit card, the facility code can range from 0 to 255. Not all credential types are programmed with a facility code. For example; MIFARE card serial numbers (CSNs) do not include a facility code.

  6. Hotstamp - An alternative name for the Imprint.

  7. Imprint - This is the number that is generally printed on the outside of the credential.

  8. MIFARE - A widely used contactless card technology, often used in transport, hospitality and for bank cards. MIFARE cards can contain additional data, such as for vending machines, as well as access control data. MIFARE credentials have 2 parts, an antenna for sending and receiving data and a smart chip that processes and stores information. MIFARE Card Serial Numbers (CSNs) are either 32-bit or 56-bit.

  9. MIFARE CSN - Every MIFARE credential is programmed with a unique card serial number (CSN). This number is programmed at the factory and is completely unique (so there is no possibility of duplication). MIFARE credentials can also have sectors that are programmed with a format (but MIFARE sector formats are not currently supported in Borealis).

  10. Offset- A numeric value that is added to a range of credentials. By using the offset, you can automatically adjust the imprint value of one of the formats by the offset value. This will avoid having two different credentials with the same imprint number.

  11. Parity Bits - Parity bits are check bits that are added to the bit pattern for error checking purposes. Parity bits are the easiest and most common method of detecting an error in the transmitted credential data. Typically, the parity bits are the first and the last bits defined in the credential bit pattern.

  12. RAW Format - This is the unprocessed credential data. It is the full bit pattern as detected by the reader. There is no formatting of the card data, you only need to select the total number of bits to be processed.

  13. Site Code - An alternative name for the Facility Code.

3.0 Important Notes

  1. If a format is already in use and assigned to credentials, you will not be able to delete the format until you have deleted all credentials which are using that format.
  2. For formats that use a facility code, there are two options:
    1. Enroll the long, internal card number by manually entering the imprint and the facility code during enrollment, and then generating the unique internal number. In this instance the facility code is stored with the credential.
    2.  Enroll just the imprint and store the facility code in the credential format settings.

  3. When using the card imprint as the credential format source, you are restricted to a maximum of 8 formats (this includes a maximum of 8 different facility codes). If using this option it is therefore recommended to keep a log of the facility codes and card imprint ranges in use.
  4. After selecting a new format you will have to wait a few seconds while the active format gets sent to the controller.

4.0 General Notes

  1. There  are four active formats in Borealis, by default:  Keri MS, Keri NXT, 26-bit Wiegand (H10301) and RAW format.
  2. Organizations can now set a Favorites list of card formats - or you can define a single format that an organization will use for every system.
  3. Sometimes credential manufacturers may use the term site code as opposed to facility code.
  4. NXT readers programmed with firmware version v4.3.0 are capable of reading both 125KHz NXT and HID credentials.

5.0 Using a Credential Format That is Not in Borealis

It is possible to use a format that is not pre-added to Borealis (for further instructions you would need to speak with Keri Technical Support).

Keri will require the specific card format structure - (which must be obtained from the credential manufacturers by the installation company). Once the required format has been added and verified you will be notified when it is available to use in Borealis . If you are unable to obtain the format details, you should again, contact technical support who will likely request that some credential samples are sent in to be evaluated to determine the exact format.

You can also submit new Borealis credential details via the following URL:



6.0 Using a MIFARE Credential Format

The following steps explain how to select the 32-bit MIFARE card format for use on a new system. 

6.1 Adding the Required MIFARE Format

  1. From within Borealis, click on the gear icon in the upper-right.
  2. Select Credential Formats from the drop-down list.



  3. Next, click the ADD button.
  4. From the drop-down list, select MIFARE Classic 32-bit (CSN).



  5. Click the SAVE icon.

6.2 Enrolling a MIFARE Credential

Typically MIFARE CSNs (Card Serial Numbers) are not printed anywhere on the card, so you will need to use live events to detect the programmed card number by presenting the card to the nearest reader on the system. The following steps explain how to enroll a 32-bit MIFARE credential.
  1. In Borealis, click the Live Events menu option on the left.



  2. The live events grid will be displayed.
  3. Select the site to start monitoring (if you have multiple sites.
  4. Present a 32-bit MIFARE card to a reader.
  5. An Access Denied - Not in File' event should appear. The full Card Serial Number (CSN) will be displayed in the Cardnumber column. This is the card number to be enrolled.
  6. You should highlight this CSN number and select Copy.



  7. Next, go to the main menu >> Cardholders.
  8. Click the CREATE button.
  9. Enter and first name and last name for the cardholder (optionally a middle name).
  10. Set the new cardholders as 'Never Expire'
  11. Click the SAVE button.
  12. Next, from the main menu, click Credentials.
  13. Click CREATE.
  14. Search for, or select the new cardholder.
  15. In the Card Format field, select the MIFARE 32-bit format.



  16. Verify that the format selected is MIFARE Classic 32-bit (CSN).
  17. Re-open the live events grid.
  18. In the cardnumber field, paste the CSN copied from live events. Be sure not to include any whitespace characters.



  19. Set the card status as Active
  20. Click the SUBMIT button to save the record.
  21. The new credential will appear at the top of the credentials list.
  22. Place a check mark against the new credential.
  23. Click the EDIT ACCESS RIGHTS button.



  24. Assign a valid access group. Click here for further details about setting up access rights.
  25. Finally, re-open live events, then present the card at the reader and ensure you are getting access granted.


7.0 Enrolling a Non-Standard Wiegand Credential

The following steps explain how to configure a new Wiegand credential format and then how to enroll a credential. There are 2 options available:

7.1 Enrolling the Full Cardnumber

When enrolling non-standard credentials (not Keri MS, NXT or 26-Bit Wiegand formats), the preferred and recommended method is to use the full Cardnumber as the credential source. This is for reasons of hardware compatibility and uses up fewer credential formats. This example will be enrolling a credential that is programmed with the H10304 37-Bit HID format.

Note: This option requires you to be near to a reader on the system - as you will need to present the credential and display the unique credential number in live events.

Define the Format

  1. Log into Borealis.
  2. Select the System - (if you have multiple systems). Otherwise you will be connected to your system automatically.
  3. From the main menu on the left, click on Credential Formats.



  4. Select Credential Types.
  5. Click the ADD button in the upper-right.
  6. From the format drop-down list, select the 37-Bit H10304 format.



  7. In the source field, use the default value of Cardnumber.



  8. In the facility code field, if all credentials are programmed with the same facility code, you can manually enter the facility code here - it will then be already pre-entered for new cardholders. If credentials are programmed with different facility codes you should leave this field blank and then manually enter the facility code during enrollment.
  9. If you do enter the facility code, you should also change the description so that it includes the assigned facility code. As illustrated here:



  10. The remaining format settings can be left at their default values - so click the SAVE icon to save the format.
  11. The credential format is now added and ready to use.

Enrolling a Credential
This section explains how to enroll a new cardholder and then assign a non-standard credential to that cardholder.
  1. From within Borealis, click on the Live Events tab at the bottom of the screen.
  2. Click the play icon on the right side of the live events grid.
  3. Select the site to monitor.
  4. Present a card to a nearby reader.
  5. The full card number will appear in live events.



  6. Next, from the main menu, click cardholders.



  7. Click the CREATE button.
  8. Enter and first name and last name for the cardholder (optionally a middle name).
  9. Set the new cardholders as 'Never Expire'
  10. Click the save button.
  11. Next, from the main menu, click Credentials.



  12. The create credential form will appear.
  13. Select the new cardholder from the drop-down list (or search for the cardholder).
  14. Select the required format from the drop-down list.



  15. Enter the unique imprint for the credential.



  16. Enter the facility code.

    Note: If you entered the facility code when defining the format, the facility code will already be pre-entered and will display as soon as the format is selected.



  17. Set the card status to active.
  18. Click the SUBMIT button and the new credential record will appear at the top of the list.
  19. Ensure the unique card number matches the number that appeared in live events (when you presented to a reader in step 5).



  20. Save the cardholder record.
  21. The final thing to do is to place a check mark against the record and click EDIT ACCESS RIGHTS button - then assign access rights to the new record.

7.2 Enrolling the Card Imprint

The second option is to enroll the imprint only and to associate the facility code with the credential format. This will allow for new credentials to be enrolled into Borealis simply by entering the imprint for each credential that you enroll. This option is time-saving and incredibly easy for a system that uses the same facility codes for all credentials. During enrollment, you only need to enter the imprint number (as highlighted) for each new cardholder and credential.



IMPORTANT NOTES:
  1. When using the credential imprint as the source of the format - you are restricted to a maximum of 8 different formats (which also means 8 different facility codes). This limit does not apply when using the previous enrolment option.
  2. When using the imprint as the source of the format, because you are limited to 8 different formats, large systems should strongly consider keeping a log of the imprint ranges and facility codes already in use as this will help when placing orders for new credentials.
  3. This option is only available when using NXT-MSC controllers, NOT with standard NXT controllers.

It is especially time-saving and easy for a system that uses the same facility codes for all credentials.


The following steps explain how to select and configure the required credential format and then how to enroll the credential.



Define the Format

  1. Log into Borealis.
  2. Click on Credential Formats from the main menu.



  3. You will see there are 4 formats added by default.
  4. Click the ADD button on the right-side of the screen.
  5. From the format drop-down list, select the required format (in this example, it is the ‘37-Bit H10304’ format).
  6. In the source field, change Cardnumber to Imprint.



  7. If all credentials on the system use the same facility code, you can enter the facility code in the facility code field. If there are several facility codes in use you will need to create a format for each facility code (up to a maximum of 8).



  8. In the description field enter the specific facility code to the description.



  9. Click the SAVE icon to save the format.


Enroll a Credential
  1.  From the main menu, click cardholders.



  2. Click the CREATE button.
  3. Enter and first name and last name for the cardholder (optionally a middle name).
  4. Set the new cardholders as 'Never Expire'
  5. Click the save button.
  6. Next, from the main menu, click Credentials.



  7. The create credential form will appear.
  8. Select the new cardholder from the drop-down list (or search for the cardholder).
  9. Select the required format from the drop-down list.
  10. Enter the imprint (the number printed on the credential).



  11. The final thing to do is to click on the ACCESS RIGHTS icon and assign a valid access group.
  12. The new credential will appear at the top of the credentials list and the card number will match the imprint. This is the number that will appear in live events.




8.0 Format Options

There are various additional options that can be applied to Wiegand formats. These features alter the way the card information is processed by the readers in the system. To reveal these options, click on the Advanced Customization section in the format setup.

Require Database Match (MSC-Specific Option)

When this MSC specific feature is turned on, the format will match only if the card number is in the controller card file, otherwise it will skip to check the next format.   Useful when imprint(/Internal) formats overlap.

Ignore Facility Code

Configures the readers to ignore the facility code of presented cards.

Note: This option is only available when the credential source is set to Imprint.

8.1 Advanced Customization




Offset

Is a numeric character up to 9 digits in length. The offset is normally a value of zero; however, it can be a numeric value that is automatically added to the card number field. For example, suppose that you have two different card formats, with different facility codes, but with the same range of imprint numbers (1 to 100). Without the offset, you would have two different cards with the same imprint number. By using the offset, you can automatically adjust the imprint value of one of the formats by the offset value. If the offset value of one of the formats is changed to 1,000,000 then the card imprint range for that format is now 1,000,001 to 1,000,100. The values that you would enter into the cardholder's record would be the adjusted value (a range of 1,000,001 to 1,000,100). The offset of 1,000,000 and the card number range of 1 to 100 are just examples and may differ for your application.

Convert MS Format (MSC-Specific Option)

MSC specific option to transform MS presented card into a number that can be parsed with individual facility code and imprint fields.  One ability of this feature is to allow specifying a fixed facility code for Keri MS credentials, and enroll as Imprint(/Internal) formats, an option not usually available for Keri MS.

Corporate Offset

The corporate offset changes how the card number is computed for this format. The card number is offset by multiplying the facility code by the offset value.

Ignore Even Parity

The even parity bit of the card number is ignored and not processed by the controller.
This still requires you to specify the designated start bit for even parity.


Ignore Odd Parity

The odd parity bit of the card number is ignored and not processed by the controller.
This still requires you to specify the designated start bit for odd parity.

Trim Unused Bits (MSC-Specific Option)
Takes the internal format XXXXFFFFFCCCCCCCCCCCCCCCCCCCCCCX and can treat the inside bits as a full card number XXXXCCCCCCCCCCCCCCCCCCCCCCCCCCCX as something Borealis can compute, and the MSC controller will ignore the other bits. With the option set, calculation is allowed so can be enrolled by facility code and imprint.


8.2 Attributes

The attributes section displays format details, such as the total number of bits and the bit structure.





9.0 Live Events Message Descriptions

  1. Access Granted - Indicates the cardholder/credential is correctly enrolled and access rights correctly assigned.
  2. Access Denied - Not in File - Indicates that the cardholder/credential does not exist in the controller database - Most likely caused by the credential not having access rights or the credential not being correctly enrolled.
  3. Access Denied - Invalid Facility Code - Indicates that the detected credential is programmed with a facility code that is not added to the credential format.
  4. Access Denied - Invalid Wiegand Format - Indicates that there is no defined credential format that matches the number of bits detected when presenting the credential.


10. Assigning Active Formats to Organizations

Organizations can be configured with active formats. These formats will be pre-added and available for any new system that is setup under that organization. It is especially useful for new systems that typically use the same formats for every system. The following steps explain how to select formats to assign to an existing organization. These formats will then be included with any new systems.

Note: Format selections for organizations will not affect existing systems it will only apply to new systems setup under that organization.
  1. Go to: https://keri.aetheros.net.
  2. Log in with your user name and password.
  3. From the main menu on the left, click on Organizations.



  4. Your organization, or list of organizations will appear.
  5. Click on your organization name to view the organization settings.
  6. In the lower-half of the screen, select the credential formats that you wish to be added for all new systems.

    Note: the selections will NOT affect any systems that are already setup under the Organization.



  7. Click the SAVE icon at the top of the screen.
Any new systems will now have the selected formats already pre-added (after connecting to the new system >> click the gear icon and then select Credential Formats.

        Note: The user will still be allowed to add and configure new formats for the system.




             




                       


      P/N: 02427-001 Rev. A






    • Related Articles

    • Borealis FAQs

      1.0 Borealis General Questions What is Borealis? Borealis is Keri Systems’ cloud-based access control system. Borealis gives you complete visibility and control of your system from any computer, tablet or mobile device that has a web browser and an ...
    • Borealis Data Sheet

      Borealis Data Sheet (attached)
    • Borealis Troubleshooting Guide

      1.0 Borealis System Troubleshooting Cannot view the System - This is most likely caused by the account not being added as a system operator. Once an e-mail has been registered and verified, that e-mail address should then be added as a new system ...
    • Borealis Full Setup Guide

      1.0 Introduction This document aims to guide you step-by-step through setting up a new Borealis system. It explains how to register a new account, create a new system. Add a new site, claim a hub to the site and then add hardware (such as controllers ...
    • Credential Limit Increase to 50,000

      Borealis Credential Increase to 50,000 Per System Effective from the November 2023 Borealis release the total number of credentials (per system) has been increased to 50,000. This upper limit applies to all support hardware types (excluding Switch ...