MiY Product Line GateApp Development...

Version 1.6

MiY Product Line

GateApp Development Guide

©2012 Cogent, Inc. All rights reserved.

This document contains commercial information and trade secrets of Cogent, Inc. which are confidential and

proprietary in nature and are subject to protection under law. Access to the information contained herein, howsoever

acquired and of whatsoever nature, will not entitle the accessor thereof to acquire any right thereto. The data subject to

this restriction are contained in all sheets of this document. Disclosure of any such information or trade secrets shall

not be made without the prior written permission of Cogent, Inc.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any

means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Cogent,

Inc.

The information in this document is subject to change without notice. The software mentioned in this document is

furnished under license and may only be used or copied in accordance with the terms of such license. Contact software

manufacturers directly for terms of software licenses for any software mentioned in this document not originating from

Cogent, Inc.

All brand or product names are the trademarks or registered trademarks of their respective holders.

Cogent Document # MiY-AE-SP-2011-1.00

Document Revision History

Version Date Author Comment

1.0 07/19/2011 JL,CP,CC Initial version

1.1 08/15/2011 CP Minor revisions. Updated Relay/Line Trigger, SDK Installer section and added reference to LocalCardTest sample application.

1.2 09/28/2011 CP Added Indicate and UnregisteredFromDevice GateDevice events, show/hide mouse section and a list of Sandbox namespaces.

1.3 03/02/2012 CP Added new 1.5 features, including GateApp Images, Animations, Signatures and ScriptTask sections.

1.4 05/24/2012 CP Updated Integration Points

1.5 06/22/2012 CP Added GateDevice.MessageWindow object. Removed reference to PEM files because they are now embedded in the SecurAPI. Removed reference to MyCustomGateApp sample project because it is a duplicate of the MiY GateApp VS 2008 template project.

1.6 08/03/2012 CP Updated screen shots. Added how to request DEV license from Security Manager.

Contents � iii

Proprietary

Contents

1 Introduction 1

2 MiY Sandbox SDK Installer 4

3 USB Ports 5

4 GateApps 9

4.1 Sample Application and Project Templates ...................................................................... 9

4.2 Creating a GateApp ......................................................................................................... 10

4.2.1 Project Template GateApp Creation .................................................................. 10

4.2.2 Manual GateApp Creation .................................................................................. 12

4.3 Packaging a GateApp ...................................................................................................... 18

4.4 Deploying a GateApp ...................................................................................................... 24

4.4.1 Deploying to a Managed Device ........................................................................ 24

4.4.2 Deploying to a Standalone Device ..................................................................... 27

4.5 Debugging a GateApp ..................................................................................................... 30

4.5.1 Using the Mouse ................................................................................................. 30

4.5.2 Stopping the Nurse ............................................................................................. 30

4.5.3 Stopping the Factory GateApp ........................................................................... 31

4.5.4 Device Files ......................................................................................................... 31

4.6 GateApp Signatures ......................................................................................................... 32

5 MiY Device Emulator 33

5.1 Device Emulator Layout .................................................................................................. 33

5.2 GPIO Functionality ........................................................................................................... 34

5.3 Using the MiY Device Emulator ...................................................................................... 34

6 Sandbox 38

6.1 GateDevice ....................................................................................................................... 39

6.1.1 MessageWindow.................................................................................................. 40

6.1.2 PropertyHelper .................................................................................................... 40

6.1.3 UserHelper ........................................................................................................... 40

6.1.4 EthernetAdapter .................................................................................................. 40

6.1.5 EventLog .............................................................................................................. 40

6.1.6 KeyHandler .......................................................................................................... 41

6.1.7 WiegandIn ............................................................................................................ 41

6.1.8 WiegandOut ......................................................................................................... 41

6.1.9 Panel In ................................................................................................................ 42

6.1.10 TcpMessageClient ............................................................................................... 43

6.1.11 TlsMessageClient ................................................................................................ 43

Contents � iv

Proprietary

6.1.12 Biometric ............................................................................................................. 43

6.1.13 Relay .................................................................................................................... 44

6.1.14 Line Trigger ......................................................................................................... 44

6.1.15 Tamper ................................................................................................................ 44

6.1.16 Indicate ................................................................................................................ 44

6.1.17 UnregisteredFromDevice .................................................................................... 44

6.2 Events ............................................................................................................................... 45

6.2.1 DeviceEventReceiver ........................................................................................... 45

6.2.2 LocalDeviceEvent ................................................................................................ 46

6.2.3 Data Changed Events ......................................................................................... 46

6.3 Keypad.............................................................................................................................. 47

6.4 LEDs .................................................................................................................................. 47

6.5 Flash Storage ................................................................................................................... 50

6.6 Smartcards ....................................................................................................................... 51

6.7 Sounds .............................................................................................................................. 51

6.8 Images .............................................................................................................................. 52

6.9 Animations ....................................................................................................................... 52

6.10 SSL .................................................................................................................................... 53

7 MiY Integration Points 54

7.1 Server Integration ............................................................................................................ 55

7.1.1 IServerModule Extension .................................................................................... 55

7.1.2 IServerService Extension .................................................................................... 55

7.2 ScriptTask Database Table ............................................................................................. 56

8 Glossary of Terms 57

1 -Introduction � 1

Proprietary

1 Introduction

The Make-it-Yours (MiY) product line is a rapid application development framework that allows

integrators to easily customize their access workflow, deploy their customizations, and allow

for innovation beyond the basic physical access reader.

The solution is considered a framework rather than an SDK, because of its built-in

comprehensive access modules that can be mixed and re-ordered to accomplish various

workflows. This allows an integrator to develop applications that:

♦ Maintain full control over their intellectual property ♦ Mold 3M Cogent biometric and smartcard technology into their solutions ♦ Meet the unique needs of their customers

3M Cogent’s MiY Product line is built to take advantage of Microsoft’s .NET C# architecture for

ease of development. Enabling developers to establish secure socket connections to a separate

system, request web-services from enterprise solutions, or even integrate with virtually any USB

device via the USB host port on the back of the MiY device.

The following diagram shows the overall architecture of the MiY sandbox framework.


Proprietary

The MiY framework is composed of the following components:

1. MiY Security Service – A .NET based server that provides several services and

integration points for the framework:

♦ Windows Communication Foundation (WCF) SOAP web service: is

designed to manage all access related and system related data. These web services are designed to allow for easy integration with other systems or customized management GUI interfaces. WCF technology allows the server to run on small and large scale systems. The server handles all network communication and synchronization of data with the devices.

♦ SecurProtocol Sandbox Communications service: allows the service to

communicate directly with the MiY Devices over Ethernet or RS485 networks. SecurProtocol is used to abstract the detailed differences between the two communication protocols and allow simplified management through the Sandbox framework.

♦ Microsoft Extensibility Framework (MEF): also provides additional integration points using MEF as a fast and easy way to enhance the MiY Security Service with additional modules.

The service is also designed to handle automatic creation and upgrade of new or

existing MiY system databases automatically. The MiY Security Service currently

supports Microsoft SQL Server 2008.

2. Sandbox – A .NET (Full and Compact) based, extendible framework providing all core

functionality, including message protocols, smart cards, biometrics, etc., used by the server and devices.

3. MiY Security Manager – The standard user interface client application for managing all

aspects of the MiY platform, including user management, device management, government credential, etc. The security manager is .NET based and communicates directly with the same MiY Security Service web service calls that are also available for other integrators to use if they would like to customize their own Security Manager.

4. MiY Device (MiY ID/MiY Card/MiY Search) – A Windows CE 6 based device with a built-

in background “Nurse” monitoring application and replaceable GateApp. The Nurse maintains the core functionality within the framework such as managing device registration, user templates, settings, package upload, etc… The GateApp manages the workflow and user interface. The Nurse and standard GateApps are both based on the Sandbox and underlying .NET Compact Framework.

5. MiY Package Studio – A .NET based, developer friendly application used to build packages for custom GateApps. After a package is built, they can then be deployed to devices to replace or enhance the standard functionality. GateApp packages can be deployed to MiY devices in two (2) ways:

a. Using the MiY Security Manager to upload the package through the MiY Framework. The MiY Security Service then manages the deployment to one or more specific devices based on assigned relationship between packages and zones.


Proprietary

b. Or directly to a device via the MiY Device Admin Utility through the OTG USB port on the bottom of the device.

6. MiY Device Admin Utility –.NET based utility application that is used to import and

export various data directly from the MiY device in a standalone setup: including users, operators, prints, logs, settings, packages (Firmware, Nurse, and GateApp), wiegand formats, certificates, CRLs, etc. If the devices are managed directly by the MiY Security Service, there will be little to no need for the MiY Device Admin Utility because it is completely handled by the MiY Security Service.

The admin utility communicates with the device via the OTG USB port on the bottom of

the device. An admin must first login to the device and enable the USB port from the

device menu. Some example uses of this utility include:

a. Uploading a custom or updated GateApp package to the device.

b. Uploading a new OS firmware or Nurse Package to the device.

c. Exporting logs from a standalone device on a periodic basis.

d. Exporting users and their prints that were enrolled on a standalone device.

e. Adding operators to a standalone device.

f. Uploading a custom wiegand format to the device for output to a panel.

g. Uploading trusted certificate authorities to a MiY Gov device running the

government credential application.

All of the above components are built on a common sandbox .NET based framework and work

together to provide a robust and easily extendable PACS system. The system is securely

controlled, while also allowing customization of device applications and data management.

Applications written with our sandbox SDK can be easily packaged, uploaded to the server and

deployed to all or specific devices within the infrastructure with ease.

2 -MiY Sandbox SDK Installer � 4

Proprietary

2 MiY Sandbox SDK Installer

The MiY Sandbox SDK installer is an MSI designed to help developers create custom GateApps

in the MiY framework. Installing this SDK provides all necessary binaries, help files, sample

applications and Visual Studio GateApp project templates used to create applications for MiY

devices. The SDK also includes the MiY device emulator that can be used for limited

development when a real MiY device is not available.

The MiY Sandbox SDK installer is an MSI installer and assumes that it is being installed on a

development machine where any prerequisites for development have already been installed,

such as the latest Windows Installer and Microsoft Visual Studio 2008.

To install the SDK, simply run MiYSandboxSdk.msi and follow the instructions. You may elect

to perform a Custom install and only install desired components, but a Typical or Complete

install is recommended to get all SDK components for optimal development.

If the device emulator is needed, run the Biogate_DeviceEmulator Windows CE6 Emulator

installer from Start\Programs\3M Cogent Inc\MiY SDK Installer\Install Emulator. Run these

installers and follow the instruction on the screen until completion.

Once these are installed, you’re ready to get started.

3 -USB Ports � 5

Proprietary

3 USB Ports

The MiY device has two (2) USB ports that are configurable. The device has a USB host port and

OTG USB client port.

The USB host port is only accessible from the back panel of the device. The USB host port is

used to integrate additional USB components to the device, such as a camera, by adding a

driver for the component to the firmware and updating GateApps to use the new component.

The OTG USB client port is located on the bottom of the device and is disabled by default. An

administrator must login to the device menu to enable the OTG port for Normal or Development

use.

Normal OTG mode allows for communication between the device and the Device Admin Utility

running on a PC or laptop that has the MiY Device Driver installed. The Development mode is

designed for use by developers that need the device to communicate with their PC or laptop via

Microsoft ActiveSync or Windows Mobile Device Center.

3 -USB Ports � 6

Proprietary

To enable the OTG USB port, perform the following:

1. Press the * plus # key to begin admin login. The Admin Login screen is displayed.

2. Enter your User Name and select OK. Note: if your operator account has fingerprints enrolled on the device, you can present one of your enrolled fingers to gain access. The Admin Password screen is displayed.

3. Enter your password and select OK. If access is granted, the Admin Menu screen is displayed.

3 -USB Ports � 7

Proprietary

4. Select the Device Info menu option. The Device Info screen is displayed.

5. Select the General menu option. The General Info screen is displayed and you can see that the OtgMode is disabled by default.

6. Navigate to and select the OtgMode from the list of settings. The OtgMode setting is displayed.

7. Choose the desired mode and select OK. The General Info screen is displayed and you can confirm the mode change selected.

3 -USB Ports � 8

Proprietary

8. Select Save to commit the changes. A success screen is displayed and then the Device Info menu.

9. Exit menu system.

� 9

Proprietary

4 GateApps

A GateApp is a .NET Compact Framework based application that provides the primary user

interface and authentication workflow for the MiY devices. Each MiY device is shipped with a

standard GateApp providing the end-user experience (menus, prompts, LEDs, sounds, etc.) and

access control functionality (inputs, outputs, communication, enrollment, matching, etc.) of the

MiY product line.

The MiY Sandbox Framework is meant to do all of the heavy lifting for core device functionality.

The sandbox is also extendible if additional custom functionality is required. Creating a

GateApp can be as simple as changing a sound or LED colors or as complex as integrating a

new USB peripheral with accompanying driver support for the OS. This could also include

custom access control workflows, integration with other external systems directly from a

device, etc.

GateApps can be developed against the following Windows CE targets:

• The real MiY ID, MiY Card or MiY Search device (Recommended)

• Or The MiY Device Emulator.

Building and deploying GateApps is accomplished in three (3) easy stages:

1. Create a custom GateApp with Microsoft Visual Studio 2008 while including necessary

MiY Sandbox SDK dlls.

2. Package all necessary GateApp files (executables, dlls, etc.) using the MiY Package Studio.

3. Deploy the GateApp package to a device with the MiY Security Manager or MiY Device Admin Utility.

After completing these stages above, you have replaced the standard functionality of the MiY

device with your own. This document will go on to further to explain each stage of this process

in greater detail.

4.1 Sample Application and Project Templates

Before creating a GateApp there are a few possible starting points to help kick-start the

development process. The MiY Sandbox SDK includes sample application projects with source

code and also a convenient Visual Studio project template for creating GateApps.

The MiY Sandbox SDK includes and installs a MiY GateApp project template for Microsoft Visual

Studio 2008. This project template provides a fully functional sample GateApp without any

coding necessary and automatically references all required MiY files in the SDK bin directory.

Simply create a new project using this template, build and deploy the application to a MiY

device or emulator.

� 10

Proprietary

The MiY Sandbox SDK includes the following Device (.NET Compact Framework) sample

applications with source code:

• GateAppSample – This sample application shows how to use many of the core sandbox

components available when developing a GateApp. These core sandbox components include, fingerprint enrollment and matching, event logging, property creation, user creation, etc.

The MiY Sandbox SDK includes the following Desktop (Full .NET Framework) sample

applications with source code:

• LocalCardTest – This application demonstrates:

o How to enroll user fingerprints with local USB fingerprint scanners o How to read and write 3M Cogent formatted contactless cards using local USB

smart card RFID readers, such as the SCM SCL010. These cards contain user information and fingerprints and can be used for access control with MiY Readers.

4.2 Creating a GateApp

GateApps are developed using Microsoft Visual Studio 2008 and the MiY Sandbox SDK.

Developers can debug and test the GateApps against a real MiY ID, MiY Card or MiY Search

device or the MiY Device Emulator.

Note: the emulator is a good starting point for development but does have limitations because

it is not running on the actual hardware and operating system. A real MiY device is a more

accurate representation of GateApp performance.

The following are required to develop applications for MiY devices:

• MiY Sandbox SDK • MiY device or emulator • Microsoft Visual Studio 2008 with SP1 • Microsoft .NET Compact Framework 3.5 • Microsoft SQL Compact 3.5 SP1 Device Runtime

4.2.1 Project Template GateApp Creation

Use the following steps to create a GateApp with the provided visual studio project template:

1. Open Microsoft Visual Studio 2008. 2. Select File/New/Project to create a new MiY GateApp project and specify a Name, such

as MyCustomGateApp.

� 11

Proprietary

3. Select OK to create the project. 4. The GateApp project is created with references and links to required MiY files in the SDK

bin directory. This application has a single form (Main) that demonstrates some fundamental GateApp development concepts and serves as a starting point to your custom development.

5. Build and deploy the GateApp to a MiY device or emulator and modify the application as

needed.

� 12

Proprietary

4.2.2 Manual GateApp Creation

Use the following steps to create a GateApp manually without the project template:

1. Open Microsoft Visual Studio 2008.

2. Select File/New/Project to create a new Smart Device Project and specify a Name, such

as MyCustomGateApp.

3. Select OK and the Add New Smart Device Project screen is displayed. Select the Target Platform (Windows CE), the .NET Compact Framework version (3.5) and the Device Application template.

4. Select OK and the MyCustomGateApp solution is now created. 5. Add .NET Reference to Microsoft.WIndowsce.Forms.

� 13

Proprietary

6. Add References to the required Sandbox DLLs from the MiY Sandbox SDK. The DLLs are located at MiY Sandbox SDK/Bin. Right-click on References and select Add Reference/Browse to specify the DLLs. Select a total of six (6) DLLs:

a. SecurAPI.Biometric.dll b. SecurAPI.dll c. SecurAPI.Net.SSL.dll d. SecurAPI.Packaging.dll e. SecurAPI.PACSDevice.dll f. SecurAPI.SmartCard.dll

Note: SecurAPI.PACSDevice.UI.dll is optional if use of 3M Cogent style GateApp graphics layout is desired. This includes a header/data/footer panel layout style and includes all default 3M Cogent panels (menus, progress, info, etc.)

7. Select OK after the required Sandbox references are selected and they are now included in the solution.

� 14

Proprietary

8. Add links to necessary Sandbox support files from the MiY Sandbox SDK. The support files are located at MiY Sandbox SDK/Device/bin. Right-click on MyCustomGateApp and select Add/Existing Item.

9. Browse to specify the following files. Select a total of eight (8) files:

a. DeviceFlashInfo.dll b. ftrScanAPI.dll c. libeay32.dll d. pacs_native_apis.dll e. PACSBio.dll f. scsyce.dll g. ssleay32.dll h. tfm_simple.dll

� 15

Proprietary

10. Select the down arrow next to the Add button and select Add as Link.

11. For all links added to the project, set the link Properties as follows:

a. Set the Build Action to “Content” and

b. Set the Copy to Output Directory to “Copy if newer” or “Copy Always”.

12. Start writing code.

13. Declare an instance of the SecurAPI.PACSDevice.GateDevice object in your application.

Note: the GateDevice object MUST be included and started in your application to be supported by the Sandbox framework and MiY platform. GateDevice handles server/device communication, application monitoring and provides convenient access to all standard Sandbox functionality.

� 16

Proprietary

14. Call GateDevice.Start during application initialization.

15. Call GateDevice.Stop during application shutdown.

16. Insert code to resize your application to the current screen size (320 W x 240 H) (optional) and set your application to TopMost, as seen in the sample code below. If your application is not set to TopMost, then it will not display.

The below code sample shows an example of how to incorporate the GateDevice object into

your application. When initializing the GateDevice, you can specify null for the contact reader,

contactless reader and fingerprint scanner parameters if they are not needed by your

application.

using System;

using System.Linq;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Text;

using System.Windows.Forms;

using SecurAPI.PACSDevice;

using SecurAPI.PACSDevice.Hardware;

namespace MyCustomGateApp

{

public partial class Form1 : Form

{

// Static instance of GateDevice. Only one instance of the GateDevice

// is supported. Attempts to run multiple instances

// will result in errors.

private static SecurAPI.PACSDevice.GateDevice gateDevice = null;

public Form1()

{

InitializeComponent();

// Get the current size of the screen

int width = System.Windows.Forms.Screen.PrimaryScreen.Bounds.Width;

int height = System.Windows.Forms.Screen.PrimaryScreen.Bounds.Height;

// Resize the form to fill the whole screen and always be on top

this.Location = new Point(0, 0);

this.Size = new Size(width, height);

this.TopMost = true;

// Initialize GateDevice with contact reader, contactless reader

//and fingerprint scanner support enabled.

� 17

Proprietary

gateDevice = new GateDevice(

HardwareFactory.GetContactReader(),

HardwareFactory.GetContactlessReader(),

true,

HardwareFactory.GetFingerprintScanner());

try

{ // Set a bogus message window until GateDevice is fully started

AppSettings.Instance.Device.MessageWindow = new PACSMessageWindow(DeviceConst.WindowNameGateApp + "_disabled");

// Start the GateDevice object. This is required to initialize

//all MiY Sandbox framework support.

gateDevice.Start();

// Optional add a custom message handler

//AppSettings.Instance.Device.MessagePortal.MessageHandlers.Add(new CustomMessageHandler());

// Required. Allows your app to receive custom messages from the server if using custom message handlers like above. // Set the correct window name to enable the message window for receiving windows messages from the Nurse now that we are ready

AppSettings.Instance.Device.MessageWindow.Text =

DeviceConst.WindowNameGateApp;

}

catch (Exception ex)

{

MessageBox.Show("GateDevice start error: " + ex.Message);

}

}

private void Form1_Closing(object sender, CancelEventArgs e)

{

// Cleanup

if (gateDevice != null)

{

gateDevice.Stop();

}

}

}

}

17. Build the solution and verify that it succeeded. Verify that all MiY SDK references and

support files (Step 5 and 8 above) are deployed to the output directory /bin/Debug or /bin/Release. Release build is recommended for production.

� 18

Proprietary

a. You can now package the resulting application files and deploy them to a MiY device.

b. For debugging, specify the Target Device to deploy to. Select Windows CE Device if a MiY device is connected to your machine via OTG USB. If you are using the MiY Device Emulator, then select Biogate_DeviceEmulator Emulator to deploy to the emulator.

4.3 Packaging a GateApp

After you have created a GateApp, you can now package the GateApp using the MiY Package

Studio. The MiY Package Studio has the same look and feel as Microsoft Visual Studio and is

used to create package project solutions (.cpgproj) for managing and building one or more

GateApp package files (.cpg).

Use the MiY Package Studio application to package your GateApp files as follows: 1. Install and run the MiY Package Studio.

2. From the top-left corner, select New Project to create a new package project.

� 19

Proprietary

� 20

Proprietary

3. From the Solution Explorer, double-click the <No Name> default package. The project starts out with a single package, but you can add more packages to a project if desired. Name your package, for example, MyCustomProduct.

4. Select the MyCustomProduct Files tab. Select Add File from the top toolbar to add your package files.

� 21

Proprietary

5. Select all of your GateApp files and select Open. The files are now added to your package.

� 22

Proprietary

6. Select the MyCustomProduct Properties tab. Select the “…” button to specify an App

Path for the package. Select the executable file (.exe) for your GateApp and select OK.

7. Click Build All or select to build your specific package.

8. If you have not already saved the package project, you are prompted to specify a name

and location to save the package project. Specify a location and name for your package project file (.cpgproj). Note: the package file(s) (.cpg) in your project are saved to the same location when successfully built.

� 23

Proprietary

9. Build output displays in the Output window and you will see errors if there were

problems building the package.

10. If the build was successful, browse your file system to the location where you saved the

package project and you will find MyCustomProduct.cpg. This is your GateApp package that you can now deploy to any MiY device.

� 24

Proprietary

4.4 Deploying a GateApp

After you have packaged your GateApp as a .cpg file, you are now ready to deploy it to a MiY

device. GateApp packages can be deployed to devices in two ways:

1. Using the MiY Security Manager to upload the package to the server and deploy the

package to one or more specific devices,

2. Or directly to a device via the MiY Device Admin Utility and OTG USB port on the bottom of the device.

4.4.1 Deploying to a Managed Device

Managed devices are devices that have been registered to a server. All data on registered

devices is managed by the server, which includes assigning and deploying GateApp packages to

devices.

To deploy a GateApp using the MiY Security Manager, perform the following steps:

1. Install and run MiY Security Manager. Refer to the MiY Security Manager User Guide for

detailed information.

2. Select Package Management from the toolbar in the bottom right corner.

3. Select Import Package.

4. Browse to your package file (.cpg), such as MyCustomProduct.cpg, and select OK to upload it to the server.

� 25

Proprietary

5. Your package is now on the server, which you can see by selecting All Packages from the Zones tree-view on the left of the Package Management screen.

6. You can now assign the package to a zone from the Package Management screen or from the Zones & Devices screen.

7. From the Package Management screen, select the desired zone from All Zones in the Zones tree-view. The zone package assignment screen appears.

� 26

Proprietary

8. Select Change next to the GateApp component at the bottom of the package list. Select your GateApp package, such as MyCustomProduct, and select OK.

9. The GateApp package is now assigned to the specified zone and will be deployed to any

MiY device in that zone.

10. Select Zones & Devices to view devices in the specified zone to verify that the new GateApp has been synchronized. The GateApp indicator is green when the GateApp is successfully synchronized to a device.

� 27

Proprietary

4.4.2 Deploying to a Standalone Device

MiY devices are shipped in Standalone mode (no MiY Security Server or MiY Security Manager

required) and remain in standalone mode until registered to a server. Once registered to a

server, the device is considered to be in managed mode because the server is in control of the

device. To return the device back to standalone mode, the device must be unregistered from

the server either from the device menu (Reset Sitekey) or from the MiY Security Manger

(Remove device).

All device data (users, operators, prints, logs, packages, etc.) can be imported and exported to

and from the device via the MiY Device Admin Utility. The MiY Device Admin Utility is used to

deploy packages (Firmware, Nurse and GateApp) to the device while in standalone mode. Note:

the MiY Device Admin Utility can always export data from a device, but can only send data to a

device when the device is in standalone mode.

To deploy a GateApp using the MiY Device Admin Utility, perform the following steps:

1. Install and run the MiY Device Admin Utility application on your PC or laptop.

2. Set the OTG USB port on the MiY device to Normal mode. Refer to the USB Ports section

for details.

3. Connect the OTG USB port on the bottom of the device to your PC or laptop with a USB cable.

a. The MiY Device Admin Utility installer should have installed the MiY Device Driver. However, if your PC or laptop does not recognize the device, then try manually installing the MiY Device Driver via the Device Manager, Add New Device wizard or other preferred method.

b. The device will appear in the PC Device Manager as a “MiY Device” with an exclamation if the driver is not installed. From here, you can point to the MiY Device Driver files to install the driver for the unknown device.

� 28

Proprietary

4. From the Device Admin Utility, select Indicate to verify you are connecting to the correct device. The device LEDs should flash and you should hear a sound.

5. Select Connect to connect to the device. Note: if the connect button is disabled, then communication between the device and the PC or laptop is not functioning correctly. This could be for several reasons: the device is not physically connected to the PC or laptop via USB cable, the device OTG USB mode is not set to Normal, the MiY Device Driver is not installed on the PC or laptop or the USB port on the device or PC/laptop is not functioning correctly.

6. After successfully connecting, select Open from the top-left menu button to browse for your GateApp package.

� 29

Proprietary

7. Browse for your GateApp package and select Open.

8. The package file is loaded and basic package information is displayed if the package file is valid. Select send to upload the GateApp package to the device. You will see “Sending Package File…” in the output window and the Send/Send All buttons are disabled until the operation is complete.

� 30

Proprietary

9. If successfully sent to the device, you will see a success message and your package will soon be extracted and installed appropriately. Depending on the size of the package, the extraction and installation processing time will vary. If installing a GateApp package, you will see the currently running GateApp on the device, if any, exit and the Nurse application will be displayed. This means that your package is being installed and should be complete in a few minutes. Note: Firmware packages contain the entire Windows CE OS and take a considerably longer amount of time to synchronize than the Nurse and GateApp packages. Firmware and Nurse Packages will automatically reboot the device before returning to normal operation. GateApp packages will automatically start the GateApp if no application errors exist. See the MiYGateAppDevelopmentGuide for details.

10. If your GateApp does not start, then it most likely has an application error preventing it from starting. You should display messages and/or log events using the provided GateDevice object described in the Sandbox section of this document. Event logs can be exported using the Export Data button on the toolbar.

4.5 Debugging a GateApp

Debugging a GateApp on the MiY device may be performed with standard Windows CE

debugging mechanisms, such as:

• Debugging from Visual Studio over the OTG USB port (recommended).

• Debugging from Visual Studio over Ethernet.

• Manual debugging via replacing GateApp files on the device storage card.

4.5.1 Using the Mouse

By default, the windows mouse cursor is hidden by the Nurse and all 3M Cogent gate

applications. For development purposes, you can place an empty text file on the storage card

root (“\Storage Card\ShowMouse.txt”) to enable the mouse cursor. You can then connect a

mouse to the USB host port on the back of the device to navigate. This is very convenient for

development, but the file must be removed for a production device.

You can use the following two (2) methods to enable/disable the mouse in your applications.

We strongly recommend disabling the mouse in your gate applications, as shown in the MiY

GateApp visual studio 2008 template sample.

To disable the mouse: SecurAPI.PACSDevice.Utility.GateAppUtility.ShowMouse(false);

To enable the mouse: SecurAPI.PACSDevice.Utility.GateAppUtility.ShowMouse(true);

4.5.2 Stopping the Nurse

The Nurse monitoring application is installed and running on all production MiY devices, which

provides all fundamental device/server communication, security and monitoring. While your

GateApp needs to be tested with the Nurse is running, you may want to temporarily stop the

� 31

Proprietary

Nurse during GateApp development. Note: you will lose all standard communication with the

server if you stop the Nurse. You can stop the Nurse in two (2) ways:

• By killing the process (Nurse.exe) with the Windows CE Remote Process Viewer included

with Microsoft Visual Studio 2008 Remote Tools.

• By connecting a mouse to the USB host port on the back of the device and double-clicking the Nurse title bar at the top of the screen that displays the current date/time. You may need to move the mouse around a little before the mouse cursor becomes active on the screen.

4.5.3 Stopping the Factory GateApp

You can stop the factory installed GateApp with the same procedure as above for the Nurse. If

the Nurse is running, it will attempt restart the installed GateApp on the

GateAppHealthCheckInterval (default is 30 seconds). You can prevent the Nurse from restarting

the GateApp by setting the GateAppHealthCheckInterval to 0 from the device menu Device

Info/General, the MiY Security Manager (if the device is registered to a server)

system/zone/device properties or the MiY Device Admin Utility property file upload to device.

4.5.4 Device Files

All MiY device files are maintained in the “\Storage Card” folder. Your GateApp is also free to

access the Storage Card via the standard windows file system as needed.

There are three (3) system databases on the Storage Card root called:

• PACSDeviceData.sdf • PACSUserData.sdf • PACSDeviceLog.sdf

The Device and UserData databases are encrypted for security, but the DeviceLog is

unprotected for easy access to logs. These databases are all controlled by the Nurse and

should not be tampered with except to possibly view logs.

The MiY folder structure is as follows:

\Storage Card – Root storage card folder where MiY databases are stored.

\PACS

\Nurse – Nurse monitoring application and related files.

\GateApp – Currently installed GateApp and related files.

\Installed – MiY system files used for installation of packages.

\Pending – MiY system files used for installation of packages.

Note: the “\GateApp” directory is where custom GateApps are installed via package upload.

One (1) GateApp package may be installed, which could contain multiple programs if desired.

� 32

Proprietary

4.6 GateApp Signatures

Beginning with version 1.5 of the MiY framework, all GateApp packages must be signed by 3M

Cogent before they can be deployed to production devices. For development purposes, the

device OtgMode can be set to Development to allow for unsigned packages to be installed on

the device. The MiY SDK also comes with a DevMode license file, which can be uploaded to the

server from the MiY Security Manager System Settings/Licensing tab. This allows unsigned

packages to be uploaded to devices from the Security Manager for testing.

To request a DevMode license, go to the System Settings/Licensing tab in the Security Manager.

Select DevMode from the drop down list and click Create License Request to save a license

request file. Send this license request file to 3M Cogent SDK support and they will send back a

signed license file. Click Load License to import the signed DevMode license from 3M Cogent.

Once development and testing are finished, send a request to 3M Cogent to have your GateApp

validated and signed for production use.

This feature helps ensure the security and integrity of your MiY system.

� 33

Proprietary

5 MiY Device Emulator

The MiY Device Emulator is designed to give developers a development and debugging platform

without having to purchase a physical device for each individual developer. While you can use

the emulator for development, we recommend that you run your gate application on a real

device first. Note: the MiY Sandbox SDK installer automatically installs the emulator shell

application described below. However, you must manually install the MiY Windows CE6

Emulator (Biogate_DeviceEmulator), which you can launch from Start\Programs\3M Cogent

Inc\MiY Sandbox SDK\Install Emulator.

5.1 Device Emulator Layout

The MiY Device Emulator main window is mainly divided into the following components:

1 – GPIO Panel

2 – Device Interface

3 – Message Log

4 – Emulator Controls

� 34

Proprietary

5.2 GPIO Functionality

This section will define the correlation between the buttons and color boxes on the emulator

with the actual device.

5V Input (bit 0) – This corresponds to the Panel_In_0 port on the back of the device. When you

press the “Open” button, then the color box will change from “Red” to “Green” and the button

text will change from “Open” to “Closed.” The controls will just toggle.

5V Input (bit 1) – This corresponds to the Panel_In_1 port on the back of the device. When you

press the “Open” button, then the color box will change from “Red” to “Green” and the button

text will change from “Open” to “Closed.” The controls will just toggle.

5V Output – This corresponds to the Line_Trigger port on the back of the device. The color

box will change to “Green” when you command the line trigger to turn on via the SecurAPI calls.

It is turned off by default; hence the color box is “Red.”

12V Output – This corresponds to the Relay port on the back of the device. The color box will

change to “Green” when you command the relay to turn on via the SecurAPI calls. It is turned

off by default; hence the color box is “Red.”

Wiegand Output – This corresponds to the wiegand output from the back of the device. The

bits outputted through our SecurAPIs will appear as binary bits. We have given you the option

to copy the outputted bits to your clipboard as well as clearing the textbox.

Wiegand Input – This corresponds to the wiegand input from the back of the device. You input

the bits that you want to send to the device and then click Send.

Dip Switch (bit 0) – This corresponds to pin 1 of the 2-pin dipswitch on the back of the device.

When you press the “Off” button, then the text will change from “Off” to “On” and the color box

will change from “Red” to “Green” and vice versa. By default, this is set to off.

Dip Switch (bit 1) – This corresponds to pin 2 of the 2-pin dipswitch on the back of the device.

When you press the “Off” button, then the text will change from “Off” to “On” and the color box

will change from “Red” to “Green” and vice versa. By default, this is set to off.

Hall Sensor – This corresponds to the Hall Effect sensor that is attached to the back of the

device. Clicking on the button will toggle between the text being “Closed” and “Green” to

“Open” and “Red” respectively.

5.3 Using the MiY Device Emulator

The MiY Device Emulator must be started before you try to debug a gate application.

The following steps will show you how to start and configure the emulator:

� 35

Proprietary

1. Navigate to “Start Menu” -> “All Programs” -> “3M Cogent Inc -> “MiY Sandbox SDK” -> “Emulator Shell.” The emulator should appear.

2. Click on the dropdown box and select “Biogate_DeviceEmulator”

3. Press the Connect button and a Windows CE emulator window should appear on your screen.

� 36

Proprietary

4. You should also have information in the device emulator window showing your

computer’s IP address

5. Inside of the Windows CE window, click on File and then click on Configure. The

Emulator Properties window should appear

6. The Shared Folder must be configured to act like the storage card that’s on the physical

device. Click on the button to select a folder on your computer. After you select a folder, click on OK. You should now see the Shared Folder information populated

� 37

Proprietary

7. Click on the button to configure the network settings. Press the next to “Enable NE2000 PCMCIA network adaptor and bind to:” and select your local Ethernet adapter. Note: you may need to install Virtual PC 2007 to enable the virtual adapter. Click the OK button when you’re done.

8. Now that device emulator is configured, you can deploy your gate applications to the device emulator from Microsoft Visual Studio 2008. Simply select and deploy to the Biogate_DeviceEmulator Emulator target device, as seen below.

� 38

Proprietary

6 Sandbox

The Sandbox is a collection of APIs in the SecurAPI namespace that provide all core MiY

functionality and is designed to simplify integration and expansion. The Sandbox serves as the

foundation of the MiY platform and is used by the MiY server, devices and related applications.

It supports the .NET Full and Compact Framework and is fully extendable.

The Sandbox provides a rich set of developer tools in the following namespaces:

• SecurAPI.Biometrics

• SecurAPI.Collections

• SecurAPI.Cryptography

• SecurAPI.Data

• SecurAPI.IO

• SecurAPI.Messaging

• SecurAPI.Net

• SecurAPI.Net.SSL

• SecurAPI.Packaging

• SecurAPI.PACSDevice

• SecurAPI.PACSDevice.UI

• SecurAPI.Resources

• SecurAPI.SmartCard

• SecurAPI.Utility

• SecurAPI.Wiegand

� 39

Proprietary

6.1 GateDevice

SecurAPI.PACSDevice.GateDevice is a fundamental object for GateApp development and is

required by all GateApps to be supported by the MiY platform. GateDevice handles all

server/device communication, application monitoring and provides convenient access to all

standard Sandbox device functionality. There are many APIs in the sandbox framework that can

be leveraged by developers, but GateDevice is a convenient way to access device basics. These

basic operations include access to users, properties, logs, device events, wiegand, Ethernet

adapters, etc.

� 40

Proprietary

6.1.1 MessageWindow

The GateDevice.MessageWindow object is a SecurAPI.PACSDevice.Utility.PACSMessageWindow

that must be set or the GateDevice fails to start with an ArgumentNullException. The

PACSMessageWindow should be created on the primary window in your application, as

demonstrated in the MiY GateApp VS2008 template. The MessageWindow allows the Nurse to

communicate with the GateApp in various ways using windows messaging, such as sending

over any custom messages to your GateApp.

You should initialize the object on a primary window, such as the MainForm, and set a bogus

window name, as shown below. This is optional to specify a bogus window name, but prevents

your application from receiving any messages until fully started and any custom message

handlers are added.

AppSettings.Instance.Device.MessageWindow = new PACSMessageWindow(DeviceConst.WindowNameGateApp + "_disabled");

After the GateDevice object is started and any custom message handlers are added, set the window text to the correct GateApp window name to start receiving messages.

// Set the correct window name to enable the message window for receiving windows messages from the Nurse now that we are ready AppSettings.Instance.Device.MessageWindow.Text = DeviceConst.WindowNameGateApp;

6.1.2 PropertyHelper

Properties are name/value pairs that provide a generic mechanism for managing settings and

having them automatically synchronized between the server and device. Properties are Unicode

strings and are stored as nvarchar(4000).

The GateDevice.PropertyHelper object provides various methods for getting and setting device

properties. The get property methods provide convenient methods to get properties stored as

basic data types, such as bool, integer and enumerations.

PropertyRecord property = AppSettings.Instance.Device.PropertyHelper.GetProperty("GENGate.Mode");

6.1.3 UserHelper

The GateDevice.UserHelper object provides various methods for managing users and operators

on the device.

6.1.4 EthernetAdapter

The GateDevice.EthernetAdapter object provides access to the device Ethernet adapter.

6.1.5 EventLog

The GateDevice.EventLog object provides methods for logging reserved and custom events on

the device. If connected to a server, then device uploads the logs to the server on the

� 41

Proprietary

LogUploadInterval property. The EventLogger.EventLogActivityCodes enumeration defines all

reserved event codes. The EventLogger also has various methods for querying the event logs

on the device. The advantage of using event logs is that all event logs are automatically centralized by the Sandbox MiY Framework. This makes it easy to centralize data in a distributed system. Note: Creating extremely verbose event logs will over run the system if not used with care. They are great for capturing event based information.

AppSettings.Instance.Device.EventLog.LogEventActivity(

EventLogger.EventLogActivityCodes.WARN, null, AppSettings.Instance.Device.MACAddress, "Hello world!");

6.1.6 KeyHandler

The GateDevice.KeyHandler object is an instance of the

SecurAPI.PACSDevice.Hardware.PACSKeypad object, which provides events when keys are

pressed on the device. To get a key press, simply handle the

GateDevice.KeyHandler.KeyPressed event.

protected override void KeyHandler_KeyPressed(object sender, KeyPressedEventArgs e) {

if (e.KeyValue == PACSKeypad.PACSKeys.Num5) {

//Do something }

}

6.1.7 WiegandIn

The GateDevice.WiegandIn object provides full control over

the wiegand-in line on the device for the wiegand-in

template assigned to the device. The wiegand-in template is

assigned via the WiegandFormatIn property. The WiegandIn

object allows you to Start and Stop wiegand-in signal polling

and handle the WiegandReceived event to receive the data

received.

6.1.8 WiegandOut

The GateDevice.WiegandOut object provides full control over

the wiegand-out line on the device for the wiegand-out

template assigned to the device. The wiegand-out template

is assigned via the WiegandFormatOut property. The

following code shows how to send the PanelID, FacilityCode

� 42

Proprietary

and AgencyCode elements out over a wiegand format that includes any of these elements.

private string wiegandOutPanelID = String.Empty; private void SendWiegand(string panelID) { this.wiegandOutPanelID = panelID; if (AppSettings.Instance.Device.WiegandOut != null && AppSettings.Instance.Device.WiegandOut.Template != null) {

AppSettings.Instance.Device.WiegandOut.Transmit((Action<IWiegandSection, WiegandEncoder>)this.GetWiegandFieldCallback);

} … /// <summary> /// Get wiegand field callback to populate wiegand out values. /// </summary> /// <param name="section">The wiegand section</param> /// <param name="encoder">The wiegand encoder</param> private void GetWiegandFieldCallback(IWiegandSection section, WiegandEncoder encoder) { if (section.ValueSource == WiegandValueSource.PanelID) { ulong fieldData = 0; if (!String.IsNullOrEmpty(this.wiegandOutPanelID)) { fieldData = Convert.ToUInt64(this.wiegandOutPanelID); } encoder.Encode(fieldData, section.StartIndex, section.Length, section.BitOrder); } else if (section.ValueSource == WiegandValueSource.FacilityCode) { ulong fieldData = Convert.ToUInt64(AppSettings.Instance.Device.FacilityCode); encoder.Encode(fieldData, section.StartIndex, section.Length, section.BitOrder); } else if (section.ValueSource == WiegandValueSource.AgencyCode) { ulong fieldData = Convert.ToUInt64(AppSettings.Instance.Device.AgencyCode); encoder.Encode(fieldData, section.StartIndex, section.Length, section.BitOrder); }

}

6.1.9 Panel In

The GateDevice object exposes a PanelInReceived event that

is fired when a panel in signal is received on the device

panel in lines. The GateDevice.PanelInMonitoringEnabled

flag is used to enable or disable panel in monitoring. The

GateDevice.PanelInMonitorInterval value is used to set how

often the panel in status is checked when panel in

monitoring is enabled. private void Device_PanelInReceived(object sender, PanelInEventArgs e) { if (e.LineStatus != PanelInStatus.NoLinesRaised) { //Turn the Lock Icon LED Green

� 43

Proprietary

Program.MainForm.LockIconLed.TurnOn(LedColor.Green); } else { //Turn the Lock Icon LED Red Program.MainForm.LockIconLed.TurnOn(LedColor.Red); }

}

6.1.10 TcpMessageClient

The GateDevice.TcpMessageClient object provides easy access to send messages via TCP to the

server. If custom messages are sent to the server, a corresponding message handler assembly

to handle the custom message must be added to the server.

Please refer to the MiY Server Integration section for details for adding custom handlers.

6.1.11 TlsMessageClient

The GateDevice.TlsMessageClient object provides easy access to send TLS encrypted messages

to the server. If custom messages are sent to the server, a corresponding message handler

assembly to handle the custom message must be added to the server.

Please refer to the MiY Server Integration section for details for adding custom handlers.

As long as the device is registered to a server all TLS communication setup and teardown will be

automatically performed.

6.1.12 Biometric

The GateDevice object has several properties that provide access to the fingerprint scanner and

important fingerprint operations, such as enrollment, 1 to 1 matching and 1 to N matching.

These properties include:

• PrintScanner – an IFingerprintScanner object that provides access to the fingerprint

scanner on the device. This interface is designed to allow for easy integratation of different USB fingerprint scanners.

• PrintEnroller – an IBiometricEnroll object that provides the ability to enroll user fingerprints.

• PrintSearcher – an IBiometricSearch object that provides the ability to perform 1 to N user fingerprint searches. Note: to perform searches you must first call GateDevice.LoadUserFingerMatchingDatabase, which loads device user prints into memory. Program memory usage will increase and device performance may degrade as the number of user prints increases. Use GateDevice.UnloadUserFingerMatchingDatabase to release the prints from memory if fingerprint searching is not required.

• PrintVerifier – an IBiometricVerify object that provides the ability to perform 1 to 1 user fingerprint matches.

� 44

Proprietary

GateDevice.SearchFinger is a convenient method for performing user fingerprint searches.

6.1.13 Relay

The GateDevice object exposes a SetRelay method to turn

on/off 12V power for a simple relay switch.

6.1.14 Line Trigger

The GateDevice object exposes a SetLineTrigger method to turn on/off a line trigger signal.

6.1.15 Tamper

The GateDevice object exposes a TamperStatusChanged event that is fired when the tamper

status of the device changes. The tamper status changes when the tamper switch and/or hall

effect sensor inside the device housing change state from not triggered to triggered or vice

versa. If you choose to not handle this event, then the device performs default actions when

tamper is detected.

6.1.16 Indicate

The GateDevice object exposes an Indicate event that is fired when a request to indicate the

device is received. The default behavior of the device when indicated is to cycle the icons LEDs,

flash the backlight LED and play a sound. If you want to change or remove the default

behavior, then you can handle the Indicate event as desired in your application.

6.1.17 UnregisteredFromDevice

The GateDevice object exposes an UnregisteredFromDevice event that is fired when a device is

unregistered locally from the device menu (Reset Site Key). Handle this event if you need to

perform any custom actions, such as removing any confidential custom data when a device is

unregistered. To handle this event when initiated by the server, use the

GateDevice.DeviceEventReceiver.DeviceEventReceived event and the DeviceUnRegistered event

code.

� 45

Proprietary

6.2 Events

The SecurAPI.PACSDevice.GateDevice object provides various events that can be handled by

your application to perform special actions when important events occur on the device. These

events may be initiated by the server or directly from the device.

6.2.1 DeviceEventReceiver

The GateDevice.DeviceEventReceiver exposes a DeviceEventReceived event that is fired when

important device events occur that are performed by the server on the device. These events are

defined in SecurAPI.PACSDevice.Event.DeviceEvents and include:

• DeviceRegistered – Occurs when the device is registered to a server.

• DeviceUnRegistered – Occurs when the device is un-registered from a server.

• EthernetChanged – Occurs when the device network configuration is changed by the

server (Ethernet or RS485).

• PropertyUpdated – Occurs when a property is updated by the server.

• UserRemoved – Occurs when a user is removed by the server.

• UserUpdated – Occurs when a user is added/updated by the server.

• OperatorAdded – Occurs when an operator is added by the server.

• OperatorRemoved – Occurs when an operator is removed by the server.

• CardTypeAdded – Occurs when a smart card type is added by the server.

• CardTypeRemoved – Occurs when a smart card type is removed by the server.

• CardLayoutAdded – Occurs when a smart card layout is added by the server.

• CardLayoutRemoved – Occurs when a smart card layout is removed by the server.

• RevokedCardAdded – Occurs when a revoked smart card is added by the server.

• RevokedCardRemoved – Occurs when a revoked smart card is removed by the server.

• BurnedCardAdded – Occurs when a burned card is added by the server.

• BurnedCardRemoved – Occurs when a burned card is removed by the server.

• WiegandTemplateAdded – Occurs when a wiegand template is added by the server.

• WiegandTemplateRemoved – Occurs when a wiegand template is removed by the server.

• GateAppExitRequest – IMPORTANT. Occurs when the GateApp needs to exit, such as when a KillGateApp request is initiated by the server or the GateApp is being replaced by a new GateApp package. This event should always be handled by a custom GateApp so that it can exit gracefully when necessary. If not handled, the GateApp will be forcefully

� 46

Proprietary

killed which can have undesirable side effects on the device.

• ServerOnline – Occurs when communication is received from the server.

6.2.2 LocalDeviceEvent

The GateDevice exposes a LocalDeviceEvent event that is fired when important device events

occur that are initiated locally on the device. These events are defined in

SecurAPI.PACSDevice.Event.DeviceEvents and currently include:

• DeviceUnRegistered – Occurs when the device is un-registered from a server (Reset Site

Key device menu option).

• EthernetChanged – Occurs when the device network configuration is changed (Ethernet or RS485).

• PropertyUpdated – Occurs when a property is updated.

• UserAdded – Occurs when a user is added.

• UserRemoved – Occurs when a user is removed.

• UserUpdated – Occurs when a user is updated.

• UserPrintTemplatesUpdated – Occurs when user print templates are updated.

• OperatorAdded – Occurs when an operator is added.

• OperatorRemoved – Occurs when an operator is removed.

6.2.3 Data Changed Events

The GateDevice object exposes several events that get fired when important data changes on

the device. These events can be subscribed to if there is a need to perform actions when these

events occur. The supported events include:

• OperatorPrintsChanged – fired when operator prints change on the device. They may

have been added, updated or removed.

• UserPrintsChanged – fired when user prints change on the device. They may have been added, updated or removed.

• PropertiesChanged – fired when properties change on the device. They may have been added, updated or removed. Note: this does not include changes to PropertyRecord.DeviceOnly properties.

• CertificatesChanged – fired when certificates change on the device. They may have been added, updated or removed.

• CRLsChanged – fired when CRLs (Certificate Revocation Lists) change on the device. They may have been added, updated or removed.

� 47

Proprietary

6.3 Keypad

The SecurAPI.PACSDevice.Hardware.PACSKeypad object provides an IKeyHandler

implementation for the MiY device keypad. The GateDevice.Keyhandler provides convenient

access to this object for detecting key presses.

The keypad is designed to only handle a single key press at a time. Before a second key press is

announced to the handler the first finger must have left the detection field.

Additionally keypad events are buffered, such that the keys can be pressed and queued by the

device. Each event is then passed to the handlers when available.

Note: The keypad is designed to compensate automatically for changes in humidity,

temperature, and air density due to elevation. Due to this design the keypad is not meant for

“press and hold” actions. When fingers are left in the field, the keypad may slowly calibrate and

be come less sensitive. Once the finger is removed from the field, it will slowly calibrate back to

normal. Though in normal cases this will not be an issue, as an example, it is not recommended

to hold the button for longer than 20 minutes, as it will take a few minutes to return to normal

after the button is released.

6.4 LEDs

The SecurAPI.PACSDevice.Hardware.LED namespace provides methods for controlling the device

LEDs.

The PACSLed object represents a single device LED and can be used to turn on/off, blink and

set the color of a particular LED. There are a total of twelve (12) supported LEDs, which are

defined in the LedNumber enumeration. There are convenient PACSLed classes that extend

PACSLed to define each of these LEDs, which you can use to control a particular LED. Some LEDs

are capable of RGB (red, green, blue) where as some are only capable of a limited number of

colors. These include:

• BacklightLed

� 48

Proprietary

• GuidanceContactlessCardLed

• StatusLed

• GuidanceContactCardLed

• UV-Led

• GuidanceKeypadLed

� 49

Proprietary

• IconContactCardLed

• IconContactlessCardLed

• IconKeypadLed

• IconFingerLed

• IconFaceLed

� 50

Proprietary

• IconLockLed

Simply instantiate one of these classes and you have basic control over that particular LED.

The PACSLed object defines the attributes of a particular LED. To perform the actual LED

actions, it requires an IPACSLedManager object.

SecurAPI.PACSDevice.Hardware.LED.PACSLedManager is the default implementation, which you

can easily access from GateDevice.LedManager object when creating PACSLed objects. The

PACSLedManager provides various methods for controlling groups of LEDs and some specific

actions performed by the MiY device, such as pulsating the LEDs on top of the device and

indicating the device.

6.5 Flash Storage

The sandbox framework provides the ability to store limited amounts of data in persistent on-

board device flash storage, which is maintained across:

• Device reboot

• Power cycling

• OS Updates

• Factory Resets

Using the SecurAPI.PACSDevice.Hardware.PACSFlash object, simply call FlashRead and

FlashWrite to read and write starting at offset 0 up to offset 524,288. This section of the flash is

completely reserved for any data the needs to be preserved between OS updates.

Note: Flash memory (NAND) does have a write limitation (50,000 within the same 1K block);

writing multiple times into flash may cause the flash memory to corrupt. Remember to write

critical data within flash in multiple blocks several kilobytes away from each other. Additionally

it is not recommended to store information that is rapidly changing. It is recommended for

critical identifiers that are meant to be read, proprietary license keys, or identifiers for

important IP cameras they are linked to.

For data that may change rapidly, it is recommended to store this information on the Storage

Card.

� 51

Proprietary

6.6 Smartcards

The sandbox framework provides a comprehensive set of contact and contactless smart card

and reader functionality in the SecurAPI.SmartCard namespace of the SecurAPI and

SecurAPI.SmartCard assemblies. The smart card support includes:

• Low level PCSC reader implementations for exchanging APDUs with ISO 7816 smart

cards (SecurAPI.SmartCard.Reader.PCSC).

• High level abstraction layer for reading Java based contact smart cards with applets and containers.

• Low level support for reading/writing Mifare, DESFire and HID iClass (SecurAPI.SmartCard.ContactlessCard).

• High level Mifare, DESFire and HID iClass support for reading/writing 3M Cogent formatted user cards.

• Card detection helper class for detecting card insertion and removal (SecurAPI.SmartCard.Reader.CardDetector).

• BER-TLV, TV, CBEFF and FASCN parsers.

Smart card capabilities of each MiY device may differ depending on the type and model of the

MiY-device. HID readers, at the time of this writing, are only available on the MiY-ID readers and

must be ordered with and HID reader from your local distributor.

6.7 Sounds

The SecurAPI.PACSDevice.GateSounds object provides the ability to play supported device

sounds. All supported device sounds are customizable by simply replacing the appropriate wav

file in the Sounds folder of your GateApp package. When creating your GateApp package with

the MiY Package Studio, create a Sounds folder and add your versions of the following sounds.

The supported sounds are:

• AccessGranted.wav • AccessDevied.wav • KeyPress.wav • UserActionDetected.wav • CardReadBegin.wav • CardReadEnd.wav • FingerCaptureEnd.wav • Indicate.wav

The GateApp can be easily customized by replacing the wave files directly. It’s recommended to

use short audio files since the sound functions are blocking functions and will wait until the

whole sound is played before moving on in the code. It’s also recommended to keep the sound

files mono-channel to reflect the single speaker design. Smaller audio files also take up less

memory and will improve the performance of the GateApp.

The GateSounds object will also play any custom wav file via the following methods:

� 52

Proprietary

public static void PlaySound(string wavFile) public static void PlaySoundAsync(string wavFile)

6.8 Images

The SecurAPI.PACSDevice.GateImages object provides access to all standard GateApp images.

All supported images are customizable by simply replacing the appropriate image file (PNG

format) in the Images folder of your GateApp package. When creating your GateApp package

with the MiY Package Studio, create an Images folder and add your versions of the following

images. The supported images are:

• HeaderPanelBackground.png – The header bar image at the top of the application

where the date and time is displayed. • MainPanelBackground.png – The main panel background in the middle of the screen

for all normal application operations. This is where text and animations are displayed. • MenuPanelSixIconBackground.png – The background for Admin screens with six icons. • MenuPanelSixIconBackground_SmallKeypad.png – The background for Admin screens

with six icons on the smaller MiY-Card device. • FooterMenuButtonNormal.png – The normal, non-selected state image for each of the

4 (MiY-ID) or 3 (MiY-Card) menu buttons at the bottom of the screen. • FooterMenuButtonSelected.png – The selected, button pressed state image for each of

the 4 (MiY-ID) or 3 (MiY-Card) menu buttons at the bottom of the screen. • MenuPanelBackground.png – The background image for all Admin menu panels that

are not icon selection menus, which use the SixIconBackground images. • InstructionBarBackground.png – The images for the instruction bar that is displayed

on data grids in the Admin menu. For the smaller MiY-Card device only. The instruction bar is displayed when initially on a data grid panel, such as the Security Panel, to show the *Back/#OK options on the smaller keypad.

All standard images are available in the MiY SDK installation folder under resources\images.

6.9 Animations

The SecurAPI.PACSDevice.GateAnimations object provides access to all standard GateApp

animations. All supported animations are customizable by simply replacing the appropriate

image file (PNG format) in the Images folder of your GateApp package. When creating your

GateApp package with the MiY Package Studio, create an Images folder and add your versions

of the following animations. Note: the animations are images in a storyboard format that is

loaded and looped through for the frame width of each image. All images have a frame width

of 120. You can make the storyboard longer (more frames), but you must use a width of 120

for each frame and a height of 200.

The supported animations are:

• MiY_Progress_120x200_24.png • MiYCard_Contact_120x200_24.png • MiYCard_Contactless_120x200_24.png • MiYCard_ContactlessContact_120x200_24.png • MiYCard_ContactlessContactPINFinger_120x200_24.png • MiYCard_ContactlessPINFinger_120x200_24.png • MiYCard_Finger_120x200_24.png • MiYCard_PIN_120x200_24.png • MiYCard_PINFinger_120x200_24.png

� 53

Proprietary

• MiYID_Contact_120x200_24.png • MiYID_Contactless_120x200_24.png • MiYID_ContactlessContact_120x200_24.png • MiYID_ContactlessContactPINFinger_120x200_24.png • MiYID_Finger_120x200_24.png • MiYID_PIN_120x200_24.png • MiYID_PINFinger_120x200_24.png

All standard animations are available in the MiY SDK installation folder under resources\images.

6.10 SSL

The SecurAPI.Net.SSL namespace provides methods for SSL socket communication that is based

on OpenSSL. This namespace provides SecurSocket and SslContext objects for establishing

secure communication with a custom protocol and also includes some higher level client/server

class for exchanging SecurProtocol formatted messages.

� 54

Proprietary

7 MiY Integration Points

The MiY framework supports various integration points out-of-the-box, at the server, database

and device. This allows for a wide range of custom integration possibilities without changing

the core product.

� 55

Proprietary

7.1 Server Integration

The MiY Service Framework uses the MEF (Microsoft Extensibility Framework) library to build

extensions. The currently supported extensions are IServerModule and ISecurService.

These allow the MiY Security Service to execute extensions within the existing service so that

simple background tasks or scheduled processes can be performed easily. It also allows for

extensions of functionality for handling customized messages over the encrypted MiY-

Framework communication.

7.1.1 IServerModule Extension

You can create an IServerModule by adding the following MEF attribute to a class that

implements SecurAPI.Composition.IServerModule. All IMessageHandler from the

IServerModule will be loaded when the server is started to handle incoming messages from

MiY devices. This allows custom SecurProtocol device messages to be handled and responded

to by the server.

[System.ComponentModel.Composition.Export(typeof(IServerModule))]

7.1.2 IServerService Extension

You can create an ISecurService by adding the following MEF attribute to a class that

implements SecurAPI.Composition.ISecurService. It is assumed that an ISecurService

will create its own thread that is started when Start() is called and stopped when Stop() is

called. This allows the addition of a custom service to the MiY server.

[System.ComponentModel.Composition.Export(typeof(ISecurService))]

� 56

Proprietary

7.2 ScriptTask Database Table

New to version 1.5 of the MiY framework is the addition of an MiY SecurSetup database

integration point called the ScriptTask table. The ScriptTask table allows for direct database

integration with the MiY server to execute custom tasks on a schedule. For example, this table

can be used to change the security level of the devices on demand.

As of version 1.5, the ScriptTask table only supports changing a system level property.

However, version 1.6 will allow for more custom tasks using the BOO scripting language. For

any additional needs, please contact 3M Cogent for support.

The dbo.ScriptTask table is defined as follows:

ScriptTaskId (PK, uniqueidentifier, not null) – Unique Task ID

ScriptName (nvarchar(255), not null) – Name of script

Interval (int, not null) – Interval (Seconds) to run the script if Repeat = 1

LastRun (datetime, null) – Time the script was last run by the server

StartTime (datetime, not null) – Time the script was started

CreatedOn (datetime, not null) – Time the script was created

Repeat (bit, not null) – Repeat flag (0 = Do Not Run, 1 = Run on Interval)

Script (nvarchar(max), not null) – The script code to execute in the BOO scripting language

Value (nvarchar(max), not null) – The value to set, as expected by the Script

StateId (FK, int, not null) – The State of the script task (0 = Disabled, 1 = Enabled, 2 =

ScriptError)

For example, the following script updates the verification mode of the GovGate device

application, where @Value is the mode of the GovGate application. The server will process the

script on the Interval and set LastRun to the UTC of the udpate and the StateId back to 0

(Success) or 2 (Error) based on the result.

UPDATE [dbo].[ScriptTask] SET [Repeat]=1, [Value]=@Value, [StateId]=1 WHERE [ScriptTaskId]='C7D556FE-5ACD-4e65-84E8-ED03C8FEC243'

� 57

Proprietary

8 Glossary of Terms

GateApp A .NET Compact Framework based application that provides the primary user

interface and functionality for the MiY devices. Each MiY device is shipped with a

standard GateApp providing the end-user experience (menus, prompts, LEDs,

sounds, etc.) and access control functionality (inputs, outputs, communication,

enrollment, matching, etc.) of the MiY product line. The standard GateApps are

based on the Sandbox framework and can be replaced by 3rd party integrators.

MiY (Make-It-Yours) Used to describe the ability of a 3rd party integrator to customize

or replace the standard device and server functionality of the MiY platform. MiY

symbolizes the open and flexible nature of the platform

OTG (On-The-Go) Used to refer to the client USB port on the bottom of the MiY device

for connecting a PC or laptop for development or administration.

Sandbox A .NET (Full and Compact) based, extendible framework providing all core

functionality, including message protocols, smart cards, biometrics, etc., used

by the MiY Security Server and devices.

WCF (Windows Communication Foundation) a .net based windows communication

framework for web service programming

Nurse A MiY Framework specific process that is solely maintained by 3M Cogent. The

purpose of this process is to ensure the health and responsiveness of the device

and GateApp

MiY Product Line GateApp Development...

Documents

Transcript of MiY Product Line GateApp Development...