SUPREMA ACCESS CONTROL AND TIME ATTENDANCE PLATFORM - BioStar 2

TECHNICAL SPECIFICATIONS
2023-07-31

ABBREBIATIONS
AC Access Control

AES Advanced Encryption Standard

AoC Access-on-Card

APB Anti-passback

Auth Authentication

DB Database

DHCP Dynamic Host Configuration Protocol

HTTPS Hypertext Transfer Protocol over Secure Socket

PIN Personal Identification Number

SHA Secure Hash Algorithm

TA Time Attendance

VE Video Event

PART 1 - GENERAL
This document intent is to specify the minimum criteria for the design, supply, installation, and commissioning of the
BioStar 2 which is a web-based security platform.

1.01 SUMMARY

A. Section includes a web-based security platform requirements

B. Product - A web-based security platform, capable of managing access control system,

managing time attendance system, recording video log with Ethernet network connectivity,
and managing visitor system.

1.02 SUBMITTALS

1.03 QUALIFICATIONS

A. All installation, configuration, and setup of the platform shall provide by qualified technicians.

B. Installers shall be trained by the Manufacturer to install, configure and commission the access
control and time attendance system.

END OF SECTION
PART 2 - PRODUCTS
2.01. MANUFACTURER

A. Suprema Inc.
17F Parkview Office Tower, Jeongja, Bundang, Seongnam, Gyeonggi, 463-863, Republic of Korea
Tel: 82-31-783-4502, Fax: 82-31-783-4503, www.supremainc.com
http://support.supremainc.com

B. This specification is based on BioStar 2.8.12 manufactured by Suprema Inc.

2.02. MINIMUM SYSTEM REQUIREMENT

A. Access Control and Time Attendance

1. Small Business Server

a. Total devices: 50
b. Computer
1) 2 GHz Dual Core CPU
2) 8 GB RAM
3) 512 GB SSD
c. Operating system
1) Windows 7 (SP1 or later)
2) Windows 8
3) Windows 8.1
4) Windows 10
5) Windows 11
6) Windows Server 2008 R2 (SP2 or later)
7) Windows Server 2012
8) Windows Server 2012 R2
9) Windows Server 2016
10) Windows Server 2019
11) Windows Server 2022
▪ Windows virtual environments on Mac Boot Camp are not supported.
d. Database
1) MariaDB 10.1.10
2) MS SQL Server 2012
3) MS SQL Server 2014 SP2
4) MS SQL Server 2016 SP1
5) MS SQL Server 2017
6) MS SQL Server 2019
e. Client Web Browser: Google Chrome 75 or later

2. Medium Business Server

a. Total devices: 100
b. Computer
1) 4 GHz Quad-core CPU
2) 16 GB RAM
3) 1 TB SSD
 c. Operating system
1) Windows 7 (SP1 or later)
2) Windows 8
3) Windows 8.1
4) Windows 10
5) Windows 11
6) Windows Server 2008 R2 (SP2 or later)
7) Windows Server 2012
8) Windows Server 2012 R2
9) Windows Server 2016
10) Windows Server 2019
11) Windows Server 2022
▪ Windows virtual environments on Mac Boot Camp are not supported.
d. Database
1) MariaDB 10.1.10
2) MS SQL Server 2012
3) MS SQL Server 2014 SP2
4) MS SQL Server 2016 SP1
5) MS SQL Server 2017
6) MS SQL Server 2019
e. Client Web Browser: Google Chrome 75 or later

3. Enterprise Business Server

a. Total devices: 1,000
b. Computer
1) 4 GHz 16 Core CPU
2) 32 GB RAM
3) 1 TB SSD
c. Operating system
1) Windows 7 (SP1 or later)
2) Windows 8
3) Windows 8.1
4) Windows 10
5) Windows 11
6) Windows Server 2008 R2 (SP2 or later)
7) Windows Server 2012
8) Windows Server 2012 R2
9) Windows Server 2016
10) Windows Server 2019
11) Windows Server 2022
▪ Windows virtual environments on Mac Boot Camp are not supported.
d. Database
1) MariaDB 10.1.10
2) MS SQL Server 2012
3) MS SQL Server 2014 SP2
 4) MS SQL Server 2016 SP1
5) MS SQL Server 2017
6) MS SQL Server 2019
e. Client Web Browser: Google Chrome 75 or later

B. Video Log
a. Computer (Minimum)
1) 4 GHz Quad-core CPU
2) 8 GB RAM
3) 2 TB HDD
b. Computer (Recommended)
1) 4 GHz Quad-core CPU
2) 16 GB RAM
3) 4TB HDD

C. BioStar 2 API Server

a. Computer (Minimum)
1) 4 GHz Quad-core CPU
2) 8 GB RAM
3) 1TB Free disk space
b. Computer (Recommended)
1) 4 GHz Quad-core CPU
2) 16 GB RAM
3) 2 TB Free disk space

2.03. PERFORMANCE CRITERIA

A. System Architecture

1. A web-based security platform, capable of managing access control system, managing time
attendance system, recording video log with Ethernet network connectivity, and managing visitor
system.
a. Access Control
1) User management
2) Device management
3) Door management
4) Elevator management
5) Zone management (Anti-passback, Fire Alarm, Schedule Lock, Schedule Unlock,
Intrusion Alarm, Interlock, Muster, Occupancy Limit)
6) Access group management
7) Monitoring (Event log, Real-time log, Device status, Door status, Floor status, Zone
status, Image log, Alert history and Graphic Map)
8) Alarm management
9) RFID card management
10) Audit trail
11) Report
b. Time Attendance
1) Time code management
 2) Shift management
3) Schedule template management
4) Overtime rule management
5) Schedule management
6) Leave management
7) Monitoring (Leave and Exception)
8) TA report generation
c. Video Log
d. Visitor Management

2. Standard Transmission Control Protocol (TCP/IP) networking communication protocol between

servers, clients, and devices.

3. Support Dynamic Host Configuration Protocol (DHCP) or Static IP address.

4. Support network configuration.

5. Support Network Time Protocol (NTP).

6. Support HTTPS communication protected by Secure Socket Layer (SSL) between the client (Web
browser) and platform.

7. Support AES-256 for User Name, Fingerprint Template, and Face Template.

8. Support AES-256 for Fingerprint Template and Face Template (Optional).

9. Support SHA-256 for PIN and Password.

10. Support export to CSV or PDF for list items.

B. Installation Wizard

1. Separate standalone installation package.

2. Shall support English and Korean.

3. Shall allow a user to perform the initial configuration.

a. Shall set the password for the admin account.
b. Shall select the database installation (MariaDB 10.1.10 or Custom).
c. Shall set the root password for MariaDB.
d. Shall set the custom database information including Server IP, Server Port, AC DB name,
AC DB login information, TA DB login information, TA DB name, VE DB login information,
and VE DB name.
e. Shall check the database connection.
f. Shall generate the database tables.
g. Shall change the port number for server.
h. Shall install the USB Device Agent for BioMini and DUALi DE-620.

C. License and System Capacity

1. License for Access Control

Items Starter (Free) Basic Standard Advanced Professional Enterprise

Access Max. User Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited

Control
Max.
1,000 1,000 1,000 1,000 1,000 1,000
Device

Max. Door 5 20 50 100 300 1,000

 Zone - - Supported Supported Supported Supported

Elevator - - - Supported Supported Supported

Graphic
- - - Supported Supported Supported
Map

Server
- - - Supported Supported Supported
Matching

Cloud - - Supported Supported Supported Supported

Active
- - - Supported Supported Supported
Directory

2. License for Time Attendance

Items Starter (Free) Standard Advanced Professional

Number of Users 100 500 1,000 Unlimited

3. License for Video

Items Starter (Free) Video License

Video Log - Supported

4. License for Visitor

Items Starter (Free) Visitor License

Visitor Management - Supported

D. Interface

1. Use a Web-based client user interface for configuration, administration, management, and
monitoring.

2. Support for multi-lingual UI

a. English and Korean available.
b. Other languages available via language pack from website. (Supported languages may
vary depending on the BioStar 2’s version)
1) German (Deutsch)
2) Latin Spanish
3) Spain Spanish
4) French
5) Italian
6) Japanese
7) Dutch (Nederlands)
8) Portuguese
9) Chinese
10) Russian
11) Arabic
12) Romanian

E. User

1. User ID
a. Support numeric user ID.
b. Support alphanumeric user ID (Optional).

2. Supports expiration dates (Period) for the user.

3. Supports card printing for user.

4. Operator levels
a. Provide for a maximum of 6 pre-defined levels.
b. Provide for an unlimited number of custom operator levels.
c. Each level shall have a set of permissions and shall be able to be configured for different
operator levels.

5. Custom Field
a. Provide 3 types of custom user fields.
1) Support the Text Input Box, Number Input Box, and Combo Box
b. Provide for a maximum of 20 custom fields.

6. Fingerprint
a. Support up to 10 fingers (20 templates) per user.
b. Support 3 types of fingerprint template format (SUPREMA / ISO 19794-2 / ANSI 378).

7. Face
a. Support up to 5 faces (150 templates) per user.

8. Visual Face

a. Support up to 2 faces per user and 20 templates (40 templates) per face.
 b. Support Visual Face Mobile Enrollment.

9. Wiegand Card
a. Provide for a maximum of 15 customized formats including 5 pre-defined formats.
b. Support card formats with total bits, facility code, customizable ID fields, and parity bits.
c. Provide for a maximum of 5 pre-defined formats.
1) 26 bit SIA Standard-H10301
2) HID 37 bit-H10302
3) HID 37 bit-H10304
4) HID Corporate 1000
5) HID Corporate 1000 48bit

10. Smart Card

a. Support 3 types of smart card layout and mobile card.
1) MIFARE, iCLASS, DESFire, iCLASS Seos and Mobile
b. Store the fingerprint templates on the smart card up to 4. (Access-on Card)

11. Mobile Access

a. Support the connection with the Suprema Mobile Portal.
b. Issue and revoke mobile access cards remotely.

12. QR/Barcode
a. Support 2 types of QR/Barcode.
2) BioStar 2 QR: Directly issue a QR code that contains an encrypted PIN and card ID on
BioStar 2.
3) QR/Barcode: Register users with QR/Barcodes issued from 3rd-party systems.

13. Import/Export User Information via CSV file

a. Support import and export data in Comma-separated Values (CSV) file format.
b. Support multiple languages.
c. Allow the user to import/export the user information and card information in CSV file.
d. Support the auto/manual mapping of CSV fields to the database fields.

14. Support long-term idle user management.

F. Device

1. Support auto search and manual search for a device.

2. Allow the user to change the device settings and perform the action that includes:
a. Firmware upgrade
b. Factory reset
c. Lock/Unlock
d. Time zone
e. Time synchronization
f. Network configuration
g. Serial (RS-485) configuration
h. Authentication settings
i. Card format settings
j. Trigger & action
k. Time attendance settings
 l. Administrator level
m. Display and sound settings
n. Wiegand settings
o. Auto synchronization with server
p. Thermal camera and mask settings

G. Door

1. Supported door configuration includes:

a. Two devices (entry device and exit device) for one door
b. Entry device for one door with exit button
c. Entry device for one door without exit button

2. Support two types of relay setting for the exit button and door sensor.
a. Normally open and normally closed

3. Allow the user to configure the door settings that include:

a. Entry device selection
b. Relay selection for a door lock
c. TTL input port for an exit button
d. TTL input port for a door sensor
e. Relay release time for door lock
f. Dual authentication settings
g. Held open time and alarm
h. Forced open alarm
i. Anti-passback alarm

H. Elevator

1. Support the floor button control.

2. Support auto/manual mapping of floor names to the relay numbers.

3. Allow the user to configure the floor control that includes:

a. Controller selection
b. Reader selection
c. Module selection
d. Total number of floors
e. Relay release time for the floor button
f. Dual authentication settings
g. Tamper port setup
h. Alarm configuration
i. Trigger & Action

I. Zone

1. Anti-passback
a. User shall be able to define the areas and assign the entry devices and exit devices to
configure an anti-passback zone.
b. Support the global APB zone which can be set with all devices enrolled in BioStar 2.
c. Support the local APB zone which can be set with the entry devices and exit device
connected with RS-485.
 d. Allow the user to configure an anti-passback zone that includes:
1) APB zone mode (Global or Local)
2) Temporary activation or deactivation of the APB zone
3) APB type (Hard APB or Soft APB)
4) Auto reset time
5) Entry device and exit devices selection for the APB zone
6) Network failure action
7) Customizable signal output for alarm
8) Bypass user group configuration

2. Fire Alarm
a. User shall be able to define the areas and assign the doors and/or elevators to configure a
fire alarm zone.
b. Support the global fire alarm zone which can be set with all devices enrolled in BioStar 2.
c. Support the local fire alarm zone which can be set with the entry devices and exit device
connected with RS-485.
d. Allow the user to configure a fire alarm zone that includes:
1) Fire alarm zone mode (Global or Local)
2) Temporary activation or deactivation of the Fire Alarm zone
3) Door and/or elevator selection for the fire alarm zone
4) Customizable signal output for alarm

3. Scheduled Lock
a. User shall be able to define the areas and assign the doors and schedule to configure a
scheduled lock zone.
b. Allow the user to configure a scheduled lock zone that includes:
1) Temporary activation or deactivation of the Scheduled Lock zone
2) Door lock method selection
3) Door and schedule selection for the scheduled lock zone
4) Customizable signal output for alarm
5) Bypass user group configuration

4. Scheduled Unlock
a. User shall be able to define the areas and assign the doors and schedule to configure a
scheduled unlock zone.
b. Allow the user to configure a scheduled unlock zone that includes:
1) Temporary activation or deactivation of the Scheduled Unlock zone
2) Started by user authentication option
3) Door and schedule selection for the scheduled unlock zone
4) Access group where the user belongs who can start a scheduled unlock

5. Intrusion Alarm
a. User shall be able to define the areas and assign the doors to configure an intrusion alarm
zone.
b. Support the global intrusion alarm zone which can be set with all devices enrolled in
BioStar 2.
c. Support the local intrusion alarm zone which can be set with the entry devices and exit
device connected with RS-485.
d. Allow the user to configure an intrusion alarm zone that includes:
 1) Intrusion alarm zone mode (Global or Local)
2) Temporary activation or deactivation of the Intrusion Alarm zone
3) Door selection for detecting intrusion
4) Arm and/or disarm settings
5) Customizable signal output for detecting intrusion alarm
6) Customizable signal output when a specified event occurs

6. Interlock

a. User shall be able to define the areas and assign the doors to configure an interlock zone.

b. Support the local interlock zone which can be set with the devices connected to CoreStation
with RS-485.
c. Allow the user to configure an interlock zone that includes:

1) Temporary activation or deactivation of the Interlock zone

2) Door selection for the interlock zone

3) Option to detect the user's stay in the interlock zone

4) Customizable signal output for alarm

7. Muster

a. User shall be able to define the areas and assign the entry & exit devices and the access
group to configure a muster zone.

b. Support the global muster zone which can be set with all devices enrolled in BioStar 2.

c. Allow the user to configure a muster zone that includes:

1) Temporary activation or deactivation of the Muster zone

2) Door and access group selection for the muster zone

3) Maximum amount of time that user can stay in the muster zone

4) Customizable signal output for alarm

8. Occupancy Limit

a. Users shall be able to define the areas and assign the entry & exit devices and limit the count
to configure an occupancy limit zone.

b. Support the global occupancy limit zone, which can be with FaceStation F2 and FaceStation
2 added on BioStar 2.

c. Allow the user to configure an occupancy limit zone that includes:

1) Temporary activation or deactivation of the occupancy limit zone

2) Entry and exit devices selection for the occupancy limit zone

3) The maximum number of people who can enter the Occupancy limit zone

J. Access Control

1. Provide the access permission status by four pre-defined filters.

a. Door permission by Access Group
b. Elevator permission by Floor Level

2. Access Level
a. Support the user to create an access level which is combined with the doors and
schedules.
 3. Floor Level
a. Support the user to create a floor level which is combined with the elevators, floor names,
and schedules.

4. Access Group
a. Support the user to create an access group for door access permission which is combined
with the access levels and user groups/individual users.
b. Support the user to create an access group for floor access permission which is combined
with the floor levels and user groups/individual users.

K. Monitoring

1. Provide export the access control event list to the CSV file.

2. Support the filter functionality for sort.

3. Provide all monitoring features of the access control system that includes:
a. Event log
b. Real-time log
c. Device Status
d. Door Status
e. Floor Status
f. Zone Status
g. Alert History
h. Graphic Map View

4. Provide the following operations for the selected door in Door Status.
a. Lock the door manually
b. Unlock the door manually
c. Release the manual lock/unlock
d. Open the door temporarily
e. Clear all door alarm
f. Clear the APB alarm

5. Provide the following operations for the selected floor in Floor Status.
a. Lock the floor manually
b. Unlock the floor manually
c. Release the manual lock/unlock
d. Open the floor temporarily
e. Clear all floor alarm

6. Provide the following operations for the selected zone in Zone Status.
a. Clear the APB alarm
b. Clear all alarm

L. Video

1. Record the video when occurs the specified access control event at door.

2. Support the user to change the video file path.

3. Support the user to change the weeks to keep the recorded files.

4. Support NVR setup and IP camera setup.

5. Support NVR manufacturers including:

 a. ACTi
b. Dahua
c. Hikvision

M. Time Attendance

1. Support the user to configure a time attendance rule and tracking the TA records including:
a. Time code
b. Shift
c. Schedule Template
d. Rule
e. Schedule
f. TA Report

2. TA report shall include 8 pre-defined reports type that can be customized by the user:
a. Daily
b. Daily Summery
c. Individual
d. Individual Summery
e. Leave
f. Exception
g. Edit History
h. Working alarm time

3. Support the filter functionality for customized TA report.

4. Support the user to export the TA reports as CSV or PDF files.

5. Support the user to modify the TA records.

N. Visitor
1. Provide the visit application page for visitors:

a. Support the terms and conditions and the privacy policy information for visitors.

b. Support the fingerprint enrollment and card issuance for visitors.

c. Support to the USB fingerprint scanner connection.

1) BioMini

2) BioMini Plus

3) BioMini Plus 2

d. Support the shortcut of the visitor application page.

2. Provide the visitor management menu:

a. Support the list of registered, checked in, checked out, and total visitors.

b. Support the visitor search.

c. Support access control for visitors.

O. System Alert

1. Provide the user to 50 events for system alert include:

 Device Disconnection Detected
 Device restarted
 RS-485 disconnected
 Tamper on
 Supervised Input (Short)
 Supervised Input (Open)
 AC Power Failure
 Forced door opened
 Held door opened
 Forced door open alarmed
 Held door open alarmed
 Enable all floor relays
 Access denied (Exceeded threshold temp.)
 Access denied (Temp. not measured correctly)
 Access denied (Mask not detected)
 Access granted (Soft temp. violation on check only)
 Access granted (Soft mask violation on check only)
 Access granted (Soft temp. and mask violation on check only)
 Access denied (Exceeded threshold temp. on check only)
 Access denied (Temp. not measured correctly on check only)
 Access denied (Mask not detected on check only)
 Abnormal temp. detected (Exceeded Threshold temp.)
 Abnormal temp. detected (Temp. not measured correctly)
 Mask not detected
 Anti-passback zone alarm detected
 Fire alarm zone alarm detected
 Scheduled lock zone alarm detected
 Occupancy Full Detected
 Occupancy Availability Recovered
 Exit Occurred While Occupancy Count Zero
 Occupancy Count Alert 1 Detected
 Occupancy Count Alert 2 Detected
 Intrusion alarm detected
 Interlock door open denied alarm
 Interlock door open denied alarm (Occupied)
 Occupancy Limit Violation (Count Full)
 Muster zone alarm detected
 1:1 authentication failed
 1:1 duress authentication succeeded
 1:N authentication failed
 1:N duress authentication succeeded
 Access denied (Invalid access group)
 Access denied (Disabled user)
 Access denied (Invalid period)
 Access denied (Blacklist)
  Access denied (Hard anti-passback)
 Access denied (Forced lock schedule)
 Access denied (Soft anti-passback)
 Fake Fingerprint Detected
 Access Denied (Anti-tailgating)

P. Audit Trail

1. Provide the 2 pre-defined filters

a. Last 1 month
b. Last 3 months

2. Support the user to create a filter using each field item that includes:
a. Datetime
b. User
c. Operator Level
d. IP
e. Category
f. Target
g. Action
h. Modification

Q. Security

R. Active Directory

1. Support the synchronizing user data stored in Microsoft Windows Active Directory to BioStar 2.

S. Mobile Access

T. Email Setting

U. Backup & Restore

END OF SECTION
PART 3 - EXECUTION

3.01. INSTALLER

A. Contractor personnel shall comply with all applicable state and local licensing requirements.

B. Installer and technician requirements

1. Shall be experienced and qualified to accomplish all work promptly.

3.02. PREPARATION

A. IP addressing shall be coordinated with the Owner’s responsible IT personnel.

3.03. INSTALLATION

A. Control signal, communications, and data transmission line grounding shall be installed as necessary
to preclude ground loops, noise, and surges from adversely affecting system operation.

B. Carefully follow the instructions in the manufacturers’ installation manual to ensure all steps have been
taken to provide a reliable, easy-to-operate system.

3.04. EXAMINATION

A. All network connections shall be tested for proper levels of performance.

END OF SECTION