Thales Gemalto Intelligent Document Reader AT10Ki


Product Use

With built-in networking and high-performance processing the Gemalto Intelligent Document Reader AT10Ki inspects, authenticates or captures data from electronic travel and identity documents quickly and reliably in cloud and virtual computing environments.

Designed for use in demanding border management scenarios, it also serves banking, hospitality, travel and any other industries where you need accurate and reliable document and ID verification and reading.

The design of the Gemalto AT10Ki is based on detailed and exhaustive analysis of field experience and numerous deployed projects. With a new “landing lights” LED feedback arrangement and document hold down clip it naturally encourages the correct placement and use of the reader, regardless if the user is left or right handed, maximizing first time read rate for faster customer processing. Thales has created a new stylish look that will fit into the décor of the most upmarket customer facing service desks.

iSeries Overview

The Intelligent “i” series readers include an embedded Arm® processor running Linux® meaning that for networked mode all the document processing is carried out on the reader. Ready for the cloud the Gemalto

AT10Ki uses web style encrypted JSON messaging to simplify application development, deployment and maintenance. For the operator and integrator this means:

  • The AT10Ki can connect to any mobile device, phone or tablet
  • The reader can be used in pool mode connecting to multiple devices (you can create reader farms)
  • A single computer can connect to multiple readers
  • Flexible install options
  • Lower development and life time IT costs
  • Direct connection with Software as a Service (SaaS) and enterprise back-end applications


  • On-board dual core Arm® Cortex® A9 processor with Linux® OS runs image processing and RFID functions in reader
  • Ethernet and WiFi network interfaces running the Web-APIhost interface
  • Browser accessible management console
  • Data & PII security built in by design
  • Easy integration to enterprise and SaaS applications for document authentication and verification, hotel property management systems and biometrics management
  • “Landing lights” & tick/cross user LEDs and new silk screen design makes document placement and reading very intuitive
  • Reads ID cards and barcodes placed at any rotation on the glass and presents images correct way up based on features in document
  • OCR data capture of the Machine Readable Zone (MRZ) & 1D/2D barcode reading from paper and mobile boarding passes
  • Reads and images multiple types of documents in Visible, Infra-red, ultra-violet and optional co-axial light using 36-bit color and true-color image matching technology to provide vibrant accurate colors and images can be saved in BMP or JPEG format
  • Anti-glare technology eliminates image artifacts due to reflective laminates or OVDs
  • Auto-triggeringofdocumentcapture–presenceofdocument is automatically detected
  • Hoodless operation in most environments using proprietary ambient light removal algorithms – even on UV images
  • User removable hood and optional document spine hold down clip provide flexibility for the user to operate in their preferred style
  • Optional rear hinged hood
  • Low scratch, Chemically Strengthened, fully bonded glass with oleophobic coating for low maintenance & easy cleaning
  • Glass can be supplied without Oleophobic coating option
  • Powered from USB, Power over Ethernet (POE) or external power supply
  • USB3.1 Type-CTM 5 Gbps interface supports legacy Gemalto SDK
  • Full management and diagnostic interfaces
  • Bluetooth® interface
  • Device, Operating System and language independent
  • IP54 rated against dust and water ingres


  • Quickly and simply connect the Gemalto AT10Ki to your network, tablets, phones and enterprise SaaS applications
  • Create a personal meet and greet experience by accessing the closest document reader from your tablet or mobile device using pools of Gemalto AT10Ki readers
  • Many user customizable features, intuitive user LEDs and “anywhere” placement make the reader simple to use and reduce operator stress and fatigue whether in constant or occasional use
  • Complete integrated system, reader, on-board image processing, OS, device management, network protocols and security for your faster development and deployment
  • Use of modern web interfaces and cloud/virtualized workstations reduces total cost of ownership for IT systems using document readers
  • Whether you deploy mobile, portable or fixed point workstations the WiFi, POE/Ethernet and USB3 connections provide installation flexibility
  • Simple phone app displays a barcode to provision a reader,either pre-deployment or by the end user
  • No PC required for network mode – reducing costs
  • More accurate document verification & face recognition due to glare/OVD suppression, high quality, enhanced dynamic range images and true-color image processing when used with add-on document authentication and live face recognition engines
  • Optional support for biometrically enabled travel documents and driving licenses containing contactless integrated circuit chips (eIDs, eDLs and ePassports)
  • Fast document processing, ease of placement and hands free RFID reading even on multiple stapled books allows operators to focus on the passenger resulting in faster passenger processing and improved detection of travelers of concern
  • A unique progress bar with Tick / Cross indicators make reading a document intuitive, helping to direct the user during a read and visually show the result of the read
  • New design of document spine hold down clip, holds down new books and works on multiple, stapled books
  • Reads 1D and 2D barcodes from paper and mobile devices

Download Datasheet

Reading Capability

The Gemalto Intelligent Document Reader AT10Ki reads the following documents:

  • ICAO compliant documents in near infrared (IR) per ICAO 9303 specification
  • One line Driving Licenses in near infrared (IR) per ISO18013 part 2 specification
  • 1D barcodes (2 of 5 interleaved, 2 of 5 industrial, Code 128, code 39, EAN-8 and EAN-13)
  • 2D barcodes used on BCBP and other documents (PDF 417, QR Code®, DataMatrixTM and Aztec formats) from paper documents and many mobile devices
    Reads using optional RFID antenna from contactless chips like eMRTD and eID according to:
  • Contactless IC reading for ePassports (LDS 1.7 & 1.8) including basic access control (BAC), passive/active authentication (PA/ AA), Chip Authentication (CA), Terminal Authentication (TA), extended access control (EAC v1/v2) supplementary access control (SAC) and PACE-CAM are supported
  • Contactless IC reading for eDL & iDL (electronic driving licenses to ISO18013 parts 2 &3 and ISO/CEI TR 19446) up to DG14 including basic access control (BAP v1), Password Authenticated Connection Establishment (PACE), passive/ active authentication (PA/AA), Chip Authentication (CA), Terminal Authentication (TA), supplementary access control (SAC) and extended access control (EAC v1) are supported

Reader Physical Interfaces

  • USB 3.1 with USB Type-CTM connector, SuperSpeed up to 5 Gbps Gen 1 Specification Revision 1.0 ®®
  • 10/100/1000 Mbps Ethernet to IEEE 802 .3
  • WiFi IEEE 802.11b/g/n standards up to 150Mbps with WPA/ WPA2/WEP
  • Bluetooth® v2.1, v3.0 and v4.0 (classic/Low Energy)
  • Optional ISO 14443 (13.56MHz) Type-A and Type-B RFID eMRTD reader. All standardized rates, up to 848 Kbps, read-out times depend on RFID tag, operating system and amount of data stored in the chip
  • Integrated USB 2.0 Hub in USB mode – 2 ports for external peripherals connected to upstream USB3 port via the hub1
  • Integrated USB 2.0 Hub in Networked mode – 4 ports for external peripherals

Software Upgrade

  • Software updates can be pushed to the reader via the Web-API over the network or locally using the browser interface
  • Reader can check in for updates with a customer hosted update server, either automatically or in when prompted via Web-API
  • All updates are digitally signed by Thales ensuring integrity & security

Identity Document Verification Option

Additional software provides Identity Document Verification including direct connection options with IDV and authentication back-end SaaS

Network Interface
The Web-API enables data and management of the reader over the Ethernet/WiFi network. It provides a similar feature set to the Gemalto Document Reader High Level API:

  • The Web-API uses encrypted JSON messages to configure the
    read sequence and retrieve data and events from the reader. The on-board SDK provides image processing, OCR decode, barcode and eID chip protocols.
  • Device discovery shows all the readers on the network and allows selection of a specific reader
  • Typical programming languages include SwiftTM, Java, WebAssembly (for JavaScript), C# and C++

Browser Management Console
Just like any network device the iSeries readers have a management console which can be accessed using a browser which provides:

  • Reader management including network parameter configuration • Manual reader provisioning
  • Test and diagnostics

Device Management
The Gemalto AT10Ki family provides:

  • Device provisioning capability for on-site & off-site network setup including network parameters, credentials, local descriptions, etc
  • Any iSeries reader can be provisioned straight out of the box from a barcode that contains all the parameters
  • Enterprise Services Framework for centralised fleet management
  • Browser interface to manage the device, networks, certificates and keys
  • Web-API interface to manage keys and certificates and show/select available readers
  • mDNS device discovery (Bonjour)

Device Security
Security has been designed into the Gemalto Intelligent Document Reader AT10Ki so that you don’t have to implement it which leads to faster and cheaper PII compliance:

  • Software updates are protected by digital signatures and secure server preventing unauthorized applications from being loaded
  • Data is protected in flight using AES-256 with Diffie-Hellman key exchange and server authentication (customer installed shared
  • WiFi protected by WPA/WPA2 protocols
  • Only authorized connections can be made to the reader via proprietary protocols
  • Personal data is not stored in the reader
  • Slot for Kensington® Security Lock

The reader illuminates documents in multiple wavelengths:

  • Near IR B900: 880nm, +/-5%
  • White visible: 400-700nm
  • Ultraviolet (UVA): 365nm
  • Co-axial (retroreflective) white light (400-700nm) for Thales ConfirmTM laminate (optional)


  • Sensor: 10 Megapixels, CMOS, RGB 36 bit color system for enhanced dynamic range
  • High resolution 700 DPI imaging with in-camera scalable images


  • FCC Part 15 Class A
  • CB report
  • US & CA ETL Listed
  • CE – RED, LVD & EMC
  • EU WEEE, REACH & RoHS Directive

Status Indicators

  • The reader provides user feedback status indicators:
  • Unique yellow Progress Bar
  • Red Cross and Green Tick
  • The readers perform a power-up self-test and indicate failure using status LEDs.


  • Powered from USB port, Power over Ethernet or via universal input external power supply1:
  • External PSU:
    Input voltage 100 – 240 VAC plus/minus 10%, Frequency 47 – 63
    Hz Detachable IEC320 AC mains power cable
  • Power Interface to IEEE® 802®.3af for a Powered Device (PD)
    typically 36-48V. Only for networked mode operation
  • From a single USB 3 (900mA) or USB 2.0 (500mA). Requires at least 1.5A using USB-C for optimum performance. Only for USB mode operation

Service & Maintenance

  • Two-year warranty
  • Annual maintenance agreement available
  • User changeable glass


  • Length: 18.7 cm (7.4”)
  • Width: 16.0 cm (6.3”)
  • Height: 6.5 cm (2.6”) without hood, 10.3 cm (4.0”) with hood
  • Weight: 1.1 kg (2.4 lbs)
  • Low scratch, low-iron glass with oleophobic coating for low maintenance & easy cleaning
  • Optional Chemically Strengthened glass to improve durability


  • Humidity: 20 to 95% (R.H. non-condensing)
  • Temperature: -10o to 50o C operating; -20o to 50o C storage
  • IP54 rating for dust ingress protection

Minimum host Specification in Net-worked mode

In Networked mode Thales provides a thin Messaging API which can run on any device, OS and language that supports JSON, WebSockets and ECDH key exchange, typically:

  • Windows® 7, Windows® 8.1 or Windows® 10 operating systems, 32 or 64 bit
  • Ubuntu and CentOS LTS, 32 & 64 bit
  • iOS and macOS for iPhone and iPads, etc
  • AndroidTMformobilephonesandtabletswithnetworkconnectivity
  • Java JVM

USB Mode Operation

Legacy compatibility is provided through USB mode for users who want to manage a migration to networked operation:

  • Compatible USB interface with AT10K reader using the same API interface provided by the Gemalto Document Reader SDK
  • Not possible to use USB mode and Networked mode concurrently
  • In USB mode the on-board processing is not used
  • For specifications of the AT10Ki USB mode please see the AT10K Technical Data Sheet and user manual