UNIT PARAMETER S ETTINGS Creating USER DEFINED PASS-THRU Format Options The user has the ability to add custom defined PASS-THRU formats to the VeriAdmin software. These will be added to the dropdown list in the BII_UNIT PARAMETER SETTINGS dialog box. In the installation directory there is a file called WFORMAT.DAT that contains all displayed Wiegand formats. WFORMAT.DAT contains both pre-defined formats and PASS-THRU formats. See below for and example contents of that file.
UNIT PARAMETER S ETTINGS For Example: Standard 26-bit Wiegand is -- PSSSSSSSSDDDDDDDDDDDDDDDDP (1 Parity bit, 8 SITE CODE bits, 16 ID bits, 1 Parity) - 26 total bits - ID Start Bit is 9 - (where first bit is 0) - ID Number of Bits is 16 This would be represented as: WIEGAND_PASS 26-Bit-Pass_Thru 26 9 16 And the text, “26-Bit-Pass_Thru” would be added to the dropdown box. Selection of this option would show the data in the associated boxes.
UNIT PARAMETER S ETTINGS AUX PORT SECURITY This allows the Administrator to set a password for the AUX port to DISABLE unauthorized AUX Port communications. The purpose is to prevent unauthorized users from accessing the AUX port unless the password is supplied to re-ENABLE the port. In the dialog, the current state is shown. The Administrator would select DISABLE and supply a numeric password, and press the SET button.
B ROADCAST PARAMETERS Broadcast Parameters The Broadcast window allows you to modify settings on all units in a networked environment at the same time (See Appendix B). Under most circumstances, you will use this window when communicating over the Host Port (recall that the Aux Port primarily is for communicating with a single unit). You will note that the window is similar to the Unit Parameters window. The PC baud rate will update automatically.
N ETWORK S TATUS Network Status The Net Status window displays the condition of all units networked. Comm Port TAB RED represents the currently selected unit You can click the mouse button on each Icon to make that UNIT the currently selected unit Pressing REFRESH will check all units on the selected COMM Port Figure 226: Network Status Window Each unit defined in the UNITIDS.DAT file is represented with a TAB for each defined Communications Port.
N ETWORK S TATUS The Veri* designates a unit is a VeriProx or VeriFlex. V-PASS designates a V-PASS product and “V-PASS-no” represents a V-PASS product with Auto Finger Detect turned OFF. A type of ‘MISMATCH’ indicates the UNITIDS.DAT file does not match the actual unit on the network. 63 © Copyright 2002, Bioscrypt Inc. All rights reserved.
ADVANCED ENROLLMENT Advanced Enrollment The Advanced Template Enrollment is the recommended tool for enrolling all templates. This allows multiple templates to be sampled and the corresponding template created. Users can sample different finger or multiple enrollments of the same finger. Each time an enrollment is sampled, the “best” template is identified between the current 3 samples. Users then have the option of ACCEPTing the enrollment of their choice.
ADVANCED ENROLLMENT The Advanced Enrollment process is as follows: 1. In the Template ID field, type in the Template ID (the template ID should be the proximity card ID number for the VeriProx or if a Wiegand IN device is used. Do not include a site code designation.) OR Press the FROM READER button and wave the card in front of the Wiegand INPUT device to read the ID from the card. 2. In the Index field, enter the index of the template. 3. Click any ENROLL button. 65 © Copyright 2002, Bioscrypt Inc.
ADVANCED ENROLLMENT 66 © Copyright 2002, Bioscrypt Inc. All rights reserved.
ADVANCED ENROLLMENT Figure 28: Advanced Enrollment – Finger Selection 4. A pop-up dialog box will allow the User to choose the finger to ENROLL. Choose which finger by clicking the corresponding checkbox. 5. The light on the current unit will glow amber requesting the enrollee to place a finger on the sensor. Nestle the Ridgelock into the first joint line on the finger. An image is scanned and both the image and corresponding template are displayed. The finger may be removed when the amber light goes out.
ADVANCED ENROLLMENT 68 © Copyright 2002, Bioscrypt Inc. All rights reserved.
ADVANCED ENROLLMENT Figure 29: Advanced Enrollment – Recommended Choice 7. Repeat Steps 3-6 to Enroll additional sample templates. A current template can be replaced by choosing the finger to be Enrolled and pressing the ENROLL button. NOTE: Users can indicate which finger by selecting the corresponding checkbox in the FINGER sub-window. The checkboxes represent the fingers as if both hands where placed flat on the display with fingertips touching as shown in Figure 26. 69 © Copyright 2002, Bioscrypt Inc.
ADVANCED ENROLLMENT Figure 30: Advanced Enrollment – Finger Selection Option 8. Although NOT recommended by Bioscrypt, users have the option of choosing a different Enrollment other then the one recommended. Simply press the ACCEPT button even though it is hidden by the red “NO” symbol. A warning message will be displayed to confirm this un-recommended action is desired. Figure 31: Advanced Enrollment – OVERRIDE Recommended Choice 9.
LED TABLE S ETTINGS LED Table Settings Choosing the LED Table Settings menu item will allow the user to define how the reader’s LED will function under specific operations. Selecting this option will display the dialog shown in figure 30. The dropdown selection box chooses the function (enroll, verify, idle, etc.) to modify. Below that is each possible state for the selected operation. Line 1 represents GREEN LED, Line 2 represents RED LED, and Line 3 represents the Buzzer.
SENSOR CONFIGURATION Sensor Configuration Note: This feature has been disabled in recent versions of VeriAdmin, including v4.3 Choosing the Sensor Configuration menu item will allow the reader’s sensor settings to be altered. It is recommended that only advanced users attempt to modify these settings since they can drastically affect the fingerprint reader’s performance. Please call Bioscrypt Technical Support with any questions before attempting modifications.
UPDATE FIRMWARE Update Firmware Choosing the Update Firmware menu item will allow the reader’s DSP firmware to be fieldupdated. Also, for V-Smart units, the external storage device (ESI) can also be programmed in the field. It is recommended that only advanced users attempt to perform this operation. Please call Bioscrypt Technical Support with any questions. Figure 36: Update Firmware Menu Option Choosing this option will begin the Update Firmware Wizard.
R ESTORE FACTORY D EFAULTS Restore Factory Defaults Choosing the Restore Factory Defaults menu item will allow the Bioscrypt reader to be reset to the default firmware setting. It is recommended that only advanced users attempt to use this operation. Please call Bioscrypt Technical Support with any questions. Figure 38: Reset BII_Unit to Factory Defaults Menu Option 74 © Copyright 2002, Bioscrypt Inc. All rights reserved.
R ESTORE FACTORY D EFAULTS Two options are given: RS-485 Default and RS232. The associated Factory Default settings are identified for each option. Proper communication must be established with the reader before this operation can successfully performed. Press the button of the option desired and each Parameter will be set on the reader. Figure 39: Reset Parameters NOTE: A Network ID of –1 is NOT valid for this operation. 75 © Copyright 2002, Bioscrypt Inc. All rights reserved.
TEMPLATE CONVERSION Template Conversion Choosing the Template Conversion menu item will allow the user to convert templates stored on the PC from the larger Searching templates used with the VPASS to the smaller 1:1 Verification Templates used with the VeriProx and VeriFlex (see Appendix C for details). It is recommended that only advanced users attempt to perform this operation. Please call Bioscrypt Technical Support with any questions.
TEMPLATE CONVERSION Using the Template Conversion Dialog, users can choose the Source (V-PASS template) and Destination (VeriProx/VeriFlex template) directories by pressing the appropriate STORAGE FOLDER button and selecting the desired directory. Next, highlight the V-PASS Searching templates that you wish to convert (or press the SEL ALL button to select all appropriate templates in the selected directory).
VERIFICATION ACTION R ESPONSE Verification Action Response Choosing the Verification Action Response menu item will allow users to customize the way the unit responds to a Verification Action. Under Normal operations, the Veri-Series unit will respond based on how a Verification Action was initiated. When a Wiegand INPUT initiates the action, a Wiegand OUTPUT is used to respond.
WIEGAND UTILITIES Wiegand Utilities (* requires firmware v3.2 or higher) Choosing the Wiegand Utilities menu item will allow users to define specific Administrator IDs that will not require a fingerprint to initiate the ENROLL and DELETE actions. Under Normal operations, ENROLL and DELETE COMMAND CARDS require a fingerprint verification to be performed that ensures the correct person is using the ADMIN card.
GETTING S ERVICE AND S UPPORT Getting Service and Support Bioscrypt, Inc. is available to provide information and assistance. Contact Bioscrypt using methods discussed below. Before calling, copy down the following version information about your unit: • Software • DLL • Algorithm • Kernel • PIC • ESI (if applicable) This can be found in the Help menu under the About menu. The ESI version can be found under the Smart Card Manager in the upper left (V-Smart only).
APPENDIX A – Q UALITY AND CONTENT Appendix A – Quality and Content Section A.1 - Basic Biometric Concepts Biometric Definitions Enrollment is the operation of scanning a fingerprint, determining the quality of the fingerprint scan, and storing a good template with associated data within the memory of the Veri-Series product.
APPENDIX A – Q UALITY AND CONTENT Scanning an Image When the unit properly reads a fingerprint, it looks for image quality and fingerprint content. When a raw image is collected from the sensor, the Veri-Series unit searches for the fingerprint core. Content scores are based upon the amount of non-ambiguous data in the region of the core. The higher the content, the greater the degree of useful information. See Section A.
APPENDIX A – Q UALITY AND CONTENT is not found and since all templates have been compared, the VERIFICATION is FAILED. NOTE: The initial finger scan takes ~0.5 seconds and each comparison takes ~0.5 seconds. So if the first template results in a successful verification, the total time is ~1.0 seconds. Successful verification on the second templates requires ~1.5 seconds, and so on. Section A.2 - Proper Finger Placement The basics for successful operation of the Veri-Series units are simple but important.
APPENDIX A – Q UALITY AND CONTENT the Veri-Series unit to reject the image during processing. Lightly moisturizing the finger will enhance the contrast of the print and provide more reliable verification. The increased sensitivity of the silicon sensor is dramatically reducing problems in this area. Image consistency Once a user’s fingerprint template has been enrolled, the best performance in the candidate matching process depends on consistency.
APPENDIX A – Q UALITY AND CONTENT Section A.3 - Using Content and Quality during Enrollments As described in section A.1, Quality and Content scores are returned in the enrollment process. These scores give an indication of the performance of the template enrolled. To a large degree, the verification algorithm compensates for deficiencies in image quality and loss of information content. Nonetheless, knowledge of these parameters and what they mean helps ensure optimal performance.
APPENDIX A – Q UALITY AND CONTENT Quality The quality score is based on how well the ridge pattern is defined within the fingerprint image that was enrolled. In other words, quality measures how clearly the unit imaged the fingerprint. Poor quality enrollments can result in an elevated rate of false rejection making it difficult for the user to verify reliably. The score is given in stars («) and ranges from zero to five stars, with five being the best quality (rarely obtained) and zero being the worst.
APPENDIX A – Q UALITY AND CONTENT A thorough enrollment procedure will ensure streamlined and reliable verification for users. It is recommended that all four options be performed in the order listed above to maximize the performance of the device. Content The Content score is based upon the amount of usable information the Veri-Series unit sees in the fingerprint. Templates that are characterized by low content scores may result in elevated rates of false acceptance.
APPENDIX A – Q UALITY AND CONTENT Warning: Increasing a template’s security may increase the risk of a false rejection for that template. A thorough enrollment procedure will ensure streamlined and reliable verification for users. It is recommended that all three options be performed in the order listed above to maximize the performance of the device.
APPENDIX A – Q UALITY AND CONTENT • If multiple fingers are attempted and only one finger is required, choose the template where both quality and content are above the threshold, and which the quality is maximized. 89 © Copyright 2002, Bioscrypt Inc. All rights reserved.
APPENDIX B – UNDERSTANDING THE BROADCAST OPTION IN RS-485 BASED N ETWORKS Appendix B – Understanding the BROADCAST option in RS-485 Based Networks The BROADCAST feature allows a command to be sent to ALL units connected on the same PC COMM Port. Using a NETWORK ID of –1 enables “Broadcast Mode”. Although this is often a very convenient feature, it also has some inherent issues that the user should be aware of and understand. Bioscrypt recommends that only advance users attempt the BROADCAST features.
APPENDIX C – V-PASS TEMPLATE DIFFERENCES Appendix C – V-PASS Template Differences The V-PASS product is similar in size and shape to both the VeriFlex and VeriProx products. However, it incorporates a very different biometric comparison process. The VeriFlex and VeriProx perform a 1:1 verification. One finger is compared with one template to decide if there is a match. A Template ID is mandatory to determine which of the stored templates to compare with the current live fingerprint image.
APPENDIX C – V-PASS TEMPLATE DIFFERENCES For installations using a “Mixed” network where both V-PASS units and VeriFlex / VeriProx /VSmart units are used, Bioscrypt recommends the follow guidelines to help manage templates: 1. A PC-based enrollment stations using the VeriAdmin software should be used for all template enrollments. 2. All enrollments should be done using a V-PASS and stored on the PC. 3.
APPENDIX D – V-S MART OPERATIONS Appendix D – V-Smart Operations The V-Smart product is similar in size and shape to both the VeriFlex and VeriProx products. However, it incorporates a new method for template management. The V-Smart incorporates a contactless smart card reader using MIFARE technology. This allows a user’s template to be written to a smart card during enrollment and then later read from the smart card during verification.
APPENDIX D – V-S MART OPERATIONS V-Smart Terminology V-Smart – Term used to designate the complete hardware product. The V-Smart actually contains an embedded MV1200 with expanded I/O functionality, an External Storage Interface (ESI) module and a MIFARE smart card reader. External Storage Interface (ESI) – This module is internal to the V-Smart and acts as an interface between the MV1200 and the smart card reader. External pigtail wires connect the MV1200 and ESI together.
APPENDIX D – V-S MART OPERATIONS V-Smart Smart Card Placement The picture below demonstrated the proper placement of the smart card so the V-Smart can read the data stored on the card or write data to the card. 95 © Copyright 2002, Bioscrypt Inc. All rights reserved.
APPENDIX D – V-S MART OPERATIONS Section D.1 – HOST Mode versus SLAVE Mode Operation The V-Smart has two modes of operation that the Administrator needs to be familiar with. These are HOST mode and SLAVE mode. HOST MODE HOST mode is the normal mode of operation and simply means that the V-Smart is waiting for a smart card to be presented to the unit. When a smart card is “seen”, the card Site Key (see next Appendix) is compared with the V-Smart’s Site Key.
APPENDIX D – V-S MART OPERATIONS Section D.2 – Transferring a Template to a Smart Card VeriAdmin version 4.00 adds a new capability to transfer a previously enrolled fingerprint template to a smart card. The user can either transfer a template from the PC to a smart card or from the internal memory on the V-Smart to a smart card. To transfer a previously enrolled template that is currently stored on the PC to a smart card, press the FROM PC à SMARTCARD button.
APPENDIX D – V-S MART OPERATIONS place the smart card near the V-Smart. When this is done, the template is then copied to the smart card. Section D.3 – Enrolling a Template Directly to a Smart Card Using VeriAdmin, the smart card Enrollment process is very similar to a typical enrollment procedure as described in the QUICK ENROLL section or in the ADVANCED TEMPLATE ENROLLMENT section.
APPENDIX D – V-S MART OPERATIONS Section D.4 – Using the Smart Card Manager VeriAdmin version 4.00 adds a new toolbar option (shown above) for accessing the Smart Card Manager dialog box. Pressing the “SMART” button will bring up a dialog box like the one shown below. 99 © Copyright 2002, Bioscrypt Inc. All rights reserved.
APPENDIX D – V-S MART OPERATIONS This dialog initially shows the ESI information and a blank card. Pressing the READ SMART CARD button will instruct the V-Smart to read the template list from the card and display the list of stored templates. In the example shown, there are two templates. The display shows the Template ID:INDEX followed by the NAME field from the template. The upper right hand corner of the card has symbol indicating the card is secured.
APPENDIX D – V-S MART OPERATIONS Also, when you have this setting checked, VeriAdmin will remind you that it is saving the Wiegand string when saving to a Smart Card. The WRITE WIEGAND STRING checkbox below the “Save” button for Smart Cards will be checked. As of VeriAdmin version 4.3, there is also the ability to delete Wiegand Strings associated with a template. The DELETE WIEGAND STRING (1) button will prompt the user for a Site Key and then delete the Wiegand string associated with the Primary Template.
APPENDIX D – V-S MART OPERATIONS Pressing the SECURITY SETTINGS button will bring up the following dialog box: This dialog will allow the user to adjust how often the Site Key verification is performed. The default is EVERYTIME and VeriAdmin will reset to this default setting every time the application is started. To change, select the desired choice and press the SAVE ADMIN SETTINGS button. A Site Key verification is performed before the change is accepted.
APPENDIX D – V-S MART OPERATIONS Pressing the CONFIGURE CARD LAYOUT button will bring up the Smart Card Manager dialog box: This dialog will allow the user to define a custom layout for all MIFARE compatible smart cards. Bioscrypt recommends that only advanced users attempt to configure the smart card layout. Improper changes made to the layout may render the unit unusable with some smart cards.
APPENDIX D – V-S MART OPERATIONS The Smart Card Layout Manager will NOT allow a user to configure a layout which is missing the Admin block, the Layout Block, or a PRIMARY template. These are the minimum layout components required to enable normal operation. The memory structure for MIFARE compatible smart cards consists of 16 sectors (numbered 0 through 15) of 4 blocks each (numbered 0 through 3). Each block contains 16 bytes.
APPENDIX D – V-S MART OPERATIONS Bioscrypt data is located (or is planned to go). Select the Unavailable Block button, then hold down the SHIFT key to place multiple blocks. Do this before placing the other layout items so that when they are placed they will automatically wrap around those blocks. Click Set Layout to finalize the layout. You will need to provide the current Site Key. Upon successfully setting the layout, the Smart Card Layout Manager will close, returning to the Smart Card Manager.
Section D.5 – Verification Using a Smart Card After enrolling a template on a smart card, you can then use the card to perform a Verification. Exit the SMART CARD MANAGER dialog so the V-SMART is placed back into HOST MODE. Place the smart card near the reader as shown earlier in this section.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T Appendix E – V-Smart Administrator SiteKey Management It is essential that the Administrator understand the use of V-Smart SiteKeys and handles them appropriately. SiteKeys are the mechanism used by the V-Smart and the smart cards to ensure that only authorized smart cards are used.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T created at your site. It also ensures that data on the smart cards created at your site can not be read by anyone that does not know your chosen SiteKey. What is the “Default” SiteKey? All V-Smarts are shipped from Bioscrypt with the SiteKey set to an empty string (120 bits of all zeros). This allows Administrators to use the V-Smart in a non secure mode until they are ready to set their personal SiteKey and secure the system.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T How do I Initially Set a SiteKey for V-Smarts at My Installation? You will need to set your installation’s SiteKey prior to creating secure user smart cards. Once you become familiar with V-Smart operations and are comfortable enrolling users, you should then chose your own SiteKey. The SMART CARD MANAGER section of VeriAdmin allows the user to create and change SiteKeys.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T 5) Read the information carefully press the YES button if you accept. 6) You will be prompted to enter the CURRENT Primary SiteKey (this will be the Default SiteKey if this is the first time you are changing the SiteKey) 7) If the CURRENT SiteKey entered is correct, you will be presented with a dialog box indicating the changes were made.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T How do I Set the SiteKey on Individual Smart Cards? The V-Smart will attempt to set the SiteKey on the smart card during the enrollment process. • • • • When an attempt is made to store a template on a smart card, the V-Smart will check the key currently used by the Smart Card. If the V-Smart Primary SiteKey matches the key on the smart card, the template is written.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T How do I Change the SiteKey if I Already Have a User Base of Previously Created V-Smart Smart Cards? Let’s say you initially set the SiteKey during installation. For example, the Primary SiteKey was set to “cat” and the Secondary was set to “-1” because you have no previous SiteKeys to update. You then enrolled 100 users and created 100 smart cards. The smart card key on each of those cards would be “cat”.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T 2. Next, the V-Smart will check if its Secondary SiteKey matches the key on the smart card. In our example, they do match so the key on the smart card is changed (updated) to the V-Smart’s Primary SiteKey. This “update” adds ~0.5 seconds to the process, but only happens the first time the older card is presented. After that, the new Primary is already on the smart card step #1 above will PASS from now on.
APPENDIX E – V-S MART ADMINISTRATOR S I T EK EY M A N A G E M E N T What is the 1-Way Hashing Function Option In VeriAdmin for SiteKeys? VeriAdmin allows Administrators to add additional security by optionally performing a 1way Hash function on entered SiteKeys. This is DIFFERENT from the ESI SiteKey Encryption option. This function will take the user-entered password and create an encrypted 120-bit SiteKey from that password.
Bioscrypt Contact Information Technical Support Contact Information: Telephone : 1-888-982-4643 1-818-501-3908 (toll free) Email: support@bioscrypt.com Address Bioscrypt Inc Technical Support Dept 5000 Van Nuys Blvd, Suite 300 Sherman Oaks, CA, 91403 Corporate & Canadian Office 5450 Explorer Drive, Suite 500 Mississauga, ON, Canada L4W 5M1 T 905 624 7700 F 905 624 7742 www.bioscrypt.com U.S. Office 5000 Van Nuys Blvd., Suite 300 Sherman Oaks, CA 91403 U.S.A.