plusID Manager Operators Manual for use with plusID personal identity verification devices Version 1.
Privaris plusID Manager Operators Manual V1.1 Table of Contents Section I: GETTING STARTED ............................................................... 4 Introduction ........................................................................... 4 What is a plusID Device?................................................................ 4 What is Enrollment? .................................................................... 4 System Components ............................................................
Privaris plusID Manager Operators Manual Enroll the Second Thumb ............................................................. Completing Device Issuance .......................................................... Verification ........................................................................ Failed Enrollment ................................................................... Erasing a Finger/Enrollment ......................................................... Fingerprint Augmentation ...............
Privaris plusID Manager Operators Manual 3 V1.1 11.08.
Privaris plusID Manager Operators Manual V1.1 Section I: GETTING STARTED 1. Introduction plusID Manager is the software application used to issue plusID™ personal identity verification devices. It enables the enrollment and configuration of devices by an authorized Enrollment Administrator, or other designated personnel. 2. What is a plusID Device? plusID is a universal biometric token that replaces access cards used to enter secured buildings and passwords used to log on to computers.
Privaris plusID Manager Operators Manual V1.1 a. The Administrator PIN & Device Registration plusID devices are secured to a specific organization through the assignment of an Administrator PIN. It is what prevents the manipulation of issued plusID devices by outside organizations and malicious or otherwise non-authorized parties.
Privaris plusID Manager Operators Manual V1.1 7. plusID Manager Installation The CD containing the plusID Manager software will run automatically when inserted in the CD-ROM drive, provided auto run is enabled, and will display the plusID Manager Setup Wizard (Figure 2). If the installation program does not run automatically, navigate to the CD-ROM drive and double click setup.exe.
Privaris plusID Manager Operators Manual • V1.1 Automatic installation of Crystal Reports for .Net Framework 2.0 (required for the plusID Manager’s reporting tool), if not already resident on computer 8.
Privaris plusID Manager Operators Manual V1.1 Figure 3 Main Menu The main menu tree has three branches. 1. plusID Manager 2. Devices 3. Help Each branch contains several menu options and can be expanded and collapsed using the up/down arrow to the right of the branch’s name. If a plusID device is not connected to the computer when the plusID Manager application is opened, the menu options contained under “Devices” will not be available, but rather, the following page is displayed: 8 11.08.07 1.08.
Privaris plusID Manager Operators Manual 9 V1.1 11.08.
Privaris plusID Manager Operators Manual V1.1 Section II: PLUSID MANAGER MENU OPTIONS 1. Application Settings The “Application Settings” screen (Figure 1) contains three tabs: Settings, Utilities and About: Figure 1 Application Settings Settings Enter the issuing organization’s name on this screen and it will be included on every report that is run from the plusID Manager software. This field is not mandatory.
Privaris plusID Manager Operators Manual V1.1 If the “Always back-up database on start up…” box is checked, a file location for downloading the back-up data must be designated using the adjacent “Browse” button. The “Back-up Database Now” button activates a real-time database download (as opposed to the back-up occurring only when the application is closed). Once selected, a pop-up appears for designating where on the computer the back-up file should be saved.
Privaris plusID Manager Operators Manual V1.1 Figure 3 Default Device Settings To configure the default settings, select “Default Device Settings” from the main menu tree. Select “Apply Changes” after modifying any of the settings on this screen for the settings to take effect. The “Refresh” button rereads the current database values, discarding any current modifications that have not been applied. Following are descriptions of the individual setting options. a.
Privaris plusID Manager Operators Manual V1.1 Note: This setting only applies to verifications performed after enrollment, during normal device usage, and when the device is not connected to a computer. Post-Verification The Post-Verification timeout setting determines how long the device’s credentials will remain active after a successful verification. The device is active for as long as its green light is on, post-verification. The timeout can be set from 5 to 255 seconds.
Privaris plusID Manager Operators Manual V1.1 The first option is a three-factor security solution: something the user has (the plusID device), something they know (a PIN) and something they are (their fingerprint). The second option is a two-factor security solution: something the user has (the plusID device) and something they are (their fingerprint). The default value is the highest security level, Biometric and PIN.
Privaris plusID Manager Operators Manual V1.1 Step one is to create a key to be assigned to a transceiver. Step two is to define or “create” the transceiver(s) and assign a key. Organizations can have multiple transceivers at one or multiple locations. Individuals can be given access to some or all of them, as determined by which transceiver’s credentials are downloaded to the user’s plusID 90 device.
Privaris plusID Manager Operators Manual V1.1 To create a new key Recommended if the transceiver key has not already been created within the Transceiver Configuration Tool. 1. Select the “New Key” button. The New Transceiver Key entry screen (Figure 5) will appear. 2. Assign a unique name for the key and enter it in the “Key Name” field. Example: North Entry Gate. 3. Select how the key’s value is to be determined: a. Randomly Generated: this is the most secure option b.
Privaris plusID Manager Operators Manual V1.1 Recommended if the transceiver key has already been created within the Transceiver Configuration Tool. 1. Select the “Import a Key” button. The Import Transceiver Key entry screen (Figure 6) will appear. 2. Assign a name for the key and enter it in the “Key Name” field. It should be the same name, or as close as possible to the name assigned to the key in the Transceiver Configuration Tool. 3.
Privaris plusID Manager Operators Manual V1.1 1. Select the “New Transceiver” button. The Create New Transceiver Screen (Figure 7) will appear. 2. Provide a unique name for the transceiver. It can be the same or different from the name of the key. Example: North Entry Gate, Lane #2 3. Enter a description of the transceiver’s location (optional) 4. Select at least one type of credential for use with the transceiver. The options are: Managed or Wiegand.
Privaris plusID Manager Operators Manual V1.1 Figure 7 Create New Transceiver Screen 4. Reports The Reports screen contains two pre-determined plusID Manager reports which can be generated and run with date and user name filters.
Privaris plusID Manager Operators Manual V1.1 Reports can be filtered by various parameters depending on the selected report. For example, a filter for the User Report would be user name. To filter by a specific user’s name to whom a device has been issued, enter the first and/or last name, or any portion of either name. For example, to search for Mary Jones, enter “Mary” or “Jones” or “Mary Jones” or “Mar” or “Jon” or “M” or “J.
Privaris plusID Manager Operators Manual V1.1 Section III: DEVICES MENU OPTIONS The “Devices” branch of the main menu tree is only visible when a plusID device is connected to the plusID Manager computer via USB. To expand or collapse the “Devices” branch of the menu tree, click the arrow to the right of “Devices.” With a plusID device connected, the main “Device” screen will appear (Figure 1). This screen provides a snapshot of the device(s) connected to the plusID Manager.
Privaris plusID Manager Operators Manual V1.1 1. plusID Device Registration a. Overview When a device is connected to the plusID Manager software for the first time the “Register plusID Device” screen will appear (Figure 3). This screen registers the device to its user as well as to the issuing organization. Figure 3 Device Registration Screen The device is registered to the user by either entering a new user’s first and last name, or selecting an existing user from the database.
Privaris plusID Manager Operators Manual V1.1 other than by trial and error and the number of attempts is limited. This PIN should be treated as a corporate secret and guarded in the same manner as other keys/passwords that grant access to valuable resources. If the Administrator PIN were ever to be compromised, issued devices would be susceptible to manipulation by outside organizations, and the security of corporate physical and logical assets would be placed at risk. (See Section I.6.a.
Privaris plusID Manager Operators Manual V1.1 organization’s Administrator PIN on the device. The Administrator PIN can be from four (4) to eight (8) letters, numbers and/or characters. ! It is imperative that the Administrator PIN be treated as a corporate secret and guarded in the same manner as other keys/passwords that grant access to valuable resources. There is no way to reset the Administrator PIN.
Privaris plusID Manager Operators Manual V1.1 If the incorrect Administrator PIN or User PIN is entered an Incorrect PIN message is displayed (Figure 5). Figure 5 Incorrect PIN Message To prevent malicious attempts to access plusID devices, only nine incorrect tries are permitted. If the correct PIN is not entered on the tenth try, the device will be inaccessible. The number of retries remaining is shown in the Incorrect PIN message box.
Privaris plusID Manager Operators Manual V1.1 The “Device Status” screen (Figure 6) provides a snapshot of the technical specifics of the device that is connected, including: Battery Status The plusID device is powered by a rechargeable battery. The Battery Status portion of the screen indicates whether or not the device is currently being charged, and includes a progress bar to indicate the device’s current battery level. The further to the right the bar is, the fuller the battery.
Privaris plusID Manager Operators Manual V1.1 Manufacturing Information Manufacturing Information lists the device’s model number, serial number, and date of manufacture. This information is typically only needed for customer service inquiries. Revision Information Revision Information lists the version information of the hardware and software specific to each device.
Privaris plusID Manager Operators Manual V1.1 b. Device User Guidelines 1. Fingers should be free of excessive dirt or grease but otherwise do not need to be washed prior to enrollment. 2. The plusID device should be held with one hand - just as it will be held during normal device use. 3. Review the “How to Swipe” instructions that follow to ensure the proper positioning of the fingerprint relative to the sensor.
Privaris plusID Manager Operators Manual V1.1 How to Swipe (Device User Guidelines, cont.) Fingerprint Sensor Instructions Review the instructions below with each user and let them practice swiping with their device. Not doing so will result in a poor quality enrollment and difficulty using the plusID device. (These images are also linked from the “Help” section of the plusID Manager.) 29 11.08.
Privaris plusID Manager Operators Manual V1.1 c. Enrollment Set-Up 1 Open the plusID Manager software application. 2 Hand the user their new plusID device. 3 Review the “How to Swipe” instructions with the user, letting them practice swiping until they can do so properly and comfortably (see Section III.5.b.
Privaris plusID Manager Operators Manual V1.1 ! The device has no way of distinguishing which finger is swiped, so be certain that the finger selected on the screen is in fact the same finger that the use is actually applying. 4. Convey the instructions from the on-screen prompts to the user. The prompts will appear above the “Enroll” button and will specify when to swipe a finger as well as provide feedback on the quality of the swipe.
Privaris plusID Manager Operators Manual Continuous Solid Green V1.1 A successful enrollment The sensor did not get sufficient information from Brief Solid the fingerprint to process the swipe. This often happens if the sensor is touched before a swipe is Red, then Blinking Green begun, as opposed to placing the finger and swiping in one continuous motion. Continuous Solid Red Enrollment failed. See “Troubleshooting” (Appendix A, or under “Help” in the menu tree).
Privaris plusID Manager Operators Manual V1.1 ! If access credentials were loaded prior to enrollment, device issuance is complete. Disconnect the plusID device from the computer and hand it to the user with the USB cable and plusID Quick Start Guide that was enclosed in their device box. g. Verification Verification (the last fingerprint swipe during enrollment) confirms a user’s identity by matching their live fingerprint to their stored fingerprint template.
Privaris plusID Manager Operators Manual V1.1 4. Expanded Troubleshooting Guidelines in Appendix A of this manual Modify the user’s swiping technique accordingly, erase the finger and re-enroll it. i. Erasing a Finger/Enrollment This option erases the selected finger’s fingerprint template from the plusID device. Only an enrolled finger can be erased.
Privaris plusID Manager Operators Manual V1.1 Note: This information is not stored on the user’s device. User information is stored only in the plusID Manager database for record keeping purposes and can be accessed through “Reports” on the menu tree. Before a device is enrolled, the first and last name of the user to whom the device is being issued must be entered during device registration (see 1.a.).
Privaris plusID Manager Operators Manual V1.1 The “Credentials” option from the main menu tree (Figure 8) is used for loading physical access credentials onto plusID devices so that the device can be used for facility and door access. Different credentials can be assigned to each of the four function buttons on the front of the plusID device, enabling a single device to be used to access multiple doors, buildings and/or vehicle gates. Figure 8 Credentials Screen a.
Privaris plusID Manager Operators Manual V1.1 Multiple types of credentials can be loaded onto a single device. Additionally, more than one credential can be assigned to a single button on the plusID, depending on the credential format.
Privaris plusID Manager Operators Manual V1.1 b. Loading Door Access Credentials onto a plusID ! Loading credentials for door access requires an additional USB port, a smart card reader, and an idBank™ available from HID® or Privaris®. The access credential required for door access is a card format. Card formats are downloaded onto plusID devices via an idBank™.
Privaris plusID Manager Operators Manual V1.1 7. Select the appropriate smart card reader from the drop down menu. The list of available card formats will be displayed. Previously assigned card formats are sorted to the bottom of the list, grayed out and the status is shown as “In Use.” 8. “Drag” an unassigned card format from the list and “drop” it in one of the four white squares above (repeat as necessary). Each square corresponds to one of the device’s four function buttons.
Privaris plusID Manager Operators Manual V1.1 Figure 9 Loading Long Range Credentials To load long range credentials: 1. Connect a plusID device to the plusID Manager via USB. 2. Select the Long Range tab under Credentials Source. (Figure 9) 3. The list of available long range transceiver credentials will be displayed, with their type indicated: Wiegand or Managed. Each credential is linked to a long range transceiver by the key it contains.
Privaris plusID Manager Operators Manual V1.1 Managed Transceivers’ and Garage Door Transceivers’ credentials are automatically loaded to plusID 90 devices without requiring any additional user input. Wiegand Transceivers’ credentials require additional information be entered before the credential can be loaded onto a plusID 90 device (Figure 10). Figure 10 Wiegand Data Entry Range Credentials 6.
Privaris plusID Manager Operators Manual V1.1 d. Select “OK.” The assigned credential will be transferred and displayed as [site code: card number]. For access to multiple locations, repeat the process above selecting another transceiver. If multiple transceivers were assigned the same key when the settings were defined (see Section II.3), loading a credential for one location will provide access to all. convenience, the same card format can be loaded onto multiple buttons. See Section a.
Privaris plusID Manager Operators Manual V1.1 5. When credential generation is complete the card format will be shown in the selected location. f. Loading a Credential from the File Tab onto a plusID This function is only accessed if instructed by customer support personnel. g. Loading a Demo or Practice Credential onto a plusID The plusID Manager software enables demonstration card formats to be loaded onto a plusID device to demonstrate interaction with a door reader and simulate physical access.
Privaris plusID Manager Operators Manual V1.1 If the plusID device will be used in place of passwords for computer logon in a Microsoft domain environment, follow the instructions below. With the device connected via USB to the plusID Manager application: 1. Select “Settings” from the menu tree. (See plusID Manager Operator’s Manual for the distinction between “Settings” and “Default Device Settings” menu options.) 2.
Privaris plusID Manager Operators Manual V1.1 Figure 11 Device Settings Screen Note: The default settings for all enrolled devices can be changed at any time for by selecting the “Default Device Settings” option under “plusID Manager” from the main menu tree. To change the settings for an individual plusID device, select “Settings” from the main menu tree, select the new settings, then select “Apply Changes” for the settings to take effect.
Privaris plusID Manager Operators Manual V1.1 The Pre-Verification Period timeout setting determines 1) how long the device will attempt to match a fingerprint before failing a verification attempt and 2) how long the device will wait for a verification (fingerprint swipe) before powering off. The timeout can be set from 5 to 255 seconds. The default setting is 10 seconds.
Privaris plusID Manager Operators Manual V1.1 There are two options: Biometric and PIN requires a personal identification number (PIN) and a biometric verification (using the plusID device). Note: If this option is selected, a User PIN must be assigned (see Section 8. for more information).
Privaris plusID Manager Operators Manual V1.1 Following are descriptions of the individual Figure functions12on the Device Utilities screen: Device Utilities Screen i. Extract Certificate File Each plusID device contains a unique security certificate. The certificate is a unique identifier for the device.
Privaris plusID Manager Operators Manual V1.1 plusID device. This function is only necessary if you have received updated device firmware from Privaris. ! A firmware upgrade does not erase or reset the device and has no impact on any of the information that is stored on the device (i.e., device settings, fingerprint templates, Administrator PIN, credentials, etc.
Privaris plusID Manager Operators Manual V1.1 Press the “Start Device Upgrade Process” to initiate the upgrade. The new firmware will be downloaded onto the connected device. During the download, the device’s lights will cycle green, red, yellow and blue. When the upgrade is complete a confirmation message will appear. ! Do not unplug the device from the computer until the cycling lights stop and a device upgrade confirmation message is received. c.
Privaris plusID Manager Operators Manual V1.1 registered and administered on another or the same, workstation running the plusID Manager software. Selecting this option will require the device to be re-registered. ! Once the “Change Device Manager” option is implemented, and until the device is reregistered on another workstation within the same organization, the device is susceptible to being administered and manipulated by any other organization with plusID Manager software.
Privaris plusID Manager Operators Manual V1.1 result in a population of devices with different PINs and significantly increases the odds of being locked out of a device(s). There is no way to determine what PIN is on a device other than by trial and error (with a limited number of attempts). To change the Administrator PIN: 1. Select “PINs” from the main menu tree. The PIN Management screen will be displayed. 2. Select the “Administrator” tab at the top of the dialog box 3.
Privaris plusID Manager Operators Manual V1.1 6. Select “Change PIN.” ! For security purposes the Enrollment Administrator should not know the User PIN. Should the user forget their PIN, the Enrollment Authority can reset it to a default value without having the original User PIN. Figure 14 User PIN Screen d. Resetting the User PIN Unlike the Administrative PIN on the device, the User PIN can be reset to its factory default value in the event a user forgets their logon/User PIN.
Privaris plusID Manager Operators Manual V1.1 Section IV: HELP The “Help” branch of the main menu tree contains documentation for quick reference in lieu of referring to hard copies. There are three main categories of documentation. Click the “plus” arrow next to each category to see the expanded list of files contained therein. Training Tool: A one minute plusID video that demonstrates proper swiping technique and speed is embedded in the “How to Swipe” PDF contained in the “Help” section.
Privaris plusID Manager Operators Manual V1.1 Figure 1 External Browser Button 55 11.08.07 1.08.
Privaris plusID Manager Operators Manual V1.1 Appendix A Troubleshooting - Expanded If any of the following three bullet points apply, refer to the troubleshooting levels below, starting with Level 1 and progressing through Level 5, as necessary, and erasing and reenrolling fingers as necessary.
Privaris plusID Manager Operators Manual • Not pressing hard enough Lightly dragging thumb over the sensor is not sufficient for the sensor to see the print. The finger must make solid contact, which requires medium pressure. On a scale of 1 to 5, with 1 being very light and 5 being hard, pressure should equal about a 3. • Starting a swipe too high or too low With thumb hovering over top the sensor, align the first knuckle with the sensor as the starting point for swiping.
Privaris plusID Manager Operators Manual V1.1 Approximately 1 % of the population is unable to use fingerprint biometric technologies. If enrollment and verification is failing for all fingers after trying Troubleshooting steps 1 - 5, then the user should be issued a non-biometric means for access. 58 11.08.
Privaris plusID Manager Operators Manual V1.1 Appendix B Overview of plusID Device Light Behavior The plusID device has four indicator lights: green (top left), yellow (bottom left), red (top right), and blue (bottom right). Green, Yellow, Red and Blue…appear all at once for an instant. The device is powering on. Green, Yellow, Red and Blue…blink four times The device is powering off. Green, Yellow, Red and Blue….then solid red and device powers off Indicates a non-enrolled device.
Privaris plusID Manager Operators Manual V1.1 Blinking Blue Indicates device is connected via USB to a power source other than a computer (a wall or car outlet). If connected to a computer, a brief blinking blue light indicates device is attempting to establish a connection. A continuously blinking blue light when connected to a computer indicates a USB driver problem. Solid Blue Indicates that device has successfully established a connection to a computer via USB.
Privaris plusID Manager Operators Manual V1.1 Appendix C plusID Battery Recharge Instructions The plusID device is powered by a rechargeable battery. A single battery charge is good for approximately 1,000 uses/verifications. plusID models that include an LCD have a battery charge indicator (0 - 3 bars). How to Charge Connecting to a computer is the preferred method of charging.
Privaris plusID Manager Operators Manual V1.1 Appendix D plusID Button Operation The plusID has four function buttons on the face of the device that during enrollment can be programmed with physical access credentials (card formats) for various doors and facilities. Power On Press any button that is programmed with an access credential. All four lights will appear for an instant and then blink green to request a verification (fingerprint swipe).
Privaris plusID Manager Operators Manual V1.1 Appendix E Using plusID Devices for Logon in a Microsoft® Domain Environment Introduction plusID biometric devices can be used to log users onto a domain, via two or three-factor authentication. The plusID device is ISO 7816 Part 3 smart card compliant, and as such enumerates itself to a computer exactly like a smart card, allowing for rapid enterprise integration of plusID devices across Microsoft® systems that support smart cards.
Privaris plusID Manager Operators Manual V1.1 working with smart card devices such as the plusID and can be obtained via Windows Update when the plusID is first connected to the client. The device minidriver is a small software library provided by Privaris that allows Windows to interact with the plusID. The minidriver is included on the same CD-ROM as “plusID Manager” (the device enrollment and configuration software) and must be installed on each client machine.
Privaris plusID Manager Operators Manual V1.1 Appendix F Licensing Agreement READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (“AGREEMENT”) CAREFULLY BEFORE SELECTING THE “I ACCEPT” BUTTON BELOW. THE SOFTWARE APPLICATIONS AND THE ACCOMPANYING USER DOCUMENTATION CONTAINED ON THIS MEDIA ARE COPYRIGHTED AND ARE LICENSED (NOT SOLD) TO YOU IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT. BY SELECTING THE “I ACCEPT” BUTTON BELOW, YOU MANIFEST YOUR ASSENT TO BE BOUND BY THE TERMS OF THIS AGREEMENT.
Privaris plusID Manager Operators Manual V1.1 power surges or failures, strikes or labor disputes, water, acts of God, the elements, war, terrorism, civil disturbances, acts of civil or military authorities or the public enemy, transportation facilities, fuel or energy shortages, or acts or omissions of communications carriers.
Privaris plusID Manager Operators Manual V1.1 (c) 2000 - 2007 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.