| all | frequencies |
|
|
exhibits | applications |
|---|---|---|---|---|---|
| manuals | |||||
| app s | submitted / available | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 |
|
users manual 1 | Users Manual | 1.45 MiB | ||||
| 1 |
|
users manual 2 | Users Manual | 2.94 MiB | ||||
| 1 | External Photos | |||||||
| 1 | Internal Photos | |||||||
| 1 | ID Label/Location Info | |||||||
| 1 | Operational Description | |||||||
| 1 | Cover Letter(s) | |||||||
| 1 | Test Report | |||||||
| 1 | Test Setup Photos |
| 1 | users manual 1 | Users Manual | 1.45 MiB |
VeriProx / VeriFlex / V-PASS / V-Smart OO P E R A T I O N S P E R A T I O N S MM A N U A L A N U A L Copyright 2002, Bioscrypt Inc. All rights reserved. Notices The Veri-Series line of products has been tested for compliance with all applicable international standards. The resulting approvals are listed below, and are additionally printed on the labeling located on the rear panel of the product. The power supply offered by Bioscrypt is CE and CSA approved and UL listed. Veriflex Veriprox V-Pass V-Smart FCC, UL, ULC, CE FCC, UL, ULC, CE FCC, UL, ULC, CE FCC, UL, ULC, CE FCC Information to Users This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. Warning to Users Warning: Changes or modifications not expressly approved by Bioscrypt Inc. could void the users authority to operate the equipment. V-Smart, A Information for Users The V-Smart, A includes a contact-less smart card reader (GemEasyLink680SL). This is a radio-transceiver with the following characteristics:
Operating Frequency Range:
RF Power Rating:
RF Output Impedance:
13.553-13.567 MHz 0.0 Watts 50 Ohms 1 Copyright 2002, Bioscrypt Inc. All rights reserved. V-Prox, A, H Information for Users The V-Prox, A, H includes a HID contact-less proximity reader. This device has the following characteristics:
Transmit Frequency:
Excite Frequency:
125 KHz 125 KHz Disclaimer The instructions in this document have been carefully checked for accuracy and are presumed to be reliable. Bioscrypt, Inc. and its writers assume no responsibility for inaccuracies and reserve the right to modify and revise this document without notice. It is always our goal at Bioscrypt, Inc. to supply accurate and reliable documentation. If you discover a discrepancy in this document, please e-mail your comments to support@bioscrypt.com, or contact Bioscrypt Technical Support at the telephone number listed below. No part of this publication may be placed in a retrieval system, transmitted, or reproduced in any way, including, but not limited to, photograph, photocopy, computer disk or other record, without prior agreement and written permission from:
Bioscrypt Inc. 5000 Van Nuys Blvd., Suite 300 Sherman Oaks, CA 91403 Phone (818).501.3908 Fax (818).461.0843 http://www.bioscrypt.com 2 Copyright 2002, Bioscrypt Inc. All rights reserved. Trademark Disclosures Bioscrypt has made every effort to provide disclosures when using trademarks owned by other companies. Trademarked designations appear throughout this publication. The publisher states that it is using the designations only for editorial purposes, and to the benefit of the trademark owner with no intent to infringe upon that trademark. The following trademarks are found in this manual:
Microsoft, and Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP are trademarks of the Microsoft Corporation. VeriProx , VeriFlex , V-PASS , V-Smart , MV1100 , MV1200 are registered trademarks of Bioscrypt, Inc. HID is a trademark of the HID Corporation. Motorola Indala are trademarks of the Motorola Corporation. MIFARE is a trademark of Philips Electronics N.V. 3 Copyright 2002, Bioscrypt Inc. All rights reserved. Bioscrypt Warranty Policy Bioscrypt, Inc. warrants its products to be free from defects caused by faulty materials or poor workmanship for a period of one year from date of shipment from Bioscrypt. Bioscrypt makes no warranty that its products are fit for the use or purpose to which they may be put by the buyer, whether or not such use or purpose has been disclosed to Bioscrypt in specifications or drawings previously or subsequently provided, or whether or not Bioscrypt's products are specifically designed and/or manufactured for buyer's use or purpose. Bioscrypt's liability is limited to replacing, repairing or issuing credit, at its option, for any products that are returned by the original purchaser during the warranty period. Bioscrypt's liability on any claim for loss or damage arising out of the sale, resale or use of any of its products shall in no event exceed the selling price of the products. The buyer is responsible for making any claims for shipment damage (evident or concealed) with the carrier. Bioscrypt must be notified within 30 days of shipment of incorrect materials . This warranty is voided if any component, subsystem, or element of the product(s) has been subject to electrical or physical abuse, tampering (such as opening a sealed housing or removal of a product serial number tag), or improper operation as determined by Bioscrypt. This warranty is also voided for failure to comply with Bioscrypt's return procedures as given in the Bioscrypt Technical Support Guide. Any service provided by unauthorized personnel voids the warranty. Bioscrypt offers three (3) options to our customers that have a problem with one of our products. 1) Warranty Service if the unit is covered under either the factory one-year warranty period or any extended warranty the buyer may have purchased. 2) Fee-based Service if the unit is not covered under a warranty. 3) Return for credit if less than 30 days from the original date of shipment. Service can be provided by Bioscrypt, the manufacturer. Service can be provided by Authorized Service Representatives contact Bioscrypt or visit our web site (http://www.bioscrypt.com) for a service representative near you. No service can be performed without first notifying Bioscrypt. Service can be provided by Authorized Repair Center contact Bioscrypt or visit our web site (http://www.bioscrypt.com) for a repair center near you. No service can be performed without first notifying Bioscrypt. Any service provided by unauthorized personnel voids the warranty. No product may be returned, whether in warranty or out-of-warranty, without first obtaining approval from Bioscrypt. No credit will be given nor repairs made for products returned without such approval as described in the Returned Merchandise Authorization procedure as given in the Bioscrypt Technical Support Guide. Products must be returned, prepaid, to a Bioscrypt service center (no C.O.D. or Collect Freight shipments will be accepted). The 4 Copyright 2002, Bioscrypt Inc. All rights reserved. status of any product returned later than 30 days after the issuance of a return authorization will be subject to review. After Bioscrypt's examination, warranty or out-of-
warranty status will be determined. If, upon Bioscrypt's examination, a warranted defect exists, the product(s) will be repaired at no charge and shipped, prepaid, back to the buyer. If the buyer desires an airfreight or other expedited return, the product(s) will be shipped collect, charged to the buyers account with airfreight carrier, or charged to the buyers account with Bioscrypt. Warranty repairs do not extend the warranty period. Repair work is warranted for 90 days from the date of shipment. Replacement components are warranted for one year from the date of shipment. Returned product(s), whether warranty or out-of-warranty, diagnosed as "No Problem Found" will be subject to a $150 handling charge and will be returned as is, at the buyer's expense. Privacy Statement Bioscrypts unique approach to fingerprint recognition provides the maximum in user privacy protection. Instead of storing a graphic representation of the users finger (i.e., a picture), the VeriSeries products store a template, which is a highly processed mathematical model of the ridge pattern. This means that no direct personal data about the user is stored by the system. 5 Copyright 2002, Bioscrypt Inc. All rights reserved. Table of Contents Notices ........................................................................................................................................................ 1 FCC Information to Users............................................................................................................................1 Warning to Users.........................................................................................................................................1 V-Smart, A Information for Users................................................................................................................1 V-Prox, A, H Information for Users..............................................................................................................2 Disclaimer................................................................................................................................................... 2 Trademark Disclosures ...............................................................................................................................3 Bioscrypt Warranty Policy............................................................................................................................4 Privacy Statement........................................................................................................................................5 Introduction..............................................................................................................................................10 Terminology.............................................................................................................................................11 About Veri-Series Products.................................................................................................................12 About the VeriProx.....................................................................................................................................12 About the VeriFlex.....................................................................................................................................12 About the V-PASS .....................................................................................................................................12 About the V-Smart.....................................................................................................................................13 Veri-Series Physical Layout....................................................................................................................14 Concepts of Operations........................................................................................................................16 The VeriProx..............................................................................................................................................16 The VeriFlex...............................................................................................................................................18 The V-PASS...............................................................................................................................................20 The Proximity Card....................................................................................................................................21 User Cards .............................................................................................................................................. 21 Command Cards ...................................................................................................................................... 21 Basic System Administration.....................................................................................................................22 Enrollment ............................................................................................................................................... 22 Templates................................................................................................................................................ 22 Multiple Readers ...................................................................................................................................... 23 Backing-Up Templates.............................................................................................................................. 23 Lights..........................................................................................................................................................24 VeriAdmin Management Software .....................................................................................................25 Concepts of Operation..........................................................................................................................26 Transmit ID.............................................................................................................................................. 26 Ports ....................................................................................................................................................... 26 Serial Port Settings and Baud Rates ...........................................................................................26 Installing the Software ...............................................................................................................................28 Setting up the ID File .................................................................................................................................29 ID File Format .......................................................................................................................................... 29 Communication Settings file......................................................................................................................30 Setting up a Network..................................................................................................................................31 Icons, Commands and Drop Downs .........................................................................................................33 Template Manager..................................................................................................................................36 Edit Templates...........................................................................................................................................37 QUICK Enrollment .....................................................................................................................................38 Delete Templates.......................................................................................................................................39 Verify Template..........................................................................................................................................40 Transfer Templates ...................................................................................................................................40 Download from Unit to PC......................................................................................................................... 40 6 Copyright 2002, Bioscrypt Inc. All rights reserved. Download from Unit to Smart Card ............................................................................................................ 41 Upload from PC to Unit ............................................................................................................................. 42 Upload from PC to Smart Card.................................................................................................................. 43 Broadcast PC Template ............................................................................................................................44 Edit PC Template.......................................................................................................................................46 Command Card Manager (VeriProx / VeriFlex)...............................................................................47 Administering Command Cards ................................................................................................................47 Creating Command Cards......................................................................................................................... 47 Reviewing Command Cards ...................................................................................................................... 47 Removing Command Cards ...................................................................................................................... 48 Using Command Cards .............................................................................................................................48 Enroll Command Card .............................................................................................................................. 48 Delete Command Card ............................................................................................................................. 49 Communication Settings......................................................................................................................50 Unit Parameter Settings........................................................................................................................51 Network Identification Number ..................................................................................................................53 Global Security Threshold .........................................................................................................................53 Setting the Security Threshold................................................................................................................... 53 MV1200 VeriSeries Port MODE................................................................................................................54 Host Port Protocol......................................................................................................................................54 Host Port and Aux Port Baud Rates..........................................................................................................54 Quick COMM Test.....................................................................................................................................55 Biometric Verification.................................................................................................................................55 Finger Detect (V-PASS only!)....................................................................................................................55 Wiegand Settings.......................................................................................................................................55 Wiegand FORMAT................................................................................................................................... 55 FailString Out ........................................................................................................................................... 55 Alt Site Code............................................................................................................................................ 55 On Fail Send Inverse Parity ...................................................................................................................... 56 Enable INPUT.......................................................................................................................................... 56 Enable OUTPUT...................................................................................................................................... 56 ALWAYS OUTPUT................................................................................................................................... 56 Pulse Width ............................................................................................................................................. 56 Pulse Interval ........................................................................................................................................... 56 Wiegand PASS-THRU formats.................................................................................................................. 56 Creating USER DEFINED PASS-THRU Format Options ............................................................................. 58 AUX PORT SECURITY.............................................................................................................................60 Broadcast Parameters ..........................................................................................................................61 Network Status........................................................................................................................................62 Advanced Enrollment............................................................................................................................64 LED Table Settings ................................................................................................................................71 Sensor Configuration............................................................................................................................72 Update Firmware ....................................................................................................................................73 Restore Factory Defaults......................................................................................................................74 Template Conversion ............................................................................................................................76 Verification Action Response .............................................................................................................78 Wiegand Utilities.....................................................................................................................................79 Getting Service and Support...............................................................................................................80 Technical Support......................................................................................................................................80 Customer Service and Sales Support.......................................................................................................80 7 Copyright 2002, Bioscrypt Inc. All rights reserved. World Wide Web Site ................................................................................................................................80 Appendix A Quality and Content ....................................................................................................81 Section A.1 - Basic Biometric Concepts ...................................................................................................81 Biometric Definitions.......................................................................................................................81 Scanning an Image................................................................................................................................... 82 Storing User Templates on the Unit ........................................................................................................... 82 Section A.2 - Proper Finger Placement.....................................................................................................83 Common mistakes.................................................................................................................................... 83 Image quality ........................................................................................................................................... 83 Image consistency.................................................................................................................................... 84 Section A.3 - Using Content and Quality during Enrollments...................................................................85 False Acceptance and False Rejection ...................................................................................................... 85 Quality..................................................................................................................................................... 86 Content.................................................................................................................................................... 87 Content and Quality Summary................................................................................................................... 88 Recommended Enrollment Process........................................................................................................... 88 Appendix B Understanding the BROADCAST option in RS-485 Based Networks ...........89 Appendix C V-PASS Template Differences..................................................................................90 Appendix D V-Smart Operations.....................................................................................................92 Administrators Note...................................................................................................................................92 V-Smart Terminology.................................................................................................................................93 V-Smart Smart Card Placement................................................................................................................94 Section D.1 HOST Mode versus SLAVE Mode Operation....................................................................95 Section D.2 Transferring a Template to a Smart Card ..........................................................................96 Section D.3 Enrolling a Template Directly to a Smart Card...................................................................97 Section D.4 Using the Smart Card Manager..........................................................................................98 Best Performance Practices / Finger placement ....................................................................................105 Appendix E V-Smart Administrator SiteKey Management ....................................................106 What is a SiteKey? ..................................................................................................................................106 Why do I Need a SiteKey?.......................................................................................................................106 What is the Default SiteKey? ................................................................................................................107 Where is the SiteKey Stored? .................................................................................................................107 What is the Difference Between PRIMARY and SECONDARY SiteKeys?...........................................107 How do I Initially Set a SiteKey for V-Smarts at My Installation?...........................................................108 How do I Set the SiteKey on Individual Smart Cards?...........................................................................110 How do I Change the SiteKey if I Already Have a User Base of Previously Created V-Smart Smart Cards? .....................................................................................................................................................111 What Happens if I FORGET My SiteKey?...............................................................................................112 What Happens if Someone Else Learns My Installations SiteKey?.......................................................112 What is the 1-Way Hashing Function Option In VeriAdmin for SiteKeys?.............................................113 Bioscrypt Contact Information .........................................................................................................114 8 Copyright 2002, Bioscrypt Inc. All rights reserved. Notes 9 Copyright 2002, Bioscrypt Inc. All rights reserved. Introduction I N T R O D U C T I O N Bioscrypt, the leader in fingerprint identification and verification systems, presents the VeriProx Fingerprint Verification System. Technology by Bioscrypt has been applied in various unique applications including Access Security, Time and Attendance, Political Polling, Computer Logon, and other applications where an individual must be clearly identified as being solely responsible for specific actions. Bioscrypt (formerly BiometricID) was founded in 1996 with a mission to provide fingerprint recognition technology with the highest degree of accuracy at a reasonable cost while still being easy to use. Bioscrypt has successfully migrated technology once found only in government or military applications, toward private industry and small businesses around the globe. It has been known for years that each person has unique fingerprints. Using fingerprints as a means of identification ensures a unique identifier for each tracked user, and protects users from the vulnerabilities associated with lost keys or identification cards. After installing Bioscrypts product in your application, your company will be able to accurately individuals identification and permissions. track, and automatically act according to each identify, 10 Copyright 2002, Bioscrypt Inc. All rights reserved. T E R M I N O L O G Y Terminology This document is intended for use with Bioscrypts Veri-Series products. This includes the VeriProx, VeriFlex, V-PASS, and V-Smart hardware products. Although differing in exact function, these 4 products share many common aspects. When this manual refers to the VeriProx, unless specifically stated otherwise, you can assume that the entire Veri-Series is being described. This document also refers to Bioscrypts MV1100 and MV1200. The MV1100/MV1200 is the internal hardware biometric engine that is the core of all Veri-Series products. This circuit board contains the DSP processor, support hardware, and interface to a variety of fingerprint sensors. The MV1100/MV1200 also contains firmware. The firmware is the low level software that controls the mathematical instructions that perform the actual fingerprint enrollment and verification processes. 11 Copyright 2002, Bioscrypt Inc. All rights reserved. A B O U T V E R I - S E R I E S P R O D U C T S About Veri-Series Products About the VeriProx Bioscrypts VeriProx combines patented fingerprint verification technology with an industry-standard proximity card reader in a mullion-mountable case. This ensures greater security for the card issuer and the card user. Requiring that the fingerprint of the person seeking entry matches the identity of the cardholder eliminates access via lost or stolen proximity cards. Suitable for both standalone and network use, the system works with existing 26-bit proximity card infrastructures. The unit operates in conjunction with administration software hosted on a PC. Once installed users simply present their identification cards when entering the secure area and then touch a fingertip to the recessed area on top of the unit. The system validates their fingerprint against a previously enrolled template stored in flash memory. The VeriProx system provides security features that can minimize fraud and can tolerate changes to the users finger like scarring or swelling. The VeriProx returns accurate pass and fail decisions in 99.99% of all cases. Each VeriProx unit stores thousands of fingerprint templates, in a non-volatile memory. Response time is less than five seconds for fingerprint enrollment and less than 1.5 seconds for fingerprint verification. The system is compact, versatile, and configured to allow standalone, PC-connected, and multiple-unit operation. About the VeriFlex Bioscrypts VeriFlex includes all features found in the VeriProx except it does not include the internal proximity card reader. External connections to Wiegand devices still exist and allow the VeriFlex to be added to installations that already have supported Wiegand devices installed. Whereas the VeriProx can operate as a standalone device, the VeriFlex requires an external device (such as an external Wiegand reader or PC) that initiates enrollment, verification, and template administration activities. About the V-PASS Bioscrypts V-PASS is similar in construction to the VeriFlex but incorporates an entirely different biometric algorithm. Whereas the VeriProx and VeriFlex will perform a 1:1 matching verification where an ID number is required, the V-PASS performs a searching algorithm that will compare the users fingerprint with every stored template to find a potential match. This ability removes the requirement of telling the unit the ID number to verify. With the V-PASS, the user simply places their finger on the sensor, and a PASS /
FAIL is determined. No external or internal Wiegand input device is required. Once the fingerprints are enrolled on the unit, the V-PASS can operate in a standalone mode. A V-
PASS can still be connected to Wiegand Input devices similar to a VeriFlex. If a recognized Wiegand signal is received identifying an ID number, the V-PASS will perform a simple 1:1 verification and not a searching operation. PLEASE NOTE: the V-PASS 12 Copyright 2002, Bioscrypt Inc. All rights reserved. A B O U T V E R I - S E R I E S P R O D U C T S fingerprint templates are different the smaller VeriProx and VeriFlex fingerprint templates. Please see Appendix C for further details. About the V-Smart Bioscrypts V-Smart provides all the capability of the Veriflex and includes an internal smart card reader. Fingerprint templates are securely stored on a smart card rather than the reader and carried by the employee or user. This allows for an unlimited population of users. The smart card is presented to the V-Smart and the template is read from the smart card and verified against the employees live image. Storing the template on the smart card allows the V-Smart to have an unlimited user base and removes the need for a physically-wired network. Wiegand communication formats of up to 64 bits can also be stored on the smart card and optionally used with a Wiegand device. 13 Copyright 2002, Bioscrypt Inc. All rights reserved. A B O U T V E R I - S E R I E S P R O D U C T S Veri-Series Physical Layout Top LED Ridge Lock Power On Light Sensor Front LED
(power on) Bottom Aux Port Cover
(closed) Locking Screw Figure 1: Top View Figure 2: Bottom View RJ-11 Auxiliary Port Locking Screw Figure 3: Bottom Panel closed Figure 4: Bottom Panel open 14 Copyright 2002, Bioscrypt Inc. All rights reserved. Mounting Plate Part and Serial Number Tag Pigtail Connector Figure 5: Veri-Series Unit and Mounting Plate For additional information on installing and connecting your Veri-Series unit, please refer to the VeriProx Installation Manual. 15 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S Concepts of Operations The VeriProx The VeriProx industry-standard proximity card reader with Bioscrypts MV1100 fingerprint verification technology. A typical operation is described below. integrates an A user waves the proximity card near the front of the VeriProx. The ID number is read from the internal proximity card reader. The ID is transferred to the MV1100. o o If the ID is invalid, the LED on the top of the VeriProx will glow red. If the ID presents a valid previously enrolled template, the LED on the top of the reader will glow amber; indicating the user should place their finger on the sensor on the top of the reader. The User should place the correct finger on the scanner using the Bioscrypt Ridgelock. The amber light will turn off, signaling the finger can be removed. The scanned image is compared with the data that is stored under the ID number in the memory of the VeriProx. o o If the verification is positive, the top LED will glow green and the unit will emit an audible beep. If the authentication fails, the LED will glow red and no beep will be generated. When authentication is successful a Wiegand string that contains the site code and ID number read from the proximity card is sent out for use by a standard door controller. Optionally, the VeriProx can be configured to send out a pre-determined failure ID whenever an unsuccessful verification occurs. An additional option allows the site code to be replaced with another number. The VeriProx has several communication options. It is equipped with both a Host port and an auxiliary port. The Host port may be configured to operate in RS-232 mode or RS-485 mode. The auxiliary port is always set to RS-232. The Host port connections are made through the wiring pigtail on the back of the reader. The auxiliary port is accessed from an RJ-11 jack that is hidden under a door on the bottom of the VeriProx. This door is held shut with a security screw. 16 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S The VeriProx can be used as a stand-alone reader or multiple units can be configured on an RS-485 network. The manner in which you choose to install the VeriProx will determine which communications settings are most convenient for your configuration. Certain administrative functions are common to any installation. You must have a way to enroll users into the system, that is, you must be able to associate their fingerprint data with a specific proximity card ID number. You must have a way to distribute this user information to all other readers in your installation. The VeriAdmin Management Software is provided for this purpose. 17 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S The VeriFlex The VeriFlex is similar to the VeriProx except that an external Wiegand device is used. A typical operation is described below. A user initiates the action with the external Wiegand device. The ID number is read from the external reader. The ID is transferred to the MV1100 inside the VeriFlex. o o If the ID is invalid, the LED on the top of the VeriFlex will glow red. If the ID presents a valid previously enrolled template, the LED on the top of the reader will glow amber; indicating the user should place their finger on the sensor on the top of the reader. The User should place the correct finger on the scanner using the Bioscrypt Ridgelock. The amber light will turn off, signaling the finger can be removed. The scanned image is compared with the data that is stored under the ID number in the memory of the VeriFlex o o If the verification is positive, the top LED will glow green and the unit will emit an audible beep. If the authentication fails, the LED will glow red and no beep will be generated. When authentication is successful a Wiegand string that contains the site code and ID number read from the external Wiegand device is sent out for use by a standard door controller. Optionally, the VeriFlex can be configured to send out a pre-determined failure ID whenever an unsuccessful verification occurs. An additional option allows the site code to be replaced with another number. The VeriFlex has several communication options. It is equipped with both a Host port and an auxiliary port. The Host port may be configured to operate in RS-232 mode or RS-485 mode. The auxiliary port is always set to RS-232. The Host port connections are made through the wiring pigtail on the back of the reader. The auxiliary port is accessed from an RJ-11 jack that is hidden under a door on the bottom of the VeriFlex. This door is held shut with a security screw. 18 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S The VeriFlex can be used as a stand-alone reader (with external Wiegand reader) or multiple units can be configured on an RS-485 network. The manner in which you choose to install the VeriFlex will determine which communications settings are most convenient for your configuration. Certain administrative functions are common to any installation. You must have a way to enroll users into the system, that is, you must be able to associate their fingerprint data with a specific Wiegand ID number. You must have a way to distribute this user information to all other readers in your installation. The VeriAdmin Management Software is provided for this purpose. 19 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S The V-PASS The V-PASS is similar to the VeriProx and VeriFlex, but no Wiegand input device is required. The V-PASS will automatically detect when a finger is placed on the sensor, compare that fingerprint with all currently enrolled fingerprint templates and determine if there is a match. A typical operation is described below. The V-PASS top LED is yellow to indicate it is ready for a finger. A user initiates the action by placing their finger on the fingerprint sensor. The User should place the correct finger on the scanner using the Bioscrypt Ridgelock. The V-PASS will recognize that a finger has been placed and will take an image of that fingers print. The amber light will turn off, signaling that the image has been scanned and the finger can be removed. The scanned image is compared with ALL enrolled templates in the memory of the V-PASS (maximum of 200). o o If the verification is positive, the top LED will glow green and the unit will emit an audible beep. If the authentication fails, the LED will glow red and no beep will be generated. When authentication is successful a Wiegand string can optionally be sent out for use by a standard door controller. The V-PASS has several communication options . It is equipped with both a Host port and an auxiliary port. The Host port may be configured to operate in RS-232 mode or RS-485 mode. The auxiliary port is always set to RS-232. The Host port connections are made through the wiring pigtail on the back of the reader. The auxiliary port is accessed from an RJ-11 jack that is hidden under a door on the bottom of the V-PASS. This door is held shut with a security screw. The V-PASS can be used as a stand-alone reader or multiple units can be configured on an RS-485 network. The manner in which you choose to install the V-PASS will determine which communications settings are most convenient for your configuration. Certain administrative functions are common to any installation. You must have a way to enroll users into the system, that is, you must be able to associate their fingerprint data with a specific Wiegand ID number. You must have a way to distribute this user information to all other readers in your installation. The VeriAdmin Management Software is provided for this purpose. 20 Copyright 2002, Bioscrypt Inc. All rights reserved. The Proximity Card C O N C E P T S O F O P E R A T I O N S n-01234 Site Number Designator Card Number Prox Card Figure 6: Veri-Series Card There are three types of proximity cards split into two basic categories:
User Cards Enroll Command Cards Delete Command Cards User Cards The VeriProx / VeriFlex can be programmed to use a given card ID number as a standard user card. The majority of your cards will be of this type. Command Cards Command Cards can be created to add and remove users from a VeriProx /
VeriFlex reader without using the PC based Administrative Software. These can be useful for creating and removing temporary visitors badges or administering the system when your PC is down or unavailable. There are two types of Command Cards associated with the VeriProx / VeriFlex:
Enroll Command Cards Delete Command Cards Note: The command cards must be created using the Administration Software. Once a card has been designated as one of the three types, it will remain that type unless it is deleted and re-enrolled (see Edit Templates on page 37). 21 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S Basic System Administration Enrollment New users are entered into the system through the process of enrollment. This procedure scans the users fingerprint and produces a fingerprint template, a collection of data that is stored in memory on the Veri-Series product. This includes:
User Name User Finger Identifier Template Security Threshold Template ID Template Index Number A mathematical model of the fingerprint ridge pattern Templates Every template on a Veri-Series unit has a unique identification tag consisting of a Template ID and a Template Index. Each time a fingerprint is enrolled a new template is generated using the number from the proximity card or PC as the Template ID number. Unless specifically defined, the Veri-Series product will automatically assign a unique index value to each template. NOTE: The Template Index number will be the lowest value available for that ID number unless specially defined using an external PC application to define a specific Index. Template ID Number Template Index Number Figure 7: Template ID Numbers Please see Appendix A Quality and Content for a technical description of what constitutes a good enrollment. A quality enrollment will ensure peak performance from the Bioscrypt fingerprint recognition algorithm. 22 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S Multiple Readers If your installation includes multiple Veri-Series readers that are used by a common population of users, you will need to distribute the fingerprint template of each user to all the readers. Note:
is recommended that you designate one It Bioscrypt Unit as the administration reader and enroll all new users on this unit. After a new user is enrolled on the administration unit, the template can be copied to the other readers. If the units are networked, you can broadcast the new template to the other readers over the RS-485 lines using the VeriAdmin Management Software. If the readers are not interconnected, a laptop can be used to download the templates from the administration reader and then uploaded to each reader through its Aux Port. Backing-Up Templates Templates can be backed-up by downloading them to a PC. On the PC, template files are of the type .tem for 1:1 verification templates used with the VeriProx /
VeriFlex / V-Smart and .mtm. for the larger searching templates used with a V-
PASS (see Appendix C). The name of the file is derived from the Template ID Number and the Template Index Number. For example, the first file (1_4.tem) in Figure 8 below is of Template ID 1 and Template Index 4 (referred to as Template 1 4). Figure 8: Template files on the PC NOTE: when the template is uploaded from the PC to a Veri-Series reader, the Template ID Number and Index Number is taken from data within the file, not from the file name. Therefore, even if you change the name of the file on your PC, the 23 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N S Template ID and index will remain the same. Please use the VeriAdmin Management Software to modify Template ID numbers. Lights The LED on top of the unit can illuminate in different colors and patterns. Figure 9: Top LED Steady Amber the unit is requesting that a finger be placed on the sensor. This may be for verification or for enrollment. The user may remove the finger when the light goes out. Blinking Amber the unit is requesting a proximity card be waved for enrollment into the reader. The blinking amber light is seen when an Enroll Command Card is used to add a new user to the reader. Steady Green the unit is indicating the successful completion of one of the following operations:
Verification Enrollment Deletion A steady green light is accompanied by an audible beep. Steady Red the unit is indicating the current operation has failed. Blinking Red the unit is requesting a proximity card be waved. The card ID number will be deleted from the reader. The blinking red light is seen when a Delete Command Card is used to remove an existing ID from the reader. 24 Copyright 2002, Bioscrypt Inc. All rights reserved. V E R I A D M I N M A N A G E M E N T S O F T W A R E VeriAdmin Management Software The VeriAdmin Management Software is designed to run on Windows-based PC platforms and communicate with Bioscrypts MV1100 and MV1200 based fingerprint recognition devices. Although oriented more towards the Veri-Series products, the application works well with any MV1100/MV1200-based device. In this documentation, the terms unit and reader are used as a generic term to refer to any MV1100/MV1200-based device. At this time, the VeriAdmin Management Software does NOT communicate with Bioscrypts V2100 fingerprint recognition terminal. Use the VeriAdmin Management software to perform the following functions:
Enroll new user fingerprint templates. Edit user templates. Distribute the user templates from the administration reader or PC to other Bioscrypt readers in the installation. Create command cards; proximity cards with the privilege to enroll or delete other user cards when the unit is used in conjunction with a Proximity Reader as in VeriProx. Adjust the parameters (baud rate, security level, port configuration, Wiegand settings, etc) of individual units, or of all readers connected on an RS-485 network. Configure the layout and operation of Smart Cards (for V-Smart only) NOTE: The recommended operating system for use with the VeriAdmin Management Software is Windows 2000, Windows XP, or Windows NT 4.0 (Service Pack 3 or greater). Operation is possible on Windows 98 or ME, however occasional communication packets can be dropped when multiple applications are running in the background. It is also possible to run the software on Windows 95, however, this is not recommended due to communications irregularities in that version. 25 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N Concepts of Operation Transmit ID On the tool bar of the Administration Software, there is a drop-down list titled Transmit ID (see Figure 10 below). The ID number that appears in the field is the reader with which the software currently is communicating. For this reason, each reader must be assigned a Network ID, even if your installation consists of a single unit (the default setting is 0). Figure 10: Transmit ID Drop-down A special transmit ID number, -1, is assigned as a broadcast ID. All units on the current COMM Port will respond to this broadcast ID. For functions labeled broadcast the software uses the broadcast ID and all readers on the network will accept these commands. Using Broadcast commands is only recommended for advanced users. (See Appendix B for further understanding of the benefits and issues with Broadcasting commands.) If the transmit ID is set to a number that is not assigned to any unit on the network, the software will report that there is no communication. If two units on the network have the same ID assigned, there also will be communication problems, since both units would respond to commands sent to that ID. This causes the information packets to collide and become jumbled, resulting in communication errors. Ports Bioscrypt readers talk to the VeriAdmin Software using either the Host or Auxiliary (AUX) port. The Host port may be configured to use RS-232 or RS-485 protocol. The Host port is connected through the pigtail-wiring bundle at the back of the unit. Different wires are used for RS-485 versus RS-232. The Aux port is accessed using the RJ11 jack at the bottom of the VeriProx. Please refer to the VeriSeries Installation Guide (included on the Bioscrypt CD) for details. Serial Port Settings and Baud Rates Once the reader(s) have been connected to the PC, the next step is to identify which ports on the PC are talking with which readers. 26 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N As usual, the serial ports on the host PC are designated as COM1, COM2, etc. You may connect up to 31 Veri-Series readers to each COM line (using RS-485). You must provide the Administration Software with the information as to which Network ID has been assigned to which COM line. This information is stored in an initialization file that is read by the software on application startup. The file is labeled UNITIDS.DAT and is located at the following path:
<Install Dir>\UNITIDS.DAT Where <Install Dir> indicates the directory where the VeriAdmin Management Software was installed). The default installation path is:
C:\Program Files\BioID\VeriAdmin Please refer to the Setting up the ID File section on page 29 for details. In addition the baud rate may be set on each reader. It is essential that the baud rate used by the PC match the baud rate setting on the reader and that all readers on the network are set to the same baud rate. The following settings are the factory defaults:
A VeriProx/VeriFlex/V-PASS should arrive with these settings in place:
Network ID:
Port Mode:
Host Port baud rate:
Aux Port baud rate:
0 Mode 1 (Host RS-485 / Aux RS-232 (RJ11)) 9600 baud 57600 baud A V-Smart should arrive with these settings in place:
Network ID:
Port Mode:
Host Port baud rate:
Aux Port baud rate:
0 Mode 0 (Host RS-232 / Aux RS-232 (RJ11)) 57600 baud 57600 baud 27 Copyright 2002, Bioscrypt Inc. All rights reserved. Installing the Software C O N C E P T S O F O P E R A T I O N To install the software, run the setup.exe file on the VeriAdmin Management CD. You may accept the default path or choose an alternate directory in which to install the software. The default path is:
C:\Program Files\BioID\VeriAdmin Like most Windows based installations, you will step through a number of windows
(approximately 5) that will request basic installation information, such as, file name and directory location. It is recommended that the default settings are used, however, they can be changed. Once the installation is complete, a short-cut icon for the Administration Software will appear on your desktop. 28 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N Setting up the ID File Once you have installed the software on your PC, you will need to set up a communications port ID file. The software will use the information in this file to communicate with the VeriSeries reader(s) connected to the Host Port. You can create and edit the file using the any standard Text Editor program provided with Microsoft Windows. Access the file, UNITIDS.DAT located in the Install Directory. The default path is:
C:\Program Files\BioID\VeriProx\UNITIDS.DAT ID File Format The file format is as follows:
Line 1: Name the COMM port on the PC Line 2: List the IDs for all units on this port. Identify V-PASS units by appending a :M to the corresponding ID. Separate each ID by a space. Line 3: Type a % to end the COMM port. Example:
COM#: 1 UNITIDS: 0 1 2:M 3 4:M 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
COM#: 2 UNITIDS: 31 32:M 33
Notice how the line for the Unit IDs for COMM 1 wraps; the software will continue to read the line until the %. A space should appear between each reader ID number and after the keywords COM#: and UNITSIDS:. In the example above, IDs #2, #4 and #32 are designated as V-PASS units. It is important to designate V-PASS units appropriately to assist the VeriAdmin software in proper template management. Also, if this is not done, a mismatch message will appear when a network status is performed. Once you have completed editing the file, save it under the same name and to the same location. Note: The VeriAdmin Software will first look for this file in the current directory. If not found, the software will then look in the Install Directory for this file. 29 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N The default UNITIDS.DAT file looks like this:
COM#: 1 UNITIDS: 0 1 2 3 4 5 6 7 8 9
Thus the software will initialize expecting to find 10 readers on the host port with assigned ID numbers of 0 through 9. There should be no communication problems if there are other readers on the network as long as each reader is configured correctly and with a unique ID number. Communication Settings file There is a second initialization file that is used by the Administrative Software. This is the CommParameters.cfg file. The program automatically writes this file when it is closed. The next time the program is opened, this file is read and the communication parameters are set to match their state when the program was last shut down. The first time you run the VeriAdmin Management software this file does not exist. You will see the following dialog appear. Fill out the desired Transmit ID, Comm Port, and Baud Rate. Press the TEST button to verify these settings are correct, and then press ACCEPT and the initial CommParameters.cfg file will be created. Figure 11: Modify Communications Settings 30 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N Setting up a Network As described above, when setting up a network you will need to assign unique ID numbers to each Veri-Series reader and confirm the communication settings. The easiest way to do this is to cycle through each reader, setting the parameters by plugging into the Aux port. When using the Aux port you can set the transmit ID to 1 (broadcast). Since you are plugged into only one reader, you are assured that no other Veri-Series units will be responding to your commands. If the ID on the unit has been changed from its default you can still be confident it will respond to the Broadcast ID. After you set the parameters for each unit through the Aux Port you can connect them to your 485 network. To review, the recommended steps are:
1 2 3 5 6 7 8 9 10 11 Supply power to the proper wires in the pigtail on the back of the Veri-
Series unit (Consult the Installation Manual for a wiring diagram). When power is applied, the front LED will glow green, and the top LED will blink amber, then turn OFF for VeriProx/VeriFlex/V-Smart or remain ON for V-PASS units. Plug into the Aux Port using the RJ-11 jack on the bottom of the unit and connect the cable to one of the serial ports on your PC Access the Communication Settings window by clicking on the icon or using the menu. Click the Modify button. Set the Transmit ID to 1. Set the COMM Port setting to match the designation for the port you are using on the PC (e.g. COM1, COM2) Set the baud rate setting to 9600 baud (the factory default). Press the test button. If necessary, use the Baud Search button to have the software test different baud rate settings and report which baud setting works. (For this function to succeed a valid transmit ID and valid COMM port must be set. Click the Accept button to change the settings. You can now set Network ID on the reader. Click the UNIT PARAMS button on the Modify Communications Settings dialog. Type the desired ID number in the Assign Unit Network ID field. Press the Set button to make the change. Note this will change the ID in flash on the reader and will also modify the transmit ID that is being used by the PC so that you may continue to communicate without using the broadcast ID. The lower portion of this dialog box shows the current communication settings. 31 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N 12 13 Select the appropriate baud rate from the Host Port Baud Rate drop down list (9600 is recommended). Keep in mind that you are currently talking over the AUX port, but you are changing the Host Port settings that will be used when you connect to the unit through the Host Port wires on the back of the unit. Set the Host Port Protocol to RS-485 if you will be using a networked environment. Alternatively you may choose RS-232 if you will not be networking the VeriProx. Remember that the RS-232 and RS-485 connections are made through different wires on the pigtail. (Consult the installation guide). Make sure that the Network IDs in the UNITIDS.DAT file match those assigned to the readers. If not, update accordingly. 32 Copyright 2002, Bioscrypt Inc. All rights reserved. Icons, Commands and Drop Downs C O N C E P T S O F O P E R A T I O N Figure 122: VeriAdmin Toolbar Once you have the software installed and running, you will be able to access the features mentioned above either through the icons on the toolbar or through the command menus. Template Manager (page 36) Icon Command Path File > Template Manager Command Card Manager (page 47) Icon Command Path Smart Card Manager (page 98) File > Command Card Manager Icon Command Path File > Smart Card Manager Communication Settings (page 50) Icon Command Path Configure > Communication Settings 33 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N Unit Parameters (page 51) Icon Command Path Configure > Unit Parameters Broadcast Parameters (page 61) Icon Command Path Configure > Broadcast Parameters Network Status (page 62) Icon Command Path Advanced Enrollment (page 64) File > Network Status Icon Command Path Configure > Advanced Enrollment Quick Enrollment (page 38) Icon Command Path Configure > Quick Enrollment Transmit ID Drop Down The Transmit ID number refers to the IDs given to individual Veri-Series units. Whichever number appears in the box is the unit with which the software is communicating. If you have networked more than one unit, you can use the Transmit ID drop down box to access a specific unit by its ID number. The ID numbers show in the drop down list come from the UNITIDS.DAT file described in the ID File Format section. 34 Copyright 2002, Bioscrypt Inc. All rights reserved. C O N C E P T S O F O P E R A T I O N Current Communication Settings The current Network ID and COMM Port are displayed here. These values will update as different communication and different settings are used throughout the VeriAdmin Management Software. 35 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R Template Manager The Template Manager allows you to:
Edit Templates Enroll Templates Delete Templates Verify Templates Transfer templates to and from a PC, from one unit to another, or to a Smart Card Edit Templates Stored on the PC Verify Templates Stored on the PC Broadcast a Template from the PC to ALL units identified in the UNITIDS.DAT file Click this button to update the window. Click this button to VERIFY a template stored on the PC. Figure 13: Template Manager 36 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R Edit Templates To edit a template, select the appropriate ID number(s) in the Templates window and click the Edit button. Alternatively, you make double-click on the ID number in the window and an Edit box will open. Note: While you can use the Shift and Ctrl keys to select multiple templates, realize that a separate window will open for each template you select. A window like the one below will open. Figure 14: Template Viewer From here you can view and edit the attributes of the template such as the Employee Name and Security Threshold. You can then save the template to the Current Unit specified by the current communication settings. 37 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R QUICK Enrollment When you select the Quick Enroll button on the Template Manager window, the following window will appear:
A visualization of the fingerprint IMAGE will appear here if the option is checked Info and directions will appear here A visualization of the fingerprint TEMPLATE will appear here Figure 13: Quick Enrollment Screen The process to enroll a new template is as follows:
1 In the Template ID Number field, type the desired ID number (for VeriProx, VeriFlex, and readers wired to a proximity reader or Wiegand input device, use the proximity card. Do not include a site code designation). OR Press the From Reader button (although the Wiegand ID can come from sources other than a prox reader) and wave the card in front of the Wiegand INPUT device to read the ID directly from the card Note: If you are using a V-Smart and have selected Read/Write Wiegand String during Enroll/Verify from the Smart Card Manager, VeriAdmin will expect to receive the Wiegand String from the reader and will warn you if none was provided. 38 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R 2 3 4 5 6 7 Click the Enroll button. The light on the VeriProx will glow amber requesting the enrollee to place a finger on the sensor. Nestle the Ridgelock into the first joint line on the finger. The finger may be removed when the amber light goes out and VeriAdmin instructs you to remove the finger. The light will glow green and the unit will beep once to acknowledge that the fingerprint has been captured. If a finger is not placed within ten seconds, the light will glow red and the unit will time out. Similarly the light will glow red if the unit was unable to image the fingerprint. (See the appendix for a discussion of proper enrollment). On the Quick Enrollment screen, the Quantity and Content fields each will display from one to five stars indicating how well the print was read. In addition, a sample of the print will appear in the left center of the screen. A rating of at least three stars in each field is recommended. If you are unsatisfied with the read, repeat steps 3 and 4 above. Press the Accept button to continue with the enrollment. At this point, the Edit Template window will open (see page 37). Complete the Username field, identify the finger that was scanned, and select a Security Threshold. You may change the index if you are enrolling more than one finger under the same ID, but normally this should be zero. Select the user type. This is either User ID, Enroll ID, or Delete ID depending on the type of card you are enrolling. The default is User ID. Note: remember that if the card number already has been designated as one of the three types, then any subsequent templates assigned to the card must be of the same type. Note: if you have more than one unit networked together, it is recommended that you broadcast the new enrollment to the other units at this time. Delete Templates Use this option to delete one or more templates from a single unit (if you are in a networked environment, see the BROADCAST PARAMETERS section). Select the appropriate ID number(s) in the Templates window and click the Delete button (recall that you can use the Shift and Ctrl keys to select multiple templates). Note: You WILL NOT receive a warning when you are deleting templates unless you are deleting all of them. Therefore, be 39 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R sure to confirm that you have selected the correct ones the first time. Verify Template Use this option to initiate a VERIFY function on the unit identified by the Current Unit specified by the current communication settings. Only one template can be selected for this operation Transfer Templates There are six primary ways you can transfer templates:
Transfer selected Templates from unit to unit Download selected Templates from the unit to the PC Download selected Templates from the unit to a Smart Card Upload selected Templates from the PC to the unit Upload selected Templates from the PC to a Smart Card Upload from the PC to ALL units defined in Network Download from Unit to PC File names are derived from the Template ID #
and the Template Index #:
e.g., this is Template 1122 0 Default type is based on whether unit is V-
PASS or VeriFlex /
VeriProx / V-Smart Figure 16: Download Template(s) to PC 1 In the Template Manager window, select the template(s) you wish to 40 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R 2 3 4 transfer. Click the From Unit PC button. When the screen in Figure 16 appears, confirm the download path and directory; make any applicable changes. Click the OK button. When completed the files will be loaded in the designated directory on your PC. Note: If you are in a networked environment, you only need to download from one unit since the template should be the same on all units. Download from Unit to Smart Card Downloading a template from the unit to a Smart Card requires that the current Site Key be entered which matches both the Site Key on the ESI and the Site Key on the Smart Card. Figure 17a: Download Template(s) to Smart Card Then present the Smart Card close to the reader and hold it until instructed to remove the card. Figure 17b: Download Template(s) to Smart Card 41 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R If successful, the following message will be displayed:
Figure 17c: Download Template(s) to Smart Card Upload from PC to Unit You can transfer templates from your PC to any unit. When you click the From PCUnit button, a window like the one below will open:
Figure 14: Upload Template(s) to Unit 1 2 3 4 Click the From PCUnit button. Use the window to browse for the correct directory. Select the appropriate template(s). Click the Open button. Please note that when the template is uploaded, the Template ID Number and Index Number is taken from data within the file, not from the file name. Therefore, even if you change the name of the file on your PC, the Template number will remain the same. To change a Templates ID or index, always use the TEMPLATE EDIT feature within the application. 42 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R Upload from PC to Smart Card The operation is similar to uploading from the unit and will require the current Site Key after selecting the desired template(s) from the PC. 43 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R Transfer from Unit to Unit Use this option when you are in a networked environment. These are the Network IDs for the BII readers according to the UNITSIDS.DAT file. Figure 15: Transfer Templates from Unit to Unit To transfer templates between units, 1 In the Template Manager window, select the template(s) you wish to transfer. Click the Unit to Unit button. 2 3 When the screen in Figure 15 appears, highlight the IDs of the units to which you wish to transfer the templates. Broadcast PC Template This option will allow template(s) stored on the PC to be Broadcast to all units defined in the UNITIDS.DAT file. The process is as follows:
1. The templates will be read one-by-one from the PC. 2. Each specific template will be erased from all units on the network. 44 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R 3. The template will be transferred using the ID of 1 on each defined Communication Port. If the VERIFY BROADCAST is selected, the VeriAdmin software will attempt to verify that steps 2 and 3 where completed successfully. After step 2, each unit will be polled to determine if each template was removed correctly. If the template was NOT removed, another DELETE attempt will be made. After step 3, each unit will be polled to confirm that the template now exists on the each unit. If the template does NOT exist on a particular unit, the TRANSFER function will be retried. Please see Appendix B for details of the benefits and potential issues with using Broadcast commands. 45 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E M A N A G E R Edit PC Template To edit a PC template, click the Edit PC Template button. A standard Windows File Selection window will open to allow the user to choose the template file to edit. Use the TYPE dropdown box to select between displaying VeriProx / VeriFlex / V-
Smart templates (Verification Templates) and V-PASS templates (Searching Templates). Once chosen, the following window is opened:
Figure 16: Edit PC Template Within this window, all template data can be modified and saved back to the PC by pressing the SAVE button within the PC group box. You may optionally save to the unit or a Smart Card if desired. NOTE: The filename is determined by the Template ID number and the Template Index number (See Figure 20). If these do not change, pressing SAVE (under the PC group box) will replace the previous file. If either value is changed, a NEW file is created. 46 Copyright 2002, Bioscrypt Inc. All rights reserved. V E R I F L E X ) C O M M A N D C A R D M A N A G E R ( V E R I P R O X /
Command Card Manager (VeriProx / VeriFlex) Command Cards allow administrators to add and remove user IDs directly from the VeriProx or VeriFlex units without having to access the software. These can be useful for creating and removing temporary visitors badges or administering the system when your PC is down or unavailable. Administering Command Cards Creating Command Cards To create command cards, use the Template Manager (see QUICK Enrollment on page 38). Reviewing Command Cards By clicking the Command Card icon on the toolbar or selecting the option from the menu, the window below will appear. You will notice that the cards are listed by their Template ID numbers; all indices for each template are implied. Lists all Enroll Command Cards Lists all Delete Command Cards Figure 17: Command Card Manager 47 Copyright 2002, Bioscrypt Inc. All rights reserved. V E R I F L E X ) C O M M A N D C A R D M A N A G E R ( V E R I P R O X /
Removing Command Cards To remove a command card, highlight the ID number in either the Enroll IDs or the Delete IDs window and click the Delete Entry button directly beneath the window. This will delete the template for all associated indices. Note: You will not receive a warning when you click the button, therefore, make sure that you have selected the correct ID. Using Command Cards Once you have created Enroll and Delete Command Cards, they can be used as follows:
Enroll Command Card To enroll a user:
1 Wave the Enroll Command Card near the front of the VeriProx /
VeriFlex unit. The light will glow amber directing the Administrator to place his/her finger on the unit. If the Administrator is authorized to use the Command Card, the light will glow green and the unit will beep. Continue with the next step. If not, the light will glow red. Return to Step 1 or stop. The light will flash yellow, indicating the system is ready to enroll the new card. Wave the user card to be enrolled. The light will stop flashing. The light will glow amber directing the User to place his/her finger on the unit. If the print is accepted, the light will glow green and the unit will beep indicating that the card has been enrolled. 2 3 4 48 Copyright 2002, Bioscrypt Inc. All rights reserved. V E R I F L E X ) C O M M A N D C A R D M A N A G E R ( V E R I P R O X /
Delete Command Card To delete a user:
1 Wave the Delete Command Card near the front of the VeriProx /
VeriFlex unit. The light will glow amber directing the Administrator to place his/her finger on the unit. If the Administrator is authorized to use the Command Card, the light will glow green and the unit will beep. Continue with the next step. If not, the light will glow red. Return to Step 1 or stop. The light will flash red, indicating the system is ready to delete the card. Wave the user card to be deleted. The light will glow green and the unit will beep indicating that the card has been deleted. 2 3 4 49 Copyright 2002, Bioscrypt Inc. All rights reserved. C O M M U N I C A T I O N S E T T I N G S Communication Settings From the Communication Settings dialog, you can modify the Transmit ID, the PC Comm Port, and the Communication Baud rate. Figure 18: Communication Port Settings Click the Modify button to change the displayed settings. Same as the Net Status button on the Toolbar Click if youre uncertain of the baud rate Figure 19: Modify Communications Settings Note: Change only one setting at a time and be sure to test the change before clicking the Accept button. 50 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S Unit Parameter Settings The Unit Parameter Settings window aids the Administrator in the following:
Assigning a Network Identification Number to a unit Setting a Global Security Threshold for a unit Enabling/Disabling Wiegand Formats, Out Failure code, and Site codes Modify the Host and Aux Port baud rates Change the Host Protocol View the current statuses and settings of the various ports Performing a Quick COMM test that will flash the top LED and beep the current unit The ability to Password Protect the AUX port Setting of Wiegand PASS-THRU formats The ability to turn off biometrics (no recommended) Select the change desired and press the corresponding Set button to transmit the change to the current unit. 51 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S Current statuses and settings Figure 20: VeriProx Parameter Settings Note: Changes made to Unit ID and Host Baud Rate will also change the Current Transmit ID and Current PC Baud rate so that communications is still possible with the unit. 52 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S Network Identification Number In a networked environment, a unique number must be assigned to each unit before adding that unit to the network (The default setting from the factory is 0). If two or more units have the same Network ID on the same COMM Port, data collisions will cause poor communication on that COMM Line (See Concepts of Operations section). Setting the Number 1 In the Assign Unit Network ID field, type the new Network ID number. Click the Set button. 2 Global Security Threshold There are two types of security settings: the local security level associated with the individual template; and, the global security level associated with the individual Veri-Series unit. You may recall that the system will authorize using the lower of the two. See the appendix for a discussion of security settings and algorithm performance. Example:
If the template is set for Very High, and the unit is set for Medium, the authorization will be performed at the Medium setting. Because of the units high accuracy rate, which practically negates the possibility of a false read, the above affords the unit a high rate of true authorization. Setting the Security Threshold Select the threshold level:
Very High High Medium Low Very Low Click the Set button. 53 Copyright 2002, Bioscrypt Inc. All rights reserved. MV1200 VeriSeries Port MODE U N I T P A R A M E T E R S E T T I N G S In the MV1200 based versions of the VeriSeries products, certain combinations of ports and protocols are not allowed. To simplify this, each available mode is listed in a dropdown. This will only be enabled if the unit is a MV1200 based unit. 1 In the MV1200 VeriSeries Port MODE section, select the appropriate mode from the drop down list. Click the Set button. If the display in the lower right corner does not update, close and re-
open the window. 2 Warning:
If changing to mode 2 with a V-Smart, be sure you have an RS-485 converter!
Changing this may cause you to lose communication with the unit(s). Host Port Protocol This dropdown is enabled only for older MV1100 based devices. The usual protocol settings are as follows:
1 2 stand alone devices networked devices RS-232 RS-485 In the Host Port Protocol section, select the appropriate protocol from the drop down list. Click the Set button. If the display in the lower right corner does not update, close and re-
open the window. Warning:
Changing this may cause you to lose communication with the unit(s). Host Port and Aux Port Baud Rates You can change the baud rates of both the Host and Aux ports to match your PC and/or other networked devices. In order to maintain communication, if you change the baud rate on the port you are using, the PCs baud rate automatically will update. 1 In the appropriate section (Host Port or Aux Port), select the appropriate baud rate from the drop down list. Click the Set button. If the display in the lower right corner does not update, close and re-
open the window. 2 54 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S Quick COMM Test The button will perform a quick COMM TEST with the device identified by the displayed Current COMM settings. The test will flash the LED each color then sound the buzzer. Biometric Verification This option allows the user to turn biometric verification on and off. Check or uncheck this option and press the SET button. Unchecking the box will cause the unit to bypass the core fingerprint authentication (i.e., no finger required) and allows for Wiegand pass-thru authentication alone. Turning this off will result in a less secure system and is not recommended! The user assumes all risk associated with disabling biometrics. Finger Detect (V-PASS only!) This section will show the current setting of the Auto Finger Detect function of the V-PASS product. The user can select the option desired and press the SET button to modify the setting on the current unit. This section is disabled when the current unit is not a V-PASS. Wiegand Settings This section allows you to send coded messages to your Wiegand device (where applicable). Pressing the SET button will transfer all WIEGAND SETTINGS values at once. Wiegand FORMAT This section allows you to select the desired Wiegand format for both INPUT and OUTPUT. 26-bit Standard is the default format. Other custom formats are available and can be selected using the dropdown box. NOTE: the format for BOTH INPUT and OUTPUT will be the same FailString Out When you check the FailString Out box, whatever code you type into the Failure Code field will be sent to the Wiegand device when a failed authorization occurs. The string is numeric and ranges from 0 to 65535. If the box is unchecked then no string will be sent when a verification fails. Alt Site Code When you check the Alt Site Code box, whatever code you type in the Site Code field will override the site code on all cards used on the unit. 55 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S The string is numeric and ranges from 0 to 255. If the box is unchecked the site code read from the proximity card will be passed through in the Wiegand out string. On Fail Send Inverse Parity When you check the On Fail Send Inverse Parity box, a failed verify will result in the Wiegand string being sent on the Wiegand out lines with inversed parity to indicate the failure. Enable INPUT This option in the Wiegand Settings section will enable Wiegand INPUT when checked and sent to the BII_UNIT. This allows all WIEGAND INPUT communications. If this option is unchecked and sent to the BII_UNIT, all WIEGAND INPUT data will be ignored. Enable OUTPUT This option in the Wiegand Settings section will enable Wiegand OUTPUT when checked and sent to the BII_UNIT. This causes the WIEGAND OUTPUT string to be sent whenever a WIEGAND INPUT is received (see PASS_THRU section Wiegand Output related to Pass-Thru formats). If this option is unchecked and sent to the BII_UNIT, all WIEGAND OUTPUT data will be ignored unless the ALWAYS OUTPUT is selected. ALWAYS OUTPUT This option in the Wiegand Settings section will enable Wiegand OUTPUT on ALL Verifications regardless of whether initiated by a Wiegand INPUT, a PC or any other device Pulse Width Unchecking the USE DEFAULT option will allow the user to enter a custom Pulse Width duration for Wiegand Output. This is NOT recommended unless the user is very familiar with the device connected to the BII_Unit. Pulse Interval Unchecking the USE DEFAULT option will allow the user to enter a custom Pulse Interval duration for Wiegand Output. This is NOT recommended unless the user is very familiar with the device connected to the BII_Unit. Wiegand PASS-THRU formats When used with MV1100/MV1200 firmware version 2.50 or higher, the VeriAdmin software allows expanded Wiegand compatibility by allowing definition 56 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S of a PASS-THRU format. In order to use this ability, the following information is required:
Total number of Wiegand bits in Wiegand String (maximum = 64 bits) Start Bit of the ID FIELD (where first bit is bit 0) Number of bits in the ID FIELD (must be contiguous bits) Using these 3 pieces of information, when a card is presented to the BII_Unit, it will attempt to decode the ID FIELD and use that information as the TEMPLATE ID number. All SITE codes, Parity, and any other data are ignored. Using this ID, the BII_Unit will attempt to VERIFY the template corresponding to the decoded ID. If the ID is not found or if the VERIFICATION attempt FAILS, no Wiegand output is sent. To the controller, it will appear as if nothing was presented. If the ID is valid and a SUCCESSFUL VERIFICATION is performed, the original Wiegand INPUT string (with SITE code, Parity, etc) will PASS-THRU to the WIEGAND OUTPUT unchanged. Although this PASS-THRU option does not allow FAIL STRINGS, changing the SITE code or checking PARITY, it does provide a mechanism for using a wide variety of Wiegand formats. 57 Copyright 2002, Bioscrypt Inc. All rights reserved.
| 1 | users manual 2 | Users Manual | 2.94 MiB |
U N I T P A R A M E T E R S E T T I N G S Creating USER DEFINED PASS-THRU Format Options The user has the ability to add custom defined PASS-THRU formats to the VeriAdmin software. These will be added to the dropdown list in the BII_UNIT PARAMETER SETTINGS dialog box. In the installation directory there is a file called WFORMAT.DAT that contains all displayed Wiegand formats. WFORMAT.DAT contains both pre-defined formats and PASS-THRU formats. See below for and example contents of that file. All lines that begin with
// are ignored. PRE-DEFINED formats follow the format:
WIEGAND <MV1100_Code> <#bits> <text_string(no spaces)>
WARNING: These should NOT be changed or added to unless directed by Bioscrypt TECHNICAL SUPPORT. Any modifications to this section could cause unreliable Wiegand communications using PRE-DEFINED formats. The next section shows the PASS-THRU Formats and follows the format:
WIEGAND_PASS <label> <TOTAL_BITS> <ID_START_BIT> <ID_NUM_BITS>
Where:WIEGAND_PASS is the identification that this is a PASS_THRU format
<label> is the Description shown in the dropdown list (no spaces)
<TOTAL_BITs> is the total number of bits in the entire Wiegand String (maximum is 64)
<ID_START_BIT> is the starting bit of the ID FIELD(where the first bit is 0)
<ID_NUM_BITS> is number of bits in the ID FIELD (must be contiguous) 58 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S For Example:
Standard 26-bit Wiegand is -- PSSSSSSSSDDDDDDDDDDDDDDDDP
(1 Parity bit, 8 SITE CODE bits, 16 ID bits, 1 Parity)
26 total bits ID Start Bit is 9 - (where first bit is 0) ID Number of Bits is 16 This would be represented as:
WIEGAND_PASS 26-Bit-Pass_Thru 26 9 16 And the text, 26-Bit-Pass_Thru would be added to the dropdown box. Selection of this option would show the data in the associated boxes. As seen below, one special format ( CUSTOM 1 1 1 ) is also added. When this is selected, the user can enter the TOTAL_BITS, ID_START_BITS, and ID_NUM_BITS directly into the VeriAdmin user interface. These values can then be sent to the BII_UNIT. The values are NOT saved to the WFORMAT.DAT file however. To add items directly to the file, any standard text editor will work since WFORMAT.DAT is a text file.
// format is: IDENTIFIER MV1100_Code #bits text_string(no spaces)
WIEGAND 0 26 Standard WIEGAND 1 44 Apollo WIEGAND 2 34 Northern WIEGAND 3 34 Northern(no_parity) WIEGAND 4 34 Ademco WIEGAND 5 35 HID_Corporate WIEGAND 6 37 HID
// format is: IDENTIFIER text_string(no spaces) TOTAL_BITS ID_START_BIT ID_NUM_BITS
// (* note: ID_START_BIT is zero-based *)
WIEGAND_PASS 26-Bit-Pass_Thru 26 9 16 WIEGAND_PASS Kantech-XSF 39 22 16 WIEGAND_PASS CUSTOM -1 -1 1 59 Copyright 2002, Bioscrypt Inc. All rights reserved. U N I T P A R A M E T E R S E T T I N G S AUX PORT SECURITY This allows the Administrator to set a password for the AUX port to DISABLE unauthorized AUX Port communications. The purpose is to prevent unauthorized users from accessing the AUX port unless the password is supplied to re-ENABLE the port. In the dialog, the current state is shown. The Administrator would select DISABLE and supply a numeric password, and press the SET button. The supplied numeric password should be remembered since it is required to ENABLE the AUX port while communicating on the AUX port. Once the AUX port is disabled, no communications are accepted over the AUX port unless ENABLE PORT option is chosen in 1 of 2 ways. If communicating over the HOST PORT o the ENABLE PORT command will enable AUX port communications and a password is NOT required. This allows the unit to be reset over the HOST port if the AUX password is forgotten. VeriAdmin allows this since the network is considered secure. If communicating over the AUX PORT o The ENABLE PORT command will enable AUX port communications ONLY if the correct password is supplied. All other commands will return an error indicated a locked port until the port is enabled properly Bioscrypt recommends that the AUX port be disabled and password protected When an Administrator needs to communicate with the device using the AUX Port, the procedure would be:
connect to the AUX port, use VeriAdmin to bring up the BII_UNIT PARAMETER SETTINGS dialog choose ENABLE PORT, supply the correct password, and press SET All communications would then be allowed. Once all data is gathered, the Administrator would then disable the AUX port by:
use VeriAdmin to bring up the BII_UNIT PARAMETER SETTINGS dialog choose DISABLE PORT, supply a new password, and press SET This would once again protect the AUX port from unauthorized use. 60 Copyright 2002, Bioscrypt Inc. All rights reserved. B R O A D C A S T P A R A M E T E R S Broadcast Parameters The Broadcast window allows you to modify settings on all units in a networked environment at the same time (See Appendix B). Under most circumstances, you will use this window when communicating over the Host Port (recall that the Aux Port primarily is for communicating with a single unit). You will note that the window is similar to the Unit Parameters window. The PC baud rate will update automatically. Enter the ID#, then either:
enter the Index#, or check the Delete all indices box Figure 21: Broadcast Parameters Window Note: As with the BII_Unit Parameter Settings window, change one setting at a time and click the Broadcast button after each change. For example: if you wish to change the Security Threshold and the Wiegand Out string: 1) change the threshold; 2) click the Broadcast button in the security section; 3) change the string; and, 4) click the Broadcast button in that section. 61 Copyright 2002, Bioscrypt Inc. All rights reserved. Network Status The Net Status window displays the condition of all units networked. N E T W O R K S T A T U S Comm Port TAB RED represents the currently selected unit You can click the mouse button on each Icon to make that UNIT the currently selected unit Pressing REFRESH will check all units on the selected COMM Port Figure 226: Network Status Window Each unit defined in the UNITIDS.DAT file is represented with a TAB for each defined Communications Port. 3 lines of text identify:
The Type of unit (Veri*, V-PASS or V-PASS-no) as defined in UNITIDS.DAT file The Network ID State (Idle, Busy, No Response) 62 Copyright 2002, Bioscrypt Inc. All rights reserved. The Veri* designates a unit is a VeriProx or VeriFlex. V-PASS designates a V-PASS product and V-PASS-no represents a V-PASS product with Auto Finger Detect turned OFF. A type of MISMATCH indicates the UNITIDS.DAT file does not match the actual unit on the network. N E T W O R K S T A T U S 63 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T Advanced Enrollment The Advanced Template Enrollment is the recommended tool for enrolling all templates. This allows multiple templates to be sampled and the corresponding template created. Users can sample different finger or multiple enrollments of the same finger. Each time an enrollment is sampled, the best template is identified between the current 3 samples. Users then have the option of ACCEPTing the enrollment of their choice. NOTE: No enrollments are saved until 1 of the 3 ACCEPT buttons is pressed. This tool can be used to train users by demonstrating how proper finger placement is a critical aspect in obtaining a good enrollment. This tool can also show how different fingers on the same person can have very different QUALITY and CONTENT ratings. Figure 27: The Advanced Enrollment Screen 64 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T The Advanced Enrollment process is as follows:
1. In the Template ID field, type in the Template ID (the template ID should be the proximity card ID number for the VeriProx or if a Wiegand IN device is used. Do not include a site code designation.) OR Press the FROM READER button and wave the card in front of the Wiegand INPUT device to read the ID from the card. 2. In the Index field, enter the index of the template. 3. Click any ENROLL button. 65 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T 66 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T Figure 28: Advanced Enrollment Finger Selection 4. A pop-up dialog box will allow the User to choose the finger to ENROLL. Choose which finger by clicking the corresponding checkbox. 5. The light on the current unit will glow amber requesting the enrollee to place a finger on the sensor. Nestle the Ridgelock into the first joint line on the finger. An image is scanned and both the image and corresponding template are displayed. The finger may be removed when the amber light goes out. 6. The Advance Enrollment tool will then choose the best template among the 3 and indicate which Enrollment should be ACCEPTed. 67 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T 68 Copyright 2002, Bioscrypt Inc. All rights reserved. A D V A N C E D E N R O L L M E N T Figure 29: Advanced Enrollment Recommended Choice 7. Repeat Steps 3-6 to Enroll additional sample templates. A current template can be replaced by choosing the finger to be Enrolled and pressing the ENROLL button. NOTE: Users can indicate which finger by selecting the corresponding checkbox in the FINGER sub-window. The checkboxes represent the fingers as if both hands where placed flat on the display with fingertips touching as shown in Figure 26. 69 Copyright 2002, Bioscrypt Inc. All rights reserved. Figure 30: Advanced Enrollment Finger Selection Option A D V A N C E D E N R O L L M E N T 8. Although NOT recommended by Bioscrypt, users have the option of choosing a different Enrollment other then the one recommended. Simply press the ACCEPT button even though it is hidden by the red NO symbol. A warning message will be displayed to confirm this un-recommended action is desired. Figure 31: Advanced Enrollment OVERRIDE Recommended Choice 9. Once an Enrollment has been selected, the normal EDIT TEMPLATE window appears so that fields can be verified and additional data added. Here is where the User Type and Security Threshold can be set. See the section is this manual on EDIT TEMPLATES for more details on saving the template to either the current unit or the PC disk. 70 Copyright 2002, Bioscrypt Inc. All rights reserved. L E D T A B L E S E T T I N G S LED Table Settings Choosing the LED Table Settings menu item will allow the user to define how the readers LED will function under specific operations. Selecting this option will display the dialog shown in figure 30. The dropdown selection box chooses the function (enroll, verify, idle, etc.) to modify. Below that is each possible state for the selected operation. Line 1 represents GREEN LED, Line 2 represents RED LED, and Line 3 represents the Buzzer. Figure 32: LED Table Settings the example shown, the ENROLL In function is chosen. The first two states are disabled since they have no meaning for the ENROLL function. Both Line 1 and Line 2 are chosen to indicate PLACE FINGER. This will turn GREEN and RED LEDs on creating a YELLOW LED. The REMOVE FINGER operation is signaled by clearing all LEDs, thus making the LED turn off. If a FINGER NOT DETECTED happens, then the RED LED is shown for 600 milliseconds. A PASS is indicated by both turning the LED GREEN and sounding the BUZZER for 600 milliseconds. To indicate a FLASHING LED, choose the duration and set the INTERVAL time (1350 is normal). The USE TABLE checkbox indicates whether to use these setting for non-Wiegand initiated commands (like commands coming from PC). Repeat process of other functions then press the ACCEPT to transfer to the current unit. If the ACCEPT is not pressed, the changes are ignored. Figure 33: LED Table Settings 71 Copyright 2002, Bioscrypt Inc. All rights reserved. S E N S O R C O N F I G U R A T I O N Sensor Configuration Note: This feature has been disabled in recent versions of VeriAdmin, including v4.3 Choosing the Sensor Configuration menu item will allow the readers sensor settings to be altered. It is recommended that only advanced users attempt to modify these settings since they can drastically affect the fingerprint readers performance. Please call Bioscrypt Technical Support with any questions before attempting modifications. The Bioscrypt sensor needs to be calibrated for optimal performance. Figure 34: Sensor Configuration Menu For Veridicom Sensors:
To perform this task the user should place their finger on the sensor of the reader identified by the current Communication settings. Next, press the CALIBRATE button and hold the finger steady until the progress bar completes. The new values will be displayed and the VeriAdmin software will ask if you want to see a test image. With the finger still on the sensor, select YES. An image will be scanned and displayed. If the image looks good, choose YES to accept the new values. For Authentec Sensors:
To perform this task the user should NOT place their finger on the sensor of the reader. Press the CALIBRATE button. The TEST IMAGE button will scan and display a fingerprint image. Figure 35: Sensor Configuration NOTE: A Network ID of 1 is NOT valid for these operations 72 Copyright 2002, Bioscrypt Inc. All rights reserved. Update Firmware U P D A T E F I R M W A R E Choosing the Update Firmware menu item will allow the readers DSP firmware to be field-
updated. Also, for V-Smart units, the external storage device (ESI) can also be programmed in the field. It is recommended that only advanced users attempt this operation. Please call Bioscrypt Technical Support with any questions. to perform Figure 36: Update Firmware Menu Option this option will begin Choosing the Update Firmware Wizard. Follow the steps and choose the correct firmware file. This process can take between 1-10 minutes depending on the current baud rate settings. Figure 34: Update Firmware Wizard NOTE: Before attempting this operation, make sure the current communication settings are correct and that the PC and Figure 37: Update Firmware Menu Option reader are communicating properly. It is recommended that the HELP, ABOUT VERIADMIN menu option is used both before and after this operation to ensure the firmware version changed. Depending on the prior version, downloading a new firmware version may also cause an extra step to be performed after the firmware download. If this happens, the user will be given informational messages indicating the additional steps. Although not necessary, it is recommended that all templates be backed-
up to the PC before a firmware update. If power is disconnected during a firmware update, the Bioscrypt unit may become inoperable. 73 Copyright 2002, Bioscrypt Inc. All rights reserved. R E S T O R E F A C T O R Y D E F A U L T S Restore Factory Defaults Choosing the Restore Factory Defaults menu item will allow the Bioscrypt reader to be reset to the default firmware setting. It is recommended that only advanced users attempt to use this operation. Please call Bioscrypt Technical Support with any questions. Figure 38: Reset BII_Unit to Factory Defaults Menu Option 74 Copyright 2002, Bioscrypt Inc. All rights reserved. R E S T O R E F A C T O R Y D E F A U L T S Two options are given: RS-485 Default and RS232. The associated Factory Default settings are identified for each option. Proper communication must be established with the reader before this operation can successfully performed. Press the button of the option desired and each Parameter will be set on the reader. Figure 39: Reset Parameters NOTE: A Network ID of 1 is NOT valid for this operation. 75 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E C O N V E R S I O N Template Conversion Choosing the Template Conversion menu item will allow the user to convert templates stored on the PC from the larger Searching templates used with the V-
PASS to the smaller 1:1 Verification Templates used with the VeriProx and VeriFlex (see Appendix C for details). It is recommended that only advanced users attempt to perform this operation. Please call Bioscrypt Technical Support with any questions. Figure 40: Template Conversion Menu Figure 41: Template Conversion Dialog 76 Copyright 2002, Bioscrypt Inc. All rights reserved. T E M P L A T E C O N V E R S I O N Using the Template Conversion Dialog, users can choose the Source (V-PASS template) and Destination (VeriProx/VeriFlex template) directories by pressing the appropriate STORAGE FOLDER button and selecting the desired directory. Next, highlight the V-PASS Searching templates that you wish to convert (or press the SEL ALL button to select all appropriate templates in the selected directory). Pressing the Right Arrow button will convert all selected V-PASS templates to VeriProx/VeriFlex templates. The names will remain the same, but the extension will change from .mtm to .tem. 77 Copyright 2002, Bioscrypt Inc. All rights reserved. V E R I F I C A T I O N A C T I O N R E S P O N S E Verification Action Response Choosing the Verification Action Response menu item will allow users to customize the way the unit responds to a Verification Action. the response packet on Under Normal operations, the Veri-Series unit will respond based on how a Verification Action was initiated. When a Wiegand INPUT initiates the action, a Wiegand OUTPUT is used to respond. When a Verification Action is initiated over a communications port by using the Bioscrypt DLL or low-level commands (described in the MV1100 SDK), then returned is same communication port (either HOST or AUX). This menu allows the user to select other Verification Responses in addition to the normal response. The Line Trigger is a signal line that will trigger for the defined number of seconds on a successful verification. Although not a true TTL level signal, this trigger could be used to initiate a relay or other device. The Line Trigger is the GREEN wire on the Veri-Series pigtail. It is recommended that only advanced users who are working with the SDK and writing their own custom software attempt to enable the HOST or AUX ALWAYS operations. Please call Bioscrypt Technical Support with any questions. the Figure 42: Verification Action Response Figure 43: Verification Action Dialog 78 Copyright 2002, Bioscrypt Inc. All rights reserved. W I E G A N D U T I L I T I E S Wiegand Utilities
(* requires firmware v3.2 or higher) Choosing the Wiegand Utilities menu item will allow users to define specific Administrator IDs that will not require a fingerprint to initiate the ENROLL and DELETE actions. Under Normal operations, ENROLL and DELETE COMMAND CARDS require a fingerprint verification to be performed that ensures the correct person is using the ADMIN card. The Wiegand Utilities Dialog allows Administrators to create specific IDs that can initiate the following operations:
Figure 44: Wiegand Utilities
- Create ENROLLMENT Administrator Command Card
- Enroll User/Card
- Create DELETE Administrator Command Card in to ID
- Delete User/Card By entering a Card the appropriate box and pressing the SAVE key, that ID will be stored in the VeriSeries Unit memory. When a card that contains that ID is presented the VeriSeries Product, the appropriate action will be initiated. This feature has been added to allow installers to create ENROLL and DELETE ADMIN Command Cards without a PC if the unit has been properly pre-configured for specific card this feature. Once these initial cards have been created, we recommend deleting the pre-configured IDs with the CLEAR ALL buttons. IDs by using Figure 45: Wiegand Card Utilities Dialog 79 Copyright 2002, Bioscrypt Inc. All rights reserved. G E T T I N G S E R V I C E A N D S U P P O R T Getting Service and Support Bioscrypt, Inc. is available to provide information and assistance. Contact Bioscrypt using methods discussed below. Before calling, copy down the following version information about your unit:
Software DLL Algorithm Kernel PIC ESI (if applicable) This can be found in the Help menu under the About menu. The ESI version can be found under the Smart Card Manager in the upper left (V-Smart only). Technical Support For assistance with technical matters, contact the Technical Support Department by sending e-mail to support@bioscrypt.com. To speak directly with a technician, call (818) 501-3908. Customer Service and Sales Support Bioscrypt is here to assist you with your questions. Contact our Customer Service and Sales support departments by calling (818) 501-3908. World Wide Web Site See our World Wide Web site for breaking information, and other services. The address is www.bioscrypt.com. 80 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T Appendix A Quality and Content Section A.1 - Basic Biometric Concepts Biometric Definitions Enrollment is the operation of scanning a fingerprint, determining the quality of the fingerprint scan, and storing a good template with associated data within the memory of the Veri-Series product. Verification is the operation of presenting the user ID, either by waving a proximity card or typing the ID into the Verify dialog box, requesting the user to place their finger on the fingerprint sensor, scanning the finger, comparing the current scan against stored fingerprint templates for that user, and then notification of a successful validation or a failure. Searching is the operation of the user placing their finger on the V-PASS fingerprint sensor, scanning the finger, comparing the current scan against ALL stored fingerprint templates for V-PASS unit, and then notification of a successful validation or a failure. Searching is only possible on a V-PASS. Fingerprint Template is the term used to describe the data stored on the VeriProx that mathematically represents the ridge pattern of an enrolled fingerprint. This data is not the raw image of the fingerprint, but the result of processing a raw image through our unique algorithmic process, preparing the data for later comparisons, and compressing the data for maximum storage. An image of the uncompressed template data does resemble the raw image, but whereas a raw image is 90K bytes, the compressed template is only 348 bytes for the VeriProx or VeriFlex and 2352 bytes for the V-PASS. Fingerprint Core is the term used to describe distinguishing print characteristics usually found in the area of the print where the topography shows the tightest curvature. Although the entire fingerprint has significant data, the core is the most data-intensive area and therefore very important. 81 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T Scanning an Image When the unit properly reads a fingerprint, it looks for image quality and fingerprint content. When a raw image is collected from the sensor, the Veri-Series unit searches for the fingerprint core. Content scores are based upon the amount of non-ambiguous data in the region of the core. The higher the content, the greater the degree of useful information. See Section A.3 for a thorough discussion of content Quality scores are based on how well the ridge pattern is defined within the image. For best image quality, be sure that the sensor window is clear of dirt, residue, or other material that can block the BII_Units view of the fingerprint. See Section A.3 for a thorough discussion on quality. Once the image is scanned, the BII_Unit then creates and stores the resulting fingerprint template. Storing User Templates on the Unit The Veri-Series unit recognizes users by matching current images to stored templates of previously enrolled fingerprints. Along with the fingerprint, the VeriProx and VeriFlex require a proximity card with a unique user ID number. The Veri-Series readers allow associating multiple fingerprints with a single Template ID. Each instance of a template with a specific ID has a unique index (up to 256 indices possible (0-255)). This allows a VeriProx and VeriFlex users to have a single proximity card, but be able fingers. During VERIFICATION, a user waves their card at the VeriProx / VeriFlex reader and places their finger on the sensor. The unit will then scan the current fingerprint and compare it against all enrolled templates for that specific ID. If there are multiple templates enrolled under one ID, then the VeriProx / VeriFlex will check templates in the numerical order based on their index. to enroll multiple Example: On Card # 123, a person ENROLLs both their left and right index fingers. The next time that user goes to verify, they wave Card #
123 and place a finger on the sensor. The VeriProx scans the current finger and compares it against the first template (the right index finger, Template ID 123 0). If a match is found, the VERIFICATION is PASSED and the operation ends. If a match is not found, the VeriProx will check the second print (the left index finger, Template the VERIFICATION is PASSED and the operation ends. If the match If a match ID 123 1). found, is 82 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T is not found and since all templates have been compared, the VERIFICATION is FAILED. NOTE: The initial finger scan takes ~0.5 seconds and each comparison takes ~0.5 seconds. So if the first template results in a successful verification, the total time is ~1.0 seconds. Successful verification on the second templates requires ~1.5 seconds, and so on. Section A.2 - Proper Finger Placement The basics for successful operation of the Veri-Series units are simple but important. System performance improves dramatically with consistent finger placement. It is important to make sure that the position of the finger allows the unit to record the unique features of the print. Here are the steps to follow for trouble-free fingerprint recognition. Bioscrypt has designed the Ridge-Lock to create simple user instruction and consistent finger position. With the fingertip raised, position the finger so that the Ridge-Lock rests comfortably within the first indentation of the finger. Next, lower the finger onto the sensor and apply moderate pressure. Common mistakes Correct finger placement is a significant component for reliable fingerprint imaging. The following list some common mistakes to avoid. Sliding the fingertip into place instead of lowering it onto the sensor will cause distortion of the fingerprint and will degrade image quality. Keep the fingertip raised while locating the Ridge-Lock, then lower the fingertip. Rotating the finger into position also will cause distortion of the fingerprint, subsequently making verification less reliable. Positioning the finger to one side and leaving a portion of the sensor exposed will degrade image quality. Placing the finger at an angle to the finger guide is another common mistake. Rotation of the fingertip will not provide a reliable image of the fingerprint. Image quality Dry skin is another factor that can contribute to an unreliable image of a fingerprint. A normal amount of moisture on the skin makes the ridges and valleys of the fingerprint stand out to the sensor. Too little moisture makes the image noisy and will cause 83 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T the Veri-Series unit to reject the image during processing. Lightly moisturizing the finger will enhance the contrast of the print and provide more reliable verification. The increased sensitivity of the silicon sensor is dramatically reducing problems in this area. Image consistency Once a users fingerprint template has been enrolled, the best performance in the candidate matching process depends on consistency. Obviously, the user must use the same finger for ID verification as was used to form the original template. It also is important to position the finger correctly for each verification, as was done when the template was enrolled, so the Veri-Series unit sees approximately the same information each time. 84 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T Section A.3 - Using Content and Quality during Enrollments As described in section A.1, Quality and Content scores are returned in the enrollment process. These scores give an indication of the performance of the template enrolled. To a large degree, the verification algorithm compensates for deficiencies in image quality and loss of information content. Nonetheless, knowledge of these parameters and what they mean helps ensure optimal performance. False Acceptance and False Rejection In order to understand the effects of poor image quality and poor information content it is necessary to understand how to measure performance. Performance of the Veri-
Series unit is presented in terms of False Rejection and False Acceptance. False Rejection indicates that the unit incorrectly rejected a fingerprint that corresponds to the persons template. False Rejections rarely occur and primarily result from the inability to get a good image of the finger. False Acceptance indicates that the unit accepted a fingerprint that does not correspond it was compared against. False Acceptances also are rare and primarily result when a fingerprint template is characterized by low information in the enrolled print. template the to The algorithm on the Veri-Series units has been tuned so that the false acceptance and false rejection rates are equal at the medium security level (level 3), delivering the industry leading accuracy. This is known as the Equal Error Rate. Increasing the security (e.g., changing the security level from 3 to 1) will decrease the chance for false acceptance at the expense of increased false rejection. Reducing the security
(e.g., changing the security level from 3 to 5) will decrease the chance of a false rejection at the expense of false acceptance. The table below indicates the expected error rates at the different security levels. Security Level Very Low (5) Low (4) Medium (3) High (2) Very High (1) False Rejection Rate 1 / 10,000 1 / 5000 1 / 1000 1 / 200 1 / 100 False Acceptance Rate 1 / 100 1 / 200 1 / 1000 1 / 5000 1 / 20,000 85 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T Quality The quality score is based on how well the ridge pattern is defined within the fingerprint image that was enrolled. In other words, quality measures how clearly the unit imaged the fingerprint. Poor quality enrollments can result in an elevated rate of false rejection making it difficult for the user to verify reliably. The score is given in stars () and ranges from zero to five stars, with five being the best quality (rarely obtained) and zero being the worst. Quality scores of three stars and higher perform well with the Bioscrypt verification algorithm. In this range, the algorithm readily compensates for differences in fingerprint quality. It statistically is still true that the larger the quality score the better the performance of an enrollment. As a general rule of thumb, quality scores less than three stars require intervention on the part of the Enroller or administrative software. Sources of low scores include dry fingers and dirty sensors. Very High quality Very Low Quality If the quality score falls below three stars, Bioscrypt recommends the following options:
Ensure that the sensor and finger are clean. If the finger and sensor are clean and a dry finger is suspected, try re-enrolling one more time, leaving the finger on the sensor for several seconds prior to enrollment. Frequently finger moisture accumulates over time to provide a good image. Fingerprint quality can vary among individual fingers for the same person. Try enrolling an alternate finger to see if the score improves. Alter the security level for that particular template by decreasing the threshold a minimum of 1 level (e.g., change the value from medium [3] to low [4]). This will offset the false rejection for that template by making it easier to match. If use of that template indicates that raising the threshold one level still produces false rejections, try setting the value to its lowest security (level 5). Warning: Decreasing a templates security may increase the risk of a false acceptance for that template. 86 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T A thorough enrollment procedure will ensure streamlined and reliable verification for users. It is recommended that all four options be performed in the order listed above to maximize the performance of the device. Content The Content score is based upon the amount of usable information the Veri-Series unit sees in the fingerprint. Templates that are characterized by low content scores may result in elevated rates of false acceptance. Again, the score is given in stars () and ranges from zero to five stars, with five being the most content and zero being the least. Content scores of three stars and higher perform well with the Bioscrypt Algorithm. In this range the algorithm has enough information to distinguish between different fingerprints with a high level of accuracy. Templates with content scores above two stars do not vary in terms of the error rates. Content scores less than three stars require intervention on the part of the Enroller or administrative software. Sources of poor content include improper finger positioning and extremely bland fingerprints. Very High Content Low Content If the content score falls below three stars, Bioscrypt recommends the following options:
Try re-enrolling the same finger if finger positioning seems to be the issue
(see section A.2). Ensure that the user can comfortably place the finger on the sensor while maintaining the core region in the image. Fingerprint content can vary among individual fingers for the same person. Try enrolling an alternate finger to see if the score improves. Alter the security level for that particular template by increasing the threshold a minimum of 1 level (e.g., change the value from medium [3] to high [2]). This will offset the false acceptance for that template by making it more difficult to match. If use of that template indicates that raising the threshold one level still produces false rejections, try setting the value to its highest security (level 1). 87 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T Warning:
Increasing a templates security may increase the risk of a false rejection for that template. A thorough enrollment procedure will ensure streamlined and reliable verification for users. It is recommended that all three options be performed in the order listed above to maximize the performance of the device. Content and Quality Summary Table 1: Quality and Content Minimum Thresholds Normal Range Three or more stars Three or more stars Poor Range Less than three stars Less than three stars Score Quality Content Table 2: VeriAdmin Management application map of score versus category Score Quality/Content Category Very poor Poor Fair High Very high Recommended Enrollment Process Have the user pick one of the following fingers for enrollment: Left Index, Left Middle, Right Index, or Right Middle. Enroll the chosen finger and note the quality and content results. If either is below the minimum threshold, follow the directions outlined in the previous section. If both are above their minimum thresholds, either accept the created template, or attempt another finger trying to achieve the best quality possible. 88 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X A Q U A L I T Y A N D C O N T E N T If multiple fingers are attempted and only one finger is required, choose the template where both quality and content are above the threshold, and which the quality is maximized. 89 Copyright 2002, Bioscrypt Inc. All rights reserved. B R O A D C A S T O P T I O N I N R S - 4 8 5 B A S E D N E T W O R K S A P P E N D I X B U N D E R S T A N D I N G T H E Appendix B Understanding the BROADCAST option in RS-485 Based Networks The BROADCAST feature allows a command to be sent to ALL units connected on the same PC COMM Port. Using a NETWORK ID of 1 enables Broadcast Mode. Although this is often a very convenient feature, it also has some inherent issues that the user should be aware of and understand. Bioscrypt recommends that only advance users attempt the BROADCAST features. NO REPLIES. When in Broadcast mode, no replies from the receiving unit are possible. This is because that since all units receive the command at the same time, all units would then normally reply at the same time. On a RS485 network, it more then one unit is communicating at the same time, the communications electrically collide and cannot be understood. This is an inherent shortcoming of the RS485 protocol. This collision will also happen if 2 or more units are the same NETWORK ID, since they will both respond at the same time and cause the same problem. When in Broadcast mode, the Bioscrypt readers are instructed NOT to REPLY. NO ERROR CHECKING. The Bioscrypt communication protocol has various error checking methods built into the interface. This error checking requires two-way communication between the PC and the Bioscrypt reader to ensure that command packets where received and all data contained. Because NO REPLIES are possible, the error checking is disabled in Broadcast mode. This can become an issue when using a network of Bioscrypt readers since the reader itself cannot process a communication packet during Verification. Although this time is very short, if a command is received during portions of a Verification the unit would normally respond with a BUSY error code. However, if in Broadcast mode, no response can be given and the VeriAdmin will not know that the command was ignored by that particular unit
(even though it would have been accepted by all other units.) Manual verification is often required to ensure all units successfully received a Broadcast command. An example of this can be seen in the BROADCAST PC TEMPLATE section. The VeriAdmin Software will Broadcast the TRANSFER command, but then manually verify that the template was successfully transferred to each and every unit after the Broadcast command is complete. Since Broadcast commands cannot have the Bioscrypt reader reply, using a Network ID has been disabled in Reset to Factory defaults and Sensor Settings. NOTE: A Broadcast command will be received by all units on the same PC COMM port. If a network consists of multiple COMM ports, the Broadcast command will have to be sent on each COMM port in order to reach all units on the network. This is automatically done by the VeriAdmin Software for BROADCAST PC TEMPLATES and for all commands in the BROADCAST PARAMETERS window based on the UNITIDS.DAT file. However, this is not for other commands where the user specifies a Network ID of 1. 90 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X C V - P A S S T E M P L A T E D I F F E R E N C E S Appendix C V-PASS Template Differences The V-PASS product is similar in size and shape to both the VeriFlex and VeriProx products. However, it incorporates a very different biometric comparison process. The VeriFlex and VeriProx perform a 1:1 verification. One finger is compared with one template to decide if there is a match. A Template ID is mandatory to determine which of the stored templates to compare with the current live fingerprint image. The V-PASS performs a searching algorithm that will compare the current live fingerprint image with ALL templates that reside on the V-PASS unit (up to 200 with firmware version 3.0). This is often referred to as 1:many (one to many) or identification. Whereas the VeriProx and VeriFlex are typically used with a proximity card or external device to indicate a users ID, the V-PASS no longer requires this extra form of identification, only the fingerprint is required. To perform this quick database search of all enrolled templates, the V-PASS requires a fingerprint template that is different then the fingerprint templates required for the VeriFlex and V-Pass. The VeriFlex / VeriProx templates are 348 bytes of data, whereas the V-PASS template is 2,532 bytes of data. The V-PASS template contains all the data from a VeriFlex/VeriProx template and more. Bioscrypt provides a way to generate a 1:1 VeriFlex / VeriProx template from a V_PASS template. This conversion is available in our SDK for software developers, or as part of the VeriAdmin Management Software for end-users. Users should be aware of the following:
1. V-PASS templates are different then VeriFlex / VeriProx templates. 2. V-PASS templates should use the default extension of .mtm 3. VeriProx / VeriFlex templates should use the default extension of .tem 4. Only a V-PASS can create (enroll) a V-PASS template. 5. A V-PASS template CAN BE converted to a VeriFlex / VeriProx template. 6. A VeriProx / VeriFlex template CANNOT be converted to a V-PASS template. 7. Administrators need to be aware of these differences if BOTH products are used. 8. A Veri-Series unit will reject a template if the wrong type is sent. This means that a VeriProx / VeriFlex will return an error if a V-PASS template is sent to that unit. The same is true if a V-PASS unit is sent a VeriFlex / VeriProx template. 9. Administrators should use caution when attempting Broadcast commands on a Mixed Network.. Broadcast commands will work, but #8 above will apply. Contact Bioscrypt Technical Services for more information. 91 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X C V - P A S S T E M P L A T E D I F F E R E N C E S For installations using a Mixed network where both V-PASS units and VeriFlex / VeriProx /V-
Smart units are used, Bioscrypt recommends the follow guidelines to help manage templates:
1. A PC-based enrollment stations using the VeriAdmin software should be used for all template enrollments. 2. All enrollments should be done using a V-PASS and stored on the PC. 3. V-PASS templates can be converted to VeriProx / VeriFlex templates using the VeriAdmin Software (see the Template Conversion section). After this process, the Administrator will have both a V-PASS compatible template and a VeriProx /
VeriFlex compatible template for each user. 4. Use the Bioscrypt designated extensions of .tem for VeriFlex / VeriProx templates and .mtm for V-PASS templates. Example:
PC Enrollment station is setup with an attached V-PASS unit and running the VeriAdmin Management software. Using the Advanced Enrollment dialog, the Administrator will enter an ID (ex:
1122) and sample enroll 3 different fingers and chose the best one as indicated by the software. This fingerprint template will be save to the PC (ex: 1122_0.mtm). The Administrator will use the Template Conversion utility to create a VeriFlex /
VeriProx template (ex: 1122_0.tem). Template 1122_0.mtm will then be transferred to all V-PASS units. Template 1122_0.tem will then be transferred to all VeriFlex / VeriProx / V-
Smart units. 92 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Appendix D V-Smart Operations The V-Smart product is similar in size and shape to both the VeriFlex and VeriProx products. However, it incorporates a new method for template management. The V-Smart incorporates a contactless smart card reader using MIFARE technology. This allows a users template to be written to a smart card during enrollment and then later read from the smart card during verification. Since the template is stored on the card itself, there is no need for network-based template management operations typically associated with biometric installations. Smart cards used by the V-Smart can now be used by another application. V-Smart operation uses only the part of the Smart Card defined by the layout, so that other applications can now use any remaining free sectors. Contact your Bioscrypt Sales representative when purchasing smart cards to ensure they will work correctly with the V-Smart. Administrators Note The Administrator / Enroller needs to understand the different states that the V-Smart operates to effectively use the unit. The most important aspect to understand is the difference between HOST and SLAVE mode. HOST mode is the normal operating state of the V-Smart. In this mode, the unit is actively looking for a smart card with a template on it. When a card is seen, one or both templates is automatically read and a Verification action is started. While the Verification action is happening, the V-Smart cannot process other commands coming over the AUX channel from the PC. The only time this becomes an issue is when using the VeriAdmin software. When writing a template to the smart card as part of the enrollment process, it is important to wait for VeriAdmin to display a message saying, PLACE SMART CARD CLOSE TO READER. If the Administrator places the card before the message, the V-Smart may treat this as described above, and initiate a Verification action. The V-Smart will then be busy trying to verify a live image and will not be able to process the Enrollment. You can tell when this happens because the top LED will turn yellow. If this does happen, simply place a finger and let the V-Smart complete the Verification attempt. Then press the SAVE TO SMART CARD button and wait for the PLACE SMART CARD CLOSE TO READER prompt. NOTE: It is essential that the Administrator read and fully understand the information presented in Appendix E: Administrator SiteKey Management. Failure to use the V-Smart in the proper way can make the V-Smart less secure and potentially unusable if Site Keys are forgotten or compromised. 93 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S V-Smart Terminology V-Smart Term used to designate the complete hardware product. The V-Smart actually contains an embedded MV1200 with expanded I/O functionality, an External Storage Interface (ESI) module and a MIFARE smart card reader. External Storage Interface (ESI) This module is internal to the V-Smart and acts as an interface between the MV1200 and the smart card reader. External pigtail wires connect the MV1200 and ESI together. Primary Template This is the template that resides in the first template slot on the smart card. When a verification is initiated, this primary template is the first fingerprint that is used in that verification process. Secondary Template This is an optional second template stored on the smart card. Currently, in the v5.80 (or later) V-Smart firmware, this second template will also be used in the verification process if the primary template verification fails. Administrator SiteKey This is a key (or password) used by the V-Smart to encrypt data stored on the smart card. This key is stored on the ESI and must match the key used by the smart card in order for the V-Smart to read the smart card data. See the next section for further details regarding Administrator Site Keys. WARNING! It is extremely important that Administrators do not forget the SiteKey used. If the SiteKey is forgotten, the administrator will not be able to ENROLL, DELETE or read templates from the smart card, nor will they be able to CHANGE the SiteKey. Site Key Verification Certain VeriAdmin and V-Smart processes are only allowed if the Administrator enters the correct Site Key. The SiteKey entered in VeriAdmin must match the key stored on the V-Smart and the key used to encrypt the smart card data. See Appendix E for father details. 94 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S V-Smart Smart Card Placement The picture below demonstrated the proper placement of the smart card so the V-Smart can read the data stored on the card or write data to the card. 95 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Section D.1 HOST Mode versus SLAVE Mode Operation The V-Smart has two modes of operation that the Administrator needs to be familiar with. These are HOST mode and SLAVE mode. HOST MODE HOST mode is the normal mode of operation and simply means that the V-Smart is waiting for a smart card to be presented to the unit. When a smart card is seen, the card Site Key
(see next Appendix) is compared with the V-Smarts Site Key. If they match, the template is read from the card and the V-Smarts attempts a Verification operation. The top LED will turn amber indicating the user should PLACE FINGER ON SENSOR. When a finger placed, a live image is recorded. When the live image is done recording, the top LED will go off. At this time, the user can remove their finger. The V-Smart will then compare the live image against the template read from the smart card. If a successful match made, the top LED will turn GREEN. A RED LED indicates a failed comparison. Once a Verification attempt has been made, the card must be moved away from the reader and then brought close again to re-attempt Verification. SLAVE MODE SLAVE mode is when the V-Smart is communicating with the PC. When a serial command is received by the V-Smart on the AUX communications port, SLAVE mode is automatically entered. While in SLAVE mode, the V-Smart will NOT make Verification attempts when a card is seen. This makes it easier for Administrators to place the card, near the reader and perform various operations like enrollments without the unit performing a Verification just because a card is sensed. The V-Smart will return to HOST mode in one of two ways:
1) a command is sent to the V-Smart telling it to specifically return to HOST mode 2) 180 seconds have passed since the last communication on the AUX port In VeriAdmin, when you bring up the SMART CARD MANAGER, the V-Smart is put into SLAVE mode because a STATUS is sent to the ESI as the dialog is brought up. When the user exits the SMART CARD MANAGER by pressing the OK or CANCEL buttons, VeriAdmin will instruct the V-Smart to return to HOST mode. 96 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Section D.2 Transferring a Template to a Smart Card VeriAdmin version 4.00 adds a new capability to transfer a previously enrolled fingerprint template to a smart card. The user can either transfer a template from the PC to a smart card or from the internal memory on the V-Smart to a smart card. To transfer a previously enrolled template that is currently stored on the PC to a smart card, press the FROM PC SMARTCARD button. The user will be allowed to browse to the desired PC template. Once the template is chosen, the EDIT TEMPLATE dialog is brought up and the template data is displayed. Pressing the SAVE TO SMART CARD button will then attempt to write template data to the smart card. This process involves a SiteKey verification window to appear (see appendix E). Once the proper Site Key is entered, the user is prompted to 97 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S place the smart card near the V-Smart. When this is done, the template is then copied to the smart card. Section D.3 Enrolling a Template Directly to a Smart Card Using VeriAdmin, the smart card Enrollment process is very similar to a typical enrollment procedure as described in the QUICK ENROLL section or in the ADVANCED TEMPLATE ENROLLMENT section. Once a finger is registered and a template created and accepted, the EDIT TEMPLATE window is displayed as described in the TEMPLATE MANAGER section. However, for release v4.0 and above the EDIT TEMPLATE window has been modified to allow for saving the template directly to a Smart Card. As seen below, options now exist to save the template to the CURRENT UNIT, the PC, or a SMART CARD. By pressing the SAVE button under SMART CARD, the V-Smart will attempt to write the template to a smart card held near the smart card reader. Note that a SiteKey verification is performed before the data is written to the smart card (see appendix E for details). 98 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Section D.4 Using the Smart Card Manager VeriAdmin version 4.00 adds a new toolbar option (shown above) for accessing the Smart Card Manager dialog box. Pressing the SMART button will bring up a dialog box like the one shown below. 99 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S This dialog initially shows the ESI information and a blank card. Pressing the READ SMART CARD button will instruct the V-Smart to read the template list from the card and display the list of stored templates. In the example shown, there are two templates. The display shows the Template ID:INDEX followed by the NAME field from the template. The upper right hand corner of the card has symbol indicating the card is secured. Pressing either template button (primary or secondary) will instruct the V-Smart to attempt to read the full fingerprint template data from the smart card. VeriAdmin will prompt the user for the Site Key (depending on security settings) and if the Site Key entered matches the Site Key stored on both the V-Smart and the smart card, the template will be read and the normal Template Editor window will be displayed. Note: It is possible to edit a template on the card and change either the ID or the Index, then save the template back to the card. This is NOT recommended because any Wiegand data associated with the original template will not be saved with the new template. The DELETE TEMPLATE (1) button will instruct the V-Smart to erase the primary template stored on the smart card. VeriAdmin will perform a Site Key verification before allowing the erase to take place. The DELETE TEMPLATE (2) button will instruct the V-Smart to erase the secondary template stored on the smart card. Version 4.2 (and above) of VeriAdmin includes a checkbox for READ/WRITE WIEGAND STRING TO SMART CARD DURING ENROLL/VERIFY. This is a setting which tells the V-
Smart to attempt to read a Wiegand string from the Smart Card during a verify, and send this Wiegand string out the Wiegand out lines if successful. This check box also means that VeriAdmin will attempt to save the Wiegand string onto a Smart Card when enrolling. To do so, it will require that a Wiegand string be read from an external Wiegand input device (the FROM READER button during Quick or Advanced Enroll). Once you have read in the Wiegand string, a check box (WIEGAND STRING READ) next to this button will be checked. If VeriAdmin has not received the Wiegand string, the following dialog will be displayed:
100 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Also, when you have this setting checked, VeriAdmin will remind you that it is saving the Wiegand string when saving to a Smart Card. The WRITE WIEGAND STRING checkbox below the Save button for Smart Cards will be checked. As of VeriAdmin version 4.3, there is also the ability to delete Wiegand Strings associated with a template. The DELETE WIEGAND STRING (1) button will prompt the user for a Site Key and then delete the Wiegand string associated with the Primary Template. The DELETE WIEGAND STRING (2) will perform the same task for the Secondary Template. It is possible to use this function even if a Wiegand String has not been associated with a template, so long as a User Data block has been placed in the Smart Card layout (see the section on Smart Card Layout). Also new to version 4.3 of VeriAdmin is the ability to secure and un-secure (Reset) smart cards. The SECURE CARD button will secure a new smart card which has not been updated with the proper Site Key (i.e., it still has the manufacturers default keys). You will not need to enter the current Site Key to perform this function. Simply press this button and present the card to the reader. Only the sectors of the smart card being used by the V-
Smart will be secured; all other sectors will remain untouched. Performing this function on a smart card which has already been secured will have no effect, but is allowed. The RESET CARD button will allow the user to un-secure a smart card (the reverse process) after providing the proper Site Key. This will ERASE all V-Smart data on the card, including templates, Wiegand Strings, and other user data, as defined in the smart card layout and set the Site Key back to the original manufacturers default. This will essentially transform the card back into a fresh, unused card, with the exception of those sectors not defined in the three manufacturers settings are supported: Gem+ Flow A, Gem+ Flow B, and HID Flow B. Please refer to the documentation provided by these manufacturers or from whom you received your smart cards for more information. layout (sectors used by another application, for example). Currently At the top of the SMART CARD MANAGER dialog, you will see a radio button to select the MAX TEMPLATES PER CARD. Currently, this can be set to either one or two templates, although future cards with more memory may support additional templates. If two templates option is selected, the Smart Card Layout must have two templates defined. Otherwise when attempting to save a second template to the card, the user will receive an Invalid Smart Card Layout error. If the maximum is set to only one template, attempting to save a second template to a card will result in the error message ESI Storage Space is FULL. The ESI VERIFICATION TIMEOUT is a user definable setting which controls how long the ESI will wait between verification from one card to the next. When a smart card is presented, the ESI will read the template(s) and Wiegand data (if available), go into SLAVE mode, and send the data to the main unit for verification with the live finger image. It will then wait for a number of seconds (default is 15) before returning to HOST mode, where it can delay. verification accept card. This new the is a 101 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Pressing the SECURITY SETTINGS button will bring up the following dialog box:
This dialog will allow the user to adjust how often the Site Key verification is performed. The default is EVERYTIME and VeriAdmin will reset to this default setting every time the application is started. To change, select the desired choice and press the SAVE ADMIN SETTINGS button. A Site Key verification is performed before the change is accepted. This dialog also contains two checkboxes to enable the use of a 1-way hashing function on the Site Key prior to sending to the V-Smart (Use software HASH). This is an extra security step that will convert a simple text password to a 120-bit encrypted string every time it is transmitted to the V-Smart. See Appendix E: Administrator SiteKey Management for precautions related to changing Site Keys and using the hashing function. The VeriAdmin Security Settings dialog box also allows the Administrator to change the Primary and Secondary SiteKeys and to chose whether those new keys will be hashed or not. Pressing the CHANGE SITEKEY button will always perform a Site Key Verification before changing the current primary and secondary keys regardless of the timeout settings. A new addition to this dialog is the ESI Site Key Security option. The checkbox USE ESI SITEKEY ENCRYPTION is used in conjunction with the drop-down box. This deals with how Site Keys are managed on the smart card itself and there are 3 available settings. The default setting is use ESI Site Key Encryption with Key B for Read/Write. The other two available options do not use ESI Site Key Encryption, and are provided for compatibility with other applications which want to read and/or write data to the smart card. The checkbox must be unchecked to enable these options. Note that Key A and Key B do not correspond to PRIMARY and SECONDARY Site Keys; please read the manufacturers documentation for more information. Only advanced users should change this setting!
102 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Pressing the CONFIGURE CARD LAYOUT button will bring up the Smart Card Manager dialog box:
This dialog will allow the user to define a custom layout for all MIFARE cards. compatible smart Bioscrypt recommends that only advanced users attempt to configure the smart card layout. Improper changes made to the layout may render the unit unusable with some smart cards. This section should be read completely before attempting to change the default layout provided by Bioscrypt (as shown on the left above). The Smart Card Layout used by the V-Smart consists of the following components: A layout block (brown), an Admin block (red), a PRIMARY template (blue), a SECONDARY template (purple, optional), and User Data (green, optional). 103 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S The Smart Card Layout Manager will NOT allow a user to configure a layout which is missing the Admin block, the Layout Block, or a PRIMARY template. These are the minimum layout components required to enable normal operation. The memory structure for MIFARE compatible smart cards consists of 16 sectors (numbered 0 through 15) of 4 blocks each (numbered 0 through 3). Each block contains 16 bytes. The first block at sector 0, block 0 contains manufacturer information and is not available. Also, the last block of each sector contains Site Key and access information which secures that sector and is thus unavailable for application data. Unavailable blocks are shown in VeriAdmin in black and do not allow layout components to be placed there. This leaves 47 available blocks of 16 bytes each, for a total of 752 available bytes. The Bioscrypt default layout contains space for two templates and Wiegand information (stored in the green User Block) and will use all available space. If space for non-Bioscrypt data is desired, include only the PRIMARY Template
(Template (1)) or do not include a User Block. Place components on the layout on the right (under the New Layout section) by clicking one of the buttons under the Set Starting Block section. You will then see flashing text which instructs you to select one of the white, unused blocks above. Since the one-to-one templates used by the V-Smart are 348 bytes, they will require 22 blocks of space (348 bytes / 16 bytes-
per-block = 22 blocks). All other layout components require a single block of space. You will notice when placing a template on the layout that the blocks will wrap around whatever blocks are in the way, consuming blocks from top to bottom. Templates may NOT wrap around from bottom to top, and if there is insufficient space for a template, a warning will pop up and you will not be able to place the template. If you would like to move a layout component or take if off of the layout, you must remove it by first clicking on the Remove Item button and then clicking on the item which is to be removed. You will notice when you first enter the Smart Card Layout Manager that the Admin Block has already been placed for you in sector 8, block 1. You may remove it and place it elsewhere, however it is recommended that the Admin Block be left in this sector. The reason for this is that the ESI will be able to read cards with a different layout than the one which is defined here so long as the Admin Block is in this location. This allows for some flexibility with different card layouts, however Bioscrypt still recommends that each site or facility use the same layout for each card. Layout Placement: It is recommended that the Admin Block be left in sector 8, block 1. Bioscrypt recommends first placing the Layout Block, then the PRIMARY Template, and finally a User Data block to hold the Wiegand Strings associated with each template. Note: If you do not place at least ONE User Data block, VeriAdmin will be unable to read or write Wiegand String data, and you will receive an error during enrollment. As of version 4.3, only TWO User Data blocks may be placed on the layout. If two are placed, the first will be used for Wiegand data (if used) and the second will be available for user data. These two blocks may be written to or read using the Bioscrypt SDK, but not using VeriAdmin. When all other blocks have been placed and there is sufficient space, place the SECONDARY template. You will not be able to place Template (2) if you have placed two User Blocks because there will be insufficient space. Finally, there is a convenient way to make the V-Smart layout wrap around sectors where non-
104 Copyright 2002, Bioscrypt Inc. All rights reserved. A P P E N D I X D V - S M A R T O P E R A T I O N S Bioscrypt data is located (or is planned to go). Select the Unavailable Block button, then hold down the SHIFT key to place multiple blocks. Do this before placing the other layout items so that when they are placed they will automatically wrap around those blocks. Click Set Layout to finalize the layout. You will need to provide the current Site Key. Upon successfully setting the layout, the Smart Card Layout Manager will close, returning to the Smart Card Manager. If at any time you would like to RESET the layout back to Bioscrypt defaults, click on the Reset Layout button and provide the current Site Key. This will set the layout as shown in the screen shot shown above. There are some things to keep in mind when changing the Smart Card layout. First, note that the number of templates defined on the layout should be greater than or equal to the Max Templates per Card option. In other words, you should NOT define only one template and set the maximum templates per card to TWO. This will result in an ESI Storage Full error upon enrollment of a second template. Second, remember that changing the layout after some Smart Cards have already been created with a different layout may cause those cards not to work properly with the V-Smart. You will see a flashing or steady red LED on the unit when trying to verify or you will receive an error in VeriAdmin indicating that the ESI cannot recognize the layout. Third, it is important to realize that although you may write both Bioscrypt data and non-
Bioscrypt data to a Smart Card, each sector has its own Site Key which unlocks data on that sector. Data may only be read from or written to a particular block if the proper Site Key for that sector is provided. The ESI will use the same Site Key for all sectors being used by the V-
Smart, including sectors where only one or two blocks are actually being used. It is recommended that any non-Bioscrypt data be placed on different sectors so that different keys may be used for that data. Finally, keep in mind that if a third party application is used to read/write any of the V-Smart data or the same Site Key is to be used for the entire card, the ESI Site Key Encryption MUST use one of the un-hashed modes for compatibility. Please refer to the documentation from the manufacturer from whom you have purchased your Smart Cards. 105 Copyright 2002, Bioscrypt Inc. All rights reserved. Section D.5 Verification Using a Smart Card After enrolling a template on a smart card, you can then use the card to perform a Verification. Exit the SMART CARD MANAGER dialog so the V-SMART is placed back into HOST MODE. Place the smart card near the reader as shown earlier in this section. The Top LED will indicate:
Indicator YELLOW RED FLASHING RED Meaning Template READ; Place Finger on Sensor No Template on smart card Invalid SiteKey, can not read card data In our example, the top LED should turn YELLOW, indicating PLACE FINGER. Remove the card, place your finger and hold until the LED goes blank. Once the LED goes blank, you can remove your finger. The LED will then either turn RED or GREEN indicating a FAIL or a PASS. Indicator RED GREEN Meaning Not Verified Verified / Enrollment Accepted Best Performance Practices / Finger placement The V-Smart unit should be mounted in a position that takes these factors into consideration:
ease of use, at a height that allows for proper finger placement, in line with other switch plates or fixtures, and in accordance with Americans with Disabilities Act where applicable. Recommended mounting height is 48-54 from floor to sensor level. Typically, using either the index or middle finger provides the best performance. We recommend you do NOT use thumbs or pinkies (little finger), but we do recommend that you enroll an alternate finger on your other hand (total of 2 fingers enrolled). Please refer to APPENDIX A for more details about maximize fingerprint performance 106 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R Appendix E V-Smart Administrator SiteKey Management It is essential that the Administrator understand the use of V-Smart SiteKeys and handles them appropriately. SiteKeys are the mechanism used by the V-Smart and the smart cards to ensure that only authorized smart cards are used. In this appendix, the following topics will be covered:
What is a SiteKey?
Why do I Need a SiteKey?
What is the Default SiteKey?
Where is the SiteKey Stored?
What is the Difference Between PRIMARY and SECONDARY SiteKeys?
How do I Initially Set a SiteKey for V-Smarts at My Installation?
How do I Set the SiteKey on Individual Smart Cards?
How do I Change the SiteKey if I Already Have a User Base of Previously Created Smart Cards?
What Happens if I FORGET My SiteKey?
What Happens if Someone Else Learns My Installations SiteKey?
What is the 1-Way Hashing Function Option in VeriAdmin for SiteKeys?
What is a SiteKey?
A SiteKey is a password used by VeriAdmin, the V-Smart and the smart cards. Each of the 3 must use the same password to communicate and transfer information. If the SiteKey stored in the V-Smart does not match the SiteKey used by the smart card, that V-
Smart will not be able to read or write to that smart card. By checking the SiteKey each time, the V-Smart ensures that only authorized smart cards are used at a specific installation. Similar to a computer logon password, if the smart cards SiteKey does not match the V-Smarts SiteKey, that card will not be allowed to be used by that unit. The V-Smart uses a maximum of 120-bits (15 characters) for the SiteKey. Typically, the Administrator will set all V-Smarts at a single installation to the same SiteKey. Why do I Need a SiteKey?
Each installation must set their own SiteKey to distinguish their V-Smart smart cards from every other installation of V-Smarts. If SiteKeys are not used, then any V-Smart would accept smart cards created by any other V-Smart and a sites installation could easily be compromised. By using a unique SiteKey at each installation, you ensure that the only smart cards that are accepted by V-Smarts are your site, are smart cards personally 107 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R created at your site. It also ensures that data on the smart cards created at your site can not be read by anyone that does not know your chosen SiteKey. What is the Default SiteKey?
All V-Smarts are shipped from Bioscrypt with the SiteKey set to an empty string (120 bits of all zeros). This allows Administrators to use the V-Smart in a non secure mode until they are ready to set their personal SiteKey and secure the system. When using the Default SiteKey in non secure mode and VeriAdmin performs a SiteKey Validation, simply do not enter any key and just press the OK button. After the V-Smart verifies it is using the default SiteKey and it verifies the smart card is also using the default SiteKey, the operation will be performed. Where is the SiteKey Stored?
The SiteKey is stored within the internal memory of the V-Smart and is encrypted and stored on the smart card itself. The SiteKey is NOT stored within VeriAdmin, they are NOT stored on the PC, and they can NOT be retrieved from the V-Smart. It is the responsibility of the Administrator to remember the SiteKey and take measure to prevent the SiteKey from being forgotten. What is the Difference Between PRIMARY and SECONDARY SiteKeys?
The V-Smart can store two SiteKeys. The PRIMARY SiteKey is used in normal operations and is the SiteKey the Administrator used with performing a SiteKey verification operation within VeriAdmin. The SECONDARY SiteKey is only used to update older cards when a new PRIMARY SiteKey is set. See How do I Change the SiteKey if I Already Have a User Base of Previously Created Smart Cards? for further details on how and when to use the SECONDARY SiteKey. 108 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R How do I Initially Set a SiteKey for V-Smarts at My Installation?
You will need to set your installations SiteKey prior to creating secure user smart cards. Once you become familiar with V-Smart operations and are comfortable enrolling users, you should then chose your own SiteKey. The SMART CARD MANAGER section of VeriAdmin allows the user to create and change SiteKeys. 1) Enter your desired SiteKey in the NEW PRIMARY box 2) Enter the previous SiteKey in the NEW SECONDARY box if you are changing SiteKeys and you already have a user base of smart cards created with the previous SiteKey and you want to update those cards to the NEW PRIMARY SiteKey. If there is not a previous user base of cards that need updated, then enter a -1 in the Secondary box to turn off the auto SiteKey update function. NOTE: DO NOT leave the NEW SECONDARY box blank unless you truly want to update all Default SiteKey smart cards to the NEW PRIMARY SiteKey. This could compromise security since any smart card created by any V-Smart using the Default SiteKey would automatically be updated to the new Primary SiteKey 3) Press the CHANGE SITEKEY button 4) You will be presented the following Warning dialog box 109 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R 5) Read the information carefully press the YES button if you accept. 6) You will be prompted to enter the CURRENT Primary SiteKey (this will be the Default SiteKey if this is the first time you are changing the SiteKey) 7) If the CURRENT SiteKey entered is correct, you will be presented with a dialog box indicating the changes were made. 8) Now all newly created smart cards from this specific V-Smart will use the NEW PRIMARY SITEKEY and all older smart cards that use the defined SECONDARY SITEKEY will be updated to the NEW PRIMARY the next time they are used by the V-Smart. 9) You will need to set the same PRIMARY SITEKEY on all V-Smarts in your installation in order for the smart cards to work at each V-Smart. 110 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R How do I Set the SiteKey on Individual Smart Cards?
The V-Smart will attempt to set the SiteKey on the smart card during the enrollment process. When an attempt is made to store a template on a smart card, the V-Smart will check the key currently used by the Smart Card. If the V-Smart Primary SiteKey matches the key on the smart card, the template is written. If the above fails, the V-Smart will check if its Secondary SiteKey matches the key on the smart card. If they match, the key on the smart card is updated to the V-Smarts Primary SiteKey and the template is written (this adds ~0.5 seconds to the process). If both Primary and Secondary SiteKeys fail, the V-Smart will compare the smart card key with the standard default MIFARE smart card key. If they match, the key on the smart card is updated to the V-Smarts Primary SiteKey and the template is written. If all of the above 3 fail, the V-Smart can not read or write to that smart card 111 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R How do I Change the SiteKey if I Already Have a User Base of Previously Created V-Smart Smart Cards?
Lets say you initially set the SiteKey during installation. For example, the Primary SiteKey was set to cat and the Secondary was set to -1 because you have no previous SiteKeys to update. You then enrolled 100 users and created 100 smart cards. The smart card key on each of those cards would be cat. Now you want to change the password because the SiteKey of cat was compromised when non-authorized personnel where told the SiteKey and the installation is no longer completely secure. Lets say you want to change the SiteKey from cat to dog. In the Smart Card Security Settings window, enter dog as the New PRIMARY and enter cat as the New SECONDARY Press the CHANGE SITEKEY button and you will again be presented with the warning that you need to always remember the SiteKey. After pressing the ACCEPT button, you will be prompted for the CURRENT PRIMARY SiteKey. Enter cat since that is the currently stored SiteKey on the V-
Smart. You should then be presented with a dialog indicating the SiteKey was changed. Typically, you will need to repeat this change process on all V-Smarts at your installation. At this point, all previously created smart cards still contain the previous key of cat. However, when a smart card is presented to the V-Smart it will follow the following steps:
1. When a card is presented and the V-Smart tries to read the data from the card, the V-Smart will check the key currently used by the Smart Card. Since the key on the card is cat and the V-Smart Primary key is now dog, this key check will fail. 112 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R 2. Next, the V-Smart will check if its Secondary SiteKey matches the key on the smart card. In our example, they do match so the key on the smart card is changed (updated) to the V-Smarts Primary SiteKey. This update adds ~0.5 seconds to the process, but only happens the first time the older card is presented. After that, the new Primary is already on the smart card step #1 above will PASS from now on. If neither the Primary nor the Secondary SiteKey on the V-Smart matches the smart cards key, the V-Smart will not be able to use that card. You must use the previous SiteKey as the SECONDARY SiteKey or all previously created smart cards will be unusable. Once the entire user base of cards has been updated to the NEW PRIMARY SiteKey, you should once again perform the change SiteKey process. This time keep the primary SiteKey the same, but enter a -1 for the Secondary SiteKey. This will disable the auto update feature and any remaining smart cards with cat on them will no longer work. What Happens if I FORGET My SiteKey?
DO NOT LET THIS HAPPEN! If an Administrator forgets the Primary SiteKey then all previously created smart cards will continue to work, but the following will happen:
They can no longer create new smart cards They will not be able to READ templates from current smart cards They will not be able to CHANGE the SiteKey on the V-Smarts The V-Smarts will have to be returned to Bioscrypt for reprogramming and once reprogrammed, the previously enrolled smart cards will no longer be usable. What Happens if Someone Else Learns My Installations SiteKey?
SiteKeys need to be protected just like computer passwords and should not be told to unauthorized personnel. In the event that the SiteKey has been compromised, follow the steps defined in the previous How do I Change the SiteKey if I Already Have a User Base of Previously Created Smart Cards? section to change the SiteKey and automatically update all user base smart cards. 113 Copyright 2002, Bioscrypt Inc. All rights reserved. S I T E K E Y M A N A G E M E N T A P P E N D I X E V - S M A R T A D M I N I S T R A T O R What is the 1-Way Hashing Function Option In VeriAdmin for SiteKeys?
VeriAdmin allows Administrators to add additional security by optionally performing a 1-
way Hash function on entered SiteKeys. This is DIFFERENT from the ESI SiteKey Encryption option. This function will take the user-entered password and create an encrypted 120-bit SiteKey from that password. This encrypted version is then used as the SiteKey for the V-Smart and smart cards in place of the user-defined password. In extreme cases, this can make it more difficult for criminals to sniff internal networks and capture passwords during serial communications. DO NOT USE THIS OPTION IF YOU INTEND TO SHARE SMART CARD DATA WITH OTHER APPLICATIONS!
To the Administrator, this all happens behind the scenes and you never have to remember anything other then the simple password. You just have to make sure that if you set a NEW SiteKey with the HASH checkbox selected, then afterwards you need to also check the Hash the CURRENT SiteKey so that each time the SiteKey Verification process happens, a hashed current SiteKey will be compared with the stored hashed Primary SiteKey. The HASH function check box is ignored if the SiteKey textbox is empty (for non secure V-Smart default key use), or if -1 is entered the SECONDARY SiteKey text box (for turning OFF the auto update feature). PLEASE NOTE:
The HASH function check box has been moved from the Security Settings Dialog to the Site Key Dialog for VeriAdmin v4.10. Each time the Site Key is entered, the check box determines whether to HASH the key for the Current Key. 114 Copyright 2002, Bioscrypt Inc. All rights reserved. Bioscrypt Contact Information Technical Support Contact Information:
Telephone : 1-888-982-4643 1-818-501-3908
(toll free) Email:
support@bioscrypt.com Address Bioscrypt Inc Technical Support Dept 5000 Van Nuys Blvd, Suite 300 Sherman Oaks, CA, 91403 Corporate & Canadian Office 5450 Explorer Drive, Suite 500 Mississauga, ON, Canada L4W 5M1 T 905 624 7700 F 905 624 7742 www.bioscrypt.com U.S. Office 5000 Van Nuys Blvd., Suite 300 Sherman Oaks, CA 91403 U.S.A. T 818 501 3908 F 818 461-0843 support@bioscrypt.com 115 Copyright 2002, Bioscrypt Inc. All rights reserved.
| frequency | equipment class | purpose | ||
|---|---|---|---|---|
| 1 | 2002-05-21 | 13.553 ~ 13.567 | DXX - Part 15 Low Power Communication Device Transmitter | Original Equipment |
| app s | Applicant Information | |||||
|---|---|---|---|---|---|---|
| 1 | Effective |
2002-05-21
|
||||
| 1 | Applicant's complete, legal business name |
Bioscrypt, Inc.
|
||||
| 1 | FCC Registration Number (FRN) |
0007028343
|
||||
| 1 | Physical Address |
50 Acadia Avenue
|
||||
| 1 |
Markham, N/A L3R 0B3
|
|||||
| 1 |
Canada
|
|||||
| app s | TCB Information | |||||
| 1 | TCB Application Email Address |
t******@timcoengr.com
|
||||
| 1 | TCB Scope |
A1: Low Power Transmitters below 1 GHz (except Spread Spectrum), Unintentional Radiators, EAS (Part 11) & Consumer ISM devices
|
||||
| app s | FCC ID | |||||
| 1 | Grantee Code |
QC4
|
||||
| 1 | Equipment Product Code |
VSMARTAG680
|
||||
| app s | Person at the applicant's address to receive grant or for contact | |||||
| 1 | Name |
R******** W******
|
||||
| 1 | Title |
Manager HW Engineering
|
||||
| 1 | Telephone Number |
905-9********
|
||||
| 1 | Fax Number |
905-9********
|
||||
| 1 |
r******@l1id.com
|
|||||
| app s | Technical Contact | |||||
| n/a | ||||||
| app s | Non Technical Contact | |||||
| n/a | ||||||
| app s | Confidentiality (long or short term) | |||||
| 1 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
| 1 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
| if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
| app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
| 1 | Is this application for software defined/cognitive radio authorization? | No | ||||
| 1 | Equipment Class | DXX - Part 15 Low Power Communication Device Transmitter | ||||
| 1 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Unlicensed Low Power Tranmitter | ||||
| 1 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
| 1 | Modular Equipment Type | Does not apply | ||||
| 1 | Purpose / Application is for | Original Equipment | ||||
| 1 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
| 1 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
| 1 | Is there an equipment authorization waiver associated with this application? | No | ||||
| 1 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
| app s | Test Firm Name and Contact Information | |||||
| 1 | Firm Name |
UltraTech Engineering Labs Inc.
|
||||
| 1 | Name |
T****** L******
|
||||
| 1 | Telephone Number |
877-7********
|
||||
| 1 | Fax Number |
905-8********
|
||||
| 1 |
t******@ultratech-labs.com
|
|||||
| Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
| 1 | 1 | 15C | 13.55300000 | 13.56700000 | |||||||||||||||||||||||||||||||||||||
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC