Keri Systems BioPointe Users Manual

BioPointe

User's Manual

Getting to know the BioPointe

Notices:
Information in this document is subject to change without notice.

NO WARRANTY OF ANY KIND IS MADE WITH REGARD TO THIS MATERIAL INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.

No liability is assumed for errors contained herein or for incidental damages in connection with the
furnishing, performance, use of this material.

No part of this document may be photocopied, reproduced or transmitted in any form or by any means,
electronic or mechanical, without the prior written permission of Keri Systems Incorporated.

Other products and corporate names may be trademarks or registered trademarks of other companies and are
only for explanation without intent to infringe.

Copyright 2004 © Keri Systems Incorporated.
All rights reserved.

Release date: August 2004
Revision 1.7
Part Number: 01954-001

1

Getting to know the BioPointe

Thank you for choosing the BioPointe Fingerprint Identification System by Keri
Systems Incorporated. This device is not only simple to use, but it also provides a
variety of versatile, flexible and powerful features at the same time. In this manual,
you will learn about the features of the BioPointe, how to administer the BioPointe
and how to communicate with the BioPointe.

Preface

2

Getting to know the BioPointe

Using the Manual

If you are reading this manual for the first time, we suggest you read it from the start to end in order
to achieve an overall understanding of the features provided by the BioPointe.

However, if you are looking for specific information, you may turn to the Table of Contents to help
you look for the information you want quickly. The Table of Contents is on the next page.

In the chapters to follow, you will see the following chapters. The synopsis describes what you can
expect to find in each of these chapters:

• Chapter 1 - Getting to Know the BioPointe

Gives an overview of the BioPointe. Read this chapter to gain an overview of the device.

• Chapter 2 - Getting Started

Gives a quick and concise introduction to what you need to do to get started when you first
receive the device.

• Chapter 3 - Features

Gives a detailed description of the features provided by the BioPointe. The description is
divided into sections according to each feature. Read all or the relevant sections you need.

• Chapter 4 - Administering the BioPointe

Shows you how you can access the functions within the BioPointe such as enrollment. Read
this chapter to get started on enrolling the first fingerprint of the device.

• Chapter 5 – Performing Authentication on the BioPointe

Shows you how to use the device for fingerprint, card or card with PIN authentication.

• Chapter 6 – Configuring the BioPointe

Gives a description on how you can connect interfacing cables to the control board. Also
covers DIP switch settings.

• Chapter 7 – Communicating with the BioPointe

Gives a description on how to communicate with the device with RS232, RS4422 and RS485.

• Chapter 8 – Interfacing to a Keri System Controller

Gives a description on how to interface to a Keri System Controller.

• Chapter 9 - Technical Specifications

• Chapter 10 - Troubleshooting

• Appendix A – Log Types in BioPointe

• Appendix B – Configuring the ADAM 4520

• Appendix C – Communicating in RS422 and RS485

• Appendix D – Communication Using Modem

3

Getting to know the BioPointe

Table Of Contents

1 Getting to Know The BioPointe 6

1.1 How The BioPointe Works 6

2 Getting Started 8

2.1 Unpacking And Initial Inspection 8

2.2 Identifying the Parts 9

2.3 Applying Power 10

2.4 Typical Setup For Use in Door Access 12

2.5 Mounting The BioPointe 13

3

Features 14

3.1 Authentication and Managing Authentication Properties 15

3.1.1 Fingerprint Authentication 15

3.1.2 Card Authentication 17

3.1.3 Card with PIN Authentication 17

3.2 Local Administration from Device 18

3.3 Remote Administration from Host Program 19

3.4 Logging of Transactions and Trace Events 20

3.5 Interfacing to Keri System Controller 20

4 Administering The BioPointe 21

4.1 Understanding the Administration Modes 21

4.2 Interpreting the LEDs 23

4.2.1 Table of LED Status (For Administration Modes Only ) 23

4.3 Using the Keypad 27

4.4 Using the Administration Modes (Enrollment) 28

4.4.1 Enrolling the First Master of the Device 28

4.4.2 Enrolling a Next Master 29

4.4.3 Enrolling a User with 1 to 3 Fingerprints 31

4.4.4 Enrolling a User with Card Only 33

4.4.5 Enrolling a User with Card with PIN 34

4.4.6 Enrolling a User with Card with Fingerprint 36

4.4.7 Deleting a Single Record 38

4.4.8 Deleting All Records 39

4.5 Using the Administration Modes (Configuration) 40

4.5.1 Enabling or Disabling Communication Authentication 40

4.5.2 Enabling or Disabling the Fingerprint Identify Mode 41

4.5.3 Changing the Security Level 42

4.5.4 Enabling or Disabling the Alarm 43

4.5.5 Erasing the Logs 44

4

Getting to know the BioPointe

5 Performing Authentication With The BioPointe 45

5.1 Performing Fingerprint Authentication 46

5.2 Performing Card Only Authentication 50

5.3 Performing Card with PIN Authentication 50

6 Configuring The BioPointe 51

6.1 Location of DIP Switches and Connectors 51

6.2 DIP Switches 52

7 Communicating with The BioPointe 54

7.1 Setting up the Communication 54

7.2 Tips for Ensuring Good Communication 58

7.3 Troubleshooting Communication Problems 59

7.4 Communication using Modem 60

8 Interfacing with Keri System Controllers 61

9 Technical Specifications 63

9.1 Technical Specifications 63

9.2 Maintenance Instructions 64

10 Troubleshooting 65

Appendix A – Log Types in The BioPointe 67

11

5

Getting to know the BioPointe

Chapter 1

1 Getting to Know The BioPointe

Introduction

The BioPointe is a fingerprint identification device designed for use in access control. It relies on 3 LEDs to
convey status information to the user. Depending on the color and speed of the blinking LEDs, different
statuses are conveyed.

1.1 How The BioPointe Works

Types of Authentication Properties

The BioPointe is able to perform three types of authentications. The three types are:

• Fingerprint

• Card Only

• Card with PIN

Each of these authentication properties is associated with an ID. For fingerprint enrollment, each ID
can be enrolled with up to 3 different fingers, unless the ID is for a Master. You will come across
terms like a Master and a User. The difference between a Master and a User is described later.

The other two authentication properties, Card Only and Card with PIN are necessary in order to
cater for some people whose fingerprints cannot be enrolled at all.

Device Master and User

When you are enrolling using fingerprint, you can choose to enroll as a Master, or as a User. A
Master is someone whose fingerprint is allowed to enter the administration or master mode of the
device. When this administration mode is entered, he can enroll other Users. A User, on the other
hand, does not have this privilege access.

Unlike a User, each Master can only be enrolled with one fingerprint. The BioPointe can enroll up
to a maximum of 5 Masters fingerprints.

With up to 5 Masters, you can assign more than one person to administer the device.

6

Getting to know the BioPointe

Local Enrollment and Central Enrollment

The system is designed to cater for both local and central enrollment. By central, it means that the
users of the device are enrolled centrally on a host PC. Their authentication properties are then
downloaded by means of a communication link, to the BioPointe.

Central enrollment requires the use of the central enrollment software, known as BioPointe Cen tral.
For local enrollment, you can refer to Chapter 4 - "Administering The BioPointe".

Communicating With The BioPointe

As mentioned, the authentication properties can be downloaded using a communication link. This
link can be RS232, RS422 and RS485.

Transaction Logging

Every time a user successfully verifies his authentication property at the device, a transaction log is
recorded. This log remains in the device in a round-robin flash storage. The role of the host
software is to upload the log from the device to the host PC.

Event Logging

Besides the transaction logs, there is also another category of logs which is known as Event Logs.
Event logs are recorded whenever any exceptional events happen. An example of such and event is
when an alarm is triggered.

For a full listing of the different types of event logs, you can refer to the Appendix.

Wiegand Interface To Keri Systems Controllers

The BioPointe provides a Wiegand interface to a Keri System Controller. The Wiegand signals are
sent out upon a successful verification of the authentication property.

7

Getting Started

Chapter 2

2 Getting Started

2.1 Unpacking And Initial Inspection

The following items are included in the packing box:

 Packing List
 BioPointe Unit
 CDROM (User’s Manual)
 Warranty Statement

Verify the items against the packing list and inform us if there is any discrepancy immediately.

8

Getting Started

2.2 Identifying the Parts

9

Getting Started

2.3 Applying Power

Safety instructions

It is necessary to take special precautions to avoid the introduction of hazards while operating, installing,
maintaining, transporting or storing the device.

The power supply that is used should have an output vol t ag e of betwee n 1 2V to 24V DC rat ed at 1. 0 A (please
refer to the Technical Specifications for more details).

[WARNING!]

Make sure the mains supply voltage rating of the power adapter is suitable for the supply voltage in
your country before you power on. When in doubt, you should consult your local representative for
advice.

10

Getting Started

Steps for Applying Power

Step 1: Ensure that the power adapter is powered off.

Step 2: Insert the two wires of the power adapter correctly in to the connector.

Inserting the cable:

1) Use a test-pen to push
in the spring lever.

2) Insert cable into hole.

3) Release spring lever.

4) To ensure cable is

secure, pull it slightly.
Make sure it is seated
tightly and does not
come out.

Spring lever

Pin Description

1 GND
2 DC 12 to 24V

1 2 3 4 5 6 7 8 9 10 11 12

Step 3: Switch on the power to the adapter.

When the device is powered on, all three LEDs will be blinking continuously in red color.

When the device is ready, the first LED will turn to steady amber color while the second and third
will be turned off. However, if the first LED is blinking periodically in red color instead of being
steady amber, it is likely that the tamper switch is opened.

If you want the first LED to stop blinking in red attach the C-bracket so that the tamper switch is set,
or disable the alarm through the device settings (see Chapter 4 – Administering the BioPointe).

11

Getting Started

A

2.4 Typical Setup For Use in Door Access

The figure below shows a typical setup of the BioPointe device used for access control. It consists of a
communication link from the BioPointe Central software to communicate with the device, as well as a
Wiegand line to a controller. The following steps are in no particular order.

Step 1 – Enroll fingerprints (authentication properties):

In order to start using the device, fingerprints or any other authentication properties (that is card or card with
PIN) need to be enrolled. The fingerprints and other authentication properties can be enrolled locally on the
device or remotely using the central enrollment feature in the BioPointe Central software. You can refer to
Chapter 3-1 to 3-3 for a description on managing authentication properties, local administration as well as
remote administration.

Step 2 - Set up the communication link:

To successfully setup the communication link, the appropriate device ID, baud rate, type of communication
and the serial interface type have to be configured. This can be done through the DIP switches located on the
back of the BioPointe device. Refer to Chapter 6 – Configuring the BioPointe or Chapter 7 –
Communicating with the BioPointe to find out how to set the DIP switches.

Step 3 - Set up the Wiegand link:

Having setup the communication link, you will also need to wire the Wiegand output from the BioPointe
device to the controller. Refer to Chapt er 8 – Interfacing to a Keri System Controlle r.

DIP switch settings required :

• SW1 (for Device ID)

• SW2 (for Baud Rate and

Comm Type)

• SW3 (for RS232, 422 or
485 type)

BioPointe Central
Software

Communication link
(RS232, 422 or RS485)

BioPointe
Device

cknowledgement
from door controller
(optional)

Wiegand
link

Typical Setup for Door Access

Door
Controller

Wiegand output
to door controller

12

Getting Started

2.5 Mounting The BioPointe

The figure below shows how the BioPointe can be mounted using the C-bracket.

Two mounting screws are
inserted to hold the C-bracket
to the BioPointe device

Mounting The BioPointe using the C-bracket

Horizontal slots for
C-bracket insertion

C-bracket

13

Features

Chapter 3

3 Features

The BioPointe functions are designed as an access control device aimed to provide irrefutable personal
identification using fingerprints. Its system architecture includes the fingerprint identification technology,
the recording of event logs, the interfacing to security panels and so on. In this chapter, you will learn about
the variety of features that make up the system.

List of Features

The following table lists the features of the BioPointe, and also provides a quick reference to what you can
expect to find within the device. In the table, you will find next to each entry a reference to a specific sub­section. The sub-section describes the particular features.

Feature Group Section

1

Authentication and Managing Authentication Properties

• Door Access Authentication (using fingerprint, card only or card with PIN)

• Multiple Fingerprints Verification

• Quick Search

• One-To-Many Search

2

Local Administration from Device

• Master Authentication

• Enroll, delete user and basic local configurations

3

Remote Administration from Host Program

• Communication Authentication Mode

4

Transactions and Trace Events Logging

5

Interfacing with Keri System Controllers through Wiegand

6

Usage of Other Auxiliary Devices

• Legic, Mifare, Mag stripe, and Barcode readers.

3.1

3.2

3.3

3.4

3.5

3.6

14

Features

3.1 Authentication and Managing Authentication Properties

The BioPointe is designed to refute unauthorized access using fingerprint authentication. However,
the device also caters to the use of a non-fingerprint medium.

As you have seen briefly, the BioPointe also supports the use of card only and card with PIN
authentication. The type that is being used is defined during the enrollment process.

As you read this section and the next few, you will come across the term 'authentication' quite
frequently. The various types of authentication can be grouped as follows:

• Door Access Authentication
Fingerprint, card only and card with PIN authentication are grouped under this, since they
essentially involve authenticating you to gain access, regardless of whether you are enrolled with
fingerprint, card only or card with PIN.

• Master Authentication

A master authentication involves ascertaining whether you have the device administrator rights to
administer the device.

• Door Access Authentication Time-Zone Control

Door Access Authentication Time-Zone Control is similar to Door Access Authentication except
that the first type checks a user against schedule that he or she is assigned to before granting access,
while the second type does not.

In this section, you will learn more about Door Access Authentication only. The other two types of
authentication will be described in the next few sections.

3.1.1 Fingerprint Authentication

For fingerprint authentication, each user will be assigned with a unique ID (not necessary a secret
ID). The number of digits to use for the ID is 4 by default. However, the ID can be configured to be
in other number sets, in the range of 3 to 10, using the BioPointe Central software.

The fingerprint authentication operation begins when the User provides the ID (either by entering
keys or scanning a contactless card). The device will check whether the ID has already been
registered in the device. If the entered ID is valid, it will activate the fingerprint sensor to capture the
live fingerprint. The fingerprint authentication operation completes with the result being shown on
the LEDs.

Up to Three Fingerprints can be enrolled for each ID

Each ID can be associated with a maximum of three fingerprint templates. During the authentication
operation, the device will match the live fingerprint with the entire associated fingerprints
automatically. Matching speed will be fastest if the first fingerprint (primary fingerprint) matches.
Otherwise, any subsequent matching will take up a little more time. This is one of the most powerful
features provided by the BioPointe.

15

Features

Multiple Fingerprint Verification

In usual operation, the BioPointe only matches a single fingerprint to successfully pass a verification
process. However, it can be configured to match two or even three fingerprints bef ore a verification
process can be considered as successful.

In such a mode, the user has to enroll this ID with the same number of fingerprints that it is
matching with, or more. For example, if the BioPointe is configured to match two fingerprints, this
ID must be enrolled with at least two fingerprint templates. If it is configured to match three
fingerprints, three fingerprint templates must be enrolled.

During the matching process, the fingerprints that are provided need not be in the order that they
were enrolled.

Note that the three fingerprint templates that were enrolled for a particular ID can come from the
same person, or from up to three different persons. This powerful feature allows the BioPointe to be
deployed in areas of higher security where more than one person is required to authenticate.

Note that for master authentication, only one fingerprint matching is required.

Quick Search

In a usual verification process, the user enters his or her full ID. The BioPointe provides a feature
where you only need to enter a trailing part of your ID to activate a match.

Hence, if your ID is 1234, you only need to press "34" to begin matching, the BioPointe will search
its fingerprint database (in the device) for all the IDs that ends with "34" to find the correct
fingerprint template that matches the live finger. This feature is useful in applications when long
digits are used for the ID.

One-To-Many Search

Another advanced feature to take note of is the one-to-many search capability provided by the
BioPointe. This mode is also known as identification as opposed to verification.

An ID is not required during one-to-many fingerprint matching operation. It works by searching
through the complete fingerprint database to look for the matching fingerprint template. This is an
effective tool to replace the need for remembering IDs.

One-to-many search is operated on a higher level of stringency as compared to verification.
Therefore, the rejection rates will be higher. In addition, searching time increases with the number
of fingerprints registered in the device.

16

Features

3.1.2 Card Authentication

Besides fingerprint authentication, you are also allowed to enroll the user to authenticate using a
contactless card combined with a PIN or just the contactless card alone. Every contactless card
carries a unique ID.

The security level provided by this mode of authentication also depends on the type of card being
used. Some cards store more (or unique) information than the others. For example, if a Wiegand
card is used, the device can extract the unique system code and site code (depending on the Wiegand
format supported by the card) besides the card ID. During the enrollment, this information will be
stored in the device and it will be used for verification later.

3.1.3 Card with PIN Authentication

For the card with PIN authentication, each card registered into the device is associated with a six
digits PIN number (provided during the enrollment stage), which the User must key-in to complete
the presentation. The device will then check the database for authenticity when the User enters his
PIN.

17

Features

3.2 Local Administration from Device

Local administration means tasks can be performed at the device without the need for a host
program.

Master Authentication

Before any of these tasks can be performed, a master authentication is first carried out. The master
authentication allows the device administrator to enter the device administration mode, which
permits the device administrator to register new Master or User and access the device basic
configurations.

Each device can register up to a maximum of five Master fingerprints. You are designated as the
device administrator once your fingerprint is enrolled as a Master fingerprint.

During registration, each master has to provide a unique ID (Master ID). This Master ID will not be
required during the authentication to get into the administration mode. However, the Master ID is
still required when the administrator uses this particular ID during authentication for access control.

Tasks that can be Administrated Locally

The tasks that you can do at the device are listed out as follows. These tasks are described in greater
detail in Chapter 4.

• Enroll, delete any of three different authentication properties

• Delete the entire database

• Configure basic settings

18

Features

3.3 Remote Administration from Host Program

The BioPointe device provides two modes of communication channel so that the remote PC can
connect to the device to perform administrative function and upload log records from the device.

The serial interface supports the RS232, RS485 and RS422 specification. In order to prevent
unauthorized access to the device from remote PC, the authentication protocol is added to the
communication protocol.

Communication Authentication Mode

If the Communication Authentication Mode is enabled, the device will only accept command from
the remote PC only if the PC has successfully authenticated the device through the Start
Authentication
to process all subsequent commands it received.

Take note that all subsequent commands must be send back-to-back within the next five seconds i.e.
before the remote PC closes the communication channel. The End Authentication sequence
command must be sent to the device (to terminate the sequence) so that other PC connected to the
same network will not be able to access the device unless it has started another authentication
sequence successfully.

Note that BioPointe Central will handle the above procedure. However, the administrator is required
to register his or her fingerprint into the BioPointe Central database (from the User Setup option
provided by the BioPointe Central application). The registered finger will then be sent to the
BioPointe device for authentication before the device can accept any other commands.

1

sequence. If the start authentication sequence is successful, the device will be able

1

The Start Authentication Sequence and End Authentication Sequence commands are transparent from the

user of the BioPointe Central.

19

Features

3.4 Logging of Transactions and Trace Events

The BioPointe device handles three types of log records listed as follows:

• Transaction Log

A transaction log is recorded upon a successful Door Access Authentication or Door Access
Authentication Time-Zone Control. Each log contains the ID of the user performing the
authentication, as well as the date and time.

• Trace Event Log

A trace event log is re corded whenever any critical event has occurred during local
administration or during operation (such as when the device was being tampered with).

• Fail Attempt Log

A fail attempt log is recorded when the authentication process fails.

The BioPointe allocates a storage space for 22000 log records before they are over-written by a first­in-first-overwritten basis. As a system administrator, you ought to upload the log record to the host
database periodically. Logging of the Trace Event and Fail Attempt can be disabled if these logs are
not required. You can refer to the Appendix for a full listing of the types of logs.

3.5 Interfacing to Keri System Controller

The BioPointe device supports the following Wiegand formats to interface to a Keri System
Controller:

• 26 Bits Standard

• 26 Bits Vendor 1

• 35 Bits Standard

• 36 Bits Standard

• 37 Bits Standard

• 40 Bits Standard

When Wiegand output is enabled, the device will be able to generate and send the Wiegand da ta (ID
with site code and system code) to the external controller upon a successful authentication. The
type of external controllers used must be able to support the above Wiegand formats.

20

Administering the BioPointe

Chapter 4

4 Administering The BioPointe

Introduction

This chapter describes how you can perform a range of administration tasks from the device. For
example, you can enroll authentication properties, or have them deleted from the device. In
addition, you can also configure certain settings like the Communication Authentica tion Mode (see
Chapter 3.3) or the Fingerprint Identify Mode (see Chapter 3.1.1).

4.1 Understanding the Administration Modes

All the tasks that you can administer at the BioPointe device are collectively known as the
Administration Modes. This section describes the various types of Administration Modes and how
you can get into them.

Only a Master can administer the Device

For security, only a Master can administer the device. As such, as you enter any of the
administration modes, a Master fingerprint authentication will be carried out first.

Types of Administration Modes

The various administration modes can be categorized into 2 types, namely Configuration and
Enrollment. Each Administration Mode is associated with an Administration Number. Please refer

to the tree diagram for the complete list of the various modes.

21

Administering the BioPointe

The Administration Modes of the BioPointe

Administration

Modes

Enrollment Configuration

Press the key twice
followed by the admin number.

Press the key twice followed by the admin
number.

Admin

No.

1 Enroll Master Finger 1

2 Enroll User Finger(s) 2

3 Enroll Card Only 3

4 Enroll Card + PIN 4

5 Delete User 5 Erase All Logs
6 Delete All

Mode Admin

No.

Mode

Config Comms
Authentication

Config Identify
Mode

Config Security
Level

Enable or
Disable Alarm

After master

authentication, press

relevant mode

followed by # key.

Modes:
a) 1 – Normal
b) 2 – Normal with authen
Modes:
a) 0 – Disable
b) 1 – Enable
Modes:
a) 1 – Normal
b) 2 - High
Modes:
a) 0 – Disable
b) 1 - Enable

-

Getting into an Administration Mode

To get into any Administration Mode, press the second or third function key twice
relevant Administration Number using the numeric key.

If the device does not contain any master fingerprints, only entry into Administration Mode 1 will be
allowed. In such a case, the first person to access Mode 1 would be asked to enroll himself as the first
Master.

On the other hand, if the device already contains one or more master fingerprints, a master authentication
will be carried out. Upon passing the authentication, you would then be allowed to perform the operation
associated with the chosen Administration Mode.

followed by the

22

Administering the BioPointe

4.2 Interpreting the LEDs

The three status LEDs on the BioPointe are used to convey different status interpretations.

 First LED is used to indicate the Device Status.
 Second LED is used to indicate an Action to be taken.
 Third LED is used to indicate a particular Mode (or State).

The different interpretations act as guidelines while you are in any of the Administration Modes.

Each LED can be displayed in 3 different colors or be switched off simply. The colors can be:

 Red
 Amber
 Green

At any time, each LED can be in one of the following state:

 Stationary
 Blinking fast
 Blinking slow

The combination of color and state together helps you to navigate thro ugh the Administration
Modes. In addition to using the LEDs, the buzzer from the BioPointe is also used to indicate
different status. A short buzzer sound usually indicates a pass status, while a long buzzer sound
usually indicates a fail status.

4.2.1 Table of LED Status (For Administration Modes Only)

The following tables list all the different statuses that the BioPointe can be in. You can use these
tables to help you interpret the status conveyed at any point while you are administrating the device.
This table is only applicable to administration.

For ease of reference, there is a separate table in Chapter 5 – "Performing Authentication in the
BioPointe". This table is applicable when the user is performing authentication on the device.

The following describes what each LED is used for:

• LED 1 is usually used to indicate pass or fail status.

• LED 2 is used to indicate the action waiting for you to carry out. For example, when it blinks

slowly in red, it means that the device is waiting for you to enter the desired ID of the master or
user that you are going to enroll.

• LED 3 is used to indicate the type of mode you are in. For example, when you have just entered

into administration mode 1 (to enroll master), you can know this by its amber color and its slow
blinks.

23