Keri Systems BioPointe Users Manual

BioPointe
User's Manual
Getting to know the BioPointe
NO WARRANTY OF ANY KIND IS MADE WITH REGARD TO THIS MATERIAL INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
No liability is assumed for errors contained herein or for incidental damages in connection with the furnishing, performance, use of this material.
No part of this document may be photocopied, reproduced or transmitted in any form or by any means, electronic or mechanical, without the prior written permission of Keri Systems Incorporated.
Other products and corporate names may be trademarks or registered trademarks of other companies and are only for explanation without intent to infringe.
Copyright 2004 © Keri Systems Incorporated. All rights reserved.
Release date: August 2004 Revision 1.7 Part Number: 01954-001
1
Getting to know the BioPointe
Thank you for choosing the BioPointe Fingerprint Identification System by Keri Systems Incorporated. This device is not only simple to use, but it also provides a variety of versatile, flexible and powerful features at the same time. In this manual, you will learn about the features of the BioPointe, how to administer the BioPointe and how to communicate with the BioPointe.
Preface
2
Getting to know the BioPointe
Using the Manual
If you are reading this manual for the first time, we suggest you read it from the start to end in order to achieve an overall understanding of the features provided by the BioPointe.
However, if you are looking for specific information, you may turn to the Table of Contents to help you look for the information you want quickly. The Table of Contents is on the next page.
In the chapters to follow, you will see the following chapters. The synopsis describes what you can expect to find in each of these chapters:
Chapter 1 - Getting to Know the BioPointe
Gives an overview of the BioPointe. Read this chapter to gain an overview of the device.
Chapter 2 - Getting Started
Gives a quick and concise introduction to what you need to do to get started when you first receive the device.
Chapter 3 - Features
Gives a detailed description of the features provided by the BioPointe. The description is divided into sections according to each feature. Read all or the relevant sections you need.
Chapter 4 - Administering the BioPointe
Shows you how you can access the functions within the BioPointe such as enrollment. Read this chapter to get started on enrolling the first fingerprint of the device.
Chapter 5 – Performing Authentication on the BioPointe
Shows you how to use the device for fingerprint, card or card with PIN authentication.
Chapter 6 – Configuring the BioPointe
Gives a description on how you can connect interfacing cables to the control board. Also covers DIP switch settings.
Chapter 7 – Communicating with the BioPointe
Gives a description on how to communicate with the device with RS232, RS4422 and RS485.
Chapter 8 – Interfacing to a Keri System Controller
Gives a description on how to interface to a Keri System Controller.
Chapter 9 - Technical Specifications
Chapter 10 - Troubleshooting
Appendix A – Log Types in BioPointe
Appendix B – Configuring the ADAM 4520
Appendix C – Communicating in RS422 and RS485
Appendix D – Communication Using Modem
3
Getting to know the BioPointe
Table Of Contents
1 Getting to Know The BioPointe 6
1.1 How The BioPointe Works 6
2 Getting Started 8
2.1 Unpacking And Initial Inspection 8
2.2 Identifying the Parts 9
2.3 Applying Power 10
2.4 Typical Setup For Use in Door Access 12
2.5 Mounting The BioPointe 13
3
Features 14
3.1 Authentication and Managing Authentication Properties 15
3.1.1 Fingerprint Authentication 15
3.1.2 Card Authentication 17
3.1.3 Card with PIN Authentication 17
3.2 Local Administration from Device 18
3.3 Remote Administration from Host Program 19
3.4 Logging of Transactions and Trace Events 20
3.5 Interfacing to Keri System Controller 20
4 Administering The BioPointe 21
4.1 Understanding the Administration Modes 21
4.2 Interpreting the LEDs 23
4.2.1 Table of LED Status (For Administration Modes Only ) 23
4.3 Using the Keypad 27
4.4 Using the Administration Modes (Enrollment) 28
4.4.1 Enrolling the First Master of the Device 28
4.4.2 Enrolling a Next Master 29
4.4.3 Enrolling a User with 1 to 3 Fingerprints 31
4.4.4 Enrolling a User with Card Only 33
4.4.5 Enrolling a User with Card with PIN 34
4.4.6 Enrolling a User with Card with Fingerprint 36
4.4.7 Deleting a Single Record 38
4.4.8 Deleting All Records 39
4.5 Using the Administration Modes (Configuration) 40
4.5.1 Enabling or Disabling Communication Authentication 40
4.5.2 Enabling or Disabling the Fingerprint Identify Mode 41
4.5.3 Changing the Security Level 42
4.5.4 Enabling or Disabling the Alarm 43
4.5.5 Erasing the Logs 44
4
Getting to know the BioPointe
5 Performing Authentication With The BioPointe 45
5.1 Performing Fingerprint Authentication 46
5.2 Performing Card Only Authentication 50
5.3 Performing Card with PIN Authentication 50
6 Configuring The BioPointe 51
6.1 Location of DIP Switches and Connectors 51
6.2 DIP Switches 52
7 Communicating with The BioPointe 54
7.1 Setting up the Communication 54
7.2 Tips for Ensuring Good Communication 58
7.3 Troubleshooting Communication Problems 59
7.4 Communication using Modem 60
8 Interfacing with Keri System Controllers 61
9 Technical Specifications 63
9.1 Technical Specifications 63
9.2 Maintenance Instructions 64
10 Troubleshooting 65
Appendix A – Log Types in The BioPointe 67
11
5
Getting to know the BioPointe
Chapter 1
1 Getting to Know The BioPointe
Introduction
The BioPointe is a fingerprint identification device designed for use in access control. It relies on 3 LEDs to convey status information to the user. Depending on the color and speed of the blinking LEDs, different statuses are conveyed.
1.1 How The BioPointe Works
Types of Authentication Properties
The BioPointe is able to perform three types of authentications. The three types are:
Fingerprint
Card Only
Card with PIN
Each of these authentication properties is associated with an ID. For fingerprint enrollment, each ID can be enrolled with up to 3 different fingers, unless the ID is for a Master. You will come across terms like a Master and a User. The difference between a Master and a User is described later.
The other two authentication properties, Card Only and Card with PIN are necessary in order to cater for some people whose fingerprints cannot be enrolled at all.
Device Master and User
When you are enrolling using fingerprint, you can choose to enroll as a Master, or as a User. A Master is someone whose fingerprint is allowed to enter the administration or master mode of the device. When this administration mode is entered, he can enroll other Users. A User, on the other hand, does not have this privilege access.
Unlike a User, each Master can only be enrolled with one fingerprint. The BioPointe can enroll up to a maximum of 5 Masters fingerprints.
With up to 5 Masters, you can assign more than one person to administer the device.
6
Getting to know the BioPointe
Local Enrollment and Central Enrollment
The system is designed to cater for both local and central enrollment. By central, it means that the users of the device are enrolled centrally on a host PC. Their authentication properties are then downloaded by means of a communication link, to the BioPointe.
Central enrollment requires the use of the central enrollment software, known as BioPointe Cen tral. For local enrollment, you can refer to Chapter 4 - "Administering The BioPointe".
Communicating With The BioPointe
As mentioned, the authentication properties can be downloaded using a communication link. This link can be RS232, RS422 and RS485.
Transaction Logging
Every time a user successfully verifies his authentication property at the device, a transaction log is recorded. This log remains in the device in a round-robin flash storage. The role of the host software is to upload the log from the device to the host PC.
Event Logging
Besides the transaction logs, there is also another category of logs which is known as Event Logs. Event logs are recorded whenever any exceptional events happen. An example of such and event is when an alarm is triggered.
For a full listing of the different types of event logs, you can refer to the Appendix.
Wiegand Interface To Keri Systems Controllers
The BioPointe provides a Wiegand interface to a Keri System Controller. The Wiegand signals are sent out upon a successful verification of the authentication property.
7
Getting Started
Chapter 2
2 Getting Started
2.1 Unpacking And Initial Inspection
The following items are included in the packing box:
Packing List BioPointe Unit CDROM (User’s Manual) Warranty Statement
Verify the items against the packing list and inform us if there is any discrepancy immediately.
8
Getting Started
2.2 Identifying the Parts
9
Getting Started
2.3 Applying Power
Safety instructions
It is necessary to take special precautions to avoid the introduction of hazards while operating, installing, maintaining, transporting or storing the device.
The power supply that is used should have an output vol t ag e of betwee n 1 2V to 24V DC rat ed at 1. 0 A (please refer to the Technical Specifications for more details).
[WARNING!]
Make sure the mains supply voltage rating of the power adapter is suitable for the supply voltage in your country before you power on. When in doubt, you should consult your local representative for advice.
10
Getting Started
Steps for Applying Power
Step 1: Ensure that the power adapter is powered off.
Step 2: Insert the two wires of the power adapter correctly in to the connector.
Inserting the cable:
1) Use a test-pen to push in the spring lever.
2) Insert cable into hole.
3) Release spring lever.
4) To ensure cable is
secure, pull it slightly. Make sure it is seated tightly and does not come out.
Spring lever
Pin Description
1 GND 2 DC 12 to 24V
1 2 3 4 5 6 7 8 9 10 11 12
Step 3: Switch on the power to the adapter.
When the device is powered on, all three LEDs will be blinking continuously in red color.
When the device is ready, the first LED will turn to steady amber color while the second and third will be turned off. However, if the first LED is blinking periodically in red color instead of being steady amber, it is likely that the tamper switch is opened.
If you want the first LED to stop blinking in red attach the C-bracket so that the tamper switch is set, or disable the alarm through the device settings (see Chapter 4 – Administering the BioPointe).
11
Getting Started
A
2.4 Typical Setup For Use in Door Access
The figure below shows a typical setup of the BioPointe device used for access control. It consists of a communication link from the BioPointe Central software to communicate with the device, as well as a Wiegand line to a controller. The following steps are in no particular order.
Step 1 – Enroll fingerprints (authentication properties):
In order to start using the device, fingerprints or any other authentication properties (that is card or card with PIN) need to be enrolled. The fingerprints and other authentication properties can be enrolled locally on the device or remotely using the central enrollment feature in the BioPointe Central software. You can refer to Chapter 3-1 to 3-3 for a description on managing authentication properties, local administration as well as remote administration.
Step 2 - Set up the communication link:
To successfully setup the communication link, the appropriate device ID, baud rate, type of communication and the serial interface type have to be configured. This can be done through the DIP switches located on the back of the BioPointe device. Refer to Chapter 6 – Configuring the BioPointe or Chapter 7 – Communicating with the BioPointe to find out how to set the DIP switches.
Step 3 - Set up the Wiegand link:
Having setup the communication link, you will also need to wire the Wiegand output from the BioPointe device to the controller. Refer to Chapt er 8 – Interfacing to a Keri System Controlle r.
DIP switch settings required :
SW1 (for Device ID)
SW2 (for Baud Rate and
Comm Type)
SW3 (for RS232, 422 or 485 type)
BioPointe Central Software
Communication link (RS232, 422 or RS485)
BioPointe Device
cknowledgement from door controller (optional)
Wiegand link
Typical Setup for Door Access
Door Controller
Wiegand output to door controller
12
Getting Started
2.5 Mounting The BioPointe
The figure below shows how the BioPointe can be mounted using the C-bracket.
Two mounting screws are inserted to hold the C-bracket to the BioPointe device
Mounting The BioPointe using the C-bracket
Horizontal slots for C-bracket insertion
C-bracket
13
Features
Chapter 3
3 Features
The BioPointe functions are designed as an access control device aimed to provide irrefutable personal identification using fingerprints. Its system architecture includes the fingerprint identification technology, the recording of event logs, the interfacing to security panels and so on. In this chapter, you will learn about the variety of features that make up the system.
List of Features
The following table lists the features of the BioPointe, and also provides a quick reference to what you can expect to find within the device. In the table, you will find next to each entry a reference to a specific sub­section. The sub-section describes the particular features.
Feature Group Section
1
Authentication and Managing Authentication Properties
Door Access Authentication (using fingerprint, card only or card with PIN)
Multiple Fingerprints Verification
Quick Search
One-To-Many Search
2
Local Administration from Device
Master Authentication
Enroll, delete user and basic local configurations
3
Remote Administration from Host Program
Communication Authentication Mode
4
Transactions and Trace Events Logging
5
Interfacing with Keri System Controllers through Wiegand
6
Usage of Other Auxiliary Devices
Legic, Mifare, Mag stripe, and Barcode readers.
3.1
3.2
3.3
3.4
3.5
3.6
14
Features
3.1 Authentication and Managing Authentication Properties
The BioPointe is designed to refute unauthorized access using fingerprint authentication. However, the device also caters to the use of a non-fingerprint medium.
As you have seen briefly, the BioPointe also supports the use of card only and card with PIN authentication. The type that is being used is defined during the enrollment process.
As you read this section and the next few, you will come across the term 'authentication' quite frequently. The various types of authentication can be grouped as follows:
Door Access Authentication Fingerprint, card only and card with PIN authentication are grouped under this, since they essentially involve authenticating you to gain access, regardless of whether you are enrolled with fingerprint, card only or card with PIN.
Master Authentication
A master authentication involves ascertaining whether you have the device administrator rights to administer the device.
Door Access Authentication Time-Zone Control
Door Access Authentication Time-Zone Control is similar to Door Access Authentication except that the first type checks a user against schedule that he or she is assigned to before granting access, while the second type does not.
In this section, you will learn more about Door Access Authentication only. The other two types of authentication will be described in the next few sections.
3.1.1 Fingerprint Authentication
For fingerprint authentication, each user will be assigned with a unique ID (not necessary a secret ID). The number of digits to use for the ID is 4 by default. However, the ID can be configured to be in other number sets, in the range of 3 to 10, using the BioPointe Central software.
The fingerprint authentication operation begins when the User provides the ID (either by entering keys or scanning a contactless card). The device will check whether the ID has already been registered in the device. If the entered ID is valid, it will activate the fingerprint sensor to capture the live fingerprint. The fingerprint authentication operation completes with the result being shown on the LEDs.
Up to Three Fingerprints can be enrolled for each ID
Each ID can be associated with a maximum of three fingerprint templates. During the authentication operation, the device will match the live fingerprint with the entire associated fingerprints automatically. Matching speed will be fastest if the first fingerprint (primary fingerprint) matches. Otherwise, any subsequent matching will take up a little more time. This is one of the most powerful features provided by the BioPointe.
15
Features
Multiple Fingerprint Verification
In usual operation, the BioPointe only matches a single fingerprint to successfully pass a verification process. However, it can be configured to match two or even three fingerprints bef ore a verification process can be considered as successful.
In such a mode, the user has to enroll this ID with the same number of fingerprints that it is matching with, or more. For example, if the BioPointe is configured to match two fingerprints, this ID must be enrolled with at least two fingerprint templates. If it is configured to match three fingerprints, three fingerprint templates must be enrolled.
During the matching process, the fingerprints that are provided need not be in the order that they were enrolled.
Note that the three fingerprint templates that were enrolled for a particular ID can come from the same person, or from up to three different persons. This powerful feature allows the BioPointe to be deployed in areas of higher security where more than one person is required to authenticate.
Note that for master authentication, only one fingerprint matching is required.
Quick Search
In a usual verification process, the user enters his or her full ID. The BioPointe provides a feature where you only need to enter a trailing part of your ID to activate a match.
Hence, if your ID is 1234, you only need to press "34" to begin matching, the BioPointe will search its fingerprint database (in the device) for all the IDs that ends with "34" to find the correct fingerprint template that matches the live finger. This feature is useful in applications when long digits are used for the ID.
One-To-Many Search
Another advanced feature to take note of is the one-to-many search capability provided by the BioPointe. This mode is also known as identification as opposed to verification.
An ID is not required during one-to-many fingerprint matching operation. It works by searching through the complete fingerprint database to look for the matching fingerprint template. This is an effective tool to replace the need for remembering IDs.
One-to-many search is operated on a higher level of stringency as compared to verification. Therefore, the rejection rates will be higher. In addition, searching time increases with the number of fingerprints registered in the device.
16
Features
3.1.2 Card Authentication
Besides fingerprint authentication, you are also allowed to enroll the user to authenticate using a contactless card combined with a PIN or just the contactless card alone. Every contactless card carries a unique ID.
The security level provided by this mode of authentication also depends on the type of card being used. Some cards store more (or unique) information than the others. For example, if a Wiegand card is used, the device can extract the unique system code and site code (depending on the Wiegand format supported by the card) besides the card ID. During the enrollment, this information will be stored in the device and it will be used for verification later.
3.1.3 Card with PIN Authentication
For the card with PIN authentication, each card registered into the device is associated with a six digits PIN number (provided during the enrollment stage), which the User must key-in to complete the presentation. The device will then check the database for authenticity when the User enters his PIN.
17
Features
3.2 Local Administration from Device
Local administration means tasks can be performed at the device without the need for a host program.
Master Authentication
Before any of these tasks can be performed, a master authentication is first carried out. The master authentication allows the device administrator to enter the device administration mode, which permits the device administrator to register new Master or User and access the device basic configurations.
Each device can register up to a maximum of five Master fingerprints. You are designated as the device administrator once your fingerprint is enrolled as a Master fingerprint.
During registration, each master has to provide a unique ID (Master ID). This Master ID will not be required during the authentication to get into the administration mode. However, the Master ID is still required when the administrator uses this particular ID during authentication for access control.
Tasks that can be Administrated Locally
The tasks that you can do at the device are listed out as follows. These tasks are described in greater detail in Chapter 4.
Enroll, delete any of three different authentication properties
Delete the entire database
Configure basic settings
18
Features
3.3 Remote Administration from Host Program
The BioPointe device provides two modes of communication channel so that the remote PC can connect to the device to perform administrative function and upload log records from the device.
The serial interface supports the RS232, RS485 and RS422 specification. In order to prevent unauthorized access to the device from remote PC, the authentication protocol is added to the communication protocol.
Communication Authentication Mode
If the Communication Authentication Mode is enabled, the device will only accept command from the remote PC only if the PC has successfully authenticated the device through the Start Authentication to process all subsequent commands it received.
Take note that all subsequent commands must be send back-to-back within the next five seconds i.e. before the remote PC closes the communication channel. The End Authentication sequence command must be sent to the device (to terminate the sequence) so that other PC connected to the same network will not be able to access the device unless it has started another authentication sequence successfully.
Note that BioPointe Central will handle the above procedure. However, the administrator is required to register his or her fingerprint into the BioPointe Central database (from the User Setup option provided by the BioPointe Central application). The registered finger will then be sent to the BioPointe device for authentication before the device can accept any other commands.
1
sequence. If the start authentication sequence is successful, the device will be able
1
The Start Authentication Sequence and End Authentication Sequence commands are transparent from the
user of the BioPointe Central.
19
Features
3.4 Logging of Transactions and Trace Events
The BioPointe device handles three types of log records listed as follows:
Transaction Log
A transaction log is recorded upon a successful Door Access Authentication or Door Access Authentication Time-Zone Control. Each log contains the ID of the user performing the authentication, as well as the date and time.
Trace Event Log
A trace event log is re corded whenever any critical event has occurred during local administration or during operation (such as when the device was being tampered with).
Fail Attempt Log
A fail attempt log is recorded when the authentication process fails.
The BioPointe allocates a storage space for 22000 log records before they are over-written by a first­in-first-overwritten basis. As a system administrator, you ought to upload the log record to the host database periodically. Logging of the Trace Event and Fail Attempt can be disabled if these logs are not required. You can refer to the Appendix for a full listing of the types of logs.
3.5 Interfacing to Keri System Controller
The BioPointe device supports the following Wiegand formats to interface to a Keri System Controller:
26 Bits Standard
26 Bits Vendor 1
35 Bits Standard
36 Bits Standard
37 Bits Standard
40 Bits Standard
When Wiegand output is enabled, the device will be able to generate and send the Wiegand da ta (ID with site code and system code) to the external controller upon a successful authentication. The type of external controllers used must be able to support the above Wiegand formats.
20
Administering the BioPointe
Chapter 4
4 Administering The BioPointe
Introduction
This chapter describes how you can perform a range of administration tasks from the device. For example, you can enroll authentication properties, or have them deleted from the device. In addition, you can also configure certain settings like the Communication Authentica tion Mode (see Chapter 3.3) or the Fingerprint Identify Mode (see Chapter 3.1.1).
4.1 Understanding the Administration Modes
All the tasks that you can administer at the BioPointe device are collectively known as the Administration Modes. This section describes the various types of Administration Modes and how you can get into them.
Only a Master can administer the Device
For security, only a Master can administer the device. As such, as you enter any of the administration modes, a Master fingerprint authentication will be carried out first.
Types of Administration Modes
The various administration modes can be categorized into 2 types, namely Configuration and Enrollment. Each Administration Mode is associated with an Administration Number. Please refer
to the tree diagram for the complete list of the various modes.
21
Administering the BioPointe
The Administration Modes of the BioPointe
Administration
Modes
Enrollment Configuration
Press the key twice followed by the admin number.
Press the key twice followed by the admin number.
Admin
No.
1 Enroll Master Finger 1
2 Enroll User Finger(s) 2
3 Enroll Card Only 3
4 Enroll Card + PIN 4
5 Delete User 5 Erase All Logs 6 Delete All
Mode Admin
No.
Mode
Config Comms Authentication
Config Identify Mode
Config Security Level
Enable or Disable Alarm
After master
authentication, press
relevant mode
followed by # key.
Modes: a) 1 – Normal b) 2 – Normal with authen Modes: a) 0 – Disable b) 1 – Enable Modes: a) 1 – Normal b) 2 - High Modes: a) 0 – Disable b) 1 - Enable
-
Getting into an Administration Mode
To get into any Administration Mode, press the second or third function key twice relevant Administration Number using the numeric key.
If the device does not contain any master fingerprints, only entry into Administration Mode 1 will be allowed. In such a case, the first person to access Mode 1 would be asked to enroll himself as the first Master.
On the other hand, if the device already contains one or more master fingerprints, a master authentication will be carried out. Upon passing the authentication, you would then be allowed to perform the operation associated with the chosen Administration Mode.
followed by the
22
Administering the BioPointe
4.2 Interpreting the LEDs
The three status LEDs on the BioPointe are used to convey different status interpretations.
First LED is used to indicate the Device Status. Second LED is used to indicate an Action to be taken. Third LED is used to indicate a particular Mode (or State).
The different interpretations act as guidelines while you are in any of the Administration Modes.
Each LED can be displayed in 3 different colors or be switched off simply. The colors can be:
Red Amber Green
At any time, each LED can be in one of the following state:
Stationary Blinking fast Blinking slow
The combination of color and state together helps you to navigate thro ugh the Administration Modes. In addition to using the LEDs, the buzzer from the BioPointe is also used to indicate different status. A short buzzer sound usually indicates a pass status, while a long buzzer sound usually indicates a fail status.
4.2.1 Table of LED Status (For Administration Modes Only)
The following tables list all the different statuses that the BioPointe can be in. You can use these tables to help you interpret the status conveyed at any point while you are administrating the device. This table is only applicable to administration.
For ease of reference, there is a separate table in Chapter 5 – "Performing Authentication in the BioPointe". This table is applicable when the user is performing authentication on the device.
The following describes what each LED is used for:
LED 1 is usually used to indicate pass or fail status.
LED 2 is used to indicate the action waiting for you to carry out. For example, when it blinks
slowly in red, it means that the device is waiting for you to enter the desired ID of the master or user that you are going to enroll.
LED 3 is used to indicate the type of mode you are in. For example, when you have just entered
into administration mode 1 (to enroll master), you can know this by its amber color and its slow blinks.
23
Loading...
+ 56 hidden pages