Home Page   Hard Disk DrivesMagneto-Optical Drives and LibrariesScannersPrintersHalf Inch Tape DrivesMiscellaneous Products

files
glossary
ce declarations
technical

distributors

 

Fingerscan® Configuration

This article describes in detail each function of FINGERSCAN.


System Functions

The major FINGERSCAN functions are:

Enrolment
Verification
Time zones
Door access
Template management

Enrolment

Enrolment is the process of scanning a finger to create an image which is stored as a template. Each time the user places his or her finger on the scanner the image is compared to the one represented by the template to verify their identity.

Enrolment is carried out at designated FINGERSCAN units by a user with enrolment authority. The process takes approximately 25 seconds and the resultant template may be stored in various places: in the unit itself, on a personal computer, in a mainframe computer, on a smart card, and so on. Each user enrolled is allocated a unique id number which they use to call up their template before scanning their finger. No id number is required where the template is stored on a smart card. Up to three fingers can be enrolled against the same id number to provide users with more than one verification option. Ideally, one finger on each hand should be enrolled so that if the user injures the finger they usually use for verification an alternate image is available. This feature also provides for multi-person control, for example, if verification from two users is required to open a safe. In this situation FINGERSCAN can be programmed to require up to four fingers with different id numbers to be verified before access is granted.

Verification

Verification is carried out when a user either enters their id number, or inserts their smart card in a smart card reader, and then immediately places their finger on the reader platen. Verification takes about .5 of a second. Verification for individual users can be set at various threshold levels to account for users who may have very fine, worn, or damaged fingers. In this event the ease of use can be enhanced by reducing their verification threshold. The overall system verification threshold can be lowered in situations where little or no security is required, for example, time and attendance applications. In this situation it may be more acceptable to give a false acceptance than a false rejection.

Time Zones

Up to thirty global or individual time zones can be defined in FINGERSCAN. Each user can have up to two active time zones at any time. Users are allocated a default time zone at enrolment, which can be changed by the system supervisor or from the host computer.

Door Access

A door access list defines which users have access to the facilities controlled by the FINGERSCAN unit. The list can be used in conjunction with time zones to restrict access at certain times. The host computer system can control and manage the door access list and the distribution of templates to each FINGERSCAN unit.

Template Management

Templates can be stored in the FINGERSCAN unit, and/or a host computer, and/or a smart card. Each FINGERSCAN unit has 512Kbytes of non-volatile memory which stores up to 300 templates. The memory can be expanded to 1.5Mbytes which will store more than 1100 templates. Templates are stored with a last used date status. If the memory becomes full, the last used templates will be held locally in the FINGERSCAN unit and the main template database will be held in the host computer. The host will transmit templates to individual units if the requested template is not found locally. Templates can be deleted by a user with Manager or Supervisor status either from the host computer or locally at each FINGERSCAN unit. Templates can be exchanged between a FINGERSCAN unit and the host computer over fixed communications or modem links, or locally to and from a laptop. A template created by the FINGERSCAN unit can be used on any other unit when loaded.

Management Control

FINGERSCAN has four levels of management control:

  • User

A user submits a finger for verification after entering an id number

  • Enroller

An enroller has user status and can also enrol users onto the system

  • Supervisor

A supervisor has enroller status and can also perform initial system set up procedures, set time zones, set alarm codes, and add and delete templates

  • Manager

A manager has supervisor status and can also perform a total system reset, and disable the supervisor’s ability to change the setup

 

Transaction Log

A transaction log records every use of a FINGERSCAN unit, the time it was used, and the result. The log will hold at least the last 1000 transactions and will ‘wrap around’ when it becomes full. The transaction log cannot be erased except on a total system reset by a user with Manager authority. Each transaction is allocated a consecutive audit number that does not wrap around. The number will only be reset to 1 on a total system reset.

 


Security

FINGERSCAN provides an audit trail of the date and time a user accessed the unit, the reason for access, and the result. With a 0.0001% probability of a false acceptance FINGERSCAN provides a level of security which cannot be achieved by any knowledge or token based system.

Template Security

Before a user can do any action on a template such as enrol, delete, or transfer, they must first have their identity verified by FINGERSCAN in the usual way. In doing this, a record is added to the transaction log. Only users with Supervisor or Manager authority levels can access the template database.

Software Security Control

A password option in the communications setup secures the data flow to a host computer. When each FINGERSCAN unit is initialised by the remote host, the host will generate and download to the unit a unique Computer Generated Access Code (CGAC) of at least six digits. For all subsequent communications the host will check the CGAC before starting the session and then change the CGAC immediately prior to logging off. The CGAC can always be overridden by a Manager or Supervisor finger verification. This is only likely to be required if the FINGERSCAN unit is being accessed via a laptop PC.

Hardware Security Control

The processor board in the processor unit is located inside a metal box which can be fitted with a tamper alarm if required. The processor unit should always be located inside the secure area in locations where FINGERSCAN is providing access or other security control. FINGERSCAN controls the activation of electric locks or strikes from the processor board so the unit cannot be hot-wired from outside.

Alarms Control

FINGERSCAN can be used to monitor and control external building alarm inputs and outputs such as door alarms, and building management functions.

FINGERSCAN will:

  • Send an alarm directly to a monitoring company, dialler, modem, siren, and so on, and allow authenticated users to cancel and reset zone alarms and activate and deactivate building services such as air conditioning and lighting.
  • Record alarms in the FINGERSCAN transaction log.
  • Support a ‘request to exit’ (REX) verification which allows users to open a door from the inside. This can be used to monitor door forced alarms.

Door Lock Control

FINGERSCAN can directly control a door lock strike after verification of a user.

Real Time Clock

FINGERSCAN’s real time clock is protected by a lithium battery, and features a day-of-week register and leap year correction.

 


Main Components

The FINGERSCAN system has three basic components:

The Reader Module

This is the authentication unit where users key in their identification number, present their finger for scanning, and receive verification messages. The unit features the finger scanner (referred to as the reader platen), a keypad, and a liquid crystal display (LCD) which displays the menu, system messages, and the time and date.

The Processor Module

This unit contains the software which compares finger images and stores a log of transactions processed by the sensor module.

The Power Pack

The power pack will vary depending on the country where FINGERSCAN is being used.

 


FINGERSCAN Configurations

FINGERSCAN is available in two configurations:

Integral
In this system the reader and processor modules are contained in one unit with a separate power pack.

Modular
In this system all three modules are in separate units. This allows the reader to be installed up to three metres from the processor. This is particularly useful in access control environments where the verifying entity is placed on the secure side of the door.


Hardware Description

Reader Module

Optics Assembly

This is an integral module containing the reader platen, camera and circuitry required to scan and digitise a person’s finger. The optical system is activated by the entry of a valid id number at the keypad or presentation of a smart card. As the finger is placed on the platen, the scan is taken. There are no mechanical switches to trigger the scan.

Keypad

The keypad is a 16-key membrane that features numbers 0 to 9 and six function keys.

Display

The standard display is a 16 character, 2 line liquid crystal display with back lighting. Messages are brief and concise and typically include:

Initial Start Up
Displays any error condition found plus the firmware version number and the electronic serial number of the unit.
At Idle
Displays the date and time, and the message Enter id number/present card.
If an id number or smart card is entered
Displays the message Place Finger. If the ALT function key is pressed, the message will read Place 2nd Finger. Additional messages will be displayed in the event of difficulty or system delay.
If a valid id number is entered and systems mode is requested
The menu for enrolment or management functions will be displayed.

Smart Card

A proximity smart card board may be fitted as an option. Alternatively the unit can be interfaced with external smart card readers such as Gemplus.

Processor Module

The processor board contains the Finger Image Processor (FIP), plug-in non-volatile flash memory (expandable from 512Kbytes to 1.5Mbytes) for template storage, transaction log storage, door access list and time zones storage, RS232 and RS422/485 communications ports, TTL auxiliary port communications, a single solid state relay, and the necessary circuitry.

Power Pack

The power pack is a 12Volt AC 1 amp power pack with plug in connector. Alternatively a 24Volt DC power supply may be used for no break battery backup. The power requirement does not exceed 16 watts.
Note that the unit cannot be run on 12Volts DC power.



Communications

FINGERSCAN has two communications ports: a host and an auxiliary port. The host port can be selected for RS232 or RS422/485 and the auxiliary for RS232 (if the host port is RS422/485), TTL level interface, or Wiegand.

RS232 Port

This allows the following communications:

  • Direct connection to a personal computer or printer
  • Connection of a laptop as required to up- and download data, extract the transaction log and so on
  • Connection of a modem to a remote or regional host computer

RS422/485 Port

This is used when the FINGERSCAN units are networked over a multidrop 4-wire LAN type system. The communications software runs on a PC through an RS232/485 converter which is externally mounted to the PC.

Auxiliary TTL Port

This may be used for a smart card reader interface, a barcode wand, Wiegand, or a magnetic stripe reader.

Online Communications

When a FINGERSCAN is online to a host computer it will not initiate any transmission to the host system. It will instead maintain a communications request buffer which contains flags with priority prefixes to indicate to the host that some activity request exists (for example, a template is required), or that information is available (such as the transaction log). The frequency of polling and how each flag is handled is determined by the host computer application.

Modem Operation

Software is available to enable a FINGERSCAN unit to be accessed by a dial-up modem from the host computer either manually or at pre-set times. This will allow for templates to be up- and downloaded, the transaction log to be extracted, door access lists and user access time zones to be modified, and so on.


Software Overview

The following software packages are currently available to be used in conjunction with the FINGERSCAN software:

  • FINGERLAN S demonstration software
  • FINGERLAN 1
  • FINGERLAN 2

Utilities:

  • Messages
  • FS Remote
  • FS Driver
  • Windows DLL or DOS
  • Systems Integrator Source Code
  • Wiegand Interface

 

FINGERLAN S Demonstration Software

FINGERSCAN is supplied as a standalone unit with a standard table of user messages. FINGERLAN S software is optionally available, on request, at no additional cost. FINGERLAN S allows a PC or laptop to communicate with a single FINGERSCAN unit to upload the transaction log and up- and download templates over RS232, RS485 or modem. This software is only suitable for a single FINGERSCAN unit. FINGERLAN S provides the following facilities:

  • The additional storage capacity available from the host can be used to enrol more users and store more templates than in the local FINGERSCAN memory alone.
  • The transaction log can be written to one of two files and FINGERSCAN enrolments and transactions can be easily retrieved.
  • A user can be identified in the user transaction field by name, instead of id number.

The message panel will beep or display an alert when defined system messages are received.

As a Windows-based package, FINGERSCAN S can operate in background mode, thus freeing up valuable computer time.

The system will automatically check the FINGERSCAN ESN number to provide greater audit control.

Host computer requirements

Recommended: 486DX/8Mbytes RAM and 8Mbytes of hard disk space

FINGERLAN 1

FINGERLAN 1 provides network management for FINGERSCANs connected to a host computer via an RS485 network. An optional dial-up facility for remote operation via modem is available. FINGERLAN 1 is identical in functionality to FINGERLAN S with the major exception that it is capable of running more than one FINGERSCAN in the network. Each new enrolment can be saved to the host and downloaded to any FINGERSCAN in the network that requests it. If a user is deleted at any FINGERSCAN the user will be deleted from all FINGERSCANs and from the database in the host computer. Each FINGERSCAN is polled in turn by the host. Polling frequency can be selected on a site basis and is dependant upon the number of users and FINGERSCAN units on the network. Up to 255 FINGERSCAN units, which is the highest node number available, can be supported. Practical considerations should be given to the load placed on the host PC and the required response time to poll each node. FINGERLAN 1 includes a management module and can display transactions by user name.

Host computer requirements

Recommended: 486DX/8Mbytes RAM and 8Mbytes hard disk space

FINGERLAN 2

FINGERLAN 2 provides network management for FINGERSCANs connected to a host computer, for building access control applications. It provides the same functionality as FINGERSCAN 1 together with the following additional facilities:

  • A substantial database querying facility allows operators to obtain information on a user or door basis, or other query combinations
  • Deletion of a user at any selected FINGERSCAN unit can result in the user being deleted from all or selected FINGERSCAN units and the computer database
  • Time zones and door access privileges can be managed across the network for individual doors and users
  • Local alarms, including request to exit, door held open too long, forced entry and other system defined alarms can be monitored and recorded in the transaction log

The system can interface to report generators and to external alarm companies

Each FINGERSCAN is polled in turn by the host. Polling frequency can be selected on a site basis and is dependant upon the number of users and FINGERSCAN units on the network. Up to 255 FINGERSCAN units, which is the highest node number available, can be supported. Practical consideration should be given to the load placed on the host PC and the required response time to poll each node.

Host computer requirements :

Recommended: 486DX/8Mbytes RAM and 20Mbytes hard disk space


Utilities

Messages

The Messages program allows FINGERSCAN LCD messages to be easily translated or exchanged for non-English language applications or other purposes. The program modifies the FINGERSCAN firmware binary files, which can then be downloaded into one or more FINGERSCAN units by means of a firmware upgrade. The message table modifications are specified in an ASCII text file. To display non-Latin characters such as Chinese or Arabic requires a change of the LCD unit.


FS Remote

FS Remote is a single line program to operate a single FINGERSCAN unit. The following functions are supported, with multiple functions permitted:

  • Enrol a finger to create a template for a specified id and finger number
  • Verify a user’s identity against a template
  • Send messages to FINGERSCAN which can be displayed on the message panel for 15 seconds or until any other activity occurs


FS Driver

FS Driver is a single line DOS executable program to interface with a single FINGERSCAN unit. The following functions are supported, with multiple functions permitted on the one line:

  • Retrieve a template for a specified id number and finger number
  • Retrieve a transaction log starting from a specified audit number or from the last number retrieved
  • Send a template for a specified id number and finger number
  • Send the volatile (temporary) template for a specified id number and finger number
  • Poll a unit for a template request and send the volatile (temporary) template when requested
  • Delete a template for a specified id number and finger number


Windows DLL and DOS TSR

This utility provides for specific client systems and integration with third party applications to be developed.

  • DLL: Windows support for system development using Visual Basic Professional 3(+) or C++
    (Specific system command messages)
  • Hi-speed DLL: for large scale systems
    (Inbuilt polling, database, and full template management)


Systems Integrator Source Code

The FINGERSCAN interface specification and sample C code can be supplied on disk together with a manual which describes working examples of the C code and includes the look-up table for user messages. This can be used to run FINGERSCAN on other operating systems, integrate the FINGERSCAN transaction log into an existing database, or develop a database application.


Wiegand Interface

FINGERSCAN can be configured as a Wiegand reader for output only, or input and output. The Wiegand output sends a Wiegand-format string to an external system on successful verification, just like a normal Wiegand reader. The Wiegand input will accept a Wiegand-format string from a card reader so that the user does not need to enter an id number. The FINGERSCAN keypad can also be used to enter id numbers as normal. Supervisor and Manager functions must be carried out using the FINGERSCAN keypad.

A software utility WIEGAND.EXE is available to allow the FINGERSCAN Wiegand interface to be configured from an industry standard DOS PC or a DOS program under Windows 3.1.

short_copyright
Last updated : 21 October, 1996