Operators Manual

plusID Operators Manual (Basic and Professional Editions)
Revision 2.0
June 2008
Table of Contents
Getting Started ...................................................................................................................................... 5
What is a plusID? ................................................................................................................................ 5
What is plusID Manager? .................................................................................................................... 5
Minimum System Requirements .......................................................................................................... 5
plusID Security .................................................................................................................................... 6
PIN-Based Security ......................................................................................................................... 6
Key-Based Security (plusID Manager Professional Edition Only) ..................................................... 6
Initial Software Configuration ............................................................................................................... 7
Installing the plusID USB Driver ........................................................................................................... 7
Installing the Software ......................................................................................................................... 7
Component Selection ...................................................................................................................... 8
Setting up the Database ...................................................................................................................... 8
Installing to an Existing Database Server......................................................................................... 9
Installing to a New Database Server ................................................................................................ 9
Key Server Installation .................................................................................................................. 10
plusID Manager.................................................................................................................................... 11
Help .................................................................................................................................................. 11
User Management ............................................................................................................................. 12
Document Revision 2008071101 Page 1 of 55

Adding a New User ....................................................................................................................... 12
Editing an Existing User ................................................................................................................ 12
Deleting an Existing User .............................................................................................................. 12
Importing New Users from an Existing System .............................................................................. 12
Reports ............................................................................................................................................. 13
Report Types ................................................................................................................................ 13
Printing and Exporting ................................................................................................................... 13
Advanced .......................................................................................................................................... 14
Utilities .......................................................................................................................................... 14
Key Server Remote Access ........................................................................................................... 14
Default Device Settings ..................................................................................................................... 14
Security Settings ........................................................................................................................... 14
Timeout Settings ........................................................................................................................... 15
User Logon Settings ...................................................................................................................... 15
Sound Settings.............................................................................................................................. 16
Long Range Settings ......................................................................................................................... 16
Device Management.......................................................................................................................... 18
Home ............................................................................................................................................ 18
Status ........................................................................................................................................... 18
Unlocking the Device..................................................................................................................... 18
Enrollment..................................................................................................................................... 19
Physical Access Credentials.......................................................................................................... 22
Credential Properties..................................................................................................................... 25
Firmware Upgrades ....................................................................................................................... 26
Reissuing a Device ....................................................................................................................... 27
Resetting a Device to Factory Defaults .......................................................................................... 27
Customizing Device Settings ......................................................................................................... 28
Extracting Device Data .................................................................................................................. 28

Database Manager ............................................................................................................................... 28
Connecting to the Database .............................................................................................................. 28
Backup and Restore .......................................................................................................................... 29
Operator Management ...................................................................................................................... 30
Configuring the Key Server................................................................................................................ 31
Advanced .......................................................................................................................................... 32
Long-Range Transceiver Configuration Tool ..................................................................................... 32
Connecting to the long-range transceiver........................................................................................... 32
Features of the tool ........................................................................................................................... 33
Settings Tab ...................................................................................................................................... 33
Managed/Legacy Mode ................................................................................................................. 33
Standalone/Standard Mode ........................................................................................................... 33
Transceiver key............................................................................................................................. 33
Utilities Tab ....................................................................................................................................... 34
Firmware upgrade ......................................................................................................................... 34
Logical Access .................................................................................................................................... 34
Certificate-Based Authentication ........................................................................................................ 34
System requirements .................................................................................................................... 35
How to Log On using Certificate-based Authentication................................................................... 36
Non-certificate Based Authentication ................................................................................................. 37
How to Log On using Non-Certificate-based Authentication ........................................................... 37
Appendix A - Gate and Vehicle Solution ............................................................................................ 39
Appendix B Pairing your plusID to your Bluetooth-enabled Computer ........................................... 42
Appendix C – plusID Troubleshooting ............................................................................................... 44
Appendix D - Overview of plusID Device Light Behavior................................................................... 47
Appendix E - plusID Battery Recharge Instructions .......................................................................... 49
How to Charge .................................................................................................................................. 49
How Long to Charge.......................................................................................................................... 49

Appendix F - plusID Button Operation ............................................................................................... 50
Appendix G - Minimum System Requirements for a plusID Deployment ......................................... 51
Appendix H - Licensing Agreement .................................................................................................... 53

GETTING STARTED
WHAT IS A plusID?
plusID is a universal biometric token that replaces access cards used to enter secured buildings and passwords
used for computer logon, secure email, and internet access. plusID uses its owner’s fingerprint to verify their
identity before granting access. It works in much the same way that a remote control is used to operate a
television or a garage door, but requires its authorized owner’s fingerprint to “unlock” the device for operation.
WHAT IS plusID MANAGER?
plusID Manager is the software application used to issue plusID™ personal identity verification devices. It enables
the enrollment and configuration of devices by an authorized Enrollment Administrator, or other designated
personnel. Enrollment is a key component to plusID device issuance. It is what makes the device work for its
enrolled owner and no one else. During enrollment a user’s fingerprint images are captured, encoded, and
securely stored as templates on the plusID device. During regular operation, any live fingerprint presented to the
device is compared to the templates stored on the device to ensure that only the authorized user can operate the
device. This comparison, or matching process, is called verification. Enrollment readies a device to be used for
verification.
The enrollment process also includes assigning access credentials to the buttons found on the front of the device.
This is what enables the plusID device to be used for physical access to doors and facilities.
MINIMUM SYSTEM REQUIREMENTS
• One CD-ROM containing the Privaris plusID Manager software application and documentation
• plusID device(s)
• One available USB port on the computer running plusID Manager
• One mini-USB cable (packaged with each plusID device)
• Microsoft® Windows® XP SP2, or Vista
• Microsoft® SQL 2005 or the included SQL Express 2005
• .NET Framework 2.0 (installed automatically if needed)
• 100 megabytes of available hard drive space
• 512 megabytes of RAM
• 800x600 minimum screen resolution

plusID SECURITY
New to the 2.0 software package is key-based device management. This feature is only available in plusID
Manager Professional edition and is recommended over PIN-based device management, depending on the size of
the installation. Prior to issuing any plusID devices, the security model must be selected.
PIN-BASED SECURITY
Assigning an Administrator PIN (Personal Identification Number) secures a plusID device to a specific organization.
The PIN locks plusID devices by preventing their use by outside organizations and malicious or otherwise non-
authorized parties.
It is highly recommended that each organization select a single Administrator PIN for all plusID devices. Creation
of more than one PIN will result in a population of devices having different PINs. There is no way to determine
which PIN is on a device other than by trial and error., Exceeding the allowable number of PIN retries will result in
the plusID device being rendered unusable and will require it to be returned to the factory for recovery. The
Administrator PIN should be treated as a corporate secret and guarded in the same manner as other
keys/passwords that grant access to valuable resources.
The Administrator PIN is typically assigned to a during device issuance, using the plusID Manager. It is
recommended that the PIN be set as soon as possible in order to “lock down” the device to the issuing
organization.
The Administrator PIN can vary in length from 4 to 16 characters. Choosing a strong PIN increases the overall
security of the system; it is wise to create a PIN that is a combination of numbers, special characters, and upper-
and lower-case letters.
NOTE: If the Administrator PIN is lost or forgotten, it cannot be reset. All previously issued plusID devices registered with
that Administrator PIN will be rendered unusable and will have to be returned to the factory for recovery.
Single Administrative Authority
For security purposes, a plusID device can only be modified or updated using the same installation of the plusID
Manager (computer workstation) on which it was originally issued. The only way for a registered device to be
updated using a different workstation is for the device to be disassociated with the computer, and then re-
registered to a new computer.
KEY-BASED SECURITY (plusID MANAGER PROFESSIONAL EDITION ONLY)
Key-based security is achieved through the use of a key server. The key server is a component that can unlock a
given plusID device at the request of an authenticated operator of the plusID Manager.
After a device has been associated with a particular key server, it is automatically unlocked when it is connected
to any workstation running the plusID Manager and connected to that key server. The key-based security model
depends not on knowledge of a secret, but rather authentication of the person running the plusID Manager
software.

If an operator has been granted access through the plusID Database Manager application and has proven their
identity to the operating system, either through Windows user name and password or by logging on using their
own plusID biometric token, then they are allowed to administer plusID devices. If access has not been granted to
a person, the key server will not honor requests to unlock a device.
Key-based security offers the following advantages over PIN-based security:
• It is not necessary for operators to know the secret used to unlock devices. Therefore, it is less likely for
the security of the system to be compromised by a malicious operator who reveals the PIN.
NOTE: An individual operator’s access to devices can be revoked by removing their access to the key server. In the
PIN model, revoking an individual operator would require the device’s administration PIN to be changed on all
issued devices and the new PIN to be distributed to all remaining operators.
• The key model uses a cryptographic challenge/response mechanism allowing operators to remotely
unlock devices without transmitting an unencrypted secret across unsecured networks.
• Operators do not have to remember the administration PIN.
• The system’s security is not reliant on the length of the chosen Administrator PIN but rather on the
cryptographic strength of a randomly generated 3DES key.
INITIAL SOFTWARE CONFIGURATION
To administer plusID devices, it is necessary to install and configure certain applications.
INSTALLING THE plusID USB DRIVER
All models of plusID devices are issued and administered over a USB connection and require a USB driver to
function. To install the USB driver, connect a plusID device to the computer using the supplied USB cable. The
device’s blue light will blink while it is connecting and turn solid once a connection with the computer is
established.
The Found New Hardware Wizard will appear and prompt the installation of a standard Microsoft device driver. If
the computer has an internet connection, allow the hardware wizard to search for the driver online; it should
locate the driver and install it automatically or, insert the plusID Manager CD-ROM into the computer and point
the hardware wizard to search the CD. It will find and install the appropriate driver automatically.
INSTALLING THE SOFTWARE
NOTE: Installing the plusID Manager software requires Administrator privileges on the computer.

Insert the plusID Manager CD into the CD-ROM drive. Windows will automatically launch the plusID installation
program. If the installation program does not run automatically, navigate to the CD-ROM drive, run “setup.exe”,
and follow the screen prompts.
COMPONENT SELECTION
There are four available components.
• plusID Manager (required for administration of plusID devices)
• Logical Access Support Package (applicable to all models of plusID devices): required on all computers
that will use a plusID device for logon and all computers used for issuing credentials on plusID devices.
Installation of the Logical Access Support Package includes a component selection screen with the
following options:
o Smart Card Minidriver (required) – a Privaris software component that allows Windows to
interact with the plusID.
o Logon Component (optional) – A Privaris software component that adds a prompt for biometric
verification during logon to the standard Microsoft GINA for both two-factor (biometric only) or
three-factor (biometric and PIN) authentication. See Section User Logon Settings for information
on selecting two- versus three-factor authentication
GINA Logon Component (optional) – A Privaris software component that adds a prompt for
biometric verification during logon to the standard Microsoft GINA for both two-factor
(biometric only) or three-factor (biometric and PIN) authentication. See Section User Logon
Settings for information on selecting two- versus three-factor authentication
NOTE: The standard Microsoft GINA requires PIN entry in both two and three factor authentication mode
whereas the Privaris GINA component enables you to bypass the PIN entry screen for faster logon in two-
factor mode.
• Bluetooth Support Package (for plusID 75 models only): includes the necessary software drivers to allow
plusID 75 devices to communicate with a computer via Bluetooth™ over a secure, encrypted connection
• Long Range Transceiver (LRT) Configuration Tool (for plusID 90 models only): The LRT Configuration Tool
is required for deployment of the Privaris Long Range Transceiver. The LRT is used to enable long range
remote access to secure areas using the plusID device, such as at vehicle gates.
The default selection installs the plusID Manager Software and the Logical Access Support Package.
SETTING UP THE DATABASE
The first time the plusID Manager is launched; a SQL Server database must be created and configured using the
Database Manager Configuration utility,
NOTE: The plusID Manager database stores only user contact and device information, NOT biometric data.

INSTALLING TO AN EXISTING DATABASE SERVER
1. Specify a server and instance name using one of the following methods:
• Click “search” to search for a list of available servers.
NOTE: This feature may not succeed if your network firewall settings block the SQL Server Browser service
which broadcasts UDP messages on port 1434.
or
• Manually enter the server and instance name if necessary (“server\instance”). A server name of
“(local)” indicates the database is on the local machine.
2. Log on to the database server using one of the following methods:
• Windows-based authentication (as the logged-on Windows user)
or
• SQL Server-based authentication (as the System Admin “sa”)
3. Click “Connect”
INSTALLING TO A NEW DATABASE SERVER
1. Select “Create New” option from the “Server Name” drop down list to launch the server installation
wizard.
2. Enter the server instance name. In most cases the default name “SQLEXPRESS” can be used. The
following rules apply when naming the instance:
• Name cannot be blank
• Name cannot be longer than sixteen (16) characters
• Name cannot be “default” or “mssqlserver”
• Name must start with a letter or underscore
• Name must not contain spaces or special characters (except for leading underscore)
• Name must not conflict with existing instances (on the same machine)
3. Specify an SA password for the new instance. The following strong password rules apply when
choosing a password:
• Password cannot be blank
• Password cannot be “password”, “admin”, “administrator”, “sa”, or “sysadmin”

• Password cannot be the same as the computer name
• Password cannot be the same as the currently logged on user
• Password must be at least six (6) characters long
• Password must be a mix of lowercase and uppercase letters, number, and/or special
characters.
4. Select “Create Instance”
5. (Optional) Migrate data from a previous version of the plusID Manager software by browsing to the
.FDB file in the previous installations install path. Typically, this is ‘C:\Program Files\Privaris\plusID
Manager”.
NOTE: This is the only time that old data may be migrated. If you do not wish to migrate data from an old
database, for example if you have not previously installed the plusID Manager, then this step can be safely skipped.
Unless an existing database is migrated, previously issued credentials cannot be preserved in the event of a device
reset.
KEY SERVER INSTALLATION
NOTE: This component is only available in the plusID Manager Professional edition.
1. Create a master plusID device administration key by choosing one of the following methods:
• Generate a new key on the server (the most secure mechanism).
or
• Import an existing key (used for restoring from a previously exported key file)
or
• Manually enter a key value (this is an advanced option that can be used if a previously created
key value is required for device administration).
2. Export the key for recovery in the event of a server failure.
NOTE: It is STRONGLY recommended that the key export file be save to external media, (e.g. a USB drive) and
stored securely in a safe. When choosing a password to protect the key, no strict password requirements are
enforced, but a strong password is recommended. If this password is forgotten, the export file can no longer be
used to restore the key.
3. Add users to the list of authorized operators. By default, access to the database is denied and individual
Windows users or groups must be added in order to be granted access. To add an operator or group or
operators:

1) Select whether to limit the search to the local machine or to a Windows domain. The domain
name can be changed, but by default the value is auto-populated with the domain of the
computer running the application.
2) Select whether to search for users or groups.
3) Set filter options, for example whether to show disabled users.
4) Click the ‘Search’ button.
5) Highlight the appropriate row from the search results and click ‘Add’.
NOTE: Multiple operators can be added before closing this window. It is possible to revisit this page at a
later time by clicking the “Operator Management” tab within the Database Manager (accessed via the
“Utilities” page)
plusID MANAGER
The plusID manager functions as an enrollment and configuration tool for plusID devices and as a solution for
managing a database of users assigned plusID devices. This section describes the operation of the plusID Manager
in detail.
HELP
The help feature provides access to product documentation, such as this manual, and is located at the bottom left
corner of the main application window.
Customizing Data Views
Several screens in plusID Manager, such as Reports and User Management, support advanced data organization
capabilities.
• Sorting is accomplished by clicking on one of the column headers in the data view. Click on a column
header to reorder rows in ascending or descending order.
• Grouping is accomplished by dragging a column header to the group area. For example, dragging the
“Last Update” column header to the “group area” reorganizes all data by the value of their “Last Update”
field.
• Filtering is accomplished by selecting the filter button and entering additional conditions for the data
being displayed. For example, a view with a column named “Last Name” can be filtered so that only rows
containing “Jones” are displayed.
• Adding a column is accomplished by clicking the “Select Columns” button to display a list of columns that
can be added to the current view.
• Removing a column is accomplished by selecting the column header and dragging it (typically) downward
until the remove symbol (X) appears and then releasing the mouse button.

• Reordering columns is accomplished by selecting the column header and dragging it left or right to the
desired location and releasing the mouse button.
USER MANAGEMENT
Every person issued a plusID device is considered a “user.” User management allows adding, editing, and deleting
users, as well as importing users from an external source. Additionally, when editing a User record the “Registered
Devices and Associated Credentials” section displays devices and credentials associated with a user. Information
about a particular user’s registered devices and associated credentials is also available through the Reports feature
described in section Reports. Adding a New User
Users can be added at any time by clicking the “Add Users” button from the “Users” page and entering the user’s
information. Click ‘OK’ to add the user to the database or ‘Cancel’ to return to the Users page without creating a
new user.
NOTE: The user’s first and last name are required fields. If a user with the same name exists, the operator will have the
option of continuing with the entry or modifying the new user’s name.
EDITING AN EXISTING USER
A User’s record can be edited by selecting the user and then clicking the ‘Edit User Button’ or by double clicking on
the user’s name. When editing a user’s record, clicking the “Refresh” button resets all fields back to their last saved
value.
DELETING AN EXISTING USER
A User’s record can be deleted by selecting the user and then clicking the ‘Delete User Button’.
NOTE: A user with an issued device cannot be deleted.
IMPORTING NEW USERS FROM AN EXISTING SYSTEM
Users may quickly be added by importing them from an external source by clicking the “Import” button and
browsing to a CSV (comma-separated values) file containing the users to import. The CSV file is a text file consisting
of a header line containing the column names followed by user information (on record per line) where each field in
the record is separated by a comma.
Required Fields FirstName, LastName
Optional Fields MiddleName, EmployeeId, Department, ContactNumber, Comments

Example CSV File #1
FirstName,MiddleName,LastName,EmployeeId,Department,ContactNumber,Comments
John,P,Doe,123,Engineering,555-1234,Hardware Engineer
Jane,,Smith,456,,555-5678,
Example CSV File #2
LastName,FirstName,Department
Doe,John,Engineering
Smith,Jane,
REPORTS
The Reports feature provides read-only access to the system activity log, users and devices, and assigned
credentials.
REPORT TYPES
There are three types of reports provided with the plusID Manager, and to an extent, each one is customizable.
• The Activity Log report provides a detailed history of all important actions performed by an operator
and the times they occurred.
• The Users report provides basic information about users, issued devices and physical access
credentials. For example, a report grouped by assigned site code or department can be generated.
• The Devices report lists all devices that have been registered with the system. For example, a report
grouped by model number or firmware revision can be generated.
PRINTING AND EXPORTING
Reports can be printed or exported by clicking the “Print” button to open the print preview window. The print
preview window contains several tools for customizing the report and custom setting are saved for each operator.
Report data can be exported from the print preview window either by clicking the “Export Document” button on
the toolbar or selecting “Export Document” from the “File” menu. Data can be exported in HTML, RTF, Excel, CSV,
and Text formats.

NOTE: Exporting is only supported in the Professional edition. Advanced
UTILITIES
The “Utilities” page provides two options related to application administration.
• Database Management
The Database Manager allows for administration of the database, server connections, operators, and key
server options. For further information, see section Database Manager.
• Application Troubleshooting
The application log can be helpful in diagnosing problems. If instructed by a customer service
representative, click the “Extract Application Log” button to generate a report containing information
about the application, its configuration data, and recent activities.
KEY SERVER REMOTE ACCESS
This feature is useful if a plusID device needs to be unlocked remotely or in support of third-party software. If
third-party software needs to unlock a device for administration, it can request a challenge from a device and wait
for the user to type in the valid response to unlock it.
Required input:
• Challenge data – 16 hexadecimal digits
After the required input is entered, the appropriate response is calculated and used to unlock the device.
DEFAULT DEVICE SETTINGS
The “Default Device Settings” screen contains the settings that will be applied to all plusID devices enrolled with
the plusID Manager software. These settings can be changed at any time, but changes will apply only to devices
administered after the Default Device Settings have been modified.
NOTE: The default settings for an individual connected plusID device can be changed by selecting the “Customize Settings”
option from the “Home” page . Security Settings
FINGERPRINT MATCHING LEVEL
The plusID device has three security settings, High, Medium, and Low, corresponding to the fingerprint matching
strictness and an associated False Acceptance Rate (FAR). A lower security setting gives faster
matches/verifications, but is susceptible to more false acceptances.

Security Setting False Acceptance Rate (FAR)
High (More Strict) 1 in 100,000 (.001%)
Medium (Default) 1 in 10,000 (.01%)
Low (Less Strict) 1 in 1,000 (.1%)
NOTE: The default security setting for the plusID device is medium.
TIMEOUT SETTINGS
• Pre-Verification
This setting determines how long the device will wait for a fingerprint swipe before powering off. The
value can be set from 5 to 255 seconds. The default setting is 10.
NOTE: This setting does not apply when the device is connected to the plusID Manager.
• Post-Verification
This setting determines how long the device will remain active and transmit its physical access credentials
after a successful verification and before powering off. The value can be set from 5 to 255 seconds and
the default setting is 10.
NOTE: The longer the post-verification timeout setting, the greater the demand on the device’s battery, which may
reduce the average number of verifications available following a charge.
USER LOGON SETTINGS
The Authentication Mode selection determines if a user PIN is required in addition to a biometric verification in
logical access operations such as computer logon. There are two options:
• Biometric and PIN
This setting requires a user (PIN) and a biometric verification (three factor operation).
NOTE: If this option is selected, a user PIN must be assigned during enrollment.
• Biometric Only
This setting requires only a biometric verification (two factor operation).
NOTE: The default value is the highest security level, Biometric and PIN.

SOUND SETTINGS
NOTE: This option only pertains to the plusID 75 and 90 models.
These settings determine whether the plusID device provides audible feedback to indicate a successful verification,
a failed verification, or that a transaction is complete. Selecting a check box turns on the sound for that action.
• USB Connected
Select this option to enable sounds during biometric operations while connected to a computer via USB.
• USB Disconnected
Select this option to enable sounds during biometric operations while disconnected from a computer
• Long Range
Select this option to enable additional sounds indicating the long range transceiver has granted or denied
access.
LONG RANGE SETTINGS
NOTE: The Long Range Settings feature only applies to the plusID 90 model.
The plusID supports identity verification in long range applications (up to 100 meters), such as vehicle gate access,
using the Privaris Long Range Transceiver (LRT). These settings determine the configuration of LRTs deployed
within an organization. Users are granted access to one or more LRTs by issuing long range credentials to the user’s
plusID. Issuing long range credentials is described in section Long Range Credentials.
CREATING A TRANSCEIVER KEY
plusID devices and LRTs must share a key in order to communicate and to prevent communication with devices
issued by any other organization.. Keys can be created in either the plusID Manager or Transceiver Configuration
Tool (see section Long-Range Transceiver Configuration Tool)
Note: The same key can be assigned to multiple transceivers.
KEY CREATION USING THE PLUSID MANAGER
1. Click on the “New Key” button to display the “New Transceiver Key” window.
2. Enter a unique name for the key in the “Key Name” field, for example “North Entry Gate”.
3. Create the key value using one of the following options:

a. From Passphrase. Enter text from which the key should be generated. The “Preview Key” field at
the bottom displays the key derived from the passphrase as it is typed.
b. Randomly Generated. This method randomly generates the key.
4. Click “OK” to save the key to the database.
5. Click “Export Key” and save the new key to a file. The key can then be imported into the Transceiver
Configuration Tool with the file.
IMPORTING A KEY FROM THE TRANSCEIVER CONFIGURATION TOOL
1. Click on the “Import Key” button. The Import Transceiver Key window will appear.
2. Enter a unique name for the key in the “Key Name” field. To limit confusion, use the same name as was
assigned to the key in the Transceiver Configuration Tool.
3. Click the “Browse” button to locate the saved key file.
4. Click “OK” to save the key.
CREATING A NEW TRANSCEIVER
NOTE: At least one key must be created before a new transceiver can be defined.
1. On the Long Range Settings page in the list of keys, select and highlight the key that will be associated
with the new transceiver.
2. Click on the “New Transceiver” button. The Create New Transceiver window will appear.
3. Enter a unique name for the transceiver, for example “North Entry Gate, Lane #2”.
4. Optionally, enter a description of the transceiver’s location.
5. Select at least one type of credential for use with the transceiver:
a. Standard: The transceiver outputs a Wiegand code, making it compatible with existing physical
access control systems (PACS).
b. Legacy: The transceiver is a pass through to a third-party PC-based control system.
c. Relay Mode: Allows the transceiver to control a Form C relay.
6. Click “OK” to add the new transceiver to the plusID Manager’s database.

DEVICE MANAGEMENT
HOME
This page serves as a dashboard for device administration and provides access to the following options for a
connected plusID device:
• Loading a credential
• Enrolling fingerprints
• Customizing settings
• Reissuing a device to a new user
• Upgrading firmware
• Resetting to factory defaults
• Extracting data
• Changing the Administrator PIN
STATUS
This page provides the following information about a connected plusID device:
• Manufacturing Information lists the device’s model number, serial number, manufacture date, and
wireless address.
• Revision Information lists the hardware and firmware version information.
• Battery Information displays the current battery level and charging status.
• File System Properties displays the total and available storage space.
UNLOCKING THE DEVICE
Devices must be unlocked in order to be administered. To unlock a device, either enter the device Administrator
PIN when prompted or if using a key server, the device will be automatically unlocked when connected via USB
.See section plusID Security for more information about the different security models.
NOTE: The first time a device is unlocked, the default administrator PIN (“4321”) must be used.
WARNING: If using PIN based security, the Administrator PIN should be changed the first time the device is
administered.
If automatic unlocking fails in a key server environment, a form is displayed allowing manual entry of the device’s
key This may be caused by:

• The device belongs to another plusID Manager system.
• The system key has been changed since the device was last administered.
• The device has been used with another 3rd party software system that loaded a key that is unknown to the
current system.
ENROLLMENT
Enrollment is the process through which a plusID is associated with a user and the user’s fingerprint templates are
securely stored on the device. The enrollment feature is available by clicking on “Enroll Fingerprints” the device’s
“Home” page or by selecting “Enrollment” from the device’s Device Management menu.
USER REGISTRATION
The device must be associated with a user whose information is stored in the plusID Manager application database
prior to user enrollment.
First, select an existing user from the displayed list and then click the “Register” button in the bottom right of the
page. If the user does not already exist in the database, click “Add User” or add a user as described in section User
Management.
NOTE: If a device is inadvertently registered to the wrong user, see section 3.7.6 to reissue.
ENROLLMENT GUIDELINES
Enrollment can be challenging for first time users. The following guidelines and “How to Swipe” section may be
useful in guiding users towards a reliable swiping technique.
1. Before beginning enrollment, review the “How to Swipe” instructions with each user. Additionally, the
60-second plusID product video includes a demonstration of proper swipe technique
(www.privaris.com/privarisplusIDlow.wmv).
2. Always enroll two fingers (both thumbs are recommended) to ensure that there is a backup in case of
injury.
3. Fingers should be free of excessive dirt or grease but otherwise do not need to be washed prior to
enrollment.
4. The plusID device should be used with one hand, just as it is held during normal device use.
HOW TO SWIPE
Review the instructions that follow to ensure the proper positioning of the fingerprint relative to the sensor. The
central, most feature-rich portion of the fingerprint – not the fingertip – must be swiped over the device’s
fingerprint sensor. This is where the fingerprint pattern is centralized and typically forms a bull's eye, U, or S
shape:

Review the instructions below with each user and let them practice swiping with their device. Not doing so may
result in a poor quality enrollment and difficulty using the plusID device.

ENROLLING FINGERPRINTS
WARNING: The device cannot distinguish which finger is swiped, so always verify that the finger selected on the
screen is the same finger that the user is actually applying.
NOTE: Watch closely to ensure that the user is following the Enrollment Guidelines. An enrollment cannot be stopped once it
is begun, but can be easily erased and redone.
1. Hand the user their new plusID device.
2. Ask if the user is right or left handed; enroll the primary thumb first (on their dominant hand).
3. Review the “How to Swipe” instructions with the user; let them practice swiping until they can do so
properly and comfortably.
4. Insert the large end of the mini-USB cable into the computer's USB port and the small end into the port at
the base of the plusID.
5. Click the “Enroll” button on the Enrollment screen
6. Click on the appropriate finger on the hand diagram.
7. Convey the instructions from the on-screen prompts to the user.
The prompts will specify when to swipe, the quality of a swipe, and indicate when enrollment is complete. As a
general rule, tell the user to swipe whenever their plusID blinks green.
A typical enrollment requires three to five swipes. The first few swipes of an enrollment create the fingerprint
template. The last swipe is a verification swipe that confirms that the user's live print can be successfully matched
to their stored fingerprint template. The verification swipe is required to complete enrollment.
If an Enrollment was successful but the user has trouble verifying or verification is sluggish (two seconds or more),
it is recommended that the fingerprint be erased and re-enrolled. .
PERFORMING ADDITIONAL VERIFICATIONS
Verification confirms a user’s identity by matching their live fingerprint to their stored fingerprint template. To
prompt for verification:
1. Select the “Verify” button from the Enrollment screen.
2. Select an enrolled finger from the hand diagram.
3. Follow the on-screen prompt. The device will blink green to request a verification swipe and will turn
solid green to indicate a successful verification, or solid red to indicate a failed verification.

ERASING A FINGERPRINT
This option erases the selected finger’s fingerprint template from the plusID device.
If an Enrollment was successful but the user is having trouble verifying or verification is sluggish (two seconds or
more), it is recommended that the fingerprint enrollment be erased and then re-enrolled.
To erase a fingerprint enrollment:
1. Select the "Remove" button from the Enrollment screen.
2. Select an enrolled finger on the hand diagram.
3. Select "Yes" to confirm erasure.
USER PIN
When a plusID is configured for the Biometric and PIN authentication mode, the User PIN is required for Windows
login and other smart card related functions. (The authentication mode is a device setting that is described in
section User Logon Settings.)
NOTE: If the plusID will only be used for physical access, it is typically not necessary to assign a User PIN.
The factory default User PIN is “1234”. If the device is reset then the User PIN will be reset to this value.
TO CHANGE THE USER PIN
1. Click the “Change User PIN” button located on the “Enrollment” screen:
2. Ask the user to select a new User PIN (from four to sixteen alphanumeric characters).
3. Allow the user access to the keyboard to privately enter their User PIN twice.
4. Press the “Apply” button.
PHYSICAL ACCESS CREDENTIALS
If the plusID device will be used in place of access cards or fobs to access facilities, doors and gates, a physical
access credential must be loaded onto the plusID using the plusID Manager.
Loading credentials is as simple as dragging a credential from the list at the bottom of the Credentials Screen and
dropping it onto one of the four white squares at the top of the Credentials Screen. Each white square corresponds
to one of the four function buttons on the front of a plusID. Multiple credentials can be loaded, enabling a single
plusID device to be used to access multiple doors, buildings, and/or vehicle gates.
LOADING CREDENTIALS
The following sections describe the various types of physical access credentials that can be loaded onto a plusID as
well as procedures for loading credentials onto a device.

VIRTUAL CREDENTIALS FOR DOOR ACCESS
Loading credentials for door access requires a smart card reader, and a smart card containing virtual credentials,
for example an idBank™ available from HID® or Privaris® containing HID Proximity, HID Indala Proximity, CASI
Proximity, or iCLASS card formats
1. Connect a smart card reader to the computer (if not built into computer).
2. Insert smart card containing virtual credentials into the smart card reader.
3. Connect a plusID to the computer via USB.
4. Unlock the device and select the “Credentials” page.
5. Select the “Card” tab under “Credentials Source.”
6. Select the appropriate smart card reader from the drop down menu. The list of available card formats will
be displayed. Previously assigned card formats are sorted to the bottom of the list, grayed out, and their
status shown as “In Use”.
7. Drag an unassigned card format from the list and drop it in one of the four white squares at the top of the
screen that correspond to the device’s four function buttons..
8. Inform the user what facilities/locations have been assigned to the buttons.
When credential generation is complete the card format will be shown in the selected location. Multiple card
formats can be loaded for each of the device’s four buttons for access to multiple doors and facilities
NOTE: A virtual credential that has been loaded on to a plusID is permanently associated with that device and can never be
assigned to another device (does not apply to demonstration credentials). However, the credential can be reloaded onto the
original device later, either from the Database or by reissuing from the original smart card.
DEMO CREDENTIALS
The plusID Manager provides demonstration card formats (Prox, iCLASS, Corporate 1000, and Indala) which can be
assigned to a plusID to demonstrate interaction with a door reader. Demonstration card formats can be added to
your existing physical access control system (PACS), or used with a battery powered HID demonstration reader
included the plusID evaluation kit from Privaris. Additionally, one “Practice Code” is included that allows
logical/computer access users to practice verifying with their plusID device without having to be connected to a
computer.
TO LOAD DEMONSTRATION OR PRACTICE CREDENTIALS:
1. Connect a plusID to the computer via USB.
3. Choose the “Demo” tab under “Credentials Source”.

4. Select a card format and drag-and-drop it into one of the four white squares at the top of the screen that
correspond to the device’s four function buttons.
NOTE: The demonstration card formats are reusable.
LONG RANGE CREDENTIALS
NOTE: The long range credentials option is specific to the plusID 90 model and is automatically disabled for any other plusID
model..
This option requires that the Long Range Settings have been configured as described in section Long Range
Settings.
When a plusID is used for long range access, it requires a different type of credential than is used for physical
access at close range.
The access credential for the long range devices contains information necessary to remotely authenticate a plusID
90 device to a transceiver. See section Creating a Transceiver Key for additional information.
TO LOAD LONG RANGE CREDENTIALS:
1. Connect a plusID 90 to the computer via USB.
3. Choose the Long Range tab under Credentials Source. The list of available long range transceiver
credentials will be displayed along with their type.
4. Select the transceiver with which the plusID 90 will communicate.
5. Drag the appropriate transceiver from the list and drop it in one of the four white squares at the top of
the screen that correspond to the device’s four function buttons. This operation loads the transceiver’s
access credential onto the plusID 90.
FOR LEGACY AND RELAY MODE CREDENTIALS, NO OTHER STEPS ARE REQUIRED. FOR WIEGAND
CREDENTIALS, THE FOLLOWING ADDITIONAL ACTIONS ARE REQUIRED:
1. Select the Wiegand type. (Currently only 26-bit Wiegand is supported.)
2. Enter a Site (Facility) Code between 0 and 255. If your organization is running a 26 bit format Wiegand
system, the same numbers can be used or new numbers can be assigned.
3. Enter a unique Card Number between 0 and 65,535.
4. Select “OK” to assign the credential.
5. Inform the user what facilities/locations have been assigned to the buttons.

NOTE: Care should be taken to not issue the same site code and card number to more than one device. The rules for issuance
are the same as with your existing physical access control system.
NOTE: If multiple LRTs are assigned the same key (see section Creating a new Transceiver), all plusIDs with the same key
can be used with all of them.
CREDENTIAL PROPERTIES
Once a credential has been assigned, double-clicking on it provides additional details about the credential.
VALID CREDENTIAL PAIRINGS
Multiple types of credentials can be loaded onto a single device. Additionally, up to three physical access
credentials can be assigned to each button on the plusID, provided each credential uses a separate communication
frequency.
The following table indicates the supported physical access credential types and their communication frequency:
Communication Frequency Supported Card Formats
125 kHz HID Proximity, HID Indala Proximity, GE/CASI
13.56 MHz HID iCLASS
2.45 GHz Privaris Long Range (IEEE 802.15.4)
Examples of Valid Pairings on a Button
• HID Proximity and HID iCLASS
or
• GE/CASI and Privaris Long Range
or
• HID Proximity, and Privaris Long Range
NOTE: Logon credentials used for wireless computer access via Bluetooth with a plusID 75 device require a dedicated button
and cannot be combined with physical access credentials.

RELOADING CREDENTIALS FROM DATABASE
Whenever a credential is loaded onto a plusID, information about the credential is stored in the plusID Manager
database and allows reloading a credential to the original device if it has been deleted.
TO RELOAD A CREDENTIAL:
1. Connect the plusID to the computer.
2. Unlock the device and select the Credentials page.
3. Choose the “Database” tab under “Credentials Source”.
4. Select a credential and drag and drop it into one of the four white squares at the top of the screen that
correspond to the device’s four function buttons.
REMOVING A CREDENTIAL
• From a button
Remove a credential from a button by dragging it from one of the white rectangles associated
with the device’s four buttons and dropping it into the plusID Manager’s recycle bin. Removed
credentials are listed as “unassigned”, but are still on the device and visible on the “Devices” tab.
To reassign the credential, drag it from the recycle bin and drop it onto the desired button above.
• From a device
Remove a credential from the device (it cannot be removed from the database) by selecting the
credential from the “Device” tab and dragging it to the recycle bin.
FIRMWARE UPGRADES
Firmware upgrades are updates to the software that runs on the plusID device. Periodically, new software
revisions are released and may fix issues or otherwise enhance device functionality. The firmware upgrade is
accessible on the device’s “Home” page or is started automatically by the plusID Manager when a required update
is available.
A firmware upgrade does not erase or reset the device and has no impact on any of the information that is stored
on the device (i.e., device settings, fingerprint templates, PINs, credentials, etc.)
The “Upgrade Firmware” page indicates the current device firmware and provides the ability to select which
firmware should be loaded onto the device in question. To upgrade:
1. Select “Upgrade Firmware” on the device home page
2. Accept the firmware version automatically displayed or browse to the file containing the new device
firmware
3. Review the firmware upgrade information

4. Click “Initiate Firmware Upgrade”
5. Click ‘OK’ to confirm
6. Click “Start Upgrade”
7. Once upgrade is complete, click “Close Window”
WARNING: Once a firmware upgrade is initiated, the device is non-operational until a valid image is applied. Do
NOT disconnect the device or otherwise interrupt this process once it has begun.
REISSUING A DEVICE
To issue a plusID device to a different user:
1. Click “Issue to a Different User” on the device’s “Home” page.
2. Select options to be preserved for new user.
3. Click the “Next” button
4. Confirm reset actions
5. Click “Apply Reset
6. When the reset operation is complete, click “Finish”
NOTE: fingerprints captured through the enrollment process can never be preserved through a device reissuance. Re-
enrollment is always necessary following a device reset.
RESETTING A DEVICE TO FACTORY DEFAULTS
To reset the device to its factory defaults,
1. Click “Reset to Factory Defaults” on the device’s “Home” page.
2. Click the “Next” button
3. Confirm reset actions
4. Click “Apply Reset
5. When the reset operation is complete, click “Finish”
NOTE: fingerprints captured through the enrollment process can never be preserved through a device reset. Re-enrollment is
always necessary following a device reset.

CUSTOMIZING DEVICE SETTINGS
The various plusID device settings are described in section Default Device Settings. Default Device Settings apply
to every device registered with the system, unless an individual device’s settings have been explicitly modified via
the “Customize Settings” task on the device “Home” page.
Modifying an individual device’s settings is generally not necessary as Default Device Settings are usually set by
company policy and should be used in most cases. For example, if a particular user does not want his device to
make any sounds, then the Sound Settings for that user’s device can be overridden.
EXTRACTING DEVICE DATA
The plusID Manager supports extracting two types of data from plusID devices:
• Extract Certificate File
Each plusID contains a unique security certificate that is created during the device manufacturing process.
If a security operation needs to be performed requiring identification of the device, then the certificate
can be extracted to a file by clicking on the “Extract Certificate File” button.
• Extract Device Log
Each plusID maintains a log of device activity. This log file can be extracted by selecting “Extract Device
Log” and specifying where to save the file. In general the only time the device log should be extracted is if
the log is requested by Customer Service in order to diagnose a problem.
DATABASE MANAGER
The Database Manager configures the plusID Manager database server as described in section Setting up the
Database. The following sections describe post-installation uses of the Database Manager including data backup,
data recovery, and operator management.
CONNECTING TO THE DATABASE
To connect to a database:
1. Click “Launch Database Manager” on the “Utilities” page
2. Specify a server and instance name using one of the following methods:
• Click “search” to search for a list of available servers.
NOTE: This feature may not succeed if your network firewall settings block the SQL Server Browser service,
which broadcasts UDP messages on port 1434.

or
• Manually enter the server and instance name if necessary (“server\instance”). A server name of
“(local)” indicates the database is on the local machine.
3. Log on to the database server using one of the following methods:
• Windows-based authentication (as the logged-on Windows user)
or
• SQL Server-based authentication (as the System Admin “sa”)
4. Click “Connect”
BACKUP AND RESTORE
NOTE: The plusID Manager database stores information about each user including contact information, device settings,
device credentials, and activity logs, making routine database backups very important.
It is recommended that the plusID Manager database be added to backup policies already in place in your
organization’s IT department. If no such policy exists, the Database Manager provides this capability:
TO BACKUP THE DATABASE:
2. Connect to the database
3. Select the “Backup/Restore” tab
4. Click “Backup”
5. Select a path and enter name for the backup file
6. Click “Save”
TO RESTORE THE DATABASE:
3. Select the “Backup/Restore” tab

4. Click “Restore”
5. Browse to the database backup file and select it
6. Click “Open”
WARNING: Restoring can be a destructive action; any changes to the database between the time the backup was
created and the time the restore is performed are permanently lost.
OPERATOR MANAGEMENT
To run the plusID Manager, a person must be designated as an operator. Operators can be added or removed as
individuals or as members of a Windows group.
ADDING AN OPERATOR:
3. Select the “Operator Management” tab
4. Click “Add Operator”
5. Select the account location (Domain or Local)
6. Select the account type (Users or Groups)
7. Choose desired filter options
8. Click “Search”
9. Select the account or group to be added as an operator
10. Click “Add”
11. Click “Close” to return to the previous screen or repeat to add additional operators.
REMOVING AN OPERATOR:
3. Select the “Operator Management” tab
4. Select the operator or group to be removed
5. Click “Remove Operator”
6. Confirm the removal by clicking “Yes.”

CONFIGURING THE KEY SERVER
The Key Server component is supported only in the plusID Manger Professional Edition.
TO CONFIGURE KEY SERVER OR PIN USAGE:
3. Select the “Key Server” tab
4. Select the desired key server behavior:
• Use Key Server (Recommended) – New devices are automatically joined to the key server when
first administered.
• Use Administration PIN – New devices are not joined to the key server and are managed by the
Administrator PIN.
• Ask – For each new device, the operator is asked whether to use key server or Administrator PIN.
NOTE: “Ask” behavior is not recommended as it allows for a mixed population of plusID devices
supporting either an Administrator PIN or a Key and is difficult to maintain.
5. Select the account location (Domain or Local)
6. Select the account type (Users or Groups)
7. Choose desired filter options
8. Click “Search”
9. Select the account or group to be added as an operator
10. Click “Add”
11. Click “Close” to return to the previous screen or repeat to add additional operators.
TO EXPORT THE MASTER KEY:
3. Select the “Key Server” tab
4. Click “Export Master Key”
5. Enter and confirm a password to protect the exported key file

6. Click “Export Key”
7. Select a path and enter name for the backup file
8. Click “Save.”
ADVANCED
The Advanced page allows for changing the factory default application role password used by the application to
authenticate itself to the server.
TO CHANGE THE APPLICATION ROLE PASSWORD
3. Select the “Advanced” tab
4. Enter and confirm a new application role password
5. Click “Change Password.”
NOTE: Changing the application role password after plusID Manager clients have been configured will temporarily revoke
access on each client until the system administrator re-authenticates the plusID Manager clients by repeating these steps on
each client.
LONG-RANGE TRANSCEIVER CONFIGURATION TOOL
The Privaris Long-Range Transceiver (LRT) allows communication with plusID 90 devices at distances of up to 100
meters depending on the antennae selected. The LRT connects to most existing physical access control systems
using a Wiegand interface. The LRT Configuration Tool is a component selection option during installation of
plusID Manager.
CONNECTING TO THE LONG-RANGE TRANSCEIVER
Connect the LRT to a computer using a standard crossover serial cable and power it by connecting an external 12V
DC, 1 amp power supply. Launch the LRT Configuration Tool and specify the COM port setting from the drop down
menu. Once connected, the firmware version (F/W) of the LRT is displayed and the LRT settings are populated with
their default values.

FEATURES OF THE TOOL
The tool is organized according to the tabs across the top. “Settings” and “Utilities” require an active connection to
an LRT, while the “Help” tab is always accessible, providing links to product documentation. When changing
settings, the “Apply” button must be pressed in order to send the changes to the LRT. The Refresh button causes
any non-applied changes to be replaced by the current LRT settings. Additionally, if a key has been sent to the LRT
but not exported an error dialog is displayed.
SETTINGS TAB
MANAGED/LEGACY MODE
In this mode the LRT is entirely controlled by a custom software application. Please contact Customer Service for
additional information.
STANDALONE/STANDARD MODE
This setting is only applicable when connecting the LRT to Physical Access Control System (PACS) or when using the
external relay option and allows for the configuration of:
1. Wiegand Delay: The number of milliseconds the LRT waits between sending each Wiegand value to the
PACS. The available range is from 0 – 60,000 milliseconds. Setting this value too low may result in the
PACS receiving Weigand data too quickly. The recommended initial setting is 1000 milliseconds.
2. Relay Hold Time: The number of milliseconds that the LRT will wait in between toggling the Form C relay.
3. Invert: Wiegand or Relay signaling settings can be inverted, driving the signal to low instead of high. This
setting may be necessary if your access control panel cannot interpret the default signaling scheme.
NOTE: The maximum current sourcing capability when driving “high” is 5mA. The maximum current sinking
capability when driving “low” is 30mA.
TRANSCEIVER KEY
This setting is only applicable in Standalone/Standard Mode. The transceiver key is used to verify the authenticity
of plusID 90 devices via a challenge/response cryptographic exchange. A key must be created and assigned to each
LRT. This can be done using the Transceiver Configuration Tool or the plusID Manager. Regardless of where the key
is created, the key must be assigned the same value in both applications.
CREATING A NEW KEY:
1. Select the method for key generation
• From Passphrase (manually entered by operator)

• Randomly Generated (recommended)
2. Select “Export Key”
3. Choose a location and file name for the exported key.
4. Click “Save”.
IMPORTING AN EXISTING KEY:
1. Select the “Import a Key” button.
2. Click the “Browse” button to location of the key file.
3. Click “Apply” to send it to the LRT.
UTILITIES TAB
FIRMWARE UPGRADE
TO UPGRADE THE LRT’S FIRMWARE:
1. Click the “Browse” button to locate the firmware file.
2. Click the “Upgrade” button to initiate the firmware upgrade.
3. Wait for the upgrade to complete. This may take several minutes.
4. Reboot the LRT by disconnecting and reconnecting its power supply.
LOGICAL ACCESS
Introduction
Your plusID device can be used to securely log you on to your computer running Microsoft® Windows without the
need to remember a password. Logon capabilities are provided through the Logical Access Support Package, a
component selection option during installation of plusID Manager.
CERTIFICATE-BASED AUTHENTICATION
Certificate-based authentication uses traditional smart card digital certificates to authenticate your identity while
logging in. The plusID device is ISO 7816 Part 3 smart card compliant, and allows for rapid integration of plusID
devices across Microsoft® systems that support smart cards.

This method requires that client machines be managed by a domain with a certificate authority for issuing network
credentials. The following diagram illustrates how the plusID device integrates with the Microsoft Windows
operating system for certificate-based authentication.
How plusID Interfaces with Microsoft’s Smart Card Architecture for Logon
WINLOGON
Microsoft Smart Card

Base CSP
Windows™
Smart Card
Smart Card
PC/SC Smart Card Resource Manager (SCRM)
Chip Card Interface Driver
SYSTEM REQUIREMENTS
The following are the smart card related system requirements for deploying Privaris plusID biometric devices into a
®
Microsoft environment for user authentication/logon (via USB or via Bluetooth):
Microsoft Windows 2000 Server (or later) domain environment
Microsoft Windows 2000 Server, and later, natively support smart card authentication as a means of logging
users onto a domain environment. In a domain environment, users and their access permissions are stored
and managed in a central location, referred to as the Active Directory.
Once a server is configured to act as a domain controller, smart card authentication via plusID biometric
devices is automatically enabled on all client machines that are a member of the domain. For details on server
configuration, see “Additional Information” below.

Microsoft certificate services
Smart card authentication relies on the public key infrastructure (PKI) to authenticate users to the domain.
The Microsoft Certificate Services are the server component that provides the infrastructure to support PKI
and is responsible for issuing credentials (certificates) that can be used for a variety of purposes, including
secure email and user authentication.
In security-conscious environments, these credentials are stored on a secure device such as the Privaris plusID
so that they may not be tampered with or used without authorization. The Microsoft Certificate Services
include a web-based interface through which an administrator can generate credentials for a user and
securely store them on the user’s plusID. Certificate services can be installed anywhere, as long as it is trusted
by the server..
HOW TO LOG ON USING CERTIFICATE-BASED AUTHENTICATION
To use certificate-based authentication, your system administrator must issue a network credential to
your plusID device after enrollment has been completed. Once a certificate has been issued to you, you
may log on to your computer by performing the following steps
On a computer with the optional Privaris GINA component installed:
1. Connect your plusID device to your computer with either a USB cable or Bluetooth. If it is already
connected with a USB cable, press any button to begin the log on process.
2. If prompted for the type of authentication credential, select the option to use a certificate stored on your
device.
NOTE: This step is only performed when a new device is connected to the computer. Once the type of credential is
chosen, you will not be prompted for the type again.
3. When prompted, swipe an enrolled finger down the fingerprint sensor to verify.
4. If your device is configured for three-factor operation, enter your user Personal Identification Number
(PIN).
5. Access to the computer is granted.
If the optional Privaris GINA component has not been installed on your computer, the order of operations is:
1. Connect your plusID device to your computer with either a USB cable or Bluetooth. If it is already
2. When prompted, enter your Personal Identification Number (PIN) (if you did not select a User PIN when
your device was issued, enter the default user PIN of ‘1234’)
3. Press ‘OK’ on the PIN screen
4. When the plusID’s green light blinks, swipe an enrolled finger down the fingerprint sensor to verify.

NOTE: On-screen instructions to verify are not displayed.
5. Wait while the system logs you on.
Additional information
Microsoft’s “Smart Card Deployment Cookbook” is an excellent resource covering all aspects of smart card
deployment, from general information to detailed installation and configuration information. It can be accessed
online at:
http://www.microsoft.com/technet/security/guidance/identitymanagement/smrtcdcb/default.mspx.
NON-CERTIFICATE BASED AUTHENTICATION
Non-certificate-based authentication can be used on any computer including those managed by a domain. This
authentication method is typically used by home users or small organizations that do not have the network
infrastructure to support certificate-based authentication. Non-certificate-based authentication works by securely
storing the password in an encrypted form and supplying it to the computer only after a successful verification
using a plusID device.
HOW TO LOG ON USING NON-CERTIFICATE-BASED AUTHENTICATION
To use non-certificate-based authentication, you must install the optional Privaris GINA component that is part of
the Logical Access Support Package.
INITIAL CONFIGURATION OF YOUR plusID DEVICE
1. Connect your plusID device to your computer with either a USB cable or via Bluetooth. If it is already
2. When prompted for the type of authentication credential, select the option to associate a password with
your device.
NOTE: This step is only performed when a new device is connected to the computer. Once the type of credential is
chosen, you will not be prompted for the type again.
3. Log on using your user name and password.
4. If log on is successful, you will be asked if you would like to use your plusID device to log into this account
in the future. If so, click ‘Yes.’
5. Wait while your credentials are associated with your plusID device.
Note that if you change your password, you will need to repeat these steps in order to update the credentials
associated with your device.

TO LOG ON WITH YOUR plusID DEVICE
1. Connect your plusID device to your computer with either a USB cable or via Bluetooth. If it is already
2. When prompted, swipe an enrolled finger down the fingerprint sensor to verify.
3. If your device is configured for three-factor operation, enter your user Personal Identification Number
(PIN).
If log on fails, you will be asked to supply your user name and password. Future attempts to log on with your
plusID device will use the new password.

APPENDIX A - GATE AND VEHICLE SOLUTION
Based on plusID identity verification technology
KEEP TRAFFIC MOVING WHILE INSURING THE IDENTITY OF DRIVERS AND VEHICLES
As the need for heightened security pervades every corner of society, new challenges have been created for the
movement of vehicles through gates. Whether it is a port, a military base, or a logistics center, vehicle traffic is
slowed by traditional, manual methods of verifying driver identity at portals and gates, impacting productivity and
the flow of commerce. Facility operators need to be able to quickly and reliably verify the identity of drivers and
vehicles without imposing solutions that violate privacy, add substantial costs, or create additional security risks
for the organization. An ideal approach would be to have a “fast lane” for drivers and vehicles that we “know”,
enabling them to proceed through checkpoints without stopping. Conventional manual checks would still be used
for the smaller population of drivers and vehicles that are not prequalified. While it is possible to install RFID
technology on a truck for remote identification of the vehicle, the challenge has been how to verify the identity of
the driver. A known vehicle with the wrong driver could present as much, or more, of a risk than the presence of a
completely unknown vehicle. Until now it has not been possible to reliably verify driver identity without requiring a
full stop for either manual inspection of identity credentials or for execution of a biometric verification at a fixed,
mounted reader. The Privaris plusID Gate and Vehicle system changes that by offering the world’s first, wireless,
personal, biometric identity verification solution.
PERSONAL BIOMETRICS
With Privaris plusID, drivers verify their identity by swiping their finger on their own key–fob, biometric device. The
device compares the live fingerprint to the fingerprint template securely stored inside their device and upon a
match, wirelessly transmits encrypted credential information to the gate control system which validates the access
rights for that driver and vehicle.
EASY INTEGRATION WITH PHYSICAL ACCESS CONTROL SYSTEMS
The Privaris gate system can be configured to output a Wiegand data stream – a standard communications signal
that is compatible with virtually all access control systems.
PROTECTING PRIVACY AND MINIMIZING CORPORATE RISK
The plusID unit eliminates the privacy concerns associated with conventional biometric systems. The user’s
biometric data is never collected or stored in a database. Users enroll directly into their own personal plusID unit
where the data is encrypted and securely stored. It is never released or transmitted. Rather than delivering
biometric data as an access credential, plusID uses it simply to “unlock” the transmission of standard identity
credentials. This unique approach eliminates employee concerns over the collection of personal data while
eliminating the risk and expense of collecting, storing and protecting employees’ sensitive personal information.

A NEW APPROACH: PERSONAL, MOBILE BIOMETRICS FOR GATE AND VEHICLE SECURITY
Verifies driver identity without requiring vehicle stop
Matches driver to vehicle
Works with commercially available physical access control systems for gate operation
Works with commercially available solutions for vehicle starting and locking
Cannot be shared. Useless if lost or stolen
TECHNICAL OVERVIEW: GATE AND VEHICLE APPLICATION
As the vehicle approaches the gate, the driver swipes their finger across their plusID device. After verification
of the driver’s fingerprint, the plusID transmits credential data via 802.15.4, an IEEE standard for wireless
communications operating at 2.4GHz. The data is received by the Privaris Long Range Transceiver, which
decrypts the credential information and passes it to an external gate control system, which opens the gate.
The entire transaction typically takes less than three seconds. The plusID identity token supports wireless
communication with the transceiver over distances of up to 100m (328 feet). With adequate lane design,
vehicles can easily proceed through gates at moderate speed without having to stop the vehicle!
VERIFICATION AND VEHICLE SPEED
Based on the speed of travel and the plusID’s maximum transmission range of 100 meters* (328 feet), below
is the amount of time available to turn on the device and successfully verify - while approaching the gate:
At 10 miles per hour = 22 seconds to verify
*May vary by installation. Check with Enrollment Administrator for actual range.
ANTENNA CONSIDERATIONS
The following range testing was conducted with the 50 deg 10.5 dBi outdoor antenna from SMC; model number
SMCANT-DI105, part number 751-5784. There are two other similar 10.5 dBi antennas from SMC which are the
DI135 (36 deg) and the DI145 (26 deg) which are more directional if this is needed. The 50 deg SMC antenna is
recommended for installations that are a “generic” single lane. This antenna in a standard set up was able to
communicate at about 25 degrees off center providing about a 50 degree cone of reception. Like all antennas,
there are side lobes that allow you to communicate in about a 10 foot circle around the antenna with no
attenuation. The approximate pattern is a 10 foot circle around the antenna with a 50 degree beam width beyond
that. The test data was collected using the following criteria:

In a car with all windows rolled up
plusID device held in right hand above dashboard
The baseline was obtained using a standard set-up with no attenuation: the plusID 90 was held above the dash
board at a 45 degree angle and communicated with the lane transceiver with a 2- 3 second delay resulting in a
confirmed maximum range of ~300 feet. At 300 feet there is approximately 250 feet of side to side range as shown
in the diagram below. As the distance to the SMC antenna or attenuation decreases the plusID 90 becomes less
orientation and position dependent as the signal strength increases and provides faster connections time (usually
less than 1 sec).
* This is an approximation of a complex antenna pattern.
With 10 dBi of attenuation there was not an appreciable reduction in performance when measured at the
maximum range of 300 feet.
With 16 dBi of attenuation the maximum range was reduced to 90 feet.
With 20 dBi of attenuation the maximum range was reduced to 36 feet.
Based on these measurements, it is estimated that 18 dBi of attenuation will give about 50 feet of range and 15 dBi
of attenuation will give about 100 feet of range.

APPENDIX B PAIRING YOUR plusID TO YOUR BLUETOOTH-ENABLED COMPUTER
NOTE: Available only with the plusID 75 model and only in a Microsoft domain environment.
Introduction
Your plusID 75 device can connect to Bluetooth-enabled computers running Microsoft Windows XP Service Pack 2
or later and Windows Vista. This allows many of the capabilities of the plusID device to be performed wirelessly for
greater convenience.
Note: The plusID 75 adds an extra layer of encryption to Bluetooth data transmissions to address industry concerns over
Bluetooth security.
Bluetooth Pairing Tool
The Bluetooth Pairing Tool is part of the Privaris Bluetooth Support Package and is used to associate your plusID
device with a Bluetooth-capable computer. This allows you to perform many operations, such as digitally signing
email or logging on to your computer, wirelessly.
TO PAIR YOUR PLUSID DEVICE TO YOUR COMPUTER:
1. Launch the pairing tool software on the computer that you will connect to with the plusID device.
2. Connect the plusID device to the computer via USB.
3. Select the plusID device to be paired. If only one plusID device is connected, it will automatically
be selected.
4. When the plusID’s green light blinks, swipe an enrolled finger down the fingerprint sensor to
verify
5. Select the button(s) to be paired with this computer. Each large white square corresponds to the
buttons on the face of the plusID
NOTE: Buttons with credentials already assigned are unavailable for pairing.
6. Click “Ok”
7. Click “Close” to exit the pairing tool or select another plusID device from the list to pair to the
computer.
8. Your plusID device is now paired with your computer.
LOGGING ON WIRELESSLY
1. Power on the plusID by pushing the button assigned that was used for pairing the device to the
computer (see above)

2. If prompted, enter your personal identification number (PIN). (If you did not select a unique PIN
when your device was issued, enter 1234.)
3. When the plusID’s green light blinks, swipe an enrolled finger down the fingerprint sensor to
verify.
4. Access to the computer is granted. The device will power off automatically.

APPENDIX C – plusID TROUBLESHOOTING
If any of the following three bullet points apply, refer to the troubleshooting levels below, starting with Level 1 and
progressing through Level 5, as necessary, and erasing and re-enrolling fingers as necessary.
• Verification or enrollment failed
• Verifications are sluggish (two seconds or more)
• The user cannot could not quickly and repeatedly verify
TROUBLESHOOTING LEVEL 1
• Make sure that the user is holding the device with only one hand, or as it was held during enrollment
• Wipe-off any excess dirt or grease from finger using a tissue or article of clothing
Review the following list of common swipe sensor errors and correct the user’s behavior(s) accordingly.
Common Errors
• Accidentally touching the sensor before beginning to swipe
Do not place/rest finger on sensor before swiping, it triggers the device’s red light. Place finger on
sensor and swipe in one continuous motion.
• Bending the finger during a swipe
Always keep thumb flat and level with the device while swiping. Even a slightly bent finger lifts the
central, most feature-rich portion of the fingerprint off of the sensor and exposes the fingertip (the
least feature-rich portion of the print).
• Not following through
Do not stop swiping until the fingerprint sensor is clearly visible above the thumb.
• Pressing too hard
Do not squeeze the device. Use medium pressure. On a scale of 1 to 5, with 1 being very light and 5
being hard, pressure should equal about a 3.
• Not pressing hard enough
Lightly dragging thumb over the sensor is not sufficient for the sensor to see the print. The finger
must make solid contact, which requires medium pressure. On a scale of 1 to 5, with 1 being very
light and 5 being hard, pressure should equal about a 3.

• Starting a swipe too high or too low
With thumb hovering over top the sensor, align the first knuckle with the sensor as the starting point
for swiping. This exposes only the central and most feature-rich portion of the fingerprint to the
sensor during a swipe.
• Swiping too fast or too slow
Use a moderate, steady speed. Swiping too fast or too slow prevents the sensor from collecting the
necessary data for processing.
• Keep thumb level while swiping, do not tilt or rock thumb to the left or right.
Helpful Tip: show user the one minute plusID video that demonstrates proper swiping technique and
speed. It can be found in the “Help” section of the plusID Manager. Under “Fingerprint Instructions”
(open the “How to Swipe” file and click on the arrow in #6 to start the video) or visit
www.privaris.com/privarisplusIDlow.wmv.
Approximately 10% of all users have a fingerprint that is not centrally located. So the area that is swiped
over the sensor is not very feature-rich and results in a low quality fingerprint template:
• Examine the user’s fingerprint in bright light to determine if its pattern (typically a bull’s eye, U
shape, or S shape) is off-center and closer to the left or right side of their finger.
• If their print is off-center, coach the user to roll their finger to the left or right accordingly when
swiping such that the main pattern of their fingerprint is fully exposed to the sensor. They will
always have to use the same swiping technique (during enrollment and day-to-day device use).
If enrollment of the thumbs is still failing or verification is sluggish, try enrolling other fingers, starting with
the primary index finger. If index fingers cannot be enrolled, attempt to enroll any other finger, with the
goal of having any two fingers enrolled, one as a primary and one as a back-up.
The device is designed for thumbs so that is can be operated with one hand, but any finger can technically
be enrolled.

Approximately 1 % of the population is unable to use fingerprint biometric technologies. If enrollment

and verification is failing for all fingers after trying Troubleshooting steps 1 - 5, then the user should be
issued a non-biometric means for access.

APPENDIX D - OVERVIEW OF plusID DEVICE LIGHT BEHAVIOR
The plusID device has four indicator lights: green (top left), yellow (bottom left), red (top right), and blue (bottom
right).
Green, Yellow, Red and Blue…appear all at once for an instant.
The device is powering on.
Green, Yellow, Red and Blue…blink four times
The device is powering off.
Green, Yellow, Red and Blue….then solid red and device powers off
Indicates a non-enrolled device. If the device is enrolled, it indicates a function button that has not been
programmed with an access credential.
Blinking Green
The device is requesting a verification (fingerprint swipe).
Solid Yellow
The fingerprint sensor is processing a verification (fingerprint swipe).
Solid Green
Any successful fingerprint operation. During verification, solid green indicates a successful fingerprint
match. During enrollment, solid green indicates a completed enrollment.
Solid Red
A failed fingerprint operation or a dead battery. During verification, solid red indicates that the device
cannot match the live fingerprint placed on the sensor with the authorized users’ stored fingerprint
template. During enrollment, solid red indicates that the device was not able to capture enough data to
successfully complete enrollment.
A solid red light after powering on the device, followed by the device automatically shutting off, indicates
that the battery has been depleted and needs recharged immediately.
Brief solid red…then blinking Green
During enrollment, the sensor did not get sufficient information from the fingerprint to process the swipe.
This often happens if the sensor is touched before a swipe is begun, as opposed to placing the finger and
swiping in one continuous motion. When the device blinks green, try again.
Blinking Yellow

When disconnected from a computer, blinking yellow indicates a low battery (below 15%). The device
needs recharged. When connected to a computer, blinking yellow indicates that a device with a low
battery (below 15%) is being recharged. The blinking yellow will turn off when the battery is fully charged.
Blinking Red
Battery level is critically low (below 8%). Recharge device immediately.
Blinking Blue
Indicates device is connected via USB to a power source other than a computer (a wall or car outlet). If
connected to a computer, a brief blinking blue light indicates device is attempting to establish a
connection. A continuously blinking blue light when connected to a computer indicates a USB driver
problem.
Solid Blue
Indicates that device has successfully established a connection to a computer via USB. The blue light will
stay on as long as the device is connected.
Cycling Green, Red, Yellow, and Blue
The device’s software is being upgraded. Wait until the cycling stops before turning off or unplugging the
device from your computer.

APPENDIX E - plusID BATTERY RECHARGE INSTRUCTIONS
The plusID device is powered by a rechargeable battery. A single battery charge is good for approximately 1,000
uses/verifications. plusID models that include an LCD have a battery charge indicator (0 - 3 bars).
HOW TO CHARGE
Connecting to a computer is the preferred method of charging. Insert the smallest end of the mini-USB cable
(packaged with device) into the base of the plusID and the largest end into the computer’s USB port.
NOTE: A high power USB port is required for charging. Some hub and keyboard USB ports are incapable of charging
plusID devices.
plusID can also be charged with some wall outlet or car chargers that have a mini-USB connector output.
Contact Privaris for a list of approved chargers. Using an unapproved charger can cause permanent damage
and void the warranty of a plusID device.
HOW LONG TO CHARGE
A blinking yellow light indicates a low battery and a blinking red light indicates a critically low battery. Both
require a recharge of approximately 90 minutes. The yellow light blinks while charging and turns off to
indicate a full charge. If the battery is fully depleted, it may need recharging for two hours or more and may
not power on during the first 20 – 30 minutes.
If the battery is too low for the device to function properly, it may simply not power on, or it may turn on, display a
solid red light and then immediately power off. In this state, a recharge of two hours or more may be required and the
device may not exhibit any signs of life for the first 20 – 30 minutes of charging.
NOTE: A dead battery has no affect on the data that is stored on the plusID device.

APPENDIX F - plusID BUTTON OPERATION
The plusID has four function buttons on the face of the device that during enrollment can be programmed with
physical access credentials (card formats) for various doors and facilities.
POWER ON
Press any button that is programmed with an access credential. All four lights will appear for an instant
and then blink green to request a verification (fingerprint swipe). If a solid red light appears instead of a
blinking green light, the button does not have an associated access credential.
RESTART
With the device powered on, pressing any other button with an access credential will restart the device.
POWER OFF
Press the same button used to turn on the device, or any button without an access credential. All four
lights will blink four times as the device powers off. The device will turn off automatically after a pre-
determined number of seconds (as configured under “Default Device Settings” in the plusID Manager).

APPENDIX G - MINIMUM SYSTEM REQUIREMENTS FOR A plusID DEPLOYMENT
Unless otherwise noted the following system requirements apply to plusID models 60, 75 & 90.
plusID MANAGER, PRIVARIS DEVICE ISSUANCE SOFTWARE
One personal computer with:
· Microsoft® Windows® XP SP2, or Vista
· Universal Serial Bus (USB) port
plusID FOR PHYSICAL ACCESS
HID (including Corporate 1000), Indala or CASI door readers using one of the following card
formats:
· Prox (125k kHz)
· iCLASS (13.56 MHz)
plusID FOR LOGICAL ACCESS
Server side (for certificate-based logon only)
· Domain controller running Microsoft Windows 2000 Server or later
· Microsoft Certificate Services
Client side: for logon over USB
· Microsoft Windows 2000 or later
· Logical Access Support Package (included with plusID Manager Software v1.2 & later)
· Microsoft USB CCID driver
· USB (Universal Serial Bus) port

Client side: for wireless logon over Bluetooth™ (plusID 75 model only)
· Microsoft Windows XP SP2 or later
· Microsoft USB CCID driver
· Privaris minidriver (included with plusID Manager Software v1.2 & later)
· Bluetooth™ Support Package (included with plusID Manager Software v1.2 & later)
· The Microsoft Bluetooth stack

1
· A Bluetooth radio supported by the Microsoft Bluetooth Stack

1
· USB (Universal Serial Bus) port (for one-time plusID/computer pairing)
plusID FOR LOGICAL ACCESS WITH “plusID COMPATIBLE” THIRD PARTY SINGLE SIGN-ON
SOFTWARE
See software provider for system requirements

1
To determine Bluetooth stack and radio compatibility:
1. With Bluetooth radio connected/enabled, right click My Computer>Manage> Device Manager
2. Look for “Microsoft Bluetooth Enumerator” file under “Bluetooth Radios.” This file confirms the
presence of the Microsoft stack and compatible Bluetooth radio.
3. If you do not have it, contact Privaris Customer Service prior to proceeding for help with:
· Bluetooth stack selection
· Bluetooth radio and driver selection

APPENDIX H - LICENSING AGREEMENT
READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (“AGREEMENT”) CAREFULLY BEFORE SELECTING
THE “I ACCEPT” BUTTON BELOW. THE SOFTWARE APPLICATIONS AND THE ACCOMPANYING USER
DOCUMENTATION CONTAINED ON THIS MEDIA ARE COPYRIGHTED AND ARE LICENSED (NOT SOLD) TO YOU IN
ACCORDANCE WITH THE TERMS OF THIS AGREEMENT. BY SELECTING THE “I ACCEPT” BUTTON BELOW, YOU
MANIFEST YOUR ASSENT TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT ASSENT TO BE
BOUND BY THE TERMS OF THIS AGREEMENT, THEN YOU MUST SELECT THE “I DO NOT ACCEPT” BUTTON BELOW
AND PROMPTLY RETURN THIS MEDIA, IN UNALTERED FORM, AND YOU WILL RECEIVE A REFUND OF YOUR MONEY.
1. Generally. This Agreement represents the entire agreement between you, the end user
(either in your individual capacity or as an authorized agent of an otherwise legally-recognized organization), and
Privaris, Inc. (“Licensor”) relating to the software that is made available to you on this media by Licensor and
intended for installation on certain hardware product(s) (“Hardware”) sold to you by Licensor or its authorized
resellers and/or authorized licensees, as well as all documentation related thereto (collectively, the “Software”).
This Agreement supersedes any prior proposal, representation, or understanding between you and Licensor
related to the Software. This is a legally-binding agreement and governs the conditions under which you and/or
your organization may use the Software.
2. Term. This Agreement is effective on your selecting the “I Accept” button below and
shall continue until terminated as set forth in this Agreement. You may terminate this Agreement at any time by
uninstalling the Software and returning the Software and all copies of the Software to Licensor. Licensor may
terminate this Agreement on the breach by you of any term of this Agreement, including without limitation your
failure to pay any applicable fees described in this Agreement. On any such termination, you shall uninstall the
Software and return to Licensor the Software and all copies of the Software.
3. Grant of Licenses. Licensor grants you the personal, nontransferable, nonsublicensable
and nonexclusive right and license to install and execute the Software (in its executable, objectcode form only) on
the Hardware for the sole purpose of serving your personal needs or the internal needs of your business. You shall
not assign, sublicense, transfer, pledge, lease, rent, or share your rights under this Agreement, whether by
contract, operation or law or otherwise. Any use, copying, or distribution of the Software not expressly authorized
by this Agreement shall automatically terminate your right and license hereunder. This grant shall be limited to use
of the Software with the Hardware in accordance with the terms of this Agreement.
4. Trade Secret Protection. The Software contains substantial trade secrets of Licensor, and you shall employ
reasonable security precautions to maintain the confidentiality of such trade secrets. You shall not "unlock,"
decompile, or reverse-assemble the binary or object code portions or versions of the Software, as the terms are
generally used in the computer industry.
5. Fees. The fees for the use of the Software in accordance with this Agreement consist of
the periodic license fees that are based on the number of devices purchased by you as such periodic license fees
may be modified from time to time by Licensor. The dollar amount of such fees and the terms of payment are

specified in the product invoice separately furnished to you. You shall pay such fees to Licensor in accordance with
the terms of such product invoice.
6. Limited Warranty. Licensor warrants that the Software will, for a period of one (1) year
following its delivery to you, be in good working order and will conform in all material respects to Licensor's
published specifications. Licensor does not warrant that the operation of the Software will be uninterrupted or
error-free, or that the functionality of the Software will meet your individualized requirements. The foregoing
warranty does not cover repair for damages, malfunctions, or service failures caused by (1) actions of any non-
Licensor personnel, your failure to follow Licensor's installation, operation, or maintenance instructions, (3)
attachment to or incorporation in the Software of non-Licensor products not supported or otherwise authorized by
Licensor, or (4) or any factor beyond Licensor's control, including fire, explosion, lightning, pest damage, power
surges or failures, strikes or labor disputes, water, acts of God, the elements, war, terrorism, civil disturbances,
acts of civil or military authorities or the public enemy, transportation facilities, fuel or energy shortages, or acts or
omissions of communications carriers.
EXCEPT FOR THE WARRANTIES SET FORTH IN THIS SECTION 6, THE SOFTWARE IS LICENSED "AS IS," AND LICENSOR
DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, QUALITY, FITNESS FOR A PARTICULAR PURPOSE,
ACCURACY, OR INTERFERENCE WITH YOUR ENJOYMENT OF THE SOFTWARE OR OF NON-INFRINGEMENT. YOUR
SOLE REMEDY AGAINST LICENSOR, ITS AFFILIATES, SUBCONTRACTORS, AND REPRESENTATIVES FOR LOSS OR
DAMAGE CAUSED BY ANY FAILURE OF THE SOFTWARE TO OPERATE IN CONFORMITY WITH THIS WARRANTY,
REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR TORT, INCLUDING NEGLIGENCE, STRICT
LIABILITY OR OTHERWISE, SHALL BE (1) THE REPAIR OR REPLACEMENT OF THE SOFTWARE, PROVIDED THAT SUCH
SOFTWARE IS RETURNED IN ACCORDANCE WITH THE CONDITIONS PROVIDED HEREIN OR (2) IF SUCH REPAIR
CANNOT BE MADE OR AN EQUIVALENT REPLACEMENT CANNOT BE PROVIDED, THE REFUND OF AMOUNTS
PREVIOUSLY PAID BY YOU BETWEEN DISCOVERY OF THE FAILURE OF THE SOFTWARE TO OPERATE IN CONFORMITY
WITH THIS WARRANTY AND THE RETURN OF THE SOFTWARE AS REQUIRED BY THIS AGREEMENT.
7. Limitations on Liability. IN NO EVENT SHALL LICENSOR BE LIABLE FOR INCIDENTAL, INDIRECT, SPECIAL, OR
CONSEQUENTIAL DAMAGES, OR FOR LOST PROFITS, SAVINGS, OR REVENUES OF ANY KIND, OR FOR LOST DATA OR
DOWNTIME, REGARDLESS OF WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE CUMULATIVE LIABILITY OF LICENSOR TO YOUR ORGANIZATION FOR ALL CLAIMS RELATING TO THE SOFTWARE
OR THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR TORT, INCLUDING
NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF ALL FEES PAID TO
LICENSOR HEREUNDER.
8. Miscellaneous. The provisions of Sections 4, 6, 7 and this Section 8 shall continue to apply in accordance with
their terms, notwithstanding the termination of this Agreement.
References to "your organization" or "you" herein, for purposes of establishing the permitted use of the Software,
shall include the operations of any direct or indirect parent or subsidiary company or of any direct or indirect
subsidiary company of any such parent company. This Agreement and the rights and obligations of the parties with
respect to the Software shall be governed by Virginia law, as it applies to a contract negotiated, executed, and
performed in that state and without giving effect to principles of conflicts of law. Any legal action or proceeding
arising under this Agreement shall only be initiated in the courts of the Commonwealth of Virginia. Execution and
delivery of this Agreement by the parties indicates their intent to submit their disputes, their persons and their

property, generally and unconditionally, to the jurisdiction of such courts. Venue shall be proper in any such court.
If any action is brought by either party to this Agreement against the other party regarding the subject matter of
this Agreement, the prevailing party shall be entitled to recover, in addition to any other relief granted, reasonable
attorney fees and expenses of litigation.
YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND UNDERSTAND THIS AGREEMENT AND THAT BY
OPENING THIS PACKAGE, YOU MANIFEST YOUR ASSENT TO BE BOUND BY ITS TERMS AND CONDITIONS.
[ ] I ACCEPT
[ ] I DO NOT ACCEPT
This product includes software developed by XHEO INC (http://www.xheo.com).
(c) 2000 - 2007 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
OR OTHER DEALINGS IN THE SOFTWARE.
The Privaris plusID device complies with part 15 of the FCC Rules. Operation is subject to the
following two conditions: (1) This device may not cause harmful interference, and (2) this device
must accept any interference received, including interference that may cause undesired
operation.
Changes or modifications not expressly approved by the party responsible for compliance could void the user’s
authority to operate the equipment.
NOTE: The manufacturer is not responsible for any radio or TV interference caused by unauthorized
modifications to this equipment. Such modifications could void the user’s authority to operate the equipment.

Operators Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Operators Manual

Uploaded by

Copyright:

Available Formats

plusID Operators Manual (Basic and Professional Editions)

Getting Started ...................................................................................................................................... 5

What is a plusID? ................................................................................................................................ 5

What is plusID Manager? .................................................................................................................... 5

Minimum System Requirements .......................................................................................................... 5

plusID Security .................................................................................................................................... 6

PIN-Based Security ......................................................................................................................... 6

Key-Based Security (plusID Manager Professional Edition Only) ..................................................... 6

Initial Software Configuration ............................................................................................................... 7

Installing the plusID USB Driver ........................................................................................................... 7

Installing the Software ......................................................................................................................... 7

Component Selection ...................................................................................................................... 8

Setting up the Database ...................................................................................................................... 8

Installing to an Existing Database Server......................................................................................... 9

Installing to a New Database Server ................................................................................................ 9

Key Server Installation .................................................................................................................. 10

User Management ............................................................................................................................. 12

Document Revision 2008071101 Page 1 of 55

Editing an Existing User ................................................................................................................ 12

Deleting an Existing User .............................................................................................................. 12

Importing New Users from an Existing System .............................................................................. 12

Report Types ................................................................................................................................ 13

Printing and Exporting ................................................................................................................... 13

Key Server Remote Access ........................................................................................................... 14

Default Device Settings ..................................................................................................................... 14

Security Settings ........................................................................................................................... 14

Timeout Settings ........................................................................................................................... 15

User Logon Settings ...................................................................................................................... 15

Long Range Settings ......................................................................................................................... 16

Unlocking the Device..................................................................................................................... 18

Physical Access Credentials.......................................................................................................... 22

Firmware Upgrades ....................................................................................................................... 26

Reissuing a Device ....................................................................................................................... 27

Resetting a Device to Factory Defaults .......................................................................................... 27

Customizing Device Settings ......................................................................................................... 28

Extracting Device Data .................................................................................................................. 28

Document Revision 2008071101 Page 2 of 55

Connecting to the Database .............................................................................................................. 28

Backup and Restore .......................................................................................................................... 29

Operator Management ...................................................................................................................... 30

Configuring the Key Server................................................................................................................ 31

Long-Range Transceiver Configuration Tool ..................................................................................... 32

Connecting to the long-range transceiver........................................................................................... 32

Features of the tool ........................................................................................................................... 33

Settings Tab ...................................................................................................................................... 33

Managed/Legacy Mode ................................................................................................................. 33

Standalone/Standard Mode ........................................................................................................... 33

Utilities Tab ....................................................................................................................................... 34

Firmware upgrade ......................................................................................................................... 34

Logical Access .................................................................................................................................... 34

Certificate-Based Authentication ........................................................................................................ 34

System requirements .................................................................................................................... 35

How to Log On using Certificate-based Authentication................................................................... 36

Non-certificate Based Authentication ................................................................................................. 37

How to Log On using Non-Certificate-based Authentication ........................................................... 37

Appendix A - Gate and Vehicle Solution ............................................................................................ 39

Appendix B Pairing your plusID to your Bluetooth-enabled Computer ........................................... 42

Appendix C – plusID Troubleshooting ............................................................................................... 44

Appendix D - Overview of plusID Device Light Behavior................................................................... 47

Appendix E - plusID Battery Recharge Instructions .......................................................................... 49

How to Charge .................................................................................................................................. 49

How Long to Charge.......................................................................................................................... 49

Document Revision 2008071101 Page 3 of 55

Appendix G - Minimum System Requirements for a plusID Deployment ......................................... 51