Date printed: 03-29-2024   Last updated: 12-23-2015

To view our complete support knowledge base and most current version of this article visit support.timeips.com.
316-264-1600
Information
Sales
Support

Applies to versions: 2.3, 2.4, 2.5, 3.0, 3.1, 3.2



Biometric Validation



IMPORTANT:

TimeIPS has a biometric privacy policy, available on our public web site. We recommend that any company or organization using biometrics work with legal council to draft and deploy their own biometric privacy policy.  The policy should be written in a way that suits the laws of your state, along with the needs of your organization/business.

 

Because state laws and individual needs vary greatly, we are not able to provide an example or template for such a document. However, doing a web search for "biometric policy" provides further information and some examples for various states including Illinois which has the "BIPA" legislation to regulate the use of biometrics.

 

We highly recommend consulting with an attorney to create and implement a biometric policy wherever biometrics are used.

 

In addition, we highly recommend consulting with an attorney for guidance on obtaining written consent from employees before allowing them to use any biometric devices, including a TimeIPS network clock. In some cases, TimeIPS may also require written consent from employees before using Biometrics and/or TimeIPS may phase-out support for biometrics.

TimeIPS can validate employee identification using biometric fingerprint authentication. Employees clock in and out of TimeIPS and are asked to present their finger or thumb for validation. You can deny the clock event or send an email warning if the validation fails.

 


Using the left pane Main Menu » Administration, click on: Clocking » Biometric Validation


     

  1. Set the Biometric Settings: These settings allow you to set up Biometric Validation for all employees. (If necessary, you can adjust settings for individual employees in step 2.)
    1. Choose System Default Biometrics Threshold: Select the level of authentication security appropriate for your work environment. The higher security levels make it nearly impossible to clock as another individual, but may cause occasional false negative readings, requiring the employee to re-authenticate.
    2. Upon Authentication Failure: If an employee fails to authenticate within the allowable number of attempts, the specified action will be taken.
    3.  Allowable Identification Attempts: The number of times an employee can attempt biometric validation per clock.
    4. Enrollment Biometrics Capture Method: Multi-read enrollment uses the best of multiple reads to create each Template. Quick enrollment uses a single read to create each Template.
    5.  Number of Captured Templates on Enrollment: Number of separate Templates that are stored per employee at the time of enrollment. Additional Templates can reduce authentication failures, but may slightly increase the chance of false positives. Warning: Allowing multiple Templates could allow more than one individual to enroll, thereby allowing multiple individuals to authenticate. When using multiple Templates, supervised enrollment is advised.
      • If you select a smaller "Number of Captured Templates on Enrollment" above, then the Reduce Stored Templates option appears. Some employees may already have more Templates than the new value. Choose whether or not these employees will have their number of Templates reduced to match the new value.



    6. Enroll Missing Templates: If employees have some Templates, but the number is smaller than the "Number of Captured Templates on Enrollment" option above, should the clock request additional enrollments the next time the employee attempts to clock?
    7. Number of Templates for Progressive Enrollment: Progressive Templates can be used to supplement Templates captured on initial enrollment. To activate Progressive Enrollment, select a number of additional Templates to be created. These are created automatically each time an employee successfully clocks to improve matching performance over time.
    8. Relay Triggers Require Biometric Authentication: By default, employees must pass biometric authentication to trigger relay functions. Disable this option if relay triggers must occur as soon as a valid employee id/badge is read. This is useful in some access control systems. To Disable, choose No from the drop down.
    9. Enter the number of seconds the system will wait to receive a valid read for the Biometric Read Timeout
    10. Click on the Update Biometric Settings button to apply the settings.
  2.  

     

  3. (Optional) If you have individual employees that should have different security levels or failure actions: 
    1. Open Employees -> Employees and click the + (plus) sign in front of the employee's name.
    2. Click on the Biometrics tab.
    3. Select the employee's Biometrics Security Level and the Action on Failure options from the pull-downs.
    4. The Number of Templates as well as the Number of Progressive Templates will be shown. Pressing the Clear Templates button will remove all Templates, and will therefore require the employee to enroll again.
    5. Click the details buttons to view how many times and when the Templates were last matched.
      • To remove individual Templates, click the red X next to the match.
    6. Click on the Save Row button to apply the settings.
  4.  

  5. Have employees Enroll their Fingerprints.
    NOTE: Employees will be prompted to enroll their fingerprints the next time they attempt to clock in or out once the Biometric device has been installed and the Biometric Settings have been applied.
    1. Clock in or out as usual (swipe badge or enter ID on keypad and press ENTER).
    2. Follow the visual and audio directions to enroll then authenticate.
      NOTE: Use the ball of the finger (not the tip) and press firmly enough that the finger makes good contact with the read area.

      NOTE: Once the enrollment is complete, TimeIPS will load the enrolled fingerprint(s) so your clock in or out from step 3a can be authenticated. These enrolled fingerprints are referred to as Templates.

 

 

 

Enrollment

 

Recommended Enrollment Method

  1. Set "Enrollment Biometrics Capture Method" to Multi-read.
  2. Set "Number of Captured Templates on Enrollment" to 2.
  3. Set "Number of Templates for Progressive Enrollment" to 10.
  4. When employees enroll, have them:
    • present their right index finger straight on for the first capture,
    • present their left index finger straight on for the second capture

 

 

Alternative Enrollment Method

This procedure captures a large surface area for one finger and the main surface for another digit (in case of injury to the first finger).

  1. Set "Enrollment Templates Capture Method" to Quick.
  2. Set "Number of Captured Templates on Enrollment" to 5.
  3. When employees enroll, have them:
    • present their thumb/finger straight on for the first capture,
    • roll the thumb/finger to the left for the second capture,
    • to the right for the third capture,
    • the top of the thumb/finger for the fourth capture,
    • and a different finger straight on for the fifth capture.

 

 

Progressive Enrollment

The TimeIPS system has the ability to “learn” each time a user provides a fingerprint. If the fingerprint is a match to a stored fingerprint, the TimeIPS system generates and stores a new Template based on the current Template for future matching. For each new Template that is stored, an old Template that has not been used for matching is discarded.

This method allows users to provide fewer enrollment Templates (saving time), reduces false-negatives over time as the system can more easily recognize the employee, and accommodates fingers or swipe methods that change over time.


This will allow the maximum amount of stored Templates and when 10 has been reached the 11th good match will be stored and will automatically remove the least used Template in the system thereby always maintaining the best 10 matches for that employee.

Note: Employees using Biometric Validation automatically enroll by using the biometric sensor one or more times on their first clock attempt. Re-enroll employees who have trouble validating by selecting "Clear."

 

 

 

 

If an employee has consistent authentication failures:

There are two types of errors you may see when an employee attempts to authenticate using biometrics: "Could not read finger print" indicates that the reader is unable to take a good scan of the print, and therefore could not create a Template and/or match an existing Template. If you received this message:

  • When employees touch the sensor, they must use the "ball" of their fingers (not the tip).  If they're doing it correctly, the finger will be straight, not curled.
  • Make sure the employees press reasonably firmly on the sensor.  The finger must spread out over the surface of the sensor so the sensor can read it.
  • Employees should press on the sensor fairly quickly.  They should not hesitate.  A slow touch or touch-release-touch can confuse the reader.
  • Press the finger on the sensor and hold it still for a couple of seconds.  If the clock doesn't seem to read the finger, twist your finger slightly, or slide it just a bit, and hold it again for a couple of seconds.
  • Fingers read much better if they have a slight bit of moisture.  If hands are very dry, try using a bit of hand lotion.  If lotion is not available, just take a deep breath and slowly exhale onto the finger for a few seconds.  Then, immediately press the finger to the sensor.
  • Ensure that employee hands are clean.  Employees should wash their hands if needed. It is advisable to provide towels for employees to properly dry their hands after washing as excessively wet fingerprints will also fail to read.
  • Try different fingers. Some fingers may not have sufficient fingerprint detail to be used. Try the thumb or other fingers. Try both hands.
  • The second message of "No match found" would indicate that a read was taken but the read wasn't a clear match to the data on file. This is not unusual especially for employees new to the biometric reader. In a situation like this, please try the following steps:

    If an employee injures the finger they use for clock in/out:

     

     

     

     

    Fingerprint Storage

    TimeIPS captures fingerprint data for each employee. As required by various state laws, TimeIPS does not store or transmit the employee's actual fingerprint. Instead, the TimeIPS reader looks for and "maps" the pattern on the finger or thumb into a "hash" or mathematical profile of the print using an algorithm.

    The profile data (our "templates") are stored as binary data to be used for later comparisons. It allows future prints to be analyzed and rated as to the degree of similarity to the original print(s). For convenience, the system is capable of storing up to ten print profiles per employee. We refer to these print profiles as "Templates".

    When an employee enters a PIN code or presents a badge, TimeIPS will prompt for a finger or thumb to be presented to the reader for validation. TimeIPS will, at that time, compare the data it is reading currently against the profile(s) it has stored on file for that specific employee number.

    The data stored within the system uses formatting and encoding that is proprietary to the TimeIPS system, and can not be used to re-create a fingerprint or for any purpose outside of TimeIPS.

     

     

     

     

    Examples

    Company 1 is set to Quick enrollment with 3 captures. The enrollment process begins when the employee clocks in for the first time. For the first capture, the employee places his thumb centered on the biometric reader for the single read. For the second capture, the employee tilts his thumb slightly to the left for the single read. For the final capture, the employee tilts his thumb slightly to the right for the single read.

    Company 2 is set to Multi-Read enrollment with 2 captured Templates. The enrollment process begins when the employee clocks in for the first time. For the first capture, the employee places his right thumb centered on the biometric reader for all three reads. For the second capture, the employee places his left thumb centered on the biometric reader for all three reads. The employee can clock in and out with either thumb. Again note that supervised enrollment is HIGHLY recommended for multiple captures to ensure that each employee enrolls with only his own thumbs.

    WARNING: Allowing multiple fingerprint captures could allow more than one individual to provide a finger/thumb at enrollment, thereby allowing multiple individuals to authenticate for one employee. When using multiple captures, supervised enrollment is advised.

     

    IMPORTANT:

    We recommend that any company or organization using biometrics work with legal council to draft and deploy a "biometric policy."  The policy should be written in a way that suits the laws of your state, along with the needs of your organization/business.

    Because state laws and individual needs vary greatly, we are not able to provide an example or template for such a document. However, doing a web search for "biometric policy" provides further information and some examples for various states including Illinois which has the "BIPA" legislation to regulate the use of biometrics.

    We highly recommend consulting with an attorney to create and implement a biometric policy wherever biometrics are used.



    See Also:
    Hand Punch Biometric Validation (1.6, 1.8, 1.9, 1.10, 1.11, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 3.0, 3.1, 3.2)
    Biometric Validation Troubleshooting (1.8, 1.10, 1.11, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 3.0, 3.1, 3.2)

    ©2004-2023 TimeIPS, Inc. All Rights Reserved - TimeIPS and the TimeIPS logo are registered trademarks of TimeIPS, Inc.
    "Intelligent Personnel System" "Run your Business. We'll watch the clock." are trademarks of TimeIPS, Inc.
    TimeIPS is protected by one or more patents. Patent No. US 7,114.684 B2.