0% found this document useful (0 votes)

24 views131 pages

PACS Service Manual

Uploaded by

erjon himaj

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

24 views131 pages

PACS Service Manual

Uploaded by

erjon himaj

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 131

PACS Service Manual

Codebench, Inc Voice: 561.883.3218

6820 Lyons Technology Circle Ste. 140 Fax: 954.426.8985
Coconut Creek, FL 33073 www.codebench.com
This page is intentionally left blank.
Contents
...................................

.....
Chapter 1 About This Manual ................................................................................................1
Who Should Use It..............................................................................................................................................1
Typographical Conventions ...............................................................................................................................1
Related Material..................................................................................................................................................2
Trademarks and Copyrights ...............................................................................................................................2

Chapter 2 System Overview...................................................................................................3

Hardware Architecture ........................................................................................................................................3
Software Architecture .........................................................................................................................................4
Hardware ............................................................................................................................................................4
Software..............................................................................................................................................................5
Operating System ...........................................................................................................................................5
FIPS 201 Product Compliance........................................................................................................................5
FIPS 140-2 Level 1 Requirement for PACS Plug-ins and Certificate Manager ..............................................5
Certificate Database........................................................................................................................................5
PKI Validation..................................................................................................................................................6

Chapter 3 PACS Service Installation and Uninstallation.....................................................7

Installing the PACS Service ................................................................................................................................7
Uninstalling the PACS Service .........................................................................................................................14
Relocating your Configuration Settings ............................................................................................................15

Chapter 4 Logging In and Licensing Options ....................................................................17

First Time Logging In ........................................................................................................................................17
Default Login .................................................................................................................................................17
Changing your password ..............................................................................................................................18
Main Interface ...................................................................................................................................................19
Licensing Options .............................................................................................................................................20
Download of your License Key......................................................................................................................20
Reader Services SDK License......................................................................................................................22
IDPublish License .........................................................................................................................................22
Manual Installation of your License Key........................................................................................................23

Chapter 5 Menu Bar ..............................................................................................................25

Service..............................................................................................................................................................25
Tools .................................................................................................................................................................25
PACS Service Configuration .........................................................................................................................25
Client Configuration Profile ...........................................................................................................................25
Manage Clients .............................................................................................................................................25
Check for Software Updates .........................................................................................................................32

Rev. 11162012 3
CONTEN TS

Enter or View License Information ................................................................................................................ 35

View Log File ................................................................................................................................................ 41
Change Server Logging Level ...................................................................................................................... 41
Run Data Import Now ................................................................................................................................... 41
Run Certificate Manager Now....................................................................................................................... 41
Database .......................................................................................................................................................... 42
Audit Log Reports ......................................................................................................................................... 42
Importing Audit Logs ..................................................................................................................................... 48
Card Operations............................................................................................................................................ 49
Validate ......................................................................................................................................................... 51
Physical Delete ............................................................................................................................................. 52
Logical Delete ............................................................................................................................................... 52
Help .................................................................................................................................................................. 53
PACS Service Manual .................................................................................................................................. 53
About............................................................................................................................................................. 53

Chapter 6 PACS Server Configuration................................................................................ 55

Application Tab................................................................................................................................................. 55
PACS Service Parameters............................................................................................................................ 56
PACS Service SSL Parameters.................................................................................................................... 56
SSL Key Password ....................................................................................................................................... 57
MultiPACS server parameters ...................................................................................................................... 57
PIVCheck Credential Database Connection ................................................................................................. 57
Users Tab ......................................................................................................................................................... 61
Remove User ................................................................................................................................................ 65
Export Users ................................................................................................................................................. 65
Import Users ................................................................................................................................................. 66
PACS Tab......................................................................................................................................................... 66
PACS Parameters......................................................................................................................................... 66
Data Import Parameters................................................................................................................................ 66
Events ........................................................................................................................................................... 67
Blacklist Plug-ins Tab ....................................................................................................................................... 68
Blacklist Parameters ..................................................................................................................................... 68
TWIC CCL Plugin.......................................................................................................................................... 69
Advanced PKI Configuration......................................................................................................................... 69
Basic PKI Configuration ................................................................................................................................ 69
Certificate Manager Tab ................................................................................................................................... 73
Certificate Manager Schedule....................................................................................................................... 73
Certificate Manager Email Alerts .................................................................................................................. 74
Certificate Manager Parameters ................................................................................................................... 74
Reader Services Tab........................................................................................................................................ 75
Reader Services ........................................................................................................................................... 75
Miscellaneous Parameters............................................................................................................................ 76
Send Reader Messages to PACS................................................................................................................. 76
Always Check Blacklist ................................................................................................................................. 76
Reader Services SSL.................................................................................................................................... 76
SSL Key Password ....................................................................................................................................... 78
Reader Services Clients ............................................................................................................................... 79
IDPublish Tab ................................................................................................................................................... 82
Enable IDPublish .......................................................................................................................................... 83

4 Rev. 11162012
.....
CONTEN TS

IDPublish SSL Configuration.........................................................................................................................83

IDPublish Clients...........................................................................................................................................86

Chapter 7 Client Configuration Profile................................................................................91

Chapter 8 PACS Events......................................................................................................111

Overview.........................................................................................................................................................111
Events .........................................................................................................................................................111

Chapter 9 Log4net...............................................................................................................113

Appendix A ...........................................................................................................................115
Reference Documents ....................................................................................................................................115

Appendix B ...........................................................................................................................117
Optional Configuration ....................................................................................................................................117
SQL Server Database Connection Fails to Connect...................................................................................117
Connecting Through a Web Proxy ..............................................................................................................119

Appendix C ...........................................................................................................................121
Modify the PACS Service Log On...................................................................................................................121

Rev. 11162012 5
CONTEN TS

This page is intentionally left blank.

6 Rev. 11162012
About This Manual
...................................
1

.....
This document is divided into the following chapters:

• Chapter 1, “About this Manual”.

• Chapter 2, “System Overview”, details the hardware and software specifications for the PACS Service.

• Chapter 3, “PACS Service Installation and Uninstallation”, describes in detail the steps required to install and uninstall the PACS
Service.

• Chapter 4, “Logging In”, describes in detail the steps required to log in to the PACS Service.

• Chapter 5, “Menu Bar”, provides information on options located on the menu bar.

• Chapter 6, “PACS Server Configuration”, describes in detail each tab located on the PACS Server dialog.

• Chapter 7, “Client Configuration Profile”, describes each of the tabs located on the Client Configuration Profile dialog.
• Chapter 8, “Log4Net”, describes the PACS Server message logging system.

• Appendix A, “Document References”, lists the document references in this manual.

• Appendix B, “Optional Configuration”, contains special configuration for certain scenarios.

Who Should Use It

...........................................................
This manual is intended for administrators who want to learn how to manage the PACS Services.

Typographical Conventions
...........................................................
This document uses the following typographical conventions:

• Command and option names appear in bold type in definitions and examples. The names of directories, files, machines,
partitions, and volumes also appear in bold.
• Variable information appears in italic type. This includes user-supplied information on command lines.

• Screen output and code samples appear in monospace type.

In addition, the following symbols appear in command syntax definitions.

• Square brackets [ ] surround user-supplied optional items.

• Angle brackets < > surround user-supplied values that are required.

• The construct "C:\" represents a regular Windows command shell prompt.

• Dollar signs $ represent macro names.

• Pipe symbol | separates mutually exclusive values for a command argument.

! This symbol denotes important information or values.

Rev. 11162012 1
ABOUT THIS MANUAL

This symbol denotes important information or values which are dependant upon additional software or configuration.
Not acknowledging this information properly may prevent the software from functioning properly.

Related Material
...........................................................
This document should be used in conjunction with the following documentation:

• Blacklist Plug-ins Guide

• PACS Plug-in Template XML File Specification

• OMNICheck User Manual

• PIVCheck Desktop User Manual

Trademarks and Copyrights

...........................................................
PIVCheck , OMNICheck and PKI at the Door are registered trademarks of Codebench, Inc.
PIVCheck Desktop Edition, PIVCheck Plus Desktop Edition, OMNICheck Plus Edition and PIVCheck Certificate Manager are trademarks
of Codebench, Inc.
Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows CE, Microsoft Mobile, Microsoft .NET, and Microsoft Compact
Framework are registered trademarks of Microsoft Corporation.

TWIC is a trademark of the United States Transportation Security Administration (TSA).

All other trademarked or copyrighted names mentioned herein are the property of their respective owners.

2 Rev. 11162012
System Overview
...................................
2

.....
The PACS Service is a Windows based application and can be installed on the same computer with the PACS system. While the most
common configuration is for all PIVCheck Desktop and OMNICheck clients at a site to communicate with a single PACS Server, there
may be rare cases where a large number of terminals could require multiple PACS Servers. That configuration requires additional
setup and configuration time and should be done only with the assistance of factory engineers.

Hardware Architecture
...........................................................
The physical topology of the PIVCheck system is shown below. A smart card reader and fingerprint scanner are attached to a desktop
PC, or integrated into a ruggedized PDA, known as a mobile biometric terminal. Regardless of whether PIVCheck is installed on a
desktop or integrated into a mobile biometric terminal, the identity verification process is the same. Once a PIV card is inserted into
the card reader, the PIVCheck operator collects cardholder data, validates the PIV card with the PKI or TWIC CCL plug-ins, and
uploads the captured data to the PACS.

While the certificate authority, TWIC Canceled Card List server, and the local OCSP/SCVP repeater are crucial to its functioning
properly, they are not part of the PIVCheck product.

Federal Bridge

TWIC CCL
(Canceled Card List)
Internet

LAN OMNICheck Plus

with PACS Registration

OCSP Responder
SCVP Responder
LDAP Directory Server
(PIV, PIV-I, CAC, FRAC)

PACS Server PIVCheck Plus

PIVCheck PACS Plug-in Desktop Edition
PIVCheck Certificate Manager

Rev. 11162012 3
SYSTEM OVERVIEW

Software Architecture
...........................................................
The PACS Service bundle consists of multiple sub-components:

• PACS Service - a TCP-based service that receives data elements extracted from smart cards

• PACS Plug-in - PACS-specific code that maps card data elements to the PACS cardholder and card fields

Available licensable options:

• Certificate Manager - an option that periodically re-validates the certificates that have been registered with the PACS and "knows"
how to suspend the PACS card's access. In most PACS, when a card or cardholder's status changes, the access control panels are
updated with the new status. When the cardholder presents their PIV credential to the reader, access is immediately denied. No
new equipment needs to be installed at the reader and no network drops are required.

• Fixed Reader Services - an option that provides a programmable interface to the PIVCheck PACS Service, enabling IP-based
readers to request information related to a given FASC-N. Based on XML-RPC, the Fixed Reader Service module exposes a
simple, yet secure API for cardholder information requests regardless of the PACS manufacturer.

• Data Import - an option that provides the ability to extract card data, access rights, user-defined cardholder information from the
PACS so that it is available to OMNICheck Plus when a card is presented. Allows operator to verify that a card is registered in the
PACS and has appropriate access rights. Ideal for use with proximity, DESFire and FIPS 201 cards.

• PIVCheck IDPublish - this option obtains data from supported Human Resources Information Systems (HRIS), Identity
Management Systems (IDMS), and/or Card Management Systems (CMS), and automates provisioning and de-provisioning users
and credentials to over 25 dierent physical access control systems using a standardized web services interface.

Hardware
...........................................................
The following table lists the minimum hardware requirements for a computer hosting the PACS Service:

Hardware Minimum Requirements

CPU 1.8GHz

Random Access Memory 1 gigabyte

Hard Disk Space 40 gigabytes

Requires network connectivity with certificate authorities for real-time card validation. PKI
Network
validation requires Internet connectivity.

4 Rev. 11162012
.....
SYSTEM OVERVIEW

.S. .o. f. t. w. . a. .r.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Operating System
The computer that hosts the PACS Service and Certificate Manager must support Microsoft Windows 7® Ultimate, Microsoft Windows
7® Professional, Microsoft Windows Vista® Ultimate, Microsoft Windows Vista® Business, Microsoft Windows Server®2008, Microsoft
Windows Server® 2003 R2 or Microsoft Windows XP® SP3 with Microsoft .NET Framework Version 2.0 installed.

FIPS 201 Product Compliance

This product, when used with PIVCheck Plus and the PIVCheck Certificate Manager complies with the following FIPS 201 Approved
Product List categories:

Category Certificate
PIV Authentication System #464, #528
CHUID Authentication System #468, #485
CAK Authentication System #486
Caching Status Proxy #464, #473, #497, #582
SCVP Client #465

FIPS 140-2 L evel 1 Requ irement for PACS Plug-in s an d Certificate Manage r
Several FIPS 201 approved product categories involve the use of cryptography. For those operations, PIVCheck software invokes
functions supplied by Microsoft’s Cryptographic API and Cryptographic Primitives Library. To meet GSA Approved Product List
requirements, certain cryptographic functions can only be provided by cryptographic modules that have been certified at FIPS 140-2
Level 1 or better. For APL compliance, PIVCheck PACS Plug-ins and PIVCheck Certificate Manager must be deployed on one of the
following operating systems:

Microsoft Windows operating systems and FIPS 140-2 certifications

Operating System Validated Version Certificate
Windows 7 Ultimate 6.1.7600.16385 #1326, #1331
Windows 7 Professional 6.1.7600.16385 #1326, #1331
Vista Ultimate Edition 6.0.6000.16386 #893
Vista Ultimate Edition SP1 6.0.6001.22202 #1002
Windows XP Professional SP3 5.1.2600.5507 #989
Windows Server 2008 6.0.6001.22202 #1010
Windows Server 2008 R2 6.1.7600.16385 #1337
Windows Server 2003 5.2.3790.0 #382
Windows Server 2003 SP1 5.2.3790.1830 #382
Windows Server 2003 SP2 5.2.3790.3959 #868
Windows Server 2003 SP2 5.2.3790.4313 #1012

Certificate Database
The Certificate Manager is compatible with any SQL database supported by the Microsoft .NET Framework 2.0, including Oracle,
Microsoft SQL Server, and Microsoft Access as well as Firebird 2.0.

Rev. 11162012 5
SYSTEM OVERVIEW

PKI Validation
PKI validation requires access to online resources managed by the certificate issuing authority. For U. S. Government deployments, this
usually means that the computer or mobile device will need to connect to the Federal PKI Bridge. If the computer is able to access the
CRLs and CA certificates listed at:
http://www.idmanagement.gov/fpkima/documents/fpki_gov_sitemap.pdf,
then it should generally be able to access all of the required online resources.

For DoD end-users, if the computer or mobile device can access the root certificates listed at:
http://dodpki.c3pki.chamb.disa.mil/rootca.html
then it should be able to access all of the required online resources.

6 Rev. 11162012
PACS Service Installation and Uninstallation
...................................
3

.....
Installing the PACS Service
...........................................................
Double-click the executable file to start the Setup Wizard.

Click the Next button to view the license agreement.

Rev. 11162012 7
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

After reading the License Agreement, select the “I accept the terms of the License Agreement” checkbox, and then press the Next button.
If you do not accept the license agreement, press the Cancel button to end the installation.

8 Rev. 11162012
.....
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Choose the option which is defined by your site administrator. Press the Next button to continue.

Rev. 11162012 9
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Check this option to have a PIVCheck PACS Service shortcut placed on your desktop. Press the Next button to continue.

10 Rev. 11162012
.....
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Accept the default install directory or use the Change button to navigate to another location in your file system. Press the Next button
to continue.

Rev. 11162012 11
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Press the Install button to begin the installation.

12 Rev. 11162012
.....
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Press the Finish button to complete the installation.

Rev. 11162012 13
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Uninstalling the PACS Service

...........................................................
To uninstall the PACS Service click Start > Settings > Control Panel.

Double click the Add or Remove Programs icon to launch the uninstall utility.

Highlight PACS Service from the Add or Remove Programs list, then click the Remove button.

The popup dialog warns that by clicking Yes, the selected program will be removed from your computer.

Select Yes. You have successfully uninstalled the PACS Service from your computer.

14 Rev. 11162012
.....
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

Relocating your Configuration Settings

...........................................................
The PACS Service allows you to save and reuse the configuration settings to avoid having to re-configure your next installation of the
application.

To retrieve your configuration settings navigate to the following directory:

C:\Program Files\Codebench\<PACS plug-in directory>

From the Edit menu choose Select All. From the Edit menu choose Copy.

Following the fresh install of PACS Service to a directory other than the default directory, simply paste the previously copied files to the
new installation directory. When asked if you would like to overwrite the existing files, choose Yes. When you run the PACS Service for
the first time it will have all of your previous configuration settings still intact.

Rev. 11162012 15
PA C S S E R V I C E I N S T A L L A T I O N A N D U N I N S T A L L A T I O N

This page is intentionally left blank.

16 Rev. 11162012
Logging In and Licensing Options
...................................
4

.....
First Time Logging In
...........................................................
Default Login
Enter the default operator User ID (admin) and Password (password) into the Login dialog.

If you have already configured the PACS Service Administration GUI to log the current user in using SSO, you will be logged in
automatically. You may use the shift key to cancel the automatic login. (Note that SSO does not occur when this is the very first time
you have logged in after a new installation).

Rev. 11162012 17
LOGGING IN AND LICENSING OPTIONS

Changing your password

To change your password, launch the PACS Service. On the Login dialog, press the Change password... link under the Password text
field.

This displays the Change Password dialog.

Your new password must be at least 8 characters long. The red reminder will disappear and the OK button will be enabled as
! the 8th character is typed.

After successfully logging in, the PIVCheck PACS Plug-in main interface is displayed.

18 Rev. 11162012
.....
LOGGING IN AND LICENSING OPTIONS

Main Interface
...........................................................
The PACS Service Administration main interface is divided into two panels with a control bar across the top. The left-hand panel
organizes all PIVCheck PACS Plug-in server configuration settings. The right-hand panel organizes a client configuration profile, a
collection of settings that can be downloaded by PIVCheck and OMNICheck clients.

The control bar indicates the state of the PACS Service. When the PACS Service is running, the Start the PACS Service button is
grayed out. When the PACS Service is stopped, the Stop the PACS Service button is grayed out.

Rev. 11162012 19
LOGGING IN AND LICENSING OPTIONS

Licensing Options
...........................................................
The PACS Service does not need to be licensed unless any of the following options have been purchased: Certificate Manager, Reader
Services, IDPublish, Data Import. If any of these options have been purchased, then you can either download the license or enter the
license manually. To enter your license, select the Enter or View License Information option from the Tools pull-down menu to launch the
License Manager dialog.

Do wnload of your License Key

A connection to the internet is required for this procedure. Press the Download button to view the License Key Input dialog.

20 Rev. 11162012
.....
LOGGING IN AND LICENSING OPTIONS

Select the Download license key button.

If your license was downloaded and installed, you will see the following dialog.

Rev. 11162012 21
LOGGING IN AND LICENSING OPTIONS

Click Ok to return to the License Manager. The Licensed components area should now display the components you have purchased.

Reader Services SDK License

A separate license is used to indicate the number of authorized clients that are allowed. The license controls how many clients can be
configured.

SDK License key

The SDK License key field is the license key that controls how many Reader Services clients may be used. Enter the license key value
provided and the rest of the fields will immediately update.

Licensed
The Licensed field displays number of Reader Services clients allowed by the SDK license key. This field automatically updates when the
license key is changed.

IDPublish License
A separate license is used to indicate the number of registrations that are allowed.

IDPublish License Key

The IDPublish License key field is the license key that controls how many credential records may be registered via IDPublish. Enter the
license key value provided and the rest of the fields will immediately update.

22 Rev. 11162012
.....
LOGGING IN AND LICENSING OPTIONS

Licensed
The Licensed field displays the number of credential records allowed by the IDPublish license key. This field automatically updates
when the license key is changed.

Man ual Installation of you r License Key

Some installations may not have an active internet connection. To obtain a license you will have to contact Codebench Technical
Support and provide a System ID.

Rev. 11162012 23
LOGGING IN AND LICENSING OPTIONS

When you receive your license, simply enter your license key and you will know instantly if your license is valid. In the Licensed
components area you should now see the components you have purchased. Press OK to close the License Manager

If the license you entered is invalid, then the key will be colored red. Please check your key and try to re-enter it.

24 Rev. 11162012
Menu Bar
...................................
5

.....
Service
...........................................................
Use the Service main menu option to Start, Stop or Restart the PACS Service..

Tools
...........................................................
PACS Service Configuration
See “PACS Server Configuration” on page 55.

Client Configuration Profile

See “Client Configuration Profile” on page 91.

Manage Clients
All PIVCheck Plus and OMNICheck Plus clients must be authorized by a PACS Service before they can upload audit records ,
download TPKs and person data. To authorize a client, click Tools -> Manage Clients.

Rev. 11162012 25
MENU BAR

The Manage Clients dialog is displayed:

Click the Add button to launch the Client Information dialog.

26 Rev. 11162012
.....
MENU BAR

A client is uniquely identified by its System ID. Enter the client’s System ID and provide a brief description about the client, i.e. the
client’s serial number, location, level of security.

Rev. 11162012 27
MENU BAR

Access Rights Tab

The Access Rights tab contains a set of configurable access options managed by the PACS Server. These options are pushed out to
PIVCheck and OMNICheck clients whenever they synchronize with the server. To configure these options select the Access Rights tab.

Filter by
Entry field used to filter out the access rights displayed in the Available access rights list.

28 Rev. 11162012
.....
MENU BAR

Available Access Rights

A list of access rights that exist in a PACS. To enable the retrieval of the available PACS access rights, select the Import access rights
option from the PACS tab of the Server configuration.

Assigned Access Rights

This Assigned Acces Rights list contains the access rights assigned to the client. This provides the following benefits:

• speeds up data synchronization between the master database and the client’s cached database.

• speeds up card lookup in the PACS database when the client is set to online mode.

• limits the access rights available for assignment during cardholder registration.

Rev. 11162012 29
MENU BAR

Passage Tab
The Door/Gate Control tab contains a set of configurable door/gate options managed by the PACS Server. These options are pushed out
to PIVCheck and OMNICheck clients whenever they synchronize with the server. To configure these options select the Door/Gate Control
tab.

PIVCheck Plus Desktop Edition or OMNICheck Plus Mobile simply reports the appropriate card number to the panel. The access control
panel or its host ultimately decides whether a door or gate should be unlocked.

Use PIVCheck Passage

By checking this option, PIVCheck Plus Desktop Edition or OMNICheck Plus Mobile will automatically send a Wiegand card number to
the specified PACS panel. If the option is unchecked, no attempt is made.

Use PIVCheck Passage Registration Mode

Upon successful verification of a credential, PIVCheck Plus Desktop Edition or OMNICheck Plus Mobile will send a Wiegand card
number to the specified PACS panel. If the option is unchecked, no attempt is made.

Prompt Operator for Door or Gate

If this option is selected then the PIVCheck Plus Desktop Edition or OMNICheck Plus Mobile operator will be prompted to select a door or
gate. Remember, the operator's selection of door or gate does not necessarily unlock the door or gate. A wiegand signal is simply sent to

30 Rev. 11162012
.....
MENU BAR

the panel indicating that this card was presented at this particular reader and requests that the door or gate be opened. It is ultimately
up to the PACS to decide whether or not access is granted or denied.

Description
Enter a meaningful description of the door or gate unlocked by the Wiegand data converter.

Network Address
This is the network address of the Wiegand data converter connected to the PACS panel. Network-based panels usually have their
own IP address.

Port Number
This is the TCP port number upon which the Wiegand data converter is configured to listen for messages.

Test
Click this button to send a test message to the Wiegand converter. The test message does not include a card number.

FASC-N Format
Select the format this Wiegand converter will send to the panel when a PIV-compliant smartcard credential is verified. This format is
also used by DESFire credentials that are designed to appear to reader hardware as a PIV-compliant credential.

• FASC-N 200 Bit

• FASC-N 75 Bit TSA

Rev. 11162012 31
MENU BAR

• FASC-N 75 Bit GSA

• FASC-N 64 Bit LSB

• FASC-N 64 Bit MSB

• FASC-N 48 Bit GSA

• FASC-N 48 Bit TSA

Default Format
Select the format this Wiegand convertor will send to the panel when a legacy credential is presented. This format is used, primarily, for
Proximity and DESFire credentials, but key fobs and other non-FIPS credentials may use it.

The following PACS card Wiegand formats are available:

• PIV-C 128 Bit GUID

• PIV-I 128 Bit GUID

• CIV 128 Bit GUID

• DoD Barcode 248 Bit

• Card ID 26 Bit

• Card ID 34 Bit
• Card ID 36 Bit

• Card ID 3701

• Card ID 3702

• Card ID Corporate 1000

Although it is best to manage door control from the PACS Server and use the Synchronize Configuration tool to download the correct
formats for the correct PACS panels, door control functionality can also be customized locally on the client.

Delay
If you intend to use the door control to send Wiegand reads after PIVCheck Plus Desktop Edition registers a new card or cardholder, you
may need to impose a delay to allow the card information to propagate from the PACS to the panel.

Ch eck for Software Updates

There are multiple ways to upgrade to the latest release of the PACS Service. The method you choose will depend upon whether you
have network connectivity and whether your software is properly licensed. You can:

• request the application to upgrade the software, in-line

• use a web browser to download the software and install it manually, or

• copy the software from a removable or network drive and install it manually

In-Line Software Download

To use the this method, you must have an Internet connection and a licensed copy of the software with a revision level of 1.1.5.0 or better.

32 Rev. 11162012
.....
MENU BAR

Click the Tools drop-down menu and select Check for Software Updates…

The following dialog will be displayed:

Click the Check for latest version button to see whether any updates are available.

Rev. 11162012 33
MENU BAR

If a newer version is available, it will be displayed as shown in the following illustration:

At this point, click the Download latest button to upgrade the software, and the following dialog will be displayed. Otherwise, click Cancel
to close the dialog.

When the download is complete, you will be prompted to allow the installer to shut down the current application instance.

34 Rev. 11162012
.....
MENU BAR

Click Yes to commence the installation.

Click the Next button to upgrade the current installation. (Your configuration settings will be preserved). Follow the prompts until the
software installation is complete.

Enter or View License In formation

The PACS Service can be upgraded with the following licensed options:

Certificate Manager
The Certificate Manager re-validates the certificates stored in its database on a periodic basis. This gives the PACS Plug-in the ability
to deny cardholders with revoked credentials access to controlled areas within a facility.

If you choose not to license the Certificate Manager, new cardholders are registered in the PACS. However, once a cardholder’s
credentials have been validated at registration, the PACS Plug-in does not re-validate the certificates associated with those
credentials.

Reader Services
Reader Services option enables one or more biometric readers to obtain fingerprints, TWIC privacy keys, cryptographic information to
validate credentials in real-time.

Data Import
The Data Import option is for populating the PIVCheck credential database with credentials extracted from the PACS. This allows
OMNICheck clients to verify and display access control information about cards that weren't registered by PIVCheck Plus.

IDPublish
The IDPublish option obtains data from supported Human Resources Information Systems (HRIS), Identity Management Systems
(IDMS), and/or Card Management Systems (CMS), and automates provisioning and de-provisioning users and credentials to over 25
dierent physical access control systems using a standardized web services interface.

Rev. 11162012 35
MENU BAR

To license the PACS Service, select the Enter or View License Information option from the Tools pull-down menu to launch the License
Manager dialog.

Manual Installation of your License Key

Some installations may not have an active internet connection. To obtain a license you will have to contact Codebench Technical Support
and provide a System ID.

36 Rev. 11162012
.....
MENU BAR

Rev. 11162012 37
MENU BAR

If the license you entered is invalid, then the key will be colored red. Please check your key and try to re-enter it.

In-Line Installation of your License Key

A connection to the internet is required for this procedure. Press the Download button to view the License Key Input dialog.

38 Rev. 11162012
.....
MENU BAR

Select the Download license key button.

If your license was downloaded and installed, you will see the following dialog.

Rev. 11162012 39
MENU BAR

In the Licensed components area you should now see the components you have purchased. Press OK to return to the License Manager.

40 Rev. 11162012
.....
MENU BAR

View Log File

The PACS Service log file contains debugging messages of all the PACS Service events.

Change Server Logging Level

By default Informational Messages Only is set. If you run into a card, registration, client, server or system error, you may be asked to
switch to Informational and Debugging Messages. This will assist troubleshooting the issue by recording advanced debugging
messages.

Run Data Import Now

This option starts up the Data Import process.

Run Certificate Manager Now

This option starts up the Certificate manager process.

Rev. 11162012 41
MENU BAR

Database
...........................................................
Audit Log Reports
The audit log is a record of PIV credential validation history. Every PIVCheck and OMNICheck client records the outcome of every card
validation session. Those sessions can be uploaded to the PACS server where it they can be reviewed in the form of Audit Log Reports.
Sessions can be sent in real-time or in batch mode.

For more information on exporting audit logs, see the section titled Exporting Audit Logs in the PIVCheck Desktop or
! OMNICheck User Manuals.

After selecting the Audit Log Reports menu option, the following dialog is displayed:

From here, you can double click on any audit log report. Default reports are denoted with a lock icon.

42 Rev. 11162012
.....
MENU BAR

The following is a sample of report output from the All Audit Records report:

Other options are available by right-clicking on a selected report to display the context menu or in the pull down menu:

Rev. 11162012 43
MENU BAR

You can edit the existing default audit log report queries, however, any updates will have to be saved in a new report query. The default
report queries cannot be overwritten. To edit an existing query to be saved to a new query report, select a report from the list, right click
and choose the Edit… option. An SQL edit dialog is displayed:

You can modify the query, and once the text has been updated inside the dialog, the Save As… button is enabled:

So save the report, click the Save As… button.

44 Rev. 11162012
.....
MENU BAR

You will then be prompted to provide a name for the report. Choose a name for the report and click OK.

The new report will be added to list of reports in the left-hand pane. Notice that no lock accompanies your new report. The lock icon is
only for the default log reports and it signifies that the files cannot be overwritten. For example, after saving the updated SQL query
above in a new report called Failed Authentication by Row ID, the list of Audit Reports is updated and now displays the new report:

Rev. 11162012 45
MENU BAR

The Export… context menu option allows you to save your report output to a CSV file. When selecting this option, the Export to CSV file
dialog is displayed:

You can select which table columns to include in the output.

46 Rev. 11162012
.....
MENU BAR

If accepting all defaults, after clicking the Export button on the dialog, the saved data will be rendered in Notepad:

Rev. 11162012 47
MENU BAR

Another way to save report output data to a file is to select some rows, then right-click, and select Copy from the context menu. Typing
Ctrl-C in some selected rows will produce the same result.

This copies the selected rows to the Windows Clipboard from which then you can choose to paste it into an editor or spreadsheet. If
pasting into Microsoft Excel, first set the cell type to Text so that FASC-Ns are not treated as floating point numbers.

Importing Audit Logs

To import a previously exported audit log file, select Import Audit Log under the Database drop down menu.

48 Rev. 11162012
.....
MENU BAR

Within the Import Audit File dialog box, you may select a text file that was previously exported from a PIVCheck or OMNICheck client
using the Browse button. Once a file has been selected, the Start button is enabled. You may use the Start button to begin the import
process.

The import may take several minutes depending upon how many records are being imported. Once it is complete, you should see a
message indicating the success of the import.

Card Operations
Sometimes it becomes necessary to mark a card record in the PIVCheck credential database as "deleted" so that its certificates will
no longer be re-validated. It may also become necessary to completely delete a card. To delete card records from the PIVCheck
credential database, select Delete Card located under the Database drop down menu. Deleting a card from the PIVCheck credential
database has no effect on the attached PACS database.

Rev. 11162012 49
MENU BAR

In the Card Operations dialog, you may search for existing card records by entering a value in the Search box. The value entered can be
either a cardholder’s complete or partial name, card identifier or any alphanumeric string.

By clicking the Search button, the Results area will display any card records that match the search criteria. If a record is located, you may
select it and then click the Validate, Physical Delete, or Logical Delete button to remove the record from the system. To select and delete
multiple records at once, press and hold the control (Ctrl) key while clicking on each record.

The following example shows multiple card records within the database, which match the numerical search string. The number of
returned results will display on the bottom left, directly above the Close button.

The results displayed include a listing of the identity’s name, Card ID, credential status and PACS where each credential record exists.

If the search string returns no results, you will be notified that 0 records were found.

50 Rev. 11162012
.....
MENU BAR

Valid ate
The Validate button offers an “on demand” way to validate a single credential against the blacklists. In the Search field add criteria to
find the Card ID.

When the card you are searching for is displayed in the Results window, left-click on the Card ID to highlight it.

Rev. 11162012 51
MENU BAR

Click the Validate button to check the highlighted card against the blacklist. Upon a successful check you will see the following prompt.

If the validation is unsuccessful, a failure message is displayed and the PACS service suspends the credential at the PACS of the
selected record.

Ph ysical Delete
The Physical Delete button removes the selected card record(s) and the data associated with the selected card record(s) from the
PIVCheck credential database If an audit is performed after a card(s) is deleted, the physically deleted card record(s) will not be
available.

Use caution when deleting records as data from the following tables will be removed immediately upon clicking the
Physical Delete button: Cards, PersonData, TWICPrivacyKeys, and Certificates.

Logical Delete
The Logical Delete button button changes the status of the selected card record(s) to "disabled". The selected card records and the data
associated with them are preserved in the PIVCheck credential database. Logically deleting a record does not affect the card's status
within the PACS.

If blacklist checking and Certificate Manager have been properly configured in the PACS server, it’s safe to assume that a previously
revoked card, has already been suspended in the PACS.

The Certificate Manager excludes disabled cards from all blacklist checks. This is a very useful feature when a card record is no longer
active within the physical access control system, but must be displayed when internal audits are performed.

52 Rev. 11162012
.....
MENU BAR

Help
...........................................................
PACS Service Manua l
This option launches the Adobe Reader application to display the MultiPACS Service Manual.

If Adobe Reader is not installed in the computer a message is displayed:

To install Adobe Reader, refer to the Adobe company website.

About
This option displays the About dialog.

Rev. 11162012 53
MENU BAR

The About dialog displays the application name, copyright messages, software version and a link to the company’s support website.

54 Rev. 11162012
PACS Server Configuration
...................................
6

.....
Application Tab
...........................................................
The Application tab is used to tell the PACS service on which port to accept incoming requests from PIVCheck desktop and mobile
clients and whether to use SSL when the clients upload cardholder data, audit logs, or exchange configuration information.

Rev. 11162012 55
PA C S S E R V E R C O N F I G U R A T I O N

PACS Service Parameters

Server Port Number
This is the port that the PACS Service is set to listen on. Typically this is not changed. By default all PIVCheck and OMNICheck clients
are set to communicate on this port. Remember if you change this port here, then you also have to change it on each of the PIVCheck or
OMNICheck clients.

PACS Service SSL Pa ra meters

Encrypt Communication using SSL
If this is checked, then the SSL key created here has to be installed on each of the clients.

SSL Key
This is the private key used for securing the SSL connection. Use the Browse... button to choose a key or the Generate... button to
generate one.

Generating Your Own Key

Friendly Name
Name of certificate used for display purposes. This may be any name that can help easily identify the key being generated.

Key Length
The number of bits used for generating the key. The general rule of thumb is the greater the size of the key, the more secure it is.
However, as the size increases, so does the length of time required to use the key.

Type
Choosing Self-signed certificate will generate a key pair (X509 certificate and corresponding private key). A Personal Information
Exchange (.pfx) file is produced as a result of the generate process. This file contains both the certificate itself as well as the private
key. The private key is password protected.

56 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

The Certificate request option will produce a Certificate Signing Request file (.csr). It can be used for a Certificate Authority to sign
and produce an X509 certificate based on the parameters in the .csr file.

Lifetime
This is the number of days for which the certificate will be valid. This only applies when generating a Self-signed certificate as the CA
will decide how long the certificate will be valid for when it issues one.

Country
The Country field is the name of the country in which the certificate will be used.

State
The State field is the name of the state in which the certificate will be used.
City
The City field is the name of the city in which the certificate will be used.

Organization
The Organization field is the name of the organization that will own the certificate.

Common Name
The Common Name is a required field. It is especially important in SSL as it must match the host name of the server using it. For
example, if the certificate is going to be used on a machine that will be accessible to clients via myserver.mycompany.com, the
Common Name should be set to “myserver.mycompany.com” (without quotes).

Email
The Email field is the email address associated with the certificate.

Password
The Password field can be used to specify a password to protect the private key.

Confirm
The Confirm field is used to confirm and verify the password that was entered in the Password field.

SSL Key Password

The password used to secure the private key.

MultiPACS server parameters

Enable MultiPACS Connection
If you plan to use MultiPACS, and you would like credentials registered with the local PACS to be replicated at the MultiPACS server
so that they can be distributed to other PACS in the MultiPACS cluster, select this checkbox.

MultiPACS Server Address

Enter the hostname or the IP address of your MultiPACS Server.

MultiPACS Server Port

This is the port that the MultiPACS Service is set to listen on.

PIVCheck Credential Database Conn ection

Although the PIVCheck credential database connection ships with a Firebird open source database installed, you may wish to use a
different database provider. To do this, you must choose a data provider and define a connection string.

It is recommended that you download and install Microsoft SQL Server Express with Management Studio. For download
! and installation instructions, refer to the following URL http://www.microsoft.com/express/database/.

A data provider serves as a bridge between an application and a data source.

Rev. 11162012 57
PA C S S E R V E R C O N F I G U R A T I O N

To set up a new database connection, select the data provider you will be using from the Provider drop down list, then enter the
connection string parameters for your database.

You can test your database connection by clicking the Test button. If your database connection has been configured correctly you will see
the Connection OK message, otherwise you will receive a diagnostic message.

Modify the PACS Service Log On

After clicking the Test button, you will notice the Migrate button becomes enabled. You can use this button to bring up the Database
Migration tool that allows you to migrate from your current credential database to another database.

58 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

When you select the destination database provider and provide a connection string, the Test Connection button is enabled.

You can then click the Test Connection button to verify that you can connect to the destination database.

Once the connection to the destination database is verified, a Connection OK message is displayed and the Start button is enabled.
When you click on the Start button, all data from the source PIVCheck credential database will be copied to the destination database.
During this time you will see messages displayed, indicating which tables are being created and the number of rows that have been
inserted in them.

Rev. 11162012 59
PA C S S E R V E R C O N F I G U R A T I O N

At the completion of the task, a message Completed copying tables to destination database is displayed. You can use your mouse to
select the messages for copying and pasting into a text editor.

Once the copy is complete, the Start button is disabled and you can click the Finish button to exit the dialog.

When you return to the Application tab, you will notice that the credential database provider and connection string values are updated
with the values from the destination database.

PACS Service to use a Windows system account

60 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Users Tab
...........................................................
Select the Users tab to create accounts and roles for the operators and administrators of this server. These users will be able to log
into the PACS Service Administration tool to administer all or parts of the PACS Service.

The database ships with the admin user installed.

Rev. 11162012 61
PA C S S E R V E R C O N F I G U R A T I O N

The data fields that define a server user are described in the table below.

User Field Description

Create a unique user id for each operator and administrator who will be using this administration tool. This
User ID
user ID must be at least 2 characters long.

Name Enter the user’s full name.

Select the operator's role this user will play (administrator or operator). Operators with an administrator role
User role are allowed to add other users, make server configuration changes, add clients, and run reports. Operators
with an operator role can add clients and run reports.

Create a secure password for each operator or administrator who will be using this administration tool. This
Password
password must be at least 8 characters long.

Notes This is an optional text field used to capture site-specific information.

Selecting this option will treat this user as a standard Windows user account. This means that the
authentication will be done using Windows' built-in user account authentication when logging into PIVCheck
for the user that is logged into Windows at the time. When this option is enabled, the User ID will be used to
match against the Windows credential. The syntax for the User ID is as follows:

machine\user

domain\user

.\user

For example, to allow a user named pivadmin in domain acme to access the PIVCheck application on any
Enable single machine in the domain, the User ID should be set to:
sign-on
acme\pivadmin

To allow the user pivadmin to access the PIVCheck application on the machine named mypc, the User ID
should be set to:

mypc\pivadmin

To allow a user named pivadmin to log on any authorized client that attaches to this server, the User Id
should be set to:

.\pivadmin

When the pivadmin user is logged into Windows and launches the application, they will be automatically
logged in.

62 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Once you have populated the data fields to create a new user, press the Create button to add the new user into the database.

Rev. 11162012 63
PA C S S E R V E R C O N F I G U R A T I O N

To update a user’s information, select a User ID in the Configured users table. Change the user information in the appropriate data fields.
The changes are added dynamically, there is nothing to press to accept.

64 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Remove Use r
To remove a client user account from the system, right-click on a User ID then select the Remove User option from the context menu.

Expo rt Users
You can export all users configured in the PACS server to a comma separated values (CSV) file. Right-click then select the Export
Users option from the context menu. Navigate to the folder where you would like to create the .CSV file. Note that the passwords will
be saved in encrypted form. If you import this list into another server, the passwords will need to be reset.

Rev. 11162012 65
PA C S S E R V E R C O N F I G U R A T I O N

I mp o rt U s e r s
You can import a list of users from a comma separated values (CSV) file. Right-click then select the Import Users option from the context
menu. Navigate to a CSV file containing a list of server users. The CSV file must include the following column headers in the first row.

UserId,Name,Description,Password,Role,SSO,PIVCheck,OMNICheck

The values in each column should correspond to the column header as illustrated in the example below:

admin,Administrator,Administrator,cGFzc3dvcmQ=,Administrator,FALSE,TRUE,TRUE

operator,Operator,Operator,b3BlcmF0b3I=,Operator,FALSE,TRUE,TRUE

When you are done, press the OK button to return to the PACS Server Administration dialog, or continue on to the next configuration tab.

PACS Tab
...........................................................
The PACS tab is used to configure the PACS Service.

PACS Parameters
Please refer to the PACS tab section in the PACS Plug-in Manual for your specific PACS. This guide is located in the PACS Plug-in
program files directory.

Modify the PACS Service Log On

Da ta Import P arame ters

These settings control the import settings for extracting previously registered cardholder data from an existing PACS or from an SQL
source, into PIVCheck's Credential Database. Importing data into PIVCheck's Credential Database provides two benefits: 1) The ability
for the Certificate Manager to check credentials that were not registered through PIVCheck; and 2) The ability for OMNICheck clients to
display cardholder data (such as the name of photo) for these credentials as well.

66 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Data elements of previously registered cards which can be retrieved using the PIVCheck PACS Plug-in include:

• Access Rights Table

• Access Level List

• Cardholder First Name

• Cardholder Last Name

• Cardholder Photo

• Card Expiration Date

• TWIC Privacy Key

• Cardholder Access

Import Access Rights

Select this to have the access rights that were configured for each client pushed out to PIVCheck and OMNICheck clients whenever
they are synchronized.

Import Credential Information

This is a licensable option. Select this to have data elements imported into PIVCheck’s credential database from the PACS. Credential
information is imported from the PACS only when the Data Import option is licensed. When not licensed, Data Import can only import
card status and access rights from the PACS.

Update Credential Status

Select this to have the PACS Plug-in check to see if a card still exists and is active, then updates the PIVCheck credential database..

Run Every XX Minutes

With this selected, data import is set to run every X number of minutes or seconds.

Schedule Automatically
The schedule automatically import time is determined by the time it took for the previous data import to complete.

Even ts
In the Events group box, you can select to have passed and failed validation events sent to the PACS(s). Passed and failed validation
events occur when credentials are checked by PIVCheck Plus and OMNICheck Plus clients.

If any of these options are selected, when such an event occurs, the PACS Service will send the corresponding event to the
corresponding PACS Plug-in(s). The PACS Plug-in(s) then send the event received to the PACS, which then handles the event using
its standard alarm or event system.

For information on passed and failed validation events, please refer to “Events” on page 111.

Rev. 11162012 67
PA C S S E R V E R C O N F I G U R A T I O N

Blacklist Plug-ins Tab

...........................................................
The Blacklist Plug-ins tab is used to configure blacklist checking in the PACS server. Blacklist checking allows the PACS Service to apply
a set of rules to determine whether or not a credential such as a certificate or FASC-N is valid. The PACS Service ships with two Blacklist
Plug-ins: a PKI Plugin and a TWIC CCL Plugin.

Blacklist Parameters

Enable Blacklist Checking

Before you are able to configure a blacklist plug-in, you must enable blacklist checking by selecting the Enable Blacklist Checking
checkbox. Once checked, you can then indicate which plug-ins you will use by selecting the associated checkbox to its left. Configure
each plug-in by highlighting the plug-in name, then pressing the Configure button.

68 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

TWIC CCL Plugin

The TWIC Plugin checks the validity of TWIC credential against the TSA’s Cancelled Cards List (CCL).

Ad v a n c e d PK I C o n fig u ratio n
Refer to the Codebench Blacklist Plug-ins Guide for advanced information and configuration procedures. This manual is stored in the
PACS Plug-in program files directory. Start > Programs > PACS Plug-in > doc > Blacklist Plug-ins Guide.pdf

Basic PKI Configuration

PIVCheck and OMNICheck clients use the guidance you provide on this tab when enforcing the options you select on subsequent
tabs. Depending on your certificate validation service, you may decide to use CPV Only to validate cardholder certificates. If you
choose Validate Against CPV and OCSP, or Validate Against SCVP Only then a fourth tab, OCSP or SCVP, is displayed.

Basic Configuration for Validating Against CPV Only

Each checkbox on the CPV tab represents a rule used during the validation of a card's digital chain of trust. In general, by selecting a
checkbox you are relaxing a rule. Each rule is briefly described in the table below. To use the basic settings, leave the following check
boxes selected following your installation.

• Ignore End Revocation Unknown

CPV begins by attempting to build a chain from the end-entity certificate (the certificate in question) back to the trust anchor
certificate. This operation can be done entirely offline. For this to work you will need to have all the necessary certificates and
! CRL’s installed on the machine that is performing the verification

Rev. 11162012 69
PA C S S E R V E R C O N F I G U R A T I O N

Option Description

This option indicates whether certificates whose validity periods have not yet begun or have already ended
Ignore Time Not Valid
are to be considered invalid.

Ignore CTL Time Not Ignore that the certificate trust list (CTL) is not valid, for reasons such as the CTL has expired, when
Valid determining certificate verification.

Indicates whether certificates that have time nesting errors are to be considered invalid. A time nesting error
Ignore Time Not Nested
occurs when a certificate's validity period begins before and ends after one of its issuers.

Ignore Invalid Basic

Ignore that the basic constraints are not valid when determining certificate verification.
Constraints

Allow Unknown
Ignore that the chain cannot be verified due to an unknown certificate authority (CA).
Certificate Authority

Ignore Wrong Usage Ignore that the certificate was not issued for the current use when determining certificate verification.

Ignore Invalid Name Ignore that the certificate has an invalid name when determining certificate verification.

Ignore Invalid Policy Ignore that the certificate has an invalid policy when determining certificate verification.

Indicates whether an end certificate should be considered an invalid issuer when its revocation status
Ignore End Revocation
cannot be determined by consulting its CRL. If OCSP is enabled and configured, it is perfectly acceptable
Unknown
for this option to be enabled since the end certificate revocation will be verified using those methods.

70 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Ignore Certificate Indicates whether a CA should be considered an invalid issuer when its revocation status cannot be
Authority Revocation determined by consulting its CRL. If the CA Certificates to be encountered do not specify a CRL, this option
Unknown must be enabled.

Ignore CTL Signer Ignore that the certificate trust list (CTL) signer revocation is unknown when determining certificate
Revocation Unknown verification.

Indicates whether a Root CA Certificate should be considered an invalid issuer when its revocation status
Ignore Root Revocation
cannot be determined by consulting its CRL. If the Root CA Certificates to be encountered do not specify a
Unknown
CRL, this option must be enabled.

Basic Configuration for Validating Against CPV and OCSP

When you select Validate Against CPV and OCSP, you are performing path validation on the issuer, intermediate (if any), and root
certificates for each end entity certificate being validated. This ensures that the issuer certificate that the PACS Plug-in, PIVCheck
Desktop Edition or OMNICheck Mobile Edition passes to the OCSP responder is valid.

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital
certificate. To validate certificates with the OCSP protocol, select the OCSP tab, and then set up the appropriate rules for your site.

To use the basic setting, select Lookup AIA. Lookup AIA is capable of querying an available OCSP responder found in the end-entity
AIA located within the certificate. For more information refer to “Lookup Authority Information Access (AIA)” on page 34 of the Blacklist
Plug-ins Guide located in the PIVCheck installation > doc directory .

Rev. 11162012 71
PA C S S E R V E R C O N F I G U R A T I O N

The following table explains the various controls on the OCSP tab.

Operation Description

OCSP repeaters and responders are accessed in the order configured here. The first entry in the list is accessed
Up and Down first, the second entry second, and so forth. To change the position of an OCSP entry in the list, use the Up or Down
buttons.

Add To add a new address template to the list, click the Add button

Delete To delete an existing address, select the address then press the Delete button.

Checking the check boxes associated with each address (the default for newly added addresses) indicates the
Enable/Disable address is online and should be consulted for revocation statuses. An unchecked box indicates the address is
configured but offline and will not be consulted for revocation status.

Modify Double-click an entry in the list to modify its configured settings.

72 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Certificate Manager Tab

...........................................................
Certificate Manager, a licensable option, re-validates the certificates stored in its database on a periodic basis. This gives the PACS
Plug-in the ability to deny cardholders with revoked credentials access to controlled areas within a facility.

Certificate Manager Schedule

The Certificate Manager re-validates the certificates stored in the PIVCheck credential database. You can choose one or more of the
preset times, specify a custom time for your site, auto schedule a time based on the CRL’s next update time or run the Certificate
Manager immediately.

Rev. 11162012 73
PA C S S E R V E R C O N F I G U R A T I O N

Schedule - Preset times are set to run the Certificate Manager automatically at the selected time each day.

Other - To enter a custom time, check the Other checkbox and set the clock control to the desired hour and minute.

Schedule Automatically - Configures the Certificate Manager to "choose" the best time to re-validate certificates based on the CRL's next
update time. Auto-scheduling is currently available for SCVP- and OCSP-based certificate validation. Revalidation of each certificate is
scheduled for a few seconds following the next scheduled CRL publishing.

C e r tif i c a t e M an ag er E mail A le rts

To receive email alerts when a black list hit occurs, select Enable email alerts and configure the following items.

SMTP Server
Enter the IP address or host name of your mail relay.

Originating (From:) Email Address

Enter the "From:" email address.

Email Recipients
Enter a comma-separated list of email addresses to whom every alert will be sent.

Send Email Alerts

Select Per event if you want a separate email message for each event, or Per session to consolidate all events into a single message.

Test
To send a test email to the recipients listed in Email Recipients, click Test.

Certificate Manager Parameters

Suspend Badge in PACS
If this checkbox is selected, Certificate Manager can suspend any PACS badge associated with a certificate that has been revoked. If you
would like only to be notified when a cardholder's certificate is expired, leave this option unchecked.

Send Validation Error Events

If this checkbox is selected, the Certificate Manager can send a message to the PACS that an error occurred when a card was checked
by the certificate manager.

Send Revoked Validation Events

If this checkbox is selected, the Certificate Manager can send a message to the PACS that a card has been determined to be revoked
according to the certificate manager.

74 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Reader Services Tab

...........................................................
This tab is used for configuring the Reader Services option in the PACS server. The tab displays the list of authorized clients that may
be allowed to connect to Reader Services. Only clients whose IP addresses appear in the list will be allowed to connect via the
Reader Services port. .

Read er Services
Enable XML-RPC API
Checking this box enables the XML-RPC API which is used in conjunction with network-attached fixed readers such as a MorphoTrak
MA520.

Rev. 11162012 75
PA C S S E R V E R C O N F I G U R A T I O N

Port
This is the TCP port that will be listened on for incoming connections.

Enable Binary API

Checking this box enables the Binary API which is used in conjunction with network-attached fixed readers that use the PACS service as
a cryptographic provider.

Port
This is the TCP port that will be listened on for incoming connections.

Enable Javelin API

Checking this box enables the communications protocol that panels running Javelin will use to communicate with the PIVCheck PACS
service.

Port
This is the TCP port that will be listened on for incoming connections.

Miscellaneous Parameters

Send Reader Messages to PACS

A fixed reader can send a message to the PACS about a card transaction via the Reader Services.

Always Check Blacklist

By default, the Reader Service uses cached status. By selecting this option, the service ignores the cached status for a given FASC-N
and invokes all configured Blacklist plug-ins.

Reader Services SSL

Encrypt Communication using SSL
If this is checked, then the SSL key created here has to be installed on each of the clients.

Require client SSL certificate for mutual authentication

Selecting this checkbox requires that the client supplies a certificate in order to perform mutual authentication.

1 Client must generate a key and export their certificate.

2 If the certificate doesn't chain up to a trusted root certificate that the PACS Service computer already has (such as Verisign,
Entrust), then the root certificate must be imported.
3 If the certificate is self-signed, then the client certificate must be imported and explicitly trusted.
Run CPVTool.exe as administrator and navigating to the directory containing the client certificate (or any root certificates). Refer to
CAPI_Store_Preparation_Tool.pdf located on the PIVCheck.com download site for CPVTool instructions.

76 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

SSL Key
The private key used for securing the SSL connection. Use the Browse... button to choose a key or the Generate button to generate
one.

Friendly Name
Name of certificate used for display purposes. This may be any name that can help easily identify the key being generated.

Country
The Country field is the name of the country in which the certificate will be used.

State
The State field is the name of the state in which the certificate will be used.

City
The City field is the name of the city in which the certificate will be used.

Organization
The Organization field is the name of the organization that will own the certificate.

Rev. 11162012 77
PA C S S E R V E R C O N F I G U R A T I O N

Email
The Email field is the email address that should be associated with this certificate.

Password
The Password field can be used to specify a password to protect the private key.

Confirm
The Confirm field is used to confirm and verify the password that was entered in the Password field.

SSL Key Password

The password used to secure the private key.

78 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Read er Services Clients

This window displays the list of authorized clients that may be allowed to connect to the Reader Services. Only clients whose IP
addresses appear in this list will be allowed to connect via the Reader Services port.

Rev. 11162012 79
PA C S S E R V E R C O N F I G U R A T I O N

Export SDK Clients

You can export a list of SDK clients to a comma separated values (CSV) file. Right-click then select the Export SDK clients... option from
the context menu. Navigate to the folder where you would like to create the .CSV file.

80 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Import SDK Clients

You can import a list of SDK clients to a comma separated values (CSV) file. Right-click then select the Import SDK clients... option
from the context menu. Navigate to the folder where you would like to create the .CSV file.

Rev. 11162012 81
PA C S S E R V E R C O N F I G U R A T I O N

Add/Modify Client
To add a client, click the Add button, fill out the fields displayed in the Add/Modify Client dialog below and click the Save button.

IP Address
Enter the IP address of a client. A client can be a high assurance reader located at a door or gate. A client can also be an SIO-9000 TCP-
IP to Wiegand converter or a control panel with multiple readers attached..

Description
Enter a meaningful description to define the client.
Assurance Profile
Assurance profiles are pre-existing authentication modes to assist sites in creating their own security policies. Reader Services is
capable of managing the assurance profile of supported readers. Supported readers can request the assurance profile from the Reader
Services. The configured profile can then be used by the reader to control its authentication behavior.

Enable PKI @ the Door

This check box indicates whether the client is for a PKI @ the Door (Javelin) enabled device or not. If it is, you can control the number of
readers that are allocated to that device for licensing purposes.

Wiegand Format
Depending on the capabilities of the reader, you may be able to dynamically set the Wiegand format that is sent from the reader to the
panel.

Reader Licenses
The reader field indicates how many readers you have assigned to a particular client/device. For non-Javelin clients this will always be 1
(which is why it is disabled unless you check the PKI @ the Door box). It is limited based on the available number of unlicensed readers.

Saving
When you are ready to save your configuration options, press the Save button at the bottom of the form.

IDPublish Tab
...........................................................
IDPublish is a web service that enables IDMS/CMS and HRIS systems to provision and de-provision identities and credentials with the
physical access control system (PACS) using a secure network connection. Designed to meet Federal Identity, Credential and Access
Management guidelines, IDPublish:

• Supports all types of card technologies including PIV, PIV-I, proximity, DESFire

82 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

• Enables IDMS/CMS to assign access privileges during credential issuance

• Works with most access control systems

• Accepts PKI and biometric data for PKI and biometric authentication at card readers

• Supports mutually authenticated SSL

If the IDPublish option is licensed, the IDPublish tab will be enabled.

Enab le ID Publis h
Checking this box enables the IDPublish API which is used in conjunction with 3rd party applications to register and suspend
credentials.

Port
This is the TCP port that will be listened on for incoming connections.

IDPublish SSL Configuration

Encrypt Communication using SSL
If this is checked, then the SSL key created here has to be installed on each of the clients.

Rev. 11162012 83
PA C S S E R V E R C O N F I G U R A T I O N

Require client SSL certificate for mutual authentication

Selecting this checkbox requires that the client supplies a certificate in order to perform mutual authentication.

1 Client must generate a key and export their certificate.

2 If the certificate doesn't chain up to a trusted root certificate that the PACS Service computer already has (such as Verisign,
Entrust), then the root certificate must be imported.
3 If the certificate is self-signed, then the client certificate must be imported and explicitly trusted.
Run CPVTool.exe as administrator and navigate to the directory containing the client certificate (or any root certificates). Refer to
CAPI_Store_Preparation_Tool.pdf located on the PIVCheck.com download site for CPVTool instructions.

SSL Key
The private key used for securing the SSL connection. Use the Browse... button to choose a key or the Generate button to generate one.

Friendly Name
Name of certificate used for display purposes. This may be any name that can help easily identify the key being generated.

Type
Choosing Self-signed certificate will generate a key pair (X509 certificate and corresponding private key). A Personal Information
Exchange (.pfx) file will be produced as a result of the generate process. This file contains both the certificate itself as well as the
private key. The private key is password protected.

The Certificate request option will produce a Certificate Signing Request file (.csr). It can be used for a Certificate Authority to sign and
produce an X509 certificate based on the parameters in the .csr file.

84 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Country
The Country field is the name of the country in which the certificate will be used.

State
The State field is the name of the state in which the certificate will be used.

City
The City field is the name of the city in which the certificate will be used.

Organization
The Organization field is the name of the organization that will own the certificate.

Common Name
The Common Name is a required. It is especially important in SSL as it must match the host name of the server using it. For example,
if the certificate is going to be used on a machine that will be accessible to clients via myserver.mycompany.com, the Common
Name should be set to “myserver.mycompany.com” (without quotes).

Email
The Email field is the email address that should be associated with this certificate.

Password
The Password field can be used to specify a password to protect the private key.

Confirm
The Confirm field is used to confirm and verify the password that was entered in the Password field.

Key Password
The password used to secure the private key.

Rev. 11162012 85
PA C S S E R V E R C O N F I G U R A T I O N

IDPublish Clients
This area contains the list of authorized clients that may be allowed to connect to IDPublish. Only clients whose IP addresses appear in
this list will be allowed to connect via the IDPublish API.

86 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Export IdPublish Clients

You can export a list of IdPublush clients to a comma separated values (CSV) file. Right-click then select the Export IdPublush
clients... option from the context menu. Navigate to the folder where you would like to create the .CSV file.

Rev. 11162012 87
PA C S S E R V E R C O N F I G U R A T I O N

Import IdPublish Clients

You can import a list of IdPublush clients to a comma separated values (CSV) file. Right-click then select the Import IdPublush clients...
option from the context menu. Navigate to the folder where you would like to create the .CSV file.

88 Rev. 11162012
.....
PA C S S E R V E R C O N F I G U R A T I O N

Add/Modify Client
To add a client, click the Add button, fill out the fields displayed in the Add/Modify Client dialog below and click the Save button.

Saving
When you are ready to save your configuration options, press the OK button at the bottom of the form.

Rev. 11162012 89
PA C S S E R V E R C O N F I G U R A T I O N

This page is intentionally left blank.

90 Rev. 11162012
Client Configuration Profile
...................................
7

.....
The client configuration profile is a set of configuration policies managed by the PACS Server. These policies are pushed out to
PIVCheck and OMNICheck clients whenever they synchronize with the server.

To configure the client configuration profile, you can click on the icon from the toolbar or select the Client Configuration Profile…
option from the Tools main menu: The values entered in this form control the behavior of all mobile and desktop clients.

Rev. 11162012 91
CLIENT CONFIGURATION PROFILE

Application Tab
...........................................................
The Application tab is used for configuring the application settings for all clients.

General Client Parameters

Prompt cardholder for PIN

If this is selected, every cardholder must provide a PIN.

Depending on your site's operational requirements, a PIN may not be required which significantly speeds up the verification process. If
multi-factor identity verification is your primary business driver, then a PIN will likely be needed since it unlocks the facial image and the
printed information encoded in the card. A PIN will also be needed in order to extract the required PACS fields from the card.

92 Rev. 11162012
.....
CLIENT CONFIGURATION PROFILE

If you are simply linking a FASC-N to an existing PACS card, and do not need to capture the facial image or the cardholder's name
then the PIN may not be required.

Prompt Operator to Register

If Prompt operator to register is checked, then PIVCheck and OMNICheck clients will always prompt the user to register the credential
information into the PACS, save the information locally, or cancel. If not checked, then PIVCheck will not prompt the user to register
the card information into the PACS.

Save audit records to server

From the time a card is inserted into a card reader, to the moment the card is removed, this process is considered a complete
transaction. The following is a list of elements that are captured during a transaction.

• Start Time
• TWIC Mode
• FASC-N
• Card Holder Name
• Expiration Date
• Verification Time
• CHUID Check Result
• Biometric Comparison Result
• Biometric Failures
• Match Type
• Match Score
• TWIC CCL Check Result
• PKI Validation Check Result
• Operator User Name
• Unit ID

Rev. 11162012 93
CLIENT CONFIGURATION PROFILE

• System ID
• Stop Time
• Authentication Result
• Description
By selecting the save audit records to server check box, each PIVCheck and OMNICheck client will send the transaction details to server.
This provides a centralized location of the audit logs and is useful if a site has multiple PIVCheck enrollment stations or multiple
OMNICheck mobile clients.

Device Parameters
To enable fingerprint scans on mobile and desktop biometric terminals, the Verify fingerprint box must be checked.

Verify Fingerprint
If this box remains unchecked, the cardholder will not be prompted to present his or her finger for a fingerprint scan.

94 Rev. 11162012
.....
CLIENT CONFIGURATION PROFILE

Limit Fingerprint Retries

! This applies to all types of PIVCheck clients as well as OMNICheck clients in Non-TWIC mode.

If a fingerprint match fails a user is normally prompted to retry. Selecting this checkbox and entering a value will cause a verification
failure when fingerprint matching fails the set number of retries per session. A session is a card insertion into a card reader.

File Parameters
The settings here control the file transfer options when a client is synchronizing its configuration.

Send Client Log Files to Server

The Send client log files to server checkbox will tell the clients to upload their log files when they synchronize their configuration data.
The client log files will be written into a directory named clntlogs\<Client System ID>. The name of the log file will include the type
of client and the date and time of the upload.

Send Directory Contents to Clients

By enabling the Send directory contents to clients option, the server will send any files in each of the checked directories to the clients
when they synchronize their configuration data. The files will be saved on the clients in the same directories as they exist on the
server.

Cache - The Cache directory contains the pre-built TWIC canceled card list (CCL). When PIVCheck or OMNICheck synchronize data
with the PACS Service, the pre-built TWIC CCL is transferred to the Cache directory on the clients.
Certs - This directory contains all the certificates used to perform certificate path validation.

Crls - This directory contains all the revocation lists to determine the revocation status of each of the certificates in the path.

Rev. 11162012 95
CLIENT CONFIGURATION PROFILE

OMNICheck Tab
...........................................................
The OMNICheck tab is used to set up the default configuration settings for OMNICheck clients.

TWIC Authentication Mode

Set the TWIC Authentication mode to 1, 2, 3,4 or Non-TWIC.

96 Rev. 11162012
.....
CLIENT CONFIGURATION PROFILE

The TSA has defined the following TWIC authentication modes to assist sites in creating their own security policies. The following
table, “TWIC authentication modes,” was extracted from the TWIC Reader Hardware and Card Application Specification Version
1.1.1, May 2008: “TWIC Authentication Modes”.

Mode Identification/ Authentication Definition

Provides verifiable identification factor, assuming the CHUID digital signature is

either verified once, when the user’s CHUID is registered in the PACS or that the
1 CHUID Verification
CHUID is verified each time it is accessed from a TWIC card. Refer to “Reference
Documents” on page A-115.

Provides single factor authentication at the same level of security as for a PIV
Card Authentication operation. The FASC-N and expiration date are present in
2 Active Card Authentication
the Card Authentication certificate which obviates the need to read the CHUID.
Refer to “Reference Documents” on page A-115.

The cardholder’s live biometric sample is compared to a stored biometric

reference. The biometric reference template may be read from a TWIC card at
CHUID Verification + Biometric User
3 each use or stored in the PACS system during PACS registration of the user.
Authentication
Provides single factor authentication. Refer to “Reference Documents” on page
A-115.

(CHUID) Signing Certificate + Active

Provides two factor authentication. Refer to “Reference Documents” on page A-
4 Card Authentication + Biometric
115.
User Authentication

PIV Cards - Provides verifiable identification factor, assuming the CHUID digital
signature is either verified once, when the user’s CHUID is registered in the
PACS or that the CHUID is verified each time it is accessed from a Non-TWIC
CHUID Verification + PIN
Non- card. The cardholder’s live biometric sample is compared to a stored biometric
Verification + Biometric User
TWIC reference. The biometric reference template may be read from a Non-TWIC card
Authentication
at each use or stored in the PACS system during PACS registration of the user.

Non-PIV - PIN verification

! Note that for modes one (1) and two (2), that the fingerprint match threshold and fingerprint retry limit fields are disabled.

For optimal security, you should enable the PKI plug-in to verify the certificates that are read from the card.

Mode 1
OMNICheck Mode 1 validation can be done through the contact or contactless interface. When a TWIC is presented to the reader, the
FASC-N and the expiration date are extracted. The verification of the CHUID's signature is determined by selecting the "Enable Mode
1 Signature Checking" option on the Blacklist Plug-ins tab. In Mode 1, with this option turned off, no CHUID signature checking is
done. When Mode 1 signature checking is enabled, the digital signature of the CHUID is verified to ensure that the TWIC hasn't been
tampered with.

Mode 2
OMNICheck Mode 2 validation can be done through the contact or contactless interface. When a TWIC is presented to the reader, the
Card Authentication Certificate is read and the card is challenged to ensure it contains the corresponding private key.

Rev. 11162012 97
CLIENT CONFIGURATION PROFILE

Mode 3
OMNICheck Mode 3 validation can be done through the contact or contactless interface. When a TWIC is presented to the reader, the
digital signature of the CHUID is verified to ensure that the TWIC hasn't been tampered with. After the CHUID signature is verified, the
cardholder’s live biometric sample is compared to a stored biometric reference on the TWIC. This ensures that the cardholder is in fact
the owner of the presented TWIC.

Mode 4
OMNICheck Mode 4 validation can be done through the contact or contactless interface. When a TWIC is presented to the reader, the
digital signature of the CHUID is verified to ensure that the TWIC hasn't been tampered with. After the CHUID signature is verified, the
Card Authentication Certificate is read and the card is challenged to ensure it contains the corresponding private key. If the keys
correspond with each other, then the cardholder’s live biometric sample is compared to a stored biometric reference on the TWIC. This
ensures that the cardholder is in fact the owner of the presented TWIC.

Non-TWIC Mode
OMNICheck configured in Non-TWIC Mode supports PIV compliant cards. When a smart card is held against the contactless part of the
smart card reader, the reader extracts the CHUID and the expiration date of the card. In order to validate certificates on the card, PKI
must be enabled and the proper trusted Issuer Certificates must be installed. For more information refer to the Blacklist plug-ins All-in-
one manual located within your OMNICheck programs directory.

Extract Cardholder Name from PIV Certificate (Contact Only)

If this is selected, mobile readers running OMNICheck can extract the cardholder name from the PIV Authentication Certificate when
running in one of the four TWIC modes where a PIN is not provided.

Retrieve Cardholder Information from PACS

If this is selected, mobile readers running OMNICheck Plus can retrieve credential data such as TPKs, names, access rights, and photos
in real time directly from their local cache or from the PACS Server.

Cardholder Must Be Present and Active in PACS

If this option is selected, an additional check is performed by each OMNICheck client that ensures that the credential has already been
registered in the PACS. If the credential is valid, but has not been registered in the PACS, the credential validation will fail, and the
transaction description in the Audit Log will be set to "Pre-registration is required but could not find record".

Ca rd Pa ramet ers a nd Detection Order

OMNICheck must scan a smart card that has been presented contactlessly for recognized smart card applets. This tab allows the
administrator to control which smart card applets OMNICheck will detect when scanning a smart card, and prioritize one smart card
applet over another to improve performance for card types seen more frequently.

98 Rev. 11162012
.....
CLIENT CONFIGURATION PROFILE

To rearrange the smart card read order, highlight the card you want to move to a different position, then select Move Up or Move
Down.

Rev. 11162012 99
CLIENT CONFIGURATION PROFILE

Select whether a card type is detected

The operator can use the checkboxes to select whether the card type is detected. Reducing the number of card types detected may
improve performance for some card populations.

100 Rev. 11162012

.....
CLIENT CONFIGURATION PROFILE

Card Number Manipulation Parameters

This feature enables OMNICheck clients to manipulate the card number read from the smartcard or proximity card reader so it
matches the card number format of cards imported from the PACS.

Rev. 11162012 101

CLIENT CONFIGURATION PROFILE

FASC-N Card Number Manipulation

Press the FASC-N card number manipulation... button to modify the rules applied to 32-digit smartcard numbers, such as those found on
PIV, TWIC, FRAC, and NG-CAC cards.

102 Rev. 11162012

.....
CLIENT CONFIGURATION PROFILE

In the Search field, enter the regular expression that matches the format of the card number as it is read from the smartcard or
proximity card reader. Use grouping operators (left- and right-parenthesis) to isolate portions of the card number. Groups can be
nested to support more complex card number patterns.

In the Replace field, enter the replacement expression. Use the contents of the groups defined in the Search field by specifying the $-
character followed by the number of the group: $1 is the first group, $2 the second group, and so on. Nested groups are numbered
according to the order they're encountered in the regular expression. Other characters are interpreted as literals.

This example was created for a specific end-user use case. The regular expression (\d{8})(\d{6})(\d{1})(\d{1})(.*) matches five groups:
a sequence of eight digits, a sequence of six digits, a single digit, another single digit, and then omits any trailing characters. These
groups are labeled $1 through $4, beginning with the left-most group and ending with the right-most.

Rev. 11162012 103

CLIENT CONFIGURATION PROFILE

The \d specifier indicates any digit character. The number inside braces indicates how many of the \d (digits) are required to match the
group. The period, or dot, character matches any character at all. The asterisk, or star, indicates zero or more "dots" may occur as part of
the group.

Default Card Number Manipulation

Press Default card number manipulation... button to modify the rules applied to legacy card numbers, such as those of Proximity and
DESFire cards. Please note that some DESFire cards are programmed to appear to the reader as though they are PIV or TWIC cards;
these will use the settings accessed by the FASC-N Card ID Manipulation... button.

! CIV, PIV-C, PIV-I card numbers and DoD barcodes are not manipulated.

104 Rev. 11162012

.....
CLIENT CONFIGURATION PROFILE

In the Search field, enter the regular expression that matches the format of the card number as it is read from the card reader. Use
grouping operators (left- and right-parenthesis) to isolate portions of the card number. Groups can be nested to support more complex
card number patterns.

This example was created for a specific end-user use case. The regular expression \[w26\](\d{5})(\d+)-(\d{3})(\d{5}) matches four
groups: a sequence of five digits, a sequence of the remaining digits before the hyphen, sequence of three digits, and then a
sequence of five digits. These groups are labeled $1 through $4, beginning with the left-most group and ending with the right-most.

The \d specifier indicates any digit character. The number inside braces indicates how many of the \d (digits) are required to match the
group.

Rev. 11162012 105

CLIENT CONFIGURATION PROFILE

Users Tab
...........................................................
Select the Users tab to create default accounts and roles for users on all mobile and desktop biometric terminals.

The database ships with the admin user installed.

106 Rev. 11162012

.....
CLIENT CONFIGURATION PROFILE

The data fields that define a client user are described in the table below.

User Field Description

Create a unique user id for each operator and administrator who will be using the PIVCheck or OMNICheck
User ID
client. This user ID must be at least 2 characters long.

Name Enter the user’s full name.

Select the operator's role this user will play (administrator or operator). Operators with an administrator role
User Role are allowed to add other users, make server configuration changes, add clients, and run reports. Operators
with an operator role can add clients and run reports.

PIVCheck If this is selected when creating a user account, then the user will have access to the PIVCheck clients.

OMNICheck If this is selected when creating a user account, then the user will have access to the OMNICheck clients.

Create a secure password for each operator or administrator who will be using the PIVCheck or OMNICheck
Password
client. This password must be at least 8 characters long.

Notes This is an optional text field used to capture site-specific information.

Selecting this option will treat this user as a standard Windows user account. This means that the
authentication will be done using Windows' built-in user account authentication when logging into PIVCheck
Desktop for the user that is logged into Windows at the time. When this option is enabled, the User ID will be
used to match against the Windows credential. The syntax for the User ID is as follows:

machine\user

domain\user

.\user

For example, to allow a user named pivadmin in domain acme to access the PIVCheck Desktop application
Enable single on any machine in the domain, the User ID should be set to:
sign-on (SSO)
acme\pivadmin

To allow the user pivadmin to access the PIVCheck Desktop application on the machine named mypc, the
User ID should be set to:

mypc\pivadmin

To allow a user named pivadmin to log on any authorized client that attaches to this server, the User Id
should be set to:

.\pivadmin

When the pivadmin user is logged into Windows and launches the application, they will be automatically
logged in.

This column specifies whether the user account has been configured to use the fingerprint login feature of
Fingerprint
PIVCheck and/or OMNICheck.

Rev. 11162012 107

CLIENT CONFIGURATION PROFILE

Once you have populated the data fields to create a new user, select which application the user can access. The user can have
permission to access PIVCheck, OMNICheck or both. After your selection has been made, press the Create button to add the new user
into the database.

Updating a User Account

To update a user’s information, select a row in the Users table. This re-populates the data fields above the table. Change the user
information in the appropriate data fields. The columns will update in real-time. To completely remove a user’s record from the system,
select a row in the Users table, right click, then select Remove User.

When you are done, press the OK button to return to the PACS Server Administration dialog, or continue on to the next configuration tab.

108 Rev. 11162012

.....
CLIENT CONFIGURATION PROFILE

Remove Use r
To remove a user account from the system, right-click on a User ID then select the Remove User option from the context menu.

Expo rt Users
You can export a list of server users to a comma separated values (CSV) file. Right-click then select the Export Users option from the
context menu. Navigate to the folder where you would like to create the .CSV file. Note that the passwords will be saved in encrypted
form. If you import this list into another server, the passwords will need to be reset.

Rev. 11162012 109

CLIENT CONFIGURATION PROFILE

UserId,Name,Description,Password,Role,SSO,PIVCheck,OMNICheck

The values in each column should correspond to the column header as illustrated in the example below:

admin,Administrator,Administrator,cGFzc3dvcmQ=,Administrator,FALSE,TRUE,TRUE

operator,Operator,Operator,b3BlcmF0b3I=,Operator,FALSE,TRUE,TRUE

When you are done, press the OK button to return to the PACS Server Administration dialog, or continue on to the next configuration tab

If you import this list into another server, the passwords will need to be reset.

Blacklist Plug-ins Tab

...........................................................
This tab is used to configure blacklist checking for all mobile and desktop biometric terminals. Blacklist checking allows the PIVCheck
Desktop or OMNICheck client to apply a set of rules to determine whether or not a credential such as a certificate or FASC-N is valid.
The PACS Service ships with two Blacklist Plug-ins: a PKI Plugin and a TWIC CCL Plugin.

Ad vanced Con figuration

Refer to the Codebench Blacklist Plug-ins Guide for advanced information and configuration procedures. This manual is stored in the
PACS Plug-in program files directory. Start > Programs > PACS Plug-in > Blacklist Plug-ins Guide.pdf

Basic Con figuration

To use the basic configuration settings for the PKI plug-in, refer to the “Basic PKI Configuration” on page 69.

110 Rev. 11162012

PACS Events
...................................
8

.....
Overview
...........................................................
PACS events are events triggered as a result of a specific action. When such an event occurs, the PACS Plug-in will send the
corresponding event to the PACS. The PACS will then handle the event using its standard alarm or event system.

Even ts

Event Location Definition

PACS Plug-in > Current PACS

A card has been determined to be revoked according to the
CertificateManagerRevoked Service Configuration > Modify >
certificate manager.
Certificate Manager tab

PACS Plug-in > Current PACS

CertificateManagerError Service Configuration > Modify > An error occurred checking a card by the certificate manager.
Certificate Manager tab

PACS Plug-in > Current PACS

A door reader is sending a message to the PACS about a
ReaderMessage Service Configuration > Modify >
card transaction via the Reader Services SDK.
Reader services tab

PACS Plug-in > Current PACS A previously suspended credential has been determined to
CertificateManagerActivated Service Configuration > Modify > be good, and has been re-activated by the by the Certificate
Certificate tab Manager.

A card has passed validation in PIVCheck or OMNICheck. If

the site has PKI enabled, then the card passed the required
PACS Plug-in > Current PACS PKI checks. If check fingerprint is enabled, then the
PassedValidation Service Configuration > Modify > fingerprint presented at the reader matched the fingerprint
PACS tab contained on the smartcard. A PassedValidation event
occurs when a card passes each and every validation
requirement enforced by a site.

A card has failed validation in PIVCheck or OMNICheck. For

PACS Plug-in > Current PACS example, when a fingerprint is presented, the fingerprint does
FailedValidation Service Configuration > Modify > not match the fingerprint template contained on the
PACS tab smartcard. A mismatched fingerprint would cause a
FailedValidation event to occur.

Rev. 11162012 111

PA C S E V E N T S

This page is intentionally left blank.

112 Rev. 11162012

Log4net
...................................
9

.....
By default, the PIVCheck PACS Server logs system messages to the logs directory beneath the PACS Service installation directory. It
is sometimes useful to refer to this log when attempting to troubleshoot system errors. The scope of the system messages captured
can be configured using the log4net.xml file in the install directory. Two tags within the root tag of this file are of particular interest:
the appender-ref tag and the level tag.

The appender-ref tag defines which log4net appender is active. In this example, the rolling file appender is active. Therefore, the
rules defined within the appender identified by the <appender name="RollingFile"> tag are used to log system messages. If
you do not wish to limit the size of your log files, you would replace the term RollingFile with the term File to use the rules
defined within the File appender tag. If you wished to disable logging altogether (an action strongly discouraged), you would use the
Console appender.

Setting the value of the level tag determines the scope of messages that appear in the log file. Five levels of message logging are
supported: DEBUG, INFO, WARN, ERROR, and FATAL. Setting the message level to DEBUG, for example, allows INFO, WARN, ERROR
and FATAL messages to be logged along with DEBUG messages. (DEBUG is the lowest level). This is usually acceptable as there is
little use for DEBUG messages without the surrounding INFO, WARN, ERROR and FATAL messages. In contrast, setting the level to
ERROR will filter out DEBUG, INFO and WARN messages, but not ERROR or FATAL messages.

You can learn more about log4net at http://logging.apache.org/log4net/

Rev. 11162012 113

LOG4NET

This page is intentionally left blank.

114 Rev. 11162012

Appendix A
...................................
A

.....
Reference Documents
...........................................................
1 Federal Information Processing Standard Publication 201-1 (FIPS 201-1): Personal Identity Verification (PIV) of Federal
Employees and Contractors, NIST, March, 2006
2 NIST PIV Program web site, http://csrc.nist.gov/piv-program
3 NIST Special Publication 800-63-1: Electronic Authentication Guideline: Recommendations of the National Institute of
Standards and Technology, February 2008.
4 NIST Special Publication 800-73-3: Interfaces for Personal Identity Verification – Part 1: End-Point PIV Card Application
Namespace, Data Model, and Representation, February 2010.
5 NIST Special Publication 800-73-3: Interfaces for Personal Identity Verification – Part 2: End-Point PIV Card Application Card
Command Interface, February 2010.
6 NIST Draft Special Publication 800-76-1: Biometric Data Specification for Personal Identity Verification, January 2007.
7 NIST Special Publication 800-78-2: Cryptographic Algorithms and Key Sizes for Personal identity Verification, February 2010.
8 NIST Special Publication 800-79-1 (SP 800-79-1): Guidelines for the Accreditation of Personal Identity Verification (PIV) Card
Issuers (PCI's), June 2008.
9 NIST Draft Special Publication 800-85 A-1 (SP 800-85 A-1): PIV Card Application and Middleware Interface Test Guidelines (SP
800-73-2 Compliance), March 2009
10 NIST Draft Special Publication 800-85 B (SP 800-85 B): PIV Data Model Test Guidelines, July 2006
11 NIST Draft Special Publication 800-85 B-1 (SP 800-85 B-1): DRAFT PIV Data Model Conformance Test Guidelines, September
11, 2009
12 NIST Draft Special Publication 800-87 Rev 1 (SP 800-87 Rev 1): Codes for Identification of Federal and Federally-Assisted
Organizations, April 2008.
13 NIST Special Publication 800-116: A Recommendation for the Use of PIV Credentials in Physical Access Control Systems
(PACS), November 2008.
14 TWIC Reader Hardware and Card Application Specification Version 1.1.1, May 2008
15 TWIC Technical Advisory TA-2008-TWIC001-V1.0, TWIC Reader Functionality Augmentation, September, 2008
16 TWIC Technical Advisory TA-2009-TWIC001-V1.0, Format for a TWIC Card with no Fingerprint Biometric Data, March, 2009
17 TWIC Technical Advisory TA-2009-TWIC002-V1.0 Additional Error Code Definitions for TWIC Cards, March, 2009
18 TWIC Technical Advisory TA-2011-TWIC001-V1.0 Name Change of “HOTLIST” to “CANCELED CARD LIST”, February, 2011
19 TWIC Technical Advisory TA-2011-TWIC002-V1.0 Release of new TWIC Card and Card Applications, July, 2011
20 Smart Card Alliance Publication Number: PAC-07002: Physical Access Control System Migration Options for Using FIPS 201-1
Compliant Credentials, September 2007.

Rev. 11162012 115

APPENDIX A

This page is intentionally left blank.

116 Rev. 11162012

Appendix B
...................................
B

.....
Optional Configuration
...........................................................
SQL Server Datab ase Conne ction Fails to Con nect
This applies a PACS Service that is configured to use SQL as a database provider. During a system reboot, the SQL Server may take
too long to start causing the PACS Service to terminate. If the PACS Service terminates, it does not automatically try to restart.

Configuring Service Dependencies

The correct solution is to set the service dependencies properly such that the PACS Service is dependent upon the database service.
In the case where SQL Server is being used and SQL Server is installed on the same machine as the PACS Service, the PACS
Service should be dependent upon the SQL Server service.

1 On the computer running the PACS Service and SQL Server, launch a command window with Administrator priviledges. Start
menu > Accessories > Command Prompt. Right-click on the Command Prompt shortcut and select Run As Administrator.

Rev. 11162012 117

APPENDIX B

2 At the command prompt type the following string where <INSTANCENAME> is the name of the SQL Server instance running on
the current machine. sc config PACSService depend=winmgmt/http/httpfilter/MSSQL$<INSTANCENAME>

3 Press Enter or Return.

4 If the procedure was done correctly then you should see [SC] ChangeServiceConfig SUCCESS.

5 Now the dependency on the SQL Server instance running in order for the PACS Service to run has been set.

118 Rev. 11162012

.....
APPENDIX B

Connecting Through a Web Proxy

1 Stop the PACS Service.
2 Copy the text from between the lines below:
----------------------------------------------------------------------------------------------------------

<system.net>

</system.net>

----------------------------------------------------------------------------------------------------------
3 Paste this portion of the XML into the <configuration> section of the following files in the PACS Service installation directory:
• PACS Service Administration.exe.config

• PACS Service.exe.config
4 After you have saved the files, restart the PACS Service.

After completing these steps you may still not be able to connect through the web proxy configured at your site. Please
! contact your IT Department and request them to assist you.

Rev. 11162012 119

APPENDIX B

This page is intentionally left blank.

120 Rev. 11162012

Appendix C
...................................
C

.....
Modify the PACS Service Log On
...........................................................
! This applies to the Application tab and the PACS tab for plug-ins that use an ADO.NET database connection.

The PACS Service is initially installed to run as the Local System account. In some instances a temporary administrative account is
created for installations and may not have the appropriate access to the database. To assure the correct access is used to connect to
the database you can use the Window Services applet to configure the PACS Service with the desired account’s logon credentials.
First, configure the Application tab and/or the PACS tab with a connection string that allows read access to the database when running
as the desired service account.
At this point, the PACS Service is still configured to "Log on as" the local system account. The next step is to click the Stop button on
the PACS Service Administration console and exit the PACS Service Administration tool. Use the Windows Services applet to
configure the PACS Service with the desired account's logon credentials.

To do this, go to Control Panel, expand Administrative Tools, expand Services, right click on PIVCheck PACS Service and select
Properties in the menu or select Action > Properties.

Rev. 11162012 121

APPENDIX C

In the PIVCheck PACS Service Properties dialog select the Log On tab. Select This account: and enter the desired account’s
credentials. Press OK to continue.

You will be prompted to stop and restart the PIVCheck PACS Service.

122 Rev. 11162012

.....
APPENDIX C

You can start the PIVCheck PACS Service by right-clicking on it in the Services window and selecting Start or select Action > Start.

From this point forward, the PACS Service will be able to access the credential and PACS databases, including across reboots. Note
that any account that accesses the PACS Service Administration tool will not be able to stop/start the service, nor will it be able to
configure connection strings.

If someone changes the connection strings on the Application or PACS configuration tabs to a different database, or to
something that is incorrect, and then tries to restart the PACS Service, it may not start, since the service itself is
configured using the logon credentials described above.

On a software upgrade the user will be prompted for the Windows account information for the service account if it has been changed
from the default (Local System).

Rev. 11162012 123

APPENDIX C

This page is intentionally left blank.

124 Rev. 11162012

Index
...................................

.....
A P
About This Manual ..............................................................1 PACS Events ................................................................. 111
Application Tab PKI Configuration
TWIC Authentication Modes CPV ..................................................................... 69, 71
Mode 1 ................................................................97
Mode 2 ................................................................97 R
Mode 3 ................................................................98
Reader Services Tab
Mode 4 ................................................................98
Clients .................................................................. 79, 86
Non-TWIC Mode ...................................................98
Enable Binary API ........................................................ 76
Audit Log Reports .............................................................42 Enable Javelin API ....................................................... 76
Enable XML-RPC API ............................................. 75, 83
C Key Password .................................................. 57, 78, 85
Certificate Manager Tab Port ...................................................................... 76, 83
Certificate Manager Parameters ............................... 73, 74 SSL Key .......................................................... 56, 77, 84
E-mail Alerts ................................................................74 Related Material ................................................................. 2
Migrating your Credential Database ................................58
Client Profile Configuration S
Application Tab ............................................................92 Saving .............................................................................. 89
TWIC Authentication Mode .....................................96
Server Configuration
Blacklist Plugins Tab ...................................................110
Application Tab ............................................................ 55
Devices Tab
Certificate Manager Tab ................................................ 73
Limit Fingerprint Retries .........................................95
PACS Tab ................................................................... 66
Verify Fingerprint ...................................................94
Users Tab ................................................................... 61
Files Tab .....................................................................95
Users Tab ..................................................................106
Software Architecture ......................................................... 4
Configuring the PACS Service .........................................91 System Specifications
Hardware ...................................................................... 4
Software ....................................................................... 5
H
Hardware Architecture ........................................................3 T
Trademarks and Copyrights ............................................... 2
L Typographical Conventions ................................................ 1
Licensing Options .............................................................20
Download of your License Key .......................................20
Manual Installation of your License Key ...........................23
Log4net ..........................................................................113
Logging In and Licensing Options ....................................17
Changing your password ...............................................18
Default Login ...............................................................17
First Time Logging In ....................................................17

M
Main Interface ...................................................................19
Migrating your Credential Database .................................58

O
Optional Configuration ....................................................117
SQL Server Database Connection Fails to Connect 117, 119

Rev. 11162012 125

EchoPAC 204 Installation Manual
No ratings yet
EchoPAC 204 Installation Manual
59 pages
ClearVue 2.0.X SW Update FII
No ratings yet
ClearVue 2.0.X SW Update FII
10 pages
Cyber Security Guide - 161150-1452 - B - en - VIDAS-PUB
No ratings yet
Cyber Security Guide - 161150-1452 - B - en - VIDAS-PUB
66 pages
Date Sheet End Sem April-May 2025
No ratings yet
Date Sheet End Sem April-May 2025
23 pages
MIM Service Manual v5 0
No ratings yet
MIM Service Manual v5 0
374 pages
Siemens Orbic Software Recovery
100% (5)
Siemens Orbic Software Recovery
65 pages
XPR2-000.816.02.02.02 Arcadis VARIC Instalacion Software
100% (2)
XPR2-000.816.02.02.02 Arcadis VARIC Instalacion Software
61 pages
Silo - Tips - Servicemanualfinaldrafthealthimaginginternal Publication No 8e Nov03
No ratings yet
Silo - Tips - Servicemanualfinaldrafthealthimaginginternal Publication No 8e Nov03
392 pages
PRISMA
No ratings yet
PRISMA
378 pages
EPIQ - 1.3 - Software - Installation - FII INSTALLATION
No ratings yet
EPIQ - 1.3 - Software - Installation - FII INSTALLATION
12 pages
Micom s1 Epas en Um E50
No ratings yet
Micom s1 Epas en Um E50
18 pages
Va 20 or Higher
No ratings yet
Va 20 or Higher
38 pages
Cisco UCS Platform Emulator User Guide Version 2.2 (1bPE1)
No ratings yet
Cisco UCS Platform Emulator User Guide Version 2.2 (1bPE1)
66 pages
Cisco UCS Platform Emulator User Guide Version 2.2 (2cPE1)
No ratings yet
Cisco UCS Platform Emulator User Guide Version 2.2 (2cPE1)
71 pages
PACS VALIDATE UPDATES - User Guide - V1.1
No ratings yet
PACS VALIDATE UPDATES - User Guide - V1.1
10 pages
Inf4831 Information Security Answered PDF
No ratings yet
Inf4831 Information Security Answered PDF
34 pages
Oracle PCA
No ratings yet
Oracle PCA
10 pages
TS02 Software Installation 161020
No ratings yet
TS02 Software Installation 161020
48 pages
Managing Your Server Using The Hardware Management
No ratings yet
Managing Your Server Using The Hardware Management
58 pages
CT02-025 816 01 02 02
No ratings yet
CT02-025 816 01 02 02
34 pages
Software Design: CPE 223L
No ratings yet
Software Design: CPE 223L
146 pages
M720 SW Clone Installation
No ratings yet
M720 SW Clone Installation
60 pages
Whats New SAP HANA Platform Release Notes en
No ratings yet
Whats New SAP HANA Platform Release Notes en
376 pages
P Eric2 01en qsgv3
No ratings yet
P Eric2 01en qsgv3
2 pages
18CSL58 DBMS1@AzDOCUMENTS - in PDF
No ratings yet
18CSL58 DBMS1@AzDOCUMENTS - in PDF
129 pages
MAD - Ch5 & 6 Notes
No ratings yet
MAD - Ch5 & 6 Notes
85 pages
300+ TOP Database Management System Questions and Answers 2022
100% (1)
300+ TOP Database Management System Questions and Answers 2022
35 pages
Appian Interview Questions
100% (1)
Appian Interview Questions
22 pages
Sap Fico-Implentation Important
No ratings yet
Sap Fico-Implentation Important
15 pages
Project Report On College Management System
100% (4)
Project Report On College Management System
32 pages
Adianti Framework
No ratings yet
Adianti Framework
121 pages
(Locating The Distance of Automobiles Using GPS) SRS
No ratings yet
(Locating The Distance of Automobiles Using GPS) SRS
14 pages
Troubleshooting Guide ILMT PDF
0% (1)
Troubleshooting Guide ILMT PDF
46 pages
Dynamic Timetable Generator
No ratings yet
Dynamic Timetable Generator
6 pages
Business Plan
No ratings yet
Business Plan
31 pages
Smart Health Monitoring System Synopsis
No ratings yet
Smart Health Monitoring System Synopsis
4 pages
Mediant 500 Gateway e SBC Quick Guide
No ratings yet
Mediant 500 Gateway e SBC Quick Guide
8 pages
System Design Document: Blood Bank Management System
No ratings yet
System Design Document: Blood Bank Management System
9 pages
Deswik - Suite 2019.1 Release Notes
100% (1)
Deswik - Suite 2019.1 Release Notes
173 pages
Inflow User Guide
No ratings yet
Inflow User Guide
180 pages
XII - Monthly Planner
No ratings yet
XII - Monthly Planner
2 pages
Individual Assignment - ICT702 - T124
No ratings yet
Individual Assignment - ICT702 - T124
6 pages
TerminOrgs StarterGuide
No ratings yet
TerminOrgs StarterGuide
57 pages
C++ Assignment
No ratings yet
C++ Assignment
4 pages
CV - Hasibul Haque Tanvir
No ratings yet
CV - Hasibul Haque Tanvir
2 pages
05 Laboratory Exercise 1
No ratings yet
05 Laboratory Exercise 1
10 pages
UASC FMST Quickstart Guide
No ratings yet
UASC FMST Quickstart Guide
23 pages
Business Data Structures For B2B Commerce
No ratings yet
Business Data Structures For B2B Commerce
18 pages
FAQ in IDMS
No ratings yet
FAQ in IDMS
5 pages
Language Analyst 1611591767
No ratings yet
Language Analyst 1611591767
2 pages
My Life's Journey
From Everand
My Life's Journey
Julius Green Jr
5/5 (1)
TO THINE OWN SELF...: VALUES AND ETHICS IN A COMPLICATED WORLD
From Everand
TO THINE OWN SELF...: VALUES AND ETHICS IN A COMPLICATED WORLD
Ann Noe Dapice
No ratings yet
ENERGYCAL, "As the Thought, So goes the flow"
From Everand
ENERGYCAL, "As the Thought, So goes the flow"
TiareNui Hunkin
No ratings yet
Boundaries, Baby: How to Say ‘No’ and Still Be a Rockstar Educator,”
From Everand
Boundaries, Baby: How to Say ‘No’ and Still Be a Rockstar Educator,”
Thomas Grey
No ratings yet
May Allah Bless The USA
From Everand
May Allah Bless The USA
Shahinul Islam Khalisdar
No ratings yet
Spirit of Life
From Everand
Spirit of Life
Willie Seals
No ratings yet
Realisations Of An Always Searching Mind That Came To Rest
From Everand
Realisations Of An Always Searching Mind That Came To Rest
Jonathan Rohrer
No ratings yet
Thy Kingdom Come
From Everand
Thy Kingdom Come
Apostle Rhetta Jackson-Fair
No ratings yet
The Sandy Steele Mystery MEGAPACK®: 6 Young Adult Novels (Complete Series)
From Everand
The Sandy Steele Mystery MEGAPACK®: 6 Young Adult Novels (Complete Series)
Roger Barlow
No ratings yet
To My Grandchildren: A Journey Back In Time To My Early Years And Beyond
From Everand
To My Grandchildren: A Journey Back In Time To My Early Years And Beyond
Philip J Giurbino
No ratings yet
Neuroscience of Mind Empowerment and Metacognition: Epigenetics, Neuroplasticity, Meditation, and Music Therapy
From Everand
Neuroscience of Mind Empowerment and Metacognition: Epigenetics, Neuroplasticity, Meditation, and Music Therapy
Prof. Anees Akhtar
No ratings yet
Miniature Aussiedoodle Activities Miniature Aussiedoodle Tricks, Games & Agility Includes: Miniature Aussiedoodle Beginner to Advanced Tricks, Fun Games, Agility and More
From Everand
Miniature Aussiedoodle Activities Miniature Aussiedoodle Tricks, Games & Agility Includes: Miniature Aussiedoodle Beginner to Advanced Tricks, Fun Games, Agility and More
Evan Butler
No ratings yet
CIVIL ENGINEERING DESIGN INFORMATION SYSTEMS.: 2 & 3 - DIMENSIONAL AUTOCAD MODELING IN REAL COORDINATE GEOMETRY VLADIMIR
From Everand
CIVIL ENGINEERING DESIGN INFORMATION SYSTEMS.: 2 & 3 - DIMENSIONAL AUTOCAD MODELING IN REAL COORDINATE GEOMETRY VLADIMIR
VLADIMIR L NEMCHENOK
No ratings yet
Intrusion Detection Honeypots
From Everand
Intrusion Detection Honeypots
Chris Sanders
3/5 (2)
Write Articles
From Everand
Write Articles
MUHAMMAD NUR WAHID ANUAR
No ratings yet
Sheepadoodle Activities Sheepadoodle Tricks, Games & Agility Includes: Sheepadoodle Beginner to Advanced Tricks, Fun Games, Agility and More
From Everand
Sheepadoodle Activities Sheepadoodle Tricks, Games & Agility Includes: Sheepadoodle Beginner to Advanced Tricks, Fun Games, Agility and More
Max Rutherford
No ratings yet
Osama the Gun
From Everand
Osama the Gun
Norman Spinrad
5/5 (1)
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
1/5 (1)
The Birds and the Bee
From Everand
The Birds and the Bee
William C. O'Sullivan
No ratings yet
Unlocking Statistics for the Social Sciences
From Everand
Unlocking Statistics for the Social Sciences
Norma Sinclair
No ratings yet
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
From Everand
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
Michael Basler
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Breaking Barriers: S.T.E.M Mentorship in Business
From Everand
Breaking Barriers: S.T.E.M Mentorship in Business
Matthew C. Smith
No ratings yet
Cutting-Edge Desktop UI Development with Python, PySide6, PyQt6
From Everand
Cutting-Edge Desktop UI Development with Python, PySide6, PyQt6
Jay Nans
No ratings yet
A Discourse Analysis of 1 Peter
From Everand
A Discourse Analysis of 1 Peter
Ervin Ray Starwalt
No ratings yet
BlockChain for Beginners
From Everand
BlockChain for Beginners
Matthew Smith
No ratings yet
Business English Writing: Effective Business Writing Tips and Will Help You Write Better and More Effectively at Work
From Everand
Business English Writing: Effective Business Writing Tips and Will Help You Write Better and More Effectively at Work
Mary G. Lewis
No ratings yet
Conquering the Competition: Strategies for Standing Out in the Gaming Content Landscape
From Everand
Conquering the Competition: Strategies for Standing Out in the Gaming Content Landscape
Rian McCullen
No ratings yet
10K Blueprint
From Everand
10K Blueprint
Cian O Farrell
5/5 (2)
The Amazing Biological Revolution and The Amazing New Health Care
From Everand
The Amazing Biological Revolution and The Amazing New Health Care
Bertil Lindmark
No ratings yet
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
From Everand
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
Jay Nans
No ratings yet
Content Creation Revolution with chatGPT
From Everand
Content Creation Revolution with chatGPT
Maria Cowen
No ratings yet
CAN Bus for Beginners: A Practical Guide to Automotive Networking
From Everand
CAN Bus for Beginners: A Practical Guide to Automotive Networking
Mohamad Charara
No ratings yet
Hamlet Had an Uncle: A Comedy of Honor
From Everand
Hamlet Had an Uncle: A Comedy of Honor
James Branch Cabell
4.5/5 (7)
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Day Trader-Forex Trading
From Everand
Day Trader-Forex Trading
Murry Naga
No ratings yet
A To Z of Internet: Everything You Wanted to Know
From Everand
A To Z of Internet: Everything You Wanted to Know
Bittu Kumar
No ratings yet
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet
Kellory the Warlock
From Everand
Kellory the Warlock
Lin Carter
No ratings yet
The First Science Fiction Novel MEGAPACK®: 6 Great Science Fiction Novels
From Everand
The First Science Fiction Novel MEGAPACK®: 6 Great Science Fiction Novels
John Gregory Betancourt
No ratings yet