Untitled

Oracle Biometrics Manager 8.0.3

for the Oracle Advanced Networking Option

README for Oracle Biometrics Manager and Identix TouchNet II

This README covers three areas related to Oracle Biometrics Manager 8.0.3

* Overview

* Working with Identix TouchNetII manually

* Documentation Addendum

Overview

Oracle Biometrics Manager is used to administer the biometric credentials (fingerprints) of Oracle 8.0.3 database users that use the Oracle Advanced Networking Option (with the Identix Authentication Adapter) to authenticate to their database. The product is only useful as a means to enable this feature of ANO for Oracle 8.0.3 databases and their clients.

Biometrically authenticated

connection

SQL*Net 8.0.3 Client <------------------------> Oracle 8.0.3 Server

with Oracle Advanced with Oracle Advanced

Networking Option Networking option

Oracle Biometrics

Manager with -------------------------- > Biometric Authentication

Enterprise Manager Service Repository

version 1.4.0

Oracle Enterprise Manager 1.4.0 provides the Oracle Biometrics Manager and the Biometric Authentication Service. The Oracle Advanced Networking Option is available as a separate product, not included with Oracle Enterprise Manager 1.4.0.

Working with Identix TouchNet II manually

The Oracle Installer is capable of configuring your Identix TouchNetII Device Driver automatically. If however during the install of Biometrics Manager you chose not to allow the installer to set up your Identix TouchNet II Device Driver then you can configure it manually as follows;

Note :You need to know the IO Port that your Identix TouchNet II

hardware is using before doing this. Please refer to your

Identix TouchNet II Hardware documentation.

To install the TouchNet II Encrypt Device Driver for Intel Windows NT:

1. Change directory to %ORACLE_HOME%\IDENTIX

2. Modify the IoPortAddress parameter in ETSIINT.INI to the current TouchNet II Encrypt I/O port setting. For example :

IoPortAddress = REG_DWORD 0x00000280 for I/O port 0x280

3. Modify the Windows NT directory setting in ETSIINT.BAT. For example:

copy etsiint.sys c:\winnt40\system32\drivers or,

copy etsiint.sys c:\winnt\system32\drivers

4. Run batch file ETSIINT.BAT.

5. Use the SetKey utilility in the Biometrics Manager Program Group to set a hash key In Hex. Set the key to C001BABE for example (do not use this value!). Make sure the hash key matches exaclty the one set in the DEFAULT Security policy. You may use any hex character in the value, up to 32 digits.

5. Re-boot the system, and the device driver will start to work.

6. To make sure the device driver is running, check "DEVICES" in "CONTROL PANEL" after re-boot. The device "ETSIINT" should be started already.

After installation of Biometrics Manager

IMPORTANT : The "Identix TouchNet II Encrypt" software that is installed as part of Oracle Biometrics Manager requires that a Windows NT environment variable, "ETSII_IOPORT", to be set in you environment before using TouchNet II Encrypt. This environment variable must be set to a value in the format,

ETSII_IOPORT=0X< value >

For example,

ETSII_IOPORT=0X280

This environment variable should be set as a System Environment Variable.

Note : If The IO Port setting for your Identix TouchNet II Encrypt

is not 0X280 then you must set this environment variable to be

the correct value. Please refer to your Identix TouchNet II

Hardware documentation.

Documentation Addendum for Oracle Advanced Networking Option Administrator's Guide. Part #A54084-01.

The Oracle Biometric Authentication Service for the Advanced Networking Option version 8.0.3 is described in the Oracle Advanced Networking Option Administrators Guide. The following are addendum points made to accompany this guide.

6.3.1 Oracle Biometrics Manager PC

You do not need to Install Identix TouchNetII. You will automatically obtain the correct Identix TouchNetII software when you install Oracle Biometrics Manager. This software is Identix TouchNetII version 1.4

6.4 Configuring the Biometric Authentication Service - Step 1.

You do not need to copy SQL scripts to your authentication server. Oracle Biometrics Manager contains new Repository Create and Delete utilities;

There is a utility named, "Create Oracle Biometrics Repository" in your Biometrics Manager Program Group. This utility when envoked allows you to prepare a database for use as an Oracle Biometrics Repository.

There is also a utility named, "Remove Oracle Biometrics Repository" in your Oracle Biometrics Manager Program Group. This utility when envoked allows you to undo the changes made to your database by the Create utility. This utility will completely erase the contents of your Oracle Biometrics Repository and should only be used if you are absolutely sure that you wish to destroy all the fingerprints in it.

Note : The Create utility adds two users, "ofm_admin" and "ofm_client" to

your database. It also adds a tablespace and datafile to your Oracle

Biometrics Repository to support these users. You may inspect the

file nauicrt.sql in your IDENTIX directory under the Oracle Home

directory for the exact SQL used in these operations.

Note : Do not use these utilities against an Oracle Server that has an

existing ofm_admin user currently logged on.

Both utilites ask you to provide log-on details for the database you wish to configure. You should supply the SYSTEM username, password and Net8 service name details. If you are not using a remote database then you need only supply the SYSTEM username and password.

When you first connect to your new Biometric Authentication Service as user ofm_admin, Biometrics Manager will ask you if you wish to establish a new Repository on this database. You may select "Yes" and a new Repository will be generated for you.

Known Problem:

If you use the "Create Oracle Biometrics Repository" utility against a database where this operation has already been performed, or you run the utility against a database where you have already used the "Remove Oracle Biometrics Repository" utility you may see the following error :

XP-07016: A database error has occurred:

create tablespace ofm

datafile 'ofm.dbf' SIZE 10M

ORA-01119: error in creating database file 'ofm.dbf'

ORA-27038: skgfrcre: file exists

XP-07031: An error occurred while processing file C:\ORANT/IDENTIX/nauicrt.sql

This is because there is still a datafile present on your Oracle Server from the last time Oracle Biometrics Repository was installed. To remedy this problem your Oracle DBA must delete the file, "ofm.dbf" in the DBS directory in the Oracle Server's Oracle Home directory.

Note : As a precaution, the DBA should issue the command,

"drop tablespace ofm;" on the Oracle Server before deleting

this file. However, the tablespace, "ofm" should already

have been internally dropped after using the Biometrics Manager

Delete utility.

6.4 Configuring the Biometric Authentication Service - Step 2.

You are not recommended to edit your SQLNet.ORA file by hand. Rather, you should use the new Oracle Net8 Assistant to perform this configuration for you.

6.4 Configuring the Biometric Authentication Service - Step 3.

A full example of a service name used by a database server to reference itself as the fingerprint repository also is;

(description=

(address=

(protocol=tcp)

(host=box)

(port=1000)

)

(connect_data=

(sid=ORCL)

)

(SECURITY=AUTHENTICATION_SERVICE=NONE)

)

6.5 Configuring the Biometric Authentication Service using the Oracle Net8 Assistant

You do not neccessarily need to configure your clients and servers to use encryption when using the Oracle Net8 Assistant for this purpose. You may refer directly to the "Profile Folder Authentication Tab" stage on page 6-9.

There is an on-line context-sensitive help provided with Oracle Biometrics Manager 8.0.3. Use of the help. Operation of the applet is explained in Chapter 6 of "Oracle Advanced Networking Option Administrators Guide" book number A54084-01).

Known Problem : If you use context-sensitive help and click on certain windows in parts of Biometrics Manager other that the main detail view you may see the following error message;

"Help Topic not found. Please contact your vendor for an updated help file".

You may disregard this message and instead refer to your "Oracle Advanced Networking Option Administrators Guide".

Once you have configured the database server that is to be used as your Biometric Auhentication Service, test the connection by connecting as: ofm_admin/<password> (The password chosen at the installation step)

Adminstering the Oracle Biometric Authentication Service (page 11)

Before you add users, use the Identix SetKey utility to configure a (hex) hashkey on each of the clients (for example: FF03EE. The key must be the same for each client and match the DEFAULT policy hash key value. (See Add Policy.)

Add Policy (page 19)

To add a new policy:

1. Click Policies.

2. Click the [+] sign (called the Create button) on the Tool Bar. The

dialog box appears.

3. Tab to or click the boxes in which the data is to be entered.

4. Type the policy's name, "DEFAULT", and the three threshold levels. See your Identix

documentation for a detailed explanation the meaning of these levels.

5. Choose a hash key (hex) for this policy. For example: FF03EE6. Click the [Create] box.