Administration guide

MegaMatcher Automated Biometric Identification System (further in this document MegaMatcher ABIS or MMABIS) Administration Panel is dynamic administrative interface that is used to manage the system. Administration panel is primarily used by the MMABIS administrator. The following functionality is accessible through Administration Panel:

• Dashboard provides overview of the overall status and health of MegaMatcher ABIS.
• Administrative tasks shows the list of ongoing or finished tasks and enables tasks filtering.
• Transactions displays all MMABIS transactions list and enables transactions filtering.
• Configuration includes setting parameters, changing biographic fields, role, user and script
  management.
• Metrics shows biometric and hardware metrics of the MMABIS.
• Logs dispalys the log of the MMABIS.
• Tools shows all the tools for the MMABIS.

Control panel is accessed through web browser (http(s)://<mega_matcher_abis_unit_ip>/admin. The default username and password is admin/admin. It is recommended to change the password after the first login to the system (go to Configuration → User Management, select admin user, press Edit and enter the new password).

Figure 1. Administration panel login

When you login, you will be taken to the dashboard which provides an overview of the whole MegaMatcher ABIS system status, including statuses for clusters, units, and for individual services. Clusters, units and services which are healthy and working properly are displayed in green, while broken or not properly functioning ones in red.

Figure 2. MegaMatcher ABIS Administration Panel – Dashboard

All administrative tasks (such as user creation, parameter changes, etc.) in MegaMatcher ABIS are saved. It is possible to see what administration task was performed at what time and the user who started the task.

Administrative tasks can be accessed by navigating to “Administrative Tasks” section in MegaMatcher ABIS Control Panel.

It is possible to apply a filter which only display administrative tasks which match the criteria such as done on specific date interval or started by some user.

A report can be generated which captures all the information displayed on the screen to PDF file.

Roles: Administrator, Supervisor.

Figure 3. MMABIS Administrative Tasks

Transaction view in MegaMatcher ABIS Control Panel displays the list of currently executing and recently completed transactions. Newest transactions appear at the top of the list.

Usually, there is a large amount of transactions in typical deployments and it is useful to filter transactions by specified criteria (such as date range).

Report of all transactions matching filter criteria can be generated by choosing “Download report” in the transaction list.

By clicking transaction in the list it is possible to see detailed information including history of all adjudication steps that were taken. Transaction details can be captured in report by using “Download report” button.

Figure 4. MMABIS Transactions view

Configuration view enables to change parameters of the MMABIS.

Biometric parameters can be changed in Configuration > Parameters section of Control Panel.
Administrator role is required to perform such changes.

Biometric thresholds are used for identification, verification and duplicate check operations.

Identification and duplicate check thresholds

There are two parameters: lower and top threshold.
In case of identification operation, only lower threshold is taken into account. If matching score is >= (higher than or equals) lower threshold, then result is considered a match.

In case of Enroll with duplicate check, lower and top threshold define a “gray zone” where system cannot automatically decide whether there was a duplicate or not and transaction is sent to adjudication module where human adjudication operator takes the decision. These thresholds can be used to control number of cases which are created for adjudication.

Picking optimal thresholds for some specific database may require experimentation. If it turns out that some threshold values caused too many adjudication cases to be created, it is possible to apply the changed threshold values to previously processed transactions. In such cases transactions which would not need adjudication with the new parameters are processed automatically and unneeded adjudication cases are deleted. In order to use this functionality, enable an ‘Apply retrospectively’ check box.

In some cases top threshold is not desired for Enroll operation and human operator should always review the results which are higher than the lower threshold. To enable such scenario, a top threshold can be set to a very high value (100,000).

Required roles: Only users who have administrator role assigned are allowed to change identification parameters.

Verification thresholds

Verification parameters include a matching threshold for the verification operation. If matching score for candidate and specified reference template is >= (greater than or equal) than the matching threshold for verification, then verification operation result is a match (and not match otherwise).

Required roles: Only users who have administrator role assigned are allowed to change verification parameters.

These parameters filters matching results and changes master encounter selector:

• Matching result filter. Default matching results filtering (None setting) can be changed to the specified script (Script setting) filtering. In the section Script Management Groovy script for matching result filtering can be specified.
• Master encounter selector. Each subject can have several biometric encounters within the MMABIS. System administrator can change which encounter is displayed. Master encounter can be determined by the latest record, matching quality or master encounter selection script can be specified as described in Script Management section.

These are advanced settings used to customize image processing and matching operations. System administrator should change these parameters only when required and with these provided by Neurotechnology.

Subjects are enrolled to the MMABIS not only with biometric templates saving subject’s fingerprints, face or irises, but also with associated biographic fields. Biographic fields save additional information about a subject, such as name, birth date, sex or nationality. When you login to the Client Panel of MMABIS and try to enroll a new subject, you will be prompted to enter person information containing name, birth date and sex. These are the default biographic fields of the MMABIS.

The default biographic fields can be changed to meet a custom system requirements. These fields can be changed in Configuration >  Biographic Fields section of Control Panel. Administrator role is required to perform such changes.

Figure 5. MMABIS Biographic Fields

Each new or default biographic fields have these changeable properties:

• Field Key – unique identifier for biographic field used by the MMABIS.
• Field Name – the name of field displayed in the Client Panel of the MMABIS.
• NIST Field Id – unique NIST identifier for the field.
• Field Type – these types can be selected: text, date, date and time, values (user predefined drop down menu with selectable values).
• Required (makes field required to be filled) / Visible (if not checked, field is not visible inin the Client Panel) settings.
• Display column – if checked, column field is displayed among Search results in the Client Panel.
• Searchable field – if checked, this field is displayed among Search filters in the Client Panel.

Biographic field properties changes are saved with Submit button.

The MMABIS uses role-based system access control. Each role has system permission modifiers assigned. Permissions specify the access rights to certain parts of the MMABIS. Roles are assigned for system users. So an authorized user can access only these parts of the MMABIS that were enabled by an assigned role.

Roles can be changed in Configuration > Role Management section of Control Panel. Administrator role is required to perform such changes.

Role management section displays the list of the default system roles:

Figure 6. MMABIS Role Management

Each role is defined by these changeable parameters:

• ID – unique uppercase identifier of the role.
• Name – displayed role name when assigning to a user.
• Permissions – the list of permissions assigned for each role.
• Modifiers – the list of assigned modifiers for a role.
• Use Edit button to change role parameters or navigate to the bottom and press New role button to create a new role. Let’s create a new role – AIRPORT_OPERATOR which later will be assigned for a new user:

Figure 7. MMABIS new role window

Uses Ctrl keyboard button when selecting multiple permissions.

Permissions are logically grouped by these system operations:

• Biometric (controls which biometric operations are available): enroll, enroll with duplicate check, identify, verify, verify-update, update, delete.
• Transaction (controls which transaction operations in the Client Panel are available): view, list, count, report generation.
• Subject (these permission enables different operations with subjects): view, list.
• Encounter (enables to access different encounter data of a subject): view, face/finger/iris images, face/finger features, export.
• Hits (enables to access encounter hits data): base, details.
• Adjudication (controls which adjudication operations are available): view/solve case, report generation, dashboard, tasks, metrics, logs, parameter modification, biographic field/role/user/script management, development.
• Tools (enables/disables MMABIS tools): clear transactions (used to clear the list of transactions), synchronize services (administrative tool used to synchronize all services, such as matching service or elastic search), calculate NFIQ.
• NIST parser (enables NIST templates parsing).
• Latent fingerprint editor (enables/disables the tool used to edit latent fingerprints).

MegaMatcher ABIS uses role-based authentication to control which users are allowed to access certain resources and perform certain operations. There are also additional permissions which can be assigned to user from any role.

Only Administrator can view or modify list of users and assign or revoke roles.

List of all users can be found by using Configuration > User Management in MegaMatcher ABIS Control Panel. The list all the users of the MegaMatcher ABIS including their attributes is displayed. Next to each user entry there are buttons to edit or delete the user.

New user can be added by clicking a “New User” button at the bottom of the page. Let’s create a new user Airport Operator with previously created role AIRPORT_OPERATOR. Press New user button in the User Management dashboard, enter username and full name, email, password and assign this role:

Figure 8. MMABIS Create new user

When you login with the user airportoperator to the Client Panel of MMABIS, you will see that only the views for AIRPORT_OPERATOR role permissions are displayed:

Figure 9. MMABIS view for a new user

The MegaMatcher ABIS allows to filter matching results dynamically using Groovy programming language scripts. Examples of Groovy scripts:

Figure 10. Groovy script syntax

Figure 11. Example of Groovy script which accepts match only if country is the same or not defined

Users can change or reset passwords for security reasons. MMABIS system administrator should setup mailing server for sending new password or reset information to MMABIS users. When mailing server is set up, system administrator should provide mail properties to MMABIS. Edit mail.properties and frontend.properties files with these settings:

• mmabis.frontend.base-url=[IP address], where [IP address] is an address to MMAbis Web
  Client., e.g. http://127.0.0.1
• mmabis.mail.from=[mail.example.com], email sender.
• mmabis.mail.password-reset-title=[Password reset email title], the title of password reset email.
• spring.mail.port=[587]
• spring.mail.host=[smtp.mail.example.com]
• spring.mail.username=[username]
• spring.mail.password=[password]
• spring.mail.protocol=[smtp]
• spring.mail.default-encoding=[UTF-8]

This dashboard displays the basic biometric and hardware metrics collected by MMABIS.

These biometric metrics for each server are displayed: Transactions throughput and Transactions duration.

Graphics of hardware metrics such as CPU usage, Load, Available memory, Network traffic, Available disk space, Disk traffic for each server are displayed.

In this dashboard the MMABIS logs are displayed. Using filtering, specified logs can be displayed.

In this dashboard an administrator can access these tools for the MMABIS:

• Locales Editor – this tool is used to upload a locale file containing translation of the MMABIS Client and Admin panels.
• Synchronize Matching Service – this tool is used to synchronize transactions to Matching Service.
• Synchronize Elasticsearch – this tool is used for fast search. It is recommended to consult Neurotechnology, before synchronizing Elasticsearch.
• Calculate Missing NFIQ – performs calculation of missing NFIQ data.
• Clear Transactions – clears all transactions.