MegaMatcher Automated Biometric Identification System (further in this document MegaMatcher ABIS or MMABIS) Administration Panel is dynamic administrative interface that is used to manage the system. Administration panel is primarily used by the MMABIS administrator. The following functionality is accessible through Administration Panel:
- Dashboard provides overview of the overall status and health of MegaMatcher ABIS.
- Administrative tasks shows the list of ongoing or finished tasks and enables tasks filtering.
- Transactions displays all MMABIS transactions list and enables transactions filtering.
- Configuration includes setting parameters, changing biographic fields, role, user and script
- Metrics shows biometric and hardware metrics of the MMABIS.
- Logs dispalys the log of the MMABIS.
- Tools shows all the tools for the MMABIS.
Control panel is accessed through web browser (http(s)://<mega_matcher_abis_unit_ip>/admin. The default username and password is admin/admin. It is recommended to change the password after the first login to the system (go to Configuration → User Management, select admin user, press Edit and enter the new password).
When you login, you will be taken to the dashboard which provides an overview of the whole MegaMatcher ABIS system status, including statuses for clusters, units, and for individual services. Clusters, units and services which are healthy and working properly are displayed in green, while broken or not properly functioning ones in red.
All administrative tasks (such as user creation, parameter changes, etc.) in MegaMatcher ABIS are saved. It is possible to see what administration task was performed at what time and the user who started the task.
Administrative tasks can be accessed by navigating to “Administrative Tasks” section in MegaMatcher ABIS Control Panel.
It is possible to apply a filter which only display administrative tasks which match the criteria such as done on specific date interval or started by some user.
A report can be generated which captures all the information displayed on the screen to PDF file.
Roles: Administrator, Supervisor.
Transaction view in MegaMatcher ABIS Control Panel displays the list of currently executing and recently completed transactions. Newest transactions appear at the top of the list.
Usually, there is a large amount of transactions in typical deployments and it is useful to filter transactions by specified criteria (such as date range).
Report of all transactions matching filter criteria can be generated by choosing “Download report” in the transaction list.
By clicking transaction in the list it is possible to see detailed information including history of all adjudication steps that were taken. Transaction details can be captured in report by using “Download report” button.
Configuration view enables to change parameters of the MMABIS.
Biometric parameters can be changed in Configuration > Parameters section of Control Panel.
Administrator role is required to perform such changes.
Biometric thresholds are used for identification, verification and duplicate check operations.
Identification and duplicate check thresholds
There are two parameters: lower and top threshold.
In case of identification operation, only lower threshold is taken into account. If matching score is >= (higher than or equals) lower threshold, then result is considered a match.
In case of Enroll with duplicate check, lower and top threshold define a “gray zone” where system cannot automatically decide whether there was a duplicate or not and transaction is sent to adjudication module where human adjudication operator takes the decision. These thresholds can be used to control number of cases which are created for adjudication.
Picking optimal thresholds for some specific database may require experimentation. If it turns out that some threshold values caused too many adjudication cases to be created, it is possible to apply the changed threshold values to previously processed transactions. In such cases transactions which would not need adjudication with the new parameters are processed automatically and unneeded adjudication cases are deleted. In order to use this functionality, enable an ‘Apply retrospectively’ check box.
In some cases top threshold is not desired for Enroll operation and human operator should always review the results which are higher than the lower threshold. To enable such scenario, a top threshold can be set to a very high value (100,000).
Required roles: Only users who have administrator role assigned are allowed to change identification parameters.
Verification parameters include a matching threshold for the verification operation. If matching score for candidate and specified reference template is >= (greater than or equal) than the matching threshold for verification, then verification operation result is a match (and not match otherwise).
Required roles: Only users who have administrator role assigned are allowed to change verification parameters.
These parameters filters matching results and changes master encounter selector:
- Matching result filter. Default matching results filtering (None setting) can be changed to the specified script (Script setting) filtering. In the section Script Management Groovy script for matching result filtering can be specified.
- Master encounter selector. Each subject can have several biometric encounters within the MMABIS. System administrator can change which encounter is displayed. Master encounter can be determined by the latest record, matching quality or master encounter selection script can be specified as described in Script Management section.
18.104.22.168.Additional image processing and matching parameters
These are advanced settings used to customize image processing and matching operations. System administrator should change these parameters only when required and with these provided by Neurotechnology.
Subjects are enrolled to the MMABIS not only with biometric templates saving subject’s fingerprints, face or irises, but also with associated biographic fields. Biographic fields save additional information about a subject, such as name, birth date, sex or nationality. When you login to the Client Panel of MMABIS and try to enroll a new subject, you will be prompted to enter person information containing name, birth date and sex. These are the default biographic fields of the MMABIS.
The default biographic fields can be changed to meet a custom system requirements. These fields can be changed in Configuration > Biographic Fields section of Control Panel. Administrator role is required to perform such changes.
Each new or default biographic fields have these changeable properties:
- Field Key – unique identifier for biographic field used by the MMABIS.
- Field Name – the name of field displayed in the Client Panel of the MMABIS.
- NIST Field Id – unique NIST identifier for the field.
- Field Type – these types can be selected: text, date, date and time, values (user predefined drop down menu with selectable values).
- Required (makes field required to be filled) / Visible (if not checked, field is not visible inin the Client Panel) settings.
- Display column – if checked, column field is displayed among Search results in the Client Panel.
- Searchable field – if checked, this field is displayed among Search filters in the Client Panel.
Biographic field properties changes are saved with Submit button.
The MMABIS uses role-based system access control. Each role has system permission modifiers assigned. Permissions specify the access rights to certain parts of the MMABIS. Roles are assigned for system users. So an authorized user can access only these parts of the MMABIS that were enabled by an assigned role.
Roles can be changed in Configuration > Role Management section of Control Panel. Administrator role is required to perform such changes.
Role management section displays the list of the default system roles:
Each role is defined by these changeable parameters:
- ID – unique uppercase identifier of the role.
- Name – displayed role name when assigning to a user.
- Permissions – the list of permissions assigned for each role.
- Modifiers – the list of assigned modifiers for a role.
- Use Edit button to change role parameters or navigate to the bottom and press New role button to create a new role. Let’s create a new role – AIRPORT_OPERATOR which later will be assigned for a new user:
Uses Ctrl keyboard button when selecting multiple permissions.
Permissions are logically grouped by these system operations:
- Biometric (controls which biometric operations are available): enroll, enroll with duplicate check, identify, verify, verify-update, update, delete.
- Transaction (controls which transaction operations in the Client Panel are available): view, list, count, report generation.
- Subject (these permission enables different operations with subjects): view, list.
- Encounter (enables to access different encounter data of a subject): view, face/finger/iris images, face/finger features, export.
- Hits (enables to access encounter hits data): base, details.
- Adjudication (controls which adjudication operations are available): view/solve case, report generation, dashboard, tasks, metrics, logs, parameter modification, biographic field/role/user/script management, development.
- Tools (enables/disables MMABIS tools): clear transactions (used to clear the list of transactions), synchronize services (administrative tool used to synchronize all services, such as matching service or elastic search), calculate NFIQ.
- NIST parser (enables NIST templates parsing).
- Latent fingerprint editor (enables/disables the tool used to edit latent fingerprints).
MegaMatcher ABIS uses role-based authentication to control which users are allowed to access certain resources and perform certain operations. There are also additional permissions which can be assigned to user from any role.
Only Administrator can view or modify list of users and assign or revoke roles.
List of all users can be found by using Configuration > User Management in MegaMatcher ABIS Control Panel. The list all the users of the MegaMatcher ABIS including their attributes is displayed. Next to each user entry there are buttons to edit or delete the user.
New user can be added by clicking a “New User” button at the bottom of the page. Let’s create a new user Airport Operator with previously created role AIRPORT_OPERATOR. Press New user button in the User Management dashboard, enter username and full name, email, password and assign this role:
When you login with the user airportoperator to the Client Panel of MMABIS, you will see that only the views for AIRPORT_OPERATOR role permissions are displayed:
The MegaMatcher ABIS allows to filter matching results dynamically using Groovy programming language scripts. Examples of Groovy scripts:
1.4.6.Email reset setup
Users can change or reset passwords for security reasons. MMABIS system administrator should setup mailing server for sending new password or reset information to MMABIS users. When mailing server is set up, system administrator should provide mail properties to MMABIS. Edit mail.properties and frontend.properties files with these settings:
- mmabis.frontend.base-url=[IP address], where [IP address] is an address to MMAbis Web
Client., e.g. http://127.0.0.1
- mmabis.mail.from=[mail.example.com], email sender.
- mmabis.mail.password-reset-title=[Password reset email title], the title of password reset email.
This dashboard displays the basic biometric and hardware metrics collected by MMABIS.
These biometric metrics for each server are displayed: Transactions throughput and Transactions duration.
Graphics of hardware metrics such as CPU usage, Load, Available memory, Network traffic, Available disk space, Disk traffic for each server are displayed.
In this dashboard the MMABIS logs are displayed. Using filtering, specified logs can be displayed.
In this dashboard an administrator can access these tools for the MMABIS:
- Locales Editor – this tool is used to upload a locale file containing translation of the MMABIS Client and Admin panels.
- Synchronize Matching Service – this tool is used to synchronize transactions to Matching Service.
- Synchronize Elasticsearch – this tool is used for fast search. It is recommended to consult Neurotechnology, before synchronizing Elasticsearch.
- Calculate Missing NFIQ – performs calculation of missing NFIQ data.
- Clear Transactions – clears all transactions.
|Biometric-Enroll||Allow to enroll a person. MMABIS system doesn't check if the person was registrated before.
|Biometric-Enroll with duplicate check||Allow to enroll a person that is not registered in the MMABIS system before.
|Biometric-Identify||Allow to check if a person is in the MMABIS system.
|Biometric-Verify||Allow to check if a person with particular ID is in the MMABIS system.
|Biometric-Verify-Update||Allow to update the subject data before checking if that data is particular subject.
|Biometric-Update||Allow to update subject data.
|Biometric-Delete||Allow to delete subject or encounter.
|Transaction-View||Allow to view particular information of transaction.
|Transaction-List||Allow to see transactions list.
|Transaction-Count||Allow to view a count of transactions.
|Transaction-Report generation||Allow to download transactions report.
|Subject-View||Allow to view particular subject.
|Subject-List||Allow to view subjects list.
|Encounter-View||Allow to view particular encounter.
|Encounter-Face images||Allow to view encounter face image.
|Encounter-Finger images||Allow to view encounter fingerprints images.
|Encounter-Iris images||Allow to view encounter irises images.
|Encounter-Face features||Allow to view detailed comparison of matched biometric data (face).
|Encounter-Finger features||Allow to view detailed comparison of matched biometric data (fingerprints).
|Encounter-Export||Allow to export nist type file with all biometric and biographic data of particular encounter.
|Hits-Base||Allow to view hits.
|Hits-Details||Allow to view details of particular hit.
|Adjudication-View case||Allow to view not solved adjudication cases.
|Adjudication-Solve case||Allow to solve adjudication cases.
|Adjudication-Report generation||Allow to download adjudication report.
|Administration-Dashboard||Allow to view Dashboard in administration website.
|Administration-Tasks||Allow to view information about each transaction.
|Administration-Metrics||Allow to view Metrics in administration website.
|Administration-Logs||Allow to view Logs in administration website.
|Administration-Parameter modification||Allow to modify identification and verification thresholds parameters.
|Administration-Biographic field management||Allow to add new biografic fields, modify or delete them.
|Administration-Role management||Allow to modify, create or delete new management roles.
|Administration-User management||Allow to create or delete users and modify their names, emails, passwords, permissions, status, modifiers.
|Administration-Script management||Allow to choose the right script type.
|Administration-Development||Allow to use locales editor.
|Tools-Clear transactions||Allow to clear transactions.
|Tools-Synchronize services||Allow to synchronize services.
|Tools-Calculate NFIQ||Allow to view calculated NFIQ for each new subject fingerprints data.
|NIST parser||Allow to upload your file with nist type in enroll section.
|Latent fingerprint editor||Allow to investigate fingerprint pattern.
|Transaction-From all users||Allow to view transactions from all users.
|Adjudication-Supervisor||Allow to view a list and details of solved and unsolved adjudication cases. Also allows to solve them.