When marketing digital identity products secured by biometrics, emphasize that they are MORE secure and more private than their physical counterparts.
When you hand your physical driver’s license over to a sleazy bartender, they find out EVERYTHING about you, including your name, your birthdate, your driver’s license number, and even where you live.
When you use a digital mobile driver’s license, bartenders ONLY learn what they NEED to know—that you are over 21.
Any endeavor, scientific or non-scientific, tends to generate a host of acronyms that the practitioners love to use.
For people interested in fingerprint identification, I’ve written this post to delve into some of the acronyms associated with NIST MINEX testing, including ANSI, INCITS, FIPS, and PIV.
NIST was involved with fingerprints before NIST even existed. Back when NIST was still the NBS (National Bureau of Standards), it issued its first fingerprint interchange standard back in 1986. I’ve previously talked about the 1993 version of the standard in this post, “When 250ppi Binary Fingerprint Images Were Acceptable.”
But let’s move on to another type of interchange.
MINEX
It’s even more important that we define MINEX, which stands for Minutiae (M) Interoperability (IN) Exchange (EX).
You’ll recall that the 1993 (and previous, and subsequent) versions of the ANSI/NIST standard included a “Type 9” to record the minutiae generated by the vendor for each fingerprint. However, each vendor generated minutiae according to its own standard. Back in 1993 Cogent had its standard, NEC its standard, Morpho its standard, and Printrak its standard.
So how do you submit Cogent minutiae to a Printrak system? There are two methods:
First, you don’t submit them at all. Just ignore the Cogent minutiae, look at the Printrak image, and use an algorithm regenerate the minutiae to the Printrak standard. While this works with high quality tenprints, it won’t work with low quality latent (crime scene) prints that require human expertise.
The second method is to either convert the Cogent minutiae to the Printrak minutiae standard, or convert both standards into a common format.
The American National Standards Institute (ANSI) is a private, non-profit organization that administers and coordinates the U.S. voluntary standards and conformity assessment system. Founded in 1918, the Institute works in close collaboration with stakeholders from industry and government to identify and develop standards- and conformance-based solutions to national and global priorities….
ANSI is not itself a standards developing organization. Rather, the Institute provides a framework for fair standards development and quality conformity assessment systems and continually works to safeguard their integrity.
So ANSI, rather than creating its own standards, works with outside organizations such as NIST…and INCITS.
INCITS
Now that’s an eye-catching acronym, but INCITS isn’t trying to cause trouble. Really, they’re not. Believe me.
Back in 2004, INCITS worked with ANSI (and NIST, who created samples) to develop three standards: one for finger images (ANSI INCITS 381-2004), one for face recognition (ANSI INCITS 385-2004), and one for finger minutiae (ANSI INCITS 378-2004, superseded by ANSI INCITS 378-2009 (S2019)).
When entities used this vendor-agnostic minutiae format, then minutiae from any vendor could in theory be interchanged with those from any other vendor.
This came in handy when the FIPS was developed for PIV. Ah, two more acronyms.
FIPS and PIV
One year after the three ANSI INCITS standards were released, this happened (the acronyms are defined in the text):
Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity credentials issued by the Federal Government to its employees and contractors. These credentials are used by mechanisms that authenticate individuals who require access to federally controlled facilities, information systems, and applications. This Standard addresses requirements for initial identity proofing, infrastructure to support interoperability of identity credentials, and accreditation of organizations issuing PIV credentials.
So the PIV, defined by a FIPS, based upon an ANSI INCITS standard, defined a way for multiple entities to create and support fingerprint minutiae that were interoperable.
But how do we KNOW that they are interoperable?
Let’s go back to NIST and MINEX.
Testing interoperability
So NIST ended up in charge of figuring out whether these interoperable minutiae were truly interoperable, and whether minutiae generated by a Cogent system could be used by a Printrak system. Of course, by the time MINEX testing began Printrak no longer existed, and a few years later Cogent wouldn’t exist either.
You can read the whole history of MINEX testing here, but for now I’m going to skip ahead to MINEX III (which occurred many years after MINEX04, but who’s counting?).
Like some other NIST tests we’ve seen before, vendors and other entities submit their algorithms, and NIST does the testing itself.
In this case, all submitters include a template generation algorithm, and optionally can include a template matching algorithm.
Then NIST tests each algorithm against every other algorithm. So the “innovatrics+0020” template generator is tested against itself, and is also tested against the “morpho+0115” algorithm, and all the other algorithms.
NIST then performs its calculations and comes up with summary values of interoperability, which can be sliced and diced a few different ways for both template generators and template matchers.
From NIST. Top 10 template generators (Ascending “Pooled 2 Fingers FNMR @ FMR≤10-2“) as of July 29, 2024.
And this test, like some others, is an ongoing test, so perhaps in a few months someone will beat Innovatrics for the top pooled 2 fingers spot.
Are fingerprints still relevant?
And entities WILL continue to submit to the MINEX III test. While a number of identity/biometric professionals (frankly, including myself) seem to focus on faces rather than fingerprints, fingers still play a vital role in biometric identification, verification, and authentication.
The cohesive suite of security and productivity solutions provided by an E5 licence can significantly streamline your technological landscape, doing away with a number of on-premises and SaaS tools.
While many organisations opt for the lower-cost E3 licence, they may find this soon requires a supplementary selection of single-solution tools from alternate vendors to patch gaps in its capabilities.
Too many solutions means confusion, an often-disjointed workflow, potential overlap and overspend, and crucially, increased security risk.
By consolidating your collaboration, productivity, automation, and security solutions into a single trusted vendor platform, IT management becomes simplified, redundant solutions can be axed, and ROI can be better measured.
The Microsoft E5 Security Components
So you get everything from a single source with no finger pointing. What could go wrong?
Plenty, according to those who still think of Microsoft as an evil empire.
Microsoft is making a compelling case to businesses to consolidate into the Microsoft umbrella of products. The ease of use, and financial motives just make too much sense. Now do those customers get a great IAM experience with that? Meh…kinda. Entra SSO is solid product, Active Directory/EntraID is solid, MIM…well….we don’t talk about MIM.
Microsoft Identity Manager
Well, I will talk about MIM, or Microsoft Identity Manager.
Microsoft Identity Manager (MIM) 2016 builds on the identity and access management capabilities of Forefront Identity Manager (FIM) 2010 and predecessor technologies. MIM provides integration with heterogeneous platforms across the datacenter, including on-premises HR systems, directories, and databases.
MIM augments Microsoft Entra cloud-hosted services by enabling the organization to have the right users in Active Directory for on-premises apps. Microsoft Entra Connect can then make available in Microsoft Entra ID for Microsoft 365 and cloud-hosted apps
But what of the argument that it’s better to get everything from one vendor? Other companies will tout their best-in-class products. While you’ll end up with a possibly disjointed solution, the work will get done more accurately.
In the end, it’s up to you. Do you want a single solution that is “good enough” and is already pre-made, or do you want to take the best solution from the best-in-class vendors and roll your own?
I remember the first computer I ever owned: a Macintosh Plus with a hard disk with a whopping 20 megabytes of storage space. And that hard disk held ALL my files, with room to spare.
For sake of comparison, the video at the end of this blog post would fill up three-quarters of that old hard drive. Not that the Mac would have any way to play that video.
And its 20 megabyte hard disk illustrates the limitations of those days. File storage was a precious commodity in the 1980s and 1990s, and we therefore accepted images that we wouldn’t even think about accepting today.
This affected the ways in which entities exchanged biometric information.
The 1993 ANSI/NIST standard
The ANSI/NIST standard for biometric data interchange has gone through several iterations over the years, beginning in 1986 when NIST didn’t even exist (it was called the National Bureau of Standards in those days).
Yes, FINGERPRINT information. No faces. No scars/marks/tattoos. signatures, voice recordings, dental/oral data, irises, DNA, or even palm prints. Oh, and no XML-formatted interchange either. Just fingerprints.
No logical record type 99, or even type 10
Back in 1993, there were only 9 logical record types.
For purposes of this post I’m going to focus on logical record types 3 through 6 and explain what they mean.
Type 3, Fingerprint image data (low-resolution grayscale).
Type 4, Fingerprint image data (high-resolution grayscale).
Type 5, Fingerprint image data (low-resolution binary).
Type 6, Fingerprint image data (high-resolution binary).
Image resolution in the 1993 standard
In the 1993 version of the ANSI/NIST standard:
“Low-resolution” was defined in standard section 5.2 as “9.84 p/mm +/- 0.10 p/mm (250 p/in +/- 2.5 p/in),” or 250 pixels per inch (250ppi).
The “high-resolution” definition in sections 5.1 and 5.2 was twice that, or “19.69 p/mm +/- 20 p/mm (500 p/in +/- 5 p/in.”
While you could transmit at these resolutions, the standard still mandated that you actually scan the fingerprints at the “high-resolution” 500 pixels per inch (500ppi) value.
Incidentally, this brings up an important point. The series of ANSI/NIST standards are not focused on STORAGE of data. They are focused on INTERCHANGE of data. They only provided a method for Printrak system users to exchange data with automated fingerprint identification systems (AFIS) from NEC, Morpho, Cogent, and other fingerprint system providers. Just interchange. Nothing more.
Binary and grayscale data in the 1993 standard
Now let’s get back to Types 3 through 6 and note that you were able to exchange binary fingerprint images.
Why the heck would fingerprint experts tolerate a system that transmitted binary images that latent fingerprint examiners considered practically useless?
Because they had to.
Storage and transmission constraints in 1993
Two technological constraints adversely affected the interchange of fingerprint data in 1993:
Storage space. As mentioned above, storage space was limited and expensive in the 1980s and the 1990s. Not everyone could afford to store detailed grayscale images with (standard section 4.2) “eight bits (256 gray levels)” of data. Can you imagine storing TEN ENTIRE FINGERS with that detail, at an astronomical 500 pixels per inch?
Transmission speed. There was another limitation enforced by the modems of the data. Did I mention that the ANSI/NIST standard was an INTERCHANGE standard? Well, you couldn’t always interchange your data via the huge 1.44 megabyte floppy disks of the day. Sometimes you had to pull your your trusty 14.4k or 28.8k modem and send the images over the telephone. Did you want to spend the time sending those huge grayscale images over the phone line?
So as a workaround, the ANSI/NIST standard allowed users to interchange binary (black and white) images to save disk space and modem transmission time.
And we were all delighted with the capabilities of the 1993 ANSI/NIST standard.
Until we weren’t.
The 2015 ANSI/NIST standard
The current standard, ANSI/NIST-ITL 1-2011 Update 2015, supports a myriad of biometric types. For fingerprints (and palm prints), the focus is on grayscale images: binary image Type 5 and Type 6 are deprecated in the current standard, and low-resolution Type 3 grayscale images are also deprecated. Even Type 4 is shunned by most people in favor of new friction ridge image types in which the former “high resolution” is now the lowest resolution that anyone supports:
This week has been a busy week in Bredemarket-land, including work on some of the following client projects:
Creating the first deliverable as part of a three-part series of deliverables.
Reworking that first deliverable for more precision.
Preparing to start work on the second deliverable.
Drafting a blog post for a client.
Gathering information for an email newsletter for a client.
Following up on a couple of consulting opportunities that take advantage of my identity/biometric expertise.
Creating a promotional reel based upon the grapes in my backyard. (Yet another reel. I plan to reveal it next week.)
Engaging in other promotional activities on Bredemarket’s key social media channels.
Plus I’ve been working on some non-Bredemarket deliverables and meetings with a significant time commitment.
But there’s one more Bredemarket deliverable that I haven’t mentioned—because I’m about to discuss it now.
The task
Without going into detail, a client required me to repurpose a piece of third-party government-authored (i.e. non-copyrighted) text, originally written for a particular market.
Shorten the text so it would be more attractive to the new market.
Simplify the presentation of the text to make it even more attractive to the new market.
The request was clear, and I’ve already completed the first draft of the text and am working on the second draft.
But I wanted to dive into the three steps above—not regarding this particular client writing project, but in a more general way.
Step 1: Rewrite
When you’ve worked in a lot of different industries, you learn that each industry has its own language, including things you say—and things you don’t say.
I’ll give you an example that doesn’t reflect the particular project I was working on, but does reflect why rewriting is often necessary.
When I started in biometrics, the first two industries that I wrote about were law enforcement and benefits administration.
Law enforcement’s primary purpose is to catch bad people, although sometimes it can exonerate good people. So when you’re talking about law enforcement applications, you frequently use a lot of terms that are negative in nature, such as “surveillance,” “suspect,” and “mugshot.”
Benefits administration’s primary purpose is to help good people, although sometimes it can catch bad people who steal benefits from good people. So when you’re talking about benefits administration applications, you tend toward more positive terms such as “beneficiary.” And if you take a picture of a beneficiary’s face, for heaven’s sake DON’T REFER TO THE FACIAL IMAGE AS A “MUGSHOT.”
These two examples illustrate why something originally written for “market 1” must often be rewritten for “market 2.”
But sometimes a simple rewrite isn’t enough.
Step 2: Shorten
Now I don’t play in the B2C market in which crisp text is extremely necessary. But it’s needed in the various B2G and B2B markets also—some more than others.
If you are writing for more scientific markets, your readers are more accustomed to reading long, academic, “Sage”-like blocks of text.
But if you are writing for other markets, such as hospitality, your readers not only don’t want to read long blocks of text, but actively despise it.
You need to “get to the point.”
Tim Conway (Sr.), as repeatedly played during Jim Healy’s old radio show. Sourced from the Jim Healy Tribute Site.
In my particular project, “market 1” was one of those markets that valued long-windedness, while “market 2” clearly didn’t. So I had to cut the text down significantly, using the same techniques that I use when rewriting my “draft 0.5” (which a client NEVER sees) to my “draft 1” (which I turn over to the client).
But sometimes a simple shorten isn’t enough.
Step 3: Simplify
If you know me, you know I’m not graphically inclined.
Someday I will reach this level of graphic creativity. Originally created by Jleedev using Inkscape and GIMP. Redrawn as SVG by Ben Liblit using Inkscape. – Own work, Public Domain, link.
But I still pay attention to the presentation of my words.
Remember those long blocks of text that I mentioned earlier? One way to break them up is to use bullets.
Bullets break up long blocks of text into manageable chunks.
Bullets are easier to read.
So your reader will be very happy.
But as I was editing this particular piece of content, sometimes I ran into long lists of bullets, which weren’t really conducive to the reading experience.
Question
Answer
What does this mean?
Why are long lists of bullets bad?
Because with enough repetition, they’re just as bad as long blocks of text.
Your readers will tune you out.
How can you format long lists of bullets into something easier to read?
One way is to convert the bullets into a table with separate entries.
Your readers will enjoy a more attractive presentation.
What do tables do for your reader?
They arrange the content in two dimensions rather than one.
The readers’ eyes move in two directions, rather than just one.
Hey, wait a minute…
Yeah, I just plugged my seven questions again by intentionally using the first three: why, how, and what.
You can go here to download the e-book “Seven Questions Your Content Creator Should Ask You.”
I don’t have the skill to make WordPress tables look as attractive as Microsoft Word tables. But even this table breaks up the monotony of paragraphs and lists, don’t you think?
So what happened?
After I had moved through the three steps of rewriting, shortening, and simplifying the original content, I had a repurposed piece of content that was much more attractive to the “hungry people” (target audience) who were going to read it.
These people wouldn’t fall asleep while reading the content, and they wouldn’t be offended by some word that didn’t apply to them (such as “mugshot”).
So don’t be afraid to repurpose—even for a completely different market.
I do it all the time.
Look at two of my recent reels. Note the differences. But note the similarities.
The identity/biometrics version of the reel.
The Inland Empire version of the same reel.
So which of Bredemarket’s markets do you think will receive the “grapes” reel?
I wanted to share the latter on NextDoor, but that service wouldn’t accept the video.
Thinking the 45 second length was the issue, I decided to create a 15 second version of the Inland Empire video…and a 15 second version of the (50 second) identity/biometrics video while I was at it.
For those of you who would like to”a nice surprise…every once in a while.”
Identity/biometric.
Inland Empire.
By the way, I’m considering creating a new Inland Empire video…with an agricultural theme. (Fruits, not cows.)
I should properly open this post by stating any necessary disclosures…but I don’t have any. I know NOTHING about the goings-on reported in this post other than what I read in the papers.
However, I do know the history of Thales and mobile driver’s licenses. Which makes the recent announcements from Florida and Thales even more surprising.
Gemalto’s pioneering mobile driver’s license pilots
Back when I worked for IDEMIA from 2017 to 2020, many states were performing some level of testing of mobile driver’s licenses. Rather than having to carry a physical driver’s license card, you would be able to carry a virtual one on your phone.
Some of these states were working with the company Gemalto to create pilots for mobile driver’s licenses. As early as 2016, Gemalto announced its participation in pilot mDL projects in Colorado, Idaho, Maryland, and Washington DC. As I recall, at the time Gemalto had more publicly-known pilots in process than any other vendor, and appeared to be leading the pack in the effort to transition driver’s licenses from the (physical) wallet to the smartphone.
Thales’ operational mobile driver’s license
By the time Gemalto was acquired by and absorbed into Thales, the company won the opportunity to provide an operational (as opposed to pilot) driver’s license. The Florida Smart ID app has been available to both iPhone and Android users since 2021.
One of the most important pieces of new information was a revised set of Frequently Asked Questions (or “Question,” or “Statement”) on the “Florida Smart ID” section of the Florida Highway Safety and Motor Vehicles website.
The Florida Smart ID applications will be updated and improved by a new vendor. At this time, the Florida Department of Highway Safety and Motor Vehicles is removing the current Florida Smart ID application from the app store. Please email FloridaSmartID@flhsmv.gov to receive notification of future availability.
Um…that was abrupt.
But a second piece of information, a Thales statement shared by PC Mag, explained the abruptness…in part.
In a statement provided to PCMag, a Thales spokesperson said the company’s contract with the FLHSMV expired on June 30, 2024.
“The project has now entered a new phase in which the FLHSMV requirements have evolved, necessitating a retender,” Thales says. “Thales chose not to compete in this tender. However, we are pleased to have been a part of this pioneering solution and wishes it continued success.”
The new vendor and/or the State of Florida chose not to begin providing services when the Thales contract expired on June 30.
Thales and/or the State of Florida chose not to temporarily renew the existing contract until the new vendor was providing services in 2025.
This third point is especially odd. I’ve known of situations where Company A lost a renewal bid to Company B, Company B was unable to deliver the new system on time, and Company A was all too happy to continue to provide service until Company B (or in some cases the government agency itself) got its act together.
Anyway, for whatever reason, those who had Florida mobile driver’s licenses have now lost them, and will presumably have to go through an entirely new process (with an as-yet unknown vendor) to get their mobile driver’s licenses again.
I’m not sure how much more we will learn publicly, and I don’t know how much is being whispered privately. Presumably the new vendor, whoever it is, has some insight, but they’re not talking.
As Identity and biometrics solution providers know, their applications are found in a variety of vertical markets.
A LARGE variety of vertical markets.
Seven of these markets include financial services, travel and hospitality, government services, education, health, criminal applications, and venues. (Among others.)
Which three vertical markets does the Prism Project examine?
To start this post, I’m going to cheat and “appropriate” the work already performed by the Prism Project.
This effort is managed by Maxine Most’s Acuity Market Intelligence and supported by a variety of partners (including industry partners).
The Prism Project has identified 3 (so far) critical vertical markets for identity and biometrics. While this doesn’t pretend to be a comprehensive list, it’s a good starting point to illustrate the breadth of markets that benefit from identity and biometrics.
The Prism Project has already released its report for financial services, which businesses can download here.
The Prism Project has started to develop its report for travel and hospitality. You can preview the report here.
Finally, the Prism Project plans to release a report addressing government services later in the year. For the latest status of this report, visit the Prism Project home page.
As you can see, identity and biometrics apply in wildly diverging vertical markets. You can use identity verification to open a bank account, enter your hotel room, or pay your taxes.
But those aren’t the only markets that use identity and biometrics.
Let me school you on two other markets, education and health
Let’s look at two markets that the Prism Project hasn’t covered…yet.
Education
Chaffey High School, Ontario, California.
Another example of a market that uses identity and biometrics is the education market.
Who is allowed on a physical campus? Students? Teachers? Staff? Parents and guardians?
Who is NOT allowed on a physical campus? Expelled students? Fired faculty and staff?
Who is taking that remotely-administered online test?
Bredemarket has written several posts about educational applications for identity and biometrics. You can read all my education writing on Bredemarket’s “Educational Identity” information page.
Health
What, did you expect me to post a Marcus Welby picture here? I’m sharing a real medical professional: Jonas Salk administering the polio vaccine. By Yousuf Karsh, photographer – Wisdom Magazine, Aug. 1956 (Vol 1, No. 8), PD-US, https://en.wikipedia.org/w/index.php?curid=27746788.
Similarly Bredemarket has written several posts about healthcare applications for identity and biometrics, including some that dwell on the unique privacy legislation that covers healthcare. You can read all my health writing on Bredemarket’s “Health” information page. (It’s not called “Health Identity” because healthcare has both identity and technology aspects.)
Another source on finance
By the way, Bredemarket also has a page on “Financial Identity,” but the Prism Project’s content is more comprehensive.
But wait…there’s more!
So this is the point where Ed McMahon intones, “So Acuity Market Intelligence and Bredemarket have identified all five of the markets that benefit from the use of identity and biometrics!”
So let’s look at two more markets that benefit from the use of identity and biometrics-two markets that I know very well from the beginning and end of my time at Printrak/Motorola/MorphoTrak/IDEMIA.
Criminal applications
There are government services, and then there are government services.
I started my biometric journey over 29 years ago when I wrote proposals addressed to law enforcement agencies who wanted to find out who left their fingerprints on a crime scene, and whether the person being arrested was who they said they were.
I don’t know if Maxine Most is going to classify criminal applications as a subset of government services, but there are clear reasons that she may not want to do this.
When you pay your taxes or apply for unemployment benefits, you WANT the biometric system to identify you correctly.
When you steal a car or rob a bank, you do NOT want the biometric system to identify you correctly.
Big difference.
Stadiums, concert halls, and other venues
If someone asked me in late 2019 what my career five year plan was, I would have had a great story to tell.
As I was wrapping up over 24 years in identity and biometrics, I was about to help my then-employer IDEMIA enter a new market, the venue market. This market, which CLEAR was already exploring at the time, replaced the cumbersome ticketing process with the use of frictionless biometrics to enter sports stadiums, concert halls, trade shows, and related venues. Imagine using your face or IDEMIA’s contactless fingerprint solution MorphoWave to enter a venue, enter secure restricted areas, or even order food and beverages.
Imagine the convenience that benefit consumer and venue operator alike.
What could go wrong? I mean, the market was robust, and we certainly would NEVER face a situation in which all the stadiums and all the concert halls and all the trade shows would suddenly close down.
Since early 2020 when a worldwide pandemic DID shut down a lot of things, many identity/biometric firms have entered the venue market with a slew of solutions to benefit fans, teams, and venues alike.
And still more
There are many more vertical markets than these seven, ranging from agriculture to automobile access to computer physical/logical access to construction to customer service (mainly voice) to critical infrastructure to gaming (computer gaming) to gaming (gambling) to the gig economy to manufacturing to real estate to retail to telecommunications to transportation (planes, trains, buses, taxis, and cruise ships).
And all these markets have a biometric story to tell.
Can Bredemarket help you describe how your identity/biometric solution addresses one or more of these markets?
Bredemarket 