cogent – Bredemarket

Let’s Explain the MINEX Acronyms

(Part of the biometric product marketing expert series)

Any endeavor, scientific or non-scientific, tends to generate a host of acronyms that the practitioners love to use.

For people interested in fingerprint identification, I’ve written this post to delve into some of the acronyms associated with NIST MINEX testing, including ANSI, INCITS, FIPS, and PIV.

And, of course, NIST and MINEX.

After defining what the acronyms stand for, I’ll talk about the MINEX III test. Because fingerprints are still relevant.

Common MINEX acronyms

NIST

We have to start with NIST, of course. NIST is the National Institute of Standards and Technology, part of the U.S. Department of Commerce.

NIST was involved with fingerprints before NIST even existed. Back when NIST was still the NBS (National Bureau of Standards), it issued its first fingerprint interchange standard back in 1986. I’ve previously talked about the 1993 version of the standard in this post, “When 250ppi Binary Fingerprint Images Were Acceptable.”

But let’s move on to another type of interchange.

MINEX

It’s even more important that we define MINEX, which stands for Minutiae (M) Interoperability (IN) Exchange (EX).

You’ll recall that the 1993 (and previous, and subsequent) versions of the ANSI/NIST standard included a “Type 9” to record the minutiae generated by the vendor for each fingerprint. However, each vendor generated minutiae according to its own standard. Back in 1993 Cogent had its standard, NEC its standard, Morpho its standard, and Printrak its standard.

So how do you submit Cogent minutiae to a Printrak system? There are two methods:

First, you don’t submit them at all. Just ignore the Cogent minutiae, look at the Printrak image, and use an algorithm regenerate the minutiae to the Printrak standard. While this works with high quality tenprints, it won’t work with low quality latent (crime scene) prints that require human expertise.

The second method is to either convert the Cogent minutiae to the Printrak minutiae standard, or convert both standards into a common format.

Something like ANSI INCITS 378-2009 (S2019).

So I guess we need to define two more acronyms.

ANSI

Actually, I should have defined ANSI earlier, since I’ve already referred to it when talking about the ANSI/NIST data interchange formats.

ANSI is the American National Standards Institute. Unlike NIST, which is an agency of the U.S. government, ANSI is a private entity. Here’s how it describes itself:

The American National Standards Institute (ANSI) is a private, non-profit organization that administers and coordinates the U.S. voluntary standards and conformity assessment system. Founded in 1918, the Institute works in close collaboration with stakeholders from industry and government to identify and develop standards- and conformance-based solutions to national and global priorities….

ANSI is not itself a standards developing organization. Rather, the Institute provides a framework for fair standards development and quality conformity assessment systems and continually works to safeguard their integrity.

So ANSI, rather than creating its own standards, works with outside organizations such as NIST…and INCITS.

INCITS

Now that’s an eye-catching acronym, but INCITS isn’t trying to cause trouble. Really, they’re not. Believe me.

INCITS, or the InterNational Committee for Information Technology Standards, is another private organization. It’s been around since 1961, and like NIST has been known under different names in the past.

Back in 2004, INCITS worked with ANSI (and NIST, who created samples) to develop three standards: one for finger images (ANSI INCITS 381-2004), one for face recognition (ANSI INCITS 385-2004), and one for finger minutiae (ANSI INCITS 378-2004, superseded by ANSI INCITS 378-2009 (S2019)).

From https://webstore.ansi.org/standards/incits/incits3782009s2019.

When entities used this vendor-agnostic minutiae format, then minutiae from any vendor could in theory be interchanged with those from any other vendor.

This came in handy when the FIPS was developed for PIV. Ah, two more acronyms.

FIPS and PIV

One year after the three ANSI INCITS standards were released, this happened (the acronyms are defined in the text):

Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity credentials issued by the Federal Government to its employees and contractors. These credentials are used by mechanisms that authenticate individuals who require access to federally controlled facilities, information systems, and applications. This Standard addresses requirements for initial identity proofing, infrastructure to support interoperability of identity credentials, and accreditation of organizations issuing PIV credentials.

From the General Services Administration.

So the PIV, defined by a FIPS, based upon an ANSI INCITS standard, defined a way for multiple entities to create and support fingerprint minutiae that were interoperable.

But how do we KNOW that they are interoperable?

Let’s go back to NIST and MINEX.

Testing interoperability

So NIST ended up in charge of figuring out whether these interoperable minutiae were truly interoperable, and whether minutiae generated by a Cogent system could be used by a Printrak system. Of course, by the time MINEX testing began Printrak no longer existed, and a few years later Cogent wouldn’t exist either.

You can read the whole history of MINEX testing here, but for now I’m going to skip ahead to MINEX III (which occurred many years after MINEX04, but who’s counting?).

Like some other NIST tests we’ve seen before, vendors and other entities submit their algorithms, and NIST does the testing itself.
In this case, all submitters include a template generation algorithm, and optionally can include a template matching algorithm.
Then NIST tests each algorithm against every other algorithm. So the “innovatrics+0020” template generator is tested against itself, and is also tested against the “morpho+0115” algorithm, and all the other algorithms.

NIST then performs its calculations and comes up with summary values of interoperability, which can be sliced and diced a few different ways for both template generators and template matchers.

From NIST. Top 10 template generators (*Ascending “Pooled 2 Fingers FNMR @ FMR≤10^-2“*) as of July 29, 2024.

And this test, like some others, is an ongoing test, so perhaps in a few months someone will beat Innovatrics for the top pooled 2 fingers spot.

Are fingerprints still relevant?

And entities WILL continue to submit to the MINEX III test. While a number of identity/biometric professionals (frankly, including myself) seem to focus on faces rather than fingerprints, fingers still play a vital role in biometric identification, verification, and authentication.

Fingerprints are clearly a 21st century tool.

Even if one vendor continues its obsession with 1970s crime fighters.

And no, I’m NOT going to explain what the acronym FAP means. This post has too many acronyms already (TMAA).

When 250ppi Binary Fingerprint Images Were Acceptable

(Part of the biometric product marketing expert series)

I remember the first computer I ever owned: a Macintosh Plus with a hard disk with a whopping 20 megabytes of storage space. And that hard disk held ALL my files, with room to spare.

For sake of comparison, the video at the end of this blog post would fill up three-quarters of that old hard drive. Not that the Mac would have any way to play that video.

That Mac is now literally a museum piece.

By Tmarki – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=8058630.

And its 20 megabyte hard disk illustrates the limitations of those days. File storage was a precious commodity in the 1980s and 1990s, and we therefore accepted images that we wouldn’t even think about accepting today.

This affected the ways in which entities exchanged biometric information.

The 1993 ANSI/NIST standard

The ANSI/NIST standard for biometric data interchange has gone through several iterations over the years, beginning in 1986 when NIST didn’t even exist (it was called the National Bureau of Standards in those days).

From https://csrc.nist.gov/nist-cyber-history.

Fingerprints only

When I began working for Printrak in 1994, the image interchange standard in effect was ANSI/NIST-CSL 1-1993, the “Data Format for the Interchange of Fingerprint Information.”

Yes, FINGERPRINT information. No faces. No scars/marks/tattoos. signatures, voice recordings, dental/oral data, irises, DNA, or even palm prints. Oh, and no XML-formatted interchange either. Just fingerprints.

No logical record type 99, or even type 10

Back in 1993, there were only 9 logical record types.

From https://www.nist.gov/system/files/documents/2021/02/03/ansi-nist-csl_1-1993.pdf

For purposes of this post I’m going to focus on logical record types 3 through 6 and explain what they mean.

Type 3, Fingerprint image data (low-resolution grayscale).
Type 4, Fingerprint image data (high-resolution grayscale).
Type 5, Fingerprint image data (low-resolution binary).
Type 6, Fingerprint image data (high-resolution binary).

Image resolution in the 1993 standard

In the 1993 version of the ANSI/NIST standard:

“Low-resolution” was defined in standard section 5.2 as “9.84 p/mm +/- 0.10 p/mm (250 p/in +/- 2.5 p/in),” or 250 pixels per inch (250ppi).
The “high-resolution” definition in sections 5.1 and 5.2 was twice that, or “19.69 p/mm +/- 20 p/mm (500 p/in +/- 5 p/in.”
While you could transmit at these resolutions, the standard still mandated that you actually scan the fingerprints at the “high-resolution” 500 pixels per inch (500ppi) value.

Incidentally, this brings up an important point. The series of ANSI/NIST standards are not focused on STORAGE of data. They are focused on INTERCHANGE of data. They only provided a method for Printrak system users to exchange data with automated fingerprint identification systems (AFIS) from NEC, Morpho, Cogent, and other fingerprint system providers. Just interchange. Nothing more.

Binary and grayscale data in the 1993 standard

Now let’s get back to Types 3 through 6 and note that you were able to exchange binary fingerprint images.

Yup, straight black and white images.

The original uploader was CountingPine at English Wikipedia. – Transferred from en.wikipedia to Commons., CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=90286557.

Why the heck would fingerprint experts tolerate a system that transmitted binary images that latent fingerprint examiners considered practically useless?

Because they had to.

Storage and transmission constraints in 1993

Two technological constraints adversely affected the interchange of fingerprint data in 1993:

Storage space. As mentioned above, storage space was limited and expensive in the 1980s and the 1990s. Not everyone could afford to store detailed grayscale images with (standard section 4.2) “eight bits (256 gray levels)” of data. Can you imagine storing TEN ENTIRE FINGERS with that detail, at an astronomical 500 pixels per inch?
Transmission speed. There was another limitation enforced by the modems of the data. Did I mention that the ANSI/NIST standard was an INTERCHANGE standard? Well, you couldn’t always interchange your data via the huge 1.44 megabyte floppy disks of the day. Sometimes you had to pull your your trusty 14.4k or 28.8k modem and send the images over the telephone. Did you want to spend the time sending those huge grayscale images over the phone line?

Sound effects not included. By Wilton Ramon de Carvalho Machado – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3572726.

So as a workaround, the ANSI/NIST standard allowed users to interchange binary (black and white) images to save disk space and modem transmission time.

And we were all delighted with the capabilities of the 1993 ANSI/NIST standard.

Until we weren’t.

The 2015 ANSI/NIST standard

The current standard, ANSI/NIST-ITL 1-2011 Update 2015, supports a myriad of biometric types. For fingerprints (and palm prints), the focus is on grayscale images: binary image Type 5 and Type 6 are deprecated in the current standard, and low-resolution Type 3 grayscale images are also deprecated. Even Type 4 is shunned by most people in favor of new friction ridge image types in which the former “high resolution” is now the lowest resolution that anyone supports:

Excludes record types 20-22, 98, and 99. From https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-290e3.pdf

Type 13, Variable-resolution latent friction ridge image.
Type 14, Variable-resolution fingerprint image.
Type 15, Variable-resolution palm print image.

We’ve come a long way.

Now that you’ve read this whole thing, I’ll share my video which covers everything in 25 seconds.

Fade to gray.

By the time I upload this video to Instagram, I’ll probably use Instagram’s music facilities to add this song as background music.

And note that the band name is spelled Visage with one I, not Viisage with two I’s. (Now part of IDEMIA, along with Printrak.)
But the spelling inaccuracy is not surpring. The band can’t spell “gray” either.

From https://www.youtube.com/watch?v=eZHk4RwIp_g.

The Big 3, or 4, or 5? Through the Years

On September 30, FindBiometrics and Acuity Market Intelligence released the production version of the Biometric Digital Identity Prism Report. You can request to download it here.

From https://findbiometrics.com/prism/ as of 9/30/2023.

Central to the concept of the Biometric Digital Identity Prism is the idea of the “Big 3 ID,” which the authors define as follows:

These firms have a global presence, a proven track record, and moderate-to-advanced activity in every other prism beam.
From “The Biometric Digital Identity Prism Report, September 2023.”

The Big 3 are IDEMIA, NEC, and Thales.

Whoops, wrong Big Three, although the Soviet Union/Russia and the United Kingdom have also been heavily involved in fingerprint identification. By U.S. Signal Corps photo. – http://hdl.loc.gov/loc.pnp/cph.3a33351 http://teachpol.tcnj.edu/amer_pol_hist/thumbnail381.html, Public Domain, https://commons.wikimedia.org/w/index.php?curid=538831

But FindBiometrics and Acuity Market Intelligence didn’t invent the Big 3. The concept has been around for 40 years. And two of today’s Big 3 weren’t in the Big 3 when things started. Oh, and there weren’t always 3; sometimes there were 4, and some could argue that there were 5.

So how did we get from the Big 3 of 40 years ago to the Big 3 of today?

The Big 3 in the 1980s

Back in 1986 (eight years before I learned how to spell AFIS) the American National Standards Institute, in conjunction with the National Bureau of Standards, issued ANSI/NBS-ICST 1-1986, a data format for information interchange of fingerprints. The PDF of this long-superseded standard is available here.

Cover page of ANSI/NBS-ICST 1-1986. PDF here.

When creating this standard, ANSI and the NBS worked with a number of law enforcement agencies, as well as companies in the nascent fingerprint industry. There is a whole list of companies cited at the beginning of the standard, but I’d like to name four of them.

De La Rue Printrak, Inc.
Identix, Inc.
Morpho Systems
NEC Information Systems, Inc.

While all four of these companies produced computerized fingerprinting equipment, three of them had successfully produced automated fingerprint identification systems, or AFIS. As Chapter 6 of the Fingerprint Sourcebook subsequently noted:

De La Rue Printrak (formerly part of Rockwell, which was formerly Autonetics) had deployed AFIS equipment for the U.S. Federal Bureau of Investigation and for the cities of Minneapolis and St. Paul as well as other cities. Dorothy Bullard (more about her later) has written about Printrak’s history, as has Reference for Business.
Morpho Systems resulted from French AFIS efforts, separate from those of the FBI. These efforts launched Morpho’s long-standing relationship with the French National Police, as well as a similar relationship (now former relationship) with Pierce County, Washington.
NEC had deployed AFIS equipment for the National Police Academy of Japan, and (after some prodding; read Chapter 6 for the story) the city of San Francisco. Eventually the state of California obtained an NEC system, which played a part in the identification of “Night Stalker” Richard Ramirez.

Richard Ramirez mug shot, taken on 12 December 1984 after an arrest for car theft. By Los Angeles Police Department – [1], Public Domain, https://commons.wikimedia.org/w/index.php?curid=29431687

After the success of the San Francisco and California AFIS systems, many other jurisdictions began clamoring for AFIS of their own, and turned to these three vendors to supply them.

The Big 4 in the 1990s

But in 1990, these three firms were joined by a fourth upstart, Cogent Systems of South Pasadena, California.

While customers initially preferred the Big 3 to the upstart, Cogent Systems eventually installed a statewide system in Ohio and a border control system for the U.S. government, plus a vast number of local systems at the county and city level.

Between 1991 and 1994, the (Immigfation and Naturalization Service) conducted several studies of automated fingerprint systems, primarily in the San Diego, California, Border Patrol Sector. These studies demonstrated to the INS the feasibility of using a biometric fingerprint identification system to identify apprehended aliens on a large scale. In September 1994, Congress provided almost $30 million for the INS to deploy its fingerprint identification system. In October 1994, the INS began using the system, called IDENT, first in the San Diego Border Patrol Sector and then throughout the rest of the Southwest Border.
From https://oig.justice.gov/reports/plus/e0203/back.htm

I was a proposal writer for Printrak (divested by De La Rue) in the 1990s, and competed against Cogent, Morpho, and NEC in AFIS procurements. By the time I moved from proposals to product management, the next redefinition of the “big” vendors occurred.

The Big 3 in 2003

There are a lot of name changes that affected AFIS participants, one of which was the 1988 name change of the National Bureau of Standards to the National Institute of Standards and Technology (NIST). As fingerprints and other biometric modalities were increasingly employed by government agencies, NIST began conducting tests of biometric systems. These tests continue to this day, as I have previously noted.

One of NIST’s first tests was the Fingerprint Vendor Technology Evaluation of 2003 (FpVTE 2003).

From https://www.nist.gov/itl/iad/image-group/fingerprint-vendor-technology-evaluation-fpvte-2003

For those who are familiar with NIST testing, it’s no surprise that the test was thorough:

FpVTE 2003 consists of multiple tests performed with combinations of fingers (e.g., single fingers, two index fingers, four to ten fingers) and different types and qualities of operational fingerprints (e.g., flat livescan images from visa applicants, multi-finger slap livescan images from present-day booking or background check systems, or rolled and flat inked fingerprints from legacy criminal databases).
From https://www.nist.gov/itl/iad/image-group/fingerprint-vendor-technology-evaluation-fpvte-2003

Eighteen vendors submitted their fingerprint algorithms to NIST for one or more of the various tests, including Bioscrypt, Cogent Systems, Identix, SAGEM MORPHO (SAGEM had acquired Morpho Systems), NEC, and Motorola (which had acquired Printrak). And at the conclusion of the testing, the FpVTE 2003 summary (PDF) made this statement:

Of the systems tested, NEC, SAGEM, and Cogent produced the most accurate results.

Which would have been great news if I were a product manager at NEC, SAGEM, and Cogent.

Unfortunately, I was a product manager at Motorola.

The effect of this report was…not good, and at least partially (but not fully) contributed to Motorola’s loss of its long-standing client, the Royal Canadian Mounted Police, to Cogent.

The Big 3, 4, or 5 after 2003

So what happened in the years after FpVTE was released? Opinions vary, but here are three possible explanations for what happened next.

Did the Big 3 become the Big 4 again?

Now I probably have a bit of bias in this area since I was a Motorola employee, but I maintain that Motorola overcame this temporary setback and vaulted back into the Big 4 within a couple of years. Among other things, Motorola deployed a national 1000 pixels-per-inch (PPI) system in Sweden several years before the FBI did.

Did the Big 3 remain the Big 3?

Motorola’s arch-enemies at Sagem Morpho had a different opinion, which was revealed when the state of West Virginia finally got around to deploying its own AFIS. A bit ironic, since the national FBI AFIS system IAFIS was located in West Virginia, or perhaps not.

Anyway, Motorola had a very effective sales staff, as was apparent when the state issued its Request for Proposal (RFP) and explicitly said that the state wanted a Motorola AFIS.

That didn’t stop Cogent, Identix, NEC, and Sagem Morpho from bidding on the project.

After the award, Dorothy Bullard and I requested copies of all of the proposals for evaluation. While Motorola (to no one’s surprise) won the competition, Dorothy and I believed that we shouldn’t have won. In particular, our arch-enemies at Sagem Morpho raised a compelling argument that it should be the chosen vendor.

Their argument? Here’s my summary: “Your RFP says that you want a Motorola AFIS. The states of Kansas (see page 6 of this PDF) and New Mexico (see this PDF) USED to have a Motorola AFIS…but replaced their systems with our MetaMorpho AFIS because it’s BETTER than the Motorola AFIS.”

But were Cogent, Motorola, NEC, and Sagem Morpho the only “big” players?

Did the Big 3 become the Big 5?

While the Big 3/Big 4 took a lot of the headlines, there were a number of other companies vying for attention. (I’ve talked about this before, but it’s worthwhile to review it again.)

Identix, while making some efforts in the AFIS market, concentrated on creating live scan fingerprinting machines, where it competed (sometimes in court) against companies such as Digital Biometrics and Bioscrypt.
The fingerprint companies started to compete against facial recognition companies, including Viisage and Visionics.
Oh, and there were also iris companies such as Iridian.
And there were other ways to identify people. Even before 9/11 mandated REAL ID (which we may get any year now), Polaroid was making great efforts to improve driver’s licenses to serve as a reliable form of identification.

In short, there were a bunch of small identity companies all over the place.

But in the course of a few short years, Dr. Joseph Atick (initially) and Robert LaPenta (subsequently) concentrated on acquiring and merging those companies into a single firm, L-1 Identity Solutions.

From https://www.officer.com/investigations/forensics/company/10037062/l1-identity-solutions-inc

These multiple mergers resulted in former competitors Identix and Digital Biometrics, and former competitors Viisage and Visionics, becoming part of one big happy family. (A multinational big happy family when you count Bioscrypt.) Eventually this company offered fingerprint, face, iris, driver’s license, and passport solutions, something that none of the Big 3/Big 4 could claim (although Sagem Morpho had a facial recognition offering). And L-1 had federal contracts and state contracts that could match anything that the Big 3/Big 4 offered.

So while L-1 didn’t have a state AFIS contract like Cogent, Motorola, NEC, and Sagem Morpho did, you could argue that L-1 was important enough to be ranked with the big boys.

So for the sake of argument let’s assume that there was a Big 5, and L-1 Identity Solutions was part of it, along with the three big boys Motorola, NEC, and Safran (who had acquired Sagem and thus now owned Sagem Morpho), and the independent Cogent Systems. These five companies competed fiercly with each other (see West Virginia, above).

In a two-year period, everything would change.

The Big 3 after 2009

Hang on to your seats.

The Motorola RAZR was hugely popular…until it wasn’t. Eventually Motorola split into two companies and sold off others, including the “Printrak” Biometric Business Unit. By NextG50 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=130206087

By 2009, Safran (resulting from the merger of Sagem and Snecma) was an international powerhouse in aerospace and defense and also had identity/biometric interests. Motorola, in the meantime, was no longer enjoying the success of its RAZR phone and was looking at trimming down (prior to its eventual, um, bifurcation). In response to these dynamics, Safran announced its intent to purchase Motorola’s Biometric Business Unit in October 2008, an effort that was finalized in April 2009. The Biometric Business Unit (adopting its former name Printrak) was acquired by Sagem Morpho and became MorphoTrak. On a personal level, Dorothy Bullard moved out of Proposals and I moved into Proposals, where I got to work with my new best friends that had previously slammed Motorola for losing the Kansas and New Mexico deals. (Seriously, Cindy and Ron are great folks.)
By 2010, the fiercely independent Cogent was independent no more, having been acquired by 3M. (NEC thought about buying Cogent but didn’t.)
By 2011, Safran decided that it needed additional identity capabilities, so it acquired L-1 Identity Solutions and renamed the acquisition as MorphoTrust.

If you’re keeping notes, the Big 5 have now become the Big 3: 3M, Safran, and NEC (the one constant in all of this).

While there were subsequent changes (3M sold Cogent and other pieces to Gemalto, Safran sold all of Morpho to Advent International/Oberthur to form IDEMIA, and Gemalto was acquired by Thales), the Big 3 has remained constant over the last decade.

And that’s where we are today…pending future developments.

If Alphabet or Amazon reverse their current reluctance to market their biometric offerings to governments, the entire landscape could change again.
Or perhaps a new AI-fueled competitor could emerge.

The 1 Biometric Content Marketing Expert

This was written by John Bredehoft of Bredemarket.

If you work for the Big 3 or the Little 80+ and need marketing and writing services, the biometric content marketing expert can help you. There are several ways to get in touch:

Book a meeting with me at calendly.com/bredemarket. Be sure to fill out the information form so I can best help you.

Email me at john.bredehoft@bredemarket.com.
Contact me at bredemarket.com/contact/.
Subscribe to my mailing list at http://eepurl.com/hdHIaT.