Tag Archives: facial recognition

The Difference Between Identity Factors and Identity Modalities

(Part of the biometric product marketing expert series)

I know that I’m the guy who likes to say that it’s all semantics. After all, I’m the person who has referred to five-page long documents as “battlecards.”

But sometimes the semantics are critically important. Take the terms “factors” and “modalities.” On the surface they sound similar, but in practice there is an extremely important difference between factors of authentication and modalities of authentication. Let’s discuss.

What is a factor?

To answer the question “what is a factor,” let me steal from something I wrote back in 2021 called “The five authentication factors.”

Something You Know. Think “password.” And no, passwords aren’t dead. But the use of your mother’s maiden name as an authentication factor is hopefully decreasing.

Something You Have. I’ve spent much of the last ten years working with this factor, primarily in the form of driver’s licenses. (Yes, MorphoTrak proposed driver’s license systems. No, they eventually stopped doing so. But obviously IDEMIA North America, the former MorphoTrust, has implemented a number of driver’s license systems.) But there are other examples, such as hardware or software tokens.

Something You Are. I’ve spent…a long time with this factor, since this is the factor that includes biometrics modalities (finger, face, iris, DNA, voice, vein, etc.). It also includes behavioral biometrics, provided that they are truly behavioral and relatively static.

Something You Do. The Cybersecurity Man chose to explain this in a non-behavioral fashion, such as using swiping patterns to unlock a device. This is different from something such as gait recognition, which supposedly remains constant and is thus classified as behavioral biometrics.

Somewhere You Are. This is an emerging factor, as smartphones become more and more prevalent and locations are therefore easier to capture. Even then, however, precision isn’t always as good as we want it to be. For example, when you and a few hundred of your closest friends have illegally entered the U.S. Capitol, you can’t use geolocation alone to determine who exactly is in Speaker Pelosi’s office.

From https://bredemarket.com/2021/03/02/the-five-authentication-factors/

(By the way, if you search the series of tubes for reading material on authentication factors, you’ll find a lot of references to only three authentication factors, including references from some very respectable sources. Those sources are only 60% right, since they leave off the final two factors I listed above. It’s five factors of authentication, folks. Maybe.)

The one striking thing about the five factors is that while they can all be used to authenticate (and verify) identities, they are inherently different from one another. The ridges of my fingerprint bear no relation to my 16 character password, nor do they bear any relation to my driver’s license. These differences are critical, as we shall see.

What is a modality?

In identity usage, a modality refers to different variations of the same factor. This is most commonly used with the “something you are” (biometric) factor, but it doesn’t have to be.

Biometric modalities

The identity company Aware, which offers multiple biometric solutions, spent some time discussing several different biometric modalities.

[M]any businesses and individuals (are adopting) biometric authentication as it been established as the most secure authentication method surpassing passwords and pins. There are many modalities of biometric authentication to pick from, but which method is the best?  

From https://www.aware.com/blog-which-biometric-authentication-method-is-the-best/

After looking at fingerprints, faces, voices, and irises, Aware basically answered its “best” question by concluding “it depends.” Different modalities have their own strengths and weaknesses, depending upon the use case. (If you wear thick gloves as part of your daily work, forget about fingerprints.)

ID R&D goes a step further and argues that it’s best to use multimodal biometrics, in which the two biometrics are face and voice. (By an amazing coincidence, ID R&D offers face and voice solutions.)

And there are many other biometric modalities.

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “Multimodal Biometric Authentication System for Automatic Certificate Generation.”

Non-biometric modalities

But the word “modalities” is not reserved for biometrics alone. The scientific paper “Multimodal User Authentication in Smart Environments: Survey of User Attitudes,” just released in May, includes this image that lists various modalities. As you can see, two of the modalities are not like the others.

From Aloba, Aishat & Morrison-Smith, Sarah & Richlen, Aaliyah & Suarez, Kimberly & Chen, Yu-Peng & Ruiz, Jaime & Anthony, Lisa. (2023). Multimodal User Authentication in Smart Environments: Survey of User Attitudes. Creative Commons Attribution 4.0 International
  • The three modalities in the middle—face, voice, and fingerprint—are all clearly biometric “something you are” modalities.
  • But the modality on the left, “Make a body movement in front of the camera,” is not a biometric modality (despite its reference to the body), but is an example of “something you do.”
  • Passwords, of course, are “something you know.”

In fact, each authentication factor has multiple modalities.

  • For example, a few of the modalities associated with “something you have” include driver’s licenses, passports, hardware tokens, and even smartphones.

Why multifactor is (usually) more robust than multimodal

Modalities within a single authentication factor are more closely related than modalities within multiple authentication factors. As I mentioned above when talking about factors, there is no relationship between my fingerprint, my password, and my driver’s license. However, there is SOME relationship between my driver’s license and my passport, since the two share some common information such as my legal name and my date of birth.

What does this mean?

  • If I’ve fraudulently created a fake driver’s license in your name, I already have some of the information that I need to create a fake passport in your name.
  • If I’ve fraudulently created a fake iris, there’s a chance that I might already have some of the information that I need to create a fake face.
  • However, if I’ve bought your Coinbase password on the dark web, that doesn’t necessarily mean that I was able to also buy your passport information on the dark web (although it is possible).

Therefore, while multimodal authentication is better tha unimodal authentication, multifactor authentication is usually better still (unless, as Incode Technologies notes, one of the factors is really, really weak).

Can an identity content marketing expert help you navigate these issues?

As you can see, you need to be very careful when writing about modalities and factors.

You need a biometric content marketing expert who has worked with many of these modalities.

Actually, you need an identity content marketing expert who has worked with many of these factors.

So if you are with an identity company and need to write a blog post, LinkedIn article, white paper, or other piece of content that touches on multifactor and multimodal issues, why not engage with Bredemarket to help you out?

If you’re interested in receiving my help with your identity written content, contact me.

Five Topics a Biometric Content Marketing Expert Needs to Understand

As a child, did you sleep at night dreaming that someday you could become a biometric content marketing expert?

“Someday I will star in a video about a document reader!” By Carlos María Herrera – http://www.castells.com.uy/pn_ago06/41-60.htm, Public Domain, https://commons.wikimedia.org/w/index.php?curid=8132604

I didn’t either. Frankly, I didn’t even work in biometrics professionally until I was in my 30s.

If you have a mad adult desire to become a biometric content marketing expert, here are five topics that I (a self-styled biometric content marketing expert) think you need to understand.

Topic One: Biometrics

Sorry to be Captain Obvious, but if you’re going to talk about biometrics you need to know what you’re talking about.

The days in which an expert could confine themselves to a single biometric modality are long past. Why? Because once you declare yourself an iris expert, someone is bound to ask, “How does iris recognition compare to facial recognition?”

Only some of the Biometrics Institute’s types of biometrics. Full list at https://www.biometricsinstitute.org/what-is-biometrics/types-of-biometrics/

And there are a number of biometric modalities. In addition to face and iris, the Biometrics Institute has cataloged a list of other biometric modalities, including fingerprints/palmprints, voice, DNA, vein, finger/hand geometry, and some more esoteric ones such as gait, keystrokes, and odor. (I wouldn’t want to manage the NIST independent testing for odor.)

As far as I’m concerned, the point isn’t to select the best biometric and ignore all the others. I’m a huge fan of multimodal biometrics, in which a person’s identity is verified or authenticated by multiple biometric types. It’s harder to spoof multiple biometrics than it is to spoof a single one. And even if you spoof two of them, what if the system checks for odor and you haven’t spoofed that one yet?

Topic Two: All the other factors

In the same way that I don’t care for people who select one biometric and ignore the others, I don’t care for some in the “passwords are dead” crowd who go further and say, “Passwords are dead. Use biometrics instead.”

Although I admire the rhyming nature of the phrase.

If you want a robust identity system, you need to use multiple factors in identity verification and authentication.

  • Something you know.
  • Something you have.
  • Something you are (i.e. biometrics).
  • Something you do.
  • Somewhere you are.

Again, use of multiple factors protects against spoofing. Maybe someone can create a gummy fingerprint, but can they also create a fake passport AND spoof the city in which you are physically located?

From https://www.youtube.com/shorts/mqfHAc227As

Don’t assume that biometrics answers all the ills of the world. You need other factors.

And if you master these factors, you are not only a biometric content marketing expert, but also an identity content marketing expert.

Topic Three: How biometrics are used

It’s not enough to understand the technical ins and outs of biometric capture, matching, and review. You need to know how biometrics are used.

  • One-to-one vs. one-to-many. Is the biometric that you acquire only compared to a single biometric samples, or to a database of hundreds, thousands, millions, or billions of other biometric samples?
  • Markets. When I started in biometrics, I only participated in two markets: law enforcement (catch bad people) and benefits (get benefit payments to the right people). There are many other markets. Just recently I have written about financial identity and educational identity. I’ve worked with about a dozen other markets personally, and there are many more.
  • Use cases. Related to markets, you need to understand the use cases that biometrics can address. Taking the benefits example, there’s a use case in which a person enrolls for benefits, and the government agency wants to make sure that the person isn’t already enrolled under another name. And there’s a use cases when benefits are paid to make sure that the authorized recipient receives their benefits, and no one else receives their benefits.
  • Legal and privacy issues. It is imperative that you understand the legal ramifications that affect your chosen biometric use case in your locality. For example, if your house has a doorbell camera that uses “familiar face detection” to identify the faces of people that come to your door, and the people that come to your door are residents of the state of Illinois, you have a BIG BIPA (Biometric Information Privacy Act) problem.

Any identity content marketing expert or biometric content marketing expert worth their salt will understand these and related issues.

Topic Four: Content marketing

This is another Captain Obvious point. If you want to present yourself as a biometric contet marketing expert or identity content marketing expert, you have to have a feel for content marketing.

Here’s how HubSpot defines content marketing:

The definition of content marketing is simple: It’s the process of publishing written and visual material online with the purpose of attracting more leads to your business. These can include blog posts, pages, ebooks, infographics, videos, and more.

From https://blog.hubspot.com/marketing/content-marketing

Here are all the types of content in which one content marketer claims proficiency (as of July 27, 2023, subject to change):

Articles • Battlecards (80+) • Blog Posts (400+) • Briefs/Data/Literature Sheets • Case Studies (12+) • Competitive Analyses • Email Newsletters (200+) • Event/Conference/Trade Show Demonstration Scripts • FAQs • Plans • Playbooks • Presentations • Proposal Templates • Proposals (100+) • Quality Improvement Documents • Requirements • Scientific Book Chapters • Smartphone Application Content • Social Media (Facebook, Instagram, LinkedIn, Threads, TikTok, Twitter) • Strategic Analyses • Web Page Content • White Papers and E-Books

From https://www.linkedin.com/in/jbredehoft/, last updated 7/27/2023.

Now frankly, that list is pretty weak. You’ll notice that it doesn’t include Snapchat.

But content marketers need to be comfortable with creating at least one type of content.

Topic Five: How L-1 Identity Solutions came to be

Yes, an identity content marketing expert needs to thoroughly understand how L-1 Identity Solutions came to be.

I’m only half joking.

Back in the late 1990s and early 2000s (I’ll ignore FpVTE results for a moment), the fingerprint world in which I worked recognized four major vendors: Cogent, NEC, Printrak (later part of Motorola), and Sagem Morpho.

And then there were all these teeny tiny vendors that offered biometric and non-biometric solutions, including the fierce competitors Identix and Digital Biometrics, the fierce competitors Viisage and Visionics, and a bunch of other companies like Iridian.

Wel, there WERE all these teeny tiny vendors.

Until Bob LaPenta bought them all up and combined them into a single company, L-1 Identity Solutions. (LaPenta was one of the “Ls” in L-3, so he chose the name L-1 when he started his own company.)

So around 2008 the Big Four (including a post-FpVTE Motorola) became the Big Five, since L-1 Identity Solutions was now at the table with the big boys.

But then several things happened:

  • Motorola started selling off parts of itself. One of those parts, its Biometric Business Unit, was purchased by Safran (the company formed after Sagem and Snecma merged). This affected me because I, a Motorola employee, became an employee of MorphoTrak, the subsidiary formed when Sagem Morpho de facto acquired “Printrak” (Motorola’s Biometric Business Unit). So now the Big Five were the Big Four.
  • Make that the Big Three, because Safran also bought L-1 Identity Solutions, which became MorphoTrust. MorphoTrak and MorphoTrust were separate entities, and in fact competed against each other, so maybe we should say that the Big Four still existed.
  • Oh, and by the way, the independent company Cogent was acquired by 3M (although NEC considered buying it).
  • A few years later, 3M sold bits of itself (including the Cogent bit) to Gemalto.
  • Then in 2017, Advent International (which owned Oberthur) acquired bits of Safran (the “Morpho” part) and merged them with Oberthur to form IDEMIA. As a consequence of this, MorphoTrust de facto acquired MorphoTrak, ending the competition but requiring me to have two separate computers to access the still-separate MorphoTrust and MorphoTrak computer networks. (In passing, I have heard from two sources, but have not confirmed myself, that the possible sale of IDEMIA is on hold.)
  • And Gemalto was acquired by Thales.

So as of 2023, the Big Three (as characterized by Maxine Most and FindBiometrics) are IDEMIA, NEC, and Thales.

Why do I mention all this? Because all these mergers and acquisitions have resulted in identity practitioners working for a dizzying number of firms.

As of August 2023, I myself have worked for five identity firms, but in reality four of the five are the same firm because the original Printrak International kept on getting acquired (Motorola, Safran, IDEMIA).

And that’s nothing. One of my former Printrak coworkers (R.M.) has also worked for Digital Biometrics (now part of IDEMIA), Cross Match Technologies (now part of ASSA ABLOY), Iridian (now part of IDEMIA), Datastrip, Creative Information Technology, AGNITiO, iTouch Biometrics, NDI Recognition Systems, iProov, and a few other firms here and there.

The point is that everybody knows everybody because everybody has worked with (and against) everybody. And with all the job shifts, it’s a regular Peyton Place.

By ABC Television – eBay itemphoto frontphoto back, Public Domain, https://commons.wikimedia.org/w/index.php?curid=17252688

Not sure which one is me, which one is R.M., and who the other people are.

Do you need an identity content marketing expert today?

Do you need someone who not only knows biometrics and content marketing, but also all the other factors, their uses, and even knows the tangled history of L-1?

Someone who offers:

  • No identity learning curve?
  • No content learning curve?
  • Proven results?

If I can help you create your identity content, contact me.

Educational Identity: Why and How Do Educational Institutions Verify Identities?

Chaffey High School, Ontario California.

Whether a student is attending a preschool, a graduate school, or something in between, the educational institution needs to know who is accessing their services. This post discusses the types of identity verification and authentication that educational institutions may employ.

Why do educational institutions need to verify and authenticate identities?

Whether little Johnny is taking his blanket to preschool, or Johnny’s mother is taking her research notes to the local university, educational institutions such as schools, colleges, and universities need to know who the attendees are. It doesn’t matter whether the institution has a physical campus, like Chaffey High School’s campus in the video above, or if the institution has a virtual campus in which people attend via their computers, tablets, or phones.

Access boils down to two questions:

  • Who is allowed within the educational institution?
  • Who is blocked from the educational institution?

Who is allowed within the educational institution?

Regardless of the type of institution, there are certain people who are allowed within the physical and/or virtual campus.

  • Students.
  • Instructors, including teachers, teaching assistants/aides, and professors.
  • Administrators.
  • Staff.
  • Parents of minor students (but see below).
  • Others.

All of these people are entitled to access to at least portions of the campus, with different people having access to different portions of the campus. (Students usually can’t enter the teacher’s lounge, and hardly anybody has full access to the computer system where grades are kept.)

Before anyone is granted campus privileges, they have to complete identity verification. This may be really rigorous, but in some cases it can’t be THAT rigorous (how many preschoolers have a government ID?). Often, it’s not rigorous at all (“Can you show me a water bill? Is this your kid? OK then.”).

Once an authorized individual’s identity is verified, they need to be authenticated when they try to enter the campus. This is a relatively new phenomenon, in response to security threats at schools. Again, this could be really rigorous. For example, when students at a University of Rhode Island dining hall want to purchase food from the cafeteria, many of then consent to have their fingerprints scanned.

From https://www.youtube.com/watch?v=JzMDF_LN_LU

Another rigorous example: people whose biometrics are captured when taking exams, to deter cheating.

But some authentiation is much less rigorous. In these cases, people merely show an ID (hopefully not a fake ID) to authenticate themselves, or a security guard says “I know Johnny.”

(Again, all this is new. Many years ago, I accompanied a former college classmate to a class at his new college, the College of Marin. If I had kept my mouth shut, the professor wouldn’t have known that an unauthenticated student was in his class.)

Who is blocked from the educational institution?

At the same time, there are people who are clearly NOT allowed within the physical and/or virtual campus. Some of these people can enter campus with special permission, while some are completely blocked.

  • Former students. Once a student graduates, their privileges are usually revoked, and they need special permission if they want to re-enter campus to visit teachers or friends. (Admittedly this isn’t rigorously enforced.)
  • Expelled students. Well, some former students have a harder time returning to campus. If you brought a gun on campus, it’s going to be much harder for you to re-enter.
  • Former instructors, administrators, and staff. Again, people who leave the employ of the institution may not be allowed back, and certain ones definitely won’t be allowed back.
  • Non-custodial parents of minor students. In some cases, a court order prohibits a natural parent from contact with their child. So the educational institutions are responsible for enforcing this court order and ensuring that the minor student leaves campus only with someone who is authorized to take the child.
  • Others.

So how do you keep these people off campus? There are two ways.

  • If they’re not on the allowlist, they can’t enter campus anyway. As part of the identity verification process for authorized individuals, there is a list of people who can enter the campus. By definition, the 8 billion-plus people who are not on that “allowlist” can’t get on campus without special permission.
  • Sometimes they can be put on a blocklist. Or maybe you want to KNOW that certain people can’t enter campus. The inverse of an allowlist, people who are granted access, is a blocklist, people who are prevented from getting access. (You may know “blocklist” by the older term “blacklist,” and “allowlist” by the older term “whitelist.” The Security Industry Association and the National Institute of Standards and Technology recommend updated terminology.)

There’s just one teeny tiny problem with blocklists. Sometimes they’re prohibited by law.

In some cases (but not in others), a person is required to give consent before they are enrolled in a biometric system. If you’re the ex-student who was expelled for brining a gun on campus, how motivated will you be to allow that educational institution to capture your biometrics to keep you off campus?

And yes, I realize that the expelled student’s biometrics were captured while they were a student, but once they were no longer a student, the institution would have on need to retain those biometrics. Unless they felt like it.

This situation becomes especially sticky for campuses that use video surveillance systems. Like Chaffey High School.

Sign: "To reduce property damage to our facilities, this campus has installed a video surveillance system."
Chaffey High School, Ontario, California.

Now the mere installation of a video surveillance system does not (usually) result in legally prohibited behavior. It just depends upon what is done with the video.

  • If the video is not integrated with a biometric facial recognition system, there may not be an issue.
  • If Chaffey High School has its own biometric facial recognition system, then a whole host of legal factors may come into play.
  • If Chaffey High School does not have a biometric facial recognition system, but it gives the video to a police agency or private entity that does have a biometric facial recognition system, then some legal factors may emerge.

Or may not. Some facial recognition bans allow police use, and if this is true then Chaffey can give the footage to the police to use for authorized purposes. But if the jurisdiction bans police use of facial recognition, then people on the video can only be recognized manually. And you know how I feel about that.

Writing About Educational Identity

As you can see, educational identity is not as clear-cut as financial identity, both because financial institutions are more highly regulated and because blocklists are more controversial in educational identity. Vladimir Putin may not be able to open a financial account at a U.S. bank, but I bet he’d be allowed to enroll in an online course at a U.S. community college.

So if you are an educational institution or an identity firm who serves educational institutions, people who write for you need to know all of these nuances.

You need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.

Speaking of motivating customers, are you with an identity firm or educational institution and need someone to write your marketing text?

  • Someone with 29 years of identity/biometric marketing experience?
  • Someone who understands that technological, organizational, and legal issues surrounding the use of identity solutions?
  • Someone who will explain why your customers should care about these issues, and the benefits a compliant solution provides to them?

If I can help you create your educational identity content, we need to talk.

Iris Recognition, Apple, and Worldcoin

(Part of the biometric product marketing expert series)

Iris recognition continues to make the news. Let’s review what iris recognition is and its benefits (and drawbacks), why Apple made the news last month, and why Worldcoin is making the news this month.

What is iris recognition?

There are a number of biometric modalities that can identify individuals by “who they are” (one of the five factors of authentication). A few examples include fingerprints, faces, voices, and DNA. All of these modalities purport to uniquely (or nearly uniquely) identify an individual.

One other way to identify individuals is via the irises in their eyes. I’m not a doctor, but presumably the Cleveland Clinic employs medical professionals who are qualified to define what the iris is.

The iris is the colored part of your eye. Muscles in your iris control your pupil — the small black opening that lets light into your eye.

From https://my.clevelandclinic.org/health/body/22502-iris
From Cleveland Clinic. (Link)

And here’s what else the Cleveland Clinic says about irises.

The color of your iris is like your fingerprint. It’s unique to you, and nobody else in the world has the exact same colored eye.

From https://my.clevelandclinic.org/health/body/22502-iris

John Daugman and irises

But why use irises rather than, say, fingerprints and faces? The best person to answer this is John Daugman. (At this point several of you are intoning, “John Daugman.” With reason. He’s the inventor of iris recognition.)

From https://www.cl.cam.ac.uk/~jgd1000/

Here’s an excerpt from John Daugman’s 2004 paper on iris recognition:

(I)ris patterns become interesting as an alternative approach to reliable visual recognition of persons when imaging can be done at distances of less than a meter, and especially when there is a need to search very large databases without incurring any false matches despite a huge number of possibilities. Although small (11 mm) and sometimes problematic to image, the iris has the great mathematical advantage that its pattern variability among different persons is enormous.

Daugman, John, “How Iris Recognition Works.” IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS FOR VIDEO TECHNOLOGY, VOL. 14, NO. 1, JANUARY 2004. Quoted from page 21. (PDF)

Or in non-scientific speak, one benefit of iris recognition is that you know it is accurate, even when submitting a pair of irises in a one-to-many search against a huge database. How huge? We’ll discuss later.

Brandon Mayfield and fingerprints

Remember that Daugman’s paper was released roughly two months before Brandon Mayfield was misidentified in a fingerprint comparison. (Everyone now intone “Brandon Mayfield.”)

From https://mayfieldlaw.weebly.com/about.html

If you want to know the details of that episode, the Department of Justice Office of the Inspector General issued a 330 page report (PDF) on it. If you don’t have time to read 330 pages, here’s Al Jazeera’s shorter version of Brandon Mayfield’s story.

While some of the issues associated with Mayfield’s misidentification had nothing to do with forensic science (Al Jazeera spends some time discussing bias, and Itiel Dror also looked at bias post-Mayfield), this still shows that fingerprints are remarkably similar and that it takes care to properly identify people.

Police agencies, witnesses, and faces

And of course there are recent examples of facial misidentifications (both by police agencies and witnesses), again not necessarily forensic science related, and again showing the similarity of faces from two different people.

Iris “data richness” and independent testing

Why are irises more accurate than fingerprints and faces? Here’s what one vendor, Iris ID, claims about irises vs. other modalities:

At the root of iris recognition’s accuracy is the data-richness of the iris itself. The IrisAccess system captures over 240 degrees of freedom or unique characteristics in formulating its algorithmic template. Fingerprints, facial recognition and hand geometry have far less detailed input in template construction.

Iris ID, “How It Compares.” (Link)

Enough about claims. What about real results? The IREX 10 test, independently administered by the U.S. National Institute of Standards and Technology, measures the identification (one-to-many) accuracy of submitted algorithms. At the time I am writing this, the ten most accurate algorithms provide false negative identification rates (FNIR) between 0.0022 ± 0.0004 and 0.0037 ± 0.0005 when two eyes are used. (Single eye accuracy is lower.) By the time you see this, the top ten algorithms may have changed, because the vendors are always improving.

IREX10 two-eye accuracy, top ten algorithms as of July 28, 2023. (Link)

While the IREX10 one-to-many tests are conducted against databases of less than a million records, it is estimated that iris one-to-many accuracy remains high even with databases of a billion people—something we will return to later in this post.

Iris drawbacks

OK, so if irises are so accurate, why aren’t we dumping our fingerprint readers and face readers and just using irises?

In short, because of the high friction in capturing irises. You can use high-resolution cameras to capture fingerprints and faces from far away, but as of now iris capture usually requires you to get very close to the capture device.

Iris image capture circa 2020 from the U.S. Federal Bureau of Investigation. (Link)

Which I guess is better than the old days when you had to put your eye right up against the capture device, but it’s still not as friendly (or intrusive) as face capture, which can be achieved as you’re walking down a passageway in an airport or sports stadium.

Irises and Apple Vision Pro

So how are irises being used today? You may or may not have hard last month’s hoopla about the Apple Vision Pro, which uses irises for one-to-one authetication.

From Apple, https://www.apple.com/apple-vision-pro/

I’m not going to spend a ton of time delving into this, because I just discussed Apple Vision Pro in June. In fact, I’m just going to quote from what I already said.

And when all of us heard about Vision Pro, one of the things that Apple shared about it was its verification technique. Not Touch ID or Face ID, but Optic ID. (I like naming consistency.)

From https://bredemarket.com/2023/06/12/vision-pro-not-revolutionary-biometrics-event/
From Apple, https://www.apple.com/105/media/us/apple-vision-pro/2023/7e268c13-eb22-493d-a860-f0637bacb569/anim/drawer-privacy-optic-id/large.mp4

In short, as you wear the headset (which by definition is right on your head, not far away), the headset captures your iris images and uses them to authenticate you.

It’s a one-to-one comparison, not the one-to-many comparison that I discussed earlier in this post, but it is used to uniquely identify an individual.

But iris recognition doesn’t have to be used for identification.

Irises and Worldcoin

“But wait a minute, John,” you’re saying. “If you’re not using irises to determine if a person is who they say they are, then why would anyone use irises?”

Enter Worldcoin, which I mentioned in passing in my early July age estimation post.

Over the past several years, I’ve analyzed a variety of identity firms. Earlier this year I took a look at Worldcoin….Worldcoin’s World ID emphasizes privacy so much that it does not conclusively prove a person’s identity (it only proves a person’s uniqueness)…

From https://bredemarket.com/2023/07/03/age-estimation/

That’s the only thing that I’ve said about Worldcoin, at least publicly. (I looked at Worldcoin privately earlier in 2023, but that report is not publicly accessible and even I don’t have it any more.)

Worldcoin’s July 24 announcement

I guess it’s time for me to revisit Worldcoin, since the company made a super-big splashy announcement on Monday, July 24.

From https://worldcoin.org/blog/announcements/worldcoin-project-launches

The Worldcoin Foundation today announced that Worldcoin, a project co-founded by Sam Altman, Alex Blania and Max Novendstern, is now live and in a production-grade state. 

The launch includes the release of the World ID SDK and plans to scale Orb operations to 35+ cities across 20+ countries around the world. In tandem, the Foundation’s subsidiary, World Assets Ltd., minted and released the Worldcoin token (WLD) to the millions of eligible people who participated in the beta; WLD is now transactable on the blockchain….

“In the age of AI, the need for proof of personhood is no longer a topic of serious debate; instead, the critical question is whether or not the proof of personhood solutions we have can be  privacy-first, decentralized and maximally inclusive,” said Worldcoin co-founder and Tools for Humanity CEO Alex Blania. “Through its unique technology, Worldcoin aims to provide anyone in the world, regardless of background, geography or income, access to the growing digital and global economy in a privacy preserving and decentralized way.”

From https://worldcoin.org/blog/announcements/worldcoin-project-launches

Worldcoin does NOT positively identify people…but it can still pay you

A very important note: Worldcoin’s purpose is not to determine identity (that a person is who they say they are). Worldcoin’s purpose is to determine uniqueness: namely, that a person (whoever they are) is unique among all the billions of people in the world. Once uniqueness is determined, the person can get money money money with an assurance that the same person won’t get money twice.

Recent WLD trading price, from https://coinmarketcap.com/currencies/worldcoin-org/

OK, so how are you going to determine the uniqueness of a person among all of the billions of people in the world?

Using the Orb to capture irises

As far as Worldcoin is concerned, irises are the best way to determine uniqueness, echoing what others have said.

Iris biometrics outperform other biometric modalities and already achieved false match rates beyond 1.2× ⁣10−141.2×10−14 (one false match in one trillion[9]) two decades ago[10]—even without recent advancements in AI. This is several orders of magnitude more accurate than the current state of the art in face recognition.

From https://worldcoin.org/blog/engineering/humanness-in-the-age-of-ai

So how is Worldcoin going to capture millions, and eventually billions, of iris pairs?

By using the Orb. (You may intone “the Orb” now.)

From https://worldcoin.org/blog/worldcoin/orb-faqs

To complete your Worldcoin registration, you need to find an Orb that will capture your irises and verify your uniqueness.

Now you probably won’t find an Orb at your nearby 7 Eleven; as I write this, there are only a little over 100 listed locations in the entire world where Orbs are deployed. I happen to live within 50 miles of Santa Monica, where an Orb was recently deployed (by appointment only, unavailable on weekends, and you know how I feel about driving on Southern California freeways on a weekday).

But now that you can get crypto for enrolling at an Orb, people are getting more excited about the process, and there will be wider adoption.

Whether this will make a difference in the world or just be a fad remains to be seen.

I Changed My Mind on Age Estimation

(Part of the biometric product marketing expert series)

I’ll admit that I previously thought that age estimation was worthless, but I’ve since changed my mind about the necessity for it. Which is a good thing, because the U.S. National Institute of Standards and Technology (NIST) is about to add age estimation to its Face Recognition Vendor Test suite.

What is age estimation?

Before continuing, I should note that age estimation is not a way to identify people, but a way to classify people. For once, I’m stepping out of my preferred identity environment and looking at a classification question. Not “gender shades,” but “get off my lawn” (or my tricycle).

Designed by Freepik.

Age estimation uses facial features to estimate how old a person is, in the absence of any other information such as a birth certificate. In a Yoti white paper that I’ll discuss in a minute, the Western world has two primary use cases for age estimation:

  1. First, to estimate whether a person is over or under the age of 18 years. In many Western countries, the age of 18 is a significant age that grants many privileges. In my own state of California, you have to be 18 years old to vote, join the military without parental consent, marry (and legally have sex), get a tattoo, play the lottery, enter into binding contracts, sue or be sued, or take on a number of other responsibilities. Therefore, there is a pressing interest to know whether the person at the U.S. Army Recruiting Center, a tattoo parlor, or the lottery window is entitled to use the service.
  2. Second, to estimate whether a person is over or under the age of 13 years. Although age 13 is not as great a milestone as age 18, this is usually the age at which social media companies allow people to open accounts. Thus the social media companies and other companies that cater to teens have a pressing interest to know the teen’s age.

Why was I against age estimation?

Because I felt it was better to know an age, rather than estimate it.

My opinion was obviously influenced by my professional background. When IDEMIA was formed in 2017, I became part of a company that produced government-issued driver’s licenses for the majority of states in the United States. (OK, MorphoTrak was previously contracted to produce driver’s licenses for North Carolina, but…that didn’t last.)

With a driver’s license, you know the age of the person and don’t have to estimate anything.

And estimation is not an exact science. Here’s what Yoti’s March 2023 white paper says about age estimation accuracy:

Our True Positive Rate (TPR) for 13-17 year olds being correctly estimated as under 25 is 99.93% and there is no discernible bias across gender or skin tone. The TPRs for female and male 13-17 year olds are 99.90% and 99.94% respectively. The TPRs for skin tone 1, 2 and 3 are 99.93%, 99.89% and 99.92% respectively. This gives regulators globally a very high level of confidence that children will not be able to access adult content.

Our TPR for 6-11 year olds being correctly estimated as under 13 is 98.35%. The TPRs for female and male 6-11 year olds are 98.00% and 98.71% respectively. The TPRs for skin tone 1, 2 and 3 are 97.88%, 99.24% and 98.18% respectively so there is no material bias in this age group either.

Yoti’s facial age estimation is performed by a ‘neural network’, trained to be able to estimate human age by analysing a person’s face. Our technology is accurate for 6 to 12 year olds, with a mean absolute error (MAE) of 1.3 years, and of 1.4 years for 13 to 17 year olds. These are the two age ranges regulators focus upon to ensure that under 13s and 18s do not have access to age restricted goods and services.

From https://www.yoti.com/wp-content/uploads/Yoti-Age-Estimation-White-Paper-March-2023.pdf

While this is admirable, is it precise enough to comply with government regulations? Mean absolute errors of over a year don’t mean a hill of beans. By the letter of the law, if you are 17 years and 364 days old and you try to vote, you are breaking the law.

Why did I change my mind?

Over the last couple of months I’ve thought about this a bit more and have experienced a Jim Bakker “I was wrong” moment.

I was wrong for two reasons.

Kids don’t have government IDs

Designed by Freepik.

I asked myself some questions.

  • How many 13 year olds do you know that have driver’s licenses? Probably none.
  • How many 13 year olds do you know that have government-issued REAL IDs? Probably very few.
  • How many 13 year olds do you know that have passports? Maybe a few more (especially after 9/11), but not that many.

Even at age 18, there is no guarantee that a person will have a government-issued REAL ID.

So how are 18 year olds, or 13 year olds, supposed to prove that they are old enough for services? Carry their birth certificate around?

You’ll note that Yoti didn’t target a use case for 21 year olds. This is partially because Yoti is a UK firm and therefore may not focus on the strict U.S. laws regarding alcohol, tobacco, and casino gambling. But it’s also because it’s much, much more likely that a 21 year old will have a government-issued ID, eliminating the need for age estimation.

Sometimes.

In some parts of the world, no one has government IDs

Over the past several years, I’ve analyzed a variety of identity firms. Earlier this year I took a look at Worldcoin. While Worldcoin’s World ID emphasizes privacy so much that it does not conclusively prove a person’s identity (it only proves a person’s uniqueness), and makes no attempt to provide the age of the person with the World ID, Worldcoin does have something to say about government issued IDs.

Online services often request proof of ID (usually a passport or driver’s license) to comply with Know your Customer (KYC) regulations. In theory, this could be used to deduplicate individuals globally, but it fails in practice for several reasons.

KYC services are simply not inclusive on a global scale; more than 50% of the global population does not have an ID that can be verified digitally.

From https://worldcoin.org/blog/engineering/humanness-in-the-age-of-ai

But wait. There’s more:

IDs are issued by states and national governments, with no global system for verification or accountability. Many verification services (i.e. KYC providers) rely on data from credit bureaus that is accumulated over time, hence stale, without the means to verify its authenticity with the issuing authority (i.e. governments), as there are often no APIs available. Fake IDs, as well as real data to create them, are easily available on the black market. Additionally, due to their centralized nature, corruption at the level of the issuing and verification organizations cannot be eliminated.

Same source as above.

Now this (in my opinion) doesn’t make the case for Worldcoin, but it certainly casts some doubt on a universal way to document ages.

So we’d better start measuring the accuracy of age estimation.

If only there were an independent organization that could measure age estimation, in the same way that NIST measures the accuracy of fingerprint, face, and iris identification.

You know where this is going.

How will NIST test age estimation?

Yes, NIST is in the process of incorporating an age estimation test in its battery of Face Recognition Vendor Tests.

NIST’S FRVT Age Estimation page explains why.

Facial age verification has recently been mandated in legislation in a number of jurisdictions. These laws are typically intended to protect minors from various harms by verifying that the individual is above a certain age. Less commonly some applications extend benefits to groups below a certain age. Further use-cases seek only to determine actual age. The mechanism for estimating age is usually not specified in legislation. Face analysis using software is one approach, and is attractive when a photograph is available or can be captured.

In 2014, NIST published a NISTIR 7995 on Performance of Automated Age Estimation. The report showed using a database with 6 million images, the most accurate age estimation algorithm have accurately estimated 67% of the age of a person in the images within five years of their actual age, with a mean absolute error (MAE) of 4.3 years. Since then, more research has dedicated to further improve the accuracy in facial age verification.

From https://pages.nist.gov/frvt/html/frvt_age_estimation.html

Note that this was in 2014. As we have seen above, Yoti asserts a dramatically lower error rate in 2023.

NIST is just ramping up the testing right now, but once it moves forward, it will be possible to compare age estimation accuracy of various algorithms, presumably in multiple scenarios.

Well, for those algorithm providers who choose to participate.

Does your firm need to promote its age estimation solution?

Does your company have an age estimation solution that is superior to all others?

Do you need an experienced identity professional to help you spread the word about your solution?

Why not consider Bredemarket? If your identity business needs a written content creator, look no further.

We Survived Gummy Fingers. We’re Surviving Facial Recognition Inaccuracy. We’ll Survive Voice Spoofing.

(Part of the biometric product marketing expert series)

Some of you are probably going to get into an automobile today.

Are you insane?

The National Highway Traffic Safety Administration has released its latest projections for traffic fatalities in 2022, estimating that 42,795 people died in motor vehicle traffic crashes.

From https://www.nhtsa.gov/press-releases/traffic-crash-death-estimates-2022

When you have tens of thousands of people dying, then the only conscionable response is to ban automobiles altogether. Any other action or inaction is completely irresponsible.

After all, you can ask the experts who want us to ban biometrics because it can be spoofed and is racist, so therefore we shouldn’t use biometrics at all.

I disagree with the calls to ban biometrics, and I’ll go through three “biometrics are bad” examples and say why banning biometrics is NOT justified.

  • Even some identity professionals may not know about the old “gummy fingers” story from 20+ years ago.
  • And yes, I know that I’ve talked about Gender Shades ad nauseum, but it bears repeating again.
  • And voice deepfakes are always a good topic to discuss in our AI-obsessed world.

Example 1: Gummy fingers

My recent post “Why Apple Vision Pro Is a Technological Biometric Advance, but Not a Revolutionary Biometric Event” included the following sentence:

But the iris security was breached by a “dummy eye” just a month later, in the same way that gummy fingers and face masks have defeated other biometric technologies.

From https://bredemarket.com/2023/06/12/vision-pro-not-revolutionary-biometrics-event/

A biometrics industry colleague noticed the rhyming words “dummy” and “gummy” and wondered if the latter was a typo. It turns out it wasn’t.

To my knowledge, these gummy fingers do NOT have ridges. From https://www.candynation.com/gummy-fingers

Back in 2002, researcher Tsutomu Matsumoto used “gummy bears” gelatin to create a fake finger that fooled a fingerprint reader.

Back in 2002, this news WAS really “scary,” since it suggested that you could access a fingerprint reader-protected site with something that wasn’t a finger. Gelatin. A piece of metal. A photograph.

Except that the fingerprint reader world didn’t stand still after 2002, and the industry developed ways to detect spoofed fingers. Here’s a recent example of presentation attack detection (liveness detection) from TECH5:

TECH5 participated in the 2023 LivDet Non-contact Fingerprint competition to evaluate its latest NN-based fingerprint liveness detection algorithm and has achieved first and second ranks in the “Systems” category for both single- and four-fingerprint liveness detection algorithms respectively. Both submissions achieved the lowest error rates on bonafide (live) fingerprints. TECH5 achieved 100% accuracy in detecting complex spoof types such as Ecoflex, Playdoh, wood glue, and latex with its groundbreaking Neural Network model that is only 1.5MB in size, setting a new industry benchmark for both accuracy and efficiency.

From https://tech5.ai/tech5s-mobile-fingerprint-liveness-detection-technology-ranked-the-most-accurate-in-the-market/

TECH5 excelled in detecting fake fingers for “non-contact” reading where the fingers don’t even touch a surface such as an optical surface. That’s appreciably harder than detecting fake fingers that touch contact devices.

I should note that LivDet is an independent assessment. As I’ve said before, independent technology assessments provide some guidance on the accuracy and performance of technologies.

So gummy fingers and future threats can be addressed as they arrive.

But at least gummy fingers aren’t racist.

Example 2: Gender shades

In 2017-2018, the Algorithmic Justice League set out to answer this question:

How well do IBM, Microsoft, and Face++ AI services guess the gender of a face?

From http://gendershades.org/. Yes, that’s “http,” not “https.” But I digress.

Let’s stop right there for a moment and address two items before we continue. Trust me; it’s important.

  1. This study evaluated only three algorithms: one from IBM, one from Microsoft, and one from Face++. It did not evaluate the hundreds of other facial recognition algorithms that existed in 2018 when the study was released.
  2. The study focused on gender classification and race classification. Back in those primitive innocent days of 2018, the world assumed that you could look at a person and tell whether the person was male or female, or tell the race of a person. (The phrase “self-identity” had not yet become popular, despite the Rachel Dolezal episode which happened before the Gender Shades study). Most importantly, the study did not address identification of individuals at all.

However, the findings did find something:

While the companies appear to have relatively high accuracy overall, there are notable differences in the error rates between different groups. Let’s explore.

All companies perform better on males than females with an 8.1% – 20.6% difference in error rates.

All companies perform better on lighter subjects as a whole than on darker subjects as a whole with an 11.8% – 19.2% difference in error rates.

When we analyze the results by intersectional subgroups – darker males, darker females, lighter males, lighter females – we see that all companies perform worst on darker females.

From http://gendershades.org/overview.html

What does this mean? It means that if you are using one of these three algorithms solely for the purpose of determining a person’s gender and race, some results are more accurate than others.

Three algorithms do not predict hundreds of algorithms, and classification is not identification. If you’re interested in more information on the differences between classification and identification, see Bredemarket’s November 2021 submission to the Department of Homeland Security. (Excerpt here.)

And all the stories about people such as Robert Williams being wrongfully arrested based upon faulty facial recognition results have nothing to do with Gender Shades. I’ll address this briefly (for once):

  • In the United States, facial recognition identification results should only be used by the police as an investigative lead, and no one should be arrested solely on the basis of facial recognition. (The city of Detroit stated that Williams’ arrest resulted from “sloppy” detective work.)
  • If you are using facial recognition for criminal investigations, your people had better have forensic face training. (Then they would know, as Detroit investigators apparently didn’t know, that the quality of surveillance footage is important.)
  • If you’re going to ban computerized facial recognition (even when only used as an investigative lead, and even when only used by properly trained individuals), consider the alternative of human witness identification. Or witness misidentification. Roeling Adams, Reggie Cole, Jason Kindle, Adam Riojas, Timothy Atkins, Uriah Courtney, Jason Rivera, Vondell Lewis, Guy Miles, Luis Vargas, and Rafael Madrigal can tell you how inaccurate (and racist) human facial recognition can be. See my LinkedIn article “Don’t ban facial recognition.”

Obviously, facial recognition has been the subject of independent assessments, including continuous bias testing by the National Institute of Standards and Technology as part of its Face Recognition Vendor Test (FRVT), specifically within the 1:1 verification testing. And NIST has measured the identification bias of hundreds of algorithms, not just three.

In fact, people that were calling for facial recognition to be banned just a few years ago are now questioning the wisdom of those decisions.

But those days were quaint. Men were men, women were women, and artificial intelligence was science fiction.

The latter has certainly changed.

Example 3: Voice spoofs

Perhaps it’s an exaggeration to say that recent artificial intelligence advances will change the world. Perhaps it isn’t. Personally I’ve been concentrating on whether AI writing can adopt the correct tone of voice, but what if we take the words “tone of voice” literally? Let’s listen to President Richard Nixon:

From https://www.youtube.com/watch?v=2rkQn-43ixs

Richard Nixon never spoke those words in public, although it’s possible that he may have rehearsed William Safire’s speech, composed in case Apollo 11 had not resulted in one giant leap for mankind. As noted in the video, Nixon’s voice and appearance were spoofed using artificial intelligence to create a “deepfake.”

It’s one thing to alter the historical record. It’s another thing altogether when a fraudster spoofs YOUR voice and takes money out of YOUR bank account. By definition, you will take that personally.

In early 2020, a branch manager of a Japanese company in Hong Kong received a call from a man whose voice he recognized—the director of his parent business. The director had good news: the company was about to make an acquisition, so he needed to authorize some transfers to the tune of $35 million. A lawyer named Martin Zelner had been hired to coordinate the procedures and the branch manager could see in his inbox emails from the director and Zelner, confirming what money needed to move where. The manager, believing everything appeared legitimate, began making the transfers.

What he didn’t know was that he’d been duped as part of an elaborate swindle, one in which fraudsters had used “deep voice” technology to clone the director’s speech…

From https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=8e8417775591

Now I’ll grant that this is an example of human voice verification, which can be as inaccurate as the previously referenced human witness misidentification. But are computerized systems any better, and can they detect spoofed voices?

Well, in the same way that fingerprint readers worked to overcome gummy bears, voice readers are working to overcome deepfake voices. Here’s what one company, ID R&D, is doing to combat voice spoofing:

IDVoice Verified combines ID R&D’s core voice verification biometric engine, IDVoice, with our passive voice liveness detection, IDLive Voice, to create a high-performance solution for strong authentication, fraud prevention, and anti-spoofing verification.

Anti-spoofing verification technology is a critical component in voice biometric authentication for fraud prevention services. Before determining a match, IDVoice Verified ensures that the voice presented is not a recording.

From https://www.idrnd.ai/idvoice-verified-voice-biometrics-and-anti-spoofing/

This is only the beginning of the war against voice spoofing. Other companies will pioneer new advances that will tell the real voices from the fake ones.

As for independent testing:

A final thought

Yes, fraudsters can use advanced tools to do bad things.

But the people who battle fraudsters can also use advanced tools to defeat the fraudsters.

Take care of yourself, and each other.

Jerry Springer. By Justin Hoch, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=16673259

Fill Your Company Gap With A Biometric Content Marketing Expert

Companies often have a lot of things they want to do, but don’t have the people to do them. It takes a long time to hire someone, and it even takes time to find a consultant that knows your industry and can do the work.

This affects identity/biometric companies just like it affects other companies. When an identity/biometric company needs a specific type of expertise and needs it NOW, it’s often hard to find the person they need.

If your company needs a biometric content marketing expert (or an identity content marketing expert) NOW, you’ve come to the right place—Bredemarket. Bredemarket has no identity learning curve, no content learning curve, and offers proven results.

Identity/biometric consulting in the 1990s

I remember when I first started working as an identity/biometric consultant, long before Bredemarket was a thing.

By Federal Bureau of Investigation – https://washingtonian.com/2016/11/24/the-fbi-opened-its-crime-lab-here-in-dc-back-in-1932, Public Domain, https://commons.wikimedia.org/w/index.php?curid=128508441

OK, not quite THAT long ago. I started working in biometrics in the 1990s—NOT the 1940s.

In 1994, the proposals department at Printrak International needed additional writers due to the manager’s maternity leave, and she was so valuable that Printrak needed to bring in TWO consultants to take her place.

At least initially, the other consultant and I couldn’t fill the manager’s shoes.

Designed by Freepik.
  • Both of us could write.
  • Both of us could spell “AFIS.”
  • Both of us could spell “RAID.” Not the bug spray, but the storage mechanism that stored all those “huge” fingerprint images.
  • But on that first night that I was cranking out proposal letters for something called a “Latent Station 2000,” I didn’t really know WHAT I was writing about.

As time went on, the other consultant and I learned much more—so much that the company brought both of us on as full-time employees.

After we were hired full-time, we spent a combined 45+ years at Printrak and its corporate successors in proposals, marketing, and product management positions, contributing to industry knowledge.

Which shows that learning how to spell “AFIS” can have long-term benefits.

Printrak’s problem

When Printrak needed biometric proposal writing experts quickly, it found two people who filled the bill. Sort of.

But neither of us knew biometrics before we started consuting at Printrak.

And I had never written a proposal before I started consulting at Printrak. (I had written an RFP. Sort of.)

But frankly, there weren’t a lot of identity/biometric consultants out in the field in the 1990s. There were the 20th century equivalents of Applied Forensic Services LLC, but at the time I don’t think there were any 20th century equivalents of Tandem Technical Writing LLC.

Peter Higgins. From https://www.search.org/biometrics-expert-peter-higgins-to-receive-searchs-highest-practitioner-honor/

The 21st century solution

Unlike the 1990s, identity/biometric firms that need consulting help have many options. In addition to Applied Forensic Services and Tandem Technical Writing you have…me.

Mike and Laurel can tell you what they can do, and I heartily endorse both of them.

Let me share with you why I call myself a biometric content marketing expert who can help your identity/biometric company get marketing content out now:

  • No identity learning curve
  • No content learning curve
  • Proven results

No identity learning curve

I have worked with finger, face, iris, DNA, and other biometrics, as well as government-issued identity documents and geolocation. If you are interested, you can read my Bredemarket blog posts that mention the following topics:

No content learning curve

Because I’ve produced both external and internal content on identity/biometric topics, I offer the experience to produce your content in a number of formats.

  • External content: account-based marketing content, articles, blog posts (I am the identity/biometric blog expert), case studies, data sheets, partner comarketing content, presentations, proposals, sales literature sheets, scientific book chapters, smartphone application content (events), social media posts, web page content, and white papers.
  • Internal content: battlecards, competitive analyses, demonstration scripts (events), email internal newsletters, FAQs, multi-year plans, playbooks, project plans, proposal templates, quality improvement documents, requirements documents, strategic analyses, and website/social media analyses.

Proven results

Read about them here.

Download

So how can you take advantage of my identity/biometric expertise?

If you need day-one help for an identity/biometric content marketing or proposal writing project, consider Bredemarket.

Why Apple Vision Pro Is a Technological Biometric Advance, but Not a Revolutionary Biometric Event

(Part of the biometric product marketing expert series)

(UPDATE JUNE 24: CORRECTED THE YEAR THAT COVID BEGAN.)

I haven’t said anything publicly about Apple Vision Pro, so it’s time for me to be “how do you do fellow kids” trendy and jump on the bandwagon.

Actually…

It ISN’T time for me to jump on the Apple Vision Pro bandwagon, because while Apple Vision Pro affects the biometric industry, it’s not a REVOLUTIONARY biometric event.

The four revolutionary biometric events in the 21st century

How do I define a “revolutionary biometric event”?

By Alberto Korda – Museo Che Guevara, Havana Cuba, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6816940

I define it as something that completely transforms the biometric industry.

When I mention three of the four revolutionary biometric events in the 21st century, you will understand what I mean.

  • 9/11. After 9/11, orders of biometric devices skyrocketed, and biometrics were incorporated into identity documents such as passports and driver’s licenses. Who knows, maybe someday we’ll actually implement REAL ID in the United States. The latest extension of the REAL ID enforcement date moved it out to May 7, 2025. (Subject to change, of course.)
  • The Boston Marathon bombings, April 2013. After the bombings, the FBI was challenged in managing and analyzing countless hours of video evidence. Companies such as IDEMIA National Security Solutions, MorphoTrak, Motorola, Paravision, Rank One Computing, and many others have tirelessly worked to address this challenge, while ensuring that facial recognition results accurately identify perpetrators while protecting the privacy of others in the video feeds.
  • COVID-19, spring 2020 and beyond. COVID accelerated changes that were already taking place in the biometric industry. COVID prioritized mobile, remote, and contactless interactions and forced businesses to address issues that were not as critical previously, such as liveness detection.

These three are cataclysmic world events that had a profound impact on biometrics. The fourth one, which occurred after the Boston Marathon bombings but before COVID, was…an introduction of a product feature.

From Apple, https://support.apple.com/en-us/HT201371
  • Touch ID, September 2013. When Apple introduced the iPhone 5s, it also introduced a new way to log in to the device. Rather than entering a passcode, iPhone 5S users could just use their finger to log in. The technical accomplishment was dwarfed by the legitimacy that this brought to using fingerprints for identification. Before 2013, attempts to implement fingerprint verification for benefits recipients were resisted because fingerprinting was something that criminals did. After September 2013, fingerprinting was something that the cool Apple kids did. The biometric industry changed overnight.

Of course, Apple followed Touch ID with Face ID, with adherents of the competing biometric modalities sparring over which was better. But Face ID wouldn’t have been accepted as widely if Touch ID hadn’t paved the way.

So why hasn’t iris verification taken off?

Iris verification has been around for decades (I remember Iridian before L-1; it’s now part of IDEMIA), but iris verification is nowhere near as popular in the general population as finger and face verification. There are two reasons for this:

  • Compared to other biometrics, irises are hard to capture. To capture a fingerprint, you can lay your finger on a capture device, or “slap” your four fingers on a capture device, or even “wave” your fingers across a capture device. Faces are even easier to capture; while older face capture systems required you to stand close to the camera, modern face devices can capture your face as you are walking by the camera, or even if you are some distance from the camera.
  • Compared to other biometrics, irises are expensive to capture. Many years ago, my then-employer developed a technological marvel, an iris capture device that could accurately capture irises for people of any height. Unfortunately, the technological marvel cost thousands upon thousands of dollars, and no customers were going to use it when they could acquire fingerprint and face capture devices that were much less costly.

So while people rushed to implement finger and face capture on phones and other devices, iris capture was reserved for narrow verticals that required iris accuracy.

With one exception. Samsung incorporated Princeton Identity technology into its Samsung Galaxy S8 in 2017. But the iris security was breached by a “dummy eye” just a month later, in the same way that gummy fingers and face masks have defeated other biometric technologies. (This is why liveness detection is so important.) While Samsung continues to sell iris verification today, it hadn’t been adopted by Apple and therefore wasn’t cool.

Until now.

About the Apple Vision Pro and Optic ID

From Apple, https://www.apple.com/apple-vision-pro/

The Apple Vision Pro is not the first headset that was ever created, but the iPhone wasn’t the first smartphone either. And coming late to the game doesn’t matter. Apple’s visibility among trendsetters ensures that when Apple releases something, people take notice.

And when all of us heard about Vision Pro, one of the things that Apple shared about it was its verification technique. Not Touch ID or Face ID, but Optic ID. (I like naming consistency.)

From Apple, https://www.apple.com/105/media/us/apple-vision-pro/2023/7e268c13-eb22-493d-a860-f0637bacb569/anim/drawer-privacy-optic-id/large.mp4

According to Apple, Optic ID works by analyzing a user’s iris through LED light exposure and then comparing it with an enrolled Optic ID stored on the device’s Secure Enclave….Optic ID will be used for everything from unlocking Vision Pro to using Apple Pay in your own headspace.

From The Verge, https://www.theverge.com/2023/6/5/23750147/apple-optic-id-vision-pro-iris-biometrics

So why did Apple incorporate Optic ID on this device and not the others?

There are multiple reasons, but one key reason is that the Vision Pro retails for US$3,499, which makes it easier for Apple to justify the cost of the iris components.

But the high price of the Vision Pro comes at…a price

However, that high price is also the reason why the Vision Pro is not going to revolutionize the biometric industry. CNET admitted that the Vision Pro is a niche item:

At $3,499, Apple’s Vision Pro costs more than three weeks worth of pay for the average American, according to Bureau of Labor Statistics data. It’s also significantly more expensive than rival devices like the upcoming $500 Meta Quest 3, $550 Sony PlayStation VR 2 and even the $1,000 Meta Quest Pro

From CNET, https://www.cnet.com/tech/computing/why-apple-vision-pros-3500-price-makes-more-sense-than-you-think/

Now CNET did go on to say the following:

With Vision Pro, Apple is trying to establish what it believes will be the next major evolution of the personal computer. That’s a bigger goal than selling millions of units on launch day, and a shift like that doesn’t happen overnight, no matter what the price is. The version of Vision Pro that Apple launches next year likely isn’t the one that most people will buy.

From CNET, https://www.cnet.com/tech/computing/why-apple-vision-pros-3500-price-makes-more-sense-than-you-think/

Certainly Vision Pro and Optic ID have the potential to revolutionize the computing industry…in the long term. And as that happens, the use of iris biometrics will become more popular with the general public…in the long term.

But not today. You’ll have to wait a little longer for the next biometric revolution. And hopefully it won’t be a catastrophic event like three of the previous revolutions.

How Can Your Identity Business Create the RIGHT Written Content?

Does your identity business provide biometric or non-biometric products and services that use finger, face, iris, DNA, voice, government documents, geolocation, or other factors or modalities?

Does your identity business need written content, such as blog posts (from the identity/biometric blog expert), case studies, data sheets, proposal text, social media posts, or white papers?

How can your identity business (with the help of an identity content marketing expert) create the right written content?

For the answer, click here.

Updates, updates, updates…

When keeping your websites updated, I advise you to do as I say, not as I do. Two of my websites were significantly out of date and needed hurried corrections.

Designed by Freepik.

I realized this morning that the “My Experience” page on my jebredcal website was roughly a year out of date, so I hurriedly added content to it. Now the page will turn up in searches for the acronym “ABM” (OK, maybe not on the first page of the search results).

Then I had to return to this website to make some hurried updates, since my April 2022 prohibition on taking certain types of work is no longer in effect as of June 2023. Hence, my home page, my “What I Do” page, and (obviously) my identity page are all corrected.

Oh yeah, I updated my Calendly availability hours also. Which is good, because I already have two meetings booked this week.

Which reminds me…if you need Bredemarket’s services: