Tag Archives: fingerprint

TMA (Too Many Acronyms): DPI vs. DPI

I recently wrote a post that concluded as follows:

By the way, when talking about digital images, Adobe notes that the correct term is pixels per inch, not dots per inch. DPI specifically refers to printer resolution, which is appropriate when you’re printing a fingerprint card but not when you’re displaying an image on a screen.

It’s a safe bet that older readers of Biometric Update—those who used printers to print out fingerprint cards based upon captured digital images—are familiar with the DPI (dots per inch) acronym.

So perhaps those readers, like me, were confused by the title of a recent Biometric Update article, “DPI is the new ‘global tech bet’ and these are the five core motivations for adoption, researchers say.”

What happened to the paperless office? All the police agencies got rid of their file cabinets of cards, and now they’re supposed to adopt DPI again?

Well you know sometimes acronyms have two meanings.

By Dina Regine – https://www.flickr.com/photos/divadivadina/465006384/, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=8022602.

In this case, DPI stands for digital public infrastructure, a key component of smart cities.

And those five core components are fiscal resilience, public services, economic development, national sovereignty, and competition and rent extraction.

Although you would think that SMART people could come up with a better term than rent EXTRACTION.

For more information on those core components, read the Biometric Update “DPI” article.

And no, I shouldn’t cast stones at acronym misuse, since I’m a self-identified CPA. You can’t account for hypocrisy.

More on Infant Biometrics

Since I recently shared some news on “Baby Steps Toward Order of Magnitude Increases in Fingerprint Resolution,” I figure I should share what Integrated Biometrics has to say on the matter.

In its article “The Science of Infant Biometrics: Are We Really There Yet?” Integrated Biometrics identifies three key components for success: capture, storage, and matching. Since the Bredemarket blog has previously discussed capture, I’ll quote a bit of what Integrated Biometrics has to say about it.

[I]nfant fingerprints have smaller ridge spacing (roughly) 4-5 pixels compared to 9-10 in adults). Movement, skin peeling, and soft, malleable skin can also distort the fingerprint, making it difficult to capture accurate data.

Because of that size, the company cites studies that suggest a capture resolution of 3500 ppi and beyond may be necessary.

But that’s not the biggest of the three key components. The biggest one is matching, because even if you capture the best infant image, it’s of no use if it doesn’t correctly match (or not match) against adult images.

Luckily, we’re now at the point where we’re starting to get data for the same person at infant and (near) adult ages, so we can study the issue. Integrated Biometrics’ post contains more detail in the section “Can Today’s Algorithms Track Biometric Evolution from Infancy to Adulthood?” I’ll direct you there to read about it.

(Image from Freepik)

Baby Steps Toward Order of Magnitude Increases in Fingerprint Resolution

(Part of the biometric product marketing expert series)

For many years, the baseline for high-quality capture of fingerprint and palm print images has been to use a resolution of 500 pixels per inch. Or maybe 512 pixels per inch. Whatever.

The crime scene (latent) folks weren’t always satisfied with this, so they pushed to capture latent fingerprint and latent palm print images at 1000 pixels per inch. Pardon me, 1024.

But beyond this, the resolution of captured prints hasn’t really changed in decades. I’m sure some people have been capturing prints at 2000 (2048) pixels per inch, but there aren’t massive automated biometric identification systems that fully support this resolution from end to end.

But that may be changing.

One important truth about infant fingerprints

For about as long as latent examiners have pursued 1000 ppi print capture, people outside of the criminal justice arena have been looking at fingerprints for a very different purpose.

Our normal civil fingerprint processes require us to identify people via fingerprints beginning at the age of 18, or perhaps at the age of 12.

But gow do we identify people in those first 12 years?

More specifically, can we identify someone via their fingerprints at birth, and then authenticate them as an adult by comparing to those original prints?

It’s a dream, but many have pursued this dream. Dr. Anil Jain at Michigan State University has pursued this for years, and co-authored a 2014 paper on the topic.

Given that children, as well as the adults, in low income countries typically do not have any form of identification documents which can be used for this purpose [vaccination], we address the following question: can fingerprints be effectively used to recognize children from birth to 4 years? We have collected 1,600 fingerprint images (500 ppi) of 20 infants and toddlers captured over a 30-day period in East Lansing, Michigan and 420 fingerprints of 70 infants and toddlers at two different health clinics in Benin, West Africa.

At the time, it probably made sense to use 500 pixel per inch scanners to capture the prints, since developing countries don’t have a lot of money to throw around on expensive 1000 ppi scanners. But the use of regular scanners runs counter to a very important truth about infants and their fingerprints. Are you sitting down?

Because infants are smaller than adults, infant fingerprints are smaller than adult fingerprints.

Think about it. The standard FBI fingerprint card assumes that a rolled fingerprint occupies 1.6 inches x 1.5 inches of space. If you were to roll an infant fingerprint, it would occupy much less than that. Heck, I don’t even know if an infant’s entire FINGER is 1.6 inches long.

So the capture device is obtaining these teeny tiny ridges, and these teeny tiny ridge endings, and these teeny tiny bifurcations. Or trying to. And if those second-level details can’t be captured, then you’re not going to get the minutiae, and your fingerprint matching is going to fail.

So a decade later, researchers today are adopting a newer approach, according to a Biometric Update summary of an ID4Africa webinar. (This particular portion is at the very end of the webinar, at around the 2 hour 40 minute mark.)

A video presentation from Judge Lidia Maejima of the Court of Justice of Parana, Brazil introduced the emerging legal framework for biometric identification of infants. Her representative Felipe Hay explained how researchers in Brazil developed 5,000 dpi scanners, he says, which accurately record the minutiae of infants’ fingerprints.

Did you capture that? We’re moving from five hundred pixels per inch to FIVE THOUSAND pixels per inch. (Or maybe 5120.) Whether even that resolution is capable of capturing infant fingerprint detail remains to be seen.

And as Dr. Joseph Atick noted, all this research is still in its…um…infancy. We won’t know for years whether the algorithms can truly match infant fingerprints to child or adult fingerprints.

By the way, when talking about digital images, Adobe notes that the correct term is pixels per inch, not dots per inch. DPI specifically refers to printer resolution, which is appropriate when you’re printing a fingerprint card but not when you’re displaying an image on a screen.

(Image from From https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-290e3.pdf )

Biometric Update: Thales wins $21m contract for Switzerland’s AFIS

Notable. I don’t know if IDEMIA provides the current Swiss AFIS (it used to), but Thales has locked this up for a long time.

Thales wins $21m contract for Switzerland’s AFIS
Biometric Update, https://www.biometricupdate.com/202503/thales-wins-21m-contract-for-switzerlands-afis

Metal Injection Attack: The Ozzy Version

In my previous blog post about a fingerprint biometric security metal injection attack, I said:

“This metal injection attack isn’t from an Ozzy Osbourne video…”

Well, now there IS an Ozzy Osbourne video about the metal injection attack. The reel is on Instagram.

“Metal Injection Attack” Instagram reel.

Metal Injection Attack: Bypassing Biometric Fingerprint Security

(Image from LockPickingLawyer YouTube video)

This metal injection attack isn’t from an Ozzy Osbourne video, but from a video made by an expert lock picker in 2019 against a biometric gun safe.

The biometric gun safe is supposed to deny access to a person whose fingerprint biometrics aren’t registered (and who doesn’t have the other two access methods). But as Hackaday explains:

“(T)he back of the front panel (which is inside the safe) has a small button. When this button is pressed, the device will be instructed to register a new fingerprint. The security of that system depends on this button being inaccessible while the safe is closed. Unfortunately it’s placed poorly and all it takes is a thin piece of metal slid through the thin opening between the door and the rest of the safe. One press, and the (closed) safe is instructed to register and trust a new fingerprint.”

Biometric protection is of no use if you can bypass the biometrics.

But was the safe (subsequently withdrawn from Amazon) over promising? The Firearm Blog asserts that we shouldn’t have expected much.

“To be fair, cheap safes like this really are to keep kids, visitors, etc from accessing your guns. Any determined person will be able to break into these budget priced sheet metal safes….”

But still the ease at bypassing the biometric protection is deemed “inexcusable.”

So how can you detect this injection attack? One given suggestion: only allow the new biometric registration control to work when the safe is open (meaning that an authorized user has presumably opened the safe). When the safe is closed, insertion of a thin piece of metal shouldn’t allow biometric registration.

For other discussions of injection attack detection, see these posts: one, two.

By the way, this is why I believe passwords will never die. If you want a cheap way to lock something, just use a combination. No need to take DNA samples or anything.

Oh, and a disclosure: I used Google Gemini to research this post. Not that it really helped.

Clean Fast Contactless Biometrics

(Image from DW)

The COVID-19 pandemic may be a fading memory, but contactless biometrics remains popular.

Back in the 1980s, you had to touch something to get the then-new “livescan” machines to capture your fingerprints. While you no longer had messy ink-stained fingers, you still had to put your fingers on a surface that a bunch of other people had touched. What if they had the flu? Or AIDS (the health scare of that decade)?

As we began to see facial recognition in the 1990s and early 2000s, one advantage of that biometric modality was that it was CONTACTLESS. Unlike fingerprints, you didn’t have to press your face against a surface.

From https://www.youtube.com/watch?v=4XhWFHKWCSE.

But then fingerprints also became contactless after someone asked an unusual question in 2004.

“Actually this effort launched before that, as there were efforts in 2004 and following years to capture a complete set of fingerprints within 15 seconds…”

This WAS an unusual question, considering that it took a minute or more to capture inked prints or livescan prints. And the government expected this to happen in 15 seconds?

A decade later several companies were pursuing this in conjunction with NIST. There were two solutions: dedicated kiosks such as MorphoWave from my then-employer MorphoTrak, and solutions that used a standard smartphone camera such as SlapShot from Sciometrics and Integrated Biometrics.

Slide 10 from the NIST presentation posted at https://www.nist.gov/system/files/documents/2016/12/14/iai_2016-nist_contactless_fingerprints-distro-20160811.pdf.

The, um, upshot is that now contactless fingerprint and face capture are both a thing. Contactless capture provides speed, and even the impossible 15 second capture target was blown away. 

Fingers and faces can be captured “on the move” in airports, border crossings, stadiums, and university lunchrooms and other educational facilities.

Perhaps Iris and voice can be considered contactless and fast. 

But even “rapid” DNA isn’t that rapid.

Adherence Does NOT Require 100% Compliance

(Green and red medicine bottle image from Google Gemini)

As many of you know, I spend the majority of my time in identity/biometrics, where in some cases a 99% accuracy rate is considered woefully inadequate. Imagine if your bank had a million customers and 10,000 of them couldn’t login…or 10,000 fraudsters COULD log in. The bank would throw a fit with its biometric vendor.

So perhaps my experience resulted in…um, bias when I wrote the following in my recent post on adherence and identity:

“Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

“Does this demonstrate patient adherence to health instructions?”

Perhaps you spotted the implicit assumption that taking 28 of 28 pills (100%} constitutes adherence, while taking 27 of 28 pills (96.4%} constitutes NON-adherence.

Tain’t so, Sherlock, as Philip Morisky pointed out in a comment on my LinkedIn post on adherence and identity. He said, in part:

“…the threshold at 80% means that even if you do not have access to the medication for 6 out of 30 days, you are still considered adherent.”

Morisky presumably knows what he’s talking about, since he works for a company called…adherence. And Philip’s father, Dr. Donald Morisky, developed the Morisky Medication Adherence Scale (MMAS) for medication self-reporting.

But what of this 80% threshold? 

It’s commonly cited…like the statement that 30% of crime scene latent prints come from palms

But the 80% adherence threshold is not universally accepted, as this National Library of Medicine study notes.

“Based on Haynes’s early empirical definition of sufficient adherence to antihypertensive medications as taking ≥80% of medication, many researchers used this threshold to distinguish adherent from non-adherent patients. However, we propose that different diseases, medications and patient’s characteristics influence the cut-off point of the adherence rate above which the clinical outcome is satisfactory (thereafter medication adherence threshold).”

This particular study concluded that…more research is needed.

“…we cannot reject or confirm the validity of the historical 80% threshold. Nevertheless, the 80% threshold was clearly questioned as a general standard.”

Despite the questions about the 80% threshold, Philip Morisky’s basic point remains: you don’t have to take 100% of your medications to be considered adherent from a health perspective.

But I still maintain that for critically important medications, the IDENTITY of the person taking them needs to be known at a level very close to 100%.

Friction is Bad

Some time ago I read a story (which may or may not have been true) about an employer who called multiple job applicants to the office for a morning interview. As time passed and the employer didn’t interview anyone, some of the applicants got tired of waiting and left. At the end of the day, only one applicant remained. That applicant got the job.

  • The person who told the story thought that it demonstrated that perseverance pays off.
  • Most of the readers thought that it demonstrated that the employer was a jerk and that the work environment was probably toxic.

If this were to happen in real life, the employer would paradoxically lose out on the BEST candidates who had better things to do than sit around an office all day.

Why?

Because people avoid friction. If job applicants can obtain jobs without playing silly games, they will.

Friction is bad.

Waiting room in an airport.
Waiting room image by User:Mattes – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1732601.

The evolution of fingerprint capture

When I started in the biometric industry 30 years ago, many police agencies were capturing fingerprints by putting ink on a person’s fingers and rolling/slapping the prints on a card.

FBI fingerprint card.
From Certifix, https://store.certifixlivescan.com/products/criminal-fingerprint-record-card.

That was messy and time-consuming, so companies like Digital Biometrics and Identix developed “livescan” devices, which did not require ANY ink and which let police agencies capture fingerprints by rolling/slapping the prints on a glass platen. This process could require a minute or two for the livescan operator to capture all fourteen images.

That’s a long time.

As I’ve previously noted, it was TOO long for some people in the federal government, who began asking in 2004 if technology could capture a complete set of fingerprints in 15 seconds.

20 years later, we can capture fingerprints (at least 8 of them) in a couple of seconds.

How?

By avoiding friction. Rather than forcing people to place their fingerprints on a card or a platen, “contactless” technology lets the “wave” (or “fly”) their fingers over a capture device, or hold their fingerprints in front of a smartphone camera.

Friction is bad.

The sound of silence

Despite what lyricists say, silence is NOT your old friend.

When a prospect wants to find out about your biometric solution, how does silence help you?

Let’s say that a prospect hears that MegaCorp offers a biometric solution, but MegaCorp’s blog and social media haven’t posted anything lately.

What are the chances that the prospect will search far and wide to find out about MegaCorp’s biometric solution?

Actually, the chances are better that the prospect won’t search at all, and will turn to the competitors who are NOT silent.

Blogging benefits: 55% more website visitors, 67% more leads, 13x more likely to enjoy positive ROI, 92% acquire customers.

Are you going to look for the information that is easily available, or the information that is hard to obtain?

Friction is bad.

Eating my own wildebeest food

I’m trying to reduce friction in Bredemarket’s own practices.

While I still use landing pages for some thing that require further explanation for some prospects, I’m trying to avoid them in some instances.

I’m working on a marketing campaign for a client, and my first “draft 0.5” of the campaign was loaded with friction.

  • The prospect had to open an email.
  • In the email, the prospect had to click on a landing page.
  • On the landing page, the prospect had to fill out a form to book a meeting.

Huge numbers of people drop out of the process at every step. So why not eliminate a step, and let the prospect book a meeting in a form embedded in the email?

Friction is bad.

And I’m applying this same principle to this post.

If your identity/biometric firm is desperate for content to convert prospects into paying customers, why don’t you schedule a free 30-minute meeting with Bredemarket to discuss your needs and what I can offer?

Incidentally, while I often repurpose blog content on Bredemarket’s social media channels, this post WON’T be one of them. I can’t embed a Calendly form into an Instagram or LinkedIn post.

And I can’t embed YouTube videos either.

From https://www.youtube.com/watch?v=nkUOACGtGfA.

In Case You Missed My Incessant “Biometric Product Marketing Expert” Promotion

Biometric product marketing expert.

Modalities: Finger, face, iris, voice, DNA.

Plus other factors: IDs, data.

John E. Bredehoft has worked for Incode, IDEMIA, MorphoTrak, Motorola, Printrak, and a host of Bredemarket clients.

(Some images AI-generated by Google Gemini.)

Biometric product marketing expert.