Identity/biometrics/technology marketing and writing services
Biometric product marketing expert.
Modalities: Finger, face, iris, voice, DNA.
Plus other factors: IDs, data.
John E. Bredehoft has worked for Incode, IDEMIA, MorphoTrak, Motorola, Printrak, and a host of Bredemarket clients.
(Some images AI-generated by Google Gemini.)
(Part of the biometric product marketing expert series)
Any endeavor, scientific or non-scientific, tends to generate a host of acronyms that the practitioners love to use.
For people interested in fingerprint identification, I’ve written this post to delve into some of the acronyms associated with NIST MINEX testing, including ANSI, INCITS, FIPS, and PIV.
And, of course, NIST and MINEX.
After defining what the acronyms stand for, I’ll talk about the MINEX III test. Because fingerprints are still relevant.
We have to start with NIST, of course. NIST is the National Institute of Standards and Technology, part of the U.S. Department of Commerce.
NIST was involved with fingerprints before NIST even existed. Back when NIST was still the NBS (National Bureau of Standards), it issued its first fingerprint interchange standard back in 1986. I’ve previously talked about the 1993 version of the standard in this post, “When 250ppi Binary Fingerprint Images Were Acceptable.”
But let’s move on to another type of interchange.
It’s even more important that we define MINEX, which stands for Minutiae (M) Interoperability (IN) Exchange (EX).
You’ll recall that the 1993 (and previous, and subsequent) versions of the ANSI/NIST standard included a “Type 9” to record the minutiae generated by the vendor for each fingerprint. However, each vendor generated minutiae according to its own standard. Back in 1993 Cogent had its standard, NEC its standard, Morpho its standard, and Printrak its standard.
So how do you submit Cogent minutiae to a Printrak system? There are two methods:
First, you don’t submit them at all. Just ignore the Cogent minutiae, look at the Printrak image, and use an algorithm regenerate the minutiae to the Printrak standard. While this works with high quality tenprints, it won’t work with low quality latent (crime scene) prints that require human expertise.
The second method is to either convert the Cogent minutiae to the Printrak minutiae standard, or convert both standards into a common format.
Something like ANSI INCITS 378-2009 (S2019).
So I guess we need to define two more acronyms.
Actually, I should have defined ANSI earlier, since I’ve already referred to it when talking about the ANSI/NIST data interchange formats.
ANSI is the American National Standards Institute. Unlike NIST, which is an agency of the U.S. government, ANSI is a private entity. Here’s how it describes itself:
The American National Standards Institute (ANSI) is a private, non-profit organization that administers and coordinates the U.S. voluntary standards and conformity assessment system. Founded in 1918, the Institute works in close collaboration with stakeholders from industry and government to identify and develop standards- and conformance-based solutions to national and global priorities….
ANSI is not itself a standards developing organization. Rather, the Institute provides a framework for fair standards development and quality conformity assessment systems and continually works to safeguard their integrity.
So ANSI, rather than creating its own standards, works with outside organizations such as NIST…and INCITS.
Now that’s an eye-catching acronym, but INCITS isn’t trying to cause trouble. Really, they’re not. Believe me.
INCITS, or the InterNational Committee for Information Technology Standards, is another private organization. It’s been around since 1961, and like NIST has been known under different names in the past.
Back in 2004, INCITS worked with ANSI (and NIST, who created samples) to develop three standards: one for finger images (ANSI INCITS 381-2004), one for face recognition (ANSI INCITS 385-2004), and one for finger minutiae (ANSI INCITS 378-2004, superseded by ANSI INCITS 378-2009 (S2019)).
When entities used this vendor-agnostic minutiae format, then minutiae from any vendor could in theory be interchanged with those from any other vendor.
This came in handy when the FIPS was developed for PIV. Ah, two more acronyms.
One year after the three ANSI INCITS standards were released, this happened (the acronyms are defined in the text):
Federal Information Processing Standard (FIPS) 201 entitled Personal Identity Verification of Federal Employees and Contractors establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity credentials issued by the Federal Government to its employees and contractors. These credentials are used by mechanisms that authenticate individuals who require access to federally controlled facilities, information systems, and applications. This Standard addresses requirements for initial identity proofing, infrastructure to support interoperability of identity credentials, and accreditation of organizations issuing PIV credentials.
So the PIV, defined by a FIPS, based upon an ANSI INCITS standard, defined a way for multiple entities to create and support fingerprint minutiae that were interoperable.
But how do we KNOW that they are interoperable?
Let’s go back to NIST and MINEX.
So NIST ended up in charge of figuring out whether these interoperable minutiae were truly interoperable, and whether minutiae generated by a Cogent system could be used by a Printrak system. Of course, by the time MINEX testing began Printrak no longer existed, and a few years later Cogent wouldn’t exist either.
You can read the whole history of MINEX testing here, but for now I’m going to skip ahead to MINEX III (which occurred many years after MINEX04, but who’s counting?).
NIST then performs its calculations and comes up with summary values of interoperability, which can be sliced and diced a few different ways for both template generators and template matchers.
And this test, like some others, is an ongoing test, so perhaps in a few months someone will beat Innovatrics for the top pooled 2 fingers spot.
And entities WILL continue to submit to the MINEX III test. While a number of identity/biometric professionals (frankly, including myself) seem to focus on faces rather than fingerprints, fingers still play a vital role in biometric identification, verification, and authentication.
Fingerprints are clearly a 21st century tool.
Even if one vendor continues its obsession with 1970s crime fighters.
And no, I’m NOT going to explain what the acronym FAP means. This post has too many acronyms already (TMAA).
(Part of the biometric product marketing expert series)
I remember the first computer I ever owned: a Macintosh Plus with a hard disk with a whopping 20 megabytes of storage space. And that hard disk held ALL my files, with room to spare.
For sake of comparison, the video at the end of this blog post would fill up three-quarters of that old hard drive. Not that the Mac would have any way to play that video.
That Mac is now literally a museum piece.
And its 20 megabyte hard disk illustrates the limitations of those days. File storage was a precious commodity in the 1980s and 1990s, and we therefore accepted images that we wouldn’t even think about accepting today.
This affected the ways in which entities exchanged biometric information.
The ANSI/NIST standard for biometric data interchange has gone through several iterations over the years, beginning in 1986 when NIST didn’t even exist (it was called the National Bureau of Standards in those days).
When I began working for Printrak in 1994, the image interchange standard in effect was ANSI/NIST-CSL 1-1993, the “Data Format for the Interchange of Fingerprint Information.”
Yes, FINGERPRINT information. No faces. No scars/marks/tattoos. signatures, voice recordings, dental/oral data, irises, DNA, or even palm prints. Oh, and no XML-formatted interchange either. Just fingerprints.
Back in 1993, there were only 9 logical record types.
For purposes of this post I’m going to focus on logical record types 3 through 6 and explain what they mean.
In the 1993 version of the ANSI/NIST standard:
Incidentally, this brings up an important point. The series of ANSI/NIST standards are not focused on STORAGE of data. They are focused on INTERCHANGE of data. They only provided a method for Printrak system users to exchange data with automated fingerprint identification systems (AFIS) from NEC, Morpho, Cogent, and other fingerprint system providers. Just interchange. Nothing more.
Now let’s get back to Types 3 through 6 and note that you were able to exchange binary fingerprint images.
Yup, straight black and white images.
Why the heck would fingerprint experts tolerate a system that transmitted binary images that latent fingerprint examiners considered practically useless?
Because they had to.
Two technological constraints adversely affected the interchange of fingerprint data in 1993:
So as a workaround, the ANSI/NIST standard allowed users to interchange binary (black and white) images to save disk space and modem transmission time.
And we were all delighted with the capabilities of the 1993 ANSI/NIST standard.
Until we weren’t.
The current standard, ANSI/NIST-ITL 1-2011 Update 2015, supports a myriad of biometric types. For fingerprints (and palm prints), the focus is on grayscale images: binary image Type 5 and Type 6 are deprecated in the current standard, and low-resolution Type 3 grayscale images are also deprecated. Even Type 4 is shunned by most people in favor of new friction ridge image types in which the former “high resolution” is now the lowest resolution that anyone supports:
We’ve come a long way.
Now that you’ve read this whole thing, I’ll share my video which covers everything in 25 seconds.
By the time I upload this video to Instagram, I’ll probably use Instagram’s music facilities to add this song as background music.
(Part of the biometric product marketing expert series)
I recently read a web page (I won’t name the site) that included the following text:
…fingerprints, palm prints, latents, faces, and irises at 500 or 1000 ppi.
Which is partially correct.
Yes, fingerprints, palm prints, and latent prints are measured in pixels per inch (ppi), with older systems capturing 500 ppi images, some newer images capturing 1,000 ppi images, and other systems capturing 2,000 ppi or larger images. 2,000 ppi resolution is used in some images in NIST Special Database 300 because why not?
I don’t know of any latent fingerprint examiner who is capturing 4,000 ppi friction ridge prints, but I bet that someone out there is doing it.
But faces and irises are not measured in pixels per inch.
Why not?
Because, at least until recently, friction ridge impressions were captured differently than faces and irises.
Obviously things have changed in the friction ridge world over the last decade, as more companies support contactless methods of fingerprint capture, either through dedicated devices or standard smartphone cameras.
And that has caused issues for organizations such as the U.S. Federal Bureau of Investigation, who have very deep concerns about how contactless fingerprints will function in their current contact-based systems.
For example, how will Electronic Biometric Transmission Specification Appendix F (version 11.2 here) compliance work in the world where the friction ridges are NOT pressed against a surface?
In a recent conversation with a client, I was reminded that procedures in one country may not be followed in another. For example, the process of getting a U.S. passport differs from the process to get one in France.
The client asked me about my experience with centralized and decentralized ID document issuance systems.
It turns out I was experienced in both based upon my time at IDEMIA. State agencies can manufacture driver’s licenses either via a dencentralized process where the driver’s license is printed at your local DMV office while you wait, or via a centralized process where all the driver’s licenses are produced at a secure facility which may or may not be located in the state in question. IDEMIA maintains several such centralized facilities to produce driver’s licenses and credit card-related materials, and they’re so secure that even when I was an IDEMIA employee I was not allowed to enter them.
But then the client asked about passports.
When I joined Incode Technologies in May 2022, I had to quickly renew my passport so that I could attend a possible meeting in Mexico City. And it’s a good thing I did, because that meeting occurred soon afterwards…well, if you consider April 2023 “soon afterwards.”
My passport had expired in 2020, but I was able to renew my passport anyway with a fairly simple procedure.
I forget how many weeks it took me to get my new passport, but I requested an expedited process so it couldn’t have been that many weeks.
This isn’t always true. If you don’t expedite the process, and if there’s a heavy backlog, it could take more than a month to get your passport.
After my meeting with the client, I was curious about the passport policies in other countries, and ran across this Expatica description of French passport production.
Let’s skip right to the biggest difference between France and the United States:
The passport will take a few days to process.
Uh…what?
Not “the passport will take a few days to process if you pay rush fees.”
It will take a few days to process, period.
And no, this isn’t because the United States is larger than France. The same time period applies if you apply for a passport in one of France’s scattered overseas departments, or at a French embassy or consulate.
So how do they do it?
First off, you don’t need to mail a bunch of stuff off to a centralized office. You can simply go to your local town hall (mairie), embassy, or consulate. You need the following:
Once your bring everything to the mairie, your passport is processed within a few days. (OK, perhaps slightly longer in the summer.) When it’s ready you go back to the mairie, sign your passport, and take it with you to travel to all of the countries you can visit with a French passport. (More than with a United States passport.)
My research hasn’t yet uncovered a country where you can get your passport on the same day you apply for it, but such a timeframe is theoretically possible.
This isn’t a current concern of mine since Bredemarket only deals with U.S. firms, but some of these firms are multinational and may ask me to create written content regarding their installation in Vietnam or wherever.
Always ask what the local practice is and don’t assume that the locals do things like we do in Southern California.
I’ve talked about synthetic identity fraud a lot in the Bredemarket blog over the past several years. I’ll summarize a few examples in this post, talk about how to fight synthetic identity fraud, and wrap up by suggesting how to get the word out about your anti-synthetic identity solution.
But first let’s look at a few examples of synthetic identity.
As far back as December 2020, I discussed Kris’ Rides’ encounter with a synthetic employee from a company with a number of synthetic employees (many of who were young females).
More recently, I discussed attempts to create synthetic identities using gummy fingers and fake/fraudulent voices. The topic of deepfakes continues to be hot across all biometric modalities.
I shared a video I created about synthetic identities and their use to create fraudulent financial identities.
I even discussed Kelly Shepherd, the fake vegan mom created by HBO executive Casey Bloys to respond to HBO critics.
And that’s just some of what Bredemarket has written about synthetic identity. You can find the complete list of my synthetic identity posts here.
It isn’t enough to talk about the fact that synthetic identities exist: sometimes for innocent reasons, sometimes for outright fraudulent reasons.
You need to communicate how to fight synthetic identities, especially if your firm offers an anti-fraud solution.
Here are four ways to fight synthetic identities:
If you conduct all four tests, then you have used multiple factors of authentication to confirm that the person is who they say they are. If the identity is synthetic, chances are the purported person will fail at least one of these tests.
If you fight synthetic identity fraud, you should let people know about your solution.
Perhaps you can use Bredemarket, the identity content marketing expert. I work with you (and I have worked with others) to ensure that your content meets your awareness, consideration, and/or conversion goals.
How can I work with you to communicate your firm’s anti-synthetic identity message? For example, I can apply my identity/biometric blog expert knowledge to create an identity blog post for your firm. Blog posts provide an immediate business impact to your firm, and are easy to reshare and repurpose. For B2B needs, LinkedIn articles provide similar benefits.
If Bredemarket can help your firm convey your message about synthetic identity, let’s talk.
(Part of the biometric product marketing expert series)
Have you heard of rapid DNA?
Perhaps not as fast as Brazilian race car driver Antonella Bassani, but fast enough.
This post discusses the pros and cons of rapid DNA, specifically in the MV Conception post mortem investigation.
I’ve worked with rapid DNA since I was in Proposals at MorphoTrak, when our corporate parent Safran had an agreement with IntegenX (now part of Thermo Fisher Scientific). Rapid DNA, when suitable for use, can process a DNA sample in 90 minutes or less, providing a quick way to process DNA in both criminal and non-criminal cases.
But as I explain below, sometimes rapid DNA isn’t so rapid. In those cases, investigators have to turn to boring biometric technologies such as fingerprints instead. Fingerprints are a much older identification modality, but they still work.
Bredemarket recently purchased access to a Journal of Forensic Sciences article entitled “Advances in postmortem fingerprinting: Applications in disaster victim identification” (https://doi.org/10.1111/1556-4029.15513) by Bryan T. Johnson MSFS of the Federal Bureau of Investigation Laboratory in Quantico. The abstract (which is NOT behind the paywall) states the following, in part:
In disaster victim identification (DVI), fingerprints, DNA, and dental examinations are the three primary methods of identification….As DNA technology continues to evolve, RAPID DNA may now identify a profile within 90 min if the remains are not degraded or comingled. When there are true unknowns, however, there is usually no DNA, dental, or medical records to retrieve for a comparison without a tentative identity.
In the body of the paper itself (which IS behind the paywall), Johnson cites one example in which use of rapid DNA would have DELAYED the process.
DVI depends upon comparison of a DNA sample from a victim with a previous DNA sample taken from the victim. If this is not available, then the victim’s DNA is compared against the DNA of a family member.
When the MV Conception boat caught fire and sank in September 2019, 34 people lost their lives and had to be positively identified.
While most of the MV Conception victims were California residents, some victims were from Singapore and India. It would take weeks to collect and transport the DNA samples from the victims’ family members back to the United States for comparison against the DNA samples from the victims. Weeks of uncertainty during which family members had no confirmation that their relatives were among the deceased.
However, because the foreign victims were visitors to the United States, they had fingerprints on file with the Department of Homeland Security. Interagency agreements allowed the investigating agencies to access the DHS fingerprints and compare them against the fingerprints of the foreign victims, providing tentative identifications within three days. (Fingerprint identification is a 100+ year old method, but it works!) These tentative identifications were subsequently confirmed when the familial DNA samples arrived.
The message here is NOT that “fingerprints rule, DNA drools.” In some cases the investigators could not retrieve fingerprints from the bodies and HAD to use rapid DNA.
The message here is that when identifying people, you should use ANY biometric (or non-biometric) modality that is available: fingerprints, DNA, dental records, driver’s licenses, Radio Shack Battery Club card, or anything else that provides an investigative lead or a positive identification.
And ideally, you should use more than one factor of authentication.
By the way, if you have a biometric story to tell, Bredemarket can help…um…drive results. Perhaps not as fast as Bassani, but fast enough.
I define a revolutionary biometric event as something that COMPLETELY TRANSFORMS the biometric industry.
For me, the four events that have revolutionized biometrics in this century (so far) include:
If you want to learn WHY I regard these four events as revolutionary, and why I DON’T regard the introduction of the Apple Vision Pro as revolutionary, see my June 2023 post.
In many instances of fingerprint capture, whether obtaining prints through ink or through livescan, the tenprint person captures 14 images. Not 10, not 20, but 14.
Why?
Quality control.
Because the 14 images contain two impressions of every print, you can compare the top set of prints (the rolled prints) against the bottom set (the slap prints).
In the example above, if the green rolled print is NOT the same as the green slap print, or if the blue rolled print is NOT the same as the blue slap print, then you captured the fingerprints in the wrong order.
I discussed this in more detail in an earlier post.
If you need Bredemarket’s marketing and writing services to explain the benefits of your technology to your prospects and customers, contact me.
There are various types of dedicated fingerprint reader devices, including multispectral readers that can examine the subdermal layers of your fingers. Even if your surface fingerprints are worn away by bricklaying, time, or other factors, multispectral fingerprint readers can identify you anyway.
If you’re interested, I wrote more about multispectral readers, and how they relate to liveness detection, back in June 2023.
If you need Bredemarket’s marketing and writing services to explain the benefits of your technology to your prospects and customers, contact me.
Bredemarket