Identity/biometrics/technology marketing and writing services
Biometric product marketing expert.
Modalities: Finger, face, iris, voice, DNA.
Plus other factors: IDs, data.
John E. Bredehoft has worked for Incode, IDEMIA, MorphoTrak, Motorola, Printrak, and a host of Bredemarket clients.
(Some images AI-generated by Google Gemini.)
(Part of the biometric product marketing expert series)
I recently read a web page (I won’t name the site) that included the following text:
…fingerprints, palm prints, latents, faces, and irises at 500 or 1000 ppi.
Which is partially correct.
Yes, fingerprints, palm prints, and latent prints are measured in pixels per inch (ppi), with older systems capturing 500 ppi images, some newer images capturing 1,000 ppi images, and other systems capturing 2,000 ppi or larger images. 2,000 ppi resolution is used in some images in NIST Special Database 300 because why not?
I don’t know of any latent fingerprint examiner who is capturing 4,000 ppi friction ridge prints, but I bet that someone out there is doing it.
But faces and irises are not measured in pixels per inch.
Why not?
Because, at least until recently, friction ridge impressions were captured differently than faces and irises.
Obviously things have changed in the friction ridge world over the last decade, as more companies support contactless methods of fingerprint capture, either through dedicated devices or standard smartphone cameras.
And that has caused issues for organizations such as the U.S. Federal Bureau of Investigation, who have very deep concerns about how contactless fingerprints will function in their current contact-based systems.
For example, how will Electronic Biometric Transmission Specification Appendix F (version 11.2 here) compliance work in the world where the friction ridges are NOT pressed against a surface?
As further proof that I am celebrating, rather than hiding, my “seasoned” experience—and you know what the code word “seasoned” means—I am entitling this blog post “Take Me to the Pilot.”
Although I’m thinking about a different type of “pilot”—a pilot to establish that Login.gov can satisfy Identity Assurance Level 2 (IAL2).
I just mentioned IAL2 in a blog post on Wednesday, with this seemingly throwaway sentence.
So if you think you can use Login.gov to access a porn website, think again.
From https://bredemarket.com/2024/04/10/age-assurance-meets-identity-assurance-level-2/.
The link in that sentence directs the kind reader to a post I wrote in November 2023, detailing that fact that the GSA Inspector General criticized…the GSA…for implying that Login.gov was IAL2-compliant when it was not. The November post references a GSA-authored August blog post which reads in part (in bold):
Login.gov is on a path to providing an IAL2-compliant identity verification service to its customers in a responsible, equitable way.
From https://www.gsa.gov/blog/2023/08/18/reducing-fraud-and-increasing-access-drives-record-adoption-and-usage-of-logingov.
Because it obviously wouldn’t be good to do it in an irresponsible inequitable way.
But the GSA didn’t say how long that path would be. Would Login.gov be IAL2-compliant by the end of 2023? By mid 2024?
It turns out the answer is neither.
You would think that achieving IAL2 compliance would be a top priority. After all, the longer that Login.gov doesn’t comply, the more government agencies that will flock to IAL2-compliant ID.me.
Enter Steve Craig of PEAK.IDV and the weekly news summaries that he posts on LinkedIn. Today’s summary includes the following item:
4/ GSA’s Login.gov Pilots Enhanced Identity Verification
From https://www.linkedin.com/posts/stevenbcraig_digitalidentity-aml-compliance-activity-7184539504504930306-LVPF/.
Login.gov’s pilot will allow users to match a live selfie with the photo on a self-supplied form of photo ID, such as a driver’s license
Other interesting updates in the press release 👇
And here’s what GSA’s April 11 press release says.
Specifically, over the next few months, Login.gov will:
Pilot facial matching technology consistent with the National Institute of Standards and Technology’s Digital Identity Guidelines (800-63-3) to achieve evidence-based remote identity verification at the IAL2 level….
Using proven facial matching technology, Login.gov’s pilot will allow users to match a live selfie with the photo on a self-supplied form of photo ID, such as a driver’s license. Login.gov will not allow these images to be used for any purpose other than verifying identity, an approach which reflects Login.gov’s longstanding commitment to ensuring the privacy of its users. This pilot is slated to start in May with a handful of existing agency-partners who have expressed interest, with the pilot expanding to additional partners over the summer. GSA will simultaneously seek an independent third party assessment (Kantara) of IAL2 compliance, which GSA expects will be completed later this year.
From https://www.gsa.gov/about-us/newsroom/news-releases/general-services-administrations-logingov-pilot-04112024#.
In short, GSA’s April 11 press release about the Login.gov pilot says that it expects to complete IAL2 compliance later this year. So it’s going to take more than a year for the GSA to repair the gap that its Inspector General identified.
Once I saw Steve’s update this morning, I felt it sufficiently important to share the news among Bredemarket’s various social channels.
With a picture.
For those of you who are not as “seasoned” as I am, the picture depicts the B-side of a 1970 vinyl 7″ single (not a compact disc) from Elton John, taken from the album that broke Elton in the United States. (Not literally; that would come a few years later.)
By the way, while the original orchestrated studio version is great, the November 1970 live version with just the Elton John – Dee Murray – Nigel Olsson trio is OUTSTANDING.
Back to Bredemarket social media. If you go to my Instagram post on this topic, I was able to incorporate an audio snippet from “Take Me to the Pilot” (studio version) into the post. (You may have to go to the Instagram post to actually hear the audio.)
Not that the song has anything to do with identity verification using government ID documents paired with facial recognition. Or maybe it does; Elton John doesn’t know what the song means, and even lyricist Bernie Taupin doesn’t know what the song means.
So from now on I’m going to say that “Take Me to the Pilot” documents future efforts toward IAL2 compliance. Although frankly the lyrics sound like they describe a successful iris spoofing attempt.
Through a glass eye, your throne
From https://genius.com/Elton-john-take-me-to-the-pilot-lyrics.
Is the one danger zone
For you young whippersnappers who don’t understand why the opening image mentioned “54 Years On,” this is a reference to another Elton John song.
And it’s no surprise that the live version is better.
Now I’m going to listen to this all day. Cue the Instagram post (if Instagram has access to the 17-11-70/11-17-70 version).
One advantage of an open source project is that there are far fewer secrets to hide. If a commercial firm develops biometric products, it has a responsibility to its investors to not release sensitive information.
Worldcoin has few limitations on sharing information because it is an open source project, so when governments in Argentina, Kenya, and elsewhere raised questions about what Worldcoin does with its citizens’ biometric data, Worldcoin could afford to conduct a security assessment…and publicly share the results.
Although findings…describe potential attack surfaces and are of high or medium severity, (Trail of Bits’) analysis did not uncover vulnerabilities in the Orb’s code…
From https://github.com/trailofbits/publications/blob/master/reviews/2023-08-worldcoin-orb-securityreview.pdf
Read Trail of Bits’ full report at https://github.com/trailofbits/publications/blob/master/reviews/2023-08-worldcoin-orb-securityreview.pdf. Note that Trail of Bits ONLY analyzed the software running on the Orb, NOT the back-end software.
Also see Biometric Update’s coverage. It notes that Trail of Bits also analyzed the security of Voatz’s voting software.
I define a revolutionary biometric event as something that COMPLETELY TRANSFORMS the biometric industry.
For me, the four events that have revolutionized biometrics in this century (so far) include:
If you want to learn WHY I regard these four events as revolutionary, and why I DON’T regard the introduction of the Apple Vision Pro as revolutionary, see my June 2023 post.
As identity/biometric professionals well know, there are five authentication factors that you can use to gain access to a person’s account. (You can also use these factors for identity verification to establish the person’s account in the first place.)
I described one of these factors, “something you are,” in a 2021 post on the five authentication factors.
Something You Are. I’ve spent…a long time with this factor, since this is the factor that includes biometrics modalities (finger, face, iris, DNA, voice, vein, etc.). It also includes behavioral biometrics, provided that they are truly behavioral and relatively static.
From https://bredemarket.com/2021/03/02/the-five-authentication-factors/
As I mentioned in August, there are a number of biometric modalities, including face, fingerprint, iris, hand geometry, palm print, signature, voice, gait, and many more.
If your firm offers an identity solution that partially depends upon “something you are,” then you need to create content (blog, case study, social media, white paper, etc.) that converts prospects for your identity/biometric product/service and drives content results.
Bredemarket can help.
Click below for details.
(Part of the biometric product marketing expert series)
If you listen closely, you can hear about all sorts of wonderful biometric identifiers. They range from the common (such as fingerprint ridges and detail) to the esoteric (my favorite was the 2013 story about Japanese car seats that captured butt prints).
A former coworker who left the biometric world for the world of Adobe Experience Manager (AEM) expert consulting brought one of the latter to my attention.
Tongue prints.
This article, shared with me by Krassimir Boyanov of KBWEB Consult, links to this article from Science ABC.
As is usual with such articles, the title is breathless: “How Tongue Prints Are Going To Revolutionize Identification Methods.”
Forget about fingerprints and faces and irises and DNA and gait recognition and butt prints. Tongue prints are the answer!
To its credit, the article does point out two benefits of using tongue prints as a biometric identifier.
But the article also makes these claims.
Two main attributes are measured for a tongue print. First is the tongue shape, as the shape of the tongue is unique to everyone.
From https://www.scienceabc.com/innovation/how-tongue-prints-are-going-to-revolutionize-identification-methods.html
The other notable feature is the texture of the tongue. Tongues consist of a number of ridges, wrinkles, seams and marks that are unique to every individual.
From https://www.scienceabc.com/innovation/how-tongue-prints-are-going-to-revolutionize-identification-methods.html
So tongue shape and tongue texture are unique to every individual?
Prove it.
Even for some of the more common biometric identifiers, we do not have scientific proof that most biometric identifiers are unique to every individual.
But at least these modalities are under study. Has anyone conducted a rigorous study to prove or disprove the uniqueness of tongues? By “rigorous,” I mean a study that has evaluated millions of tongues in the same way that NIST has evaluated millions of fingerprints, faces, and irises?
We know that NIST hasn’t studied tongues.
I did find this 2017 tongue identification pilot study but it only included a whopping 20 participants. And the study authors (who are always seeking funding anyway) admitted that “large-scale studies are required to validate the results.”
So if a police officer tells you to stick out your tongue for identification purposes, think twice.
On September 30, FindBiometrics and Acuity Market Intelligence released the production version of the Biometric Digital Identity Prism Report. You can request to download it here.
Central to the concept of the Biometric Digital Identity Prism is the idea of the “Big 3 ID,” which the authors define as follows:
These firms have a global presence, a proven track record, and moderate-to-advanced activity in every other prism beam.
From “The Biometric Digital Identity Prism Report, September 2023.”
The Big 3 are IDEMIA, NEC, and Thales.
But FindBiometrics and Acuity Market Intelligence didn’t invent the Big 3. The concept has been around for 40 years. And two of today’s Big 3 weren’t in the Big 3 when things started. Oh, and there weren’t always 3; sometimes there were 4, and some could argue that there were 5.
So how did we get from the Big 3 of 40 years ago to the Big 3 of today?
Back in 1986 (eight years before I learned how to spell AFIS) the American National Standards Institute, in conjunction with the National Bureau of Standards, issued ANSI/NBS-ICST 1-1986, a data format for information interchange of fingerprints. The PDF of this long-superseded standard is available here.
When creating this standard, ANSI and the NBS worked with a number of law enforcement agencies, as well as companies in the nascent fingerprint industry. There is a whole list of companies cited at the beginning of the standard, but I’d like to name four of them.
While all four of these companies produced computerized fingerprinting equipment, three of them had successfully produced automated fingerprint identification systems, or AFIS. As Chapter 6 of the Fingerprint Sourcebook subsequently noted:
After the success of the San Francisco and California AFIS systems, many other jurisdictions began clamoring for AFIS of their own, and turned to these three vendors to supply them.
But in 1990, these three firms were joined by a fourth upstart, Cogent Systems of South Pasadena, California.
While customers initially preferred the Big 3 to the upstart, Cogent Systems eventually installed a statewide system in Ohio and a border control system for the U.S. government, plus a vast number of local systems at the county and city level.
Between 1991 and 1994, the (Immigfation and Naturalization Service) conducted several studies of automated fingerprint systems, primarily in the San Diego, California, Border Patrol Sector. These studies demonstrated to the INS the feasibility of using a biometric fingerprint identification system to identify apprehended aliens on a large scale. In September 1994, Congress provided almost $30 million for the INS to deploy its fingerprint identification system. In October 1994, the INS began using the system, called IDENT, first in the San Diego Border Patrol Sector and then throughout the rest of the Southwest Border.
From https://oig.justice.gov/reports/plus/e0203/back.htm
I was a proposal writer for Printrak (divested by De La Rue) in the 1990s, and competed against Cogent, Morpho, and NEC in AFIS procurements. By the time I moved from proposals to product management, the next redefinition of the “big” vendors occurred.
There are a lot of name changes that affected AFIS participants, one of which was the 1988 name change of the National Bureau of Standards to the National Institute of Standards and Technology (NIST). As fingerprints and other biometric modalities were increasingly employed by government agencies, NIST began conducting tests of biometric systems. These tests continue to this day, as I have previously noted.
One of NIST’s first tests was the Fingerprint Vendor Technology Evaluation of 2003 (FpVTE 2003).
For those who are familiar with NIST testing, it’s no surprise that the test was thorough:
FpVTE 2003 consists of multiple tests performed with combinations of fingers (e.g., single fingers, two index fingers, four to ten fingers) and different types and qualities of operational fingerprints (e.g., flat livescan images from visa applicants, multi-finger slap livescan images from present-day booking or background check systems, or rolled and flat inked fingerprints from legacy criminal databases).
From https://www.nist.gov/itl/iad/image-group/fingerprint-vendor-technology-evaluation-fpvte-2003
Eighteen vendors submitted their fingerprint algorithms to NIST for one or more of the various tests, including Bioscrypt, Cogent Systems, Identix, SAGEM MORPHO (SAGEM had acquired Morpho Systems), NEC, and Motorola (which had acquired Printrak). And at the conclusion of the testing, the FpVTE 2003 summary (PDF) made this statement:
Of the systems tested, NEC, SAGEM, and Cogent produced the most accurate results.
Which would have been great news if I were a product manager at NEC, SAGEM, and Cogent.
Unfortunately, I was a product manager at Motorola.
The effect of this report was…not good, and at least partially (but not fully) contributed to Motorola’s loss of its long-standing client, the Royal Canadian Mounted Police, to Cogent.
So what happened in the years after FpVTE was released? Opinions vary, but here are three possible explanations for what happened next.
Now I probably have a bit of bias in this area since I was a Motorola employee, but I maintain that Motorola overcame this temporary setback and vaulted back into the Big 4 within a couple of years. Among other things, Motorola deployed a national 1000 pixels-per-inch (PPI) system in Sweden several years before the FBI did.
Motorola’s arch-enemies at Sagem Morpho had a different opinion, which was revealed when the state of West Virginia finally got around to deploying its own AFIS. A bit ironic, since the national FBI AFIS system IAFIS was located in West Virginia, or perhaps not.
Anyway, Motorola had a very effective sales staff, as was apparent when the state issued its Request for Proposal (RFP) and explicitly said that the state wanted a Motorola AFIS.
That didn’t stop Cogent, Identix, NEC, and Sagem Morpho from bidding on the project.
After the award, Dorothy Bullard and I requested copies of all of the proposals for evaluation. While Motorola (to no one’s surprise) won the competition, Dorothy and I believed that we shouldn’t have won. In particular, our arch-enemies at Sagem Morpho raised a compelling argument that it should be the chosen vendor.
Their argument? Here’s my summary: “Your RFP says that you want a Motorola AFIS. The states of Kansas (see page 6 of this PDF) and New Mexico (see this PDF) USED to have a Motorola AFIS…but replaced their systems with our MetaMorpho AFIS because it’s BETTER than the Motorola AFIS.”
But were Cogent, Motorola, NEC, and Sagem Morpho the only “big” players?
While the Big 3/Big 4 took a lot of the headlines, there were a number of other companies vying for attention. (I’ve talked about this before, but it’s worthwhile to review it again.)
In short, there were a bunch of small identity companies all over the place.
But in the course of a few short years, Dr. Joseph Atick (initially) and Robert LaPenta (subsequently) concentrated on acquiring and merging those companies into a single firm, L-1 Identity Solutions.
These multiple mergers resulted in former competitors Identix and Digital Biometrics, and former competitors Viisage and Visionics, becoming part of one big happy family. (A multinational big happy family when you count Bioscrypt.) Eventually this company offered fingerprint, face, iris, driver’s license, and passport solutions, something that none of the Big 3/Big 4 could claim (although Sagem Morpho had a facial recognition offering). And L-1 had federal contracts and state contracts that could match anything that the Big 3/Big 4 offered.
So while L-1 didn’t have a state AFIS contract like Cogent, Motorola, NEC, and Sagem Morpho did, you could argue that L-1 was important enough to be ranked with the big boys.
So for the sake of argument let’s assume that there was a Big 5, and L-1 Identity Solutions was part of it, along with the three big boys Motorola, NEC, and Safran (who had acquired Sagem and thus now owned Sagem Morpho), and the independent Cogent Systems. These five companies competed fiercly with each other (see West Virginia, above).
In a two-year period, everything would change.
Hang on to your seats.
If you’re keeping notes, the Big 5 have now become the Big 3: 3M, Safran, and NEC (the one constant in all of this).
While there were subsequent changes (3M sold Cogent and other pieces to Gemalto, Safran sold all of Morpho to Advent International/Oberthur to form IDEMIA, and Gemalto was acquired by Thales), the Big 3 has remained constant over the last decade.
And that’s where we are today…pending future developments.
This was written by John Bredehoft of Bredemarket.
If you work for the Big 3 or the Little 80+ and need marketing and writing services, the biometric content marketing expert can help you. There are several ways to get in touch:
(Part of the biometric product marketing expert series)
I’ve talked about why NIST separated its FRVT efforts into FRTE and FATE.
But I haven’t talked bout how NIST did this.
And as you all know, the second most important question after why is how.
As I noted back in August, NIST chose to split its Face Recognition Vendor Test (FRVT) into two parts—FRTE (Face Recognition Technology Evaluation) and FATE (Face Analysis Technology Evaluation).
At the time, NIST explained why it did this:
To bring clarity to our testing scope and goals
From https://www.nist.gov/programs-projects/face-technology-evaluations-frtefate
In essence, the Face Recognition Vendor Test had become a hodgepodge of different things. Some of the older tests were devoted to identification of individuals (face recognition), while some of the newer tests were looking at issues other than individual identification (face analysis).
Of course, this confusion between identification and non-identification is nothing new, which is why some of the people who read Gender Shades falsely concluded that if the three algorithms couldn’t classify people by sex or race, they couldn’t identify them as individuals.
But I digress. (I won’t do it again.)
NIST explained at the time:
Tracks that involve the processing and analysis of images will run under the FATE activity, and tracks that pertain to identity verification will run under FRTE.
From https://www.nist.gov/programs-projects/face-technology-evaluations-frtefate
To date, most of my personal attention (and probably most of yours) was paid to what was previously called FRVT 1:1 and FRVT 1:N.
These two tests are now part of FRTE, and were simply renamed to FRTE 1:1 and FRTE 1:N. They’ve even (for now) retained the same URLs, although that may change in the future.
Other tests that are now part of the FRTE bucket include:
The “Still Face and Iris 1:N Identification” effort (PDF) has apparently also been reclassified as an FRTE effort.
Obviously, presentation attack detection (PAD) testing falls into the FATE category, since this does not measure the identification of an individual, but whether a person is truly there or not. The first results have been released; I previously wrote about this here.
The next obvious category is age estimation testing, which again does not try to identify an individual, but estimate how old the person is. This testing has not yet started, but I talked about the concept of age estimation previously.
Other parts of FATE include:
It is very possible that NIST will add additional FRTE and FATE tests in the future. These may be brand new tests, or variations of existing tests. For example, when all of us started wearing face masks a couple of years ago, NIST simulated face masks on its existing facial images and created the data for the face mask test described above.
What do you think NIST should test next, either in the FRTE or the FATE category?
And yes, I’m concluding this post with this video. By the way, this is the full version that (possibly intentionally) caused a ton of controversy and was immediately banned for nearly a quarter century. The morphing starts at 5:30. The crotch-grabbing starts right after the 7:00 mark.
But on a less controversial note, let’s give equal time to Godley & Creme.
Perhaps because of the lack of controversy with Godley & Creme’s earlier effort, Ashley Clark prefers it to the later Michael Jackson/John Landis effort.
Whereas Godley & Creme used editing technology to embrace and reflect the ambiguous murk of thwarted love, Jackson and Landis imposed an artificial sheen on the complexity of identity; a sheen that feels poignant if not outright tragic in the wake of Jackson’s ultimate appearance and fate. Really, it did matter if he was black or white.
From https://ashleyclark.substack.com/p/black-or-white-and-crying-all-over
But I digress. (I lied.)
Sadly, morphing escaped from the hands of music video directors and artists and entered the world of fraudsters, as Regula explains.
One of the main application areas of facial morphing for criminal purposes is forging identity documents. The attack targets face-based identity verification systems and procedures. Most often it involves passports; however, any ID document with a photo can be compromised.
One well-known case happened in 2018 when a group of activists merged together a photo of Federica Mogherini, the High Representative of the European Union for Foreign Affairs and Security Policy, and a member of their group. Using this morphed photo, they managed to obtain an authentic German passport.
From https://regulaforensics.com/blog/facial-morphing/
Which is why NIST didn’t just cry about the problem. They tested it to assist the vendors in solving the problem.
(Updated blog post count 10/23/2023)
Always take advantage of your competitors’ weaknesses.
This post describes an easy way to take advantage of your competitors. If they’re not blogging, make sure your firm is blogging. And the post provides hard numbers that demonstrate why your firm should be blogging.
According to an infographic using 2017 data, 50% of the top 200 Fortune 500 companies had a public corporate blog.
Which means that half of those companies don’t have a public corporate blog.
The same infographic also revealed the following:
So obviously some firms believe blogging is important, while others don’t.
What difference does this make for your firm?
In my view, the figures above are way too low. 100% of all Fortune 500 companies, 100% of B2B companies should be blogging, and 100% of social media marketers should incorporate blogging.
Why? Because blogging produces tangible results.
Blogging is an ideal way to promote awareness of your firm and its offerings. From the same infographic:
Awareness is nice, but does awareness convert into leads?
Getting leads from blogging is nice, but show me the money! What about conversions?
Take a look at those last two bullets related to conversion again. Blogging is correlated with positive ROI (I won’t claim causation, but anecdotally I believe it), and blogging helps firms acquire customers. So if your firm wants to make money, get blogging.
With numbers like this, shouldn’t all companies be blogging?
But don’t share these facts with your competitors. Keep them to yourself so that you gain a competitive advantage over them.
Now you just need to write those blog posts.
And if you need help with the actual writing, I, John E Bredehoft of Bredemarket, can help.
In most cases, I can provide your blog post via my standard package, the Bredemarket 400 Short Writing Service. I offer other packages and options if you have special needs.
Authorize Bredemarket, Ontario California’s content marketing expert, to help your firm produce words that return results.
Bredemarket