AFIS Systems: IAFIS / NGI, NAFIS, Aadhaar, IDENT1 and Interpol

The FBI's Integrated Automated Fingerprint Identification System launched on 28 July 1999. It contained approximately 33 million ten-print records at launch. By 2014, when the Next Generation Identification (NGI) system began assuming IAFIS functions, the database had grown to approximately 100 million records. NGI, fully operational by 2015, contains over 175 million ten-print records and over 30 million palm-print records as of the mid-2020s.

IAFIS was a ten-print-to-ten-print and latent-to-ten-print system. NGI is substantially more than that. Its biometric repository includes fingerprints, palm prints, iris images, face images, and scars/marks/tattoos (SMT). The NGI Rap Back service notifies subscribing agencies when a person whose prints are enrolled in the system is arrested subsequent to enrolment. The NGI Face Services component, which processes facial images from state and local agencies, returned more than 15 million face image submissions in its first two years of operation.

The latent-to-ten-print search capability, which is the AFIS function most relevant to crime scene investigation, operates at a different accuracy level to ten-print-to-ten-print. A ten-print record is captured under controlled conditions: the subject is cooperative, the roller or flat impression is taken by a trained technician, and the resulting image covers all ten fingers. A latent print from a crime scene is a fragment of unknown orientation captured under variable conditions and typically showing a minority of the full finger area. The match algorithms must accommodate this asymmetry.

The FBI's IAFIS and NGI have used a combination of proprietary and government-developed algorithms. NIST, through its Image Group and the National Institute of Standards and Technology Biometric Image Software (NBIS) project, has maintained open-source fingerprint matching tools including the Bozorth3 minutiae matcher, which has been the reference algorithm for NIST evaluations since the 1990s. Commercial systems from NEC (the NEC AFIS platform, which the FBI has used for portions of its commercial-off-the-shelf matching infrastructure), Idemia (formerly Morpho, the French biometric company), and Thales (formerly Gemalto) are all deployed across major AFIS installations globally.

India's National Automated Fingerprint Identification System (NAFIS) is operated by the National Crime Records Bureau (NCRB) under the Ministry of Home Affairs. The system was formally inaugurated in 2022 and was deployed across all 28 state forensic science laboratories, the five CFSLs (New Delhi, Hyderabad, Kolkata, Chandigarh, and Bhopal), and the state police fingerprint bureaus. NAFIS consolidates what had previously been a distributed and non-interoperable collection of state-level automated fingerprint systems: the Maharashtra State Fingerprint Bureau's legacy system, the UP FSL system, the CBI fingerprint records, and the NCRB's own central repository.

NAFIS holds ten-print records from arrested persons, palmprint records, and a latent print repository linked to unsolved cases. The system supports latent-to-ten-print searching for case investigation and ten-print-to-ten-print searching for person identification. NCRB has stated a target of integrating criminal fingerprint records dating back to the 1970s that exist in paper form at state police fingerprint bureaus across India.

The UIDAI Aadhaar system, operating under different legal authority (the Aadhaar Act 2016 as amended), holds biometric records of a different character. Aadhaar's biometric repository contains ten-print (all ten fingers) and both iris records for over 1.37 billion enrolled individuals, which is the largest biometric database in the world by enrolled population. The UIDAI uses this repository for authentication: when a person authenticates using their Aadhaar number plus a biometric (finger or iris at an authentication device), the system verifies the biometric against the stored record. The UIDAI does not operate an identification function (one-to-many search) as part of its core authentication service.

The forensic relevance of Aadhaar is indirect but real. The Supreme Court's 2018 Aadhaar judgment (Justice K.S. Puttaswamy v Union of India) upheld Aadhaar for welfare and government service delivery but struck down mandatory private-sector use. The UIDAI's records can be accessed by law enforcement under specific court orders and under the framework of the Aadhaar Act section 33, which provides for disclosure in national security matters. In practice, Aadhaar records have been used in identification of unidentified deceased persons and in some criminal investigations, working through the UIDAI's legal-compliance gateway.

The UK's national fingerprint database, IDENT1, is operated by the Home Office and managed under contract by Idemia (formerly Morpho). It replaced the predecessor NAFIS (the original UK National Automated Fingerprint Identification System, not to be confused with India's NAFIS) from 2004. IDENT1 holds ten-print records for arrested persons, palmprint records, and crime scene latent print records.

IDENT1 is integrated with the Police National Computer (PNC) and with the National DNA Database (NDNAD), which means that a fingerprint record, a DNA profile, and a criminal record can be linked through a single person's identifier. The three-way integration allows investigators to search one biometric and potentially recover hits across all three, which is a capability that no other European jurisdiction had fully operationalised at the same scale in the mid-2000s.

The latent print search function in IDENT1 processes crime scene marks submitted by police forces across England, Wales, Scotland, and Northern Ireland. Marks submitted by Scene of Crime Officers (SOCOs) or forensic service providers go through an image-quality screen before being searched against the ten-print repository. Candidate lists returned by IDENT1 go to fingerprint experts within the relevant police force or to the national fingerprint bureaus (Fingerprint Quality Standards Specialist Group, FQSSG) for ACE-V comparison under the protocols required by the Forensic Science Regulator's Codes of Practice (FSR-C-128).

The Home Office Statistics on IDENT1 performance are published annually. The system has consistently achieved identification rates for crime scene marks (the proportion of searched marks that result in a verified identification) in the range of 15 to 20% for marks of searchable quality, reflecting the combination of database size, search algorithm accuracy, and examiner throughput.

Interpol's Automated Fingerprint Identification System is maintained at the General Secretariat in Lyon, France, and accessible to all 196 Interpol member countries. The database contains fingerprint and palmprint records associated with Interpol Notices and with persons of interest in major crime and terrorism investigations. As of the mid-2020s, the database holds over 260,000 fingerprint records linked to Notices or international investigative requests.

Interpol's fingerprint cooperation operates through two primary channels. The Notices system links fingerprint records to Red Notices (international arrest warrants), Blue Notices (requests for information), and other Notice types. A fingerprint record linked to a Red Notice means that any national AFIS system that queries the Interpol database and returns a match against an enrolled wanted person's record can alert the querying country. The I-24/7 secure communications network allows member-country fingerprint bureaus to submit searches and receive candidate lists directly through Interpol's secure messaging system.

The Disaster Victim Identification (DVI) function of Interpol's fingerprint capability is separately notable. Major mass-casualty events, including the 2004 Indian Ocean tsunami (which killed over 200,000 people across 14 countries) and subsequent events including the 2016 Nice truck attack, have involved large-scale fingerprint comparison against Interpol records to identify victims of multiple nationalities. The INTERPOL DVI Standing Committee and its published DVI guide set the standard protocols for fingerprint comparison in mass-fatality events.

In the specific context of India-UK-Europe fingerprint cooperation, requests flow through the NCRB's Interpol Wing in New Delhi, which manages India's interface with the I-24/7 network. The NCRB submits Indian fingerprint records linked to Red Notice requests and processes incoming search requests from member countries against the Indian national records. Similar interfaces exist through Europol for EU member states and through bilateral treaty arrangements between the US FBI and partner agencies.

Fingerprint matching algorithms operate on minutiae representations. A ten-print or latent image is processed to extract ridge endpoints and bifurcations, each represented as a triplet (x-coordinate, y-coordinate, orientation angle). The matcher computes a similarity score between two minutiae sets. Higher scores indicate greater similarity; the system ranks candidates by score and returns the top N.

The oldest standardised algorithm in wide use is Bozorth3, developed at NIST and distributed as part of the NIST Biometric Image Software (NBIS) toolkit. Bozorth3 uses a graph-based matching approach that is rotation- and translation-invariant. It has served as the reference algorithm for NIST fingerprint evaluations, including the NIST Fingerprint Vendor Technology Evaluation (FpVTE) series and the Evaluation of Latent Fingerprint Technologies Extended Feature Sets (ELFT-EFS, 2012). Bozorth3 performs well for ten-print-to-ten-print matching. For latent-to-ten-print matching, its accuracy is substantially lower than modern commercial algorithms.

Commercial COTS (commercial off-the-shelf) systems from NEC, Idemia, and Thales have consistently outperformed Bozorth3 in NIST evaluations, particularly on latent-to-ten-print tasks, using deep-learning feature extractors trained on very large fingerprint datasets. The NEC AFIS platform is deployed at the FBI NGI (for portions of the latent search pipeline), in several European national AFIS systems, and in Japan (the National Police Agency's AFIS). Idemia (formerly Morpho, the fingerprint division of the French company now merged into Idemia Identity and Security) is deployed at UK IDENT1, France's FAED (the French national fingerprint database), and multiple Interpol-connected systems. Thales, through its legacy Gemalto acquisition, operates AFIS systems in several African and Middle Eastern jurisdictions.

The NIST ELFT-EFS 2012 evaluation is the most comprehensive public benchmark of latent fingerprint matching algorithms. It tested algorithms from NEC, Sagem/Morpho (now Idemia), Cogent (acquired by 3M Cogent, now part of Thales), Aware, and others on a ground-truth dataset of latent prints from operational US law enforcement casework. The evaluation established that the best commercial algorithms could return the correct mate in the top 50 candidates from a 100,000-record database for approximately 80-85% of high-quality latents. For low-quality latents (the majority of operational case material), the hit rate at Rank 1 dropped substantially.

An AFIS system does not make an identification. It produces a ranked candidate list with similarity scores. The examiner's job begins when the candidate list arrives.

In a standard operational workflow, a Scene of Crime Officer recovers a latent print from a crime scene and submits it to the relevant fingerprint bureau or FSL. The image is assessed for quality; marks that fall below a searchable threshold are held for intelligence use rather than submitted for AFIS searching. Searchable marks are processed through the AFIS's image-enhancement and feature-extraction pipeline, which produces a minutiae representation that the matcher uses. The search runs against the enrolled ten-print repository and returns a candidate list, typically showing the top 10 to 20 candidates ranked by similarity score.

The examiner receives the candidate list. For each candidate in the list, they access the candidate's ten-print exemplar and conduct an ACE-V comparison: analysis of the latent in isolation, comparison of the latent to the exemplar, evaluation to identification or exclusion or inconclusive, and independent verification if an identification is reached. The AFIS score plays no role in the examiner's conclusion. The examiner is not told what score the system assigned to any candidate; they work from the images alone. This is operationally important: an AFIS similarity score is not a probability of identity, and the score should not influence the human examiner's assessment of the comparison.

If a candidate in the list is excluded by ACE-V, the examiner moves to the next candidate. If all candidates are excluded, the mark is returned as no identification (NI) and retained in the unsolved latent repository for future searching as new ten-print records are enrolled. Cold case hits occur when a previously searched latent, held as NI, scores against a newly enrolled ten-print record.

This workflow is consistent across FBI NGI, UK IDENT1, India NAFIS, and Interpol AFIS. The AFIS architecture changes; the human verification step at the end does not.

1. Evidence submission and quality assessment
   Scene of Crime Officer submits latent image to fingerprint bureau. Image assessed for suitability: ridge clarity, area, distortion. Marks below threshold held as intelligence; marks above threshold prepared for AFIS submission.
2. Feature extraction and AFIS search
   AFIS pipeline enhances image, extracts minutiae triplets (x, y, orientation), and submits the representation to the one-to-many matcher. Search runs against the enrolled ten-print repository. Candidate list ranked by similarity score is returned, typically top 10-20 candidates.
3. Examiner receives candidate list
   Fingerprint examiner receives the ranked candidate list. The AFIS similarity scores are available but do not determine the examination outcome. The examiner accesses ten-print exemplars for each candidate in rank order.
4. ACE-V comparison for each candidate
   For each candidate: Analysis of the latent in isolation, Comparison of latent to exemplar, Evaluation (identification / exclusion / inconclusive). Examiner works through the list until identification or exhaustion of all candidates.
5. Blind verification if identification reached
   If the examiner reaches an identification conclusion, a second independent examiner performs blind verification: completes their own ACE phases without knowledge of the first examiner's conclusion, records their conclusion independently.
6. Report or NI return
   Verified identification is reported to the investigating agency with the examiner's conclusion and documentation. No identification: mark retained in unsolved latent repository. Cold-case search schedule re-runs retained marks against new enrolments.