User:Captain Idiot/Sandbox
A biometric passport is an Information Age identity document that uses biometrics to authenticate the citizenship of travelers. The passport's critical information is stored on a tiny RFID computer chip, much like information stored on smartcards. Like some smartcards, the passport book design calls for an embedded contactless chip that is able to hold digital signature data to ensure the integrity of the passport and the biometric data.
The current staged biometrics for this type of identification system is facial recognition, fingerprint recognition, and iris scans. The International Civil Aviation Organisation defines the biometric standards to be used in passports. ICAO does not currently have plans to use retinal scanning. Only the digital image (usually in jpeg format) of each biometric feature is actually stored in the chip. The biometric algorithm is computed outside of the passport chip by electronic border control systems (e-borders). To store biometric data on the contactless chip, it includes a minimum of 32 Kbytes of EEPROM storage memory, and runs on an interface in accordance with the ISO 14443 international standard, amongst others. These standards ensure interoperability between the different countries and the different manufacturers of the passport books.
Types of biometric passports
[edit]European biometric passports
[edit]The European version of the passport is planned to have digital imaging and fingerprint scan biometrics placed on the contactless chip. This combination of the biometrics aims to create an unrivaled level of security and protection against counterfeit and fraudulent identification papers. The price of the passport will be:
- UK (compulsory for UK citizens applying to the British Embassy in France from April 21st 2006): €142 for Adults (valid 10 years), €92 for Children (under age 16, valid 5 years). To be introduced 'during 2006' for applications made in the UK to the UK Passport Office(s).
- Germany (available since November 2005): <=25 years (valid 5 years) €37,50, >26 years (valid 10 years) €59,00
- Netherlands (introduction before 28 Aug. 2006): Approximately €11 on top of regular passport (€38,33) cost €49,33
- Sweden (available since October 2005): SEK 400 (valid for 5 years)
- None of the issued biometric passports mentioned above include fingerprints. Addition of digital fingerscans to German passports is planned for March 2007.[1]
American biometric passports
[edit]The U.S. version of the biometric passport (which is also referred to as an "Electronic Passport") will only have digital imaging placed onto the contactless chip. For the post 9/11 era, this still provides a valuable increased level of security, but not as complex as the European version. However, the chip used in the U.S. passport will be large enough (64 Kbytes) to allow it to contain additional biometric identifiers should the need arise in the future.
The U.S. Department of State began issuing biometric passports to government officials and diplomats in early 2006. In the summer of that year it will begin issuing tourist biometic passports and by the end of 2006 it is expected that nearly all new or renewd passports issued by the department to American citizens will be biometric [2]. Exact pricing of the U.S. biometric passport to the general public is yet to be determined.
Australian biometric passports
[edit]The Australian biometric passport was introduced in October 2005. Like the U.S. version, the chip will only have a digital image of the bearer's face as on their passport photo. Airport security is also being upgraded to allow Australian ePassport bearers to clear immigration controls more rapidly, and to install face recognition technology at immigration gates.
Opposition
[edit]Privacy activists in many countries question and protest the lack of information about exactly what the passports' chip will contain, and whether they impact civil liberties. The main problem they point out is that data on the passports can be transferred with touchless RFID technology (like wireless technology) which can become a major vulnerability. Although this would allow ID-check computers to obtain your information without a physical connection, it may also allow anyone with the necessary equipment to perform the same task. If the personal information and passport numbers on the chip aren't encrypted, the information might wind up in the wrong hands.
To protect against such unauthorized reading, or "skimming", in addition to employing encryption the U.S. has also undertaken the additional step of integrating a very thin metal mesh into the passport's cover to act as a shield to make it even more difficult (the State Department claims "nearly impossible") to read the passport's chip when the passport is closed.
Additional concern has been raised about the technical feasibility of biometrics in large-scale, real-world applications. This, combined with worries over added or unforseeable costs to the bearer, led to strong oppostion against the bill allowing the development of the British biometric national identity card, which uses the same biometric identification technology as the proposed European biometric passport.
Dutch biometric passports
[edit]The encryption scheme used to protect the flow of information between the Dutch biometric passport and a passport reader was cracked on July 28 2005. Though it hasn't been attempted in practice yet, in theory and under ideal conditions some of the data exchanged wirelessly between the passport's built-in contactless chip and a reader (more precisely, the one-way flow of data from the reader to the passport) may be picked up from up to 10 meters away. Once captured and stored, the data then can then be cracked in 2 hours on a PC [3]. This is due to the Dutch passport numbering scheme which does not provide sufficient randomness to generate a strong enough key to secure the exchange of information between the passport and reader.
Other passports such as the U.S. passport do not contain this flaw as they use a stronger key to encrypt the data exchange. Also, some readers provide shielding for the passport while it is being read, thus preventing signal leakage that might be intercepted by another device. Moreoever, the fairly secure and monitored environment of the passport control area would make it difficult for someone to illicitly set up the sensitive equipment necessary to eavesdrop on the communication between passports and readers from any significant distance.
The RFID-Zapper
[edit]A group of German privacy hackers have come up with a portable device that can wipe a passive RFID-Tag permanently, called the RFID-Zapper.
The U.S. biometric passport program
[edit]History
[edit]A high level of security became the top priority in 2001. This tightened security required border control to take bold steps in cracking down on counterfeit paper passports. This concern led to the idea of biometric security. In October 2004, the production stages of this high-tech passport commenced as the U.S. Government Printing Office (GPO) issued awards to the top bidders of the program. The awards totaled to roughly $1,000,000 for startup, development, and testing. The driving force of the initiative is the U.S. Enhanced Border Security and Visa Entry Reform Act of 2002 (a.k.a. the "Border Security Act"), which states that such smartcard IDs will be able replace visas. As for foreigners traveling to the U.S., if they wish to enter U.S. visa-free under the Visa Waiver Program (VWP), they are now are required to possess machine-readable passports that comply with international standards. Additionally, for travelers holding a valid passport issued on or after October 26, 2006, such a passport must be a biometic passport if used to enter the U.S. visa-free under the VWP. Thus, with the U.S. expected to be at full production of the biometric passport by the fall of 2006 and the biometric passport requirement for entry of foreign nationals going into effect at the same time, the goal of participating countries finally comes together; now tightened security exists aiding in the re-establishment of traveling ease.
Participants
[edit]Four companies were chosen to provide computer chips:
- Axalto Inc, (www.axalto.com)
- Infineon Technologies, (www.infineon.com)
- BearingPoint/SuperCom Inc. (www.supercomgroup.com)
- SuperCom Inc. (www.supercomgroup.com)
Four companies were chosen to begin the first phase testing:
- ASK Contactless Technologies
- Electronic Data Systems Corporation
- Oberthur Card Systems
- OTI America Inc.
External links
[edit]- PCCW's Unihub Awarded HKSAR Electronic Passport System Contract
- ASK awarded by GPO for the US electronic passport
- Axalto Supports GPO Decision on U.S. Electronic Passport
- Biometric-based passport in the works
- International Civil Aviation Organization
- Information about the ePassport
- MIFARE sets contactless interface standard
- Personal information stored in the passport's chip is vulnerable to hacking
- United States Department of State website
- US Government Printing Office
- US Names the day for biometric passports
- The new German biometric Passport
- Identity and Passport Service (UK)
- Information on the Australian ePassport
- Biometry in Passports, Radboud University Nijmegen (NL)