Biometric Passport - Data Protection

Data Protection

Biometric passports are equipped with protection mechanisms to avoid and/or detect attacks:

• Non-traceable chip characteristics. Random chip identifiers reply to each request with a different chip number. This prevents tracing of passport chips. Using random identification numbers is optional.
• Basic Access Control (BAC). BAC protects the communication channel between the chip and the reader by encrypting transmitted information. Before data can be read from a chip, the reader needs to provide a key which is derived from the Machine Readable Zone : the date of birth, the date of expiry and the document number. If BAC is used, an attacker cannot (easily) eavesdrop transferred information without knowing the correct key. Using BAC is optional.
• Passive Authentication (PA). PA prevents modification of passport chip data. The chip contains a file (SOD) that stores hash values of all files stored in the chip (picture, fingerprint, etc.) and a digital signature of these hashes. The digital signature is made using a document signing key which itself is signed by a country signing key. If a file in the chip (e.g. the picture) is changed, this can be detected since the hash value is incorrect. Readers need access to all used public country keys to check whether the digital signature is generated by a trusted country. Using PA is mandatory.
• Active Authentication (AA). AA prevents cloning of passport chips. The chip contains a private key that cannot be read or copied, but its existence can easily be proven. Using AA is optional.
• Extended Access Control (EAC). EAC adds functionality to check the authenticity of both the chip (chip authentication) and the reader (terminal authentication). Furthermore it uses stronger encryption than BAC. EAC is typically used to protect fingerprints and iris scans. Using EAC is optional. In the EU, using EAC is mandatory for all documents issued starting 28 June 2009.
• Shielding the chip. This prevents unauthorized reading. Some countries – including at least the US – have integrated a very thin metal mesh into the passport's cover to act as a shield when the passport cover is closed. The use of shielding is optional.