E-Passports: It's What's Inside

Passports, mandatory for U.S. citizens re-entering from abroad since 1915, are about to get a high-tech makeover. Starting later this year, American passports will include an embedded radio frequency identification (RFID) tag in the back cover. The chip will duplicate the information printed inside the passport and contain security measures to prevent unauthorized access. A digital photo-graph included on the chip will make it easier for border inspectors to ensure the bearer is the genuine passport holder. But RFID tags create security concerns of their own-fears the federal government says should be laid to rest by the features included in the final e-passport design.

The internationally recognized symbol for an electronic passport containing a chip bearing data about the passport holder. The United States and 27 other countries are gearing up to make RFID passports. Oct. 26, 2006, is the deadline for foreign states in the U.S. Visa Waiver Program to issue machine-readable passports.

An RFID tag will be embedded in the back cover of U.S. passports. The tag is passive, meaning it does not have a battery. Its energy comes from the reader's radio transmission, which is absorbed by the chip before it transmits a response.

The wires around the edge are RFID antennae; the e-passport tag transmits on a frequency of 13.56 MHz. The antennae have a nominal range of 10 centimeters. The chip contains 64 KBs of memory to permit storage of other possible biometric identifiers, such as fingerprints or iris scans.

A woven metal mesh inlay in the passport's front cover and part of its back cover deflects radio transmissions from reaching the RFID chip, which can be accessed only when the passport is held open. The antenna isn't covered by the mesh that covers the chip, where the data resides. Neither the mesh nor the tag contains enough metal to set off an airport detection alarm.

Data stored on the RFID chip:

  • Digital photo
  • Name
  • Gender
  • Nationality
  • Date of birth
  • Place of birth
  • Passport number
  • Issue date
  • Expiration date
  • Type of passport
  • Digital signature that prevents stored data from being altered

Tracking Risk. Travelers using their passports as a form of day-to-day identification could expose the RFID chip in potentially insecure settings. Cryptographic protection prevents the data from being accessed by clandestine scanners, but RFID chips still emit a unique identification number (UID). Americans could conceivably be tracked through their UID, which would be exposed every time they opened their passports. The State Department says it's heading off that possibility by ensuring the chip emits random UIDs.

RFID Reader and the passport chip engage in a challenge-and-response authentication protocol called Basic Access Control to unlock the encrypted information in the chip. The reader derives the chip's cryptographic key by scanning the passport's optically readable zone. The key contains approximately 52 bits of entropy (meaning there are 252 possible authentication key permutations-about 4 quadrillion possibilities, of which only one is correct), making it difficult to crack. After authentication, the reader and passport create a session key to encrypt data transmission. E-passports are considered reasonably secure. The State Department is investigating whether it should add additional entropy to the cryptographic key.

E-Passage Here and Abroad

  • May 14, 2002 President Bush signs the Enhanced Border Security and Visa Entry Reform Act, which allows travelers from 27 countries to enter the United States for business or pleasure for up to 90 days without attaining a visa, provided they have a machine-readable passport that uses biometric identifiers. The United Nations' International Civil Aviation Organization is the standards-setting body for e-passports.
  • Sept. 4-5, 2003 At an ICAO technical subcommittee meeting in London, the United States opposes stronger security measures against surreptitious reading of e-passport RFID tags. The United States later reverses course to make the e-passport more secure.
  • Feb. 18, 2005 State issues draft regulation stipulating that e-passports include an RFID tag. The department receives 2,335 comments, 98.5 percent of which are negative.
  • June 15, 2005 Homeland Security Department begins a pilot test of RFID passports at Los Angeles International Airport. Participants are volunteer crews from United Airlines, Air New Zealand and Qantas Airways. Results show the speed and accuracy of e-passport readers needs improvement.
  • Oct. 25, 2005 Final e-passport rules are published in the Federal Register, mandating metal mesh shielding around the RFID tag and Basic Access Control.
  • Dec. 30, 2005 State begins issuing e-passports to U.S. diplomats.
  • Jan. 15, 2006 Homeland Security initiates a second e-passport pilot test, at San Francisco International Airport. Participants include citizens of Australia and New Zealand, Singapore Airlines crew and officials and U.S. diplomats. The test shows that Basic Access Control does not add significant processing time.
  • April 27, 2006 Federal officials traveling abroad are issued e-passports.
  • August 2006 State plans to start issuing e-passports to all U.S. citizens. The price of a passport will not increase.
  • Mid-2017 All valid U.S. passports will by now include the RFID chip.
Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.