by John Maxwell Hobbs

As of August, all passports issued by EU nations will be required to contain a radio chip that can be used to authenticate the document and speed up processing. The US will follow in October. With more than one million e-passports already in use, security and global readability are two challenges for this technology.

An e-passport is a composite document that consists of an original paper document with an inlay of an antenna and a chip. Border control guards will be able to use special radio frequency readers to retrieve digital identification information stored in the new passports. Initially, the information stored on the chip will be the same as the data printed on them: name, gender, nationality and photo. In the near future, other biometric information such as fingerprints may also be included. The authenticity of the document is verified by matching the electronic data with the printed information and verifying the digital signature contained in the electronic data. The border crossing guard then compares the printed photo, the stored photo and the person standing in front of them.

The prime advantage of using radio technology in electronic passports is that it is a non-contact technology. Conventional ‘contact’ cards suitable for cash machines or shops are not reliable when used many times a day for access because the contact wears out.

Security
The security of personal data is of great concern to the general public. Because of the nature of contactless readers, people are afraid of having their personal data exposed via unauthorized access, commonly known as "skimming". Marc Bielmann, Technology Director and CTO of Sokymat, describes some of the mechanisms that have been developed to protect the data, "The passport must first be opened and the printed optical code read before the chip can be scanned, this is known as Basic Access Control (BAC)," he says. "Secondly, the data is encrypted during transmission. The reader derives the decryption key from the optically read data." Although not part of the specification, passport manufacturers can also shield the document so that it cannot be read when it is closed.

Once equipped with additional biometric information such as fingerprints, more complex and secure mechanisms known as Extended Access Control will be used. This stronger authentication and encryption mechanism must be introduced in EU passports no later than February 2008, based on the timetable defined by the European Commission.

Security is a concern in more than just the authentication process. It has been taken into consideration throughout the development and manufacturing processes as well. "Security factors are designed into the silicon," says Petr Novak, Director of Smart Card Technologies at HID. The term RFID is commonly used to refer to limited-security radio devices used in areas such as animal tagging and product identification in retail. Electronic passports use a technology called Contactless Smart Card. Novak describes smart cards as being, "tiny computers." "They have security requirements that are very high, so they have been designed with military grade security," he says. "The systems have been developed by the same companies who have developed other high security systems such as banking cards, mobile phone SIM cards, signature cards and more, so they have more than thirty years of experience in this area," explains Novak. "The difference between the RFID chips used in animal tagging and the chips used in passports is like the difference between a go-cart and a tank."

While go-cart can in some instances outmaneuver a tank, in sheer power, it can’t put up a fight.

Interoperability
Interoperability between systems made by a large variety of manufacturers and passports issued by many different countries is a complicating factor to a global rollout of e-passport technology. To that end, the International Civil Aviation Organization (ICAO), an agency of the United Nations, maintains the standard. A number of interoperability tests have been held around the world, testing different passports with different readers from a variety of suppliers and countries.

"The industry has come a great distance in interoperability in the last two years," says Marty Frary, Director of International Standards at ITG. "There is a tremendous amount of complexity underlying interoperability." Frary says that the first tests identified the gaps and ambiguities in the specification. As those have been weeded out, testing is now used to identify which manufacturers have not correctly implemented the specification. According to Frary, in the most recent test, all of the most credible manufacturers passed. "The primary issue now is deployment," he says.

Durability
Standard paper passports normally have a validity period of 5 or 10 years. A serious concern is whether the electronics will have a negative impact on the validity period of an e-passport. There is work ongoing in the International Organization for Standardization (ISO) to define a set of tests to ensure an e-passport will survive ten years of typical use.

ITG has established an e-document test lab in Denver to study the physical durability of these composite documents. Equipment in the lab is used to induce a variety of stresses, including; various forms of mechanical bending, pressure and impact, as well as thermal, chemical and electrical environmental stresses.  These are used to simulate possible use conditions, such as:
 
• Sitting on the passport for extended periods.
• Strong sunlight hitting a passport sitting in a window
• Putting the passport through a washing machine
• The impact of receiving a visa stamp

The lab also studies cumulative stress. A passport may survive a single visa stamp, but can it survive 100 stamps? Other issues related to useful life of the passport are the effects of the aging of the passport holder on the stored biometric data and the relative strength of encryption as technology advances during the life of the passport.

"It isn't realistic to create a document that will stand up to all stresses: it won't be usable," says Frary, who runs the lab. "Our goal is to insure that we optimize material and processes so that our customers are assured that as much as can possibly be done has been done."