Pryingeyes: Contactless traveling

Much has been written over the past year about the transition to electronic passports. Reasonably minded privacy advocates attack potential security loopholes in the technology, and the lunatic fringe makes absurd claims about a grand governmental scheme to invade the privacy of the citizenry. In reality, electronic passports will ease the lives of travelers passing through customs, stymie counterfeiters, and provide governments with no more information than they currently gather from travelers. Even before the recent addition of Basic Access Control technology to the plan, electronic passports could not, as some have claimed, have allowed terrorists to wirelessly scan crowds or cafés for targets from specific nations. Still, the additional security measure will make a good thing better. When we focus our Prying Eyes, it¡¯s not about privacy; it¡¯s about how the electronic passport works.

An inlay based on flex-circuit technology is embedded in the rear cover of electronic passports. Axalto is one of the companies that has manufactured initial production samples for the US government to evaluate. Although manufacturing schemes will vary country by country, the US government will require a supplier to fabricate the passport cover with the inlay, and then the government printing office will add the pages, including the inside of the rear cover, with the standard printed ID information. The inlay must handle harsh environments, as travelers will surely bend, and even sit on, the books.

¡°Contactless chip technology¡± is the heart of the electronic passport. Vendors of inlays and ICs are careful not to use the term ¡°RFID,¡± but in fact, the electronic passport does use a secure form of RFID. An antenna coil runs around the perimeter of the electronic-passport inlay. An RF field stimulates the coil and activates the chip mounted on the f lex circuit. The International Civil Aviation Organization (www.icao.org) developed the specification for the design. A reader must be within 4in. of the specified circuit to power the chip and begin communications.

The chip at the base of the electronic passport is essentially a smart-card chip—a micro-controller that comes with encryption capabilities and a contactless radio interface that meets the ISO 14443 standard. Axalto has supplied the US government with coilon- module inlays based on Infineon and Philips chips. North American-based Atmel targets the electronicpassport market with its AT90SC family. The AT90SC12872- RCFT, for instance, integrates an AVR RISC core, 72kbytes of EPROM, 128kbytes of ROM, a crypto-accelerator engine, and the radio interface.

The electronic passport requires authentication by a reader and uses encrypted communications with the reader for maximum security. Moreover, the scheme requires that the passport be open for communications to occur. Just as on existing passports, the new electronic version will include a printed ID page and, at the bottom of that page, some machine-readable codes. In that code, an optical sensor in the reader will find a seed for the two security keys needed for communication. The reader must compute the keys and use the first as an authentication key to wake the smartcard chip and use the second as an encryption key. A mathematically generated digital signature ensures that no one has altered any of the stored data.

Memory in the smart-card chip will store all of the ID data that appears on the printed ID page. From the biometric perspective, the United States will require that the memory store a digital representation of the ID photo. Other regions may add additional biometric data. The European Union, for instance, will store fingerprints in the memory.

Additional security measures may prevent electronic passports from rolling out on schedule, and unless the government issues a waiver delaying the process, visitors to the United States who have never needed a visa, will.