Industry Insight

Have a Safe Trip

• By Jeffrey Ross
• Nov 01, 2006

FORGED passports may be a cliché in movies, but making sure passports are authentic and presented by the real owner is serious business. Homeland security, the safety of air travel and, ultimately, lives are at stake.

The e-passport program will help authorities determine quickly peoples' identity, making the homeland more secure and air travel safer. It also will help commerce and tourism by making passport screening faster for visitors at all points of entry.

Fortunately, in the real world, forging passports or using stolen ones is now tougher -- a lot tougher -- thanks to new technology in the electronic security market. The e-passport program will help authorities determine quickly peoples' identity, making the homeland more secure and air travel safer. It also will help commerce and tourism by making passport screening faster for visitors at all points of entry.

Changing the World
In the United States, the State Department is responsible for the safety and security of citizens and borders, including passports. After years of increasing print and paper-based security features, the passport office turned to contactless smart card technology and biometrics to make a big step ahead. Passports are international documents, so the program can only be effective if all of the leading nations agree to it.

The impetus to move the program forward worldwide came when Congress legislated all 27 countries participating in the Visa Waiver Program to issue passports with integrated, smart chip-based digital security. An international agreement was reached to follow the standards developed by the International Civil Aviation Organization (ICAO). ICAO is an agency of the United Nations that controls all cross-border civil aviation standards and procedures from security and customs documentation to aircraft airworthiness and navigation. ICAO adopted the technology used in contactless smart cards as the standard for electronic passports in order to add a facial biometric and other security features to passport.

In August, the State Department and the Government Printing Office, which assembles all U.S. passports, started issuing the new, electronic passport booklets in its Denver passport office. The GPO plans to incorporate the electronic capability in all new passports to be issued in 2007. The United States produced more than 10 million passports in 2005.

One of the two technology suppliers is Washington, D.C.-based Gemalto North America, formed in June by the merger of Axalto and Gemplus. The company also provides e-passports to France, Russia, Singapore, Poland and many other countries.

The Gemalto e-passport technology, known as Axseal, includes the company's secure operating system software running in a large capacity contactless microprocessor chip. The chip is embedded in a module highly resistant to damage and then integrated into the passport booklet cover. The e-passport solution has been designed to provide superior durability and performance over the passport's expected 10-year lifespan.

Digital Security for Passports
Significantly improved security is the principle goal of the program. And this goal is achieved in several ways using the features of the contactless smart card technology.

First, there's an electronic, digital signature put on the passport chip by the issuing country's passport authority. This electronic seal proves that the passport was issued by a legitimate passport authority. Using a passport reader, this verification eliminates dependency on a border agent to determine if a passport is fraudulent.

Second, the information on the front page of the passport is stored electronically in the chip, including a digitized photograph of the passport owner. The information is locked together and digitally signed (sealed) so any changes to it would break the seal and be detected.

Third, by comparing the passport, the digital information including the photograph of the passport owner and the bearer at passport control, border agents can make sure the person presenting the passport is the person to whom the passport was issued.

Taken together these features enable border agents to ensure that passports are legitimate, have not been altered and were issued to the person presenting it.

Protecting Privacy
Another important goal of the program is to protect the privacy and personal information of passport owners.

Contactless smart card technology should not be confused with RFID devices used for tracking packages and supply chain management, or even with traditional proximity physical access control cards. The contactless smart card technology in the e-passport is designed to protect identities. The smart cards use the built-in microprocessor for active security and encryption to protect information access and communications.

In order to protect privacy, the State Department uses these capabilities to implement security features, known as basic access control, that go well beyond the minimum set by the ICAO standard. A secret key unique to each passport is printed inside the book. This printed key must be scanned by an optical reader, not the contactless smart card reader. The key must then be presented to the e-passport before it will provide any personal information to any reader. This prevents unauthorized reading of the information, because no one can read the e-passport without physically having the book.

After authentication, communication between the reader and the e-passport starts. The information exchange is encrypted, so even if someone were able to eavesdrop -- an unlikely event inside a border control booth -- the information would be useless.

Additional privacy-friendly features include a short read range, about 4 inches, and privacy shielding in the cover that prevent communication with the e-passport when the book is closed.

There also is no new personal information stored on the e-passport. It is the same information that is on the printed page of the passport.

A New Era of e-IDs
The State Department's decision to use contactless smart card technology better protects travelers, streamlines immigration processes and improves the security of the passport booklet. The impact is felt worldwide because more than 30 nations have already pledged to adopt e-passports. The U.S. program is moving forward. This will motivate other countries to adopt the standard.

Since the program impacts millions of U.S. citizens, one advantage of the program is the tremendous visibility for contactless smart card technology and the security industry with the advent of digitally secure travel documents and other government-issued identity credentials. The e-passport has been featured in more than 300 print and broadcast segments in the last two years. The program is getting even more attention now that the passports are being issued.

Finally, the State Department decision to use privacy-friendly and secure contactless smart card technology also will potentially influence many other identity security initiatives in the United States. One of these is the Western Hemisphere Travel Initiative. This program aims to provide more security at the northern and southern land borders by requiring returning U.S. citizens to present a passport or a PASS card, a less-expensive travel document proposed by the State Department and the Department of Homeland Security. Today, U.S. citizens can re-enter at these land borders by presenting a driver license.

Real ID is a second and much larger program that can be influenced by e-passports. This program aims to set standards for driver licenses used for federal purposes, like boarding an airplane or entering a federal building. One goal is to set standards for vetting source documents used when obtaining a license. A second goal is to make the IDs more secure credentials, potentially using techniques like those in the e-passport.

As the government looks back on its many security-focused projects five years after 9/11, the e-passport program ranks as one of its most significant accomplishments. It also may be the vanguard of a new era of e-IDs, secure documents based on smart card technology.