Industry Insight

Have a Safe Trip

  • By Jeffrey Ross
  • Nov 01, 2006

FORGED passports may be a cliché in movies, but making sure passports are authentic and presented by the real owner is serious business. Homeland security, the safety of air travel and, ultimately, lives are at stake.

The e-passport program will help authorities determine quickly peoples' identity, making the homeland more secure and air travel safer. It also will help commerce and tourism by making passport screening faster for visitors at all points of entry.

Fortunately, in the real world, forging passports or using stolen ones is now tougher -- a lot tougher -- thanks to new technology in the electronic security market. The e-passport program will help authorities determine quickly peoples' identity, making the homeland more secure and air travel safer. It also will help commerce and tourism by making passport screening faster for visitors at all points of entry.

Changing the World
In the United States, the State Department is responsible for the safety and security of citizens and borders, including passports. After years of increasing print and paper-based security features, the passport office turned to contactless smart card technology and biometrics to make a big step ahead. Passports are international documents, so the program can only be effective if all of the leading nations agree to it.

The impetus to move the program forward worldwide came when Congress legislated all 27 countries participating in the Visa Waiver Program to issue passports with integrated, smart chip-based digital security. An international agreement was reached to follow the standards developed by the International Civil Aviation Organization (ICAO). ICAO is an agency of the United Nations that controls all cross-border civil aviation standards and procedures from security and customs documentation to aircraft airworthiness and navigation. ICAO adopted the technology used in contactless smart cards as the standard for electronic passports in order to add a facial biometric and other security features to passport.

In August, the State Department and the Government Printing Office, which assembles all U.S. passports, started issuing the new, electronic passport booklets in its Denver passport office. The GPO plans to incorporate the electronic capability in all new passports to be issued in 2007. The United States produced more than 10 million passports in 2005.

One of the two technology suppliers is Washington, D.C.-based Gemalto North America, formed in June by the merger of Axalto and Gemplus. The company also provides e-passports to France, Russia, Singapore, Poland and many other countries.

The Gemalto e-passport technology, known as Axseal, includes the company's secure operating system software running in a large capacity contactless microprocessor chip. The chip is embedded in a module highly resistant to damage and then integrated into the passport booklet cover. The e-passport solution has been designed to provide superior durability and performance over the passport's expected 10-year lifespan.

Digital Security for Passports
Significantly improved security is the principle goal of the program. And this goal is achieved in several ways using the features of the contactless smart card technology.

First, there's an electronic, digital signature put on the passport chip by the issuing country's passport authority. This electronic seal proves that the passport was issued by a legitimate passport authority. Using a passport reader, this verification eliminates dependency on a border agent to determine if a passport is fraudulent.

Second, the information on the front page of the passport is stored electronically in the chip, including a digitized photograph of the passport owner. The information is locked together and digitally signed (sealed) so any changes to it would break the seal and be detected.

Third, by comparing the passport, the digital information including the photograph of the passport owner and the bearer at passport control, border agents can make sure the person presenting the passport is the person to whom the passport was issued.

Taken together these features enable border agents to ensure that passports are legitimate, have not been altered and were issued to the person presenting it.

Protecting Privacy
Another important goal of the program is to protect the privacy and personal information of passport owners.

Contactless smart card technology should not be confused with RFID devices used for tracking packages and supply chain management, or even with traditional proximity physical access control cards. The contactless smart card technology in the e-passport is designed to protect identities. The smart cards use the built-in microprocessor for active security and encryption to protect information access and communications.

In order to protect privacy, the State Department uses these capabilities to implement security features, known as basic access control, that go well beyond the minimum set by the ICAO standard. A secret key unique to each passport is printed inside the book. This printed key must be scanned by an optical reader, not the contactless smart card reader. The key must then be presented to the e-passport before it will provide any personal information to any reader. This prevents unauthorized reading of the information, because no one can read the e-passport without physically having the book.

After authentication, communication between the reader and the e-passport starts. The information exchange is encrypted, so even if someone were able to eavesdrop -- an unlikely event inside a border control booth -- the information would be useless.

Additional privacy-friendly features include a short read range, about 4 inches, and privacy shielding in the cover that prevent communication with the e-passport when the book is closed.

There also is no new personal information stored on the e-passport. It is the same information that is on the printed page of the passport.

A New Era of e-IDs
The State Department's decision to use contactless smart card technology better protects travelers, streamlines immigration processes and improves the security of the passport booklet. The impact is felt worldwide because more than 30 nations have already pledged to adopt e-passports. The U.S. program is moving forward. This will motivate other countries to adopt the standard.

Since the program impacts millions of U.S. citizens, one advantage of the program is the tremendous visibility for contactless smart card technology and the security industry with the advent of digitally secure travel documents and other government-issued identity credentials. The e-passport has been featured in more than 300 print and broadcast segments in the last two years. The program is getting even more attention now that the passports are being issued.

Finally, the State Department decision to use privacy-friendly and secure contactless smart card technology also will potentially influence many other identity security initiatives in the United States. One of these is the Western Hemisphere Travel Initiative. This program aims to provide more security at the northern and southern land borders by requiring returning U.S. citizens to present a passport or a PASS card, a less-expensive travel document proposed by the State Department and the Department of Homeland Security. Today, U.S. citizens can re-enter at these land borders by presenting a driver license.

Real ID is a second and much larger program that can be influenced by e-passports. This program aims to set standards for driver licenses used for federal purposes, like boarding an airplane or entering a federal building. One goal is to set standards for vetting source documents used when obtaining a license. A second goal is to make the IDs more secure credentials, potentially using techniques like those in the e-passport.

As the government looks back on its many security-focused projects five years after 9/11, the e-passport program ranks as one of its most significant accomplishments. It also may be the vanguard of a new era of e-IDs, secure documents based on smart card technology.

This article originally appeared in the November 2006 issue of Security Products, pg. 8.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.