Skip navigation

Feature

Contactless traveling

Electronic passports embed contactless chip technology to streamline passage through customs and significantly hinder counterfeiters.

By Maury Wright, Editor at Large -- EDN, 7/7/2005

Much has been written over the past year about the transition to electronic passports. Reasonably minded privacy advocates have attacked potential security loopholes in the technology, while the lunatic fringe has made absurd claims about a grand governmental scheme to invade the privacy of the citizenry.

In reality, electronic passports will ease the life of travelers passing through customs, stymie counterfeiters, and provide governments with no more information than they currently gather. Even before the recent addition of some additional security measures demanded by privacy advocates, electronic passports would not have allowed terrorists to wirelessly scan crowds for targets from specific nations, as some have claimed.

Read more Prying Eyes
When we focus our Prying Eyes on the technology, however, it's not about invading privacy; it's about how the electronic passport will work.

RFID by any other name

Contactless chip technology—integrated on what's essentially a smart-card chip—lies at the heart of the electronic passport. Vendors of ICs, modules, and readers for such machine-readable ID applications are careful not to use the term "RFID," but in fact the electronic passport does use a secure form of RFID. The vendors engaged in the business prefer the label "contactless chip technology" because they want to ensure that the public doesn't relate the electronic passport to the RFID chips that are embedded in pets for ID purposes or used by companies like Wal-Mart to monitor inventory. Indeed, the flavor of RFID used in the passport requires that the passport be within 10 cm of a reader to be accessed.

Vendor preferences notwithstanding, the electronic passport is an RFID-based application. An antenna coil runs around the perimeter of an inlay that's embedded in the back cover of the passport. An RF field stimulates the coil and activates the chip that's mounted on the flex circuit in the inlay. The chip communicates with a reader over an RF link.

The move toward contactless, machine-readable identification cards is happening worldwide. For instance, Malaysia has already adopted a national ID card, called MyCard, that is based on a smart card that can be read with RFID technology. The governments in the US, those in the European Union, and many throughout Asia are planning a transition to electronics passports.

Several years back, the US government set a deadline of Oct. 27, 2004, as the start of the transition to electronic passports. Later, the industry lobbied for a two-year extension and received a one-year extension. So the clock is ticking toward the deadline looming later this year.

The US mandate doesn't target US passports. Instead, the US will require that the 27 countries that participate in the Visa Waiver Program (VWP)—chiefly the European Union and other countries such as Australia and Japan—begin the transition to electronic passports this year. Those countries need not replace all existing passports at once, but rather must start issuing electronic passports for new applicants and renewals by the target date. The program will take a decade to propagate though all citizens from VWP countries.

Early this year, the US deadline appeared to be a reasonable goal. But the additional security measures added recently at the behest of privacy advocates—called Basic Access Control (BAC)—have made the deadline a long shot. The industry is again lobbying the US government for an extension. Indeed, the technology industry, and many other industries, could be hurt if the deadline mandate stays in place but a delay occurs in VWP countries beginning to issue electronic passports. Travelers accustomed to visiting the US on business with no visa would find themselves going through the visa-application process for routine trips. Still, no one is willing to speculate on the record as to whether the House Judiciary Committee, which controls the process, will approve another waiver.

The issue for vendors who want to manufacture the passports and equipment such as readers, a well as the VWP passport agencies, is not the technology itself, but the brief period of time that the specification has been available. The original specs have been available for about a year, and the BAC additions were made this year. The International Civil Aviation Organization (ICAO, www.icao.org) developed the specification for the design, and the US will mandate that electronic passports meet that specification.

Passport data-passing

The electronic passport will be readable from distances of about 4 in. Before the addition of the BAC requirements, the traveler would not have needed to open the passport. Moreover, while the original specification did require an authentication step, once authenticated the data transfer would have occurred without encryption. Privacy advocates, perhaps rightly, wanted more security. But realistically, the range limitation and the authentication step would have prevented a terrorist or other nefarious party from wirelessly scanning passports in public places.

With BAC in place, the procedure now requires authentication by a reader and utilizes encrypted communications. Moreover, the scheme requires that the passport be opened in order for communications to occur. Just as on existing passports, the new electronic version will include a printed ID page that has some machine-readable code printed at the bottom. In that code, an optical sensor in the reader will find a seed it will use to compute two security keys required for communication. The first key is as an authentication key that will awaken the smart-card chip. The second is an encryption key. A mathematically generated digital signature will protect against alteration of the stored data.

The smart-card chip in the passport will also integrate memory that stores the typical ID information along with the electronic signature. Moreover, the ICAO specifies that the chip will store a digital picture. Memory densities can support additional biometric data as well, and the spec will allow countries to add additional elements. For instance, the European Union will store fingerprints digitally, although that data will only be accessible by readers in European Union countries.

While manufacturing schemes will vary country by country, the US government will require a supplier to fabricate the passport with the flex-circuit inlay embedded in the cover. The government printing office will then add the pages, including the inside of the rear cover with the standard printed ID information, and program the smart-card chip. The inlay must be manufactured for a harsh environment, as travelers will surely bend the books and even sit on them.

Axalto is one of the companies that has manufactured initial production samples for the US government to evaluate. The smart-card chip at the base of the electronic passport is outfitted with encryption capabilities and a radio interface that meets the ISO 14443 standard. Axalto has supplied the government with coil-on-module inlays based on Infineon and Philips chips. North America's Atmel targets the electronic-passport market with its AT90SC family of ICs. The AT90SC12872RCFT, for instance, integrates an AVR RISC core, 72 kbytes of EPROM, 128 kbytes of ROM, an encryption accelerator engine, and the radio interface.

FUD factor

The electronic-passport era should begin shortly. The German government has said that it will begin issuing passports based on Infineon chips in November. Ideally, VWP countries should already be rolling out electronic passports to diplomats, according to Jeffrey Katz, vice president of marketing at Atmel.

However, fear, uncertainty, and doubt, some of it based on misinformation, may yet cause delays. For example, the government of California has approved a bill that essentially prohibits the use of contactless technology in ID cards, Katz points out. Joe Simitian, a state senator from Palo Alto, drove the bill, boasting that it would stop RFID tags from broadcasting private personal information. Of course an electronic passport wouldn't broadcast data. Moreover, Simitian was at least partly motivated by an elementary school incident in California that required students to wear RFID tags that could transmit ID information and even grades. (In light of this situation, it's not hard to understand why the proponents of electronic passport want to avoid the term "RFID.")

At this point it appears that California will have yet another instance of conflicting state and federal laws. Already the Simitian bill includes "carve outs" that allow RFID in prisons, hospitals, morgues, and other locations. But it prohibits RFID in drivers' licenses, library cards, school IDs, and similar applications. According to Atmel's Katz, electronic passports could be added to the carve-out list.

Meanwhile, a controversial May article in Wired magazine, which has covered the electronic-passport story all along, muddied the waters. In the article, "Lawmaker rips RFID passport plans," US Representative James Sensenbrenner of Wisconsin, chairman of the House Judiciary Committee, claimed that the US was not mandating RFID technology and that VWP countries could use alternative technologies. Sensenbrenner suggested that a 2-D barcode might be suitable in meeting the ICAO specification for storing a biometric identifier. And the article certainly suggested that the entire electronic-passport effort might be derailed.

Industry insiders, however, don't believe that anything other than RFID technology will drive the passport of the future. "All of the countries that I'm aware of are implementing passports with the chips," states Neville Pattinson, director of technology and government affairs at Axalto. The chip-based approach will make counterfeiting exponentially more difficult relative to technologies such as 2-D bar codes, Pattinson claims.

The US, Pattinson says, will begin rolling out electronic passports this year, although the US passport program does not face a mandated deadline like the VWP countries do.

As for the privacy debate, the recent changes seem to have smoothed the path ahead. "BAC pretty much appeased the privacy folks," Pattinson says. In addition, he notes, an optional metal shield in the cover of the passport, or as one of the pages in the passport, can make wireless detection of a passport in a person's pocket impossible.

In fact, Pattinson simply dismisses the concept of terrorists selecting victims by scanning electronic passports. He suggests that people reveal their nationality in other ways that much simpler to evaluate. For example, if someone were trying to single out Americans in Paris, they could just check their shoes: "You will never catch a French woman wearing sneakers," he says.

Editor's note: The above is an expanded version of the single-page article that appeared in print. The PDF below reproduces the printed version.
ADVERTISEMENT
ADVERTISEMENT

Feedback Loop


Post a CommentPost a Comment

There are no comments posted for this article.


ADVERTISEMENT

Newsletters

EDN on Embedded Processing: Interfaces, serial and otherwise; optimizing architectures; more... 3/8/2006

EDN on Embedded Processing: Linux in consumer electronics; reference designs; more... 2/22/2006

EDN on Embedded Processing: Processing options; 802.11 progress; more... 1/25/2006

Sign UpSign Up

Knowledge Center

Technology Quick Links

EDN Marketplace

About Us   |   Contact Us   |   Free Email Newsletters   |   Free Magazine Subscription  |   Advertising   |   RSSRSS   

©1997-2008 Reed Business Information, a division of Reed Elsevier Inc. All rights reserved.
Use of this Web site is subject to its Terms of Use | Privacy Policy

Please visit these other Reed Business sites
SKIP THIS AD >>
ADVERTISEMENT
You will be redirected to your destination in few seconds.