Biometric passport, also known as an e-passport or ePassport, is a combined paper and electronic passport that contains biometric security information that can be used to authenticate and identity the travelers. Biometric Passport uses contactless smart card technology, including a microprocessor chip (computer chip) and antenna (for both power to the chip and communication) embedded in the front or back cover, or center page of the passport.

The passport’s critical information is both printed on the data page of the passport and stored in the chip. Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented.

The currently standardized biometrics used for this type of identification system are facial recognition, fingerprint recognition, and iris recognition. These were adopted after assessment of several different kinds of biometrics including retinal scan.

The ICAO defines the biometric file formats and communication protocols to be used in passports. The comparison of biometric features is performed outside the passport chip by electronic border control systems (e-borders). To store biometric data on the contactless chip, it includes a minimum of 32 kilobytes of EEPROM storage memory, and runs on an interface in accordance with the ISO/IEC 14443 international standard, amongst others.

Data Security Mechanisms used for Biometric Passport

  • Non-traceable chip characteristics. Random chip identifiers reply to each request with a different chip number. This prevents tracing of passport chips. Using random identification numbers is optional.
  • Basic Access Control (BAC). BAC protects the communication channel between the chip and the reader by encrypting transmitted information.
  • Passive Authentication (PA). PA prevents modification of passport chip data. The chip contains a file (SOD) that stores hash values of all files stored in the chip (picture, finger print, etc.) and a digital signature of these hashes.
  • Active Authentication (AA). AA prevents cloning of passport chips. The chip contains a private key that cannot be read or copied, but its existence can easily be proven.
  • Extended Access Control (EAC). EAC adds functionality to check the authenticity of both the chip (chip authentication) and the reader (terminal authentication). Furthermore it uses stronger encryption than BAC. EAC is typically used to protect finger prints and iris scans.
  • Shielding the chip. This prevents unauthorized reading.