The RFID Weblog: U.S. ePassport Rule Passed

Filed in archive Tags and Readers by Anita Campbell on October 26, 2005

The latest big RFID news here in the U.S. this week concerns ePassports.

The United States Department of State yesterday issued final rules for RFID-chipped passports.

A proposed rule had been published in February 2005. What we saw between then and now is democracy in action. The State Department received 2,335 comments to the initial proposal, over 98% of which were negative.

The State Department's initial reaction to this response was not as smooth as we might expect, calling concerns "poppycock."

However, the comments indeed had an impact. After the comments, the State Department changed the technology it plans to use:

"...[T]he Department, in cooperation with the GPO, will include an anti-skimming material in the front cover and spine of the electronic passport that will mitigate the threat of skimming from distances beyond the ten centimeters prescribed by the ISO 14443 technology, as long as the passport book is closed or nearly closed.

The Department will also implement Basic access control (BAC) to
mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection."

Originally I read the rule to say that the data would be encrypted, but technically that is not the case. Rather, it is the "communication session" that is encrypted, due to the use of a PIN key.

The new ePassports become effective one year from now, in October 2006. Between now and then a pilot program will be rolled out in which diplomats will use the new ePassports, to determine how well the program works in practice.

Related Entries:

Fear of a Wireless Passport - 17 July 2006
RFID Passports are Here... But Hello Kitty Will Protect You! - 14 August 2006
How to Nuke an RFID Passport - 17 September 2006
Got an e-Passport? Grab a Hammer! - 27 December 2006

« Roadmap for SMB Manufactu... | Main | Norwegian ePassports Kick... »

Permalink: U.S. ePassport Rule Passed

Tags: RFID passport rfid rule technology epassport+rule rule+passed social+networking

Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/10597

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Mr Wong

Netscape

Netvousz

Newsvine

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Vote for U.S. ePassport Rule Passed:

Currently 7.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 7.00 out of 7 vote(s) cast.

Response from: Der Haken (11/21/05 3:01pm)

... your post seems to answer http://feuerhake.unverkaeuflich.net/article/725/passport-news---update
-1"
title="post elsewhere">my questions on 'remote scanning'
possibilities. Do I get it right: There will be some sort of 'stealth coating' preventing the chip from being pinged or scanned remotely?

Response from: Anita Campbell (11/21/05 5:51pm)

Yes, as I understand it, there will be a metal (foil perhaps?) lining in the passport cover. As long as the passport is closed, that material should prevent the RFID radio waves from being scanned remotely.

For the few moments while the passport is open and being read by immigration / customs officials, the anti-skimming material would not help, of course. In that situation the Basic Access Code prevents eavesdropping devices from picking up any useful information.

So it is really two different types of security measures being employed.