U.S. ePassport Rule Passed
Filed in archive Tags and Readers on October 26, 2005
The latest big RFID news here in the U.S. this week concerns ePassports.
The United States Department of State yesterday issued final rules for RFID-chipped passports.
A proposed rule had been published in February 2005. What we saw between then and now is democracy in action. The State Department received 2,335 comments to the initial proposal, over 98% of which were negative.
The State Department's initial reaction to this response was not as smooth as we might expect, calling concerns "poppycock."
However, the comments indeed had an impact. After the comments, the State Department changed the technology it plans to use:
"...[T]he Department, in cooperation with the GPO, will include an anti-skimming material in the front cover and spine of the electronic passport that will mitigate the threat of skimming from distances beyond the ten centimeters prescribed by the ISO 14443 technology, as long as the passport book is closed or nearly closed.
The Department will also implement Basic access control (BAC) to
mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection."
Originally I read the rule to say that the data would be encrypted, but technically that is not the case. Rather, it is the "communication session" that is encrypted, due to the use of a PIN key.
The new ePassports become effective one year from now, in October 2006. Between now and then a pilot program will be rolled out in which diplomats will use the new ePassports, to determine how well the program works in practice.
The Department will also implement Basic access control (BAC) to
mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection."
Permalink: U.S. ePassport Rule Passed
Tags: RFID passport rfid rule technology epassport+rule rule+passed social+networking
Vote for U.S. ePassport Rule Passed:
|
Rating: 7.00 out of 7 vote(s) cast.
|
Response from:
Der Haken
(11/21/05 8:01am)
Response from:
Anita Campbell
(11/21/05 10:51am)
Yes, as I understand it, there will be a metal (foil perhaps?) lining in the passport cover. As long as the passport is closed, that material should prevent the RFID radio waves from being scanned remotely.
For the few moments while the passport is open and being read by immigration / customs officials, the anti-skimming material would not help, of course. In that situation the Basic Access Code prevents eavesdropping devices from picking up any useful information.
So it is really two different types of security measures being employed.
For the few moments while the passport is open and being read by immigration / customs officials, the anti-skimming material would not help, of course. In that situation the Basic Access Code prevents eavesdropping devices from picking up any useful information.
So it is really two different types of security measures being employed.
| RSS |  |
 | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
Most Popular
Best of
Case Studies
Companies
Contactless Payment Systems
contest
Did you know
EPC Standards
Healthcare
Implementation
Information About
Interviews
Libraries
Market Size
Misc
Near Field Communication
Patents
Privacy and Security
Quick introduction
Report
Retail
-1"
title="post elsewhere">my questions on 'remote scanning'
possibilities. Do I get it right: There will be some sort of 'stealth coating' preventing the chip from being pinged or scanned remotely?