Nov 01, 2004By Claire Swedberg
Nov. 2, 2004-The United States Government Printing Office (GPO) is testing electronic passports (e-passports) embedded with RFID chips that the agency hopes to make standard within the next year. To carry out the tests, the GPO awarded four companies with contracts to provide 13.56 MHz RFID chips to test the e-passport system. The chips comply with the ISO 14443A and 14443B standards.
The eight-week-long testing program, which began in October, involves the National Institute of Standards and Technology (NIST). First, the GPO will manufacture test passports embedded with RFID chips. NIST will test the passports for durability as well as ensure they meet security and electronic requirements. Some of these tests will include verifying that the chips can be read and can withstand 10 years' of normal wear and tear and stamping by customs' officers.
Following testing, the Department of State hopes to begin distributing limited numbers of electronic passports to American travelers in December 2004. These passports will become fully available to the public in the first quarter of 2005, with as many as 1 million provided being issued. By late 2005 the Department of State hopes that all the passports it issues annually (about 7 million) will carry RFID chips in their covers printed by the GPO and embedded with chips manufactured by a company that has not yet been selected.
"Based on the outcome of this testing, the government expects to procure production quantities of these chips from one or more of the awardees," says GPO's director of public relations, Veronica Meters.
The companies participating in the trial are Axalto Holding, Bearing Point, Infineon Technologies and SuperCom.
In addition to providing the GPO with sample RFID inlays, each of the companies have provided RFID reader-encoders and software to permit the government to test the offered solutions, according to Meters.
"Under the contract, GPO may procure passport book covers containing electronic inlays-a durable card-type structure that contain a contactless integrated circuit and antenna," Meters says. The GPO will then incorporate these book covers into the passport book, with the inlay in the back cover.
For Americans traveling abroad, this technology will mean having their passport scanned by RFID readers at points of entry into foreign countries and in the United States. Customs officials can scan the information encoded on the embedded chip by holding the passport within a few centimeters of a stationary or handheld reader. The chip will contain all the passport-holder information that is also printed on the passport, as well as a digital image of the passport holder. The printed information on the passport can then be compared against information encoded on the embedded chip. The data on the chip will not be encrypted, but it will be digitally signed by the issuer in order to verify that the data is genuine and not counterfeit or tampered with.
The GPO is manufacturing the e-passport booklet in accordance with specifications developed by the International Civil Aviation Organization (ICAO). In 2003, ICAO specified the technical requirements for RFID technology used in electronic passports. These specifications were published in ICAO Doc 9303.
Not everyone is happy about the new passport plans. Although the U.S. government claims the readers must be within a few centimeters of the chip to read it, some consumers worry that anyone with a reader within 20 feet of a passport would be able to read its chip. That is unlikely, according to BearingPoint technical lead and program manager for the e-passport project, Gordon Hannah. "I find that hard to believe. It would be very difficult to read these chips [from more than 10 centimeters away], in fact it would be impossible, in my experience," says Hannah.
Nonetheless, IACO warns that the possibility of unauthorized reads still exists. In "Annex I: Use Of Contactless ICs in Machine Readable Travel Documents," which IACO published in May 2004, the organization states: "ISO/IEC 14443 specifies maximum reading distances for machine (RF) readers that conform. As the available power for the Contactless ICs decreases proportional to the sixth power of the distance between the machine (RF) reader and the IC, it is unlikely that unauthorized reading will occur. However, this cannot completely ruled out."
The publication describes several methods for completely preventing unauthorized readings. One way is for travelers to store their passport in a metallic sleeve, which will deflect radio waves, thereby preventing any reader from accessing the chip's data. Another option is to add a metal surface to an adjacent page in the passport. Under this scheme, the IACO writes, the chip will not be readable while the passport is closed. In order for the chip to be read, the passport must be opened, causing the antenna of the contactless IC to be moved away from the metal surface.
