Higher cryptography chip secures future ePassport
Article By : NXP
Advancements in ePassport’s flexibility, accessibility, security and interoperability allow users to securely derive credentials for other devices.
Out of 900 million passports issued, 730 are ePassports that represent the majority of passports in circulation. According to the International Civil Aviation Organisation (ICAO), the United Nations agency that oversees international air travel and defines ePassport standards, 120 states claim that they are currently issuing ePassports. The infrastructure supporting ePassports has expanded as well. Over 5,000 automated border crossings (ABC) gates are operating worldwide, supporting more than 20 million ABC transactions daily.
With the rise of ePassports, NXP has identified three distinct trends, namely increasing functionality, stronger security and the emergence of “virtual mobile identity.”
Increasing functionality
ICAO first introduced BAC (Basic Access Control), then EAC (Extended Access Control) and is currently migrating to SAC (Supplemental Access Control) protocols. All ePassports use the same data format-the Local Data Structure (LDS), to store and “seal” data to protect it from tampering. The data that is embedded in the chip remains the same for the whole lifespan of the document and can’t be modified.
A new format called LDS2. which is a backwards-compatible extension to previous generations of ePassports, will change that.
It enables the digital storage of travel data such as electronic visas and travel stamps directly on the chip, and allows the complete passport booklet to be available in digital format. In addition, the read-and-write capacity allows new biometric data to be added. Countries will have more choice in national policy and give people the option of submitting biometrics if they want to participate in a trusted-traveller program. Introducing the concept of passport applications opens up opportunities to efficiently automate the processing of passengers and their documents. This frees up time at borders so officials can attend to more high-value activities and increase return on investment in the border-clearance infrastructure.
NXP ships SAC globally in high volume, and is fully involved in the definition and standardisation of ePassport LDS2. It has also developed a system that successfully passed initial ICAO compliance tests performed by the ICAO NTWG.
Stronger security
With the European refugee crisis, international terrorism rise and criminal activity increase, the demand for stolen and forged passports also grows. This advances the distribution of ePassports on a global scale. Countries that already issue ePassports are looking to increase the security further. As a result, the future will see more data being transferred from the physical pages of an ePassport, to the secure and tamper-resistant IC. The IC is designed to resist attempts to steal, modify or misuse the data and ceases to work properly if physically tampered with.
In reality, the chip in the electronic passport has more capacity and functional flexibility than just supporting the ICAO 9303 protocols that offers untapped opportunities to implement electronic forensic security features. It provides functionality that may be used on an international and/or national level, depending on feature implementation and international cooperation. Customer-specific functionality implemented in the chip can introduce additional security and efficiency in the process of border management and can elevate document security and fraud prevention to an unprecedented level.
NXP’s SmartMX secure microcontroller family makes up the core component for secure identity programs. SmartMX products contain the IntegralSecurity architecture with more than 100 security mechanisms and are ready to support custom-specific electronic forensic features.
Virtual mobile identity
Answering the demand for leaner administration and stronger security, the ePassport is evolving from “just” being a travel document to being a government-issued root credential for other applications, including a “virtual mobile identity.” In the future, the single, secure digital ID in combination with technology such as NFC, will allow ePassport owners to identify themselves, to interact with and authenticate applications via NFC-enabled mobile smartphones or wearable formats. ICAO is using the 9303 NTWG (New Technology Work Group) to work on potential future policies and standards for a “virtual mobile identity.”
NXP’s SmartMX product family is designed for the security of NFC-enabled smartphones. NXP is also involved in ISO and ICAO standardisation activities for “virtual mobile identities.”
Future advancements in flexibility, accessibility, security and interoperability of the ePassport ecosystem will allow users to securely derive credentials to other electronic devices beyond passports, including mobile phones. For the secure chip in the document to serve these trends, ultra-thin design, larger memory as well as higher cryptography and communication speeds are required.