02/11/2008
U.S. Electronic Passport Frequently Asked Questions
What is an Electronic Passport?
An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or "chip") embedded in the back cover. The chip stores:
* The same data visually displayed on the data page of the passport;
* A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry;
* The unique chip identification number; and
* A digital signature to protect the stored data from alteration.
What is a Biometric? Which one does the new Electronic Passport use?
A biometric or biometric identifier is a measurable physical or behavioral characteristic of an individual, which can be used to verify the identity of that individual or to compare against other entries when stored in a database. Biometrics include face recognition, fingerprints, and iris scans. The U.S. Electronic Passport uses the digital image of the passport photograph as the biometric identifier that is used with face recognition technology to verify the identity of the passport bearer. For more information on biometrics, please consult Biometrics Catalog.
What are the special features of an Electronic Passport?
The special features of an Electronic Passport are:
* Securely stored biographical information and digital image that are identical to the information that is visually displayed in the passport;
* Contactless chip technology that allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.
* Uses digital signature technology to verify the authenticity of the data stored on the chip. This technology is commonly used in credit cards and other secure documents using integrated circuits or chips.
How does an Electronic Passport facilitate travel?
The Electronic Passport facilitates travel by allowing:
* Automated identity verification;
* Faster immigration inspections; and
* Greater border protection and security.
The Electronic Passport is designed to function for the passport's full validity period under normal use.
Why are Electronic Passports being issued?
As a security measure, Congress has legislated that all countries participating in theVisa Waiver Program with the United States must issue passports with integrated circuits (chips), to permit storage of at least a digital image of the passport photograph for use with face recognition technology. The U.S. is doing so on a reciprocal basis and will comply with the latest international standards established for secure travel documents.
What countries will issue an Electronic Passport?
Several other nations have begun or will begin to issue e-passports. The Visa Waiver Program countries have already done so.
What happens if an Electronic Passport is lost or stolen?
Any passport that is lost or stolen should be reported immediately. U.S. passports reported lost or stolen are invalidated and can no longer be used for travel. How to report and replace a lost or stolen U.S. passport.
What is the Electronic Passport logo and what does it mean?
The Electronic Passport logo (shown below) is the international symbol for an electronic passport. It signifies that the passport contains an integrated circuit or chip on which data about the passport and passport bearer is stored. The logo will be displayed at border inspection lanes at all airports and transit ports equipped with special data readers for Electronic Passports.
Can a previously issued passport still be used for travel as long as it is still valid?
Yes. Previously issued passports that are still valid can be used for travel.
Can the new electronic passport be amended, for example, if I change my name?
No. The new electronic passports cannot be amended. If you change your name, need to extend a limited passport, or need a correction in the descriptive information, you will have to get a new passport. Within the first year after issuance, the new passport will be issued without additional payment of the passport fee. After one year, fees will be assessed for the new passport.
Can a request be made for a new passport to be issued without a chip?
No. Since August 2007, all domestic passport agencies and centers issue only e-passports.
Will someone be able to read or access the information on the chip without my knowledge (also known as skimming or eavesdropping)?
We feel that it would be good to point out what we have done to diminish the known nefarious acts of "skimming" data from the chip, "eavesdropping" on communications between the chip and reader, "tracking" passport holders, and "cloning" the passport chip in order to facilitate identity theft crimes.
Skimming is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. Eavesdropping is the interception of information as it moves electronically between the chip and the chip reader.
"Skimming." The Department is using an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it.
"Skimming and "Eavesdropping." We have adopted Basic Access Control (BAC) to minimize the risk of "skimming" and "eavesdropping." Basic Access Control requires that the initial interaction between the embedded microchip in the passport and the border control reader include protocols for setting up the secure communication channel. To ensure that only authorized RFID readers can read data, Basic Access Control stores a pair of secret cryptographic keys in the passport chip. When a reader attempts to scan the passport, it engages in a challenge-response protocol that proves knowledge of the pair of keys and derives a session key. If authentication is successful, the passport releases its data contents; otherwise, the reader is deemed unauthorized and the passport refuses read access. This control would require the receiving state to read the passport machine-readable zone (MRZ) to unlock and read the data on the chip. The MRZ information is used for computing the encryption and message authentication keys used for the "secure" exchange. BAC mollifies the possibility of both "skimming" and "eavesdropping."
"Tracking." A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be "tracked." To prevent the use of the UID for "tracking", the Department is using a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UID's used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
"Cloning." It is possible to substitute the chip of an e-passport with a fake chip storing the data copied from the chip of another e-passport. However, the simplest way to mitigate this treat is to verify that the chip data belongs to the presented e-passport. This can be done by comparing the data stored on the chip to data on the e-passports data-page. If the photos and biographical data matches and the passport does not appear to have been tampered with (is not counterfeited), then the e-passport and the data stored on the chip can be considered to be belonging together. Additionally, the introduction of Public Key Infrastructure (PKI) into travel documents provides, for the first time, the means of automatically (without human intervention) confirming that the person presenting the travel document, is the same person shown on the data page, and on the chip, with the assurance that the data was put there by the issuing authority and that the data has not been changed.
Can the information on the chip be altered and how is the information protected from being accessed by an unauthorized reader?
The new passports use Public Key Infrastructure (PKI) technology that prevents the information stored on the chip from being altered. The e-passport and the use of the PKI digital signature stands to benefit the legitimate traveler. It provides a more sophisticated means to confirm that the traveler is the rightful holder of the passport and that the passport is authentic, thus deterring would-be passport/identity thieves. Use of the PKI to validate and authenticate the data in the chip supports passport inspection and would strengthen border control systems.
What will happen if my Electronic passport fails at a port-of-entry?
The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.