|
A biometric passport, also known as an e-passport, ePassport or a digital passport, is a combined paper and electronic passport that contains biometric information that can be used to authenticate the identity of travelers. It uses contactless smart card technology, including a microprocessor chip (computer chip) and antenna (for both power to the chip and communication) embedded in the front or back cover, or center page, of the passport. Document and chip characteristics are documented in the International Civil Aviation Organization's (ICAO) Doc 9303.〔(【引用サイトリンク】title=ICAO Document 9303, Part 1, Volume 1 (OCR machine-readable passports) )〕〔(【引用サイトリンク】title=ICAO Document 9303, Part 1, Volume 2 (e-passports) )〕〔(【引用サイトリンク】title=ICAO Document 9303, Part 3 (credit-card sized ID cards) )〕 The passport's critical information is both printed on the data page of the passport and stored in the chip. Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented. The currently standardized biometrics used for this type of identification system are facial recognition, fingerprint recognition, and iris recognition. These were adopted after assessment of several different kinds of biometrics including retinal scan. The ICAO defines the biometric file formats and communication protocols to be used in passports. Only the digital image (usually in JPEG or JPEG2000 format) of each biometric feature is actually stored in the chip. The comparison of biometric features is performed outside the passport chip by electronic border control systems (e-borders). To store biometric data on the contactless chip, it includes a minimum of 32 kilobytes of EEPROM storage memory, and runs on an interface in accordance with the ISO/IEC 14443 international standard, amongst others. These standards intend interoperability between different countries and different manufacturers of passport books. Some national identity cards (e.g. in the Netherlands, Albania and Brazil) are fully ICAO9303 compliant biometric travel documents. However others, such as the United States Passport Card, are not. ==Data protection== Biometric passports are equipped with protection mechanisms to avoid and/or detect attacks: * Non-traceable chip characteristics. Random chip identifiers reply to each request with a different chip number. This prevents tracing of passport chips. Using random identification numbers is optional. * Basic Access Control (BAC). BAC protects the communication channel between the chip and the reader by encrypting transmitted information. Before data can be read from a chip, the reader needs to provide a key which is derived from the Machine Readable Zone: the date of birth, the date of expiry and the document number. If BAC is used, an attacker cannot (easily) eavesdrop transferred information without knowing the correct key. Using BAC is optional. * Passive Authentication (PA). PA is aimed at identifying modification of passport chip data. The chip contains a file (SOD) that stores hash values of all files stored in the chip (picture, fingerprint, etc.) and a digital signature of these hashes. The digital signature is made using a document signing key which itself is signed by a country signing key. If a file in the chip (e.g. the picture) is changed, this can be detected since the hash value is incorrect. Readers need access to all used public country keys to check whether the digital signature is generated by a trusted country. Using PA is mandatory. According to a September 2011 United States Central Intelligence Agency document released by Wikileaks in December 2014, "Although falsified e-passports will not have the correct digital signature, inspectors may not detect the fraud if the passports are from countries that do not participate in the International Civil Aviation Organization’s Public Key Directory (ICAO PKD). Only 15 of over 60 e-passport-issuing countries belong to the PKD program, as of December 2010" * Active Authentication (AA). AA prevents cloning of passport chips. The chip contains a private key that cannot be read or copied, but its existence can easily be proven. Using AA is optional. * Extended Access Control (EAC). EAC adds functionality to check the authenticity of both the chip (chip authentication) and the reader (terminal authentication). Furthermore, it uses stronger encryption than BAC. EAC is typically used to protect fingerprints and iris scans. Using EAC is optional. In the European Union, using EAC is mandatory for all documents issued starting 28 June 2009. * Supplemental Access Control (SAC) was introduced by ICAO in 2009 for addressing BAC weaknesses. It was introduced as a supplement to BAC (for keeping compatibility), but will replace it in the future. * Shielding the chip. This prevents unauthorized reading. Some countries – including at least the US – have integrated a very thin metal mesh into the passport's cover to act as a shield when the passport cover is closed.〔(【引用サイトリンク】title=Metal shields and encryption for US passports )〕 The use of shielding is optional. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Biometric passport」の詳細全文を読む スポンサード リンク
|