U.S. Considering Wireless Passport Protection

April 26, 2005

Freedom to Tinker reports:

The U.S. government is 'taking a very serious look' at improving privacy protection for the new wireless-readable passports, according to an official quoted in a great article by Kim Zetter at Wired News. [...]

The previously proposed system would transmit all of the information stored on the inside cover of the passport -- name, date and place of birth, (digitzed) photo, etc. -- to any device that is close enough to beam a signal to the passport and receive the passport's return signal.

The improved system, which is called "Basic Access Control" in the specification, would use a cryptographic protocol between the passport and a reader device. The protocol would require the reader device to prove that it knew the contents of the machine-readable text on the inside cover of the passport (the bottom two lines of textish stuff on a U.S. passport), before the passport would release any information. The released information would also be encrypted so that an eavesdropper could not capture it.
Depending on who you trust, you might still want to travel with your passport wrapped in aluminium foil...


Posted by andersja

Comments

If the "Basic Access Control" scheme means that the Machine Readable font data already printed on most passports is Optically Scanned , then there is no need for the RFID chip to contain any of the same data whatsoever ! Why make things so complicated, without gaining any extra "security" ?

There does not seem to be a strong case for any kind of RFID chip in a Passport at all. If it is to be used as another anti-forgery device, it would be more secure if a contact smartcard was used, like in CHIP and PIN credit cards, but that is NOT what is being prented by various Governments.

Posted by: Watching Them, Watching Us at June 21, 2005 01:11 PM
Post a comment









Remember personal info?