The introduction of e-Passports, also known as biometric passports, has revolutionized the way we travel. These technologically advanced passports incorporate biometric features, enhancing security measures and streamlining the travel experience.
The concept of passports dates back centuries, with the earliest known travel documents used by ancient civilizations. However, modern passports as we know them today have evolved over time. The League of Nations introduced the first standardized passport format in 1920, and a specialized agency of the United Nations called the International Civil Aviation Organization (ICAO) took over the responsibility of setting passport standards in 1944. In 1980, the ICAO published first edition of Doc 9303, which specifies the data structure of machine readable zone (MRZ). Usually, MRZ is positioned at the bottom of the identity page, comprising two lines, with each line consisting of 44 characters printed in OCR-B font.
- Line 1, Character Positions 1-2: first character is P, second character is optional (if empty, use "<" instead)
- Line 1, Character Positions 3-5: usually, this is the ISO 3166-1 alpha-3 country code of the issuing country. However, some countries use different codes; for example, Germany uses "D" (completed with two filler characters "<<") and the United Nations uses "UNO"
- Line 1, Character Positions 6-44: surname, followed by "<<", and then the given names. The given names are separated by "<"
- Line 2, Character Positions 1-9: passport number
- Line 2, Character Position 10: check digit over digits 1-9 (the remainder of the weighted sum mod 10)
- Line 2, Character Positions 11-13: citizenship
- Line 2, Character Positions 14-19: date of birth in YYMMDD format
- Line 2, Character Position 20: check digit over digits 14-19
- Line 2, Character Position 21: sex. "M" for male; "F" for female; "<" for unspecified
- Line 2, Character Positions 22-27: passport's expiration date in YYMMDD format
- Line 2, Character Position 28: check digit over digits 22-27
- Line 2, Character Positions 29-42: miscellaneous data
- Line 2, Character Position 43: check digit over digits 29-42
- Line 2, Character Position 44: check digit over digits 1-10, 14-20, and 22-43
Nonetheless, the early versions of Doc 9303 did not mention any anti-counterfeiting measures. Traditional passports are susceptible to forgery and tampering, as they rely solely on physical features such as photographs, watermarks, visible and invisible UV, and positive relief, which can be counterfeited. To address this issue, the revised Doc 9303 allows for the inclusion of an radio frequency identification (RFID) chip inside the passport. In addition to storing the MRZ information mentioned above, the chip also mandates the storage of a facial image of the passport holder. Optionally, it can also store the passport holder's fingerprints and iris images. These pieces of information can be read wirelessly. All e-Passports have the following camera symbol that is printed on the front cover.
Still, these measures are not enough. This only prevents the passport from being used by others and cannot truly determine whether a passport is issued by the government or if it has been revoked. The development of cryptography has provided a new approach to solving this problem. The latest Doc 9303 allows governments to maintain certificate issuing authorities and then sign the information contained in the RFID chips. As of 2023, the allowed signature algorithms are RSA and ECC, and the hash algorithms are SHA-224, SHA-256, SHA-384, and SHA-512. ICAO maintains a Master List that includes most governments' root certificates. With this list, anyone can determine whether an e-Passport is fake with an NFC-enabled device. Below is the cryptographic signature stored in a U.S. passport's RFID chip.