Increasing Secure Traveler Facilitation via e-Passport Passive Authentication
March 6, 2018
Electronic Passport (e-passport) technology, when implemented correctly – issued and validated in accordance with ICAO specifications and recommended processes – provides the highest level of assurance that the traveler is actually whom they claim to be. The electronic security features encoded within the chip of the e-passport both protect the data from tampering or modification, as well as provide a cryptographic binding of the document to its Issuing State, and a biometric binding of the traveler to the document. A global fabric of trust, the ICAO PKI data and processes underlying these documents, makes authentication of these security features relatively simple while ensuring that fraudulent documents are easily identified.
Incorporating these authentication processes into efficient, automated, self-service capabilities readily supports the facilitation of ever-increasing volumes of travelers without negatively impacting border queues – and actually increases the security posture of the transit point without the need for additional border personnel.
e-Passport processing not done according to specifications and guidance leaves the relying party to simply guess if the person presenting the document is who that document asserts that they are.
Sometimes this is inconsequential, sometimes it is a matter of national security. Whether this document review is done as part of the check-in process at a hotel, to prove an identity for a financial transaction, or to support a border crossing, it is imperative that document authentication processes do not facilitate identity fraud or fraudulent cross-border movement. If not properly validated, fraudulent documents can easily be used to transit borders for nefarious means, or to assume whatever identity that a person desires.
e-Passports were introduced in 2006 and now comprise the majority of travel documents in circulation. However, since not all borders implement processes to properly authenticate these tremendously secure identity documents, fraud has also been facilitated.
In 2011, Somalia stated that they will no longer accept their original green passport (which is NOT an e-passport) due to their belief that the persons presenting these passports are likely to be engaging in terrorism-related activities. The Israelis stated that they had over 135,000 documents stolen in 2010 alone, and they estimate that thousands of these documents are being used fraudulently around the world today. In fact, they have arrested numerous Iranian and Pakistani nationals attempting to use fake Israeli passports.
While we know that 139 countries are currently issuing e-Passports, based on information available from open source resources, we also know that only a small percentage of countries actually perform Passive Authentication of e-Passports as part of their border control processes.
Passive Authentication (PA) is the process that ICAO requires be performed on the cryptographic security elements protecting the personal data held within e-passport and e-Identification documents. PA unconditionally proves the authenticity of the document by evaluating its cryptographic binding to a trusted issuance infrastructure.
Without this process, anyone can generate an e-passport that meets the electronic encoding requirements and appears to be genuine.
All of the elements protected by cryptographic hashes and the digital signature protecting the document security object may properly validate using the certificate provided within the document. However, unless the certificate is proven cryptographically to have been produced by a trusted infrastructure, then the document cannot be considered authentic. In other words, if PA fails, the document should be considered as fraudulent.
As the facilitation of an increasing number of travelers continues to be a top priority for nations, careful consideration must be given to the appropriate implementation of technology to support that objective.
Border processes cannot be cumbersome to the traveler or be perceived as the cause of delays. Technology is increasingly being implemented to address this critical balancing act; self-service kiosks and automated border controls have been deployed or are being piloted across the globe. However, with an increased reliance on technology to assess the validity and authenticity of the supporting travel document, the underlying processes MUST be implemented to leverage the significant security and level of identity assurance that is provided by the e-passport. Many of these pilot implementations are basing an access decision on the comparison of the traveler’s biometrics to those found within the electronic chip of the e-passport. While biometric comparison technologies are advancing at a tremendous rate, there is no value in performing the comparison unless the document that is being used as the source of the biometric has been proven to be authentic.
PA is a critical security component that must be implemented to truly take advantage of the anti-fraud and anti-tampering security features built into e-passports. This process not only evaluates the authenticity of the document and its contents, but also facilitates the automation of traveler identity verification and transit throughout their journey.