Second generation German ePassports launched

01 November 2007

From today (1 November 2007), second-generation ePassports are being rolled out in Germany, with two fingerprints images being stored in the ePassport’s chip, although not in any central database. Germany is the first country in Europe to move over to the new system. The deadline for compliance and migration to next-generation ePassports is set by the European Union for 28 June 2009.

Following the launch of Germany’s first phase of electronic passports in November 2005, Germany’s passport producer, Bundesdruckerei, said it expected the second phase to get off to a successful start.

"We have performed numerous test runs in recent weeks and months, all of which went well. We are very confident that the launch of the second phase on 1 November will be a success,” said Ulrich Hamann, CEO of Bundesdruckerei.

The addition of two fingerprint images in the ePassports requires an enhanced security procedure called Extended Access Control (EAC). EAC provides the necessary stronger cryptography to protect privacy sensitive data and to safeguard against cloning. Bundesdruckerei is believed to be the first company in the world to implement EAC protocols in order to protect fingerprints, according to the EU standard.

From today, the almost 6,000 passport offices in Germany will now send applications in electronic rather than paper form to Bundesdruckerei. In addition to this, passport office staff will capture two fingerprints from each applicant in a precisely defined procedure and integrate these into the application. The fingerprint images will be stored on the chip in the passport only.

Through a variety of suppliers, such as Dermalog, Cross Match and Green Bit, Bundesdruckerei has provided the passport authorities with fingerprint scanners to capture these fingerprints. Extensive training materials were provided by the German Federal Ministry of the Interior and Bundesdruckerei in order to teach staff how to use the hardware and software correctly.

The application data is encrypted and sent in digital form to Bundesdruckerei. In order to ensure secure transmission of the data, Bundesdruckerei has established new data channels and invested in new hardware and software. The OSCI (Online Services Computer Interface) transport standard is used to transmit the data.

Hamann commented: "One huge challenge which we faced was the integration of the necessary technologies into the passport offices’ extremely heterogeneous IT landscape as well as the need to promptly implement changing specifications at short notice."

Whilst at a passport office, citizens can view the contents of the chip in their passports using an ePassport reader. Since fingerprint data is particularly sensitive, this data is given special protection.

NXP, the independent semiconductor company founded by Philips, supplied its latest smart chip technology to the German project. The company’s new SmartMX chip enables biometric data to be securely stored on the passport, creating an even stronger link between the document and its owner.

NXP has so far shipped around 4.5 million ePassport chip solutions consisting of chip, chip operating system and inlay to Bundesdruckerei. According to NXP, the new SmartMX chips comprise a number of unique security features to guard against attack scenarios with light and lasers as well as a dedicated hardware firewall to protect specific sections on the chip. In addition, NXP claims that the ICs also provide faster read and write capabilities due to optimized hardware and software, enabling about three times faster personalization of passports compared to the first ePassport generation.