Second generation ePassports under scrutiny

Years of hard work put in by ePassport experts in countries across the EU is to be put under the spotlight this week as they test their progress towards a second-generation ePassport framework including capabilities for Extended Access Control (EAC).

All eyes will be on a key interoperability event which is now underway in Prague. The ePassports EAC Conformity & Interoperability Tests show is hosted by the Interior Ministries of the Czech Republic and France and will see governments from around the world test their ePassports for conformity to required specifications and interoperability.

"The technology requirements for Extended Access Control ePassports are quite stringent," said Bob Carter, Chairman, Brussels Interoperability Group, one of the event’s supporters.

The second generation of ePassports, based on EAC, allows governments to leverage a stronger biometric that is more difficult to impersonate on the RFID chip, typically a fingerprint or iris scan. EAC ePassports also require the encryption of the chip contents; even if a criminal has the ability to impersonate the enhanced biometric, access to the chip contents is denied with encryption.

A spokesman for one of the companies presenting and exhibiting at the show, Entrust, commented: "The additional security measures in EAC ePassports provide more assurance that biometric data is properly encrypted and that criminals will not be able to impersonate the identity contained on a genuine passport. We applaud the EU for mandating the move to EAC ePassports as they will severely limit criminal organizations’ ability to forge documents and cross borders undetected."

Because of the stringent access controls of the second-generation ePassports, the PKI requirements are much higher, demanding a vendor that can provide scalability, reliability and unprecedented performance. It is this PKI foundation that allows ePassports data to be accessed at border stations with proper authentication and to be denied by criminals who may seek access to the data for purposes of manipulation or impersonation.

"The technology in the new ePassports coming out in less than a year sufficiently addresses the privacy concerns that have haunted the first-generation, RFID-enabled passports," said Carter. 

SDW is in Prague and will be bringing readers a live digest of news from the event’s conference, starting Wednesday.