Go Back   FlyerTalk Forums > Travel&Dining > Travel Technology
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old May 2, 12, 4:48 pm   #1
 
Join Date: Jul 2000
Posts: 1,793
Viewing Info on Epassport Chip Using Android Phone with NFC

First, before anyone gets all worried about the privacy stuff - you can't read the chip without manually entering some of the info from the passport. So, this info cannot be obtained merely by waving the smartphone near the passport.

Other than having fun, the only practical use I can think of is determining if a passport is genuine and/or whether the information was altered or photo substituted.

I just got a new Galaxy Nexus with NFC (near field communications.) I was having fun reading a Clipper Card (kind of like an Oyster card used in the SF Bay Area), and decided what to see what it could do with an epassport. It does more than I thought, here's how to do it (assuming you have an Android smartphone with an NFC chip.) I tried this on a German passport and it worked, the phone could not see the chip in a US Passport that I tried.

First, download the following from the Android market - NFC Taginfo and passportimagedecoder. Both are from NFC Research Lab.

Start up NFC Taginfo, and hold the passport near the phone. It will see the passport, and give you some info about the chip, but no data about the passport holder. There is a place to enter the following info in the app: passport number, DOB of holder, and expiration date. Enter that information.

Then start again and hold the passport to the phone. This time you will be able to see on your phone the date of issue, birthdate, issue date, expiration date, country of issue, and nationality of holder. You will also be able to see the photograph from the passport.

As I understand it the reason for requiring the information first is that this prevents scanning passports of nearby people and scraping the information. However, it allows someone with the passport in hand to verify that the info on the chip matches what is on the passport, and that there has been no substitution of the photograph.
BigFlyer is offline   Reply With Quote
Old May 2, 12, 5:43 pm   #2
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Programs: Just Say No to Fleecing
Posts: 72,758
The US passport card chips have indicators that allow for a pull from government databases where the actual data about the individual is retained. At least that was to be the design for the latest iterations, so that doing what you did is not meant to work.

Did you attempt to do this with the US passport covers opened already or while closed?
__________________
Like TSA, DL SkyMiles management treats airline customers as if they are the enemy or sheep to be fleeced and it shows.
GUWonder is offline   Reply With Quote
Old May 2, 12, 5:55 pm   #3
 
Join Date: Jul 2000
Posts: 1,793
With the passport open, as I had read that the US passports have shielding in the covers.

I am not sure that you are correct (but perhaps you are, you usually are pretty reliable.) I know that the US passport cards just have a number that links to a database. However, it would defeat the purpose of the epassport if the border authorities outside the US could not use the chip to authenticate the information.

Now, while I know the US is capable of hypocrisy, it would really be kind of crazy if the US could read epassports from other countries but not the other way around. In fact, the US denies entry under the visa waiver program to nationals of various otherwise eligible countries if their passport does not have a chip. So, the US insists on the ability to be able to read the chips in epassports from certain other countries (at least of those nationals want to enter under the visa waiver program.)

Edit: I misread GUWONDER's post. He was referring to the passport card when he talked about pulling from the database, not passport books.





Quote:
Originally Posted by GUWonder View Post
The US passport card chips have indicators that allow for a pull from government databases where the actual data about the individual is retained. At least that was to be the design for the latest iterations, so that doing what you did is not meant to work.

Did you attempt to do this with the US passport covers opened already or while closed?

Last edited by BigFlyer; May 2, 12 at 7:11 pm.
BigFlyer is offline   Reply With Quote
Old May 2, 12, 6:44 pm   #4
In Memoriam
 
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,819
From the state department

An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the back cover. The chip stores:

The same data visually displayed on the data page of the passport; A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry; The unique chip identification number; and A digital signature to protect the stored data from alteration.

What are the special features of an Electronic Passport?

The special features of an Electronic Passport are:

Securely stored biographical information and digital image that are identical to the information that is visually displayed in the passport; Contactless chip technology that allows the information stored in an Electronic Passport to be read by special chip readers at a close distance; and Digital signature technology that is used to verify the authenticity of the data stored on the chip. This technology is commonly used in credit cards and other secure documents using integrated circuits or chips.


As to reading it open or closed:

“Skimming.” We use an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it.

As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:

“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
__________________
Mike Cordelli mike@cordelli.com
cordelli is offline   Reply With Quote
Old May 4, 12, 4:37 pm   #5
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Programs: Just Say No to Fleecing
Posts: 72,758
Quote:
Originally Posted by cordelli View Post
As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:

“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
Some tracking is still possible even as the way the tracking is done does not rely upon a single UID or series of RUIDs and would involve databases that most skimmers would have no way to access.
__________________
Like TSA, DL SkyMiles management treats airline customers as if they are the enemy or sheep to be fleeced and it shows.
GUWonder is offline   Reply With Quote
Old May 5, 12, 11:25 am   #6
 
Join Date: Oct 2004
Location: Bay Area
Programs: SkyMiles
Posts: 3,461
Do you have to request an ePassport or are they embedding the chip when they reissue them?

How interoperable is NFC going to be? I thought there were competing transaction systems. Saw Google Wallet available at Peete's when I was getting coffee the other day.

But it would be great if you can use NFC in phones to work with EMV card readers.
wco81 is offline   Reply With Quote
Old May 5, 12, 7:52 pm   #7
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Programs: Just Say No to Fleecing
Posts: 72,758
Quote:
Originally Posted by wco81 View Post
Do you have to request an ePassport or are they embedding the chip when they reissue them?
The general standard now for ordinary US passports currently issued (for new and renewal passport applicants) are epassports with the chip included.
__________________
Like TSA, DL SkyMiles management treats airline customers as if they are the enemy or sheep to be fleeced and it shows.
GUWonder is offline   Reply With Quote
Old May 5, 12, 9:55 pm   #8
 
Join Date: Oct 2004
Location: Bay Area
Programs: SkyMiles
Posts: 3,461
OK, I got my new one last August.
wco81 is offline   Reply With Quote
Old Mar 25, 13, 3:45 pm   #9
 
Join Date: Jun 2005
Location: UK
Programs: BD/BA G, A3*G, VS G, AF/KL S, HHonors D, PC Plat, SPG G, CC G, Hertz 5*
Posts: 2,749
Hmm not working for me - says 'tag remove early' and gives an authentication error despite having entered the relevant info into the app. Have dropped the developers an email!
EDIflyer is offline   Reply With Quote
Old Mar 25, 13, 3:59 pm   #10
 
Join Date: Jun 2005
Location: UK
Programs: BD/BA G, A3*G, VS G, AF/KL S, HHonors D, PC Plat, SPG G, CC G, Hertz 5*
Posts: 2,749
Quote:
Originally Posted by BigFlyer View Post
Which country issued the passport, and about when?
UK in the past couple of months (ie latest post-August 2010 style with chip integrated into the cover)
EDIflyer is offline   Reply With Quote
Old Mar 25, 13, 4:35 pm   #11
 
Join Date: Jul 2000
Posts: 1,793
Which country issued the passport, and about when?


Quote:
Originally Posted by alanjrobertson View Post
Hmm not working for me - says 'tag remove early' and gives an authentication error despite having entered the relevant info into the app. Have dropped the developers an email!
BigFlyer is offline   Reply With Quote
Old Mar 25, 13, 4:50 pm   #12
 
Join Date: Jul 2000
Posts: 1,793
I have personally used it on UK passports of that vintage, so there is no software problem.

If you haven't already, you should try the passport in different positions.

Also, when decrypting passport data, it can take as long as 30 seconds, and you have to hold it very still. I place the passport on a table, and the phone on top. This way there is no motion.



Quote:
Originally Posted by alanjrobertson View Post
UK in the past couple of months (ie latest post-August 2010 style with chip integrated into the cover)
BigFlyer is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 1:20 am.