#1
YesterdayFirst, before anyone gets all worried about the privacy stuff - you can't read the chip without manually entering some of the info from the passport. So, this info cannot be obtained merely by waving the smartphone near the passport.
Other than having fun, the only practical use I can think of is determining if a passport is genuine and/or whether the information was altered or photo substituted.
I just got a new Galaxy Nexus with NFC (near field communications.) I was having fun reading a Clipper Card (kind of like an Oyster card used in the SF Bay Area), and decided what to see what it could do with an epassport. It does more than I thought, here's how to do it (assuming you have an Android smartphone with an NFC chip.) I tried this on a German passport and it worked, the phone could not see the chip in a US Passport that I tried.
First, download the following from the Android market - NFC Taginfo and passportimagedecoder. Both are from NFC Research Lab.
Start up NFC Taginfo, and hold the passport near the phone. It will see the passport, and give you some info about the chip, but no data about the passport holder. There is a place to enter the following info in the app: passport number, DOB of holder, and expiration date. Enter that information.
Then start again and hold the passport to the phone. This time you will be able to see on your phone the date of issue, birthdate, issue date, expiration date, country of issue, and nationality of holder. You will also be able to see the photograph from the passport.
As I understand it the reason for requiring the information first is that this prevents scanning passports of nearby people and scraping the information. However, it allows someone with the passport in hand to verify that the info on the chip matches what is on the passport, and that there has been no substitution of the photograph.
Other than having fun, the only practical use I can think of is determining if a passport is genuine and/or whether the information was altered or photo substituted.
I just got a new Galaxy Nexus with NFC (near field communications.) I was having fun reading a Clipper Card (kind of like an Oyster card used in the SF Bay Area), and decided what to see what it could do with an epassport. It does more than I thought, here's how to do it (assuming you have an Android smartphone with an NFC chip.) I tried this on a German passport and it worked, the phone could not see the chip in a US Passport that I tried.
First, download the following from the Android market - NFC Taginfo and passportimagedecoder. Both are from NFC Research Lab.
Start up NFC Taginfo, and hold the passport near the phone. It will see the passport, and give you some info about the chip, but no data about the passport holder. There is a place to enter the following info in the app: passport number, DOB of holder, and expiration date. Enter that information.
Then start again and hold the passport to the phone. This time you will be able to see on your phone the date of issue, birthdate, issue date, expiration date, country of issue, and nationality of holder. You will also be able to see the photograph from the passport.
As I understand it the reason for requiring the information first is that this prevents scanning passports of nearby people and scraping the information. However, it allows someone with the passport in hand to verify that the info on the chip matches what is on the passport, and that there has been no substitution of the photograph.
#2
The US passport card chips have indicators that allow for a pull from government databases where the actual data about the individual is retained. At least that was to be the design for the latest iterations, so that doing what you did is not meant to work.
Did you attempt to do this with the US passport covers opened already or while closed?
Did you attempt to do this with the US passport covers opened already or while closed?
#3
With the passport open, as I had read that the US passports have shielding in the covers.
I am not sure that you are correct (but perhaps you are, you usually are pretty reliable.) I know that the US passport cards just have a number that links to a database. However, it would defeat the purpose of the epassport if the border authorities outside the US could not use the chip to authenticate the information.
Now, while I know the US is capable of hypocrisy, it would really be kind of crazy if the US could read epassports from other countries but not the other way around. In fact, the US denies entry under the visa waiver program to nationals of various otherwise eligible countries if their passport does not have a chip. So, the US insists on the ability to be able to read the chips in epassports from certain other countries (at least of those nationals want to enter under the visa waiver program.)
Edit: I misread GUWONDER's post. He was referring to the passport card when he talked about pulling from the database, not passport books.
I am not sure that you are correct (but perhaps you are, you usually are pretty reliable.) I know that the US passport cards just have a number that links to a database. However, it would defeat the purpose of the epassport if the border authorities outside the US could not use the chip to authenticate the information.
Now, while I know the US is capable of hypocrisy, it would really be kind of crazy if the US could read epassports from other countries but not the other way around. In fact, the US denies entry under the visa waiver program to nationals of various otherwise eligible countries if their passport does not have a chip. So, the US insists on the ability to be able to read the chips in epassports from certain other countries (at least of those nationals want to enter under the visa waiver program.)
Edit: I misread GUWONDER's post. He was referring to the passport card when he talked about pulling from the database, not passport books.
Quote:
Did you attempt to do this with the US passport covers opened already or while closed?
Originally Posted by GUWonder
The US passport card chips have indicators that allow for a pull from government databases where the actual data about the individual is retained. At least that was to be the design for the latest iterations, so that doing what you did is not meant to work.Did you attempt to do this with the US passport covers opened already or while closed?
#4
From the state department
An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the back cover. The chip stores:
The same data visually displayed on the data page of the passport; A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry; The unique chip identification number; and A digital signature to protect the stored data from alteration.
What are the special features of an Electronic Passport?
The special features of an Electronic Passport are:
Securely stored biographical information and digital image that are identical to the information that is visually displayed in the passport; Contactless chip technology that allows the information stored in an Electronic Passport to be read by special chip readers at a close distance; and Digital signature technology that is used to verify the authenticity of the data stored on the chip. This technology is commonly used in credit cards and other secure documents using integrated circuits or chips.
As to reading it open or closed:
“Skimming.” We use an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it.
As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:
“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the back cover. The chip stores:
The same data visually displayed on the data page of the passport; A biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry; The unique chip identification number; and A digital signature to protect the stored data from alteration.
What are the special features of an Electronic Passport?
The special features of an Electronic Passport are:
Securely stored biographical information and digital image that are identical to the information that is visually displayed in the passport; Contactless chip technology that allows the information stored in an Electronic Passport to be read by special chip readers at a close distance; and Digital signature technology that is used to verify the authenticity of the data stored on the chip. This technology is commonly used in credit cards and other secure documents using integrated circuits or chips.
As to reading it open or closed:
“Skimming.” We use an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it.
As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:
“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
#5
Quote:
“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
Some tracking is still possible even as the way the tracking is done does not rely upon a single UID or series of RUIDs and would involve databases that most skimmers would have no way to access.Originally Posted by cordelli
As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
#6
Do you have to request an ePassport or are they embedding the chip when they reissue them?
How interoperable is NFC going to be? I thought there were competing transaction systems. Saw Google Wallet available at Peete's when I was getting coffee the other day.
But it would be great if you can use NFC in phones to work with EMV card readers.
How interoperable is NFC going to be? I thought there were competing transaction systems. Saw Google Wallet available at Peete's when I was getting coffee the other day.
But it would be great if you can use NFC in phones to work with EMV card readers.
#7
Quote:
The general standard now for ordinary US passports currently issued (for new and renewal passport applicants) are epassports with the chip included.Originally Posted by wco81
Do you have to request an ePassport or are they embedding the chip when they reissue them?
#10
Quote:
UK in the past couple of months (ie latest post-August 2010 style with chip integrated into the cover)Originally Posted by BigFlyer
Which country issued the passport, and about when?
#11
Which country issued the passport, and about when?
Quote:
Originally Posted by alanjrobertson
Hmm not working for me - says 'tag remove early' and gives an authentication error despite having entered the relevant info into the app. Have dropped the developers an email!
#12
I have personally used it on UK passports of that vintage, so there is no software problem.
If you haven't already, you should try the passport in different positions.
Also, when decrypting passport data, it can take as long as 30 seconds, and you have to hold it very still. I place the passport on a table, and the phone on top. This way there is no motion.
If you haven't already, you should try the passport in different positions.
Also, when decrypting passport data, it can take as long as 30 seconds, and you have to hold it very still. I place the passport on a table, and the phone on top. This way there is no motion.
Quote:
Originally Posted by alanjrobertson
UK in the past couple of months (ie latest post-August 2010 style with chip integrated into the cover)
#14
Dodge DeBoulet , Mar 31, 2015 7:07 am
When were NFC chips first included in US passports? My current one was issued in February of 2012 and my phone (HTC One M8) does not appear to recognize the presence of a tag.
I've tried with the passport open and closed, laying open and flat with the phone sitting on it, and have removed the case from my phone.
The app recognizes the presence of NFC support; if NFC is turned off, it complains and asks me to enable it.
EDIT: My phone (or the tag) appears to be very position sensitive. I had to place the phone directly on the inside of the back cover, vertically oriented, with the top edge of the phone 1-2 cm from the top edge of the passport. Once properly aligned, it would return my passport information, including the picture, every time.
I've tried with the passport open and closed, laying open and flat with the phone sitting on it, and have removed the case from my phone.
The app recognizes the presence of NFC support; if NFC is turned off, it complains and asks me to enable it.
EDIT: My phone (or the tag) appears to be very position sensitive. I had to place the phone directly on the inside of the back cover, vertically oriented, with the top edge of the phone 1-2 cm from the top edge of the passport. Once properly aligned, it would return my passport information, including the picture, every time.