ePassport
ApplicationAn electronic passport with an embedded contactless chip storing biometric data, defined by ICAO Doc 9303.
ePassport
An ePassportePassportApplicationPassport with embedded contactless chip.Click to view → (electronic passport) is a machine-readable travel document containing an embedded contactless smart card chip that stores the holder's biometric data, personal information, and digital security credentials. Standardized by ICAO (International Civil Aviation Organization) in Doc 9303, ePassports use ISO 14443 RF communication at 13.56 MHz and carry cryptographic protections that prevent forgery, cloning, and unauthorized data access.
Data Structure
The ePassport chip organizes data in Logical Data Structures (LDS):
| Data Group | Content | Size |
|---|---|---|
| DG1 | MRZ data (name, nationality, DOB, passport number) | ~100 bytes |
| DG2 | Facial photograph (JPEG/JPEG2000) | 10-30 KB |
| DG3 | Fingerprint images (optional, varies by country) | 30-100 KB |
| DG7 | Displayed signature/mark | 2-5 KB |
| DG11 | Additional personal details | Variable |
| DG14 | Security options (Chip Authentication, PACEPACEApplicationStrong ePassport authentication protocol.Click to view →) | Variable |
| DG15 | Active Authentication public key | ~500 bytes |
| SOD | Document Security Object — signed hash of all DGs | ~2 KB |
The SOD contains SHASHACryptographyNIST hash functions for smart card integrity and signatures.Click to view →-256 hashes of all data groups, signed by the issuing country's Document Signer Certificate, which chains up to a Country Signing CA. Border control systems verify this PKI chain to confirm document authenticity.
Security Mechanisms
ePassports implement three layers of access control and authentication:
| Mechanism | Purpose | Standard |
|---|---|---|
| BAC | Prevents eavesdropping — requires MRZ data to establish encrypted channel | ICAO 9303ICAO 9303ComplianceICAO standard for ePassport chip data and security protocols.Click to view → |
| PACE | Stronger alternative to BACBACApplicationePassport security using MRZ data.Click to view → using password-based key agreement | BSI TR-03110 |
| Passive Authentication | Verifies data integrity via SOD signature chain | ICAO 9303 |
| Active Authentication | Proves the chip is genuine (not cloned) via challenge-response | ICAO 9303 |
| Chip Authentication | Establishes a strong session key using DH key agreement | BSI TR-03110 |
| Terminal Authentication | Restricts access to sensitive data (fingerprints) to authorized terminals | BSI TR-03110 |
Chip Platform
ePassport chips are Secure Elements certified to EAL 5+ under Common Criteria, running specialized ePassport operating systems (NXP SmartMX, Infineon SLE 78/97). The chip communicates via ISO 14443 Type A or B, using APDUs defined in ICAO 9303 Part 10. Memory capacity typically ranges from 64 KB to 256 KB of EEPROM or flash to accommodate biometric data.
Global Deployment
Over 150 countries issue ePassports. The ICAO Public Key Directory (PKD) distributes Country Signing CA certificates for cross-border verification. Extended Access Control (EAC), which includes Terminal Authentication and Chip Authentication, is mandatory in the EU for accessing fingerprint data (DG3) and is implemented in many other jurisdictions.
Related Content
Smart Card Fundamentals
Getting Started…($2–$15) Examples MIFARE Classic, SLE 4442 EMV chip, ePassport, PIV How Communication Works When a contact card is…
Contact vs Contactless vs Dual-Interface
Getting Started…deployments. Typical applications: banking EMV cards, ePassport chips (in the document's RF chip — actually contactless,…
Smart Card Reader Setup Guide
Getting Started…cards, passports Dual-interface Both EMV dual-interface, ePassport readers USB CCID USB 2.0 class 0x0B PC-connected contact…
Common Criteria for Smart Cards
Security…augmented Additional assurance components (e.g. ALC_DVS.2) ePassport, payment chips EAL5 Semiformally designed Semiformal…
HSM Integration for Smart Cards
Security…Requirements Common Criteria EAL4+ For government / ePassport PKI FIPS 140-3 Level 3 requires physical tamper-evidence…
TEE vs Secure Element
Security…(Level 1) For Level 2 FIDO L2 requires SE or certified TEE ePassport chip N/A — standalone card Yes ICAO Doc 9303 mandates…
APDU Command Reference
Programming…3-byte Lc and Le fields. Extended length is mandatory for ePassport biometric data transfer and large certificate chains.…
PC/SC Programming Guide
Programming…# READ BINARY (first 16 bytes from EF.COM in ePassport) READ_BINARY = [0x00, 0xB0, 0x00, 0x00, 0x10] data, sw1,…
Häufig gestellte Fragen
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.