ePassport Technology
ICAO 9303, BAC, PACE, and biometric storage.
ePassport Technology
The ePassportePassportApplicationPassport with embedded contactless chip.Click to view → — formally known as the Machine-Readable Travel Document (MRTD) as defined in ICAO Doc 9303 — combines a traditional booklet with a contactless ISO 14443 smart card chip. Since 2006, over 150 countries have issued ePassports, embedding biometric data, digital signatures, and cryptographic access controls directly into the travel document. Understanding the underlying technology clarifies both its security strengths and its operational complexity.
ICAO Doc 9303 and the LDS Structure
ICAO Doc 9303 Part 10 defines the Logical Data Structure (LDS) — the file system stored on the ePassport chip. The LDS organises data into numbered Data Groups (DGs):
| Data Group | Contents | Mandatory |
|---|---|---|
| DG1 | Machine-Readable Zone data (name, DOB, expiry) | Yes |
| DG2 | Facial image (JPEG2000) | Yes |
| DG3 | Fingerprints | Optional (EAC required) |
| DG4 | Iris images | Optional (EAC required) |
| DG7 | Displayed signature | Optional |
| DG14 | Security infos (CA, PACEPACEApplicationStrong ePassport authentication protocol.Click to view →) | Required for PACE |
| DG15 | Active Authentication public key | Optional |
| EF.SOD | Document Security Object (signed hash) | Yes |
The EF.SOD is the cryptographic anchor: it contains SHASHACryptographyNIST hash functions for smart card integrity and signatures.Click to view → hashes of all DGs, signed by the issuing State's Document Signer Certificate. A receiving state's terminal verifies this chain up to the ICAO Public Key Directory (PKD), confirming the chip data matches what the issuing authority certified.
The ATR parser can identify ePassport chips from their Answer to Reset, distinguishing PACE-capable chips from older BAC-only implementations.
Basic Access Control (BAC)
BAC prevents skimming by requiring an optical read of the Machine-Readable Zone (MRZ) before any chip communication. The terminal derives session keys from the MRZ data (document number, date of birth, expiry date) using 3DES3DESCryptographyLegacy triple-DES symmetric cipher in payment smart cards.Click to view →, establishing an encrypted channel before any data is exchanged.
BACBACApplicationePassport security using MRZ data.Click to view → is mandatory for DG1/DG2 access in pre-2010 passports. Its weakness is that the entropy of MRZ fields is modest — a document number is predictable within known ranges — but physical custody of the passport is required to read the MRZ, providing a meaningful access gate.
PACE: Password Authenticated Connection Establishment
PACE (ICAO Doc 9303 Part 11) replaces BAC with a cryptographically stronger password-authenticated key exchange. Instead of deriving keys directly from MRZ data, PACE uses the MRZ (or a CAN — Card Access Number) as a password to establish an ephemeral Diffie-Hellman session.
| Feature | BAC | PACE |
|---|---|---|
| Underlying protocol | 3DES key derivation | ECDH / DH authenticated KE |
| Replay protection | Limited | Full (nonce-based) |
| Brute-force resistance | Moderate | High |
| Required for | All ePassports | PACE-capable chips (post-2010) |
| Mandated by ICAO | Doc 9303 (2006) | Doc 9303 Part 11 (supplement) |
PACE negotiation uses APDUs over the ISO 7816 / ISO 14443ISO 14443StandardStandard for contactless smart cards.Click to view → transport. The ATR and CardAccess file (EF.CardAccess) advertise supported PACE parameter IDs so the terminal selects the strongest available option.
EAC: Extended Access Control for Biometrics
Fingerprint (DG3) and iris (DG4) data are protected by Extended Access Control (EAC), which requires a two-phase protocol beyond PACE:
- Chip Authentication (CA) — The chip proves it holds the genuine private key matching the DG14 public key. This also upgrades session keys to stronger ECCECCCryptographyEfficient public-key cryptography using elliptic curves.Click to view →-based keys.
- Terminal Authentication (TA) — The terminal proves it holds an authorised IS (Inspection System) certificate issued by a Country Verifying CA (CVCA). Without a valid IS certificate, DG3/DG4 remain inaccessible.
This certificate chain (CVCA → DV → IS) ensures only authorised border agencies in approved countries can read fingerprint data — a critical privacy and sovereignty control.
Security Properties Summary
| Threat | Countermeasure |
|---|---|
| Skimming from pocket | BAC / PACE (MRZ required) |
| Cloned chip | Passive Authentication (EF.SOD signature) |
| Data tampering | Passive Authentication hash chain |
| Unauthorised biometric read | EAC Terminal Authentication |
| Tracking / linkability | PACE nonce (prevents chip fingerprinting) |
| Expired certificates | CVCA revocation / IS expiry |
For a hands-on look at ePassport chip responses, use the ATR parser. Related reading: ISO 14443 Deep Dive and the National eID Deployment Guide.
Häufig gestellte Fragen
An ePassport (biometric passport) is a travel document containing an RFID chip compliant with ICAO Document 9303 and ISO 14443. The chip stores logical data groups including the MRZ (Machine Readable Zone) data, facial image (mandatory), fingerprints (optional per issuing state), iris scans (optional), and a Document Security Object (SOD) containing digital signatures over all data groups by the issuing country's Document Signer Certificate.
Basic Access Control (BAC) uses a 3DES key derived from the passport's MRZ data (document number, date of birth, expiry date) to establish an encrypted session, preventing unauthorized reading of chip data. Password Authenticated Connection Establishment (PACE), introduced in ICAO Doc 9303 Part 11, replaces BAC with a more secure Diffie-Hellman-based protocol that uses the same MRZ key but provides stronger authentication and forward secrecy. PACE is mandatory for new EU ePassports.
Passive Authentication (PA) verifies that chip data has not been tampered with by validating the Document Security Object (EF.SOD) signature chain: the reader verifies the SOD signature using the Document Signer Certificate (DSC), then verifies the DSC against the Country Signing Certificate Authority (CSCA) certificate, which is distributed through the ICAO PKD (Public Key Directory). PA proves data authenticity but not chip genuineness — that requires Active Authentication or Chip Authentication.
Extended Access Control (EAC) is an additional security layer protecting sensitive biometric data (fingerprints, iris) stored in ePassports beyond the basic chip data. It consists of two sub-protocols: Chip Authentication (CA), which proves the chip contains the genuine private key and prevents cloning, and Terminal Authentication (TA), which verifies the inspection system holds a valid authorization certificate from the issuing state before granting access to restricted data groups. EAC is mandatory in the EU Schengen zone for fingerprint-bearing passports.
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.