ICAO 9303
ComplianceInternational Civil Aviation Organization Doc 9303 defines the specifications for Machine Readable Travel Documents (MRTDs) including ePassports, covering chip data structure, biometric storage, and security protocols such as BAC, PACE, and Active Authentication.
What Is ICAO 9303?
ICAO Doc 9303 is the international specification published by the International Civil Aviation Organization that defines Machine Readable Travel Documents (MRTDs), including ePassports, machine readable visas, and travel cards. The standard specifies the physical document format, the machine readable zone (MRZ), the contactless chip data structure, biometric storage formats, and the security protocols that protect chip-stored data from unauthorized access and cloning.
ICAO 9303 is the foundation standard that every ePassport-issuing country must implement, ensuring global interoperability at border control points worldwide.
Document Structure
An ICAO 9303-compliant ePassport contains both physical and electronic security features:
| Layer | Components |
|---|---|
| Physical | Polycarbonate data page, laser-engraved photo, holographic laminate |
| Machine Readable Zone | Two or three lines of OCR-B text encoding name, nationality, document number, dates |
| Contactless chip | ISO 14443 Type A or B RF interface, LDS data groups |
Logical Data Structure (LDS)
The chip stores data in numbered Data Groups (DGs):
| Data Group | Content | Access Control |
|---|---|---|
| DG1 | MRZ data | BAC or PACE |
| DG2 | Facial image (JPEG/JPEG2000) | BAC/PACE |
| DG3 | Fingerprints (WSQ format) | Extended Access Control (EAC) |
| DG4 | Iris image | EAC |
| DG7 | Displayed signature/mark | BAC/PACE |
| DG14 | Security parameters | Public |
| DG15 | Active Authentication public key | Public |
| SOD | Document Security Object | Public |
The SOD contains hashes of all data groups signed by the issuing country's Document Signer certificate, which chains to the Country Signing CA (CSCA). This PKI structure allows any receiving country to verify document authenticity.
Security Protocols
ICAO 9303 defines a layered security model:
- BAC (Basic Access Control) -- derives session keys from MRZ data (document number, date of birth, expiry date) to prevent unauthorized skimming.
- PACE (Password Authenticated Connection Establishment) -- stronger alternative to BAC using Diffie-Hellman key agreement.
- Active Authentication -- the chip proves it is genuine by signing a challenge with its private key (anti-cloning).
- Chip Authentication -- establishes a strong session key using the chip's Diffie-Hellman key pair.
- Terminal Authentication -- the inspection terminal presents a CVC certificate chain proving authorization to read sensitive biometrics (DG3, DG4).
Related Content
Common Criteria for Smart Cards
Security…Card Multi-application cards SOGIS MRA PP for ePassport ICAO 9303 Machine Readable Travel Documents International EMVCo PP…
TEE vs Secure Element
Security…or certified TEE ePassport chip N/A — standalone card Yes ICAO Doc 9303 mandates dedicated chip IoT device identity TEE on capable…
ePassport Technology
Industry Applications…the Machine-Readable Travel Document (MRTD) as defined in ICAO Doc 9303 — combines a traditional booklet with a contactless ISO…
คำถามที่พบบ่อย
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.