ICAO 9303
ComplianceInternational Civil Aviation Organization Doc 9303 defines the specifications for Machine Readable Travel Documents (MRTDs) including ePassports, covering chip data structure, biometric storage, and security protocols such as BAC, PACE, and Active Authentication.
What Is ICAO 9303?
ICAO Doc 9303 is the international specification published by the International Civil Aviation Organization that defines Machine Readable Travel Documents (MRTDs), including ePassports, machine readable visas, and travel cards. The standard specifies the physical document format, the machine readable zone (MRZ), the contactless chip data structure, biometric storage formats, and the security protocols that protect chip-stored data from unauthorized access and cloning.
ICAO 9303ICAO 9303ComplianceICAO standard for ePassport chip data and security protocols.Click to view → is the foundation standard that every ePassportePassportApplicationPassport with embedded contactless chip.Click to view →-issuing country must implement, ensuring global interoperability at border control points worldwide.
Document Structure
An ICAO 9303-compliant ePassport contains both physical and electronic security features:
| Layer | Components |
|---|---|
| Physical | Polycarbonate data page, laser-engraved photo, holographic laminate |
| Machine Readable Zone | Two or three lines of OCR-B text encoding name, nationality, document number, dates |
| Contactless chip | ISO 14443 Type A or B RF interface, LDS data groups |
Logical Data Structure (LDS)
The chip stores data in numbered Data Groups (DGs):
| Data Group | Content | Access Control |
|---|---|---|
| DG1 | MRZ data | BAC or PACE |
| DG2 | Facial image (JPEG/JPEG2000) | BACBACApplicationePassport security using MRZ data.Click to view →/PACEPACEApplicationStrong ePassport authentication protocol.Click to view → |
| DG3 | Fingerprints (WSQ format) | Extended Access Control (EAC) |
| DG4 | Iris image | EAC |
| DG7 | Displayed signature/mark | BAC/PACE |
| DG14 | Security parameters | Public |
| DG15 | Active Authentication public key | Public |
| SOD | Document Security Object | Public |
The SOD contains hashes of all data groups signed by the issuing country's Document Signer certificate, which chains to the Country Signing CA (CSCA). This PKI structure allows any receiving country to verify document authenticity.
Security Protocols
ICAO 9303 defines a layered security model:
- BAC (Basic Access Control) -- derives session keys from MRZ data (document number, date of birth, expiry date) to prevent unauthorized skimming.
- PACE (Password Authenticated Connection Establishment) -- stronger alternative to BAC using Diffie-Hellman key agreement.
- Active Authentication -- the chip proves it is genuine by signing a challenge with its private key (anti-cloning).
- Chip Authentication -- establishes a strong session key using the chip's Diffie-Hellman key pair.
- Terminal Authentication -- the inspection terminal presents a CVC certificate chain proving authorization to read sensitive biometrics (DG3, DG4).
Related Content
Frequently Asked Questions
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.