Text: Stéfane Mouille, Gemalto
The International Civil Aviation Organization (ICAO) is working on the next evolution of the ePassport standard, initially implemented in 2004. While the initial version of the standard focused on the electronification of the passport data page, LDS 2 will address the electronification of the rest of the document.
It aims to remove current limitations of travel documents, such as visa stickers, which usually feature a separate machine readable zone, which has to be scanned in addition to the ePassport’s own machine readable zone.
With the LDS2, the visa and entry/exit information will be digit- ally signed and automatically retrieved from the chip, speeding up the inspection while at the same time enhancing security.
The next release of the standard will also accommodate addi- tional biometrics, in order to allow the use of proprietary templates by issuing countries for their own needs.
LDS2 will be limited in scope to include information issued and approved by government entities only, and there are no plans to accommodate third party or commercial interests, such as airlines applications, such as frequent flying programs and boarding passes.
In order to allow secure post issuance of data in the ePassport chip, enhanced security mechanisms will be put in place, building on the European Union’s implementation of Extended Access Control (EAC). The management of access control rights to the chip (reading and writing) will be handled under the authoriza- tion of the issuing member state and using the ICAo Public Key Directory as a credential broker. This will insure protection of the passport against malicious writing as well as protection of the citi- zen’s data against access by non-authorized parties.
The LDS2 application will operate alongside the existing LDS. Access control will be designed as an integrated whole, while keeping full backward compatibility.
The chip storage capacity will limit the number of travel history entries that can be stored. Data management requires to determine whether the data to be stored is of time limited value or passport lifetime value. Careful consideration is given to mini- mizing data and security in order to optimize transaction time.
Since LDS2 mimics the booklet’s visa, chip-size calculations should relate to the number of visa pages. Travel records will store information such as the type (entry, exit, other), travel dates, destination state, inspection authority, authenticity token. Visa records will store information such as the issuing state, the type of visa, the place of issuance, the time validity, the author- ized maximum number of entries, visa number, as well as visa holder data (name, passport number, date of birth, citizenship). From a security point of view, all data written to the LDS2 application will be signed by the inspection or visa issuance system storing the data on the chip, to allow verification of the authenticity of the data and prevent storing invalid data. The ICAO task force is currently working on the technical aspects, which are expected to be finalized by the end of 2013, with first deployments planned for 2015.
This article was first published in the Vault, #13, November 2013