Many passports are now embedded with a radio frequency identification (RFID) chip which allows biometric and other data to be stored on the passport using the chip. Data may be wirelessly read from the chip using electromagnetic fields generated by a reader. The chip responds by transmitting data via an electromagnetic field coil associated with the chip.
Biometric passports are equipped with protection mechanisms to avoid and/or detect attacks. Biometric passports and chip characteristics are documented in the International Civil Aviation Civil Organization's (ICAO) Doc 9303. Most biometric passports at a minimum support Basic Access Control (BAC), which is mandatory in Europe. BAC protects the communication channel between the chip on or within the passport and the reader by encrypting transmitted information. Usually, data is stored on the passport in an encrypted or secured form which is accessible using a key. This prevents unauthorised users from skimming i.e. unauthorised reading of the data stored in the chip. Furthermore, an eavesdropper cannot eavesdrop information being transferred without knowing the correct key if the passport supports BAC.
Typically, at some point prior to a passenger's departure on a flight, a security check is performed to verify that a passenger's name on a boarding pass matches the name on their passport. The information stored on the chip, such as biometric information, may be used to authenticate the identity of a traveller. A boarding pass is usually a paper document with the passenger's name, flight details, gate and seat number printed on it. Usually, the security check is a visual check performed by a security officer who checks that the passenger name on the boarding pass matches the passenger name on the passenger's passport. The security officer will usually check that the photograph shown on the passport is of the passenger using the passport. As this is a visual check, it is prone to human error.
In some cases, the security check will include reading the biometric data stored on the RFID chip embedded in the passport. However, as the data stored on the chip is encrypted, before data can be read from the passport, the reader needs to provide a key, which may be derived from a Machine Readable Zone (MRZ) located within the passport.
In order to read the data from the MRZ, the passport must be opened and placed on an optical reader, which performs Optical Character Recognition (OCR) on the MRZ. Optical Character Recognition is the mechanical or electronic translation of scanned images of printed text into machine-encoded text.
The reader then derives the key from the data read from the Machine Readable Zone data of the passport. A second RFID scan is then performed which uses the key derived from the OCR to retrieve the biometric data from the passport. This is a two-step process and is prone to error particularly during the OCR part. This is because the OCR part is sensitive to where the passport is placed on the scanner and also may also give an incorrect reading due to dirt on the scanner glass. If an error occurs during the OCR part, then the RFID scan will fail. To recover, the MRZ data has to be manually entered in order to read the biometric data. Because the interpretation of the MRZ is currently done using OCR, only accuracy rates of 80% to 90% can be achieved.