Is this as a result of my complaint!!
A year ago I reported to the Passport office that I could detect my wifes passport at 10m. It would then be little effort to read the information, clone it and use the information to recreate a passport.
Then the israelis did their thing. I reiterated my notes and my complaints.
I then had to get my passport renewed which I did at Peterborough and again voiced my concerns.
The result eventually was attached below some 6 months ago!!!
:-
I have now had a response to your complaint which details the technology used within the biometric passports currently being issued. I hope that the explanation below will reassure you and answer the points raised in your emails.
"IPS issues passports in accordance with the International Civil Aviation Organisation standard 9303. Since 2005, IPS has issued passports containing a RFID chip
and Antennae. The chip works in accordance with the ISO/IEC 14443 standard
The chip contains the same data as printed in the Machine Readable Zone on the biodata page of the passport plus the holders photograph. The Machine Readable Zone is the two lines of data, interspersed with chevrons (<) at the bottom of the biodata page.
In response to concerns that an ePassport could be used to track an individual, ICAO 9303 includes Basic Access Control.
Basic Access Control operates by the document reader generating a cryptographic key based on data within the Machine Readable Zone. This key is used to encrypt the communication between the reader and chip. If a reader attempts to skim the data from the chip without having access to the MRZ, the chip will break the communication without revealing any personal data, the nationality of the passport issuer or data that would allow identification of that particular passport.
A legitimate read of the passport will provide the holders details, in the same way that copying the biodata page of a non-chipped passport will provide the holders details. The value of this is limited as the data is protected by a digital signature.
A digital signature is generated using Public Key Infrastructure (PKI). This relies on asymmetric key pairs. A key is the code used to encrypt or decrypt a message. Asymmetric keys pairs are linked keys with the feature that anything encrypted with one key can only be decrypted with the other key. An asymmetric key can not decrypt anything it encrypted.
The data on the chip is hashed (a one way zip producing a relatively unique number) and then encrypted with an IPS Private Key, to create the digital signature. These private keys are maintained in a secure environment within IPS and are not released outside the production process. The chip contains the Public Key (the paired key capable of decrypting material encrypted with the Private Key), which is also freely distributed via the ICAO Public Key Directory.
A document reader can use the public key to decrypt the digital signature to obtain the original hashed value. The reader then repeats the hash exercise on the data it obtained from the chip. If the data has been changed since the digital signature was created, the hash values will not match.
This limits what can be done with the electronic data on the chip, as any changes can be detected. While a clone could be created it would be of very limited value as the data remains unchanged from the original and the cloner also has to recreate all the physical security features in the passport.
With regard to the risk of “frying” the chip, they are designed to withstand an induced electrostatic discharge voltage of at least +/- 2kV directly at the antenna-chip connection. This would require sufficient power to be transmitted through the antenna to create such a discharge. If the passport is treated with the same care as any other device containing microchips (for example a mobile phone), there is no reason the chip should be damaged.
A passport with a non-functioning chip is still valid for travel but will be unable to use automatic gates and may attract increased interest in the holder from border control."