Validating the authenticity of a passport

And while e-Passports also store a cryptographic signature to prevent tampering or forgeries, it turns out that despite having over a decade to do so, US Customs and Border Protection hasn't deployed the software needed to actually verify it.

It is a bit embarrassing."Even worse, DHS and CBP have known about the problem for at least eight years; the Government Accountability Office issued a report in 2010 detailing the need to implement signature verification for e-Passports.

"DHS does not have the capability to fully verify the digital signatures because it ...

The holdup doesn't surprise longtime border security observers.

"If you look at DHS’s track record on taking proposals from the RDT&E stage through validation and deployment, it’s a horrible track record," says Patrick Eddington, a homeland security and civil liberties policy analyst at the Cato Institute.

But Wyden and Mc Caskill stress that while the US demands that countries in the Visa Waiver program put a chip in their passports, it has failed to fully realize its own e-Passport program."CBP does not have the software necessary to authenticate the information stored on the e-Passport chips," the two Senators wrote.

"Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged."The situation appears particularly shameful given that the US led the promotion of e-Passports around the world.

That could theoretically be enough to slip into countries that allow all-electronic border checks, or even to get past a border patrol agent into the US."The idea of these things is that they’re supposed to provide some additional electronic security over a standard passport, which can be forged using traditional techniques," says Matthew Green, a cryptographer at Johns Hopkins University.

"The digital signature would provide that guarantee.

That's partly why for the last 11 years the United States has put RFID chips in the back panel of its passports, creating so-called e-Passports.

The chip stores your passport information—like name, date of birth, passport number, your photo, and even a biometric identifier—for quick, machine-readable border checks.

Proof of age card records cannot currently be matched through the DVS.

Tags: , ,