Feds Rethinking RFID Passport

0 comments
Source Title:
Feds Rethinking RFID Passport
Story Text:

Wired have a report that the USA Government is shifting its ground on RFID Passports to include more security for the passport owner. I always though that it was potty to have this form of "open" access to passports, that could be read by anyone at a distance with a cheap scanner. This is what they are thinking of now...

The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport's chip. It would also encrypt data as it's transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.

Mr Moss, deputy assistant secretary for passport services, obviously does not read ThreadWatch, cos we were telling him this months ago..

"Basically what changed my mind was a recognition that the (reading distance) may have actually been able to be more than 10 centimeters, and also recognition that we had to do everything possible to protect the security of people," Moss said.

and the solution from US government is:-

Basic Access Control, or BAC, works this way: The data on a passport would be stored on an RFID chip in the passport's back folder, but the data would be locked and unavailable to any reader that doesn't know a secret key or password to unlock the data. To obtain the key, a passport officer would need to physically scan the machine-readable text that's printed on the passport page beneath the photo (this usually includes date of birth, passport number and expiration date). The reader would then hash the data to create a unique key that could be used to authenticate the reader and unlock the data on the RFID chip.