D6.4 Report On Improvements To Electronic Passports: Pervasive and User Focused Biometrics Border Project (Protect)

Ref.
Ares(2017)5875948 - 30/11/2017

Pervasive and UseR Focused BiomeTrics BordEr ProjeCT

(PROTECT)
H2020 – 700259

D6.4 Report on improvements to electronic

passports
Authors: Frank Schmalz (Veridos)

Deliverable nature: <Report (R)>
Dissemination level: <Public (PU)>
(Confidentiality)
Version: 1.0
Date: 2017-11-28
Keywords:

PROTECT H2020 Project No. 700259 Deliverable D6.4
Executive summary
This report explores possibilities to store new biometric modalities in electronic passports (eMRTD) to
improve the convenience and speed of the border control process as requested in the call.
The PROTECT project undertook to research the storage and access of the new biometric feature templates
in ePassports through the Logical Data Structure 2 (LDS2) specification and to research new transmission
and access modes for authorized systems which do not require a reading of the MRZ or CAN.
The report details possible approaches to meet the objectives of the call with modified electronic
passports. The objective of “…a most fluent non-intrusive control process…” is hardest to achieve without
giving up any of the data protection or privacy properties of the current system. The Proximity Technology
currently used in electronic passports can only be read out from a distance of approximately 5cm.
Protection Against Tracking, Skimming and Eavesdropping requires the MRZ to be read from the datapage
of the passport. For this the booklet has to be opened and placed on an optical scanner. Together with a
reading time of 5-6 seconds this makes a real non-stop border control process impossible. The largest
impact would be the introduction of secure UHF chips. However, this has major legal and ethical
implications.
For the secure storage of additional biometrics Logical Data Structure 2 seems to be the most promising
approach with the least ethical implications as well as same or higher level of security as the status quo.
Other approaches rely on external data storage in databases. The data in these databases could be
encrypted with keys stored in the document but from the data protection point of view this is still inferior
to a direct storage in the security chip of the document.
The next step will be to specify electronic passport applications for the demonstrators being able to
support the described scenarios. Demonstrator electronic passport applications as well as the
corresponding PKI CAs will be programmed. Finally demo passport booklets with the programmed
applications will be created for demonstration purposes.

Page 2 of 33

Deliverable D6.4 PROTECT H2020 Project No. 700259
Document Information
Project Number H2020 - 700259 Acronym PROTECT
Full Title Pervasive and UseR Focused BiomeTrics BordEr ProjeCT
Project URL http://www.projectprotect.eu/
Document URL
EU Project Officer Agnieszka Marciniak

Date of Delivery Contractual M15 Actual M15

Authors Frank Schmalz(VD)
(names and affiliations)

Reviewers Jens Urmann (GD), Silke Bargstädt-Francke(VD), Frank Dumortier (UM), Chris
Hurrey (IRM), Jürgen Bonfert (VD)

Version Log
Issue Date Rev. No. Author Change
2017-10-24 0.1 Frank Schmalz Initial Revision
2017-11-01 0.2 Frank Schmalz Added section on LDS2
2017-11-10 0.3 Frank Schmalz Added section on database pointer
application
2017-11-13 0.4 Frank Schmalz Added section on secure UHF
2017-11-15 0.5 Frank Schmalz Added pictures
2017-11-16 0.6 Frank Schmalz Ready for Review
2017-11-18 0.61 Chris Hurrey Language/operational review
2017-11-20 0.7 Jens Urmann Technical Review
2017-11-26 0.9 Frank Schmalz Pre-Final Version
2017-11-30 1.0 Frank Schmalz, James Final Version
Ferryman, Lulu Chen

Page 3 of 33

Table of Contents
Executive summary ........................................................................................................................................... 2
Document Information ...................................................................................................................................... 3
Table of Contents .............................................................................................................................................. 4
Abbreviations .................................................................................................................................................... 6
Definitions ......................................................................................................................................................... 7
1 Introduction ................................................................................................................................................ 8
1.1 Purpose of the document ..................................................................................................................... 8
1.2 Contributions/Outcome ....................................................................................................................... 9
2 Properties of current ICAO compliant electronic passports ....................................................................... 9
2.1 Content ............................................................................................................................................... 10
2.2 Inalterability ....................................................................................................................................... 11
2.3 Data Authenticity ............................................................................................................................... 11
2.4 Protection Against Tracking ............................................................................................................... 12
2.5 Protection Against Skimming ............................................................................................................. 12
2.6 Protection Against Eavesdropping ..................................................................................................... 12
2.7 Protection Against Copying ................................................................................................................ 12
2.8 Access Control for Fingerprints and Iris ............................................................................................. 12
2.9 Data Transfer Speeds ......................................................................................................................... 13
2.10 Passport Generations ....................................................................................................................... 13
3 Properties of EU electronic passports ....................................................................................................... 13
4 Limitations of current electronic passports .............................................................................................. 13
4.1 Limitations affecting the storage of additional biometrics ................................................................ 13
4.1.1 Data structure .............................................................................................................................. 13
4.1.2 Inalterability ................................................................................................................................. 13
4.2 Limitations affecting a non-stop border control process ................................................................... 14
4.2.1 Data Transfer Speeds ................................................................................................................... 14
4.2.2 Proximity Technology .................................................................................................................. 14
4.2.3 Protection Against Tracking, Skimming and Eavesdropping ........................................................ 14
5 Possible improvements for PROTECT ....................................................................................................... 15
5.1 Legal restrictions ................................................................................................................................ 15
5.2 Storage of additional biometrics in datagroup 13 .............................................................................. 15
5.3 Logical Data Structure 2 ..................................................................................................................... 15
5.3.1 The Additional Biometrics Application ........................................................................................ 16
5.3.2 Applicability for PROTECT ............................................................................................................ 18
5.3.3 Probability of availability in the future ........................................................................................ 18
Page 4 of 33

5.3.4 Traveller experience with LDS2 in PROTECT ................................................................................ 18

5.3.5 Advantages and Disadvantages ................................................................................................... 23
5.4 Database Pointer Application ............................................................................................................. 23
5.4.1 Limiting protection against tracking for increase speed and convenience ................................. 24
5.4.2 Traveller experience with Database Pointer Application in Protect ............................................ 25
5.5 Secure UHF (SUHF) ............................................................................................................................. 28
5.5.1 Traveller experience with secure UHF in Protect ........................................................................ 29
6 Summary/Conclusion ................................................................................................................................ 31
References ....................................................................................................................................................... 32

Page 5 of 33

Abbreviations
Certification Authority
CA
CAN Card Access Number
CSCA Country Signing Certification Authority
Data_page The page of a passport booklet containing the machine-readable zone, the passport holder
photo and his biographical data.
DG Datagroup
DV Document Verifier
EAC Extended Access Control
eMRTD electronic Machine-Readable Travel Document. Also the name of the standard electronic
passport application on the chip.
EPC Electronic Product Code
EU European Union
eu-LISA The European Agency for the operational management of large-scale IT systems in the area of
freedom, security and justice
ICAO International Civil Aviation Organization
ISM Industrial, Scientific and Medical
LDS Logical Data Structure. This is the storage structure for data on electronic passports. It is
specified in ICAO Doc9303 [5]
LDS2 Logical Data Structure 2. Version 2 of LDS. At the time of writing still draft. Specified in [10]
MRTD Machine-Readable Travel Document
MRZ Machine readable zone
NFC Near Field Communication
NTWG New Technology Working Group
PA passive authentication
PACE Password Authenticated Connection Establishment
PICC Proximity Integrated Circuit Card
PKI Public Key Infrastructure
PUPI Pseudo-Unique PICC Identifier
RFID Radio Frequency Identification
RFID Radio Frequency Identification
SUHF Secure UHF technology. Adding protection against unauthorized tracking of UHF tokens.
UHF Ultra-High Frequency. In the context of RFID a technology working over longer distances than
proximity cards. Up to 12m distance for passive transponders.
UID Unique Identifier

Page 6 of 33

Definitions
Biometric Capture Area is a short corridor with biometric sensors that capture biometric modalities on the
move. The Biometric Capture Area is specified in Deliverable D6.2.
Database Pointer Application is a secure electronic passport application similar to the Logical Data
Structure 2 application that carries indices to database records and encryption keys for these records.
Page 7 of 33

1 Introduction
The PROTECT project researches new biometric modalities and finally aims to present the most promising
ones in two border control scenarios. A crucial point for the demonstration will be how the biometric data
could be stored and processed. Relevant statements for this task in the call [1] are:
1. “For non-critical travellers (EU, bona-fide, etc.) a most fluent non-intrusive control process is
desired.”
2. “Research is needed in order to explore whether it is possible to use other biometric data … than
fingerprint, iris or facial picture to store in the e-Passport chip, …”
3. “…which would guarantee the same or higher level of security…”
4. “…an integral part of the research should also embrace the related ethical, societal and data
protection aspects.”
Electronic passports are state of the art in storing biometric modalities for border control processes. Their
broad acceptance, interoperability and the availability of free and open specifications makes them the first
choice to look at when storing and processing the additional biometrics used in PROTECT.
Document independent storage methods (mobile devices /databases) will be discussed in Deliverable D6.7.
This report concentrates on what could be done with the classic document form factor.
Concerning “Progress beyond the state of the art” relevant to Task 6.4 “E-document solutions” the
PROTECT proposal [2] states:
• Storage and access of the new biometric feature templates researched in PROTECT in ePassports
through the Logical Data Structure 2 (LDS2) specification.
• Research in new access and transmission modes to electronic passports to increase efficiency.
• New access mode of authorized systems not requiring the MRZ or CAN.
As described in the “Description of the Action” [3], the majority of work in Task 6.4 “E-document solutions”
is related to the implementation of a Logical Data Structure 2 chip application to be used for the storage of
the new biometric modalities in the final demonstrators.
1.1 Purpose of the document

According to the “Description of the Action” [3] the purpose of this report “...will include assessment of the
current state of the Logical Data Structure 2 specifications to improve border control processes.
Recommendations will be made for the enhancements of electronic passports to improve speed and
accuracy of biometric identification…”
The report analyses several ideas to improve current electronic passports to better support the border
control process especially in the context of additional biometrics. It will start with a general overview of
current electronic passport technology and the design objectives that lead to the current specifications and
implementations. It will outline the limitations of the current technology in terms of processing speed, ease
of use and ability to adapt to new scenarios. Known approaches from standardization activities and reports
will be analyzed according to their capability to overcome the identified restrictions and finally radical new
approaches that have been developed in the project are presented.
The document is the base for Deliverable D6.5 which will select the most promising approaches and specify
the demonstrators to develop.

Page 8 of 33

1.2 Contributions/Outcome
The International Civil Aviation Organization (ICAO), a specialized United Nations agency, issues
specifications for Machine Readable Travel Documents (MRTDs) including passports with a contactless chip
(so called ePassports). For the development of these specifications ICAO has a liaison with the
standardization group ISO/IEC JTC 1 / SC 17 / WG3 "Machine Readable Travel Documents", which develops
the MRTD standards according to ICAO's requirements. These standards are finally endorsed by ICAO.
Jens Urmann is member of ISO/IEC JTC 1/SC17 WG3. In the standardization process Veridos and G+D placed
numerous comments and contributions on the drafts of the LDS2 [10].
Frank Schmalz is a member of the ICAO New Technology Working Group (NTWG) and supported the
ISO/IEC JTC 1/SC17 WG3 inputs during the NTWG meetings. A presentation on the PROTECT project for
ICAO member state representatives has been held during the ICAO Symposium 2017 in Montreal. Another
presentation is planned for 29th November 2017 at the ICAO New Technology Working Group Meeting.
The outcome of Task 6.4 will be electronic passport chip applications as well as software for accessing
(reading out) the new biometric features, as well as software for Public Key Infrastructure (PKI)
management to control the access to the files.
2 Properties of current ICAO compliant electronic passports

ICAO compliant electronic passports contain RFID chips. The RFID technology to use is specified in [4]. The
chips can be read contactless via an electromagnetic field provided by the reading device. The
electromagnetic field also supplies the chips with operating power.

Figure 1 An electronic passport with RFID inlay
The chips operate at a radio frequency of 13.56 MHz. The RFID category is proximity cards. The maximum
reading distance with standard devices is around 5cm. Eavesdropping of the communication can be
achieved over several metres distance. To distinguish several chips in the electromagnetic field each chip
should have a universal unique identification number (UID or PUPI). The reading device can select specific
chips in the field with this UID. The used RFID technology is specified in [13][14][15][16].
Page 9 of 33

LF & HF Passive UHF Passive UHF Active

<135kHz, 13.56 MHz 868Mhz – 2.45GHz 433Mhz – 5.8GHz
Vicinity
ISO14443 / NFC
Close-Coupling
ISO11784/5
ISO10536-1
Antenna
Long Range
Proximity
ISO14223 ISO18000-4 Active Tags

ISO18000-2 ISO18000-6 ISO18000-7, DASH7
ISO15693
ISO18000-3
15cm 1,5m 10m km

Figure 2 Communication distance against radio frequency
2.1 Content
The content of the electronic passport is stored in a Logical Data Structure (LDS). The Logical Data Structure
is similar to a file system on a computer with files and directories. The files are called datagroups (DG).
Access to the datagroups is usually controlled by cryptographic access control protocols. The Logical Data
Structure is defined in Doc9303 part 10 [5]. The current version of the Logical Data Structure at the time of
writing is version 1.8.
The current version foresees 3 datagroups for the storage of biometric information usable for automated
border control:
• Datagroup 2 for a face image
• Datagroup 3 for fingerprints
• Datagroup 4 for iris
Currently all biometric features are stored as images not templates. This has been done to benefit from
advancements in recognition algorithms after the documents are issued. Technical advancements in
recognition technology could have been blocked for a very long time if the used template does not provide
the necessary information. Passports are usually issued for 10 years. See [4].
Figure 3 below shows a schematic of files and directories on an electronic passport. Some administrative
files like EF.COM or EF.SOD are not shown for the sake of clarity. For a full overview consult [5].
Page 10 of 33

Master File
Datagroup 1
Detail(s) Recorded in MRZ
eMRTD
Datagroup 2
Encoded Face
Datagroup 3
Encoded Finger(s)
Datagroup 4
Encoded Eye(s)
Datagroup 5
…
…
…
Datagroup 12
Datagroup 13
Optional Detail(s)
Datagroup 14
…
…
…
Datagroup 16

Figure 3 Illustration of a schematic of files and directories in an ePassport
2.2 Inalterability
Current electronic passports are personalized before issuance. It is currently not possible to change or add
data after issuance.
2.3 Data Authenticity

Current electronic passports guarantee the authenticity of the stored data with a digital signature
calculated from the content. The method is called passive authentication (PA). If implemented correctly this
prevents the manipulation of the electronic passport content like biographic and biometric data. The digital
signature of a passport is created by a document signer key which is the private key. The corresponding
public key is part of the document signer certificate which is issued by the country signing certification
authority.
The secure verification of the signature requires a digital certificate proofing that the signature has been
created by the passport issuing State or organization. These certificates are distributed with a Public Key
Infrastructure (PKI). The PKI ensures that the cryptographic key used to create the signature is under the
control of the passport issuing State or organization. For a verification the country signing root certificate
(CSCA) has been exchanged between the issuing State or organization and the verifying state in a secure
way. The PKI is specified in [7].
Page 11 of 33

Support of Passive Authentication is the only mandatory requirement from ICAO for the protection of the
chip and its data. See [6] Section 3. An electronic passport with minimal required standard conformance
could be implemented without cryptographic capabilities of chip and chip software. In this case there are
no security requirements to the chip.
Passive Authentication is specified in [6] Section 5.
Any system to add additional biometrics has to guarantee the data authenticity of the additional biometrics
with the same or equally secure mechanisms.
2.4 Protection Against Tracking

Tracking of passport holders would be possible if any unique data can be acquired from the chip without
cardholder consent.
RFID readers must be able to distinguish several chips in the electromagnetic field. Therefore, each chip
must have a universal identifier (UID or PUPI).
The chips are equipped with worldwide unique identifiers by the hardware manufacturers. Since this
identifier makes it possible to track the electronic passport holder without the holder’s consent the chip
can also be configured to use a random identifier. In this case the chip creates a new random universal
identifier every time it is powered on. The use of random identifiers is not mandatory [5].
2.5 Protection Against Skimming

Skimming is the acquisition of the biometric and biographic data stored on the electronic passport chip
without the passport holder's consent. Doc9303 specifies 2 methods against skimming. Basic Access Control
(BAC) and Password Authenticated Connection Establishment (PACE) previously known as Supplemental
Access Control (SAC). To read any content from the chip the machine readable zone (MRZ) of the passport
has to be read. Visual access to the MRZ is interpreted as the passport holder's consent to read the data
stored on the chip. Protection against skimming is recommended, but not mandatory according to [6].
2.6 Protection Against Eavesdropping

Eavesdropping is possible since the communication with the electronic passport chip is contactless by radio
frequency. Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE) are
also used to prevent eavesdropping. The information from the machine-readable zone is used to create an
encrypted communication channel to the electronic passport chip. Basic Access Control (BAC) has been
found to be vulnerable to brute force attacks since the MRZ does not provide enough entropy to create
secure cryptographic keys. Therefore, PACE has been created as a long-term replacement. PACE can create
a secure channel with secrets of very low entropy like PINs. Protection against eavesdropping is
recommended, but not mandatory according to [6].
2.7 Protection Against Copying

[6] defines two methods to identify if the chip content has illegally been copied to a counterfeit document.
Active Authentication and Chip Authentication. Both methods use a certified private key on the document
that can be used to identify if the chip has been personalized by the passport issuer. As with passive
authentication the CSCA PKI is used to verify this. Protection against copying is not mandatory according to
[6].
2.8 Access Control for Fingerprints and Iris

ICAO Doc9303 part 11 [6] specifies that a special access control mechanism shall be implemented to access
fingerprint and iris images. The protocol is called extended access control (EAC). Extended access control
Page 12 of 33

itself is not specified by ICAO. The most popular implementation is according to BSI Technical Guideline TR-
03110 [8]. Storing of these additional biometrics is not mandatory according to ICAO Doc9303.
2.9 Data Transfer Speeds

RFID chips compliant to [13] and [14] allow data transfer speeds from electronic passport chip to reader of
up to 6,78 Mbit/s in theory. Most of the current electronic passport chips operate at 848 kbit/s. Doc9303
requires only basic ISO/IEC 14443 compliance. Therefore, the minimum required bitrate is 106 kbit/s.
2.10 Passport Generations

Electronic passports are often categorized in 3 generations:
Table 1 Electronic passport generations
Passport Generation PA BAC EAC PACE LDS2

1st generation M O
2nd generation M O O M= Mandatory
3rd generation M O O O O = Optional

Passports with Logical Data Structure 2 (see 5.3 ) are called 4th generation passports. Since the specification
is not published, yet there are no 4th generation passports in the field.
3 Properties of EU electronic passports

Requirements to EU electronic passports are defined in council regulation No 2252/2004 of 13 December
2004 [17] and commission decision C(2006) 2909 of 28.06.2006 [18].
EU electronic passports must be security certified according to common criteria. The current protection
profile to use is BSI-CC-PP-0056-V2-2012 [19].
In addition to the mandatory requirements specified by ICAO the EU requires electronic passports to
incorporate the following features:
• Protection Against Tracking (random UID/PUPI)
• Protection Against Skimming
• Protection Against Eavesdropping
• Protection Against Copying
• Extended Access Control for Fingerprints
4 Limitations of current electronic passports

4.1 Limitations affecting the storage of additional biometrics
4.1.1 Data structure
The current Logical Data Structure defines only face, fingerprint and iris as possible biometric identifiers.
There is no standardized way to add further biometric features.
4.1.2 Inalterability
Current electronic passports are personalized prior to issuance and cannot be changed after issuance. New
biometric features can only be added with a reissuance of the document. With a usual lifetime of 10 years
Page 13 of 33

for electronic passports the introduction of new features would take a significant amount of time. This
policy is very inflexible for reacting to new needs in automated border control processes.
4.2 Limitations affecting a non-stop border control process

4.2.1 Data Transfer Speeds
Current electronic passport readout times for biographic data and biometric face are around 5 to 6
seconds.
The introduction of very high bitrates (VHBR) with up to 6,78 Mbit/s would, in theory, allow an 8 times
faster data transfer speed. However, in reality data transfer speed is not only limited by the transfer
bitrate, but also the ability to fetch the data from the chip’s memory and encrypt it for secure data
transmission.
Existing attack scenarios on security chips do not allow the direct usage of the cryptographic coprocessors.
Additional measures in software have to be implemented to avoid the leakage of cryptographic keys
through side channel attacks. Profiling tests done by Giesecke & Devrient in 2006 showed that at that time
60% of a single transmitted package has been spent for secure fetching and encryption of the data package,
not the actual radio transmission (at 848 kbit/s). Since then a significant amount of effort has been made in
improving this part. However even recent security chips cannot provide a secure common criteria
certifiable direct usage of the coprocessors without additional software countermeasures. Therefore, it is
questionable if this increase in pure data transfer speed (bitrate) can be leveraged.
In addition, with higher bitrates the communication between chip and reader becomes more vulnerable to
noise.
4.2.2 Proximity Technology
Due to the use of proximity technology electronic passports can only be read up to a distance of
approximately 5cm. In combination with a reading time of 5-6 seconds this makes a real non-stop border
control process impossible.
4.2.3 Protection Against Tracking, Skimming and Eavesdropping
The current mechanisms for protection against tracking, skimming and eavesdropping requires the MRZ to
be read from the datapage of the passport. For this the booklet has to be opened and placed on an optical
scanner. The process of opening the document, selecting the correct page to place on the scanner, the
necessity to keep the document placed on the reader for several seconds, is error prone. Even though the
holders do not see passport handling as an issue the border control staff has to cope with problems in
document handling on a constant basis. The current mechanisms prevent a real non-stop border control
process.

Figure 4 Placing the electronic passport on a full page document scanner to access the MRZ
Page 14 of 33

5 Possible improvements for PROTECT

This section examines possible improvements of electronic passports to better support the objectives of a
fluent control process with new biometric modalities.
5.1 Legal restrictions

The EU passports and border control processes are specified in a very precise and restrictive manner. All of
the following proposals would require the change to the current passport specification and border
legislation. Detailed analysis of the current frameworks will be performed in Deliverable D2.2. The search
for a solution in the current framework did not lead to any results contributing to the objectives. For
example, the use of other biometrics than face and fingerprint at the border is not foreseen in the
framework. Therefore, the additional biometric modalities researched in the PROTECT project cannot
influence the process in any positive or negative way. They cannot be considered.
The following ideas for improvements have to be considered illegal in the current framework. The
demonstrators can therefore not be operated in a live environment with arbitrary travellers. Care has been
taken to select a solution for implementation that would be as close as possible to the ethical values that
are the base of the current legal framework and the current decisions by the European Parliament. This
should make an adaption of the current legal framework as straightforward as possible.
5.2 Storage of additional biometrics in datagroup 13

Datagroup 13 of electronic passports is an optional datagroup with unspecified content. Issuing States or
organizations can place arbitrary information into this file according to their own national standard. In
theory, it would be possible to use this datagroup to store additional biometrics.
Placing additional biometrics in datagroup 13 would not require a change in electronic passport
specifications. Access to datagroup 13 is not restricted to special access control mechanisms. Member
states and third countries could continue to issue their current electronic passports. They would just have
to personalize additional content in datagroup 13. Biometric templates could be protected by template
protection mechanisms. If the European Union were to request third countries to place additional
biometrics in datagroup 13 to entitle their citizens for a fast entry program it would be relatively easy to
comply even if they have not implemented extended access control which is true for many countries.
However, datagroup 13 is already in use. Therefore, forcing non-EU countries to place additional biometrics
into this datagroup will most certainly introduce interoperability issues. The additional biometrics would
have to be added during the issuance process.
These limitations make the use of datagroup 13 unattractive for the PROTECT solution. All other datagroups
have defined content and cannot be used.
5.3 Logical Data Structure 2

The ICAO New Technology Working Group and ISO/IEC JTC 1/SC17 WG3 are currently specifying a new
version of the Logical Data Structure. This new version [10] introduces additional applications to the current
electronic eMRTD passport application on the electronic passport chip. The Public Key Infrastructure for
LDS2 is specified in the draft [11] and the cryptographic protocols to be used for LDS2 in the draft [12].
Page 15 of 33

Master File
eMRTD Travel Records Visa Records Additional

Biometrics
Figure 5 Illustration of the new version of the Logical Data Structure being specified
The additional applications enable the storage of travel stamps, visas and additional biometrics in the
electronic passport chips. For this additional applications are added to the chip in parallel to the existing
eMRTD application.
The Travel Records Application, Visa Records Application and Additional Biometrics Application are all
optional to electronic passports. No country is required to implement these applications.

5.3.1 The Additional Biometrics Application
For the focus of the PROTECT project Travel Records Application and Visa Records Application are of low
relevance, however the Additional Biometrics Application offers a unique opportunity to address the
requirements of the initial call.
5.3.1.1 Storage
Additional Biometrics are stored in binary files located in the Additional Biometrics Application.
Master File
Additional
Biometrics
EF.Biometrics1 EF.Biometrics2 EF.BiometricsNN

Figure 6 Illustration of file structure under Additional Biometrics directory
5.3.1.2 Access Control
Reading and writing to these files is controlled by a new version of extended access control. The basis of
this access control mechanism is extended access control according to TR-03110 [8]. Document Verifier
(DV) Certificates issued by the issuing state or organization to the verifying state allow read and write
access to the files.
Page 16 of 33


Figure 7 Illustration of access control
For the Additional Biometrics application, special object identifiers and certificate holder authorization
templates have been created:
id-icao-lds2-additionalBiometrics OBJECT IDENTIFIER ::= {id-icao-lds2 3}
id-icao-lds2-additionalBiometrics-access OBJECT IDENTIFIER::= {id-icao-lds2-additionalBiometrics 3}
The following table shows the bitmap used in the certificate holder authorization templates (additional
bytes may be used for further EF.Biometrics files):
Table 2 Bitmap used in the certificate holder authorization templates
Description Authorizations
7 6 5 4 3 2 1 0
RFU
RFU
RFU
RFU
Byte 1
RFU
RFU
Append EF.Certificates 1
Select/read/search 1
EF.Certificates
Write EF.Biometrics1 1
Read EF.Biometrics1 1
Byte 2
Byte 3
Page 17 of 33


The bitmaps allow the issuing State or organization to control the action another state can perform on the
specified EF.Biometrics. A set bit allows the partner state to read or write the file.
Some details of the Additional Biometrics Application are still open e.g. the memory allocation of the
EF.Biometrics files: The file sizes could be either set by the issuing State or organization before the
ePassport is issued or the file sizes could be set after issuance according to the memory requirements of
the additional biometrics. In the first case memory may be unused if the additional biometrics requires less
memory than the file size or the additional biometrics may be too large for the files; in the latter case the
issuer has to trust the party setting the file size. Task 6.4 will make best practice proposals for these open
issues, contribute them to the standardization groups and implement the demonstrators accordingly.
5.3.2 Applicability for PROTECT
Logical Data Structure 2 and the Additional Biometrics Application offers the possibility for storing the new
biometric modalities in the electronic passport chip as requested by the call [1]. It will not offer a solution
to enable a more fluent border control process. The retrieval of data from the passport is expected to take
significant time depending on the size and amount of data to be retrieved.
5.3.3 Probability of availability in the future
The additional applications in Logical Data Structure 2 are optional. However, interviews with Veridos
customers have shown strong interest in Logical Data Structure 2. Several customers have expressed the
assumption that Logical Data Structure 2 is supposed to become a standard feature of future electronic
passports.
eu-dLISA, the European Agency for the operational management of large-scale IT systems in the area of
freedom, security and justice, recommends the use of multimodal biometrics [21], which lead to enhanced
performance and security of systems. However, questions on the cost effectiveness of the 4th generation
of eMRTD (LDS2) have been raised compared to the development of large scale IT systems. Many experts in
the EU Commission and member states would prefer a large biometric database but all attempts to create
such a solution failed due to strong data protection concerns in the EU Parliament.
Logical Data Structure 2 could be a way out of this current deadlock.
5.3.4 Traveller experience with LDS2 in PROTECT
To enable the PROTECT solution with LDS2 the European Union would have to offer third countries a fast-
track program called “PROTECT” for their citizens if they issue a LDS2 enabled passport with sufficient
storage capacities. The issuing State or organization has provided the European Union border guards with
authorization certificates to read and write one of the EF.Biometrics files in this new 4th generation
passport.
The traveller experience with LDS2 in PROTECT can then be described in the following steps:
5.3.4.1 Enrolment Process
This process has only to be done once during the lifetime of the electronic passport.
1. The third country national holding a 4th generation electronic passport eligible for the PROTECT
programme wishes to travel to the European Union and would like to use the “PROTECT” solution
Page 18 of 33

for the first time. The traveller approaches a PROTECT enrolment kiosk. The kiosk could be located
at the source or destination airport / border post. (S)he starts the enrolment process.
Traveller PROTECT
Traveller Enrolment Kiosk
Passport

2. Thorough checks on background, electronic passport and biometric verification with available
biometric templates will be performed by the enrolment kiosk. The kiosk could be supervised by a
border guard.
Border Guard
Traveller PROTECT
Standard Biometrics
Enrolment Kiosk

3. If successful, the new biometric modalities of the traveller will be enrolled.
Border Guard
Traveller PROTECT
Enrolment Kiosk
Additional Biometrics

4. The acquired templates of the new biometric modalities will be written to the traveller’s electronic
passport.
Page 19 of 33

Border Guard
Traveller
PROTECT
Enrolment Kiosk

5.3.4.2 Verification Process at the Air/Sea Border
This process is for individual travellers crossing the border on foot.

1. The traveller approaches a special entry kiosk to read the new biometric modalities from the 4th
generation passport. If necessary additional information can be provided at the kiosk.
Traveller PROTECT
Traveller Entry Kiosk
Passport
Traveller PROTECT
Entry
Kiosk
Additional Biometrics Border Control System

2. Verification of all applicable biometrics is done by walking through the biometric capture area at
the air/sea border.
Page 20 of 33

Border Guard
Traveller
Biometric Capture Area

3. After successful verification the traveller’s biometric data is deleted from the local border control
system.
Traveller

4. In case of an error the border guard is alarmed and directs the traveller to a second line of control.
Manual verification is done in this case.
5.3.4.3 Verification Process at the Land Border
This process is for maximum 4 travellers in a car.

1. The car approaches the land border and stops at the border control post. The border guard is in
their control booth waiting for the display of verification results at their border control screen.
Border Control System Border Guard

Page 21 of 33

2. The travellers are using their NFC enabled smartphones or terminals in front of the window to
retrieve the new biometric modalities from the 4th generation passport. The data is transmitted to
the border control system via a secure communication channel. If necessary additional information
can be provided by the smartphone or terminal.

3. Verification of all applicable biometrics is done by presenting the biometrics to the biometric
capture terminals in front of the car windows or biometric data acquisition might be done by the
travellers smartphone.1

4. The border guard checks the verification process for errors at their border control screen.

1
The feasibility of biometric data acquisition with mobile phones in this use case is questionable. For a
detailed discussion the reader is referred to Deliverable D6.7.
Page 22 of 33

Border Guard

5. The border guard approaches the car to locate additional travellers who did not submit any data.
6. After successful verification the travellers’ biometric data is deleted from the local border control
system. The car proceeds out of the border control area.
7. In case of an error the border guard is directing the car to a second line of control. Manual
verification is done in this case.
5.3.5 Advantages and Disadvantages
5.3.5.1 Advantages
Logical Data Structure 2 and the included Additional Biometrics Application will become an official ICAO
standard in the near future. Additional biometrics can be stored in a most secure way. The solution does
not require connection to a central database. It would work in offline border control scenarios. The
traveller is in control of his data as long as they have control over their travel document.
From the legal and ethical point of view these properties are very valuable making it easier for data
protection advocates to accept the solution.
5.3.5.2 Disadvantages
Increasing the storage capabilities of electronic passport chips is expensive and inflexible. With a usual
document lifetime of 10 years estimations on the required free memory will most likely be wrong in the
long run. This will either lead to unnecessary investments if too much memory has been reserved or system
failure if the document runs out of memory.
In any case Logical Data Structure 2 would require a significant investment of the passport issuing State or
organization since increased storage capabilities and the required CVCA PKI for EAC are more expensive
than standard 2nd or 3rd generation passports without EAC and a simple CSCA PKI for passive authentication.
In the case of third country nationals the issuing State or organization would have to be convinced that the
increase in convenience and speed during the border control process is worth the investment.
Taking this into account, there is also the issue of increased reading time for the additional biometrics. The
gain in speed due to, for example, the biometric capture area might not compensate for this increased
reading time of the document.
5.4 Database Pointer Application

A common way of extending the memory of secure devices is the use of external memory that is encrypted
with a symmetric key stored in the secure device. An example of such a system is the German Health Card
eGK. The eGK contains cryptographic keys to encrypt the entire medical history of a patient. The data is to
Page 23 of 33

be stored in a central database. With the eGK the patient could give a doctor access to this information
without the need to carry all the information with them.
Applied to the PROTECT system a document individual symmetric encryption key KBIO and an index IBIO
would be stored in the electronic passport during the enrolment process of the new biometric modalities.
The key and the index is protected by cryptographic access control protocols and can only be retrieved by
the relevant border control system. The key KBIO is used to encrypt and decrypt the additional biometric
modalities and the encrypted modalities are stored in a EU wide database with the index IBIO pointing to the
record.
Access to key and index have to be protected. The protocol should have countermeasures if the
cryptographic keys to access KBIO and IBIO are compromised. PKI systems with short living certificates like
extended access control according to [9] fulfil this requirement.
Master File
Database KBIO 1 KBIO 2 KBIO NN

Pointer
IBIO 1 IBIO 2 IBIO NN
Application
EF.DBPointer1 EF.DBPointer1 EF.DBPointerNN
Figure 8 Illustration of the Logical Data Structure with IBIO and KBIO keys for additional biometrics
This approach would be a solution of the increased reading times for additional biometrics with Logical
Data Structure 2 and the investment risk in bigger chip memory. Database access with a unique index IBIO
and decryption of the rather small record with KBIO would take almost no time. The storage capabilities
necessary for IBIO and KBIO are way below 100 bytes. Protection Against Tracking, Skimming, Eavesdropping
and Copying would still be in place. If all biometric identifiers are stored encrypted in the database reading
time for IBIO, KBIO and MRZ data would drop to approx. 1-2 seconds. However correct placement of the
electronic passport datapage on a fullpage reader would still be required.
5.4.1 Limiting protection against tracking for increase speed and convenience
A further increase in convenience and speed can only be achieved by removing the necessity to read the
MRZ for accessing IBIO and KBIO. In this case IBIO and KBIO could be read from the electronic passport by an
authorized system without opening the booklet. Holding the closed booklet to a reader for a short time
would be sufficient. This would support the objective of a most fluent non-intrusive control process.
However, the electronic passport would lose the protection against tracking in respect to this authorized
system. Unauthorized reading devices would still not be able to track the electronic passport holder.
Extended Access Control With Terminal Authentication Version 1 according to BSI TR-03110 [8][9] requires
the MRZ to establish a secure channel. This channel protects the following chip authentication that delivers
a unique identifier (the chip’s public key) that otherwise could be used for tracking. Therefore, Extended
Access Control with Terminal Authentication Version 1 is not a suitable protocol to protect IBIO and KBIO in
this scenario. Terminal Authentication Version 2 is changing the sequence so the Terminal Authentication
Page 24 of 33

before Chip Authentication however PACE is still necessary. A suitable protocol will be specified in
Deliverable D6.5.
5.4.2 Traveller experience with Database Pointer Application in PROTECT
1. The third country national holding an electronic passport with database pointer application eligible
for the PROTECT programme wishes to travel to the European Union and would like to use the
“PROTECT” solution for the first time. The traveller approaches a PROTECT enrolment kiosk. The
kiosk could be located at the source or destination airport / border post. S(h)e starts the enrolment
process.
Traveller Protect
Traveller Enrollment Kiosk
Passport

biometric templates will be done by the enrolment kiosk. The kiosk could be supervised by a border
guard.
Border Guard
Traveller Protect
Standard Biometrics
Enrollment Kiosk

4. A symmetric cryptographic key KBIO will be diced. A new record with index IBIO will be created in the
database.
Protect
Enrollment Kiosk
IBIO

5. KBIO and IBIO will be written in the electronic passport using the DV certificates provided by the
issuing State or organization.
Page 25 of 33

Traveller IBIO
KBIO Protect
Enrollment Kiosk

6. The acquired templates of the new biometric modalities will be encrypted with KBIO and written in
the database under index IBIO.
Protect
Enrollment Kiosk
IBIO
KBIO


1. The traveller approaches a special entry kiosk to read the IBIO and KBIO from the electronic passport
with Database Pointer Application. If necessary additional information can be provided at the kiosk.
Traveller Protect
Traveller Entry Kiosk
Passport

2. The border control system accesses the data stored in the biometric database under index IBIO and
decrypts the data with KBIO.
Traveller IBIO Protect

KBIO Entry
Kiosk
Border Control System

the air/sea border.
Page 26 of 33

Border Guard
Traveller

system, but not the encrypted records from the database.
5. In case of an error the border guard is alerted and directs the traveller to a second line of control.

their protected control booth waiting for the display of verification results on his border control
screen.
2. The travellers are using their NFC enabled smartphones or terminals in front of the window to read
the IBIO and KBIO from the electronic passport with Database Pointer Application. IBIO and KBIO are
transmitted to the border control system via a secure communication channel. If necessary
additional information can be provided by the smartphone or terminal.
capture terminals in front of the car.
6. The border guard approaches the car to locate additional travellers who did not submit any data.
6. After successful verification the travellers' biometric data is deleted from the local border control
5.4.2.4 Advantages
The approach overcomes the limitations of LDS2 by reducing the reading time for the additional biometrics.
It also removes the investment risk in chips with higher storage capabilities. The traveller is still in control of
his data as long as he has control over his travel document.
Removing the necessity of reading the MRZ to access KBIO and IBIO would give a significant advantage for a
most fluent non-intrusive control process.
From the legal and ethical point of view the traveller is still in control of their data. A database is used but it
is encrypted.
Page 27 of 33

The solution does require connection to a central database. It is not offline capable. There is currently no
standardization ongoing for such an application.
Removing the necessity of reading the MRZ to access KBIO and IBIO introduces the possibility of tracking for
the authorized border control process.
From the legal and ethical point of view there is the drawback of a centralized biometric database and the
possibility of tracking even if restricted to authorized systems might not be acceptable.
5.5 Secure UHF (SUHF)

Current electronic passports use close proximity RFID technology at 13,56 MHz. This technology allows
reading distances of approximately 5cm. Compatible RFID chips offer sophisticated encryption capabilities
with cryptographic coprocessors and several 100Kbytes storage space for data. These chips have security
certifications up to EAL6+.
The short reading distance limits the possibilities to meet objective “a most fluent non-intrusive control
process is desired.” There is another RFID technology [22] in the ISM Band (865-868 MHz) that works over
greater distances (1-12m). This would enable the identification of the traveller while walking towards the
border without stopping.
LF & HF Passive UHF Passive UHF Active

<135kHz, 13.56 MHz 868Mhz – 2.45GHz 433Mhz – 5.8GHz
Vicinity
ISO14443 / NFC
Close-Coupling
ISO11784/5
ISO10536-1
Antenna
Long Range
Proximity
ISO14223 ISO18000-4 Active Tags

ISO18000-2 ISO18000-6 ISO18000-7, DASH7
ISO15693
ISO18000-3
15cm 1,5m 10m km

Figure 9 Communication distance limit against radio frequency
Standard tags of this class can only store an electronic product code (EPC) and offer no protection against
tracking or any kind of cryptography. They are for example used for tracking products in supply chain
management. These limitations make them unsuitable for use in the border control process.
G+D is currently developing a new secure UHF tag with standardized encryption capabilities according to
[23]. These chips produce pseudo random EPC codes generated from a RAMON cipher. Every secure UHF
chip contains a RAMON public key and encrypts its stored unique identifier together with random data to
produce this pseudo random EPC code. Only reading devices with access to the corresponding RAMON
private keys can decrypt the message and extract the unique identifier. This makes the tag untraceable for
unauthorized readers.
Page 28 of 33


Figure 10 G+D secure UHF prototype
Adding a secure UHF chip to an electronic passport could supply a border control system with IBIO and KBIO
as described in 5.4 by deriving them from the unique identifier. KBIO is generated by adding a unique seed
only known to the border control system to the unique identifier retrieved from the decrypted EPC code
and processing it with a SHA256 hash algorithm. The result is KBIO. IBIO can be generated with the same
method but a different seed. The secure UHF tag can coexist with the 13,56 MHz proximity chip in the
electronic passport.
Tags in inlay form factor will be available in 1/2018.
5.5.1 Traveller experience with secure UHF in Protect
1. The third country national holding an electronic passport with SUHF chip eligible for the PROTECT
programme wishes to travel to the European Union and would like to use the “PROTECT” solution
for the first time. The traveller approaches a PROTECT enrolment kiosk. The kiosk could be located
at the source or destination airport / border post. The traveller starts the enrolment process.
biometric templates will be done by the enrolment kiosk. The kiosk could be supervised by a border
guard.
4. A symmetric cryptographic key KBIO will be generated from the unique identifier of the secure UHF
chip. A new record with index IBIO will be created in the database.
5. The acquired templates of the new biometric modalities will be encrypted with KBIO and written in
the database under index IBIO.

1. The traveller approaches the border control area. IBIO and KBIO are computed from the SUHF chip's
unique identification code.
Page 29 of 33

KBIO IBIO
Traveller
EPC
Border Control System

the air/sea border.
Border Guard
Traveller

system.
Traveller

5. In case of an error the border guard is alerted and directs the traveller to a second line of control.

their protected booth waiting for the display of verification results at their border control screen.
2. IBIO and KBIO are computed from the SUHF chips' unique identification codes.
Page 30 of 33

capture terminals in front of the car.
6. The border guard approaches the car to locate any additional travellers who did not submit any
data.
7. After successful verification the travellers’ biometric data is deleted from the local border control
5.5.1.4 Advantages
The approach overcomes the limitations of LDS2 by reducing the reading time for the additional biometrics.
It also removes the investment risk in chips with higher storage capabilities. The traveller is still in control of
their data as long as they have control over their travel document.
Removing the necessity of reading the MRZ to access KBIO and IBIO would give a significant advantage for a
most fluent non-intrusive control process.
From the legal and ethical point of view the traveller is still in control of his data. A database is used but it is
encrypted.
The solution does require connection to a central database. It is not offline capable. There is currently no
standardization ongoing for such an application.
Removing the necessity of reading the MRZ to access KBIO and IBIO introduces the possibility of tracking for
the authorized border control process.
From the legal and ethical point of view there is the drawback of a centralized biometric database and the
possibility of tracking even if restricted to authorized systems might not be acceptable.
6 Summary/Conclusion
This document has described possible approaches to meet the objectives from the call with modified
electronic passports. The objective of “…a most fluent non-intrusive control process…” is the hardest to
achieve without giving up any data protection or privacy properties of the current system.
For the secure storage of additional biometrics 2 promising approaches have been shown. With Logical
Data Structure 2 being the one with the least ethical implications as well as same or higher level of security
as the current solution.
The next step will be to specify electronic passport applications for the demonstrators being able to
support the described scenarios. Demonstrator electronic passport applications as well as the
corresponding PKI CAs will be programmed. Finally demo passport booklets with the implemented and
personalized applications will be created for demonstration purposes.
Page 31 of 33

References
[1] H2020 BES-06-2015 Call: Border crossing points topic 2: Exploring new modalities in biometric-
based border checks (http://ec.europa.eu/research/participants/portal/desktop/en/opportunities/h
2020 /topics/bes-06-2015.html)
[2] H2020 BES-06-2015 Proposal: Pervasive and UseR Focused BiomeTrics BordEr ProjeCT (H2020-BES-
2015_700259_SEALED_PROPOSAL.PDF)
[3] Grant Agreement 700259_Annex 1 - Description of the action (part A)
[4] Doc 9303 Machine Readable Travel Documents Part 9: Deployment of Biometric Identification and El
ectronic Storage of Data in eMRTDs (https://www.icao.int/publications/pages/publication.aspx? doc
num=9303)
[5] Doc 9303 Machine Readable Travel Documents Part 10: Logical Data Structure (LDS) for Storage of Bi
ometrics and Other Data in the Contactless Integrated Circuit (IC) (https://www.icao.int/ publications
/pages/publication.aspx?docnum=9303)
[6] Doc 9303 Machine Readable Travel Documents Part 11: Security Mechanisms for MRTDs (https://ww
w.icao.int/publications/pages/publication.aspx?docnum=9303)
[7] Doc 9303 Machine Readable Travel Documents Part 12: Public Key Infrastructure for MRTDs (https://
www.icao.int/publications/pages/publication.aspx?docnum=9303)
[8] BSI TR-03110-
1 Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token–
Part 1 – Version 2.20
(https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/ TechGuidelines/ TR03110/
BSI_TR-03110_Part-1_V2-2.pdf?__blob=publicationFile&v=1)
[9] BSI TR-03110-
3 Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token–
Part 3 –
Version 2.21 (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuideline
s/TR03110/BSI_TR-03110_Part-3-V2_2.pdf?__blob=publicationFile&v=2)
[10] Logical Data Structure (LDS) for Storage of Data in the Contactless IC Doc 9303-10 LDS 2 –
New Applications Version – 18.0 Date – August 12 , 2017
[11] International Civil Aviation Organization LDS2 –
PKI Draft 0.82 September 2017 (Reflects removal of Sub CA for LDS2 as agreed in NTWG me
eting – April 2017)
[12] Machine Readable Travel Documents – Technical Report - LDS2 – Protocols Version – 0.8 Date –
27 April 2017
[13] ISO/IEC 14443-1:2016 Identification cards -- Contactless integrated circuit cards -- Proximity cards --
Part 1: Physical characteristics
Part 2: Radio frequency power and signal interface
Part 3: Initialization and anticollision
Part 4: Transmission protocol
Page 32 of 33

[17] COUNCIL REGULATION (EC) No 2252/2004 of 13 December 2004 on standards for security features a
nd biometrics in passports and travel documents issued by Member States. (http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004R2252:EN:HTML)
[18] Commission Decision C(2006) 2909 of 28.06.2006, adopting technical specification on standards for s
ecurity features and biometrics in passports and travel documents issued by Member States
[19] Protection Profile Machine Readable Travel Document with "ICAO Application", Extended Access Con
trol with PACE, Version 1.3.2 BSI-CC-PP-0056-V2-2012
[20] E.g. WG3TF5_N0220, WG3TF5_N0230, WG3TF5_N0237, WG3TF5_N0238
[21] EU Lisa - Biometrics in Large-Scale IT -
Recent trends, current performance capabilities, recommendations for the near future - ISBN: 978-
92-95203-88-4
[22] ISO/IEC 18000-6:2013 Information technology --
Radio frequency identification for item management --
Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General
[23] ISO/IEC 29167-19:2016 Information technology --
Automatic identification and data capture techniques --
Part 19: Crypto suite RAMON security services for air interface communications

Page 33 of 33

PROTECT
Pervasive and UseR Focused BiomeTrics BordEr ProjeCT

(PROTECT)
H2020 – 700259
Security Sensitivity Assessment
Publication number: D6.4

Publication title: Report on improvements to electronic passports
Publication type: <Deliverable ; academic papers ; etc.>
Related WP number: 6
Which
conference/journal, etc.
Dissemination level: <Public (PU)
(Confidentiality)
Version reviewed: 0.9

Date: 2017-11-27
PROTECT H2020 Project No. 700259 Deliverable D<xxx>
Objective
This form is related to the Security Sensitivity Assessment procedure which will assure that no sensitive
information will be included in the publications and deliverables of the PROTECT project.
Security sensitive information means here all information in whatever form or mode of transmission that is
classified by Council Decision on the security rules for protecting EU classified information (2011/292/EU)
and all relevant national laws and regulations. The information can be already classified, or such that it
should be classified.
In practice the following criteria is used:
- Information is already classified
- Information may describe shortcomings of existing safety, security or operating systems
- Information is such, that it might be misused.
- Information that can cause harm to
o European Union
o a Member State
o society
o industry and companies
o third country
o citizen or an individual person of a country.
Page 2 of 5
Deliverable D<xxx> PROTECT H2020 Project No. 700259
Document Information
Project Number H2020 - 700259 Acronym PROTECT
Full Title Pervasive and UseR Focused BiomeTrics BordEr ProjeCT
Project URL http://www.projectprotect.eu/
Document URL Report on improvements to electronic passports
EU Project Officer Agnieszka Marciniak
Authors Frank Schmalz (VD)

Page 3 of 5
PROTECT H2020 Project No. 700259 Deliverable D<xxx>
Assessment form for the main author

Please fill in the form below:
This is: pre-assessment □ final assessment X
List the input material used in the publication/deliverable:
List the results developed and presented in the publication/deliverable:
The draft publication
X is attached to this statement

□ can be found in link:
This publication does not include any data or information that could be interpreted as
security sensitive.
X True
□ Not sure
If not sure, please specify what are the material / results that you are not sure if they are security sensitive?
Why?
Date: 29.11.2017
Signature of the Responsible Author:
Page 4 of 5
Deliverable D<xxx> PROTECT H2020 Project No. 700259
Comments from the SAB member
X The publication can be published as it is.
□ Before publication the following modifications are needed:

-
-
Date 30.11.2017
Name: Jürgen Bonfert
On behalf of the Security Advisory
Board (SAB)
Signature of the member of the SAB
Page 5 of 5

D6.4 Report On Improvements To Electronic Passports: Pervasive and User Focused Biometrics Border Project (Protect)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D6.4 Report On Improvements To Electronic Passports: Pervasive and User Focused Biometrics Border Project (Protect)

Uploaded by

Copyright:

Available Formats

Ref.

Pervasive and UseR Focused BiomeTrics BordEr ProjeCT

D6.4 Report on improvements to electronic

(names and affiliations)

5.3.4 Traveller experience with LDS2 in PROTECT ................................................................................ 18

1.1 Purpose of the document

2 Properties of current ICAO compliant electronic passports

LF & HF Passive UHF Passive UHF Active

ISO14223 ISO18000-4 Active Tags

15cm 1,5m 10m km

2.3 Data Authenticity

2.4 Protection Against Tracking

2.5 Protection Against Skimming

2.6 Protection Against Eavesdropping

2.7 Protection Against Copying

2.8 Access Control for Fingerprints and Iris

2.9 Data Transfer Speeds

2.10 Passport Generations

Passport Generation PA BAC EAC PACE LDS2

3 Properties of EU electronic passports

4 Limitations of current electronic passports

4.2 Limitations affecting a non-stop border control process

5 Possible improvements for PROTECT

5.1 Legal restrictions

5.2 Storage of additional biometrics in datagroup 13

5.3 Logical Data Structure 2

eMRTD Travel Records Visa Records Additional

EF.Biometrics1 EF.Biometrics2 EF.BiometricsNN

5.3.1.2 Access Control

This process is for individual travellers crossing the border on foot.

Additional Biometrics Border Control System

Biometric Capture Area

Biometric Capture Area

This process is for maximum 4 travellers in a car.

Border Control System Border Guard

Border Control System Border Guard

Border Control System Border Guard

5.4 Database Pointer Application

Database KBIO 1 KBIO 2 KBIO NN

5.4.2.1 Enrolment Process

This process is for individual travellers crossing the border on foot.

Traveller IBIO Protect

Border Control System

Biometric Capture Area

This process is for maximum 4 travellers in a car.

5.5 Secure UHF (SUHF)

LF & HF Passive UHF Passive UHF Active

ISO14223 ISO18000-4 Active Tags

15cm 1,5m 10m km

5.5.1.1 Enrolment Process

This process is for individual travellers crossing the border on foot.

Biometric Capture Area

Biometric Capture Area

This process is for maximum 4 travellers in a car.

Pervasive and UseR Focused BiomeTrics BordEr ProjeCT

Security Sensitivity Assessment

Publication number: D6.4

Version reviewed: 0.9

Authors Frank Schmalz (VD)

Assessment form for the main author

This is: pre-assessment □ final assessment X

List the input material used in the publication/deliverable: