Modern ID documents, such as electronic passports (ePassports) and national ID cards, incorporate embedded microchips that store biometric and biographic data securely. These chips facilitate machine-readable travel documents under standards set by the International Civil Aviation Organization (ICAO). Accessing data stored on these chips involves several key components and protocols, each crucial for ensuring data integrity and security.
This article will delve into the details of the Document Security Object (SOD), the various Data Groups (DG1-DG20), the Attributes of the chip (ATR), the Card Access File, and the Common Object Model (COM).
Document Security Object (SOD)
The SOD* is a fundamental security feature in ID document chips. It contains the digital signature of all the data stored on the chip, ensuring the integrity and authenticity of the data. The digital signature is typically generated using a certificate issued by a trusted certificate authority (CA). This certificate, along with the hash values of the data groups, are stored within the SOD. When data is accessed from the chip, the SOD allows the validating system to confirm that the data has not been altered since the document was issued.
Data Groups (DG)
The information on an ID document chip is organized into specific Data Groups (DGs). Here are the key data groups and their contents:
DG1 – Machine Readable Zone (MRZ) Information
This contains the data printed in the MRZ of the travel document, such as the document holder’s name, document number, nationality, and date of birth. This information is critical for initial verification and is used to login to the chip.
DG2 – Biometric Information
Typically holds the facial image of the document holder, used for biometric checks at border controls.
DG3 (optional) – Fingerprints
This group is used to store the fingerprint images of the document holder, usually required by countries implementing higher security measures. To be able to read the contents of this DG, special certificates are required.
DG4 (optional) – Iris Data
DG4 stores iris scan information, which some countries use for advanced biometric verification. To access the contents of this DG, special certificates are required.
DG5 (optional) – Displayed Portrait
Contains one or more portrait of the document holder used for visual inspection, which can differ from the biometrically captured image in DG2.
DG6 (optional) – Specific national applications
This group is reserved for future use or for specific national applications. It is not universally defined and vary by the issuing country.
DG7 (optional) – Signature or Usual Mark
Image of the Signature or Usual Mark
DG8 to DG10 (optional)
These groups are reserved for future use or for specific national applications. They are not universally defined and vary by the issuing country.
DG11 (optional) – Personal Data Additional Details
Stores additional personal details like the document holder’s profession, titles, or proof marks.
DG12 (optional) – Additional Document Details
Contains information about the issuing authority or other administrative entries related to the document issuance.
DG13 (optional) – Optional Details
Used for optional or additional data not covered by other groups, again varying by country.
DG14 (optional) – Cryptographic Info
Holds public key information and security objects, enhancing the security of the communication between the chip and the reader.
DG15 (optional) – Active Authentication Public Key
Contains the public key used for Active Authentication, designed to prove the authenticity of the chip and combat forgery.
Each DG is protected and can only be accessed once proper authentication mechanisms, like Basic Access Control (BAC) or Password Authenticated Connection Establishment (PACE), are successfully executed.
Answer To Reset (ATR)
The Answer To Reset (ATR) or ATR/Info is a standard response from a smart card microprocessor (including the chips in ID documents) upon connection with a reader. It provides essential information about the card, including supported protocols and operational parameters necessary for the communication setup. The ATR helps in establishing the physical and logical parameters to be used in subsequent communications.
Card Access File (CAF)
The Card Access File (CAF) is crucial for defining the security conditions under which the chip’s data can be accessed. It specifies the protocols supported by the chip (e.g., T=1, T=CL), the type of secure messaging supported, and the access rules for each data group. This file is pivotal in setting up the security architecture for data access and ensuring compliance with international standards for protected data transmission.
Common Object Model (COM)
The Common Object Model (COM) contains metadata about the logical data structure on the chip. Typically, it includes a directory of the data groups available on the chip and their respective identifiers. The COM plays an essential role in guiding the reading devices on how to parse and interact with the data correctly and efficiently. This directory facilitates quick access to specific data groups by providing direct pointers to their locations on the chip.
Accessing Data From the Chip on ID Documents – Conclusion
The protocols and structures described above outline a robust framework for securely accessing and processing the sensitive data stored on ID document chips. These mechanisms ensure that the data can only be accessed by authorized entities and protect against unauthorized data tampering and interception. As security threats evolve, these systems must be continually updated and tested to safeguard personal information against emerging vulnerabilities.
* Source: https://www.icao.int/publications/Documents/9303_p10_cons_en.pdf