India’s E-Passport: How It Works, Features, Latest News. UPSC

e-passport india upsc

E-passport, also known as a biometric passport, is an advanced version of the traditional passport that contains an embedded RFID chip, which stores biometric and personal information. The primary advantage of the e-passport is its enhanced ability to maintain the integrity of the data it stores. India has formally joined the club of more than 120 nations, such as Australia and the USA, by issuing e-passports to its citizens.

E-Passport in India: Latest News

  1. The e-Passport has commenced as a pilot project alongside the rollout of the Passport Seva Program (PSP) Version 2.0 on April 1, 2024, in Nagpur, Bhubaneswar, Jammu, Goa, Shimla, Raipur, Amritsar, Jaipur, Chennai, Hyderabad, Surat, and Ranchi.
  2. The issuance of e-Passport in Tamil Nadu commenced on March 3, 2025, in Chennai.
  3. The India Security Press will produce the e-passports in Maharashtra’s Nashik.
  4. The first e-passport in India was issued in 2008 to the former President of India, Pratibha Patil.
  5. By mid or last of 2025 e-passport will be implemented in all passport offices.

History of Passport

The presence of documents similar to passports was present from ancient times. For example, Nehemiah, King Artaxerxes’ messenger, had asked for permission to leave the kingdom of Judah, which occurred in B.C. 445. The king’s letter confirms his identity and ensures safe passage when travelling across foreign regions.

In the medieval period, a tax receipt called bara’a was used for similar purposes.

The first true passport originated during the period of King Henry V of England. During his reign, a paper-based identification system was created to prove the travelling subjects’ identity. The first official reference can be traced back to the 1414 Act of Parliament.

When travel became common, the League of Nations organised a formal conference in 1920 to set passport guidelines. This conference was known as the ” Paris Conference On Passports And Customs Formalities”.

After the first conference, organisers held similar conferences in 1926 and 1927. These standards existed till 1980.

When ICAO was formed, it began working on “Machine Readable Travel Documents” in 1968. In 1980, ICAO published the first edition of DOC 9303. It became the basis for the initial issuance of machine-readable passports by Australia, Canada, and the United States.

In 1987, ICAO formed a technical advisory group on machine-readable travel documents or TAG-MRTD. ACI, IATA, INTERPOL, and ISO were included in this committee and after 18 months, they made a proposal, which ICAO then published in DOC 9303.

In 1998, TAG-MRTD started to work on Biometric or E-passport standards. Later, E-passport standards were added to DOC 9303.

First Country to Issue E-Passport

Malaysia was the first country to issue an e-passport in 1998, but it had limited use due to technical incompatibility. The Malaysian Immigration Department, in collaboration with IRIS Berhad Corporation, developed the world’s first ePassport featuring a contactless chip. Later, in August 2000, the Malaysian Immigration Department launched Immigration Autogate, an automated immigration clearance and border control system for travellers holding an e-Passport.

Sometimes, people may get confused with Finland’s contribution. Actually, Finland was the first country to issue an e-personal ID card called FINEID or Finnish Electronic Identification Card.

After the September 11 terrorist attacks, countries became serious about the security features of their passports and developed new features like holographic portraits. In November 2001, the German passport was enhanced with eight additional features, including a holographic portrait, watermark, and surface embossing. Thus, in those days, it became one of the most fraud-resistant passports.

India's e passport upsc
E-Passport India

What is a machine-readable travel Document or MRTD?

When ICAO suggested new standards, governments worldwide redesigned their passports to a new type, known as machine-readable passports.

MRTDs had a primary advantage. The identity of the holder can be confirmed without any delay. Moreover, the data is captured by the machine when someone swipes the passport into the optical character recognition (OCR) device.

The alphanumeric lines printed according to MRZ standards of ICAO help the device to read the data. It is printed in OCR-B font (designed by Adrian Frutiger), a monospace font developed in 1968. It serves the same purpose as OCR-A but has a less technical appearance.

The data is printed in the effective reading zone of 17mm x 118mm and contains details such as document type, country, surname, given name, passport number, passport number check digit, date of birth, date of birth check digit, sex, expiry date, and expiry date check digit. Sometimes, additional data may be printed, and it is at the discretion of the issuing country.
All countries that are signatories to the Chicago Convention started to issue machine-readable passports by April 1, 2010. All non-MRTD passports had been phased out by 2015.

RFID

RFID, or Radio Frequency Identification, is a technology that utilises radio signals to exchange identifying data. In simple words, a specific object is identified by a small tag or label. The Fastag employed for toll collection in India uses RFID technology.

In 1973, Mario Cardullo invented RFID and RFID protocol works using three sub-systems.

  1. RFID tag
  2. Readers
  3. RFID antenna embedded in the tag.

There are two types of RFID tags

  1. Active tag – powered by an internal battery.
  2. Passive tag – operates from the power of the radio signals.

In near-field RFID, the readers produce an alternating magnetic field. When a tag comes in this field, it induces a voltage and powers the chip to transmit data back. Far-field RFID works with propagating electromagnetic waves.

An RFID system usually operates across various frequency bands.

  1. Low frequency – 125 kHz to 134.2 kHz.
  2. High frequency – 13.56 MHz.
  3. Ultra high frequency – 860 MHz to 915 MHz.

Tags in E-passport

E-passports use passive tags. According to ICAO standards, an e-passport tag will have a dimension of 125 mm x 88 mm. It operates specifically at 13.56 Mhz.

So, when the passport is presented to the reader, the data stored on the chip is transferred through an RFID protocol. Thus, in a short time, the identity of the passport holder is confirmed.

What is an E-Passport or Biometric Passport?

An E-passport is a travel document that incorporates biometrics to authenticate the identity of the passport holders. Typically, it stores data in an RFID chip embedded within the passport.

The data is stored in the EPROM memory of the RFID chip, which has a capacity of at least 32 KB. The data will be transmitted using the ISO/IEC 14443 Type A or B protocol.

However, in this transfer, there is a serious vulnerability, as the transmitted data can appear in plain text. To ensure security, e-passport stores data in a unique way.

How is the secure transmission of data ensured?

To make the transfer more secure, a very miniature antennae is placed in the passport. Therefore, hackers in proximity cannot access it because the reader must be very close to the passport. Data readers capture data over distances of up to about 75 cm.

To ensure greater security in data transfer, the microchip can be strategically placed at four points within the e-passport.

  1. On the biographical page of the passport (inside the front cover).
  2. Between the last paper and the back cover of the passport.
  3. In between the center page.
  4. Own a special page in the passport; if the passport has a special page for the chip, then this special page cannot be used as either a vis or a travel stamp page.

How is data stored in e-passports?

The data in the passport is organised into logical data groups, and the dataset in the passport is called a logical data structure of LDS. These data groups are organised into different ones from DG1 to DG19.

DG1 contains data such as document type, name, nationality, DOB, and DOB check digit, etc. In short, DG1 contains the data present in the MRZ or machine-readable zone of the passport.

DG2 to DG4 are referred to as encoded identification features. DG2 contain photo, DG3 contains fingerprint data, and DG4 contains iris scan data.

Photos and fingerprints are stored in a compressed JPEG format or JPEG 2000. This is used to make it independent of the evaluation method. An Iris scan is a convenient and effective way to establish true identity. During the scan, about 250 unique features can be recognised, which in turn leads to a theoretical probability of 1:10 to compute the same iris template for two different persons.

To protect sensitive data, such as iris scans, from unauthorised access, public key authentication-based extended access control is used. BAC, or Basic access control, prevents the reading of data in DG1 and DG2 when the passport is closed. Extended Access Control (EAC) is used to provide additional security for biometric data in DG3 and DG4. EAC include chip authentication and terminal authentication.

Chip authentication helps to establish a secure connection, and terminal authentication helps to confirm the authenticity of the terminal certificate.

How Basic Access Control Works?

  1. The e-passport reader at the point of entry can access the information when it is presented or flashed in front of it.
  2. When the e-passport is flashed, the information stored in the machine-readable zone is optically processed. This requires an opened passport to be placed on an optical scanner or swiped on a scanner. This step helps to prevent an attack by a third party.
  3. The information in the MRZ is used to generate a key for creating a crypto-protected link. Interestingly, only selected data from MRZ is used for this purpose. For example, document number, document number check digit, DOB, DOB check digit, expiry, expiry check digit. Only data protected by a check digit is used, as this increases the robustness of the method.
  4. If the MRZ data is correct, then it will establish the authenticity of identity.

The generated key is calculated with 109 or 108 possible alphanumeric passport numbers (India uses eight alphanumeric digits, and some other countries use nine), 365 x 100 possible dates of birth, and 365 x 10 possible expiry dates (if valid for 10 years. In case 5 years then 365 x 5). The resulting key has an entropy of 1.3 x 107 (In case of a nine-digit passport number. In case of an eight-digit number, then the value varies), which corresponds to the entropy of a DES key with a 56-bit key space. This is a rough calculation to demonstrate the number of combinations, so the check digits are excluded.

To increase security, the system utilises a contactless data transmission protocol compliant with ISO 14443.

how e passport works upsc
e passport authentication

How is sensitive data protected in an e-passport?

The BAC only protects data that is accessible to passport holders. To provide sufficient security for more sensitive data, such as biometric data, an extended access control is employed. It is based on public key authentication of the terminal and passport, and secure messaging proceeds by a Diffe-Hellman key exchange.
The objective of EAC is to provide a more comprehensive and practical authentication protocol. It includes

Chip Authentication

Chip authentication is created to establish a secure connection between radio frequency (RF ) chips and readers. This procedure helps to identify the cloned passports.

Terminal authentication

In this procedure, a reader sends its read authorisation to an RF chip in the form of a terminal certificate. The reader also transmits its CVCA certificate. Trusted certificate authorities sign public keys unique to each country (digital signature). The highest-level certificates in the ICAO PKI hierarchy are called country-signing certificates issued by national root CAs or CSCAs.

The PKI or public key infrastructure algorithms used are the RSA algorithm, the DSA scheme, and the elliptic curve DSA. The hash functions used for calculating digital signatures are SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 (SHA stands for Secure Hash Algorithm).

ICAO 9303-1.2 specifies a mechanism called Active authentication, which is optional. It prevents chip substitution.

IACO-mandated standards for e-passports

The ISO/IEC 19794-5 specification for storage of facial recognition templates.
The ISO/IEC 19794-6 specification for storage of iris recognition templates.
The ISO/IEC 19794-4 specification for storage of fingerprint recognition templates. (Minutiae-based fingerprint recognition is more accurate)
The ISO/IEC 19794-2 specification for storage of fingerprint minutiae information.
The ISO/IEC 1974-3 specification for storage of the fingerprint pattern information.

Advantages of e-passport

  1. The embedded RFID chip securely stores the same information found in the MRZ of traditional passports, along with photo and biometric data.
  2. It facilitates faster processing at border control points and enables travellers to pass through security checks more quickly.
  3. The International Civil Aviation Organization (ICAO) standards ensure that they are machine-readable and compatible with global border control systems.
  4. Advanced security protects the data from unauthorised reading, known as “skimming” and “Eavesdropping attacks”.
  5. E-passports are integral to various international travel programs, such as the U.S. Visa Waiver Program. It is mandatory if the passport is issued after October 26, 2006.
  6. Enhances surveillance and security in the context of national and international travel. 
  7. E-passports prevent passport forgery.

expreppro.in

operation smiling buddha operation shakti
Science

Operation Smiling Buddha and Operation Shakti- Explained | UPSC

Operation Smiling Buddha was India’s first successful nuclear weapons test, which took place on May 18, 974, at the Pokhran test range in Rajasthan. Once again, India tested its nuclear weapons under a code-named Operation Shakti. On May 11, 1998, India conducted five nuclear tests at the Pokran Test Range in the Thar desert.

Read More
SpaDeX
Science

SpaDeX mission or Space Docking Experiment – Explained. UPSC.

SpaDeX mission is the technology demonstration experiment conducted by ISRO on December 30, 2024, to master space docking technology. A PSLV rocket launched two satellites to test the efficiency of the newly developed Bharatiya Docking System. With this SpaDeX mission or Space Docking Experiment, India will become the fourth country after the USA, Russia, and China to master space docking technology, and it will help in future space missions like Chandryan-4.

Read More
zoonotic diseases
Science

Brief Notes On Important Zoonotic Diseases. Part One.

Zoonotic diseases are infections that can be transmitted from animals to humans. These diseases can significantly impact public health, animal health, and the economy. Here are some brief notes on critical zoonotic diseases.

Read More
Expreppro© 2025. Explore the quality content proudly crafted in India. 🇮🇳