The vast majority of identity documents in their most modern versions and electronic passports follow international standards and have an NFC chip that stores and processes the document information without risk.
The information that the NFC chip incorporates usually varies and ranges from an electronic certificate and the keys for its use to the holder’s data in digital format, including the signature or the photograph printed in the document.
As many smartphones and tablets have sturdy cameras and NFC reader chips in their hardware this functionality can be used for digital onboarding processes in which the identity of a user is registered and verified through an identity document and facial biometrics.
There are multiple projects and use cases in which NFC technology of documents is used for identity verification processes in registries. Especially in those where security is critical.
Vueling and Aena use NFC reading technology to allow their passengers to enrol their biometrics remotely. These companies use NFC through their app and can go through the different controls through facial recognition when they are at Josep Tarradellas Barcelona-El Prat airport.
What is NFC technology and how does it work to read identity documents?
NFC (Near Field Communication) technology allows contactless, wireless and short-range communication (no more than 15cm) between two devices to make payments or exchange information.
To carry out the process of reading an identity document through NFC, the user must have a smartphone (Android or iOS) with a camera and NFC reading capacity. The steps of the process are:
1. Firstly, scan the MRZ (Machine Readable Zone) of the identity document using the device’s camera. In this area, there are three pieces of information (date of birth, issue date and document number). These pieces are essential to access the NFC chip and read the rest of the information.
2. Then, the user must bring the identity document close to the phone to read all its data via NFC (using the data read by OCR as the access key previously).
The extracted data includes a facial photograph of the holder in high resolution. If the reading of the document data is part of an enrolment or identity verification process (digital onboarding), we should add an extra step to that. The user is asked to take a life-sensing ‘selfie’ of their current face that will be biometrically compared to the one stored in the document.
What information does the NFC chip incorporate in Spanish identity documents?
Different types of ID coexist in Spain but only the last two versions have a chip that allows connection through NFC technology:
What data do the Spanish ID Card 3.0 and 4.0 chips include?
- An electronic certificate to authenticate the holder of the identity document.
- An electronic certificate that allows signing electronically (qualified signature).
- Certificate of issuing Certification Authority.
- Keys for the use of certificates.
- Identification data of the holder in digital format (high-resolution photograph, handwritten signature or fingerprint).
- Owner’s affiliation data
Security mechanisms in machine-readable travel documents MRTDs
The Spanish electronic passport and the ID Card in versions 3.0 and 4.0 have a contactless reader chip (NFC) that contains biographical information of the person (name, date of birth, nationality, etc.) and a face image.
To protect this data against different attacks, the documents implement a series of security measures defined in the ICAO International Standard, specifically 9303.
The different security controls that these chips implement try to ensure three things:
- Information privacy. In other words, the information cannot be read without the user’s consent, either by bringing an unauthorised reader closer to the document (skimming) or by intercepting the communication between the chip and an authorised reader (eavesdropping).
- Information authenticity. The information that has been read from the chip is authentic, issued by the competent authority of the issuing country, and has not been modified or altered.
- Chip authenticity. The information read is authentic and complete as well as the chip.
It corresponds to an original identity document and is not a copy.Spanish documents implement all three types of measures.
The organisations that issue identity documents protect the information on the chips through cryptographic-based access control that prevents the following attacks:
Skimming or unauthorised reading by bringing a reader closer to the identity document. Although the reader would have to be quite close to the chip (a few centimetres) an attack is possible in certain situations. To prevent this kind of attack, the documents implement some type of access control in which a password is required to read the contents.
Eavesdropping on the communication between the chip and a reader. To prevent this type of attack, access control protocols exchange keys between the reader and the chip and encrypt the communication between both parties with these keys.
There are two information access control protocols:
- Basic Access Control (BAC). It is the simplest (based entirely on symmetric cryptography) and the oldest of the two protocols and is based on the fact that to read the contents of the chip it is necessary to know three pieces of information from which an access key is derived:
- Document number
- Date of birth
In MobbScan, our document scanning solution allows reading by NFC to avoid the inconvenience that the user has to enter this data manually. The reading is done automatically through the smartphone’s camera and OCR technology.
The authenticity of the information
Unlike the measures to protect privacy, which focus on controlling access to information, there is another set of measures whose goal is to ensure that the information read from the chip was issued by the competent authority and has not been modified or altered.
This set of measures is called Passive Authentication (PA) in the ICAO 9303 terminology and is based on the concept of digital signature, widely used in many fields:
- The data (name, document number, dates, photo and so forth) are signed by the issuer of the document (the country’s government) with a private key that remains secret in its custody.
- The recipient of this information can read the information on the chip, and its signature and check its validity using the public keys that governments publish. The signature will not be validated if the information has been altered.
In practice, everything is a little more complicated due to the variety of cryptographic algorithms implemented by the different issuing states, because there is not a single certificate but a “chain of trust” of certificates, and the difficulty of having a single standard source and trustworthy public keys of the different issuing states.
NFC chip authenticity
The previous measures provide access control to the information in the chip and prove that the information is authentic. In addition, they prove that it has been issued by the competent authority and has not been altered.
However, they do not prove that the information was read from the original document since the chip could have been cloned (the equivalent of a photocopy in traditional documents).
Depending on the way in which it is used, this may be irrelevant or it may be absolutely necessary to prove that it is an original passport or ID and not a copy (and even that it is being presented by its legitimate owner, for which security measures come into play facial biometrics outside the scope of this document).
As anti-copy protection, the most widespread mechanism is the so-called Active Authentication.
Active Authentication is again based on the principles of asymmetric cryptography together with the anti-tampering capabilities of the chips that are capable of offering a private zone that cannot be read or cloned. The operation is as follows:
- A private key resides in the private area of the chip that cannot be read or cloned (due to hardware capabilities).
- The corresponding public key is part of the chip data that can be read and has also been signed by the issuing country to verify its authenticity.
- The terminator chooses a random challenge and sends it to the chip for it to sign with the private key.
- When the chip returns the signed challenge, the terminal can use the public key found among the accessible data of the chip (and whose authenticity can be verified thanks to the signature of the country certificate) to verify that the challenging signature is correct.
NFC chip authenticity
MobbScan, Mobbeel’s KYC solution, allows the information contained in certain identity documents that have an NFC chip to be read by contact, complying with and implementing all the security mechanisms and controls of the chip, both those that refer to the privacy of the information, such as passive and active chip authentication.
In most cases, the enrolment flow can be done through OCR capture, since only a clear image of the document is needed. In that case, any identity document could be captured and any device with a camera could be used.
In cases where security is a critical requirement (airports), the level of security required against possible fraudulent documents cannot be only offered with the information provided by static images with light, in a totally unattended and remote process.
That is why MobbScan in NFC capture mode enhances the security of any onboarding process.
I am a Computer Engineer who loves Marketing, Communication and companies’ internationalization, tasks I’m developing as CMO at Mobbeel. I am loads of things, some good, many bad… I’m perfectly imperfect.
Descubre qué es el Reconocimiento Facial
- Conoce la historia del reconocimiento facial: sus orígenes y evolución.
- Aprende cómo funcionan los sistemas de reconocimiento facial.
- Mira los distintos casos de uso y posibilidades de aplicación.
- Comprende las distintas implicaciones que tiene la tecnología en nuestra sociedad actual.
- Descubre los desafíos en ciberseguridad.
- Conoce las regulaciones implicadas en los procesos biométricos.