The New Swiss Passport(abduzeedo.com)
abduzeedo.com
The New Swiss Passport
https://abduzeedo.com/index.php/node/87632
21 comments
Pretty when presented on a design-heavy site. Would have to see it in-person.
Still has the privacy-invasive RFID/NFC. I would not recommend inadvertently deactivating such an unwanted privacy thief by forgetting it in a microwave and definitely not accidentally turning it on for 1 second because then government entities would have to rely on document identifiers from the OCR scanner as a primary key into regulated database access instead.
Still has the privacy-invasive RFID/NFC. I would not recommend inadvertently deactivating such an unwanted privacy thief by forgetting it in a microwave and definitely not accidentally turning it on for 1 second because then government entities would have to rely on document identifiers from the OCR scanner as a primary key into regulated database access instead.
The design on the passport made me thing that it would be really handy if the anti-forgery stuff contained information useful to a traveller, and not just be decorative.
E.g. emergency service phone numbers in different countries, is one that springs to mind. You could still make it all wiggly and fancy etc.
Why there’s no physical token as a passport yet!? Something like a yubico usb and can have it in the keychain would be ideal.
The NFC passports contain digital data, even your photo, you can use this app to see for yourself: https://play.google.com/store/apps/details?id=nl.innovalor.n...
Part of me really wants to try this. Part of me is terrified of scanning my passport with an app I have just heard of.
I just checked fdroid, and this app seems to work: https://f-droid.org/en/packages/com.tananaev.passportreader/
Strangely, to decrypt the data off the passport you need the passport number, the date of birth, and the expiry date. I assume this is why that playstore app needs to get a photo of your passport. Sure enough, my phone could read off other details about me including my photo after a few seconds of reading.
Never knew how it worked before, and assumed it was like how mifare DESfire cards work since the bytes I got from a simple reader app were different every time. (I assume that's done so you can't wirelessly ID people using their passports)
Strangely, to decrypt the data off the passport you need the passport number, the date of birth, and the expiry date. I assume this is why that playstore app needs to get a photo of your passport. Sure enough, my phone could read off other details about me including my photo after a few seconds of reading.
Never knew how it worked before, and assumed it was like how mifare DESfire cards work since the bytes I got from a simple reader app were different every time. (I assume that's done so you can't wirelessly ID people using their passports)
[1] says the decryption key is derived from those pieces of information, and the key derivation logic is public info, e.g. [2] is an implementation.
It's somewhat clever, if someone takes a photo of the first page, they already have your personal info, to steal it from the chip they still need to have visual on the info on that page.
[1] https://randomoracle.wordpress.com/2012/08/27/reading-the-us...
[2] https://github.com/AndyQ/NFCPassportReader/blob/main/Example...
It's somewhat clever, if someone takes a photo of the first page, they already have your personal info, to steal it from the chip they still need to have visual on the info on that page.
[1] https://randomoracle.wordpress.com/2012/08/27/reading-the-us...
[2] https://github.com/AndyQ/NFCPassportReader/blob/main/Example...
I’ll check with my Flipper!
Forgeries, identity theft, and invasions of privacy. Hard pass.
Plugging in USB into a government device at the border isn't what I would call secure...
For either party to be clear...
For either party to be clear...
Not necessarily a USB as an interface, and it shouldn’t contains any biometric either for privacy, just a paper replacement.
They are already RFID enabled (at least US ones have been for years).
You would want a paper version as a backup anyway in case the electronics fail.
You would want a paper version as a backup anyway in case the electronics fail.
The "paper version" is still required - the RFID is authenticated with information from the passport. The idea is at a border the passport itself will be scanned, OCR'd (from the data in the machine-readable zone) and then that information will be used to read the information + signature from the RFID chip to authenticate the document.
No, you're wrong. The person's passport number is a primary key into the issuer's database of valid documents as the ultimate source of truth. The RFID is another means in case the paper version wasn't legible, but at the expense of over-communicating details.
Wow. The new passport is a work of art. I'm sure many of the extra features are to help prevent counterfeiting, but they've been executed beautifully.
That document looks beautiful though, very reminiscent of CHF notes.