LOGBOOK

HELP

Quiz Entry - updated: 2026.06.25

What does Active Authentication (AA) add to a biometric passport beyond Passive Authentication?

AA proves the chip is the original (not a clone), via a challenge-response with a private key embedded in the chip that never leaves it.

The protocol:

  1. The chip has its own asymmetric key pair. The public key is signed by the Document Signer and stored on the chip alongside the data.
  2. The reader sends the chip a random challenge (nonce).
  3. The chip signs the challenge with its private key and returns the signature.
  4. The reader verifies the signature using the public key (which it just verified via PA).

Because the private key never leaves the chip, a counterfeit chip cannot produce a valid response — it can only copy the data, not the private key.

Why both PA and AA are needed:

  • PA only: detects altered data, but a perfect clone passes.
  • AA only: proves chip authenticity, but doesn't bind it to a specific person's data.
  • PA + AA together: data is genuine and this chip is the one the country issued.

Known weakness: AA can be used as a traceability oracle — a malicious reader can ask the chip to sign attacker-chosen data, which could later be presented as evidence "this person was here." Newer schemes (Chip Authentication, part of EAC) avoid this by deriving session keys instead.

Tip: AA is optional in ICAO Doc 9303 — some countries skip it for cost reasons. If a passport supports AA, you'll see it in the chip's Common Data Object as a stored DG15 file.

From Quiz: ISF / Cryptographic Protocols & Requirements | Updated: Jun 25, 2026