What does Active Authentication (AA) add to a biometric passport beyond Passive Authentication?
AA proves the chip is the original (not a clone), via a challenge-response with a private key embedded in the chip that never leaves it.
The protocol:
- The chip has its own asymmetric key pair. The public key is signed by the Document Signer and stored on the chip alongside the data.
- The reader sends the chip a random challenge (nonce).
- The chip signs the challenge with its private key and returns the signature.
- The reader verifies the signature using the public key (which it just verified via PA).
Because the private key never leaves the chip, a counterfeit chip cannot produce a valid response — it can only copy the data, not the private key.
Why both PA and AA are needed:
- PA only: detects altered data, but a perfect clone passes.
- AA only: proves chip authenticity, but doesn't bind it to a specific person's data.
- PA + AA together: data is genuine and this chip is the one the country issued.
Known weakness: AA can be used as a traceability oracle — a malicious reader can ask the chip to sign attacker-chosen data, which could later be presented as evidence "this person was here." Newer schemes (Chip Authentication, part of EAC) avoid this by deriving session keys instead.
Tip: AA is optional in ICAO Doc 9303 — some countries skip it for cost reasons. If a passport supports AA, you'll see it in the chip's Common Data Object as a stored DG15 file.