How Yivi verifies passport authenticity: a deep dive into e-passport security
← Back to Knowledge Base

How Yivi verifies passport authenticity: a deep dive into e-passport security

Dibran Mulder 5 min read
passport security cryptography PKI authentication

Introduction

When you scan your passport with the Yivi app, a sophisticated cryptographic verification process takes place behind the scenes. This ensures that your passport is genuine and hasn’t been tampered with. In this article, we’ll explore the technical details of how Yivi verifies passport authenticity using international security standards.

The e-Passport Security Architecture

Modern passports contain an RFID chip that stores biometric data and personal information. These “e-passports” implement security measures defined by the International Civil Aviation Organization (ICAO) in the 9303 standard. The security is built on a Public Key Infrastructure (PKI) that enables cryptographic verification of passport data.

e-Passport PKI Structure

The PKI structure consists of three main layers:

  1. Country Signing Certificate Authority (CSCA): The root certificate authority of each issuing country
  2. Document Signer Certificate (DSC): Intermediate certificates used to sign passport chips
  3. Passport Chip: Contains the signed data (DG1-DG16) and security object (SOD)

Passive Authentication: Verifying the Digital Signature

The first and most crucial step in passport verification is Passive Authentication. This process verifies that the data on the passport chip was genuinely signed by the issuing country and hasn’t been modified since issuance.

How it Works

  1. Reading the Chip: Yivi reads the passport’s security object (SOD), which contains a digital signature created by the issuing country
  2. Certificate Chain Verification: The signature is verified using the Document Signer Certificate (DSC), which itself is signed by the Country Signing Certificate Authority (CSCA)
  3. Masterlist Validation: The CSCA and DSC certificates are validated against official government masterlists

Masterlist Support

Yivi currently supports passport verification for hundreds of countries.
We do this by validating passport data against two master lists:

These masterlists are regularly updated lists of valid Document Signer Certificates published by each country’s government. By checking against these official lists, Yivi can detect:

  • Expired certificates
  • Revoked certificates
  • Fraudulent certificates

If the certificate chain is valid and present in the masterlist, we know the passport data is authentic and hasn’t been altered.

Active Authentication: Proving the Chip is Genuine

While Passive Authentication verifies the data, it doesn’t prove that the chip itself is genuine. A sophisticated attacker could theoretically copy valid data from a real passport chip to a fake one. This is where Active Authentication comes in.

How it Works

Active Authentication uses a challenge-response protocol:

  1. Challenge: Yivi generates a random challenge and sends it to the passport chip
  2. Response: The chip signs this challenge using its private key (stored securely on the chip)
  3. Verification: Yivi verifies the signature using the public key stored in the passport’s DG15 data group

This proves that the chip possesses the private key and is therefore genuine. Importantly, the private key never leaves the chip, making it extremely difficult to clone.

Implementation in Yivi

Yivi implements Active Authentication when the passport chip supports it (indicated by the presence of DG15). Not all passports support Active Authentication, as it’s an optional feature in the ICAO standard. When available, Yivi automatically performs this additional security check to provide the highest level of assurance.

Data Groups and Hash Verification

The passport chip stores data in numbered data groups (DG1-DG16), such as the following data groups that we read:

  • DG1: Machine Readable Zone (MRZ) data
  • DG2: Facial image
  • DG11: Additional personal details
  • DG15: Public key for Active Authentication

Each data group’s hash is stored in the Security Object (SOD) and protected by the digital signature. When Yivi reads the passport:

  1. Each data group is hashed
  2. The hash is compared to the value in the SOD
  3. The SOD signature is verified using the certificate chain

This ensures that no data group has been modified since the passport was issued.

Security Guarantees

By combining Passive Authentication, Active Authentication (when available), and masterlist verification, Yivi provides strong security guarantees:

Authenticity: The passport was issued by a legitimate government authority
Integrity: The data hasn’t been modified since issuance
Non-clonability: Active Authentication prevents chip cloning (when supported)
Up-to-date Validation: Regular masterlist updates ensure revoked certificates are detected

Privacy by Design

When verifying your passport, Yivi places great importance on privacy protection and transparency. The entire verification server is fully open source and publicly available at github.com/privacybydesign/go-passport-issuer.

When you scan your passport, the data from the chip is temporarily sent to this server for cryptographic validation. The server checks the authenticity of the signatures and certificates using the official government masterlists. Importantly, this information is never stored — it is used only during the validation process.

After successful verification, the relevant data is transformed into a digital credential, containing only the information strictly necessary for your chosen purpose — in line with the principle of data minimization.

Derived attributes are computed, such as:

  • Age cohorts (e.g., 18-plus)
  • Citizenship indicators (e.g., EU citizen)
  • Birth year (without exact date of birth)

This ensures that only minimal, privacy-preserving data is shared.

The generated credentials are issued in two formats:

  • SD-JWT VC: compatible with the OpenID4VP protocol, offering broad interoperability across ecosystems
  • Idemix: compatible with the IRMA protocol, providing the strongest privacy guarantees through selective disclosure and unlinkability

Users can choose which protocol best suits their needs:
the IRMA protocol for maximum privacy or OpenID4VP for wider interoperability.

Conclusion

The cryptographic security of e-passports, combined with Yivi’s rigorous verification process, provides a level of assurance comparable to physical passport inspection – but with the convenience of digital verification. By supporting both Dutch and German masterlists and implementing both passive and active authentication, Yivi ensures that passport-based identity verification is secure, reliable, and privacy-preserving.

Want to learn more about integrating passport verification into your organization? Contact us to discuss the possibilities.