>>> It’s not sufficient to look up the passport number to find the details it should contain, or check the digital signature?

That would require access to the passport database of each country and 24/7 network connectivity.

For border control in an airport, maybe it's possible to operate in these conditions. However the product certainly has more use cases.

Exactly. And there would be a lot more hurdles since countries generally don't give such access without good reason.

Another issue would be reliability. Doing an attack on the network to break the verification backend would cause a fallback to manual border control which is a problem if your whole process is already relying on the automated gates and you have scaled back the available agents.

Doing that during a time with very high demand would allow an "attacker" to use it to get more people through due to less attention of the border guards.

If I remember correctly the usual timespan a border agent is considered to be attentive enough is 2 hours, at which point they would need to be rotated out, but if your demand has unexpectedly increased so much that you operate twice the manual gates you don't have the people for the normal rotation

Observation: China, a few years back. The train system has been going from a paper ticket approach to a ID-based approach. (You've had to show ID to buy the paper tickets anyway.) They also work on a system where you scan your ticket upon leaving, also--it catches someone who rides further than they paid for.

At the time some cities were fully converted and were willing to accept (with some difficulty, the scanners were picky!) our passports others only had the local ID readers. (The local ID has embedded RFID, you just touch it to the scanner plate and the gate opens.) However, others were not--a couple of times security simply let us out without doing any sort of check.

I had no idea passport control would be offline in this day and age. TIL. Thanks!

Checking a digital signature (as proposed by GP) would not require database access or network connectivity.

If the biographic details were cryptographically signed, you'd need only a public key for each passport-issuing country.

I'm not sure how you'd deal with key revocation in situations like this.

Revoking a CSCA especially towards the end of the lifetime (passports are usually valid for 5 to 10 years) is probably not economically possible since it would invalidate millions of passports all at once so you have to fall back to optical features anyway

It's actually done this way. Back in 2014 there were basically two ways to get the public certs. Donwload them from each government site individually or use the only PKI infrastructure available for this task which was pretty expensive and did not have all certs either.

And as far as I recall signatures were only checked for being signed by a valid key not if the key matches the country of origin. So someone in country A could sign a forges passport from country B (but not 100% sure on that anymore)

I assume it would part of layered defense, and specifically targeting someone replicating credentials.

Not sure how much I am able to say, it's already several years old but the bottom line is there are so many different documents that it's not always possible to check the digital signature, either because it does not have a digital signature (we are not only talking about passports but all possible documents), can't read it because the chip is damaged, or has no way to verify the signature because the scanner does not have the certificate chain. And there are attacks where you simply forward the communication over the network to a remote reader so that the gate thinks it's talking to a real passport but the physical passport is somewhere else.

And older passports use weaker hash functions to verify the integrity of the data