Last updated 4 June 2017
October 2008 saw Gemalto selected by the Imprimerie Nationale, France’s national printer, to supply its Document Issuance solution for personalizing the second-generation of French
biometric passport with digital biometric information like fingerprints.
All European Member States must include digital biometric information in every passport issued from June 2009, a deadline France has been able to meet.
French biometric passport
France has been an early member of the
US Visa Waiver Program which allows French citizens to travel to the United States for tourism or business for stays of 90 days or less without first obtaining a visa.
The 2008-426 decree of 30 April 2008 set up the legal framework for the launch of the second generation of French electronic passport.
As of end of June 2009, all French passports are fitted with a micro-controller that contains biographic data and the holder's portrait in digital format, as well as
2 fingerprints. In the enrollment phase, 8 fingers are captured, even though only 2 prints will be kept.
e passport, along with the national ID card allow for free rights of movement and residence in any of the states of the European Union and European Economic Area.
The French passport has a
validity of 10 years for adults (18+) and only 5 years for minors. It costs €86 for an adult, €42 (minor of 15-18 years) and €17 (minor of less than 15) as of December 2016.
The Imprimerie Nationale issues around three million biometric passports per year.
EAC for French Passport
EAC (extended access control) is mandatory. This security mechanism limits access to additional biometrics to the issuing country and countries that have permission from the issuing country. This capability will be used to protect fingerprints, iris scans as option and other privacy-sensitive data.
EAC is based on a chip-dedicated Diffie-Hellman asymmetric key pair using either DH (PKCS#3) or ECDH (ISO 15946), the latter implementing elliptic curve cryptography.
The public part of the key is digitally signed by the issuing country, while the microprocessor contains the matching private part which can never be read out.
Through chip authentication, the terminal ascertains that the chip possesses that private part, thereby identifying it as genuine and making chip cloning unfeasible.
An attacker aiming at cloning the ePassport faces the practical problem of computing the microprocessor’s private key given the public elements (which can always be obtained freely). Carrying out this task is commonly referred to as the Discrete Logarithm problem and requires gigantic computational resources even for practical key sizes.
In other words : a brute-force attack, where the attacker gathers as much computational power as possible and implements the fastest known discrete-log extraction algorithm (currently GNFS) would typically require 273 (respectively 2103) operations for a 1024-bit (resp. a 2048-bit) DH public key, and 2128 operations for a 256-bit ECDH public key.
This represents several decades of unceasing computations over a large-scale computer network and exceeds by far the limits of practical feasibility.
French residence permit
As of May 2012, the French residence permit (TSE or
Titre de Séjour pour Etranger) now incorporates two fingerprints in addition to the bearer's portrait in the microprocessor located on the back of the credit-card size card.
This document is a renewable permanent residence permit allows its holder to live in France for up to 10 years.
The same issuance solution from Gemalto is enabling the personalization of an annual production of 800,000 residence permits.
New French driver's license
As of September 2013, The new French driver's license is replacing the traditional pink paper document.
Imprimerie Nationale also selected Gemalto’s Document Issuance solution to personalize the new document in-house.
Read the Press Release: Imprimerie Nationale Selects Gemalto's Personalization Solution for France's New Biometric Passports