Extended Access Control

Extended Access Control is a mechanism specified to allow only authorized Inspection system (system used to read e-passport) to read sensitive biometric data (fingerprints). EAC is mentioned in ICAO Doc 9303 but the description there is very subtle. There are several different implementation of the mechanism. Besides other implementation EU Member must implement EAC into the e-passports storing fingerprints. The European Commission in its decision No 2909 from the 28th June 2006 described what technology will be used to protect fingerprints in the Member States e-passports. The deadline for the member states to start fingerprint enabled e-passport issuing is 28.6.2009. The specification selected for EU e-passport EAC was prepared by German BSI in TR 3110 ^[1]. Several other countries implement their own EAC.

Extended Access Control as defined by EU

EAC - Chip Authentication

Chip Authentication (CA) has two functionalities:

authenticate the chip and prove that the chip is genuine (not cloned);
establish strongly secured communication channel (stronger than the one established by BAC mechanism)

EAC - Terminal Authentication

Terminal Authentication (TA) is used to determine whether the Inspection System (IS) is allowed to read the sensitive data from the e-passport. The mechanism is based on digital certificates. The certificate format is not X.509 but card verifiable certificates.

External references

^ "Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC)" (PDF). Retrieved 2008-05-05. {{cite web}}: |first= missing |last= (help)

This standards- or measurement-related article is a stub. You can help Wikipedia by expanding it.

[tr3110-1] "Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC)" (PDF). Retrieved 2008-05-05. {{cite web}}: |first= missing |last= (help)

[1]