Government

The Evolution of ePassports: Extended Access Control (EAC)

Countries are now beginning to evolve their ePassport programs to a second generation framework that include capabilities for Extended Access Control (EAC). European Union (EU) Member countries will be required to add fingerprint data to machine readable travel documents (MRTDs) with the biometric information protected through the EAC scheme. Entrust is participating in related standards bodies and is releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).

EAC is the process defined for ensuring that only authorized entities are able to access biometric data (iris scan and/or fingerprint) stored on the contactless chip on an electronic passport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.

Protecting Biometric Data with Extended Access Control [135 kb]

EAC are ISO 7816 Card Verifiable (CV) certificates rather than X.509 public key certificates. All CV certificates have short validity periods and there is no revocation scheme used. Therefore, components within the EAC CV Certificate Infrastructure must be coordinated for the efficient management of receipt and processing of frequent certificate requests, and the efficient delivery of certificates for use by IS.

CV certificate issuers are Certification Authorities (CA) established in a two tier CA infrastructure in support of in-country and foreign IS, which in turn employ the certificates for access to biometric data on cards. The function of these CAs is aligned with that of CAs in a typical X.509 infrastructure with respect to certificate issuance.

Entrust has established a CVCA demonstration website. To access the site, please visit https://www.entrust.com/forms/eac-demo/index.htm.

• Entrust Authority
• Entrust Authority Toolkits

• ePassport tests put biometrics through their paces

• Entrust EAC ePassport PKI Operates 'Flawlessly' at Prague, Leveraging Slovenia and UK Infrastructure
• Entrust, 3M Collaborate to Provide End-to-End Secure ePassport Solution
• Entrust, GET Group Collaborate to Provide Comprehensive ePassport Solutions
• Entrust Turns Second-Generation ePassport Vision Into Reality
• Entrust Expands Relationship with Slovenia, Implements Second-generation ePassport Solution
• Entrust, Hewlett Packard Partner to Deploy Taiwanese ePassports, Authenticate Biometric Data

• The PKI Phoenix Rises

• Protecting Biometric Data with Extended Access Control
• A Trust Framework for ePassport Extended Access Control
• A Trust Infrastructure for ePassports

• EAC Demonstration

• Extended Access Control: The Future of ePassports

• Entrust PKI Secures National ID Initiatives
• Entrust Solutions for E-Passport

• ICAO
• What is PKI?