Government

The Evolution of E-Passports: Extended Access Control (EAC)

Countries are now beginning to evolve their e-passport programs to a second generation framework that include capabilities for Extended Access Control (EAC). European Union (EU) Member countries will be required to add fingerprint data to machine readable travel documents (MRTDs) with the biometric information protected through the EAC scheme. Entrust is participating in related standards bodies and is releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).

EAC is the process defined for ensuring that only authorized entities are able to access biometric data (iris scan and/or fingerprint) stored on the contactless chip on an electronic passport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.

EAC are ISO 7816 Card Verifiable (CV) certificates rather than X.509 public key certificates. All CV certificates have short validity periods and there is no revocation scheme used. Therefore, components within the EAC CV Certificate Infrastructure must be coordinated for the efficient management of receipt and processing of frequent certificate requests, and the efficient delivery of certificates for use by IS.

CV certificate issuers are Certification Authorities (CA) established in a two tier CA infrastructure in support of in-country and foreign IS, which in turn employ the certificates for access to biometric data on cards. The function of these CAs is aligned with that of CAs in a typical X.509 infrastructure with respect to certificate issuance.

Entrust has established a CVCA demonstration website. To access the site, please visit https://www.entrust.com/forms/eac-demo/index.htm.