- By Category
- Entrust Authority
- Entrust SSL Certificates
- Entrust Discovery
- Entrust Entelligence
- Entrust GetAccess
- Entrust IdentityGuard
- Managed Services PKI
- Entrust Secure Transaction Platform
- Entrust TransactionGuard
- Entrust TruePass
- Entrust USB Tokens
- Products A-Z
The Evolution of ePassports: Extended Access Control (EAC)
Countries are now beginning to evolve their ePassport programs to a second generation framework that include capabilities for Extended Access Control (EAC). European Union (EU) Member countries will be required to add fingerprint data to machine readable travel documents (MRTDs) with the biometric information protected through the EAC scheme. Entrust is participating in related standards bodies and is releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).
EAC is the process defined for ensuring that only authorized entities are able to access biometric data (iris scan and/or fingerprint) stored on the contactless chip on an electronic passport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.
EAC are ISO 7816 Card Verifiable (CV) certificates rather than X.509 public key certificates. All CV certificates have short validity periods and there is no revocation scheme used. Therefore, components within the EAC CV Certificate Infrastructure must be coordinated for the efficient management of receipt and processing of frequent certificate requests, and the efficient delivery of certificates for use by IS.
CV certificate issuers are Certification Authorities (CA) established in a two-tier CA infrastructure in support of in-country and foreign IS, which employ the certificates for access to biometric data on cards. The function of these CAs is aligned with that of CAs in a typical X.509 infrastructure with respect to certificate issuance. To assist organizations in developing and testing their CV certificate capabilities, Entrust has established a CVCA demonstration and test Web site.
For purposes of standardizing international communications for certificate management for EAC, the Brussels Interoperability Group (BIG) established the Single Point of Contact (SPOC) protocol.
- Entrust EAC ePassport PKI Operates 'Flawlessly' at Prague, Leveraging Slovenia and UK Infrastructure
- Entrust, 3M Collaborate to Provide End-to-End Secure ePassport Solution
- Entrust, GET Group Collaborate to Provide Comprehensive ePassport Solutions
- Entrust Turns Second-Generation ePassport Vision Into Reality
- Protecting Biometric Data with Extended Access Control
- A Trust Framework for ePassport Extended Access Control
- A Trust Infrastructure for ePassports