Evolution E-Passports | Citizen ID | Mobile Authentication

The Evolution of ePassports: Extended Access Control (EAC)

Countries are now beginning to evolve their ePassport programs to a second generation framework that include capabilities for Extended Access Control (EAC). European Union (EU) Member countries will be required to add fingerprint data to machine readable travel documents (MRTDs) with the biometric information protected through the EAC scheme. Entrust is participating in related standards bodies and is releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).

EAC is the process defined for ensuring that only authorized entities are able to access biometric data (iris scan and/or fingerprint) stored on the contactless chip on an electronic passport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.

Protecting Biometric Data with Extended Access Control [135 kb]

EAC are ISO 7816 Card Verifiable (CV) certificates rather than X.509 public key certificates. All CV certificates have short validity periods and there is no revocation scheme used. Therefore, components within the EAC CV Certificate Infrastructure must be coordinated for the efficient management of receipt and processing of frequent certificate requests, and the efficient delivery of certificates for use by IS.

CV certificate issuers are Certification Authorities (CA) established in a two-tier CA infrastructure in support of in-country and foreign IS, which employ the certificates for access to biometric data on cards. The function of these CAs is aligned with that of CAs in a typical X.509 infrastructure with respect to certificate issuance. To assist organizations in developing and testing their CV certificate capabilities, Entrust has established a CVCA demonstration and test Web site.

For purposes of standardizing international communications for certificate management for EAC, the Brussels Interoperability Group (BIG) established the Single Point of Contact (SPOC) protocol.

Featured Resources

ePassport tests put biometrics through their paces

Press Releases

Podcasts

The PKI Phoenix Rises

White Papers

Data Sheets

Quick Links

Authentication and Data Protection Solutions

Entrust security products are trusted by security experts and are known for their reputation for reliability and manageability. Our innovative suite of authentication solutions include digital certificates (including device certificates), two factor authentication and token security products that provide trusted security for less. Entrust's data protection solutions can help organizations meet regulatory mandates such as FFIEC or PCI security. For this reason, business and governments alike rely on Entrust over other solution providers and certification authorities to meet and exceed rigorous IT security requirements.