The Trust Framework for ePassport Extended Access Control
Unlike some other common credential types, biometric data sets cannot be withdrawn once compromised. So, they should only be revealed to ePassport systems that can be trusted to handle them properly. Biometric data sets are possibly most vulnerable when the passport falls into criminal hands.
The problem is: how can the passport tell whether the passport inspection system that is interrogating it is trustworthy? This is the function of the Extended Access Control (EAC) features of electronic passports.
Issuing states that want to protect their citizens against abuse of their personal information in foreign countries will place restrictions on the release of biometric data sets on a country-by-country and application-by-application basis. So, privilege management must be an integral part of the ePassport trust infrastructure.
Public key infrastructure (PKI) is the technology that has been chosen to establish, maintain and demonstrate the trustworthiness of the systems for releasing and verifying the passport holder’s biographical and biometric data sets. This is a well-established technology that has been successfully applied to Internet-scale applications, such as secure online transactions.Download File