Extended access control

From Wikipedia, the free encyclopedia

All or part of this article may be confusing or unclear.
Please help clarify the article. Suggestions may be on the talk page. (June 2008)

To comply with Wikipedia's lead section guidelines, the introduction of this article may need to be rewritten.
Please discuss this issue on the talk page and read the layout guide to make sure the section will be inclusive of all essential details.

Extended Access Control is a mechanism specified to allow only authorized Inspection system (system used to read e-passport) to read sensitive biometric data (fingerprints). EAC is mentioned in ICAO Doc 9303 but the description there is very subtle. There are several different implementation of the mechanism. Besides other implementation EU Member must implement EAC into the e-passports storing fingerprints. The European Commission in its decision No 2909 from the 28th June 2006 described what technology will be used to protect fingerprints in the Member States e-passports. The deadline for the member states to start fingerprint enabled e-passport issuing is 28.6.2009. The specification selected for EU e-passport EAC was prepared by German BSI in TR 3110 ^[1]. Several other countries implement their own EAC.

1 Extended Access Control as defined by EU
- 1.1 EAC - Chip Authentication
- 1.2 EAC - Terminal Authentication
2 External references

[edit] Extended Access Control as defined by EU

[edit] EAC - Chip Authentication

Chip Authentication (CA) has two functionalities:

authenticate the chip and prove that the chip is genuine (not cloned);
establish strongly secured communication channel (stronger than the one established by BAC mechanism)

[edit] EAC - Terminal Authentication

Terminal Authentication (TA) is used to determine whether the Inspection System (IS) is allowed to read the sensitive data from the e-passport. The mechanism is based on digital certificates. The certificate format is not X.509 but card verifiable certificates.