Extended Access Control (EAC)

Categories: Access Control

EAC (Extended Access Control) is a set of advanced security features between a terminal and electronic passports (ePassport) that protects and restricts access to sensitive personal data contained in the RFID chip. It enables mutual authentication and establishment of a secure communication channel between a smartcard (ePassport) and a terminal. In contrast to common personal data (like the bearer’s photograph, names, date of birth, etc.) which can be protected by basic mechanisms, more sensitive data (like fingerprints or iris images) must be protected further for preventing unauthorized access and skimming. A chip protected by EAC will allow that this sensitive data is read (through an encrypted channel) only by an authorized passport inspection system.

EAC was introduced by ICAO as an optional security feature additional to Basic Access Control (BAC) for restricting access to sensitive biometric data in an electronic MRTD. A general idea is given: the chip must contain chip-individual keys, must have processing capabilities and additional key management will be required. However, ICAO leaves the actual solution open to the implementing States.

« Back to Glossary Index