- About
- Products
- Services
- Locations
- Partners
- Developers
- Resources
- News/Events
- Customers
The ePassport Evolution
Understanding the Importance of BAC and EAC Technology
The protection of national borders has always been a global concern, but innovations in technology have provided advanced tools to secure countries, accurately identify individuals and authenticate sensitive data.
At the forefront of this movement are electronic passports, commonly referred to as "ePassports." A vital tool to improve border security, ePassport travel documents contain an electronic chip that stores information that can be verified against the data on the passport as well as against the individual.
Because of the sensitivity of this personal information (e.g., digitized photographs or other biometrics) the security and integrity of ePassports are critical. To protect these assets, public key infrastructure (PKI) is an integral technology for the security and verification infrastructure of ePassports.
The first generation of ePassport technology was based on Basic Access Control (BAC), which features passive and optional active authentication and is in production in Europe and many parts of the world. While BAC is appropriate for governments just beginning ePassport projects, countries wishing to deploy more advanced ePassports require a higher level of security.
Thus, a new standard in ePassport security was formed — Extended Access Control (EAC). This technology was developed to provide governments a way to authenticate access to secure more sensitive biometric information (e.g., digital fingerprints, iris patterns, etc.).
>> Want to know more about BAC and EAC ePassport technology? Click here.
EAC is the process defined for ensuring that only authorized entities are able to access this biometric data stored on the contactless chip on an ePassport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.
Why is this important? One of the primary ways in which new ePassports differ from existing ones is that they can be loaded with the biometric data sets that are more difficult to substitute than printed data sets and more difficult to impersonate than facial photographs.
Unlike some other common credential types, biometric data sets cannot be withdrawn once compromised. So they should only be revealed to systems that can be trusted to handle them properly.
Biometric data sets are possibly most vulnerable when the passport falls into criminal hands. But other abuses that can occur include: using them for reasons other than the declared purpose, sharing them with others and failing to delete them immediately after use. The problem is: how can the passport tell whether the passport inspection system that is interrogating it is trustworthy? This is the function of the EAC features of electronic passports.
To date, many governments across the globe have implemented BAC ePassports. Entrust, for example, provides BAC ePassport security for a number of top global e-governments, including the U.S., U.K., Slovenia, Singapore, New Zealand and Taiwan.
By 2009, European Union (EU) member countries will be required to add fingerprint data to machine-readable travel documents (MRTDs) with the biometric information protected through the EAC scheme.
To learn more about EAC ePassports, as well as the trust infrastructure behind ePassport security, download two of our free thought-leading white papers.
>> A Trust Infrastructure for ePassports>> A Trust Framework for ePassports: Extended Access Control
Contact Us
- 1-888-690-2424
- Request a call
- Find a local office