New Extended Access Control technology to improve electronic passport security
26 December, 2007
category: Biometrics, Corporate, Government, NFC
Eric Skinner,
Chief Technology Officer,
Entrust
The next 12 months will witness a remarkable change. Specifically, 2008 will see the emergence of new and more sophisticated electronic passports across the globe, particularly in European Union (EU) countries. New information technology is emerging to better protect and verify the personal information contained in these documents.
The use of e-passports to more accurately ensure and verify the identities of travelers has gained momentum across the globe in recent years, with more than 40 countries currently issuing some type of electronic passport. And for good reason.
Security concerns, developing technologies and emerging standards have prompted national governments to pursue the issuance of machine readable travel documents containing a chip that stores information that can be verified against the data on the passport, thereby improving border control.
To facilitate interoperability across countries, the International Civil Aviation Organization (ICAO) has set global standards for e-passports. Since the e-passport contains sensitive personal information, security and integrity are critical. Therefore, the use of digital certificates and a public key infrastructure (PKI) have become integral to securing and verifying this data. In 2008, countries will begin to implement a new standard for digital certificates providing this functionality in preparation for a new generation of e-passport.
The initial generation of electronic passports in use today–throughout the EU and other countries–contain data protection under a scheme called Basic Access Control. In 2009, the EU countries will be required to add biometric data to the e-passport in the form of digital fingerprints. The strength of the security and verification around this data is evolving to protect this personal information through capabilities for Extended Access Control (EAC).
EAC is the process defined for ensuring that only authorized entities are able to access biometric data (such as an iris scan or fingerprint) stored on the contactless chip on an electronic passport. EAC also includes the authentication of a passport inspection station to the contactless chip, as well as the authorization of that inspection station to access the protected biometrics.
EAC provides a higher level of security during the verification process of e-passports. Not based on the X.509 standard, EAC will leverage a new type of certificate established by the ICAO known as a card verifiable (CV) certificate.
These next-generation passports will be required by all member EU nations by June 2009. The U.S. has yet to standardize on an EAC strategy.
While the remainder of the world has not yet established a timetable for implementing EAC, there is general agreement that the privacy of biometric data on electronic passports is critical; broad adoption of measures such as those provided by EAC can be reasonably expected over time.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews.com, ContactlessNews.com, CR80News.com, RFIDNews.org, FIPS201.com, NFCNews.com, ThirdFactor.com, and DigitalIDNews.com.