Entrust Inc. has been selected to supply the certificate authority software for Finland’s migration to second-generation electronic passports based on the Extended Access Control (EAC) standard.
With the European Union’s June 2009 deadline for migration to the EAC standard on the horizon, Finland’s Population Register Centre expects the transition to the new EAC e-passport Certificate Authority solution to be complete by the end of the first quarter in 2009.
Upon migration, the Finnish Population Register Centre will be able to provide the Finnish Police the necessary services for issuing of EAC e-passports to its citizens. To support its migration to the new documents, the Finnish Population Register Centre acquires Professional Services and security hardware from its partner nCipher.
Other EU countries also are starting to evolve their e-passport programs to the second-generation EAC framework. EU Member States will be required to add fingerprint data protected by EAC to machine-readable travel documents by or before the June 2009 deadline.
EAC enables governments to leverage a fingerprint or iris scan with the documents. They require the passport reader to authenticate itself to the passport chip, thereby preventing skimming, the practice of an unauthorized reader interrogating the chip and extracting sensitive personal information. EAC e-passports also strengthen the encryption of the communication between the chip and the reader, preventing eavesdropping of the passport data.
Because of the requirement for the passport chip to authenticate the reader, the PKI requirements are much higher, demanding a vendor that can provide scalability, reliability and performance. It is this PKI foundation that enables e-passports to be read at border stations, but not by criminals who may seek access to the data for purposes of manipulation or impersonation.