Extended access control

Extended access control

"Extended Access Control" is a mechanism specified to allow only authorized Inspection system (system used to read e-passport)to read sensitive biometric data (fingerprints). EAC is mentioned in ICAO Doc 9303 but the description there is very subtle.There are several different implementation of the mechanism. Besides other implementation EU Member must implement EAC into the e-passports storing fingerprints. The European Commission in its decision No 2909 from the 28th June 2006 described what technology will be used to protect fingerprints in the Member States e-passports. The deadline for the member states to start fingerprint enabled e-passport issuing is 28.6.2009. The specification selected for EU e-passport EAC was prepared by German BSI in TR 3110 cite web
first = BSI
title = Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC)
url=http://www.bsi.de/fachthem/epass/TR-03110_v111.pdf
accessdate = 2008-05-05 ] . Several other countries implement their own EAC.

Extended Access Control as defined by EU

EAC - Chip Authentication

"Chip Authentication" (CA) has two functionalities:
* authenticate the chip and prove that the chip is genuine (not cloned);
* establish strongly secured communication channel (stronger than the one established by BAC mechanism)

EAC - Terminal Authentication

"Terminal Authentication" (TA) is used to determine whether the Inspection System (IS) is allowed to read the sensitive data from the e-passport. The mechanism is based on digital certificates. The certificate format is "not" X.509 but "card verifiable" certificates.

External references


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • extended Access Control — išplėstinė prieigos kontrolė statusas Aprobuotas sritis informacija, informacinės technologijos ir informacinė visuomenė apibrėžtis Sudėtingesnė informacijos apsaugos priemonė, leidžianti perskaityti luste saugomą informaciją tik atpažinus luste… …   Lithuanian dictionary (lietuvių žodynas)

  • Basic Access Control — (BAC) is a mechanism specified to ensure only authorized parties can wirelessly read personal information from passports with an RFID chip. It uses data such as the passport number, date of birth and expiration date to negotiate a session key.… …   Wikipedia

  • Standard Access Control List — Standard Access Control Lists (ACL) are Cisco IOS based commands used to filter packets on Cisco routers based on the source IP Address of the packet. Extended Access Control Lists have the ability to filter packets based on source and… …   Wikipedia

  • Media access control — The OSI model 7 Application layer 6 Presentation layer 5 Session layer 4 Transport layer 3 Network layer 2 …   Wikipedia

  • Media Access Control — The Media Access Control (MAC) data communication protocol sub layer, also known as the Medium Access Control, is a sublayer of the Data Link Layer specified in the seven layer OSI model (layer 2). It provides addressing and channel access… …   Wikipedia

  • Simplified Mandatory Access Control Kernel — Infobox Software name = Smack author = Casey Schaufler operating system = Linux genre = Computer security license = GPL2 website = http://schaufler ca.com/ latest preview version = linux 2.6.24 rc4 mm1Smack is a Linux kernel security module that… …   Wikipedia

  • Internet Group Management Protocol with Access Control (IGMP-AC) — The Internet Group Management Protocol with Access Control (IGMP AC) has been designed for incorporating AAA functionalities in the existing IP multicast model. It will enforce authentication and authorization of an end user or receiver before… …   Wikipedia

  • Extended file attributes — is a file system feature that enables users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem (such as permissions or records of creation and… …   Wikipedia

  • Access token — In Microsoft Windows operating systems, an access token contains the security information for a login session and identifies the user, the user s groups, and the user s privileges. OverviewAn access token is as an object encapsulating the… …   Wikipedia

  • CONTROL-M — is batch scheduling software produced by BMC Software, originally written for mainframes but also available for distributed computing platforms including Unix, Windows, Linux and OpenVMS environments. BMC Software claims that CONTROL M is the… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”