Process description
It is important to note that the process of validating an ePassport does not contribute to protecting the privacy of the information on the chip. To protect the privacy of the travel document holder, data on the chips of ePassports are generally protected by an access control mechanism. In basic terms, the access control mechanism denies access to the chip contents unless the inspection system can prove that it is authorized to access the chip. This “proof of authorization” is acquired by reading information found on the datapage of the ePassport booklet. The assumption is that if the traveller has willingly handed their ePassport over for somebody to open and read, the traveller has authorized that person to see that information as well as the information stored on the chip. These access control mechanisms prevent skimming of the chip data and eavesdropping of the communications between an ePassport and the inspection system.
There are currently four forms of access control used in ePassports that are likely to be encountered by border control :
1-Basic Access Control (BAC): This is the first generation of access control mechanisms and is still used in many ePassports around the world. The inspection system derives the access key by reading the Machine Readable Zone (MRZ) on the datapage of the ePassport (this information could also be keyed in manually if machine-reading of the MRZ is not possible). The keys used in BAC are symmetric (i.e. the same key is used to encrypt the data for transmission to the reader as is used by the reader to decrypt the data).
2-Password Authenticated Connection Establishment (PACE): PACE was designed to overcome the limitations of BAC, which has limited strength given that it uses symmetric cryptography. In simple terms, the process for PACE is the same as for BAC; however, PACE employs asymmetric cryptography to establish stronger protection against eavesdropping.
3-Supplemental Access Control: SAC is not actually an access control mechanism in itself. SAC is just a term used to describe ePassports that have both BAC and PACE. Having both access control mechanisms on the chip, rather than only the newer PACE, ensures that inspection systems at border control can read the chip of the ePassport—this is often referred to as backwards compatibility. Until January 1, 2018, any ePassport that uses PACE must also have BAC (i.e. the ePassport would be deemed to have SAC).
4-Extended Access Control (EAC): EAC is optional and can be used by States to read biometric data (fingerprint or iris) on the chip of the ePassport. With EAC, each individual inspection terminal at border control must be specifically and continually authorized. This authorization is given by the State that issued the ePassport to view the additional biometric. EAC is used by States in European Union and the Schengen-Area that wish to be able to share biometrics with other States. This is achieved through a more complex cryptographic infrastructure than is found in BAC/SAC and also implies an additional Public Key Infrastructure. If reading of biometric data is not in place, it is NOT necessary for inspection systems to be configured for EAC to conduct ePassport validation.
