LOGBOOK

HELP

Quiz Entry - updated: 2026.06.25

What does Extended Access Control (EAC) protect on a biometric passport, and why was it added?

EAC protects the secondary biometrics (fingerprints, iris scans) so that only authorised readers can decrypt them. BAC/PA/AA didn't restrict who can read this sensitive data once they have physical access.

The problem EAC solves:

  • BAC lets any reader access the chip once it has the MRZ. That's fine for the photo (visible in the booklet anyway).
  • But the chip also stores fingerprints and iris scans, which are far more sensitive — they can be misused for mass surveillance or identity theft.
  • A border officer in Country X shouldn't necessarily be able to read fingerprints in a passport issued by Country Y.

How EAC works (two-step):

  1. Chip Authentication — a Diffie-Hellman key agreement between reader and chip, replacing AA. Yields a strong session key.
  2. Terminal Authentication — the reader presents a certificate signed by a trusted Country Verifying CA (CVCA) authorising it to read specific data groups (e.g. fingerprints). The chip checks the certificate before releasing the data.

The CVCA hierarchy:

Issuing country's CVCA
    └── Foreign CVCA (mutual agreement)
           └── Document Verifier (e.g. an embassy)
                   └── Inspection Terminal (specific reader)

Tip: EAC is mandatory in EU passports since 2009 for fingerprint reading. It's the mechanism that lets the EU say "only authorised border posts can read fingerprints", which was a political prerequisite for storing them in the first place.

From Quiz: ISF / Cryptographic Protocols & Requirements | Updated: Jun 25, 2026