Quiz Entry - updated: 2026.06.25
What does Extended Access Control (EAC) protect on a biometric passport, and why was it added?
EAC protects the secondary biometrics (fingerprints, iris scans) so that only authorised readers can decrypt them. BAC/PA/AA didn't restrict who can read this sensitive data once they have physical access.
The problem EAC solves:
- BAC lets any reader access the chip once it has the MRZ. That's fine for the photo (visible in the booklet anyway).
- But the chip also stores fingerprints and iris scans, which are far more sensitive — they can be misused for mass surveillance or identity theft.
- A border officer in Country X shouldn't necessarily be able to read fingerprints in a passport issued by Country Y.
How EAC works (two-step):
- Chip Authentication — a Diffie-Hellman key agreement between reader and chip, replacing AA. Yields a strong session key.
- Terminal Authentication — the reader presents a certificate signed by a trusted Country Verifying CA (CVCA) authorising it to read specific data groups (e.g. fingerprints). The chip checks the certificate before releasing the data.
The CVCA hierarchy:
Issuing country's CVCA
└── Foreign CVCA (mutual agreement)
└── Document Verifier (e.g. an embassy)
└── Inspection Terminal (specific reader)
Tip: EAC is mandatory in EU passports since 2009 for fingerprint reading. It's the mechanism that lets the EU say "only authorised border posts can read fingerprints", which was a political prerequisite for storing them in the first place.