词条 | Extended Access Control |
释义 |
EAC was introduced by ICAO[3][4] as an optional security feature (additional to Basic Access Control) for restricting access to sensitive biometric data in an electronic MRTD. A general idea is given: the chip must contain chip-individual keys, must have processing capabilities and additional key management will be required. However, ICAO leaves the actual solution open to the implementing States. There are several different proposed implementations of the mechanism, all of which must retain backward-compatibility with the legacy Basic Access Control (BAC), which is mandatory in all EU countries. The European Commission described that the technology will be used to protect fingerprints in member states' e-passports. The deadline for member states to start issuing fingerprint-enabled e-passports was set to be 28 June 2009. The specification selected for EU e-passports was prepared by the German Federal Office for Information Security (BSI) in their technical report TR-03110.[5] Several other countries implement their own EAC. EAC as defined by the EUEAC as defined by the EU has two requirements: chip and terminal authentication.[6] Chip authentication (for strong session encryption)The chip authentication specification defines a handheld device (CAP reader) with a smart card slot, a decimal keypad, and a display capable of displaying at least 12 characters. Chip authentication (CA) has two functions:
Chip authentication has an add-on Basic Access Control (BAC) with protection against skimming and eavesdropping. Terminal authentication (access restricted to authorized terminals)Terminal authentication (TA) is used to determine whether the inspection system (IS) is allowed to read sensitive data from the e-passport. The mechanism is based on digital certificates which come in the format of card verifiable certificates.
A document verifier certificate is granted from the country verification certificate authority (CVCA). These certificates can be for domestic or foreign document verifiers. The certificates are typically issued for medium amounts of time, between half a month and 3 months. The CVCA is generated by each country and is typically valid for 6 months to 3 years.[7] External links1. ^{{cite web | title = Security and privacy issues in machine readable travel documents (MRTDs) | url = http://domino.watson.ibm.com/library/CyberDig.nsf/papers/751B6341BFB9015485256FDB005DB216/$File/RC23575.pdf | work = RC 23575 (W0504-003) |author1=G. S. Kc |author2=P. A. Karger | publisher = IBM | accessdate = 4 Jan 2012 | date = 1 April 2005 }} 2. ^{{cite book | title = Public key infrastructure: 4th European PKI Workshop : theory and practice, EuroPKI 2007 |author1=Javier López |author2=Pierangela Samarati |author3=Josep L. Ferrer | publisher = Springer | year = 2007 | isbn = 978-3-540-73407-9 | page = 41 | url = https://books.google.com/books?id=cNanimitjLwC&pg=PA41 }} 3. ^{{cite book | title = ICAO Doc 9303, Machine Readable Travel Documents, Part 1: Machine Readable Passports, Volume 2: Specifications for Electronically Enabled Passports with Biometric Identification Capability | publisher = International Civil Aviation Organization (ICAO) | year = 2006 | edition = Sixth | page = 84 | section = 5.8 Security for additional biometrics | url = http://www.icao.int/Security/mrtd/Pages/Document9303.aspx}} 4. ^{{cite journal|title=Temporat Secure Digital Identity|journal=EPassport Extended Access Control|volume=White Paper|url=http://www.securitydocumentworld.com/client_files/eac_white_paper_210706.pdf|accessdate=19 June 2013}} 5. ^ {{cite web | website = BSI | title = Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC) | url=https://www.bsi.bund.de/cae/servlet/contentblob/532066/publicationFile/44792/TR-03110_v202_pdf |format=PDF| accessdate = 2009-11-26 }} 6. ^{{cite web|first=Dennis |last=Kugler|title=Extended Access Control ; Infrastructure and control|date=1 June 2006|volume=|url=http://www.interoptest-berlin.de/pdf/Kuegler_-_Extended_Access_Control.pdf|accessdate=19 June 2013}} 7. ^1 {{cite web | first = Dennis | last = Kügler | title = Extended Access Control: Infrastructure and Protocol | url=http://parallels.googlecode.com/svn/trunk/msifakis/WIRELESS/Kuegler_-_Extended_Access_Control.pdf |format=PDF| accessdate = 2016-05-03 }} External links
6 : Contactless smart cards|International travel documents|Passports|Biometrics|Data security|Information sensitivity |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。