E-passport EAC scheme based on Identity-Based Cryptography

Extended Access Control (EAC) is a security mechanism specified to allow only authorized Inspection System (IS) to read sensitive biometric data such as fingerprints from e-passports. Although European Union EAC scheme offers more flexibility than Singapore scheme, there is clearly room for improvement. By adopting Identity-Based Cryptography (IBC) technology, a simple and secure EAC implementation scheme (IBC-EAC) is proposed. The authorization mechanism based on IBC is more trustable because the access right to sensitive data is granted directly to the IS through Authorized Smartcard. A new authentication protocol based on IBC is performed between the e-passport chip and the Authorized Smartcard. The protocol also provides an important contribution towards terminal revocation. By using IBC-EAC scheme, the complexity of deploying and managing PKI can be reduced. And the computational cost for e-passport to verify the certificate chain in EU-EAC scheme can be saved.

Research highlights
► Identity-Based Cryptography is introduced into e-passport EAC implementation scheme.
► Authorized mechanism based on Identity-Based Cryptography is more trustable.
► Authentication protocol based on Identity-Based Cryptography is designed.
► The scheme provides an important contribution towards terminal revocation.