Implementation of security and privacy in ePassports and the extended access control infrastructure

Several researchers have analyzed the security characteristics and weaknesses of electronic passports (machine readable travel documents) introduced by the International Civil Aviation Organization (ICAO) in its Document 9303. However, little, if any, work has focused on the public key infrastructures necessary to manage the certificates that underpin the security measures. This paper discusses the key aspects related to the management of keys and certificates to implement security and privacy measures for machine readable travel documents issued by European Union member states. In particular, the paper concentrates on extended access control and the associated Single Point of Contact (SPOC) protocol.