More and more countries are beginning to use electronic certificates, which store fingerprints, irises and other private data, and require a reliable authorization control mechanism to ensure the security of personal information. The extended access control (EAC) mechanism published by ICAO is efficient and secure, but the process is complex and difficult to grasp. In order to popularize EAC, the work flow is deeply analyzed, and the key and difficult points of EAC are elaborated in detail, which reduces the difficulty of application and is beneficial to the large-scale popularization. Introduction The standard of electronic certificates originated from the Machine Readable Travel Document (MRTD) project promoted by ICAO. The electronic document implemented by contactless smart card technology is the most advanced way of machine reading certificate. It can not only effectively solve the problem of document forgery, but also greatly improve the efficiency of the legitimate holder's clearance. Access to personal sensitive privacy data such as fingerprints on electronic documents requires more secure authorization control. ICAO recommends the optional use of the European Commission to develop an extended access control mechanism. EAC In December 31, 2004, the European Commission's regulation No. 2252/2004 stipulated the safety characteristics and biometrics standards of electronic documents and travel documents. The European Union promulgated the regulations for the implementation of electronic certificates for all its member states. The date of August 2006 is the latest date. These electronic documents require that the digital photos of the document holder and other information, such as name, date of birth and nationality, be stored in a chip on the travel document. These electronic data are protected by the Basic Access Control (BAC) security protocol, and the data integrity is guaranteed by Passive Authentication (PA)[1]. In June 2006, the European Commission issued new regulations, adding two fingerprints to the EU Member States as additional biometrics information, which is required to be implemented at the latest in June 2009. Germany moved in November 2008, the first country in Europe to move to a new system. In September 2008, European Union members held an EAC1.11 version of the interoperability test in Prague, Czech. And the German BSI organization has issued the EAC2.0 specification. In the field of EAC research, Europe is already in the forefront of the world. Singapore has also proposed its own extended access control specification. The usual document reading and writing process is shown in Figure 1. EAC access control is divided into two parts: the chip authentication (CA) and the terminal authentication (TA), which can be used as an independent chip authentication CA protocol instead of
[1]
Peng Jiang,et al.
EACSIP: Extendable Access Control System With Integrity Protection for Enhancing Collaboration in the Cloud
,
2017,
IEEE Transactions on Information Forensics and Security.
[2]
Steven Myers,et al.
Dynamic and Private Cryptographic Access Control for Untrusted Clouds: Costs and Constructions (Extended Version)
,
2016,
ArXiv.
[3]
Barbara Carminati,et al.
An extended access control mechanism exploiting data dependencies
,
2016,
International Journal of Information Security.
[4]
Thomas O'Daniel,et al.
Access control and privilege management in electronic health record: a systematic literature review
,
2016,
Journal of Medical Systems.
[5]
Ben Wakhungu.
Usage Control in Extended Role-Based Access Control
,
2017
.