Protecting Biometric Data With Extended Access Control: Securing Biometric Datasets in Electronic Identification Documents

While extremely valuable for strong authentication, biometric datasets contain sensitive personally identifiable information that criminal organization could leverage to commit fraud, impersonate identities or gain unauthorized access into ePassport-protected countries. Extended Access Control technology helps protect these invaluable biometric datasets from being stolen and used for malicious gain. The requirements for Extended Access Control dictate a unique Public Key Infrastructure (PKI) design; one that does not include revocation of public keys. Strong protection for the confidentiality of the reader's private key must be relied upon instead. This is a more brittle solution than public-key revocation, because there is no way to recover when it goes wrong. However, with careful system design, sufficiently reliable and secure solutions can be created.