Federal Office for Information Security (BSI)

Security mechanisms in electronic ID documents

Extended Access Control (EAC)

"Extended Access Control" (EAC) includes several protocols, which are carried out in a certain order, depending on which electronic ID document is to be read.

Some of the EAC protocols are the "Chip Authentication" (CA) and "Terminal Authentication" (TA), both protocols are executed along with "Basic Access Control" (BAC), respectively "Password Authenticated Connection Establishment" (PACE) and "Passive Authentication" (PA).

These protocols and their interaction are described in the technical guideline BSI-TR-03110.