This mechanism controls the read and write access to the logical MRTD.
The subjects under the control of this are the terminals requesting access a given file of the logical MRTD. Such
terminals may endorse the following roles:
● Passive Inspection System: an Inspection System which retrieves and verifies the SOD, without
protecting the exchanged information.
● BAC Inspection System: an Inspection System that protects the information exchanged with the
MRTD using keys derived from the MRZ printed on the MRTD.
● General Inspection System: a Basic Inspection System that verifies the authenticity of the MRTD´s
chip.
● Extended Inspection System: A General Inspection System that is authorized by the Issuing State or
Organization to read the biometric reference sensitive data.
● Personalization Terminal: a terminal that is authorized by the Issuing State or Organization to
personalize the MRTD´s chip with the MRTD´s Holder data.
Error! Reference source not found.Table 1 summarizes the access control rules enforced on the Data Groups
stored in the MRTD. It specifies the operations that are allowed for each file and role: read (r), conditional read
(cr), write (w) or write only once (wo). An empty cell means that no operation is allowed at all for that role and
file. Access for all the operations specified in the cell may be restricted to a given phase of the MRTD´s life
cycle.