PACE
ApplicationPassword Authenticated Connection Establishment -- a stronger alternative to BAC for ePassport and eID authentication.
Password Authenticated Connection Establishment
PACE (Password Authenticated Connection Establishment) is a cryptographic protocol that establishes an authenticated and encrypted session between a smart card and a terminal using a shared password or PIN. Defined in BSI TR-03110 and adopted by ICAO for machine-readable travel documents, PACE replaces the older BAC mechanism with stronger security guarantees rooted in modern elliptic-curve Diffie-Hellman key agreement.
How PACE Works
The protocol begins when a terminal reads a short secret from the card holder -- typically the CAN (Card Access Number) printed on the card face, or the MRZ data from an ePassport. The card generates an encrypted nonce using AES or 3DES under a key derived from the shared secret. Both parties then execute a Diffie-Hellman key agreement on an ephemeral domain parameter set, producing session keys for secure messaging. Because the protocol uses ephemeral keys, even if an attacker records a session, offline dictionary attacks against the password remain computationally infeasible.
PACE vs BAC
BAC derives session keys directly from the MRZ data through a simple challenge-response exchange, leaving it vulnerable to offline brute-force attacks if the eavesdropper captures the initial handshake. PACE mitigates this by introducing an additional Diffie-Hellman round that provides forward secrecy. The European Union mandated PACE for all new eID cards, and ICAO recommends it as the preferred access control mechanism for ePassports issued after 2015. Most modern dual-interface modules used in government ID programs include PACE support in their firmware.
Implementation Considerations
Smart card implementations of PACE typically leverage the on-chip crypto coprocessor for the elliptic-curve operations, with common curves including Brainpool P-256 and NIST P-256. The protocol supports multiple mapping variants -- Generic Mapping (GM), Integrated Mapping (IM), and Chip Authentication Mapping (CAM) -- allowing card issuers to balance security level against chip performance constraints. Terminals must implement the full protocol stack to interoperate with PACE-enabled cards at border-control gates and eID readers.
Related Content
ePassport Technology
Industry Applications…DG7 Displayed signature Optional DG14 Security infos (CA, PACE) Required for PACE DG15 Active Authentication public key…
National eID Card Deployment
Industry Applications…share significant technical infrastructure (both use PACE, EAC, and ICAO-compatible PKI) but serve different legal…
Smart Cards in Healthcare
Industry Applications…auth ePA (electronic patient record) Server-side Card + PACE auth The eGK uses PACE ( Password Authenticated Connection…
GDPR and Smart Card Data
Compliance…externally. Match-on-card implementations using a PACE -secured channel (as in modern ePassports) satisfy the…
JCOP Cards and Development
Developer Tools…JavaCard 3.0.5 + HW crypto Dedicated AES/ECC coprocessor, PACE JCOP 4 (J4C) JavaCard 3.1 (beta) Connected Edition subset…
자주 묻는 질문
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.