What is Password Authenticated Connection Establishment (PACE)?
Max
Created: August 1, 2025
Updated: August 18, 2025
What is Password Authenticated Connection Establishment (PACE)?#
Password Authenticated Connection Establishment (PACE) is a secure communication
protocol used primarily in electronic identification documents such as ePassports and
national ID cards. It authenticates users through a shared secret (like a PIN or password)
and establishes encrypted, secure communication between the document and a card reader.
Key aspects of Password Authenticated Connection Establishment (PACE) include:
Mutual authentication (both card and reader verify each other’s identity)
Encrypted data exchange to prevent eavesdropping
Protection against common attacks (e.g., brute force, man-in-the-middle) PACE meets
international standards (ICAO Doc 9303), ensuring interoperability and high-level
security across various applications, such as border control,
government services, and secure access systems.
Key Takeaways:
Password Authenticated Connection Establishment securely establishes encrypted
communication between electronic IDs and readers.
Protects personal and biometric data in ePassports and national ID cards.
Provides mutual authentication, preventing unauthorized access and interception.
How Password Authenticated Connection Establishment Works#
Password Authenticated Connection Establishment (PACE) is a cryptographic protocol
designed to provide secure, encrypted communication between electronic identity documents
(like ePassports or electronic ID cards) and card readers. The communication process
typically involves:
Initiation: The reader initiates contact with the eID or ePassport.
Secret Entry: The cardholder provides a PIN or password known only to them.
Mutual Authentication: Both the electronic document and the reader verify each
other’s authenticity through cryptographic methods, ensuring neither party is being
impersonated.
Secure Channel Setup: Once authentication is successful, an encrypted channel is
established for secure data transmission, safeguarding information from potential
attackers.
Advantages of Using PACE#
Implementing PACE offers multiple benefits in
digital identity verification:
Enhanced Security: Prevents interception of sensitive personal data through strong
encryption and mutual authentication, effectively protecting against common cyber
threats.
Compliance and Interoperability: Follows international standards (ICAO Doc 9303),
facilitating global compatibility in electronic
identity verification processes.
Strong Privacy: Limits data access strictly to authenticated and authorized devices,
preserving
user privacy.
Typical Applications of PACE#
Password Authenticated Connection Establishment (PACE) is widely used across several
scenarios, including:
ePassports: Ensuring secure and efficient border control through secure verification
of travelers’ biometric data.
National ID Cards (eIDs): Facilitating secure online
government services and digital transactions.
Secure Facility Access: Providing encrypted and authenticated access controls for
sensitive facilities and corporate environments.
Integrating PACE with Modern Authentication#
PACE can be integrated with passkey-based solutions to enhance digital security further.
Passkeys eliminate traditional passwords, leveraging PACE’s secure
infrastructure to create seamless, passwordless
user experiences. Integrating these technologies results in:
Improved protection against identity fraud and unauthorized access.
A streamlined authentication experience without compromising security.
Compliance with stringent security and privacy standards required by
governments and enterprises.
What does Password Authenticated Connection Establishment (PACE) do?#
PACE establishes encrypted, authenticated communication between electronic identification
documents and readers, safeguarding personal and biometric information.
Why is PACE used in electronic passports and ID cards?#
PACE ensures secure mutual authentication and encrypted data exchange, preventing
unauthorized access, eavesdropping, and data interception.
What do I need for PACE authentication to work?#
You need an electronic identity document (ePassport or eID), a card reader, and a PIN or
password known only to the document holder.
Is PACE internationally recognized?#
Yes, Password Authenticated Connection Establishment complies with international standards
like ICAO Doc 9303, widely adopted for secure
identity verification globally.
Learn more about our enterprise-grade passkey solution.