🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS EN ISO 21177:2024 – TC

BS EN ISO 21177:2024 – TC

$280.87

Tracked Changes. Intelligent transport systems. ITS station security services for secure session establishment and authentication between trusted devices

Published By Publication Date Number of Pages
BSI 2024 255
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.: —     between devices operated as bounded secured managed entities, i.e. “ITS Station Communication Units” (ITS-SCU) and “ITS station units” (ITS-SU) as specified in ISO 21217; and —     between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

PDF Catalog

PDF Pages PDF Title
142 undefined
144 European foreword
Endorsement notice
148 Foreword
149 Introduction
155 1 Scope
2 Normative references
3 Terms and definitions
156 4 Abbreviated terms
158 5 Overview
5.1 General description, relationship to transport layer security (TLS) and relationship to application specifications
159 5.2 Goals
5.3 Architecture and functional entities
164 5.4 Cryptomaterial handles
5.5 Session IDs and state
165 5.6 Access control and authorization state
5.7 Application level non-repudiation
5.8 Service primitive conventions
166 6 Process flows and sequence diagrams
6.1 General
6.2 Overview of process flows
167 6.3 Sequence diagram conventions
168 6.4 Configure
169 6.5 Start session
172 6.6 Send data
175 6.7 Send access control PDU
176 6.8 Receive PDU
181 6.9 Extend session
6.9.1 Goals
182 6.9.2 Processing
6.10 Secure connection brokering
6.10.1 Goals
6.10.2 Prerequisites
183 6.10.3 Overview
184 6.10.4 Detailed specification
192 6.11 Force end session
193 6.12 Session terminated at session layer
194 6.13 Deactivate
195 6.14 Secure session example
197 7 Security subsystem: interfaces and data types
7.1 General
7.2 Access control policy and state
198 7.3 Enhanced authentication
7.3.1 Definition and possible states
199 7.3.2 States for owner role enhanced authentication
200 7.3.3 State for accessor role enhanced authentication
7.3.4 Use by access control
201 7.3.5 Methods for providing enhanced authentication
7.3.6 Enhanced authentication using SPAKE2
202 7.4 Extended authentication
7.5 Security Management Information Request
7.5.1 Rationale
203 7.5.2 General
204 7.6 Data types
7.6.1 General
7.6.2 Imports
7.6.3 “Helper” data types
205 7.6.4 Iso21177AccessControlPdu
7.6.5 AccessControlResult
7.6.6 ExtendedAuthPdu
206 7.6.7 ExtendedAuthRequest
7.6.8 InnerExtendedAuthRequest
207 7.6.9 AtomicExtendedAuthRequest
7.6.10 ExtendedAuthResponse
7.6.11 ExtendedAuthResponsePayload
7.6.12 EnhancedAuthPdu
208 7.6.13 SpakeRequest
7.6.14 SpakeResponse
7.6.15 SpakeRequesterResponse
7.6.16 SecurityMgmtInfoPdu
209 7.6.17 SecurityMgmtInfoRequest
7.6.18 EtsiCrlRequest
7.6.19 CertChainRequest
210 7.6.20 SecurityMgmtInfoResponse
7.6.21 SecurityMgmtInfoErrorResponse
7.6.22 EtsiCrlResponse
7.6.23 EtsiCtlResponse
211 7.6.24 IeeeCrlResponse
7.6.25 CertChainResponse
7.6.26 SessionExtensionPdu
213 7.7 App-Sec Interface
7.7.1 App-Sec-Configure.request
214 7.7.2 App-Sec-Configure.confirm
7.7.3 App-Sec-StartSession.indication
7.7.4 App-Sec-Data.request
215 7.7.5 App-Sec-Data.confirm
7.7.6 App-Sec-Incoming.request
216 7.7.7 App-Sec-Incoming.confirm
217 7.7.8 App-Sec-EndSession.request
7.7.9 App-Sec-EndSession.indication
7.7.10 App-Sec-Deactivate.request
218 7.7.11 App-Sec-Deactivate.confirm
7.7.12 App-Sec-Deactivate.indication
7.8 Security subsystem internal interface
7.8.1 General
219 7.8.2 Sec-AuthState.request
7.8.3 Sec-AuthState.confirm
220 8 Adaptor layer: interfaces and data types
8.1 General
221 8.2 Data types
8.2.1 General
8.2.2 Iso21177AdaptorLayerPDU
222 8.2.3 Apdu
8.2.4 AccessControl
8.2.5 TlsClientMsg1
8.2.6 TlsServerMsg1
8.3 App-AL Interface
8.3.1 App-AL-Data.request
223 8.3.2 App-AL-Data.confirm
8.3.3 App-AL-Data.indication
224 8.3.4 App-AL-EnableProxy.request
225 8.4 Sec-AL Interface
8.4.1 Sec-AL-AccessControl.request
226 8.4.2 Sec-AL-AccessControl.confirm
8.4.3 Sec-AL-AccessControl.indication
227 8.4.4 Sec-AL-EndSession.request
8.4.5 Sec-AL-EndSession.confirm
9 Secure session Services
9.1 General
9.2 App-Sess interfaces
9.2.1 App-Sess-EnableProxy.request
228 9.3 Sec-Sess interface
9.3.1 Sec-Sess-Configure.request
230 9.3.2 Sec-Sess-Configure.confirm
9.3.3 Sec-Sess-Start.indication
231 9.3.4 Sec-Sess-EndSession.indication
9.3.5 Sec-Sess-Deactivate.request
232 9.3.6 Sec-Sess-Deactivate.confirm
9.4 AL-Sess interface
9.4.1 AL-Sess-Data.request
9.4.2 AL-Sess-Data.confirm
9.4.3 AL-Sess-Data.indication
233 9.4.4 AL-Sess-EndSession.request
9.4.5 AL-Sess-EndSession.confirm
9.4.6 AL-Sess-ClientHelloProxy.request
234 9.4.7 AL-Sess-ClientHelloProxy.indication
235 9.4.8 AL-Sess-ServerHelloProxy.request
9.4.9 AL-Sess-ServerHelloProxy.indication
236 9.5 Permitted mechanisms
9.5.1 TLS 1.3
237 9.5.2 DTLS 1.3
238 Annex A (informative) Usage scenarios
246 Annex B (normative) ASN.1 module
247 Annex C (normative) Session extension PDU functional type
248 Annex D (normative) Owner authorization
252 Bibliography

Related products

BS EN ISO 21177:2024 - TC
$280.87