BSI PD CEN/TS 16702-2:2015
$198.66
Electronic fee collection. Secure monitoring for autonomous toll systems – Trusted recorder
| Published By | Publication Date | Number of Pages |
| BSI | 2015 | 52 |
This Technical Specification defines the requirements for the Secure Application Module (SAM) used in the secure monitoring compliance checking concept. It specifies two different configurations of a SAM: — Trusted Recorder, for use inside an OBE; — Verification SAM, for use in other EFC system entities. The Technical Specification describes — terms and definitions used to describe the two Secure Application Module configurations; — operation of the two Secure Application Modules in the secure monitoring compliance checking concept; — functional requirements for the two Secure Application Modules configurations, including a classification of different security levels; — the interface, by means of transactions, messages and data elements, between an OBE or Front End and the Trusted Recorder; — requirements on basic security primitives and key management procedures to support Secure Monitoring using a Trusted Recorder. This Technical Specification is consistent with the EFC architecture as defined in ISO 17573 and the derived suite of standards and Technical Specifications, especially CEN/TS 16702-1:2014 and CEN/TS 16439. The following is outside the scope of this Technical Specification: — The life cycle of a Secure Application Module and the way in which this is managed. — The interface commands needed to get a Secure Application Module in an operational state. — The interface definition of the Verification SAM. — Definition of a hardware platform for the implementation of a Secure Application Module.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 6 | Foreword |
| 7 | Introduction |
| 8 | Figure 1 — Relation between EFC – Security framework and the overall secure monitoring concept |
| 9 | 1 Scope 2 Normative references |
| 10 | 3 Terms and definitions |
| 13 | 4 Symbols and abbreviations |
| 14 | 5 SAM concept and scenarios 5.1 General |
| 15 | 5.2 The concepts of TR and Verification SAM Figure 2 —Entities, standards/TS and interfaces in the context of secure monitoring compliance checking |
| 16 | 5.3 Scenarios for a Trusted Recorder 5.3.1 General 5.3.2 Real-Time Freezing without using a Trusted Time Source Figure 3 — Real-time freezing scenario |
| 17 | 5.3.3 Real-Time Freezing using a Trusted Time Source Figure 4 — Real-time freezing with TTS 5.4 Scenarios for a Verification SAM 5.4.1 General |
| 18 | 5.4.2 MAC verification Figure 5 — MAC verification 5.5 General Scenarios 5.5.1 General |
| 19 | 5.5.2 Assigning a Toll Domain Counter 5.5.3 Obtaining SAM Information |
| 20 | Figure 6 — SAM identification 6 Functional requirements 6.1 General 6.1.1 SAM options |
| 21 | Table 1 — SAM configurations 6.1.2 Presentation of requirements Table 2 — Format of requirements 6.2 Basic requirements |
| 22 | Table 3 — Basic requirements 6.3 Key management Table 4 — Key management requirements 6.4 Cryptographic functions |
| 23 | Table 5 — Basic cryptographic function requirements 6.5 Real-time freezing Table 6 — Real-time freezing requirements 6.6 Verification SAM |
| 24 | Table 7 — Verification SAM requirements 6.7 Toll Domain Counter Table 8 — Toll domain counter requirements |
| 25 | 6.8 Trusted time source Table 9 — Trusted time source requirements |
| 26 | 6.9 Security protection level Table 10 — Security requirements 7 Interface requirements 7.1 General 7.2 Calculate MAC for real-time freezing 7.2.1 General |
| 27 | 7.2.2 Calculation of MAC 7.2.3 Coding of request Table 11 — Coding of MAC request |
| 28 | Table 12 — Coding of field Data 7.2.4 Coding of response Table 13 — Coding of MAC response 7.3 Calculate digital signature for real-time freezing 7.3.1 General 7.3.2 Calculation of digital signature |
| 29 | 7.3.3 Coding of request Table 14 — Coding of signing request 7.3.4 Coding of response Table 15 — Coding of signing response |
| 30 | 7.4 Get device information 7.4.1 General 7.4.2 Coding of request Table 16 — Coding of device information request 7.4.3 Coding of response Table 17 — Coding of device information response 7.5 Get toll domain counter information 7.5.1 General |
| 31 | 7.5.2 Coding of request Table 18 — Coding of toll domain information request 7.5.3 Coding of response Table 19 — Coding of response for case “Get Number of Toll Domains” Table 20 — Coding of response for case “Get Toll Domain Counter”: 7.6 Get key information 7.6.1 General |
| 32 | 7.6.2 Coding of request Table 21 — Coding of a get key information Request 7.6.3 Coding of response Table 22 — Coding of case “Get Number of Keys” Table 23 — Coding of case “Get Key Information” |
| 33 | 7.7 Error handling |
| 34 | Annex A (normative) Data type specification A.1 General A.2 Data specifications |
| 35 | Annex B (normative) Implementation Conformance Statement (ICS) proforma B.1 Guidance for completing the ICS proforma B.1.1 Purposes and structure B.1.2 Abbreviations and conventions B.1.2.1 General B.1.2.2 Item column B.1.2.3 Item description column B.1.2.4 Status column |
| 36 | B.1.2.5 Reference column B.1.2.6 Support column B.1.2.7 Values supported column B.1.2.8 References to items B.1.2.9 Prerequisite line B.1.3 Instructions for completing the ICS proforma |
| 37 | B.2 ICS proforma for Trusted Recorder B.2.1 Identification implementation B.2.1.1 Identification of TR supplier Table B.1 — Identification of TR supplier form B.2.1.2 Identification of TR Table B.2 — Identification of TR form B.2.2 Identification of the standard B.2.3 Global statement of conformance |
| 38 | B.2.4 ICS proforma tables for TR B.2.4.1 TR Configurations Table B.3 — TR Configurations B.2.4.2 Requirements Table B.4 — Basic requirements Table B.5 — Key management requirements Table B.6 — Basic cryptographic function requirements |
| 39 | Table B.7 — Real-time freezing requirements Table B.8 — Verification SAM requirements Table B.9 — Toll domain counter requirements |
| 40 | Table B.10 — Trusted time source requirements Table B.11 — Security requirements B.2.4.3 Interface requirements Table B.12 — Interface specification requirements |
| 41 | B.3 ICS proforma for Verification SAM B.3.1 Identification implementation B.3.1.1 Identification of Verification SAM supplier Table B.13 — Identification of Verification SAM supplier form B.3.1.2 Identification of Verification SAM Table B.14 — Identification of Verification SAM form B.3.2 Identification of the standard B.3.3 Global statement of conformance |
| 42 | B.3.4 ICS proforma tables for Verification SAM B.3.4.1 TR Configurations Table B.15 — TR Configurations B.3.4.2 Requirements Table B.16 — Basic requirements Table B.17 — Key management requirements Table B.18 — Basic cryptographic function requirements |
| 43 | Table B.19 — Real-time freezing requirements Table B.20 — Verification SAM requirements Table B.21 — Toll domain counter requirements |
| 44 | Table B.22 — Trusted time source requirements Table B.23 — Security requirements B.3.4.3 Interface requirements Table B.24 — Interface specification requirements |
| 45 | Annex C (informative) Trusted time source implementation issues C.1 General C.2 Possible implementations of a TTS C.2.1 TTS based on a real time clock C.2.1.1 General C.2.1.2 Smartcard IC based TR implementations C.2.1.3 TR with external TTS C.2.2 TTS with the need for external calibration C.2.2.1 General |
| 46 | C.2.2.2 GNSS based calibration C.2.2.3 Calibration by trusted third party C.2.2.4 Network Time Protocol based calibration C.3 TTS power supply |
| 47 | Annex D (informative) Use of this Technical Specification for the EETS D.1 General D.2 Overall relationship between European standardization and the EETS D.3 European standardization work supporting the EETS |
| 48 | D.4 Correspondence between this Technical Specification and the EETS |
| 49 | Bibliography |
