This Technical Specification defines the requirements for the Secure Application Module (SAM) used in the secure monitoring compliance checking concept. It specifies two different configurations of a SAM: \u2014 Trusted Recorder, for use inside an OBE; \u2014 Verification SAM, for use in other EFC system entities. The Technical Specification describes \u2014 terms and definitions used to describe the two Secure Application Module configurations; \u2014 operation of the two Secure Application Modules in the secure monitoring compliance checking concept; \u2014 functional requirements for the two Secure Application Modules configurations, including a classification of different security levels; \u2014 the interface, by means of transactions, messages and data elements, between an OBE or Front End and the Trusted Recorder; \u2014 requirements on basic security primitives and key management procedures to support Secure Monitoring using a Trusted Recorder. This Technical Specification is consistent with the EFC architecture as defined in ISO 17573 and the derived suite of standards and Technical Specifications, especially CEN\/TS 16702-1:2014 and CEN\/TS 16439. The following is outside the scope of this Technical Specification: \u2014 The life cycle of a Secure Application Module and the way in which this is managed. \u2014 The interface commands needed to get a Secure Application Module in an operational state. \u2014 The interface definition of the Verification SAM. \u2014 Definition of a hardware platform for the implementation of a Secure Application Module.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 6<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Figure 1 \u2014 Relation between EFC – Security framework and the overall secure monitoring concept <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 4 Symbols and abbreviations <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 5 SAM concept and scenarios 5.1 General <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5.2 The concepts of TR and Verification SAM Figure 2 \u2014Entities, standards\/TS and interfaces in the context of secure monitoring compliance checking <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5.3 Scenarios for a Trusted Recorder 5.3.1 General 5.3.2 Real-Time Freezing without using a Trusted Time Source Figure 3 \u2014 Real-time freezing scenario <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5.3.3 Real-Time Freezing using a Trusted Time Source Figure 4 \u2014 Real-time freezing with TTS 5.4 Scenarios for a Verification SAM 5.4.1 General <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 5.4.2 MAC verification Figure 5 \u2014 MAC verification 5.5 General Scenarios 5.5.1 General <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 5.5.2 Assigning a Toll Domain Counter 5.5.3 Obtaining SAM Information <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 6 \u2014 SAM identification 6 Functional requirements 6.1 General 6.1.1 SAM options <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | Table 1 \u2014 SAM configurations 6.1.2 Presentation of requirements Table 2 \u2014 Format of requirements 6.2 Basic requirements <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | Table 3 \u2014 Basic requirements 6.3 Key management Table 4 \u2014 Key management requirements 6.4 Cryptographic functions <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | Table 5 \u2014 Basic cryptographic function requirements 6.5 Real-time freezing Table 6 \u2014 Real-time freezing requirements 6.6 Verification SAM <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | Table 7 \u2014 Verification SAM requirements 6.7 Toll Domain Counter Table 8 \u2014 Toll domain counter requirements <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 6.8 Trusted time source Table 9 \u2014 Trusted time source requirements <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6.9 Security protection level Table 10 \u2014 Security requirements 7 Interface requirements 7.1 General 7.2 Calculate MAC for real-time freezing 7.2.1 General <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 7.2.2 Calculation of MAC 7.2.3 Coding of request Table 11 \u2014 Coding of MAC request <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | Table 12 \u2014 Coding of field Data 7.2.4 Coding of response Table 13 \u2014 Coding of MAC response 7.3 Calculate digital signature for real-time freezing 7.3.1 General 7.3.2 Calculation of digital signature <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 7.3.3 Coding of request Table 14 \u2014 Coding of signing request 7.3.4 Coding of response Table 15 \u2014 Coding of signing response <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 7.4 Get device information 7.4.1 General 7.4.2 Coding of request Table 16 \u2014 Coding of device information request 7.4.3 Coding of response Table 17 \u2014 Coding of device information response 7.5 Get toll domain counter information 7.5.1 General <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 7.5.2 Coding of request Table 18 \u2014 Coding of toll domain information request 7.5.3 Coding of response Table 19 \u2014 Coding of response for case \u201cGet Number of Toll Domains\u201d Table 20 \u2014 Coding of response for case \u201cGet Toll Domain Counter\u201d: 7.6 Get key information 7.6.1 General <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 7.6.2 Coding of request Table 21 \u2014 Coding of a get key information Request 7.6.3 Coding of response Table 22 \u2014 Coding of case \u201cGet Number of Keys\u201d Table 23 \u2014 Coding of case \u201cGet Key Information\u201d <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 7.7 Error handling <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | Annex A (normative) Data type specification A.1 General A.2 Data specifications <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | Annex B (normative) Implementation Conformance Statement (ICS) proforma B.1 Guidance for completing the ICS proforma B.1.1 Purposes and structure B.1.2 Abbreviations and conventions B.1.2.1 General B.1.2.2 Item column B.1.2.3 Item description column B.1.2.4 Status column <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | B.1.2.5 Reference column B.1.2.6 Support column B.1.2.7 Values supported column B.1.2.8 References to items B.1.2.9 Prerequisite line B.1.3 Instructions for completing the ICS proforma <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | B.2 ICS proforma for Trusted Recorder B.2.1 Identification implementation B.2.1.1 Identification of TR supplier Table B.1 \u2014 Identification of TR supplier form B.2.1.2 Identification of TR Table B.2 \u2014 Identification of TR form B.2.2 Identification of the standard B.2.3 Global statement of conformance <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | B.2.4 ICS proforma tables for TR B.2.4.1 TR Configurations Table B.3 \u2014 TR Configurations B.2.4.2 Requirements Table B.4 \u2014 Basic requirements Table B.5 \u2014 Key management requirements Table B.6 \u2014 Basic cryptographic function requirements <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | Table B.7 \u2014 Real-time freezing requirements Table B.8 \u2014 Verification SAM requirements Table B.9 \u2014 Toll domain counter requirements <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | Table B.10 \u2014 Trusted time source requirements Table B.11 \u2014 Security requirements B.2.4.3 Interface requirements Table B.12 \u2014 Interface specification requirements <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | B.3 ICS proforma for Verification SAM B.3.1 Identification implementation B.3.1.1 Identification of Verification SAM supplier Table B.13 \u2014 Identification of Verification SAM supplier form B.3.1.2 Identification of Verification SAM Table B.14 \u2014 Identification of Verification SAM form B.3.2 Identification of the standard B.3.3 Global statement of conformance <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | B.3.4 ICS proforma tables for Verification SAM B.3.4.1 TR Configurations Table B.15 \u2014 TR Configurations B.3.4.2 Requirements Table B.16 \u2014 Basic requirements Table B.17 \u2014 Key management requirements Table B.18 \u2014 Basic cryptographic function requirements <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | Table B.19 \u2014 Real-time freezing requirements Table B.20 \u2014 Verification SAM requirements Table B.21 \u2014 Toll domain counter requirements <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Table B.22 \u2014 Trusted time source requirements Table B.23 \u2014 Security requirements B.3.4.3 Interface requirements Table B.24 \u2014 Interface specification requirements <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Annex C (informative) Trusted time source implementation issues C.1 General C.2 Possible implementations of a TTS C.2.1 TTS based on a real time clock C.2.1.1 General C.2.1.2 Smartcard IC based TR implementations C.2.1.3 TR with external TTS C.2.2 TTS with the need for external calibration C.2.2.1 General <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | C.2.2.2 GNSS based calibration C.2.2.3 Calibration by trusted third party C.2.2.4 Network Time Protocol based calibration C.3 TTS power supply <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | Annex D (informative) Use of this Technical Specification for the EETS D.1 General D.2 Overall relationship between European standardization and the EETS D.3 European standardization work supporting the EETS <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | D.4 Correspondence between this Technical Specification and the EETS <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Electronic fee collection. Secure monitoring for autonomous toll systems – Trusted recorder<\/b><\/p>\n |