- Latest available (Revised)
- Original (As adopted by EU)
Commission Implementing Regulation (EU) 2016/799Show full title
Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance)
You are here:
What Version
More Resources
Revised version PDFs
- Revised 26/02/202011.25 MB
- Revised 17/04/201810.62 MB
- Revised 26/05/20169.89 MB
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Status:
This is the original version as it was originally adopted in the EU.
This legislation may since have been updated - see the latest available (revised) version
12.VU — MOTION SENSOR PAIRING AND COMMUNICATION
12.1. General
CSM_216A vehicle unit and a motion sensor shall communicate using the interface protocol specified in [ISO 16844-3] during pairing and in normal operation, with the changes described in this chapter and in section 9.2.1.
Note: readers of this chapter are supposed to be familiar with the contents of [ISO 16844-3].
12.2. VU — Motion Sensor Pairing Using Different Key Generations
As explained in section 9.2.1, the motion sensor master key and all associated keys are regularly replaced. This leads to the presence of up to three motion sensor-related AES keys KM-WC (of consecutive key generations) in workshop cards. Similarly, in motion sensors up to three different AES-based encryptions of data (based on consecutive generations of the motion sensor master key KM) may be present. A vehicle unit contains only one motion sensor-related key KM-VU.
CSM_217A second-generation VU and a second-generation motion sensor shall be paired as follows (compare Table 6 in [ISO 16844-3]):
1.
A second-generation workshop card is inserted into the VU and the VU is connected to the motion sensor.
2.
The VU reads all available KM-WC keys from the workshop card, inspects their key version numbers and chooses the one matching the version number of the VU's KM-VU key. If the matching KM-WC key is not present on the workshop card, the VU aborts the pairing process and shows an appropriate error message to the workshop card holder.
3.
The VU calculates the motion sensor master key KM from KM-VU and KM-WC, and the identification key KID from KM, as specified in section 9.2.1.
4.
The VU sends the instruction to initiate the pairing process towards the motion sensor, as described in [ISO 16844-3], and encrypts the serial number it receives from the motion sensor with the identification key KID. The VU sends the encrypted serial number back to the motion sensor.
5.
The motion sensor matches the encrypted serial number consecutively with each of the encryptions of the serial number it holds internally. If it finds a match, the VU is authenticated. The motion sensor notes the generation of KID used by the VU and returns the matching encrypted version of its pairing key; i.e. the encryption that was created using the same generation of KM.
6.
The VU decrypts the pairing key using KM, generates a session key KS, encrypts it with the pairing key and sends the result to the motion sensor. The motion sensor decrypts KS.
7.
The VU assembles the pairing information as defined in [ISO 16844-3], encrypts the information with the pairing key, and sends the result to the motion sensor. The motion sensor decrypts the pairing information.
8.
The motion sensor encrypts the received pairing information with the received KS and returns this to the VU. The VU verifies that the pairing information is the same information which the VU sent to the motion sensor in the previous step. If it is, this proves that the motion sensor used the same KS as the VU and hence in step 5 sent its pairing key encrypted with the correct generation of KM. Hence, the motion sensor is authenticated.
Note that steps 2 and 5 are different from the standard process in [ISO 16844-3]; the other steps are standard.
Example: Suppose a pairing takes place in the first year of the validity of the ERCA (3) certificate; see Figure 2 in section 9.2.1.2. Moreover
Suppose the motion sensor was issued in the last year of the validity of the ERCA (1) certificate. It will therefore contain the following keys and data:
Ns[1]: its serial number encrypted with generation 1 of KID,
Ns[2]: its serial number encrypted with generation 2 of KID,
Ns[3]: its serial number encrypted with generation 3 of KID,
KP[1]: its generation-1 pairing key(1), encrypted with generation 1 of KM,
KP[2]: its generation-2 pairing key, encrypted with generation 2 of KM,
KP[3]: its generation-3 pairing key, encrypted with generation 3 of KM,
Suppose that the workshop card was issued in the first year of the validity of the ERCA (3) certificate. It will therefore contain the generation 2 and generation 3 of the KM-WC key.
Suppose the VU is a generation-2 VU, containing the generation 2 of KM-VU.
In this case, the following will happen in steps 2 — 5:
Step 2: The VU reads generation 2 and generation 3 of KM-WC from the workshop card and inspects their version numbers.
Step 3: The VU combines the generation-2 KM-WC with its KM-VU to compute KM and KID.
Step 4: The VU encrypts the serial number it receives from the motion sensor with KID.
Step 5: The motion sensor compares the received data with Ns[1] and doesn't find a match. Next, it compares the data with Ns[2] and finds a match. It concludes that the VU is a generation-2 VU, and therefore sends back KP[2].
12.3. VU — Motion Sensor Pairing and Communication using AES
CSM_218As specified in Table 3 in section 9.2.1, all keys involved in the pairing of a (second-generation) vehicle unit and a motion sensor and in subsequent communication shall be AES keys, rather than double-length TDES keys as specified in [ISO 16844-3]. These AES keys may have a length of 128, 192 or 256 bits. Since the AES block size is 16 bytes, the length of an encrypted message must be a multiple of 16 bytes, compared to 8 bytes for TDES. Moreover, some of these messages will be used to transport AES keys, the length of which may be 128, 192 or 256 bits. Therefore, the number of data bytes per instruction in Table 5 of [ISO 16844-3] shall be changed as shown in Table 6:
| Table 6 | |||||||
| Number of plaintext and encrypted data bytes per instruction defined in [ISO 16844-3] | |||||||
| Instruction | Request / reply | Description of data | # of plaintext data bytes according to [ISO 16844-3] | # of plaintext data bytes using AES keys | # of encrypted data bytes when using AES keys of bitlength | ||
|---|---|---|---|---|---|---|---|
| 128 | 192 | 256 | |||||
| 10 | request | Authentication data + file number | 8 | 8 | 16 | 16 | 16 |
| 11 | reply | Authentication data + file contents | 16 or 32, depend on file | 16 or 32, depend on file | 16 / 32 | 16 / 32 | 16 / 32 |
| 41 | request | MoS serial number | 8 | 8 | 16 | 16 | 16 |
| 41 | reply | Pairing key | 16 | 16 / 24 / 32 | 16 | 32 | 32 |
| 42 | request | Session key | 16 | 16 / 24 / 32 | 16 | 32 | 32 |
| 43 | request | Pairing information | 24 | 24 | 32 | 32 | 32 |
| 50 | reply | Pairing information | 24 | 24 | 32 | 32 | 32 |
| 70 | request | Authentication data | 8 | 8 | 16 | 16 | 16 |
| 80 | reply | MoS counter value + auth. data | 8 | 8 | 16 | 16 | 16 |
CSM_219The pairing information that is sent in instructions 43 (VU request) and 50 (MoS reply) shall be assembled as specified in section 7.6.10 of [ISO 16844-3], except that the AES algorithm shall be used instead of the TDES algorithm in the pairing data encryption scheme, thus resulting in two AES encryptions, and adopting the padding specified in CSM_220 to fit with the AES block size. The key K'p used for this encryption shall be generated as follows:
In case the pairing key KP is 16 bytes long: K'p = KP XOR (Ns||Ns)
In case the pairing key KP is 24 bytes long: K'p = KP XOR (Ns||Ns||Ns)
In case the pairing key KP is 32 bytes long: K'p = KP XOR (Ns||Ns||Ns||Ns)
where Ns is the 8-byte serial number of the motion sensor.
CSM_220In case the plaintext data length (using AES keys) is not a multiple of 16 bytes, padding method 2 defined in [ISO 9797-1] shall be used.
Note: in [ISO 16844-3], the number of plaintext data bytes is always a multiple of 8, such that padding is not necessary when using TDES. The definition of data and messages in [ISO 16844-3] is not changed by this part of this Appendix, thus necessitating the application of padding.
CSM_221For instruction 11 and in case more than one block of data must be encrypted, the Cipher Block Chaining mode of operation shall be used as defined in [ISO 10116], with an interleave parameter m = 1. The IV to be used shall be
For instruction 11: the 8-byte authentication block specified in section 7.6.3.3 of [ISO 16844-3], padded using padding method 2 defined in [ISO 9797-1]; see also section 7.6.5 and 7.6.6 of [ISO 16844-3].
For all other instructions in which more than 16 bytes are transferred, as specified in Table 6: ‘00’ {16}, i.e. sixteen bytes with binary value 0.
Note: As shown in section 7.6.5 and 7.6.6 of [ISO 16844-3], when the MoS encrypts data files for inclusion in instruction 11, the authentication block is both
Used as the initialization vector for the CBC-mode encryption of the data files
Encrypted and included as the first block in the data that is sent to the VU.
12.4. VU — Motion Sensor Pairing For Different Equipment Generations
CSM_222As explained in section 9.2.1, a second-generation motion sensor may contain the TDES-based encryption of the pairing data (as defined in Part A of this Appendix), which allows the motion sensor to be paired to a first-generation VU. If this is the case, a first-generation VU and a second-generation motion sensor shall be paired as described in Part A of this Appendix and in [ISO 16844-3]. For the pairing process either a first-generation or a second-generation workshop card may be used.
Notes:
—It is not possible to pair a second-generation VU to a first-generation motion sensor.
—It is not possible to use a first-generation workshop card for coupling a second-generation VU to a motion sensor.
(1)
Note that the generation-1, generation-2 and generation-3 pairing keys may actually be the same key, or may be three different keys having different lengths, as explained in CSM_117.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Annex
PrintThe Whole Part
PrintThis Division only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.