Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance) (c. 799)

ANNEX I CU.K.Requirements for construction, testing, installation, and inspection

Appendix 11

COMMON SECURITY MECHANISMS U.K.

PART BU.K. SECOND-GENERATION TACHOGRAPH SYSTEM

11.VU — EXTERNAL GNSS FACILITY COUPLING, MUTUAL AUTHENTICATION AND SECURE MESSAGINGU.K.

11.3. Mutual Certificate Chain Verification U.K.

11.3.1 General U.K.

CSM_205Mutual certificate chain verification between a VU and an EGF shall take place only during the coupling of the VU and the EGF by a workshop. During normal operation of a coupled VU and EGF, no certificates shall be verified. Instead, the VU and EGF shall trust the certificates they stored during the coupling, after checking the temporal validity of these certificates. The VU and the EGF shall not trust any other certificates for protecting the VU — EGF communication during normal operation.U.K.

11.3.2 During VU — EGF Coupling U.K.

CSM_206During the coupling to an EGF, a vehicle unit shall use the protocol depicted in Figure 4 (section 10.2.1) for verifying the external GNSS facility's certificate chain.U.K.

Notes to Figure 4 within this context: U.K.

—Communication control is out of the scope of this Appendix. However, an EGF is not a smart card and hence the VU will probably not send a Reset to initiate the communication and will not receive an ATR.U.K.

—The Card certificates and public keys mentioned in the figure shall be interpreted as the EGF's certificates and public keys for mutual authentication. Section 9.1.6 denotes these as EGF_MA.U.K.

—The Card.CA certificates and public keys mentioned in the figure shall be interpreted as the MSCA's certificates and public keys for signing EGF certificates. Section 9.1.3 denotes these as MSCA_VU-EGF.U.K.

—The Card.CA.EUR certificate mentioned in the figure shall be interpreted as the European root certificate that is indicated in the CAR of the MSCA_VU-EGF certificate.U.K.

—The Card.Link certificate mentioned in the figure shall be interpreted as the EGF's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The Card.Link.EUR certificate is the European root certificate that is indicated in the CAR of the Card.Link certificate.U.K.

—Instead of the , the VU shall read the from EF ICC.U.K.

—Instead of selecting the Tachograph AID, the VU shall select the EGF AID.U.K.

—‘Ignore Card’ shall be interpreted as ‘Ignore EGF’.U.K.

CSM_207Once it has verified the EGF_MA certificate, the vehicle unit shall store this certificate for use during normal operation; see section 11.3.3.U.K.

CSM_208 [F1During the coupling to a VU, an external GNSS facility shall use the protocol depicted in Figure 5 (section 10.2.2) for verifying the VU's certificate chain.] U.K.

Notes to Figure 5 within this context: U.K.

—The VU shall generate a fresh ephemeral key pair using the domain parameters in the EGF certificate.U.K.

—The VU certificates and public keys mentioned in the figure are those for mutual authentication. Section 9.1.4 denotes these as VU_MA.U.K.

—The VU.CA certificates and public keys mentioned in the figure are those for signing VU and external GNSS facility certificates. Section 9.1.3 denotes these as MSCA_VU-EGF.U.K.

—The VU.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the VU.CA certificate.U.K.

—The VU.Link certificate mentioned in the figure is the VU's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The VU.Link.EUR certificate is the European root certificate that is indicated in the CAR of the VU.Link certificate.U.K.

Textual Amendments

F1 Substituted by Commission Implementing Regulation (EU) 2018/502 of 28 February 2018 amending Implementing Regulation (EU) 2016/799 laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance).

CSM_209In deviation from requirement CSM_167, an EGF shall use the GNSS time to verify the temporal validity of any certificate presented.U.K.

[F1CSM_210 Once it has verified the VU_MA certificate, the external GNSS facility shall store this certificate for use during normal operation; see section 11.3.3.] U.K.

11.3.3 During Normal Operation U.K.

CSM_211 [F1During normal operation, a vehicle unit and an EGF shall use the protocol depicted in Figure 11 for verifying the temporal validity of the stored EGF_MA certificate and for setting the VU_MA public key for subsequent VU Authentication. No further mutual verification of the certificate chains shall take place during normal operation.] U.K.

Note that Figure 11 in essence consists of the first steps shown in Figure 4 and Figure 5. Again, note that since an EGF is not a smart card, the VU will probably not send a Reset to initiate the communication and will not receive an ATR. In any case this is out of the scope of this Appendix.U.K.

Figure 11

Mutual verification of certificate temporal validity during normal VU — EGF operation

CSM_212As shown in Figure 11, the vehicle unit shall log an error if the EGF_MA certificate is no longer valid. However, mutual authentication, key agreement and subsequent communication via secure messaging shall proceed normally.U.K.