xmlns:atom="http://www.w3.org/2005/Atom" xmlns:atom="http://www.w3.org/2005/Atom"
This command is used to verify the integrity and authenticity of the DSRC message and to decipher the data communicated from a VU to a control authority or a workshop over the DSRC link. The card derives the encryption key and the MAC key used to secure the DSRC message as described in Appendix 11 Part B chapter 13.
Only the control card and the workshop card are required to support this command in the DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command, but shall not have a DSRC master key. Therefore these cards cannot perform the command successfully, but terminate with a suitable error code.
The command may or may not be accessible in the MF and / or the DF Tachograph. If so, the command shall terminate with a suitable error code.
Byte | Length | Value | Description |
---|---|---|---|
CLA | 1 | ‘80h’ | Proprietary CLA |
INS | 1 | ‘2Ah’ | Perform Security Operation |
P1 | 1 | ‘80h’ | Response data: plain value |
P2 | 1 | ‘B0h’ | Command data: plain value encoded in BER-TLV and including SM DOs |
Lc | 1 | ‘NNh’ | Length Lc of the subsequent data field |
#6-#(5+L) | L | ‘87h’ + L87 + ‘XX..XXh’ | DER-TLV encoded padding-content indicator byte followed by encrypted tachograph payload. For the padding-content indicator byte the value ‘00h’ (‘no further indication’ according to ISO/IEC 7816-4:2013 Table 52) shall be used. For the encryption mechanism see Appendix 11, Part B chapter 13. Allowed values for the length L87 are the multiples of the AES block length plus 1 for the padding-content indicator byte, i.e. from 17 bytes up to and including 193 bytes. Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘87h’. |
‘81h’ + ‘10h’ | DER-TLV encoded Control Reference Template for Confidentiality nesting the concatenation of the following data elements (see Appendix 1 DSRCSecurityData and Appendix 11 Part B chapter 13):
Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘81h’. | ||
‘8Eh’ + L8E + ‘XX..XXh’ | DER-TLV encoded MAC over the DSRC message. For the MAC algorithm and calculation see Appendix 11, Part B chapter 13. Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘8Eh’. | ||
[F15 + L + 1 | 1 | ‘ 00h ’ | As specified in ISO/IEC 7816-4] |
Byte | Length | Value | Description |
---|---|---|---|
#1-#L | L | ‘XX..XXh’ | Absent (in case of an error) or deciphered data (padding removed) |
SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
‘6A80’ indicates incorrect parameters in the command data field (also used in case the data objects are not sent in the specified order).
‘6A88’ indicates that referenced data is not available, i.e. the referenced DSRC master key is not available.
‘6900’ indicates that the verification of the cryptographic checksum or the decryption of the data failed.
‘ [F16985 ’ indicates that the 4-byte time stamp provided in the command data field is earlier than cardValidityBegin or later than cardExpiryDate.]