Commission Implementing Regulation (EU) 2016/799Show full title

COMMON SECURITY MECHANISMS U.K.

PREAMBLEU.K.

This Appendix specifies the security mechanisms ensuring

• mutual authentication between different components of the tachograph system.

• confidentiality, integrity, authenticity and/or non-repudiation of data transferred between different components of the tachograph system or downloaded to external storage media.

This Appendix consists of two parts. Part A defines the security mechanisms for the first-generation tachograph system (digital tachograph). Part B defines the security mechanisms for the second-generation tachograph system (smart tachograph).

The mechanisms specified in Part A of this Appendix shall apply if at least one of the components of the tachograph system involved in a mutual authentication and/or data transfer process is of the first generation.

The mechanisms specified in Part B of this Appendix shall apply if both components of the tachograph system involved in the mutual authentication and/or data transfer process are of the second generation.

Appendix 15 provides more information regarding the use of first generation components in combination with second-generation components.

PART AU.K. FIRST-GENERATION TACHOGRAPH SYSTEM

1.INTRODUCTIONU.K.

1.1. References U.K.

The following references are used in this Appendix:

1.2. Notations and abbreviated terms U.K.

The following notations and abbreviated terms are used in this Appendix:

2.CRYPTOGRAPHIC SYSTEMS AND ALGORITHMSU.K.

2.1. Cryptographic systems U.K.

CSM_001Vehicle units and tachograph cards shall use a classical RSA public-key cryptographic system to provide the following security mechanisms:U.K.

• authentication between vehicle units and cards,

• transport of Triple-DES session keys between vehicle units and tachograph cards,

• digital signature of data downloaded from vehicle units or tachograph cards to external media.

CSM_002Vehicle units and tachograph cards shall use a Triple DES symmetric cryptographic system to provide a mechanism for data integrity during user data exchange between vehicle units and tachograph cards, and to provide, where applicable, confidentiality of data exchange between vehicle units and tachograph cards.U.K.

2.2. Cryptographic algorithms U.K.

2.2.1 RSA algorithm U.K.

CSM_003The RSA algorithm is fully defined by the following relations:U.K.

X.SK[m] = s = m^d mod n U.K.

X.PK[s] = m = s^e mod n

A more comprehensive description of the RSA function can be found in reference [PKCS1]. Public exponent, e, for RSA calculations is an integer between 3 and n-1 satisfying gcd(e, lcm(p-1, q-1))=1.

2.2.2 Hash algorithm U.K.

CSM_004The digital signature mechanisms shall use the SHA-1 hash algorithm as defined in reference [SHA-1].U.K.

2.2.3 Data Encryption Algorithm U.K.

CSM_005DES based algorithms shall be used in Cipher Block Chaining mode of operation.U.K.

3.KEYS AND CERTIFICATESU.K.

3.1. Keys generation and distribution U.K.

3.1.1 RSA Keys generation and distribution U.K.

CSM_006RSA keys shall be generated through three functional hierarchical levels:U.K.

• European level,

• Member State level,

• Equipment level.

CSM_007At European level, a single European key pair (EUR.SK and EUR.PK) shall be generated. The European private key shall be used to certify the Member States public keys. Records of all certified keys shall be kept. These tasks shall be handled by a European Certification Authority, under the authority and responsibility of the European Commission.U.K.

CSM_008At Member State level, a Member State key pair (MS.SK and MS.PK) shall be generated. Member States public keys shall be certified by the European Certification Authority. The Member State private key shall be used to certify public keys to be inserted in equipment (vehicle unit or tachograph card). Records of all certified public keys shall be kept with the identification of the equipment to which it is intended. These tasks shall be handled by a Member State Certification Authority. A Member State may regularly change its key pair.U.K.

CSM_009At equipment level, one single key pair (EQT.SK and EQT.PK) shall be generated and inserted in each equipment. Equipment public keys shall be certified by a Member State Certification Authority. These tasks may be handled by equipment manufacturers, equipment personalisers or Member State authorities. This key pair is used for authentication, digital signature and encipherement servicesU.K.

CSM_010Private keys confidentiality shall be maintained during generation, transport (if any) and storage.U.K.

The following picture summarises the data flow of this process:

3.1.2 RSA Test keys U.K.

CSM_011For the purpose of equipment testing (including interoperability tests) the European Certification Authority shall generate a different single European test key pair and at least two Member State test key pairs, the public keys of which shall be certified with the European private test key. Manufacturers shall insert, in equipment undergoing type approval tests, test keys certified by one of these Member State test keys.U.K.

3.1.3 Motion sensor keys U.K.

The confidentiality of the three Triple DES keys described below shall be appropriately maintained during generation, transport (if any) and storage.

In order to support tachograph components compliant with ISO 16844, the European Certification Authority and the Member State Certification Authorities shall, in addition, ensure the following:

CSM_036The European Certification authority shall generate KmVU and KmWC, two independent and unique Triple DES keys, and generate Km as: Km = Km_VU XOR Km_WC. The European Certification Authority shall forward these keys, under appropriately secured procedures, to Member States Certification Authorities at their request.U.K.

CSM_037Member States Certification Authorities shall:U.K.

• use Km to encrypt motion sensor data requested by motion sensor manufacturers (data to be encrypted with Km is defined in ISO 16844-3),

• forward Km_VU to vehicle unit manufacturers, under appropriately secured procedures, for insertion in vehicle units,

• ensure that Km_WC will be inserted in all workshop cards ( in elementary file) during card personalisation.

3.1.4 T-DES session keys generation and distribution U.K.

CSM_012Vehicle units and tachograph cards shall, as a part of the mutual authentication process, generate and exchange necessary data to elaborate a common Triple DES session key. This exchange of data shall be protected for confidentiality through an RSA crypt-mechanism.U.K.

CSM_013This key shall be used for all subsequent cryptographic operations using secure messaging. Its validity shall expire at the end of the session (withdrawal of the card or reset of the card) and/or after 240 use (one use of the key = one command using secure messaging sent to the card and associated response).U.K.

3.2. Keys U.K.

CSM_014RSA keys shall have (whatever the level) the following lengths: modulus n1 024 bits, public exponent e 64 bits maximum, private exponent d1 024 bits.U.K.

CSM_015Triple DES keys shall have the form (K_a, K_b, K_a) where K_a and K_b are independent 64 bits long keys. No parity error detecting bits shall be set.U.K.

3.3. Certificates U.K.

CSM_016RSA Public key certificates shall be ‘non self-descriptive’‘Card Verifiable’ certificates (Ref.: ISO/IEC 7816-8)U.K.

3.3.1 Certificates content U.K.

CSM_017RSA Public key certificates are built with the following data in the following order:U.K.

Notes: U.K.

1.The ‘Certificate Profile Identifier’ (CPI) delineates the exact structure of an authentication certificate. It can be used as an equipment internal identifier of a relevant headerlist which describes the concatenation of Data Elements within the certificate.U.K.

The headerlist associated with this certificate content is as follows:

2.The ‘Certification Authority Reference’ (CAR) has the purpose of identifying the certificate issuing CA, in such a way that the Data Element can be used at the same time as an Authority Key Identifier to reference the Public Key of the Certification Authority (for coding, see Key Identifier below).U.K.

3.The ‘Certificate Holder Authorisation’ (CHA) is used to identify the rights of the certificate holder. It consists of the Tachograph Application ID and of the type of equipment to which the certificate is intended (according to data element, ‘00’ for a Member State).U.K.

4.The ‘Certificate Holder Reference’ (CHR) has the purpose of identifying uniquely the certificate holder, in such a way that the Data Element can be used at the same time as a Subject Key Identifier to reference the Public Key of the certificate holder.U.K.

5.Key Identifiers uniquely identify certificate holder or certification authorities. They are coded as follows:U.K.

6.Certificate verifiers shall implicitly know that the public key certified is an RSA key relevant to authentication, digital signature verification and encipherement for confidentiality services (the certificate contains no Object Identifier to specify it).U.K.

3.3.2 Certificates issued U.K.

CSM_018The certificate issued is a digital signature with partial recovery of the certificate content in accordance with ISO/IEC 9796-2 (except for its annex A4), with the ‘Certification Authority Reference’ appended.U.K.

X.C = X.CA.SK[‘6A’ || C_r || Hash(Cc) || ‘BC’] || C_n || X.CAR

Notes: U.K.

1.This certificate is 194 bytes long.U.K.

2.CAR, being hidden by the signature, is also appended to the signature, such that the Public Key of the Certification Authority may be selected for the verification of the certificate.U.K.

3.The certificate verifier shall implicitly know the algorithm used by the Certification Authority to sign the certificate.U.K.

4.The headerlist associated with this issued certificate is as follows:U.K.

3.3.3 Certificate verification and unwrapping U.K.

Certificate verification and unwrapping consists in verifying the signature in accordance with ISO/IEC 9796-2, retrieving the certificate content and the public key contained: X.PK = X.CA.PK _o X.C, and verifying the validity of the certificate.

CSM_019It involves the following steps:U.K.

• Verify signature and retrieve content:

  —from X.C retrieve Sign, Cn' and CAR':	X.C =	Sign	||	Cn'	||	CAR'
  		128 Bytes		58 Bytes		8 Bytes

  • from CAR' select appropriate Certification Authority Public Key (if not done before through other means)

  • open Sign with CA Public Key: Sr'= X.CA.PK [Sign],

  • check Sr' starts with ‘6A’ and ends with ‘BC’

  —compute Cr' and H' from: Sr' =	‘6A’	||	Cr'	||	H'	||	‘BC’
  			106 Bytes		20 Bytes

  • Recover certificate content C' = C_r' || C_n',

  • check Hash(C') = H'

• If the checks are OK the certificate is a genuine one, its content is C'.

• Verify validity. From C':

  • if applicable, check End of validity date,

• Retrieve and store public key, Key Identifier, Certificate Holder Authorisation and Certificate End of Validity from C':

  • X.PK = n || e

  • X.KID = CHR

  • X.CHA = CHA

  • X.EOV = EOV

4.MUTUAL AUTHENTICATION MECHANISMU.K.

Mutual authentication between cards and VUs is based on the following principle:

Each party shall demonstrate to the other that it owns a valid key pair, the public key of which has been certified by a Member State certification authority, itself being certified by the European certification authority.

Demonstration is made by signing with the private key a random number sent by the other party, who must recover the random number sent when verifying this signature.

The mechanism is triggered at card insertion by the VU. It starts with the exchange of certificates and unwrapping of public keys, and ends with the setting of a session key.

CSM_020The following protocol shall be used (arrows indicate commands and data exchanged (see Appendix 2)):U.K.

5.VU-CARDS DATA TRANSFER CONFIDENTIALITY, INTEGRITY AND AUTHENTICATION MECHANISMSU.K.

5.1. Secure Messaging U.K.

CSM_021VU-Cards data transfers integrity shall be protected through Secure Messaging in accordance with references [ISO/IEC 7816-4] and [ISO/IEC 7816-8].U.K.

CSM_022When data need to be protected during transfer, a Cryptographic Checksum Data Object shall be appended to the Data Objects sent within the command or the response. The Cryptographic Checksum shall be verified by the receiver.U.K.

CSM_023The cryptographic checksum of data sent within a command shall integrate the command header, and all data objects sent (=>CLA = ‘0C’, and all data objects shall be encapsulated with tags in which b1=1).U.K.

CSM_024The response status-information bytes shall be protected by a cryptographic checksum when the response contains no data field.U.K.

CSM_025Cryptographic checksums shall be 4 Bytes long.U.K.

The structure of commands and responses when using secure messaging is therefore the following:

• The DOs used are a partial set of the Secure Messaging DOs described in ISO/IEC 7816-4:

  Tag	Mnemonic	Meaning
  ‘81’	TPV	Plain Value not BER-TLV coded data (to be protected by CC)
  ‘97’	TLE	Value of Le in the unsecured command (to be protected by CC)
  ‘99’	TSW	Status-Info (to be protected by CC)
  ‘8E’	TCC	Cryptographic Checksum
  ‘87’	TPI CG	Padding Indicator Byte || Cryptogram (Plain Value not coded in BER-TLV)

• Given an unsecured command response pair:

  Command header				Command body
  CLA	INS	P1	P2	[Lc field]	[Data field]	[Le field]
  four bytes				L bytes, denoted as B1 to BL

  Response body	Response trailer
  [Data field]	SW1	SW2
  Lr data bytes	two bytes

• The corresponding secured command response pair is:

  • Secured command:

    Command header (CH)				Command body
    CLA	INS	P1	P2	[New Lc field]	[New Data field]									[New Le field]
    ‘OC’				Length of New Data field	TPV	LPV	PV	TLE	LLE	Le	TCC	LCC	CC	‘00’
    					‘81’	Lc	Data field	‘97’	‘01’	Le	‘8E’	‘04’	CC

    Data to be integrated in checksum = CH || PB || T_PV || L_PV || PV || T_LE || L_LE || L_e || PB

    PB = Padding Bytes (80 .. 00) in accordance with ISO-IEC 7816-4 and ISO 9797 method 2.

    DOs PV and LE are present only when there is some corresponding data in the unsecured command.

  • Secured response:

    1.

    Case where response data field is not empty and needs not to be protected for confidentiality:

    Response body						Response trailer
    [New Data field]						new SW1 SW2
    TPV	LPV	PV	TCC	LCC	CC
    ‘81’	Lr	Data field	‘8E’	‘04’	CC

    Data to be integrated in checksum = T_PV || L_PV || PV || PB

    2.

    Case where response data field is not empty and needs to be protected for confidentiality:

    Response body						Response trailer
    [New Data field]						new SW1 SW2
    TPI CG	LPI CG	PI CG	TCC	LCC	CC
    ‘87’		PI || CG	‘8E’	‘04’	CC

    Data to be carried by CG: non BER-TLV coded data and padding bytes.

    Data to be integrated in checksum = T_{PI CG} || L_{PI CG} || PI CG || PB

    3.

    Case where response data field is empty:

    Response body						Response trailer
    [New Data field]						new SW1 SW2
    TSW	LSW	SW	TCC	LCC	CC
    ‘99’	‘02’	New SW1 SW2	‘8E’	‘04’	CC

    Data to be integrated in checksum = T_SW || L_SW || SW || PB

5.2. Treatment of Secure Messaging errors U.K.

CSM_026When the tachograph card recognises an SM error while interpreting a command, then the status bytes must be returned without SM. In accordance with ISO/IEC 7816-4, the following status bytes are defined to indicate SM errors:U.K.

CSM_027When the tachograph card returns status bytes without SM DOs or with an erroneous SM DO, the session must be aborted by the VU.U.K.

5.3. Algorithm to compute Cryptographic Checksums U.K.

CSM_028Cryptographic checksums are built using a retail MACs in accordance with ANSI X9.19 with DES:U.K.

• Initial stage: The initial check block y0 is E(Ka, SSC).

• Sequential stage: The check blocks y1, .., yn are calculated using Ka.

• Final stage: The cryptographic checksum is calculated from the last check block yn as follows: E(Ka, D(Kb, yn)).

where E() means encryption with DES, and D() means decryption with DES.

The four most significant bytes of the cryptographic checksum are transferred

CSM_029The Send Sequence Counter (SSC) shall be initiated during key agreement procedure to:U.K.

Initial SSC: Rnd3 (4 least significant bytes) || Rnd1 (4 least significant bytes).

CSM_030The Send Sequence Counter shall be increased by 1 each time before a MAC is calculated (i.e. the SSC for the first command is Initial SSC + 1, the SSC for the first response is Initial SSC + 2).U.K.

The following figure shows the calculation of the retail MAC:

5.4. Algorithm to compute cryptograms for confidentiality DOs U.K.

CSM_031Cryptograms are computed using TDEA in TCBC mode of operation in accordance with references [TDES] and [TDES-OP] and with the Null vector as Initial Value block.U.K.

The following figure shows the application of keys in TDES:

6.DATA DOWNLOAD DIGITAL SIGNATURE MECHANISMSU.K.

CSM_032The Intelligent Dedicated Equipment (IDE) stores data received from an equipment (VU or card) during one download session within one physical data file. This file must contain the certificates MS_i.C and EQT.C. The file contains digital signatures of data blocks as specified in Appendix 7 Data Downloading Protocols.U.K.

CSM_033Digital signatures of downloaded data shall use a digital signature scheme with appendix such, that downloaded data may be read without any decipherment if desired.U.K.

6.1. Signature generation U.K.

CSM_034Data signature generation by the equipment shall follow the signature scheme with appendix defined in reference [PKCS1] with the SHA-1 hash function:U.K.

• Signature = EQT.SK[‘00’ || ‘01’ || PS || ‘00’ || DER(SHA-1(Data))]

• PS = Padding string of octets with value ‘FF’ such that length is 128.

• DER(SHA-1(M)) is the encoding of the algorithm ID for the hash function and the hash value into an ASN.1 value of type DigestInfo (distinguished encoding rules):

  ‘30’||‘21’||‘30’||‘09’||‘06’||‘05’||‘2B’||‘0E’||‘03’||‘02’||‘1A’||‘05’||‘00’||‘04’||‘14’||Hash Value.

6.2. Signature verification U.K.

CSM_035Data signature verification on downloaded data shall follow the signature scheme with appendix defined in reference [PKCS1] with the SHA-1 hash function.U.K.

The European public key EUR.PK needs to be known independently (and trusted) by the verifier.

The following table illustrates the protocol an IDE carrying a Control card can follow to verify the integrity of data downloaded and stored on the ESM (External Storage media). The control card is used to perform the decipherement of digital signatures. This function may in this case not be implemented in the IDE.

The equipment that has downloaded and signed the data to be analysed is denoted EQT.

PART BU.K. SECOND-GENERATION TACHOGRAPH SYSTEM

7.INTRODUCTIONU.K.

7.1. References U.K.

The following references are used in this part of this Appendix.

7.2. Notations and Abbreviations U.K.

The following notations and abbreviated terms are used in this Appendix:

7.3. Definitions U.K.

The definitions of terms used in this Appendix are included in section I of Annex 1C.

8.CRYPTOGRAPHIC SYSTEMS AND ALGORITHMSU.K.

8.1. Cryptographic Systems U.K.

CSM_38Vehicle units and tachograph cards shall use an elliptic curve-based public-key cryptographic system to provide the following security services:U.K.

• mutual authentication between a vehicle unit and a card,

• agreement of AES session keys between a vehicle unit and a card,

• ensuring the authenticity, integrity and non-repudiation of data downloaded from vehicle units or tachograph cards to external media.

CSM_39Vehicle units and external GNSS facilities shall use an elliptic curve-based public-key cryptographic system to provide the following security services:U.K.

• coupling of a vehicle unit and an external GNSS facility,

• mutual authentication between a vehicle unit and an external GNSS facility,

• agreement of an AES session key between a vehicle unit and an external GNSS facility.

CSM_40Vehicle units and tachograph cards shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.

• ensuring authenticity and integrity of data exchanged between a vehicle unit and a tachograph card,

• where applicable, ensuring confidentiality of data exchanged between a vehicle unit and a tachograph card.

CSM_41Vehicle units and external GNSS facilities shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.

• ensuring authenticity and integrity of data exchanged between a vehicle unit and an external GNSS facility.

CSM_42Vehicle units and motion sensors shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.

• pairing of a vehicle unit and a motion sensor,

• mutual authentication between a vehicle unit and a motion sensor,

• ensuring confidentiality of data exchanged between a vehicle unit and a motion sensor.

CSM_43Vehicle units and control cards shall use an AES-based symmetric cryptographic system to provide the following security services on the remote communication interface:U.K.

• ensuring confidentiality, authenticity and integrity of data transmitted from a vehicle unit to a control card.

Notes: U.K.

—Properly speaking, data is transmitted from a vehicle unit to a remote interrogator under the control of a control officer, using a remote communication facility that may be internal or external to the VU, see Appendix 14. However, the remote interrogator sends the received data to a control card for decryption and validation of authenticity. From a security point of view, the remote communication facility and the remote interrogator are fully transparent.U.K.

—A workshop card offers the same security services for the DSRC interface as a control card does. This allows a workshop to validate the proper functioning of the remote communication interface of a VU, including security. Please refer to section 9.2.2 for more information.U.K.

8.2. Cryptographic Algorithms U.K.

8.2.1 Symmetric Algorithms U.K.

CSM_44Vehicle units, tachograph cards, motion sensors and external GNSS facilities shall support the AES algorithm as defined in [AES], with key lengths of 128, 192 and 256 bits.U.K.

8.2.2 Asymmetric Algorithms and Standardized Domain Parameters U.K.

CSM_45Vehicle units, tachograph cards and external GNSS facilities shall support elliptic curve cryptography with a key size of 256, 384 and 512/521 bits.U.K.

CSM_46Vehicle units, tachograph cards and external GNSS facilities shall support the ECDSA signing algorithm, as specified in [DSS].U.K.

CSM_47Vehicle units, tachograph cards and external GNSS facilities shall support the ECKA-EG key agreement algorithm, as specified in [TR 03111].U.K.

CSM_48Vehicle units, tachograph cards and external GNSS facilities shall support all standardized domain parameters specified in Table 1 below for elliptic curve cryptography.U.K.

Note: the object identifiers mentioned in the last column of Table 1 are specified in [RFC 5639] for the Brainpool curves and in [RFC 5480] for the NIST curves.U.K.

8.2.3 Hashing algorithms U.K.

[F1CSM_49 Vehicle units, tachograph cards and external GNSS facilities shall support the SHA-256, SHA-384 and SHA-512 algorithms specified in [SHS].] U.K.

8.2.4 Cipher Suites U.K.

CSM_50In case a symmetric algorithm, an asymmetric algorithm and/or a hashing algorithm are used together to form a security protocol, their respective key lengths and hash sizes shall be of (roughly) equal strength. Table 2 shows the allowed cipher suites:U.K.

Note: ECC keys sizes of 512 bits and 521 bits are considered to be equal in strength for all purposes within this Appendix.U.K.

9.KEYS AND CERTIFICATESU.K.

9.1. Asymmetric Key Pairs and Public Key Certificates U.K.

9.1.1 General U.K.

Note: the keys described in this section are used for mutual authentication and secure messaging between vehicle units and tachograph cards and between vehicle units and external GNSS facilities. These processes are described in detail in chapters 10 and 11 of this Appendix.U.K.

CSM_51Within the European Smart Tachograph system, ECC key pairs and corresponding certificates shall be generated and managed through three functional hierarchical levels:U.K.

• European level,

• Member State level,

• Equipment level.

CSM_52Within the entire European Smart Tachograph system, public and private keys and certificates shall be generated, managed and communicated using standardized and secure methods.U.K.

9.1.2 European Level U.K.

CSM_53At European level, a single unique ECC key pair designated as EUR shall be generated. It shall consist of a private key (EUR.SK) and a public key (EUR.PK). This key pair shall form the root key pair of the entire European Smart Tachograph PKI. This task shall be handled by a European Root Certificate Authority (ERCA), under the authority and responsibility of the European Commission.U.K.

CSM_54The ERCA shall use the European private key to sign a (self-signed) root certificate of the European public key, and shall communicate this European root certificate to all Member States.U.K.

CSM_55The ERCA shall use the European private key to sign the certificates of the Member States public keys upon request. The ERCA shall keep records of all signed Member State public key certificates.U.K.

CSM_56As shown in Figure 1 in section 9.1.7, the ERCA shall generate a new European root key pair every 17 years. Whenever the ERCA generates a new European root key pair, it shall create a new self-signed root certificate for the new European public key. The validity period of a European root certificate shall be 34 years plus 3 months.U.K.

Note: The introduction of a new root key pair also implies that ERCA will generate a new motion sensor master key and a new DSRC master key, see sections 9.2.1.2 and 9.2.2.2.U.K.

CSM_57Before generating a new European root key pair, the ERCA shall conduct an analysis of the cryptographic strength that is needed for the new key pair, given it should stay secure for the next 34 years. If found necessary, the ERCA shall switch to a cipher suite that is stronger than the current one, as specified in CSM_50.U.K.

[F1CSM_58 Whenever it generates a new European root key pair, the ERCA shall create a link certificate for the new European public key and sign it with the previous European private key. The validity period of the link certificate shall be 17 years plus 3 months. This is shown in Figure 1 in section 9.1.7 as well.] U.K.

Note: Since a link certificate contains the ERCA generation X public key and is signed with the ERCA generation X-1 private key, a link certificate offers equipment issued under generation X-1 a method to trust equipment issued under generation X.U.K.

CSM_59The ERCA shall not use the private key of a root key pair for any purpose after the moment a new root key certificate becomes valid.U.K.

CSM_60At any moment in time, the ERCA shall dispose of the following cryptographic keys and certificates:U.K.

• The current EUR key pair and corresponding certificate

• All previous EUR certificates to be used for the verification of MSCA certificates that are still valid

• Link certificates for all generations of EUR certificates except the first one

9.1.3 Member State Level U.K.

CSM_61At Member State level, all Member States required to sign tachograph card certificates shall generate one or more unique ECC key pairs designated as MSCA_Card. All Member States required to sign certificates for vehicle units or external GNSS facilities shall additionally generate one or more unique ECC key pairs designated as MSCA_VU-EGF.U.K.

CSM_62The task of generating Member State key pairs shall be handled by a Member State Certificate Authority (MSCA). Whenever a MSCA generates a Member State key pair, it shall send the public key to the ERCA in order to obtain a corresponding Member State certificate signed by the ERCA.U.K.

CSM_63An MSCA shall choose the strength of a Member State key pair equal to the strength of the European root key pair used to sign the corresponding Member State certificate.U.K.

CSM_64An MSCA_VU-EGF key pair, if present, shall consist of private key MSCA_VU-EGF.SK and public key MSCA_VU-EGF.PK. An MSCA shall use the MSCA_VU-EGF.SK private key exclusively to sign the public key certificates of vehicle units and external GNSS facilities.U.K.

CSM_65An MSCA_Card key pair shall consist of private key MSCA_Card.SK and public key MSCA_Card.PK. An MSCA shall use the MSCA_Card.SK private key exclusively to sign the public key certificates of tachograph cards.U.K.

CSM_66An MSCA shall keep records of all signed VU certificates, external GNSS facility certificates and card certificates, together with the identification of the equipment for which each certificate is intended.U.K.

CSM_67The validity period of an MSCA_VU-EGF certificate shall be 17 years plus 3 months. The validity period of an MSCA_Card certificate shall be 7 years plus 1 month.U.K.

CSM_68As shown in Figure 1 in section 9.1.7, the private key of a MSCA_VU-EGF key pair and the private key of a MSCA_Card key pair shall have a key usage period of two years.U.K.

CSM_69An MSCA shall not use the private key of an MSCA_VU-EGF key pair for any purpose after the moment its usage period has ended. Neither shall an MSCA use the private key of an MSCA_Card key pair for any purpose after the moment its usage period has ended.U.K.

CSM_70At any moment in time, an MSCA shall dispose of the following cryptographic keys and certificates:U.K.

• The current MSCA_Card key pair and corresponding certificate

• All previous MSCA_Card certificates to be used for the verification of the certificates of tachograph cards that are still valid

• The current EUR certificate necessary for the verification of the current MSCA certificate

• All previous EUR certificates necessary for the verification of all MSCA certificates that are still valid

CSM_71If an MSCA is required to sign certificates for vehicle units or external GNSS facilities, it shall additionally dispose of the following keys and certificates:U.K.

• The current MSCA_VU-EGF key pair and corresponding certificate

• All previous MSCA_VU-EGF public keys to be used for the verification of the certificates of VUs or external GNSS facilities that are still valid

9.1.4 Equipment Level: Vehicle Units U.K.

[F1CSM_72 Two unique ECC key pairs shall be generated for each vehicle unit, designated as VU_MA and VU_Sign. This task is handled by VU manufacturers. Whenever a VU key pair is generated, the party generating the key shall send the public key to its MSCA, in order to obtain a corresponding VU certificate signed by the MSCA. The private key shall be used only by the vehicle unit.] U.K.

CSM_73The VU_MA and VU_Sign certificates of a given vehicle unit shall have the same Certificate Effective Date.U.K.

CSM_74A VU manufacturer shall choose the strength of a VU key pair equal to the strength of the MSCA key pair used to sign the corresponding VU certificate.U.K.

CSM_75A vehicle unit shall use its VU_MA key pair, consisting of private key VU_MA.SK and public key VU_MA.PK, exclusively to perform VU Authentication towards tachograph cards and external GNSS facilities, as specified in sections 10.3 and 11.4 of this Appendix.U.K.

CSM_76A vehicle unit shall be capable of generating ephemeral ECC key pairs and shall use an ephemeral key pair exclusively to perform session key agreement with a tachograph card or external GNSS facility, as specified in sections 10.4 and 11.4 of this Appendix.U.K.

CSM_77A vehicle unit shall use the private key VU_Sign.SK of its VU_Sign key pair exclusively to sign downloaded data files, as specified in chapter 14 of this Appendix. The corresponding public key VU_Sign.PK shall be used exclusively to verify signatures created by the vehicle unit.U.K.

CSM_78As shown in Figure 1 in section 9.1.7, the validity period of a VU_MA certificate shall be 15 years and 3 months. The validity period of a VU_Sign certificate shall also be 15 years and 3 months.U.K.

Notes: U.K.

—The extended validity period of a VU_Sign certificate allows a Vehicle Unit to create valid signatures over downloaded data during the first three months after it has expired, as required in Regulation (EU) No 581/2010.U.K.

—The extended validity period of a VU_MA certificate is needed to allow the VU to authenticate to a control card or a company card during the first three months after it has expired, such that is it possible to perform a data download.U.K.

CSM_79A vehicle unit shall not use the private key of a VU key pair for any purpose after the corresponding certificate has expired.U.K.

CSM_80The VU key pairs (except ephemeral keys pairs) and corresponding certificates of a given vehicle unit shall not be replaced or renewed in the field once the vehicle unit has been put in operation.U.K.

Notes: U.K.

—Ephemeral key pairs are not included in this requirement, as a new ephemeral key pair is generated by a VU each time Chip Authentication and session key agreement is performed, see section 10.4. Note that ephemeral key pairs do not have corresponding certificates.U.K.

—This requirement does not forbid the possibility of replacing static VU key pairs during a refurbishment or repair in a secure environment controlled by the VU manufacturer.U.K.

CSM_81When put in operation, vehicle units shall contain the following cryptographic keys and certificates:U.K.

• The VU_MA private key and corresponding certificate

• The VU_Sign private key and corresponding certificate

• The MSCA_VU-EGF certificate containing the MSCA_VU-EGF.PK public key to be used for verification of the VU_MA certificate and VU_Sign certificate

• The EUR certificate containing the EUR.PK public key to be used for verification of the MSCA_VU-EGF certificate

• The EUR certificate whose validity period directly precedes the validity period of the EUR certificate to be used to verify the MSCA_VU-EGF certificate, if existing

• The link certificate linking these two EUR certificates, if existing

CSM_82In addition to the cryptographic keys and certificates listed in CSM_81, vehicle units shall also contain the keys and certificates specified in Part A of this Appendix, allowing a vehicle unit to interact with first-generation tachograph cards.U.K.

9.1.5 Equipment Level: Tachograph Cards U.K.

[F1CSM_83 One unique ECC key pair, designated as Card_MA, shall be generated for each tachograph card. A second unique ECC key pair, designated as Card_Sign, shall additionally be generated for each driver card and each workshop card. This task may be handled by card manufacturers or card personalisers. Whenever a card key pair is generated, the party generating the key shall send the public key to its MSCA, in order to obtain a corresponding card certificate signed by the MSCA. The private key shall be used only by the tachograph card.] U.K.

CSM_84The Card_MA and Card_Sign certificates of a given driver card or workshop card shall have the same Certificate Effective Date.U.K.

CSM_85A card manufacturer or card personaliser shall choose the strength of a card key pair equal to the strength of the MSCA key pair used to sign the corresponding card certificate.U.K.

CSM_86A tachograph card shall use its Card_MA key pair, consisting of private key Card_MA.SK and public key Card_MA.PK, exclusively to perform mutual authentication and session key agreement towards vehicle units, as specified in sections 10.3 and 10.4 of this Appendix.U.K.

CSM_87A driver card or workshop card shall use the private key Card_Sign.SK of its Card_Sign key pair exclusively to sign downloaded data files, as specified in chapter 14 of this Appendix. The corresponding public key Card_Sign.PK shall be used exclusively to verify signatures created by the card.U.K.

[F1CSM_88 The validity period of a Card_MA certificate shall be as follows: U.K.

• For driver cards: 5 years

• For company cards: 5 years

• For control cards: 2 years

• For workshop cards: 1 year]

CSM_89The validity period of a Card_Sign certificate shall be as follows:U.K.

Note: the extended validity period of a Card_Sign certificate allows a driver card to create valid signatures over downloaded data during the first month after it has expired. This is necessary in view of Regulation (EU) No 581/2010, which requires that a data download from a driver card must be possible up to 28 days after the last data has been recorded.U.K.

CSM_90The key pairs and corresponding certificates of a given tachograph card shall not be replaced or renewed once the card has been issued.U.K.

CSM_91When issued, tachograph cards shall contain the following cryptographic keys and certificates:U.K.

• The Card_MA private key and corresponding certificate

• For driver cards and workshop cards additionally: the Card_Sign private key and corresponding certificate

• The MSCA_Card certificate containing the MSCA_Card.PK public key to be used for verification of the Card_MA certificate and Card_Sign certificate

• The EUR certificate containing the EUR.PK public key to be used for verification of the MSCA_Card certificate.

• The EUR certificate whose validity period directly precedes the validity period of the EUR certificate to be used to verify the MSCA_Card certificate, if existing.

• The link certificate linking these two EUR certificates, if existing.

• [F2Additionally, for control cards, company cards and workshop cards only, and only if such cards are issued during the first three months of the validity period of a new EUR certificate: the EUR certificate that is two generations older, if existing.

Note to last bullet: For example, in the first three months of the ERCA(3) certificate (see Figure 1), the mentioned cards shall contain the ERCA(1) certificate. This is needed to ensure that these cards can be used to perform data downloads from ERCA(1) VUs whose normal 15-year life period plus the 3-months data downloading period expires during these months; see the last bullet of requirement 13) in Annex IC.] U.K.

CSM_92In addition to the cryptographic keys and certificates listed in CSM_91, tachograph cards shall also contain the keys and certificates specified in Part A of this Appendix, allowing these cards to interact with first-generation VUs.U.K.

9.1.6 Equipment Level: External GNSS Facilities U.K.

[F1CSM_93 One unique ECC key pair shall be generated for each external GNSS facility, designated as EGF_MA. This task is handled by external GNSS facility manufacturers. Whenever an EGF_MA key pair is generated, the party generating th e key shall send the public key to its MSCA in order to obtain a corresponding EGF_MA certificate signed by the MSCA. The private key shall be used only by the external GNSS facility.] U.K.

CSM_94An EGF manufacturer shall choose the strength of an EGF_MA key pair equal to the strength of the MSCA key pair used to sign the corresponding EGF_MA certificate.U.K.

[F1CSM_95 An external GNSS facility shall use its EGF_MA key pair, consisting of private key EGF_MA.SK and public key EGF_MA.PK, exclusively to perform mutual authentication and session key agreement towards vehicle units, as specified in section 11.4 of this Appendix.] U.K.

CSM_96The validity period of an EGF_MA certificate shall be 15 years.U.K.

CSM_97An external GNSS facility shall not use the private key of its EGF_MA key pair for coupling to a vehicle unit after the corresponding certificate has expired.U.K.

Note: as explained in section 11.3.3, an EGF may potentially use its private key for mutual authentication towards the VU it is already coupled to, even after the corresponding certificate has expired.U.K.

CSM_98The EGF_MA key pair and corresponding certificate of a given external GNSS facility shall not be replaced or renewed in the field once the EGF has been put in operation.U.K.

Note: This requirement does not forbid the possibility of replacing EGF key pairs during a refurbishment or repair in a secure environment controlled by the EGF manufacturer.U.K.

CSM_99When put in operation, an external GNSS facility shall contain the following cryptographic keys and certificates:U.K.

• The EGF_MA private key and corresponding certificate

• The MSCA_VU-EGF certificate containing the MSCA_VU-EGF.PK public key to be used for verification of the EGF_MA certificate

• The EUR certificate containing the EUR.PK public key to be used for verification of the MSCA_VU-EGF certificate

• The EUR certificate whose validity period directly precedes the validity period of the EUR certificate to be used to verify the MSCA_VU-EGF certificate, if existing

• The link certificate linking these two EUR certificates, if existing

9.1.7 Overview: Certificate Replacement U.K.

Figure 1 below shows how different generations of ERCA root certificates, ERCA link certificates, MSCA certificates and equipment (VU and card) certificates are issued and used over time:

[F1Figure 1 Issuance and usage of different generations of ERCA root certificates, ERCA link certificates, MSCA certificates and equipment certificates] U.K.

Notes to Figure 1: U.K.

1.Different generations of the root certificate are indicated by a number in brackets. E.g. ERCA (1) is the first generation of ERCA root certificate; ERCA (2) is the second generation, etc.U.K.

2.Other certificates are indicated by two numbers in brackets, the first one indicating the root certificate generation under which they are issued, the second one the generation of the certificate itself. E.g. MSCA_Card (1-1) is the first MSCA_Card certificate issued under ERCA (1); MSCA_Card (2-1) is the first MSCA_Card certificate issued under ERCA (2); MSCA_Card (2-last) is the last MSCA_Card certificate issued under ERCA (2); Card_MA(2-1) is the first Card certificate for mutual authentication that is issued under ERCA (2), etc.U.K.

3.The MSCA_Card (2-1) and MSCA_Card (1-last) certificates are issued at almost but not exactly the same date. MSCA_Card (2-1) is the first MSCA_Card certificate issued under ERCA (2) and will be issued slightly later than MSCA_Card (1-last), the last MSCA_Card certificate under ERCA (1).U.K.

4.As shown in the figure, the first VU and Card certificates issued under ERCA (2) will appear almost two years before the last VU and Card certificates issued under ERCA (1) will appear. This is because of the fact that VU and Card certificates are issued under an MSCA certificate, not directly under the ERCA certificate. The MSCA (2-1) certificate will be issued directly after ERCA (2) becomes valid, but the MSCA (1-last) certificate will be issued only slightly before that time, at the last moment the ERCA (1) certificate is still valid. Therefore, these two MSCA certificates will have almost the same validity period, despite the fact that they are of different generations.U.K.

5.The validity period shown for cards is the one for driver cards (5 years).U.K.

[F16. To save space, the difference in validity period between the Card_MA and Card_Sign certificates is shown only for the first generation.] U.K.

9.2. Symmetric Keys U.K.

9.2.1 Keys for Securing VU — Motion Sensor Communication U.K.

9.2.1.1 General U.K.

Note: readers of this section are supposed to be familiar with the contents of [ISO 16844-3] describing the interface between a vehicle unit and a motion sensor. The pairing process between a VU and a motion sensor is described in detail in chapter 12 of this Appendix.U.K.

CSM_100A number of symmetric keys is needed for pairing vehicle units and motion sensors, for mutual authentication between vehicle units and motion sensors and for encrypting communication between vehicle units and motion sensors, as shown in Table 3. All of these keys shall be AES keys, with a key length equal to the length of the motion sensor master key, which shall be linked to the length of the (foreseen) European root key pair as described in CSM_50.U.K.

CSM_101The European Root Certificate Authority shall generate K_M-VU and K_M-WC, two random and unique AES keys from which the motion sensor master key K_M can be calculated as K_M-VU XOR K_M-WC. The ERCA shall communicate K_M, K_M-VU and K_M-WC to Member State Certificate Authorities upon their request.U.K.

CSM_102The ERCA shall assign to each motion sensor master key K_M a unique version number, which shall also be applicable for the constituting keys K_M-VU and K_M-WC and for the related identification key K_ID. The ERCA shall inform the MSCAs about the version number when sending K_M-VU and K_M-WC to them.U.K.

Note: The version number is used to distinguish different generations of these keys, as explained in detail in section 9.2.1.2.U.K.

CSM_103A Member State Certificate Authority shall forward K_M-VU, together with its version number, to vehicle unit manufacturers upon their request. The VU manufacturers shall insert K_M-VU and its version number in all manufactured VUs.U.K.

CSM_104A Member State Certificate Authority shall ensure that K_M-WC, together with its version number, is inserted in every workshop card issued under its responsibility.U.K.

Notes: U.K.

—See the description of data type in Appendix 2.U.K.

—as explained in section 9.2.1.2, in fact multiple generations of K_M-WC may have to be inserted in a single workshop card.U.K.

CSM_105In addition to the AES key specified in CSM_104, a MSCA shall ensure that the TDES key Km_WC, specified in requirement CSM_037 in Part A of this Appendix, is inserted in every workshop card issued under its responsibility.U.K.

Notes: U.K.

—This allows a second-generation workshop card to be used for coupling a first-generation VU.U.K.

—A second-generation workshop card will contain two different applications, one complying with Part B of this Appendix and one complying with Part A. The latter will contain the TDES key Km_WC.U.K.

CSM_106An MSCA involved in issuing motion sensors shall derive the identification key from the motion sensor master key by XORing it with a constant vector CV. The value of CV shall be as follows:U.K.

• [F1For 128-bit motion sensor master keys: CV = ‘ B6 44 2C 45 0E F8 D3 62 0B 7A 8A 97 91 E4 5D 83 ’]

• For 192-bit motion sensor master keys: CV = ‘72 AD EA FA 00 BB F4 EE F4 99 15 70 5B 7E EE BB 1C 54 ED 46 8B 0E F8 25’

• For 256-bit motion sensor master keys: CV = ‘1D 74 DB F0 34 C7 37 2F 65 55 DE D5 DC D1 9A C3 23 D6 A6 25 64 CD BE 2D 42 0D 85 D2 32 63 AD 60’

Note: the constant vectors have been generated as follows:U.K.

• Pi_10 = first 10 bytes of the decimal portion of the mathematical constant π = ‘24 3F 6A 88 85 A3 08 D3 13 19’

• CV_128-bits = first 16 bytes of SHA-256(Pi_10)

• CV_192-bits = first 24 bytes of SHA-384(Pi_10)

• CV_256-bits = first 32 bytes of SHA-512(Pi_10)

CSM_107 [F1Each Motion sensor manufacturer shall generate a random and unique pairing key K _P for every motion sensor, and shall send each pairing key to its Member State Certificate Authority. The MSCA shall encrypt each pairing key separately with the motion sensor master key K _M and shall return the encrypted key to the motion sensor manufacturer. For each encrypted key, the MSCA shall notify the motion sensor manufacturer of the version number of the associated K _M .] U.K.

Note: as explained in section 9.2.1.2, in fact a motion sensor manufacturer may have to generate multiple unique pairing keys for a single motion sensor.U.K.

[F1CSM_108 Each motion sensor manufacturer shall generate a unique serial number for every motion sensor, and shall send all serial numbers to its Member State Certificate Authority. The MSCA shall encrypt each serial number separately with the identification key K _ID and shall return the encrypted serial number to the motion sensor manufacturer. For each encrypted serial number, the MSCA shall notify the motion sensor manufacturer of the version number of the associated K _ID .] U.K.

CSM_109For requirements CSM_107 and CSM_108, the MSCA shall use the AES algorithm in the Cipher Block Chaining mode of operation, as defined in [ISO 10116], with an interleave parameter m = 1 and an initialization vector SV = ‘00’ {16}, i.e. sixteen bytes with binary value 0. When necessary, the MSCA shall use padding method 2 defined in [ISO 9797-1].U.K.

CSM_110The motion sensor manufacturer shall store the encrypted pairing key and the encrypted serial number in the intended motion sensor, together with the corresponding plain text values and the version number of K_M and K_ID used for encrypting.U.K.

Note: as explained in section 9.2.1.2, in fact a motion sensor manufacturer may have to insert multiple encrypted pairing keys and multiple encrypted serial numbers in a single motion sensor.U.K.

CSM_111In addition to the AES-based cryptographic material specified in CSM_110, a motion sensor manufacturer may also store in each motion sensor the TDES-based cryptographic material specified in requirement CSM_037 in Part A of this Appendix.U.K.

Note: doing so will allow a second-generation motion sensor to be coupled to a first-generation VU.U.K.

CSM_112The length of the session key K_S generated by a VU during the pairing to a motion sensor shall be linked to the length of its K_M-VU, as described in CSM_50.U.K.

9.2.1.2 Motion Sensor Master Key Replacement in Second-Generation Equipment U.K.

CSM_113Each motion sensor master key and all related keys (see Table 3) is associated to a particular generation of the ERCA root key pair. These keys shall therefore be replaced every 17 years. The validity period of each motion sensor master key generation shall begin one year before the associated ERCA root key pair becomes valid and shall end when the associated ERCA root key pair expires. This is depicted in Figure 2.U.K.

CSM_114At least one year before generating a new European root key pair, as described in CSM_56, the ERCA shall generate a new motion sensor master key K_M by generating a new K_M-VU and K_M-WC. The length of the motion sensor master key shall be linked to the foreseen strength of the new European root key pair, according to CSM_50. The ERCA shall communicate the new K_M, K_M-VU and K_M-WC to the MSCAs upon their request, together with their version number.U.K.

CSM_115An MSCA shall ensure that all valid generations of K_M-WC are stored in every workshop card issued under its authority, together with their version numbers, as shown in Figure 2.U.K.

Note: this implies that in the last year of the validity period of an ERCA certificate, workshop cards will be issued with three different generations of K_M-WC, as shown in Figure 2.U.K.

CSM_116In relation to the process described in CSM_107 and CSM_108 above: An MSCA shall encrypt each pairing key K_P it receives from a motion sensor manufacturer separately with each valid generation of the motion sensor master key K_M. An MSCA shall also encrypt each serial number it receives from a motion sensor manufacturer separately with each valid generation of the identification key K_ID. A motion sensor manufacturer shall store all encryptions of the pairing key and all encryptions of the serial number in the intended motion sensor, together with the corresponding plain text values and the version number(s) of K_M and K_ID used for encrypting.U.K.

Note: This implies that in the last year of the validity period of an ERCA certificate, motion sensors will be issued with encrypted data based on three different generations of K_M, as shown in Figure 2.U.K.

CSM_117In relation to the process described in CSM_107 above: Since the length of the pairing key K_P shall be linked to the length of K_M (see CSM_100), a motion sensor manufacturer may have to generate up to three different pairing keys (of different lengths) for one motion sensor, in case subsequent generations of K_M have different lengths. In such a case, the manufacturer shall send each pairing key to the MSCA. The MSCA shall ensure that each pairing key is encrypted with the correct generation of the motion sensor master key, i.e. the one having the same length.U.K.

Note: In case the motion sensor manufacturer chooses to generate a TDES-based pairing key for a second-generation motion sensor (see CSM_111), the manufacturer shall indicate to the MSCA that the TDES-based motion sensor master key must be used for encrypting this pairing key. This is because the length of a TDES key may be equal to that of an AES key, so the MSCA cannot judge from the key length alone.U.K.

CSM_118Vehicle unit manufacturers shall insert only one generation of K_M-VU in each vehicle unit, together with its version number. This K_M-VU generation shall be linked to the ERCA certificate upon which the VU's certificates are based.U.K.

Notes: U.K.

—A vehicle unit based on the generation X ERCA certificate shall only contain the generation X K_M-VU, even if it is issued after the start of the validity period of the generation X+1 ERCA certificate. This is shown in Figure 2.U.K.

—A VU of generation X cannot be paired to a motion sensor of generation X-1.U.K.

—Since workshop cards have a validity period of one year, the result of CSM_113 — CSM_118 is that all workshop cards will contain the new K_M-WC at the moment the first VU containing the new K_M-VU is issued. Therefore, such a VU will always be able to calculate the new K_M. Moreover, by that time most new motion sensors will contain encrypted data based on the new K_M as well.U.K.

9.2.2 Keys for Securing DSRC Communication U.K.

9.2.2.1 General U.K.

CSM_119The authenticity and confidentiality of data communicated from a vehicle unit to a control authority over a DSRC remote communication channel shall be ensured by means of a set of VU-specific AES keys derived from a single DSRC master key, KM_DSRC.U.K.

CSM_120The DSRC master key KM_DSRC shall be an AES key that is securely generated, stored and distributed by the ERCA. The key length may be 128, 192 or 256 bits and shall be linked to the length of the European root key pair, as described in CSM_50.U.K.

CSM_121The ERCA shall communicate the DSRC master key to Member State Certificate Authorities upon their request in a secure manner, to allow them to derive VU-specific DSRC keys and to ensure that the DSRC master key is inserted in all control cards and workshop cards issued under their responsibility.U.K.

CSM_122The ERCA shall assign to each DSRC master key a unique version number. The ERCA shall inform the MSCAs about the version number when sending the DSRC master key to them.U.K.

Note: The version number is used to distinguish different generations of the DSRC master key, as explained in detail in section 9.2.2.2.U.K.

[F1CSM_123 For every vehicle unit, the vehicle unit manufacturer shall create a unique VU serial number and shall send this number to its Member State Certificate Authority in a request to obtain a set of two VU-specific DSRC keys. The VU serial number shall have data type . U.K.

Note: U.K.

• This VU serial number shall be identical to the vuSerialNumber element of VuIdentification, see Appendix 1 and to the Certificate Holder Reference in the VU’s certificates.

• The VU serial number may not be known at the moment a vehicle unit manufacturer requests the VU-specific DSRC keys. In this case, the VU manufacturer shall send instead the unique certificate request ID it used when requesting the VU’s certificates; see CSM_153. This certificate request ID shall therefore be equal to the Certificate Holder Reference in the VU’s certificates.]

CSM_124Upon receiving a request for VU-specific DSRC keys, the MSCA shall derive two AES keys for the vehicle unit, called K_VU_DSRC_ENC and K_VU_DSRC_MAC. These VU-specific keys shall have the same length as the DSRC master key. The MSCA shall use the key derivation function defined in [RFC 5869]. The hash function that is necessary to instantiate the HMAC-Hash function shall be linked to the length of the DSRC master key, as described in CSM_50. The key derivation function in [RFC 5869] shall be used as follows:U.K.

• Step 1 (Extract):

  • PRK = HMAC-Hash (salt, IKM) where salt is an empty string ‘’ and IKM is KM_DSRC.

• Step 2 (Expand):

  • OKM = T(1), where

    T(1) = HMAC-Hash (PRK, T(0) || info || ‘01’) with

    • T(0) = an empty string (‘’)

    • [F1info = VU serial number or certificate request ID, as specified in CSM_123]

  • K_VU_DSRC_ENC = first L octets of OKM and

    K_VU_DSRC_MAC = last L octets of OKM

    where L is the required length of K_VU_DSRC_ENC and K_VU_DSRC_MAC in octets.

CSM_125The MSCA shall distribute K_VU_DSRC_ENC and K_VU_DSRC_MAC to the VU manufacturer in a secure manner for insertion in the intended vehicle unit.U.K.

CSM_126When issued, a vehicle unit shall have stored K_VU_DSRC_ENC and K_VU_DSRC_MAC in its secure memory, in order to be able to ensure the integrity, authenticity and confidentiality of data sent over the remote communication channel. A vehicle unit shall also store the version number of the DSRC master key used to derive these VU-specific keys.U.K.

CSM_127When issued, control cards and workshop cards shall have stored KM_DSRC in their secure memory, in order to be able to verify the integrity and authenticity of data sent by a VU over the remote communication channel and to decrypt this data. Control cards and workshop cards shall also store the version number of the DSRC master key.U.K.

Note: as explained in section 9.2.2.2, in fact multiple generations of KM_DSRC may have to be inserted in a single workshop card or control card.U.K.

[F1CSM_128 The MSCA shall keep records of all VU-specific DSRC keys it generated, their version number and the VU serial number or certificate request ID used in deriving them.] U.K.

9.2.2.2 DSRC Master Key Replacement U.K.

CSM_129Each DSRC master key is associated to a particular generation of the ERCA root key pair. The ERCA shall therefore replace the DSRC master key every 17 years. The validity period of each DSRC master key generation shall begin two years before the associated ERCA root key pair becomes valid and shall end when the associated ERCA root key pair expires. This is depicted in Figure 3.U.K.

CSM_130At least two years before generating a new European root key pair, as described in CSM_56, the ERCA shall generate a new DSRC master key. The length of the DSRC key shall be linked to the foreseen strength of the new European root key pair, according to CSM_50. The ERCA shall communicate the new DSRC master key to the MSCAs upon their request, together with its version number.U.K.

CSM_131An MSCA shall ensure that all valid generations of KM_DSRC are stored in every control card issued under its authority, together with their version numbers, as shown in Figure 3.U.K.

Note: this implies that in the last two years of the validity period of an ERCA certificate, control cards will be issued with three different generations of KM_DSRC, as shown in Figure 3.U.K.

CSM_132An MSCA shall ensure that all generations of KM_DSRC that have been valid for at least a year and are still valid, are stored in every workshop card issued under its authority, together with their version numbers, as shown in Figure 3.U.K.

Note: this implies that in the last year of the validity period of an ERCA certificate, workshop cards will be issued with three different generations of KM_DSRC, as shown in Figure 3.U.K.

CSM_133Vehicle unit manufacturers shall insert only one set of VU-specific DSRC keys into each vehicle unit, together with its version number. This set of keys shall be derived from the KM_DSRC generation linked to the ERCA certificate upon which the VU's certificates are based.U.K.

Notes: U.K.

—This implies that a vehicle unit based on the generation X ERCA certificate shall only contain the generation X K_VU_DSRC_ENC and K_VU_DSRC_MAC_, even if the VU is issued after the start of the validity period of the generation X+1 ERCA certificate. This is shown in Figure 3.U.K.

—Since workshop cards have a validity period of one year and control cards of two years, the result of CSM_131 — CSM_133 is that all workshop cards and control cards will contain the new DSRC master key at the moment the first VU containing VU-specific keys based on that master key will be issued.U.K.

9.3. Certificates U.K.

9.3.1 General U.K.

CSM_134All certificates in the European Smart Tachograph system shall be self-descriptive, card-verifiable (CV) certificates according to [ISO 7816-4] and [ISO 7816-8].U.K.

CSM_135 [F1The Distinguished Encoding Rules (DER) according to [ISO 8825-1] shall be used to encode the data objects within certificates. Table 4 shows the full certificate encoding, including all tag and length bytes.] U.K.

Note: this encoding results in a Tag-Length-Value (TLV) structure as follows:U.K.

9.3.2 Certificate Content U.K.

CSM_136All certificates shall have the structure shown in the certificate profile in Table 4.U.K.

Note: the Field ID will be used in later sections of this Appendix to indicate individual fields of a certificate, e.g. X.CAR is the Certificate Authority Reference mentioned in the certificate of user X.U.K.

9.3.2.1Certificate Profile IdentifierU.K.

CSM_137Certificates shall use a Certificate Profile Identifier to indicate the certificate profile used. Version 1, as specified in Table 4, shall be identified by a value of ‘00’.U.K.

9.3.2.2Certificate Authority ReferenceU.K.

CSM_138The Certificate Authority Reference shall be used to identify the public key to be used to verify the certificate signature. The Certificate Authority Reference shall therefore be equal to the Certificate Holder Reference in the certificate of the corresponding certificate authority.U.K.

CSM_139An ERCA root certificate shall be self-signed, i.e., the Certificate Authority Reference and the Certificate Holder Reference in the certificate shall be equal.U.K.

CSM_140For an ERCA link certificate, the Certificate Holder Reference shall be equal to the CHR of the new ERCA root certificate. The Certificate Authority Reference for a link certificate shall be equal to the CHR of the previous ERCA root certificate.U.K.

9.3.2.3Certificate Holder AuthorisationU.K.

[F1CSM_141 The Certificate Holder Authorisation shall be used to identify the type of certificate. It consists of the six most significant bytes of the Tachograph Application ID, concatenated with the equipment type, which indicates the type of equipment for which the certificate is intended. In the case of a VU certificate, a driver card certificate or a workshop card certificate, the equipment type is also used to differentiate between a certificate for Mutual Authentication and a certificate for creating digital signatures (see section 9.1 and Appendix 1, data type EquipmentType).] U.K.

9.3.2.4Public KeyU.K.

The Public Key nests two data elements: the standardized domain parameters to be used with the public key in the certificate and the value of the public point.

CSM_142The data element Domain Parameters shall contain one of the object identifiers specified in Table 1 to reference a set of standardized domain parameters.U.K.

CSM_143The data element Public Point shall contain the public point. Elliptic curve public points shall be converted to octet strings as specified in [TR-03111]. The uncompressed encoding format shall be used. When recovering an elliptic curve point from its encoded format, the validations described in [TR-03111] shall always be carried out.U.K.

9.3.2.5Certificate Holder ReferenceU.K.

CSM_144The Certificate Holder Reference is an identifier for the public key provided in the certificate. It shall be used to reference this public key in other certificates.U.K.

CSM_145For card certificates and external GNSS facility certificates, the Certificate Holder Reference shall have the data type specified in Appendix 1.U.K.

CSM_146For vehicle units, the manufacturer, when requesting a certificate, may or may not know the manufacturer-specific serial number of the VU for which that certificate and the associated private key is intended. In the first case, the Certificate Holder Reference shall have the data type specified in Appendix 1. In the latter case, the Certificate Holder Reference shall have the data type specified in Appendix 1.U.K.

[F2Note: For a card certificate, the value of the CHR shall be equal to the value of the cardExtendedSerialNumber in EF_ICC; see Appendix 2. For an EGF certificate, the value of the CHR shall be equal to the value of the sensorGNSSSerialNumber in EF_ICC; see Appendix 14. For a VU certificate, the value of the CHR shall be equal to the vuSerialNumber element of VuIdentification, see Appendix 1, unless the manufacturer does not know the manufacturer-specific serial number at the time the certificate is requested.] U.K.

CSM_147For ERCA and MSCA certificates, the Certificate Holder Reference shall have the data type specified in Appendix 1.U.K.

9.3.2.6Certificate Effective DateU.K.

[F1CSM_148 The Certificate Effective Date shall indicate the starting date and time of the validity period of the certificate.] U.K.

9.3.2.7Certificate Expiration DateU.K.

CSM_149The Certificate Expiration Date shall indicate the end date and time of the validity period of the certificate.U.K.

9.3.2.8Certificate SignatureU.K.

CSM_150The signature on the certificate shall be created over the encoded certificate body, including the certificate body tag and length. The signature algorithm shall be ECDSA, as specified in [DSS], using the hashing algorithm linked to the key size of the signing authority, as specified in CSM_50. The signature format shall be plain, as specified in [TR-03111].U.K.

9.3.3 Requesting Certificates U.K.

CSM_151 [F1When requesting a certificate, an MSCA shall send the following data to the ERCA:] U.K.

• The Certificate Profile Identifier of the requested certificate

• The Certificate Authority Reference expected to be used for signing the certificate.

• The Public Key to be signed

CSM_152In addition to the data in CSM_151, an MSCA shall send the following data in a certificate request to the ERCA, allowing the ERCA to create the Certificate Holder Reference of the new MSCA certificate:U.K.

• The numerical nation code of the Certification Authority (data type defined in Appendix 1)

• The alphanumerical nation code of the Certification Authority (data type defined in Appendix 1)

• The 1-byte serial number to distinguish the different keys of the Certification Authority in the case keys are changed

• The two-byte field containing Certification Authority specific additional info

[F1CSM_153 An equipment manufacturer shall send the following data in a certificate request to an MSCA, allowing the MSCA to create the Certificate Holder Reference of the new equipment certificate: U.K.

• If known (see CSM_154), a serial number for the equipment, unique for the manufacturer, the equipment's type and the month of manufacturing. Otherwise, a unique certificate request identifier.

• The month and the year of equipment manufacturing or of the certificate request.

The manufacturer shall ensure that this data is correct and that the certificate returned by the MSCA is inserted in the intended equipment.]

CSM_154In the case of a VU, the manufacturer, when requesting a certificate, may or may not know the manufacturer-specific serial number of the VU for which that certificate and the associated private key is intended. If known, the VU manufacturer shall send the serial number to the MSCA. If not known, the manufacturer shall uniquely identify each certificate request and send this certificate request serial number to the MSCA. The resulting certificate will then contain the certificate request serial number. After inserting the certificate in a specific VU, the manufacturer shall communicate the connection between the certificate request serial number and the VU identification to the MSCA.U.K.

10.VU- CARD MUTUAL AUTHENTICATION AND SECURE MESSAGINGU.K.

10.1. General U.K.

CSM_155On a high level, secure communication between a vehicle unit and a tachograph card shall be based on the following steps:U.K.

• First, each party shall demonstrate to the other that it owns a valid public key certificate, signed by a Member State Certificate Authority. In turn, the MSCA public key certificate must be signed by the European root certificate authority. This step is called certificate chain verification and is specified in detail in section 10.2

• Second, the vehicle unit shall demonstrate to the card that it is in possession of the private key corresponding to the public key in the presented certificate. It does so by signing a random number sent by the card. The card verifies the signature over the random number. If this verification is successful, the VU is authenticated. This step is called VU Authentication and is specified in detail in section 10.3.

• Third, both parties independently calculate two AES session keys using an asymmetric key agreement algorithm. Using one of these session keys, the card creates a message authentication code (MAC) over some data sent by the VU. The VU verifies the MAC. If this verification is successful, the card is authenticated. This step is called Card Authentication and is specified in detail in section 10.4.

• Fourth, the VU and the card shall use the agreed session keys to ensure the confidentiality, integrity and authenticity of all exchanged messages. This is called Secure Messaging and is specified in detail in section 10.5.

CSM_156The mechanism described in CSM_155 shall be triggered by the vehicle unit whenever a card is inserted into one of its card slots.U.K.

10.2. Mutual Certificate Chain Verification U.K.

10.2.1 Card Certificate Chain Verification by VU U.K.

CSM_157 [F1Vehicle units shall use the protocol depicted in Figure 4 for verifying a tachograph card’s certificate chain. For every certificate it reads from the card, the VU shall verify that the Certificate Holder Authorisation (CHA) field is correct: U.K.

• The CHA field of the Card certificate shall indicate a card certificate for mutual authentication (see Appendix 1, data type EquipmentType).

• The CHA of the Card.CA certificate shall indicate an MSCA.

• The CHA of the Card.Link certificate shall indicate the ERCA.]

Notes to Figure 4: U.K.

—The Card certificates and public keys mentioned in the figure are those for mutual authentication. Section 9.1.5 denotes these as Card_MA.U.K.

—The Card.CA certificates and public keys mentioned in the figure are those for signing card certificates and it is indicated in the CAR of the Card certificate. Section 9.1.3 denotes these as MSCA_Card.U.K.

—The Card.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the Card.CA certificate.U.K.

—The Card.Link certificate mentioned in the figure is the card's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The Card.Link.EUR certificate is the European root certificate that is indicated in the CAR of the Card.Link certificate.U.K.

CSM_158As depicted in Figure 4, verification of the card's certificate chain shall begin upon card insertion. The vehicle unit shall read the card holder reference () from EF ICC. The VU shall check if it knows the card, i.e., if it has successfully verified the card's certificate chain in the past and stored it for future reference. If it does, and the card certificate is still valid, the process continues with the verification of the VU certificate chain. Otherwise, the VU shall successively read from the card the MSCA_Card certificate to be used for verifying the card certificate, the Card.CA. EUR certificate to be used for verifying the MSCA_Card certificate, and possibly the link certificate, until it finds a certificate it knows or it can verify. If such a certificate is found, the VU shall use that certificate to verify the underlying card certificates it has read from the card. If successful, the process continues with the verification of the VU certificate chain. If not successful, the VU shall ignore the card.U.K.

Note: There are three ways in which the VU may know the Card.CA.EUR certificate:U.K.

• the Card.CA.EUR certificate is the same certificate as the VU's own EUR certificate;

• the Card.CA.EUR certificate precedes the VU's own EUR certificate and the VU contained this certificate already at issuance (see CSM_81);

• the Card.CA.EUR certificate succeeds the VU's own EUR certificate and the VU received a link certificate in the past from another tachograph card, verified it and stored it for future reference.

CSM_159As indicated in Figure 4, once the VU has verified the authenticity and validity of a previously unknown certificate, it may store this certificate for future reference, such that it does not need to verify that certificate's authenticity again if it is presented to the VU again. Instead of storing the entire certificate, a VU may choose to store only the contents of the Certificate Body, as specified in section 9.3.2. [F2Whereas storing of all other types of certificate is optional, it is mandatory for a VU to store a new link certificate presented by a card.] U.K.

CSM_160The VU shall verify the temporal validity of any certificate read from the card or stored in its memory, and shall reject expired certificates. For verifying the temporal validity of a certificate presented by the card a VU shall use its internal clock.U.K.

10.2.2 VU Certificate Chain Verification by Card U.K.

CSM_161 [F1Tachograph cards shall use the protocol depicted in Figure 5 for verifying a VU's certificate chain. For every certificate presented by the VU, the card shall verify that the Certificate Holder Authorisation (CHA) field is correct: U.K.

• The CHA of the VU.Link certificate shall indicate the ERCA.

• The CHA of the VU.CA certificate shall indicate an MSCA.

• The CHA field of the VU certificate shall indicate a VU certificate for mutual authentication (see Appendix 1, data type EquipmentType).]

Notes to Figure 5: U.K.

—The VU certificates and public keys mentioned in the figure are those for mutual authentication. Section 9.1.4 denotes these as VU_MA.U.K.

—The VU.CA certificates and public keys mentioned in the figure are those for signing VU and external GNSS facility certificates. Section 9.1.3 denotes these as MSCA_VU-EGF.U.K.

—The VU.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the VU.CA certificate.U.K.

—The VU.Link certificate mentioned in the figure is the VU's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The VU.Link.EUR certificate is the European root certificate that is indicated in the CAR of the VU.Link certificate.U.K.

CSM_162As depicted in Figure 5, verification of the certificate chain of the vehicle unit shall begin with the vehicle unit attempting to set its own public key for use in the tachograph card. If this succeeds, it means that the card successfully verified the VU's certificate chain in the past, and has stored the VU certificate for future reference. In this case, the VU certificate is set for use and the process continues with VU Authentication. If the card does not know the VU certificate, the VU shall successively present the VU.CA certificate to be used for verifying its VU certificate, the VU.CA.EUR certificate to be used for verifying the VU.CA certificate, and possibly the link certificate, in order to find a certificate known or verifiable by the card. If such a certificate is found, the card shall use that certificate to verify the underlying VU certificates presented to it. If successful, the VU shall finally set its public key for use in the tachograph card. If not successful, the VU shall ignore the card.U.K.

Note: There are three ways in which the card may know the VU.CA.EUR certificate: U.K.

—the VU.CA.EUR certificate is the same certificate as the card's own EUR certificate;U.K.

—the VU.CA.EUR certificate precedes the card's own EUR certificate and the card contained this certificate already at issuance (see CSM_91);U.K.

—the VU.CA.EUR certificate succeeds the card's own EUR certificate and the card received a link certificate in the past from another vehicle unit, verified it and stored it for future reference.U.K.

CSM_163The VU shall use the MSE: Set AT command to set its public key for use in the tachograph card. As specified in Appendix 2, this command contains an indication of the cryptographic mechanism that will be used with the key that is set. This mechanism shall be ‘VU Authentication using the ECDSA algorithm, in combination with the hashing algorithm linked to the key size of the VU's VU_MA key pair, as specified in CSM_50’.U.K.

CSM_164The MSE: Set AT command also contains an indication of the ephemeral key pair which the VU will use during session key agreement (see section 10.4). Therefore, before sending the MSE: Set AT command, the VU shall generate an ephemeral ECC key pair. For generating the ephemeral key pair, the VU shall use the standardized domain parameters indicated in the card certificate. The ephemeral key pair is denoted as (VU.SK_eph, VU.PK_eph, Card.DP). The VU shall take the x-coordinate of the ECDH ephemeral public point as the key identification; this is called the compressed representation of the public key and denoted as Comp(VU.PK_eph).U.K.

[F1CSM_165 If the MSE: Set AT command is successful, the card shall set the indicated VU.PK for subsequent use during Vehicle Authentication, and shall temporarily store Comp(VU.PKeph). In case two or more successful MSE: Set AT commands are sent before session key agreement is performed, the card shall store only the last Comp(VU.PKeph) received. The card shall reset Comp(VU.PKeph) after a successful GENERAL AUTHENTICATE command.] U.K.

CSM_166The card shall verify the temporal validity of any certificate presented by the VU or referenced by the VU while stored in the card's memory, and shall reject expired certificates.U.K.

CSM_167For verifying the temporal validity of a certificate presented by the VU, each tachograph card shall internally store some data representing the current time. This data shall not be directly updatable by a VU. At issuance, the current time of a card shall be set equal to the Effective Date of the card's Card_MA certificate. A card shall update its current time if the Effective Date of an authentic ‘valid source of time’ certificate presented by a VU is more recent than the card's current time. In that case, the card shall set its current time to the Effective Date of that certificate. The card shall accept only the following certificates as a valid source of time:U.K.

• Second-generation ERCA link certificates

• Second-generation MSCA certificates

• Second-generation VU certificates issued by the same country as the card's own card certificate(s).

Note: the last requirement implies that a card shall be able to recognize the CAR of the VU certificate, i.e. the MSCA_VU-EGF certificate. This will not be the same as the CAR of its own certificate, which is the MSCA_Card certificate.U.K.

CSM_168As indicated in Figure 5, once the card has verified the authenticity and validity of a previously unknown certificate, it may store this certificate for future reference, such that it does not need to verify that certificate's authenticity again if it is presented to the card again. Instead xof storing the entire certificate, a card may choose to store only the contents of the Certificate Body, as specified in section 9.3.2.U.K.

10.3. VU Authentication U.K.

CSM_169Vehicle units and cards shall use the VU Authentication protocol depicted in Figure 6 to authenticate the VU towards the card. VU Authentication enables the tachograph card to explicitly verify that the VU is authentic. To do so, the VU shall use its private key to sign a challenge generated by the card.U.K.

CSM_170 [F1Next to the card challenge, the VU shall include in the signature the certificate holder reference taken from the card certificate.] U.K.

Note: This ensures that the card to which the VU authenticates itself is the same card whose certificate chain the VU has verified previously.U.K.

CSM_171The VU shall also include in the signature the identifier of the ephemeral public key Comp(VU.PK_eph) which the VU will use to set up Secure Messaging during the Chip Authentication process specified in section 10.4.U.K.

Note: This ensures that the VU with which a card communicates during a Secure Messaging session is the same VU that was authenticated by the card.U.K.

[F1Figure 6 VU Authentication protocol U.K.

]

CSM_172If multiple GET CHALLENGE commands are sent by the VU during VU Authentication, the card shall return a new 8-byte random challenge each time, but shall store only the last challenge.U.K.

CSM_173The signing algorithm used by the VU for VU Authentication shall be ECDSA as specified in [DSS], using the hashing algorithm linked to the key size of the VU's VU_MA key pair, as specified in CSM_50. The signature format shall be plain, as specified in [TR-03111]. The VU shall send the resulting signature to the card.U.K.

[F1CSM_174 Upon receiving the VU’s signature in an EXTERNAL AUTHENTICATE command, the card shall U.K.

• Calculate the authentication token by concatenating Card.CHR, the card challenge rcard and the identifier of the VU ephemeral public key Comp(VU.PKeph),

• Verify the VU’s signature using the ECDSA algorithm, using the hashing algorithm linked to the key size of the VU’s VU_MA key pair as specified in CSM_50, in combination with VU.PK and the calculated authentication token.]

10.4. Chip Authentication and Session Key Agreement U.K.

CSM_175Vehicle units and cards shall use the Chip Authentication protocol depicted in Figure 7 to authenticate the card towards the VU. Chip Authentication enables the vehicle unit to explicitly verify that the card is authentic.U.K.

CSM_176The VU and the card shall take the following steps:U.K.

CSM_177In step 3 above, the card shall compute Comp(VU.PKeph) as the x-coordinate of the public point in VU.PKeph.U.K.

CSM_178In steps 4 and 7 above, the card and the vehicle unit shall use the ECKA-EG algorithm as defined in [TR-03111].U.K.

CSM_179In steps 5 and 8 above, the card and the vehicle unit shall use the key derivation function for AES session keys defined in [TR-03111], with the following precisions and changes:U.K.

• The value of the counter shall be ‘00 00 00 01’ for K_ENC and ‘00 00 00 02’ for K_MAC.

• The optional nonce r shall be used and shall be equal to N_PICC.

• For deriving 128-bits AES keys, the hashing algorithm to be used shall be SHA-256.

• For deriving 192-bits AES keys, the hashing algorithm to be used shall be SHA-384.

• For deriving 256-bits AES keys, the hashing algorithm to be used shall be SHA-512.

The length of the session keys (i.e. the length at which the hash is truncated) shall be linked to the size of the Card_MA key pair, as specified in CSM_50.

CSM_180In steps 6 and 9 above, the card and the vehicle unit shall use the AES algorithm in CMAC mode, as specified in [SP 800-38B]. The length of T_PICC shall be linked to the length of the AES session keys, as specified in CSM_50.U.K.

10.5. Secure Messaging U.K.

10.5.1 General U.K.

CSM_181All commands and responses exchanged between a vehicle unit and a tachograph card after successful Chip Authentication took place and until the end of the session shall be protected by Secure Messaging.U.K.

CSM_182Except when reading from a file with access condition SM-R-ENC-MAC-G2 (see Appendix 2, section 4), Secure Messaging shall be used in authentication-only mode. In this mode, a cryptographic checksum (a.k.a. MAC) is added to all commands and responses to ensure message authenticity and integrity.U.K.

CSM_183When reading data from a file with access condition SM-R-ENC-MAC-G2, Secure Messaging shall be used in encrypt-then-authenticate mode, i.e. the response data is encrypted first to ensure message confidentiality, and afterwards a MAC over the formatted encrypted data is calculated to ensure authenticity and integrity.U.K.

CSM_184Secure Messaging shall use AES as defined in [AES] with the session keys K_MAC and K_ENC that were agreed during Chip Authentication.U.K.

CSM_185An unsigned integer shall be used as the Send Sequence Counter (SSC) to prevent replay attacks. The size of the SSC shall be equal to the AES block size, i.e. 128 bits. The SSC shall be in MSB-first format. The Send Sequence Counter shall be initialized to zero (i.e. ‘00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00’) when Secure Messaging is started. The SSC shall be increased every time before a command or response APDU is generated, i.e. since the starting value of the SSC in a SM session is 0, in the first command the value of the SSC will be 1. The value of SSC for the first response will be 2.U.K.

CSM_186For message encryption, K_ENC shall be used with AES in the Cipher Block Chaining (CBC) mode of operation, as defined in [ISO 10116], with an interleave parameter m = 1 and an initialization vector SV = E(K_ENC, SSC), i.e. the current value of the Send Sequence Counter encrypted with K_ENC.U.K.

CSM_187For message authentication, K_MAC shall be used with AES in CMAC mode as specified in [SP 800-38B]. The length of the MAC shall be linked to the length of the AES session keys, as specified in CSM_50. The Send Sequence Counter shall be included in the MAC by prepending it before the datagram to be authenticated.U.K.

10.5.2 Secure Message Structure U.K.

CSM_188Secure Messaging shall make use only of the Secure Messaging data objects (see [ISO 7816-4]) listed in Table 5. In any message, these data objects shall be used in the order specified in this table.U.K.

Note: As specified in Appendix 2, tachograph cards may support the READ BINARY and UPDATE BINARY command with an odd INS byte (‘B1’ resp. ‘D7’). These command variants are required to read and update files with more than 32 768 bytes or more. In case such a variant is used, a data object with tag ‘B3’ shall be used instead of an object with tag ‘81’. See Appendix 2 for more information.U.K.

CSM_189All SM data objects shall be encoded in DER TLV as specified in [ISO 8825-1]. This encoding results in a Tag-Length-Value (TLV) structure as follows:U.K.

CSM_190APDUs protected by Secure Messaging shall be created as follows:U.K.

• The command header shall be included in the MAC calculation, therefore value ‘0C’shall be used for the class byte CLA.

• As specified in Appendix 2, all INS bytes shall be even, with the possible exception of odd INS bytes for the READ BINARY and UPDATE BINARY commands.

• The actual value of Lc will be modified to Lc' after application of secure messaging.

• The Data field shall consist of SM data objects.

• In the protected command APDU the new Le byte shall be set to ‘00’. If required, a data object ‘97’ shall be included in the Data field in order to convey the original value of Le.

[F1CSM_191 Any data object to be encrypted shall be padded according to [ISO 7816-4] using padding-content indicator ‘01’. For the calculation of the MAC, data objects in the APDU shall be padded according to [ISO 7816-4]. U.K.

Note: Padding for Secure Messaging is always performed by the secure messaging layer, not by the CMAC or CBC algorithms. U.K.

Summary and Examples U.K.

A command APDU with applied Secure Messaging will have the following structure, depending on the case of the respective unsecured command (DO is data object):

where Le = ‘ 00’ or ‘00 00 ’ depending on whether short length fields or extended length fields are used; see [ISO 7816-4].

A response APDU with applied Secure Messaging will have the following structure, depending on the case of the respective unsecured response:

Note: Case 2 or 4 (odd INS byte) with encryption is never used in the communication between a VU and a card. U.K.

Below are three example APDU transformations for commands with even INS code. Figure 8 shows an authenticated Case 4 command APDU, Figure 9 shows an authenticated Case 1/Case 3 response APDU, and Figure 10 shows an encrypted and authenticated Case 2/Case 4 response APDU.

Figure 10 Transformation of an encrypted and authenticated Case 2/Case 4 Response APDU U.K.

]

10.5.3 Secure Messaging Session Abortion U.K.

CSM_192A vehicle unit shall abort an ongoing Secure Messaging session if and only if one of the following conditions occur:U.K.

• it receives a plain response APDU,

• it detects a Secure Messaging error in a response APDU:

  • An expected Secure Messaging data object is missing, the order of data objects is incorrect, or an unknown data object is included.

  • A Secure Messaging data object is incorrect, e.g. the MAC value is incorrect, the TLV structure is incorrect or the padding indicator in tag ‘87’ is not equal to ‘01’.

• the card sends a status byte indicating it detected an SM error (see CSM_194),

• the limit for the number of commands and associated responses within the current session is reached. For a given VU, this limit shall be defined by its manufacturer, taking into account the security requirements of the hardware used, with a maximum value of 240 SM commands and associated responses per session.

[F1CSM_193 A tachograph card shall abort an ongoing Secure Messaging session if and only if one of the following conditions occur: U.K.

• it receives a plain command APDU,

• it detects a Secure Messaging error in a command APDU:

  • An expected Secure Messaging data object is missing, the order of data objects is incorrect, or an unknown data object is included.

  • A Secure Messaging data object is incorrect, e.g. the MAC value is incorrect or the TLV structure is incorrect.

• it is depowered or reset,

• the VU starts the VU Authentication process,

• the limit for the number of commands and associated responses within the current session is reached. For a given card, this limit shall be defined by its manufacturer, taking into account the security requirements of the hardware used, with a maximum value of 240 SM commands and associated responses per session.]

CSM_194Regarding SM error handling by a tachograph card:U.K.

• If in a command APDU some expected Secure Messaging data objects are missing, the order of data objects is incorrect or unknown data objects are included, a tachograph card shall respond with status bytes ‘69 87’.

• If a Secure Messaging data object in a command APDU is incorrect, a tachograph card shall respond with status bytes ‘69 88’.

In such a case, the status bytes shall be returned without using SM.

CSM_195If a Secure Messaging session between a VU and a tachograph card is aborted, the VU and the tachograph card shallU.K.

• securely destroy the stored session keys

• immediately establish a new Secure Messaging session, as described in sections 10.2 — 10.5.

CSM_196If for any reason the VU decides to restart mutual authentication towards an inserted card, the process shall restart with verification of the card certificate chain, as described in section 10.2, and shall continue as described in sections 10.2 — 10.5.U.K.

11.VU — EXTERNAL GNSS FACILITY COUPLING, MUTUAL AUTHENTICATION AND SECURE MESSAGINGU.K.

11.1. General U.K.

CSM_197The GNSS facility used by a VU to determine its position may be internal, (i.e. built into the VU casing and not detachable), or it may be an external module. In the first case, there is no need to standardize the internal communication between the GNSS facility and the VU, and the requirements in this chapter do not apply. In the latter case, communication between the VU and the external GNSS facility shall be standardized and protected as described in this chapter.U.K.

CSM_198Secure communication between a vehicle unit and an external GNSS facility shall take place in the same way as secure communication between a vehicle unit and a tachograph card, with the external GNSS facility (EGF) taking the role of the card. All requirements mentioned in chapter 10 for tachograph cards shall be satisfied by an EGF, taking into account the deviations, clarifications and additions mentioned in this chapter. In particular, mutual certificate chain verification, VU Authentication and Chip Authentication shall be performed as described in sections 11.3 and 11.4.U.K.

CSM_199Communication between a vehicle unit and an EGF differs from communication between a vehicle unit and a card in the fact that a vehicle unit and an EGF must be coupled once in a workshop before the VU and the EGF can exchange GNSS-based data during normal operation. The coupling process is described in section 11.2.U.K.

CSM_200For communication between a vehicle unit and an EGF, APDU commands and responses based on [ISO 7816-4] and [ISO 7816-8] shall be used. The exact structure of these APDUs is defined in Appendix 2 of this Annex.U.K.

11.2. VU and External GNSS Facility Coupling U.K.

CSM_201A vehicle unit and an EGF in a vehicle shall be coupled by a workshop. Only a coupled vehicle unit and EGF shall be able to communicate during normal operation.U.K.

CSM_202Coupling of a vehicle unit and an EGF shall only be possible if the vehicle unit is in calibration mode. The coupling shall be initiated by the vehicle unit.U.K.

CSM_203A workshop may re-couple a vehicle unit to another EGF or to the same EGF at any time. During re-coupling, the VU shall securely destroy the existing EGF_MA certificate in its memory and shall store the EGF_MA certificate of the EGF to which it is being coupled.U.K.

CSM_204A workshop may re-couple an external GNSS facility to another VU or to the same VU at any time. During re-coupling, the EGF shall securely destroy the existing VU_MA certificate in its memory and shall store the VU_MA certificate of the VU to which it is being coupled.U.K.

11.3. Mutual Certificate Chain Verification U.K.

11.3.1 General U.K.

CSM_205Mutual certificate chain verification between a VU and an EGF shall take place only during the coupling of the VU and the EGF by a workshop. During normal operation of a coupled VU and EGF, no certificates shall be verified. Instead, the VU and EGF shall trust the certificates they stored during the coupling, after checking the temporal validity of these certificates. The VU and the EGF shall not trust any other certificates for protecting the VU — EGF communication during normal operation.U.K.

11.3.2 During VU — EGF Coupling U.K.

CSM_206During the coupling to an EGF, a vehicle unit shall use the protocol depicted in Figure 4 (section 10.2.1) for verifying the external GNSS facility's certificate chain.U.K.

Notes to Figure 4 within this context: U.K.

—Communication control is out of the scope of this Appendix. However, an EGF is not a smart card and hence the VU will probably not send a Reset to initiate the communication and will not receive an ATR.U.K.

—The Card certificates and public keys mentioned in the figure shall be interpreted as the EGF's certificates and public keys for mutual authentication. Section 9.1.6 denotes these as EGF_MA.U.K.

—The Card.CA certificates and public keys mentioned in the figure shall be interpreted as the MSCA's certificates and public keys for signing EGF certificates. Section 9.1.3 denotes these as MSCA_VU-EGF.U.K.

—The Card.CA.EUR certificate mentioned in the figure shall be interpreted as the European root certificate that is indicated in the CAR of the MSCA_VU-EGF certificate.U.K.

—The Card.Link certificate mentioned in the figure shall be interpreted as the EGF's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The Card.Link.EUR certificate is the European root certificate that is indicated in the CAR of the Card.Link certificate.U.K.

—Instead of the , the VU shall read the from EF ICC.U.K.

—Instead of selecting the Tachograph AID, the VU shall select the EGF AID.U.K.

—‘Ignore Card’ shall be interpreted as ‘Ignore EGF’.U.K.

CSM_207Once it has verified the EGF_MA certificate, the vehicle unit shall store this certificate for use during normal operation; see section 11.3.3.U.K.

CSM_208 [F1During the coupling to a VU, an external GNSS facility shall use the protocol depicted in Figure 5 (section 10.2.2) for verifying the VU's certificate chain.] U.K.

Notes to Figure 5 within this context: U.K.

—The VU shall generate a fresh ephemeral key pair using the domain parameters in the EGF certificate.U.K.

—The VU certificates and public keys mentioned in the figure are those for mutual authentication. Section 9.1.4 denotes these as VU_MA.U.K.

—The VU.CA certificates and public keys mentioned in the figure are those for signing VU and external GNSS facility certificates. Section 9.1.3 denotes these as MSCA_VU-EGF.U.K.

—The VU.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the VU.CA certificate.U.K.

—The VU.Link certificate mentioned in the figure is the VU's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.U.K.

—The VU.Link.EUR certificate is the European root certificate that is indicated in the CAR of the VU.Link certificate.U.K.

CSM_209In deviation from requirement CSM_167, an EGF shall use the GNSS time to verify the temporal validity of any certificate presented.U.K.

[F1CSM_210 Once it has verified the VU_MA certificate, the external GNSS facility shall store this certificate for use during normal operation; see section 11.3.3.] U.K.

11.3.3 During Normal Operation U.K.

CSM_211 [F1During normal operation, a vehicle unit and an EGF shall use the protocol depicted in Figure 11 for verifying the temporal validity of the stored EGF_MA certificate and for setting the VU_MA public key for subsequent VU Authentication. No further mutual verification of the certificate chains shall take place during normal operation.] U.K.

Note that Figure 11 in essence consists of the first steps shown in Figure 4 and Figure 5. Again, note that since an EGF is not a smart card, the VU will probably not send a Reset to initiate the communication and will not receive an ATR. In any case this is out of the scope of this Appendix.U.K.

CSM_212As shown in Figure 11, the vehicle unit shall log an error if the EGF_MA certificate is no longer valid. However, mutual authentication, key agreement and subsequent communication via secure messaging shall proceed normally.U.K.

11.4. VU Authentication, Chip Authentication and Session Key Agreement U.K.

CSM_213VU Authentication, Chip Authentication and session key agreement between a VU and an EGF shall take place during coupling and whenever a Secure Messaging session is re-established during normal operation. The VU and the EGF shall carry out the processes described in sections 10.3 and 10.4. All requirements in these sections shall apply.U.K.

11.5. Secure Messaging U.K.

CSM_214All commands and responses exchanged between a vehicle unit and an external GNSS facility after successful Chip Authentication took place and until the end of the session shall be protected by Secure Messaging.in authentication-only mode. All requirements in section 10.5 shall apply.U.K.

CSM_215If a Secure Messaging session between a VU and an EGF is aborted, the VU shall immediately establish a new Secure Messaging session, as described in section 11.3.3 and 11.4.U.K.

12.VU — MOTION SENSOR PAIRING AND COMMUNICATIONU.K.

12.1. General U.K.

CSM_216A vehicle unit and a motion sensor shall communicate using the interface protocol specified in [ISO 16844-3] during pairing and in normal operation, with the changes described in this chapter and in section 9.2.1.U.K.

Note: readers of this chapter are supposed to be familiar with the contents of [ISO 16844-3].U.K.

12.2. VU — Motion Sensor Pairing Using Different Key Generations U.K.

As explained in section 9.2.1, the motion sensor master key and all associated keys are regularly replaced. This leads to the presence of up to three motion sensor-related AES keys K_M-WC (of consecutive key generations) in workshop cards. Similarly, in motion sensors up to three different AES-based encryptions of data (based on consecutive generations of the motion sensor master key K_M) may be present. A vehicle unit contains only one motion sensor-related key K_M-VU.

CSM_217A second-generation VU and a second-generation motion sensor shall be paired as follows (compare Table 6 in [ISO 16844-3]):U.K.

Note that steps 2 and 5 are different from the standard process in [ISO 16844-3]; the other steps are standard.U.K.

Example: Suppose a pairing takes place in the first year of the validity of the ERCA (3) certificate; see Figure 2 in section 9.2.1.2. Moreover

• Suppose the motion sensor was issued in the last year of the validity of the ERCA (1) certificate. It will therefore contain the following keys and data:

  • N_s[1]: its serial number encrypted with generation 1 of K_ID,

  • N_s[2]: its serial number encrypted with generation 2 of K_ID,

  • N_s[3]: its serial number encrypted with generation 3 of K_ID,

  • K_P[1]: its generation-1 pairing key(1), encrypted with generation 1 of K_M,

  • K_P[2]: its generation-2 pairing key, encrypted with generation 2 of K_M,

  • K_P[3]: its generation-3 pairing key, encrypted with generation 3 of K_M,

• Suppose that the workshop card was issued in the first year of the validity of the ERCA (3) certificate. It will therefore contain the generation 2 and generation 3 of the K_M-WC key.

• Suppose the VU is a generation-2 VU, containing the generation 2 of K_M-VU.

In this case, the following will happen in steps 2 — 5:

• Step 2: The VU reads generation 2 and generation 3 of K_M-WC from the workshop card and inspects their version numbers.

• Step 3: The VU combines the generation-2 K_M-WC with its K_M-VU to compute K_M and K_ID.

• Step 4: The VU encrypts the serial number it receives from the motion sensor with K_ID.

• Step 5: The motion sensor compares the received data with N_s[1] and doesn't find a match. Next, it compares the data with N_s[2] and finds a match. It concludes that the VU is a generation-2 VU, and therefore sends back K_P[2].

12.3. VU — Motion Sensor Pairing and Communication using AES U.K.

CSM_218As specified in Table 3 in section 9.2.1, all keys involved in the pairing of a (second-generation) vehicle unit and a motion sensor and in subsequent communication shall be AES keys, rather than double-length TDES keys as specified in [ISO 16844-3]. These AES keys may have a length of 128, 192 or 256 bits. Since the AES block size is 16 bytes, the length of an encrypted message must be a multiple of 16 bytes, compared to 8 bytes for TDES. Moreover, some of these messages will be used to transport AES keys, the length of which may be 128, 192 or 256 bits. Therefore, the number of data bytes per instruction in Table 5 of [ISO 16844-3] shall be changed as shown in Table 6:U.K.

CSM_219The pairing information that is sent in instructions 43 (VU request) and 50 (MoS reply) shall be assembled as specified in section 7.6.10 of [ISO 16844-3], except that the AES algorithm shall be used instead of the TDES algorithm in the pairing data encryption scheme, thus resulting in two AES encryptions, and adopting the padding specified in CSM_220 to fit with the AES block size. The key K'_p used for this encryption shall be generated as follows:U.K.

• In case the pairing key K_P is 16 bytes long: K'_p = K_P XOR (N_s||N_s)

• In case the pairing key K_P is 24 bytes long: K'_p = K_P XOR (N_s||N_s||N_s)

• In case the pairing key K_P is 32 bytes long: K'_p = K_P XOR (N_s||N_s||N_s||N_s)

where N_s is the 8-byte serial number of the motion sensor.

CSM_220In case the plaintext data length (using AES keys) is not a multiple of 16 bytes, padding method 2 defined in [ISO 9797-1] shall be used.U.K.

Note: in [ISO 16844-3], the number of plaintext data bytes is always a multiple of 8, such that padding is not necessary when using TDES. The definition of data and messages in [ISO 16844-3] is not changed by this part of this Appendix, thus necessitating the application of padding.U.K.

CSM_221For instruction 11 and in case more than one block of data must be encrypted, the Cipher Block Chaining mode of operation shall be used as defined in [ISO 10116], with an interleave parameter m = 1. The IV to be used shall beU.K.

• For instruction 11: the 8-byte authentication block specified in section 7.6.3.3 of [ISO 16844-3], padded using padding method 2 defined in [ISO 9797-1]; see also section 7.6.5 and 7.6.6 of [ISO 16844-3].

• For all other instructions in which more than 16 bytes are transferred, as specified in Table 6: ‘00’ {16}, i.e. sixteen bytes with binary value 0.

Note: As shown in section 7.6.5 and 7.6.6 of [ISO 16844-3], when the MoS encrypts data files for inclusion in instruction 11, the authentication block is bothU.K.

• Used as the initialization vector for the CBC-mode encryption of the data files

• Encrypted and included as the first block in the data that is sent to the VU.

12.4. VU — Motion Sensor Pairing For Different Equipment Generations U.K.

CSM_222As explained in section 9.2.1, a second-generation motion sensor may contain the TDES-based encryption of the pairing data (as defined in Part A of this Appendix), which allows the motion sensor to be paired to a first-generation VU. If this is the case, a first-generation VU and a second-generation motion sensor shall be paired as described in Part A of this Appendix and in [ISO 16844-3]. For the pairing process either a first-generation or a second-generation workshop card may be used.U.K.

Notes: U.K.

—It is not possible to pair a second-generation VU to a first-generation motion sensor.U.K.

—It is not possible to use a first-generation workshop card for coupling a second-generation VU to a motion sensor.U.K.

13.SECURITY FOR REMOTE COMMUNICATION OVER DSRCU.K.

13.1. General U.K.

As specified in Appendix 14, a VU regularly generates Remote Tachograph Monitoring (RTM) data and sends this data to the (internal or external) Remote Communication Facility (RCF). The remote communication facility is responsible for sending this data over the DSRC interface described in Appendix 14 to the remote interrogator. Appendix 1 specifies that the RTM data is the concatenation of:

The plaintext tachograph payload data format is specified in Appendix 1 and further described in Appendix 14. This section describes the structure of the DSRC security data; the formal specification is in Appendix 1.

CSM_223The plaintext data communicated by a VU to a Remote Communication Facility (if the RCF is external to the VU) or from the VU to a remote interrogator over the DSRC interface (if the RCF is internal in the VU) shall be protected in encrypt-then-authenticate mode, i.e. the tachograph payload data is encrypted first to ensure message confidentiality, and afterwards a MAC is calculated to ensure data authenticity and integrity.U.K.

CSM_224The DSRC security data shall consist of the concatenation of the following data elements in the following order; see also Figure 12:U.K.

CSM_225The 3-byte counter in the DSRC security data shall be in MSB-first format. The first time a VU calculates a set of RTM data after it is taken into production, it shall set the value of the counter to 0. The VU shall increase the value of the counter data by 1, each time before it calculates a next set of RTM data.U.K.

13.2. Tachograph Payload Encryption and MAC Generation U.K.

CSM_226Given a plaintext data element with data type as described in Appendix 14, a VU shall encrypt this data as shown in Figure 12: the VU's DSRC key for encryption K_VU_DSRC_ENC (see section 9.2.2) shall be used with AES in the Cipher Block Chaining (CBC) mode of operation, as defined in [ISO 10116], with an interleave parameter m = 1. The initialization vector shall be equal to IV = current date time || ‘00 00 00 00 00 00 00 00 00’ || counter, where current date time and counter are specified in CSM_224. The data to be encrypted shall be padded using method 2 defined in [ISO 9797-1].U.K.

CSM_227A VU shall calculate the MAC in the DSRC security data as shown in Figure 12: the MAC shall be calculated over all preceding bytes in the RTM data, up to and including the DSRC master key version number, and including the tags and lengths of the data objects. The VU shall use its DSRC key for authenticity K_VU_DSRC_MAC (see section 9.2.2) with the AES algorithm in CMAC mode as specified in [SP 800-38B]. The length of the MAC shall be linked to the length of the VU-specific DSRC keys, as specified in CSM_50.U.K.

13.3. Verification and Decryption of Tachograph Payload U.K.

CSM_228When a remote interrogator receives RTM data from a VU, it shall send the entire RTM data to a control card in the data field of a PROCESS DSRC MESSAGE command, as described in Appendix 2. Then:U.K.

CSM_229In order to prevent replay attacks, the remote interrogator shall verify the freshness of the RTM data by verifying that the current date time in the DSRC security data does not deviate too much from the current time of the remote interrogator.U.K.

Notes: U.K.

—This requires the remote interrogator to have an accurate and reliable source of time.U.K.

—Since Appendix 14 requires a VU to calculate a new set of RTM data every 60 seconds, and the clock of the VU is allowed to deviate 1 minute from the real time, a lower limit for the freshness of the RTM data is 2 minutes. The actual freshness to be required also depends on the accuracy of the clock of the remote interrogator.U.K.

CSM_230When a workshop verifies the correct functioning of the DSRC functionality of a VU, it shall send the entire RTM data received from the VU to a workshop card in the data field of a PROCESS DSRC MESSAGE command, as described in Appendix 2. The workshop card shall perform all checks and actions specified in CSM_228.U.K.

14.SIGNING DATA DOWNLOADS AND VERIFYING SIGNATURESU.K.

14.1. General U.K.

CSM_231The Intelligent Dedicated Equipment (IDE) shall store data received from a VU or a card during one download session within one physical data file. Data may be stored on an ESM (external storage medium). This file contains digital signatures over data blocks, as specified in Appendix 7. This file shall also contain the following certificates (refer to section 9.1):U.K.

• In case of a VU download:

  • The VU_Sign certificate

  • The MSCA_VU-EGF certificate containing the public key to be used for verification of the VU_Sign certificate

• In case of a Card download:

  • The Card_Sign certificate

  • The MSCA_Card certificate containing the public key to be used for verification of the Card_Sign certificate

CSM_232The IDE shall also dispose of.U.K.

• In case it uses a control card to verify the signature, as shown in Figure 13: The link certificate linking the latest EUR certificate to the EUR certificate whose validity period directly precedes it, if existing.

• In case it verifies the signature itself: all valid European root certificates.

Note: the method the IDE uses to retrieve these certificates is not specified in this Appendix.U.K.

14.2. Signature generation U.K.

CSM_233The signing algorithm to create digital signatures over downloaded data shall be ECDSA as specified in [DSS], using the hashing algorithm linked to the key size of the VU or the card, as specified in CSM_50. The signature format shall be plain, as specified in [TR-03111].U.K.

14.3. Signature verification U.K.

CSM_234 [F1An IDE may perform verification of a signature over downloaded data itself or it may use a control card for this purpose. In case it uses a control card, signature verification shall take place as shown in Figure 13. For verifying the temporal validity of a certificate presented by the IDE, the control card shall use its internal current time, as specified in CSM_167. The control card shall update its current time if the Effective Date of an authentic ‘valid source of time’ certificate is more recent than the card’s current time. The card shall accept only the following certificates as a valid source of time: U.K.

• Second-generation ERCA link certificates

• Second-generation MSCA certificates

• Second-generation VU_Sign or Card_Sign certificates issued by the same country as the control card’s own card certificate.

In case it performs signature verification itself, the IDE shall verify the authenticity and validity of all certificates in the certificate chain in the data file, and it shall verify the signature over the data following the signature scheme defined in [DSS]. In both cases, for every certificate read from the data file, it is necessary to verify that the Certificate Holder Authorisation (CHA) field is correct:

• The CHA field of the EQT certificate shall indicate a VU or Card (as applicable) certificate for signing (see Appendix 1, data type EquipmentType).

• The CHA of the EQT.CA certificate shall indicate an MSCA.

• The CHA of the EQT.Link certificate shall indicate the ERCA.]

Notes to Figure 13: U.K.

—The equipment that signed the data to be analysed is denoted EQT.U.K.

—The EQT certificates and public keys mentioned in the figure are those for signing, i.e. VU_Sign or Card_Sign.U.K.

—The EQT.CA certificates and public keys mentioned in the figure are those for signing VU or Card certificates, as applicable.U.K.

—The EQT.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the EQT.CA certificate.U.K.

—The EQT.Link certificate mentioned in the figure is the EQT's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed with the previous European private key.U.K.

—The EQT.Link.EUR certificate is the European root certificate that is indicated in the CAR of the EQT.Link certificate.U.K.

CSM_235For calculating the hash M sent to the control card in the PSO:Hash command, the IDE shall use the hashing algorithm linked to the key size of the VU or the card from which the data is downloaded, as specified in CSM_50.U.K.

CSM_236For verifying the EQT's signature, the control card shall follow the signature scheme defined in [DSS].U.K.

Note: This document does not specify any action to undertake if a signature over a downloaded data file cannot be verified or if the verification is unsuccessful.U.K.

[F1Figure 13 Protocol for verification of the signature over a downloaded data file U.K.

]