Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance) (c. 799)

Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.

ANNEX I CU.K. Requirements for construction, testing, installation, and inspection

Appendix 11

COMMON SECURITY MECHANISMS U.K.

PART AU.K. FIRST-GENERATION TACHOGRAPH SYSTEM

3.KEYS AND CERTIFICATESU.K.

3.3. Certificates U.K.

3.3.1 Certificates content U.K.

CSM_017RSA Public key certificates are built with the following data in the following order:U.K.

Notes: U.K.

1.The ‘Certificate Profile Identifier’ (CPI) delineates the exact structure of an authentication certificate. It can be used as an equipment internal identifier of a relevant headerlist which describes the concatenation of Data Elements within the certificate.U.K.

The headerlist associated with this certificate content is as follows:

‘4D’

‘16’

‘5F 29’

‘01’

‘42’

‘08’

‘5F 4B’

‘07’

‘5F 24’

‘04’

‘5F 20’

‘08’

‘7F 49’

‘05’

‘81’

‘81 80’

‘82’

‘08’

Extended Headerlist Tag

Length of header list

CPI Tag

CPI Length

CAR Tag

CAR Length

CHA Tag

CHA Length

EOV Tag

EOV Length

CHR Tag

CHR Length

Public Key Tag (Constructed)

Length of subsequent DOs

modulus Tag

modulus length

public exponent Tag

public exponent length

2.The ‘Certification Authority Reference’ (CAR) has the purpose of identifying the certificate issuing CA, in such a way that the Data Element can be used at the same time as an Authority Key Identifier to reference the Public Key of the Certification Authority (for coding, see Key Identifier below).U.K.

3.The ‘Certificate Holder Authorisation’ (CHA) is used to identify the rights of the certificate holder. It consists of the Tachograph Application ID and of the type of equipment to which the certificate is intended (according to data element, ‘00’ for a Member State).U.K.

4.The ‘Certificate Holder Reference’ (CHR) has the purpose of identifying uniquely the certificate holder, in such a way that the Data Element can be used at the same time as a Subject Key Identifier to reference the Public Key of the certificate holder.U.K.

5.Key Identifiers uniquely identify certificate holder or certification authorities. They are coded as follows:U.K.

5.1

Equipment (VU or Card):

Data	Equipment serial number	Date	Type	Manufacturer
Length	4 Bytes	2 Bytes	1 Byte	1 Byte
Value	Integer	mm yy BCD coding	Manufacturer specific	Manufacturer code

In the case of a VU, the manufacturer, when requesting certificates, may or may not know the identification of the equipment in which the keys will be inserted.

In the first case, the manufacturer will send the equipment identification with the public key to its Member State authority for certification. The certificate will then contain the equipment identification, and the manufacturer must ensure that keys and certificate are inserted in the intended equipment. The Key identifier has the form shown above.

In the later case, the manufacturer must uniquely identify each certificate request and send this identification with the public key to its Member State authority for certification. The certificate will contain the request identification. The manufacturer must feed back its Member State authority with the assignment of key to equipment (i.e. certificate request identification, equipment identification) after key installation in the equipment. The key identifier has the following form:

Data	Certificate request serial number	Date	Type	Manufacturer
Length	4 Bytes	2 Bytes	1 Byte	1 Byte
Value	Integer	mm yy BCD coding	‘FF’	Manufacturer code

5.2

Certification Authority:

Data	Authority Identification	Key serial number	Additional info	Identifier
Length	4 Bytes	1 Byte	2 Bytes	1 Byte
Value	1 Byte nation numerical code 3 Bytes nation alphanumerical code	Integer	additional coding (CA specific) ‘FF FF’ if not used	‘01’

Data

Authority Identification

Key serial number

Additional info

Identifier

Length

4 Bytes

1 Byte

2 Bytes

1 Byte

Value

1 Byte nation numerical code

3 Bytes nation alphanumerical code

Integer

additional coding

(CA specific)

‘FF FF’ if not used

‘01’

The key serial number is used to distinguish the different keys of a Member State, in the case the key is changed.

6.Certificate verifiers shall implicitly know that the public key certified is an RSA key relevant to authentication, digital signature verification and encipherement for confidentiality services (the certificate contains no Object Identifier to specify it).U.K.