http://www.legislation.gov.uk/id/eur/2016/799/annex/1/appendix/11/division/1/part/B/division/10/division/10.2/division/10.2.1/division/1/annotations/1

ANNEX I CRequirements for construction, testing, installation, and inspection

Appendix 11

COMMON SECURITY MECHANISMS

PART BSECOND-GENERATION TACHOGRAPH SYSTEM

10.VU- CARD MUTUAL AUTHENTICATION AND SECURE MESSAGING

10.2.Mutual Certificate Chain Verification

10.2.1Card Certificate Chain Verification by VU

CSM_157F1Vehicle units shall use the protocol depicted in Figure 4 for verifying a tachograph card’s certificate chain. For every certificate it reads from the card, the VU shall verify that the Certificate Holder Authorisation (CHA) field is correct:

Notes to Figure 4:

—

The Card.Link certificate mentioned in the figure is the card's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.