ANNEX I CRequirements for construction, testing, installation, and inspection
Appendix 11
COMMON SECURITY MECHANISMS
PART BSECOND-GENERATION TACHOGRAPH SYSTEM
10.VU- CARD MUTUAL AUTHENTICATION AND SECURE MESSAGING
10.2.Mutual Certificate Chain Verification
10.2.1Card Certificate Chain Verification by VU
CSM_157F1Vehicle units shall use the protocol depicted in Figure 4 for verifying a tachograph card’s certificate chain. For every certificate it reads from the card, the VU shall verify that the Certificate Holder Authorisation (CHA) field is correct:
Notes to Figure 4:
—
The Card.Link certificate mentioned in the figure is the card's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed by the previous European private key.