ANNEX I CU.K.Requirements for construction, testing, installation, and inspection
Appendix 11
COMMON SECURITY MECHANISMS U.K.
PART BU.K. SECOND-GENERATION TACHOGRAPH SYSTEM
14.SIGNING DATA DOWNLOADS AND VERIFYING SIGNATURESU.K.
14.3. Signature verification U.K.
CSM_234 [An IDE may perform verification of a signature over downloaded data itself or it may use a control card for this purpose. In case it uses a control card, signature verification shall take place as shown in Figure 13. For verifying the temporal validity of a certificate presented by the IDE, the control card shall use its internal current time, as specified in CSM_167. The control card shall update its current time if the Effective Date of an authentic ‘valid source of time’ certificate is more recent than the card’s current time. The card shall accept only the following certificates as a valid source of time:] U.K.
Notes to Figure 13: U.K.
—The equipment that signed the data to be analysed is denoted EQT.U.K.
—The EQT certificates and public keys mentioned in the figure are those for signing, i.e. VU_Sign or Card_Sign.U.K.
—The EQT.CA certificates and public keys mentioned in the figure are those for signing VU or Card certificates, as applicable.U.K.
—The EQT.CA.EUR certificate mentioned in the figure is the European root certificate that is indicated in the CAR of the EQT.CA certificate.U.K.
—The EQT.Link certificate mentioned in the figure is the EQT's link certificate, if present. As specified in section 9.1.2, this is a link certificate for a new European root key pair created by the ERCA and signed with the previous European private key.U.K.
—The EQT.Link.EUR certificate is the European root certificate that is indicated in the CAR of the EQT.Link certificate.U.K.