Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.
ANNEX I CU.K. Requirements for construction, testing, installation, and inspection
Appendix 11
COMMON SECURITY MECHANISMS U.K.
PART BU.K. SECOND-GENERATION TACHOGRAPH SYSTEM
8.CRYPTOGRAPHIC SYSTEMS AND ALGORITHMSU.K.
8.1. Cryptographic Systems U.K.
CSM_38Vehicle units and tachograph cards shall use an elliptic curve-based public-key cryptographic system to provide the following security services:U.K.
mutual authentication between a vehicle unit and a card,
agreement of AES session keys between a vehicle unit and a card,
ensuring the authenticity, integrity and non-repudiation of data downloaded from vehicle units or tachograph cards to external media.
CSM_39Vehicle units and external GNSS facilities shall use an elliptic curve-based public-key cryptographic system to provide the following security services:U.K.
coupling of a vehicle unit and an external GNSS facility,
mutual authentication between a vehicle unit and an external GNSS facility,
agreement of an AES session key between a vehicle unit and an external GNSS facility.
CSM_40Vehicle units and tachograph cards shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.
ensuring authenticity and integrity of data exchanged between a vehicle unit and a tachograph card,
where applicable, ensuring confidentiality of data exchanged between a vehicle unit and a tachograph card.
CSM_41Vehicle units and external GNSS facilities shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.
CSM_42Vehicle units and motion sensors shall use an AES-based symmetric cryptographic system to provide the following security services:U.K.
pairing of a vehicle unit and a motion sensor,
mutual authentication between a vehicle unit and a motion sensor,
ensuring confidentiality of data exchanged between a vehicle unit and a motion sensor.
CSM_43Vehicle units and control cards shall use an AES-based symmetric cryptographic system to provide the following security services on the remote communication interface:U.K.
Notes: U.K.
—Properly speaking, data is transmitted from a vehicle unit to a remote interrogator under the control of a control officer, using a remote communication facility that may be internal or external to the VU, see Appendix 14. However, the remote interrogator sends the received data to a control card for decryption and validation of authenticity. From a security point of view, the remote communication facility and the remote interrogator are fully transparent.U.K.
—A workshop card offers the same security services for the DSRC interface as a control card does. This allows a workshop to validate the proper functioning of the remote communication interface of a VU, including security. Please refer to section 9.2.2 for more information.U.K.