Commission Implementing Regulation (EU) 2016/799Show full title

3.HARDWARE AND COMMUNICATIONU.K.

3.1. Introduction U.K.

This paragraph describes the minimum functionality required by Tachograph cards and VUs to ensure correct operation and interoperability.

Tachograph cards are as compliant as possible with the available ISO/IEC applicable norms (especially ISO/IEC 7816). However, commands and protocols are fully described in order to specify some restricted usage or some differences if they exist. The commands specified are fully compliant with the referred norms except where indicated.

3.2. Transmission Protocol U.K.

TCS_10The Transmission protocol shall be compliant with ISO/IEC 7816-3 for T = 0 and T = 1. In particular, the VU shall recognise waiting time extensions sent by the card.U.K.

3.2.1 Protocols U.K.

TCS_11The card shall provide both protocol T=0 and protocol T=1. In addition the card may support further contact-oriented protocols.U.K.

TCS_12 T=0 is the default protocol, a PTS command is therefore necessary to change the protocol to T=1.U.K.

TCS_13Devices shall support direct convention in both protocols: the direct convention is hence mandatory for the card.U.K.

TCS_14The Information Field Size Card byte shall be presented at the ATR in character TA3. This value shall be at least ‘F0h’ (=240 bytes).U.K.

The following restrictions apply to the protocols:

TCS_15 T=0 U.K.

• The interface device shall support an answer on I/O after the rising edge of the signal on RST from 400 cc.

• The interface device shall be able to read characters separated with 12 etu.

• The interface device shall read an erroneous character and its repetition if separated with 13 etu. If an erroneous character is detected, the Error signal on I/O can occur between 1 etu and 2 etu. The device shall support a 1 etu delay.

• The interface device shall accept a 33 bytes ATR (TS+32)

• If TC1 is present in the ATR, the Extra Guard Time shall be present for characters sent by the interface device although characters sent by the card can still be separated with 12 etu. This is also true for the ACK character sent by the card after a P3 character emitted by the interface device.

• The interface device shall take into account a NUL character emitted by the card.

• The interface device shall accept the complementary mode for ACK.

• The get-response command cannot be used in chaining mode to get a data which length could exceed 255 bytes.

TCS_16 T=1 U.K.

• NAD byte: not used (NAD shall be set to ‘00’).

• S-block ABORT: not used.

• S-block VPP state error: not used.

• The total chaining length for a data field will not exceed 255 bytes (to be ensured by the IFD).

• The Information Field Size Device (IFSD) shall be indicated by the IFD immediately after the ATR: the IFD shall transmit the S-Block IFS request after the ATR and the card shall send back S-Block IFS. The recommended value for IFSD is 254 bytes.

• The card will not ask for an IFS readjustment.

3.2.2 ATR U.K.

TCS_17The device checks ATR bytes, according to ISO/IEC 7816-3. No verification shall be done on ATR Historical Characters.U.K.

Example of Basic Biprotocol ATR according to ISO/IEC 7816-3

TCS_18After the Answer To Reset (ATR), the Master File (MF) is implicitly selected and becomes the Current Directory.U.K.

3.2.3 PTS U.K.

TCS_19The default Protocol is T=0. To set the T=1 protocol, a PTS (also known as PPS) must be sent to the card by the device.U.K.

TCS_20As both T=0 and T=1 protocols are mandatory for the card, the basic PTS for protocol switching is mandatory for the card.U.K.

The PTS can be used, as indicated in ISO/IEC 7816-3, to switch to higher baud rates than the default one proposed by the card in the ATR if any (TA(1) byte).

Higher baud rates are optional for the card.

TCS_21If no other baud rate than the default one are supported (or if the selected baud rate is not supported), the card shall respond to the PTS correctly according to ISO/IEC 7816-3 by omitting the PPS1 byte.U.K.

Examples of basic PTS for protocol selection are the following:

3.3. Access Rules U.K.

TCS_22An access rule specifies for an access mode, i.e. command, the corresponding security conditions. If these security conditions are fulfilled the corresponding command is processed.U.K.

TCS_23The following security conditions are used for the tachograph card:U.K.

[F1TCS_24 These security conditions can be linked in the following ways: U.K.

The access rules for the file system, i.e. the SELECT, READ BINARY and UPDATE BINARY command, are specified in chapter 4. The access rules for the remaining commands are specified in the following tables. The term ‘not applicable’ is used if there is no requirement to support the command. In this case the command may or may not be supported, but the access condition is out of scope.]

TCS_25In the DF Tachograph G1 application the following access rules are used:U.K.

TCS_26In the DF Tachograph_G2 application the following access rules are used:U.K.

TCS_27In the MF the following access rules are used:U.K.

TCS_28A tachograph card may or may not accept a command with a higher level of security than the one specified in the security conditions. I.e. if the security condition is ALW (or PLAIN-C) the card may accept a command with secure messaging (encryption and / or authentication mode). If the security condition requires secure messaging with authentication mode, the tachograph card may accept a command with secure messaging of the same generation in authentication and encryption mode.U.K.

Note: The command descriptions provide more information on the support of the commands for the different tachograph card types and the different DFs.U.K.

3.4. Commands and error codes overview U.K.

Commands and file organisation are deduced from and complies with ISO/IEC 7816-4.

This section describes the following APDU command-response pairs. The command variants which are supported by a generation 1 and 2 application are specified in the corresponding command descriptions.

[F1TCS_29 The status words SW1 SW2 are returned in any response message and denote the processing state of the command. U.K.

Additional status words as defined in ISO/IEC 7816-4 can be returned, if their behaviour is not explicitly mentioned in this appendix.

For example the following status words can be optionally returned:

6881: Logical channel not supported

6882: Secure messaging not supported]

TCS_30If more than one error condition is fulfilled in one command APDU the card may return any of the appropriate status words.U.K.

3.5. Command descriptions U.K.

The mandatory commands for the Tachograph cards are described in this chapter.

Additional relevant details, related to cryptographic operations involved, are given in Appendix 11 Common security mechanisms for Tachograph Generation 1 and Generation 2.

All commands are described independently of the used protocol (T=0 or T=1). The APDU bytes CLA, INS, P1, P2, Lc and Le are always indicated. If Lc or Le is not needed for the described command, the associated length, value and description are empty.

TCS_31If both length bytes (Lc and Le) are requested, the described command has to be split in two parts if the IFD is using protocol T=0: the IFD sends the command as described with P3=Lc + data and then sends a GET RESPONSE (see § 3.5.6) command with P3=Le.U.K.

TCS_32If both length bytes are requested, and Le=0 (secure messaging):U.K.

• When using protocol T=1, the card shall answer to Le=0 by sending all available output data.

• When using protocol T=0, the IFD shall send the first command with P3=Lc + data, the card shall answer (to this implicit Le=0) by the Status bytes ‘61La’, where La is the number of response bytes available. The IFD shall then generate a GET RESPONSE command with P3 = La to read the data.

TCS_33A tachograph card may support extended length fields according to ISO/IEC 7816-4 as an optional feature. A tachograph card that supports extended length fields shallU.K.

• Indicate the extended length field support in the ATR

• Provide the supported buffer sizes by means of the extended length information in the EF ATR/INFO see TCS_146.

• Indicate whether it supports extended length fields for T = 1 and / or T = 0 in the EF Extended Length, see TCS_147.

• Support extended length fields for the tachograph application generation 1 and 2.

Notes: U.K.

All commands are specified for short length fields. The usage of extended length APDUs is clear from ISO/IEC 7816-4.U.K.

In general the commands are specified for the plain mode, i.e. without secure messaging, as the secure messaging layer is specified in Appendix 11. It is clear from the access rules for a command whether the command shall support secure messaging or not and whether the command shall support generation 1 and / or generation 2 secure messaging. Some command variants are described with secure messaging to illustrate the usage of secure messaging.U.K.

TCS_34The VU shall perform the complete generation 2 VU — card mutual authentication protocol for a session including the certificate verification (if required) either in the DF Tachograph, the DF Tachograph_G2 or the MF.U.K.

3.5.1 SELECT U.K.

This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.

The SELECT command is used:

• to select an application DF (selection by name must be used)

• to select an elementary file corresponding to the submitted file ID

3.5.1.1 Selection by name (AID) U.K.

This command allows selecting an application DF in the card.

TCS_35This command can be performed from anywhere in the file structure (after the ATR or at any time).U.K.

TCS_36The selection of an application resets the current security environment. After performing the application selection, no current public key is selected anymore. The EXT-AUT-G1 access condition is also lost. If the command was performed without secure messaging, the former secure messaging session keys are no longer available.U.K.

TCS_37 Command Message U.K.

No response to the SELECT command is needed (Le absent in T=1, or no response asked in T=0).

TCS_38 Response Message (no response asked) U.K.

• If the command is successful, the card returns ‘9000’.

• If the application corresponding with the AID is not found, the processing state returned is ‘6A82’.

• In T=1, if the byte Le is present, the state returned is ‘6700’.

• In T=0, if a response is asked after the SELECT command, the state returned is ‘6900’.

• [F1If the selected application is considered to be corrupted (integrity error is detected within the file attributes), the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

3.5.1.2 Selection of an Elementary File using its File Identifier U.K.

TCS_39 Command Message U.K.

TCS_40A tachograph card shall support the generation 2 secure messaging as specified in Appendix 11 Part B for this command variant.U.K.

No response to the SELECT command is needed (Le absent in T=1, or no response asked in T=0).

TCS_41 Response Message (no response asked) U.K.

• If the command is successful, the card returns ‘9000’.

• If the file corresponding with the file identifier is not found, the processing state returned is ‘6A82’.

• In T=1, if the byte Le is present, the state returned is ‘6700’.

• In T=0, if a response is asked after the SELECT command, the state returned is ‘6900’.

• [F1If the selected file is considered to be corrupted (integrity error is detected within the file attributes), the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

3.5.2 READ BINARY U.K.

This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.

The READ BINARY command is used to read data from a transparent file.

The response of the card consists of returning the data read, optionally encapsulated in a secure messaging structure.

3.5.2.1 Command with offset in P1-P2 U.K.

This command enables the IFD to read data from the EF currently selected, without secure messaging.

Note: This command without secure messaging can only be used to read a file that supports the ALW security condition for the Read access mode.U.K.

TCS_42 Command Message U.K.

Note: bit 8 of P1 must be set to 0.U.K.

TCS_43 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no EF is selected, the processing state returned is ‘6986’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.

• [F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

• If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.

3.5.2.1.1 Command with secure messaging (examples) U.K.

This command enables the IFD to read data from the EF currently selected with secure messaging, in order to verify the integrity of the data received and to protect the confidentiality of the data if the security condition SM-R-ENC-MAC-G1 (generation 1) or SM-R-ENC-MAC-G2 (generation 2) is applied.

TCS_44 Command Message U.K.

TCS_45 Response Message if SM-R-ENC-MAC-G1 (generation 1) / SM-R-ENC-MAC-G2 (generation 2) is not required and if Secure Messaging input format is correct: U.K.

TCS_46 Response Message if SM-R-ENC-MAC-G1 (generation 1) / SM-R-ENC-MAC-G2 (generation 2) is required and if Secure Messaging input format is correct: U.K.

The READ BINARY command may return regular processing states listed in TCS_43 under Tag ‘99h’ as described in TCS_59 using the secure messaging response structure.

Additionally, some errors specifically related to secure messaging can happen. In that case, the processing state is simply returned, with no secure messaging structure involved:

TCS_47 Response Message if incorrect Secure Messaging input format U.K.

• If no current session key is available, the processing state ‘6A88’ is returned. It happens either if the session key has not already been generated or if the session key validity has expired (in this case the IFD must re-run a mutual authentication process to set a new session key).

• If some expected data objects (as specified above) are missing in the secure messaging format, the processing state ‘6987’ is returned: this error happens if an expected tag is missing or if the command body is not properly constructed.

• If some data objects are incorrect, the processing state returned is ‘6988’: this error happens if all the required tags are present but some lengths are different from the ones expected.

• If the verification of the cryptographic checksum fails, the processing state returned is ‘6688’.

3.5.2.2 Command with short EF (Elementary File) identifier U.K.

This command variant enables the IFD to select an EF by means of a short EF identifier and read data from this EF.

TCS_48A tachograph card shall support this command variant for all Elementary Files with a specified short EF identifier. These short EF identifiers are specified in chapter 4.U.K.

TCS_49 Command Message U.K.

Note: The short EF identifiers used for the Generation 2 tachograph application are specified in chapter 4.U.K.

If P1 encodes a short EF identifier and the command is successful, the identified EF becomes the currently selected EF (current EF).

TCS_50 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the file corresponding with the short EF identifier is not found, the processing state returned is ‘6A82’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.

• [F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

• If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.

3.5.2.3 Command with odd instruction byte U.K.

This command variant enables the IFD to read data from an EF with 32 768 bytes or more.

TCS_51A tachograph card which supports EFs with 32 768 bytes or more shall support this command variant for these EFs. A tachograph card may or may not support this command variant for other EFs with the exception of the EF Sensor_Installation_Data see TCS_156 and TCS_160.U.K.

TCS_52 Command Message U.K.

The IFD shall encode the offset data object's length with a minimum possible number of octets, i.e. using the length byte ‘01h’ the IFD shall encode an offset from 0 to 255 and using the length byte ‘02h’ an offset from ‘256’ up to ‘65 535’ bytes.

[F2In case of T = 0 the card assumes the value Le = ‘ 00h ’ if no secure messaging is applied.

In case of T = 1 the processing state returned is ‘ 6700 ’ if Le= ‘ 01h ’ .]

TCS_53 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no EF is selected, the processing state returned is ‘6986’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.

• [F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

• If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.

3.5.2.3.1 Command with secure messaging (example) U.K.

The following example illustrates the usage of secure messaging if the security condition SM-MAC-G2 applies.

TCS_54Command messageU.K.

TCS_55Response message if the command is successfulU.K.

3.5.3 UPDATE BINARY U.K.

This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.

The UPDATE BINARY command message initiates the update (erase + write) of the bits already present in an EF binary with the bits given in the command APDU.

3.5.3.1 Command with offset in P1-P2 U.K.

This command enables the IFD to write data into the EF currently selected, without the card verifying the integrity of data received.

Note: This command without secure messaging can only be used to update a file that supports the ALW security condition for the Update access mode.U.K.

TCS_56 Command Message U.K.

Note: bit 8 of P1 must be set to 0.U.K.

TCS_57 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no EF is selected, the processing state returned is ‘6986’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.

• If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘6400’ or ‘6500’.

• If writing is unsuccessful, the processing state returned is ‘6581’.

3.5.3.1.1 Command with secure messaging (examples) U.K.

This command enables the IFD to write data into the EF currently selected, with the card verifying the integrity of data received. As no confidentiality is required, the data are not encrypted.

TCS_58 Command Message U.K.

TCS_59 Response message if correct Secure Messaging input format U.K.

The ‘regular’ processing states, described for the UPDATE BINARY command with no secure messaging (see §3.5.3.1), can be returned using the response message structure described above.

Additionally, some errors specifically related to secure messaging can happen. In that case, the processing state is simply returned, with no secure messaging structure involved:

TCS_60 Response Message if error in secure messaging U.K.

• If no current session key is available, the processing state ‘6A88’ is returned.

• If some expected data objects (as specified above) are missing in the secure messaging format, the processing state ‘6987’ is returned: this error happens if an expected tag is missing or if the command body is not properly constructed.

• If some data objects are incorrect, the processing state returned is ‘6988’: this error happens if all the required tags are present but some lengths are different from the ones expected.

• If the verification of the cryptographic checksum fails, the processing state returned is ‘6688’.

3.5.3.2 Command with short EF identifier U.K.

This command variant enables the IFD to select an EF by means of a short EF identifier and write data from this EF.

TCS_61A tachograph card shall support this command variant for all Elementary Files with a specified short EF identifier. These short EF identifiers are specified in chapter 4.U.K.

TCS_62 Command Message U.K.

TCS_63 Response Message U.K.

Note: The short EF identifiers used for the generation 2 tachograph application are specified in chapter 4.U.K.

If P1 encodes a short EF identifier and the command is successful, the identified EF becomes the currently selected EF (current EF).

• If the command is successful, the card returns ‘9000’.

• If the file corresponding with the short EF identifier is not found, the processing state returned is ‘6A82’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.

• [F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]

• If writing is unsuccessful, the processing state returned is ‘6581’.

3.5.3.3 Command with odd instruction byte U.K.

This command variant enables the IFD to write data to an EF with 32 768 bytes or more.

TCS_64A tachograph card which supports EFs with 32 768 bytes or more shall support this command variant for these EFs. A tachograph card may or may not support this command variant for other EFs.U.K.

TCS_65 Command Message U.K.

The IFD shall encode the offset data object's and the discretionary data object's length with the minimum possible number of octets, i.e. using the length byte ‘01h’ the IFD shall encode an offset / length from 0 to 255 and using the length byte ‘02h’ an offset / length from ‘256’ up to ‘65 535’ bytes.

TCS_66 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no EF is selected, the processing state returned is ‘6986’.

• If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.

• If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.

• If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.

• If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘6400’ or ‘6500’.

• If writing is unsuccessful, the processing state returned is ‘6581’.

3.5.3.3.1 Command with secure messaging (example) U.K.

The following example illustrates the usage of secure messaging if the security condition SM-MAC-G2 applies.

TCS_67Command messageU.K.

TCS_68Response message if the command is successfulU.K.

3.5.4 GET CHALLENGE U.K.

This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.

The GET CHALLENGE command asks the card to issue a challenge in order to use it in a security related procedure in which a cryptogram or some ciphered data are sent to the card.

TCS_69The Challenge issued by the card is only valid for the next command, which uses a challenge, sent to the card.U.K.

TCS_70 Command Message U.K.

TCS_71 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If Le is different from ‘08h’, the processing state is ‘6700’.

• If parameters P1-P2 are incorrect, the processing state is ‘6A86’.

3.5.5 VERIFY U.K.

This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.

Only the workshop card is required to support this command.

Other types of tachograph cards may or may not implement this command, but for these cards no reference CHV is personalized. Therefore these cards cannot perform this commend successfully. For other types of tachograph cards than workshop cards the behavior, i.e. the error code returned, is out of the scope of this specification, if this command is sent.

The Verify command initiates the comparison in the card of the CHV (PIN) data sent from the command with the reference CHV stored in the card.

[F1TCS_72 The PIN entered by the user must be ASCII encoded and right padded with ‘ FFh ’ bytes up to a length of 8 bytes by the IFD, see also the data type WorkshopCardPIN in Appendix 1.] U.K.

TCS_73The tachograph applications generation 1 and 2 shall use the same reference CHV.U.K.

TCS_74The tachograph card shall check whether the command is encoded correctly. If the command is not encoded correctly the card shall not compare the CHV values, not decrement the remaining CHV attempt counter and not reset the security status ‘PIN_Verified’, but abort the command. A command is encoded correctly, if the CLA, INS, P1, P2, Lc bytes have the specified values, Le is absent, and the command data field has the correct length.U.K.

TCS_75If the command is successful, the remaining CHV attempt counter is reinitialised. The initial value of the remaining CHV attempt counter is 5. If the command is successful the card shall set the internal security status ‘PIN_Verified’. The card shall reset this security status, if the card is reset or if the CHV code transmitted in the command does not match the stored reference CHV.U.K.

Note: Using the same reference CHV and a global security status prevents that a workshop employee must re-enter the PIN after a selection of another tachograph application DF.U.K.

TCS_76An unsuccessful comparison is recorded in the card, i.e. the remaining CHV attempts counter shall be decremented by one, in order to limit the number of further attempts of the use of the reference CHV.U.K.

TCS_77 Command Message U.K.

TCS_78 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the reference CHV is not found, the processing state returned is ‘6A88’.

• If the CHV is blocked, (the remaining attempt counter of the CHV is null), the processing state returned is ‘6983’. Once in that state, the CHV can never be successfully presented anymore.

• If the comparison is unsuccessful, the remaining attempt Counter is decreased and the status ‘63CX’ is returned (X>0 and X equals the remaining CHV attempts counter.

• If the reference CHV is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

• If Lc is different from ‘08h’, the processing state is ‘6700’.

3.5.6 GET RESPONSE U.K.

This command is compliant with ISO/IEC 7816-4.

This command (only necessary and available for T=0 Protocol) is used to transmit prepared data from the card to the interface device (case where a command had included both Lc and Le).

The GET RESPONSE command has to be issued immediately after the command preparing the data, otherwise, the data are lost. After the execution of the GET RESPONSE command (except if the error ‘61xx’ or ‘6Cxx’ occur, see below), the previously prepared data are no longer available.

TCS_79 Command Message U.K.

TCS_80 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no data have been prepared by the card, the processing state returned is ‘6900’ or ‘6F00’.

• If Le exceeds the number of available bytes or if Le is null, the processing state returned is ‘6Cxx’, where xx denotes the exact number of available bytes. In that case, the prepared data are still available for a subsequent GET RESPONSE command.

• If Le is not null and is smaller than the number of available bytes, the required data are sent normally by the card, and the processing state returned is ‘61xx’, where ‘xx’ indicates a number of extra bytes still available by a subsequent GET RESPONSE command.

• If the command is not supported (protocol T=1), the card returns ‘6D00’.

3.5.7 PSO: VERIFY CERTIFICATE U.K.

This command is compliant with ISO/IEC 7816-8, but has a restricted usage compared to the command defined in the norm.

The VERIFY CERTIFICATE command is used by the card to obtain a Public Key from the outside and to check its validity.

3.5.7.1 Generation 1 Command — Response pair U.K.

TCS_81This command variant is only supported by a generation 1 tachograph application.U.K.

TCS_82When a VERIFY CERTIFICATE command is successful, the Public Key is stored for a future use in the Security environment. This key shall be explicitly set for the use in security related commands (INTERNAL AUTHENTICATE, EXTERNAL AUTHENTICATE or VERIFY CERTIFICATE) by the MSE command (see § 3.5.11) using its key identifier.U.K.

TCS_83In any case, the VERIFY CERTIFICATE command uses the public key previously selected by the MSE command to open the certificate. This public key must be the one of a Member State or of Europe.U.K.

TCS_84 Command Message U.K.

TCS_85 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the certificate verification fails, the processing state returned is ‘6688’. The verification and unwrapping process of the certificate is described in Appendix 11 for G1 and G2.

• If no Public Key is present in the Security Environment, ‘6A88’ is returned.

• If the selected public key (used to unwrap the certificate) is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

• Generation 1 only: If the selected public key (used to unwrap the certificate) has a CHA.LSB () different from ‘00’ (i.e. is not the one of a Member State or of Europe), the processing state returned is ‘6985’.

3.5.7.2 Generation 2 Command — Response pair U.K.

Depending on the curve size ECC certificates may be so long that they cannot be transmitted in a single APDU. In this case command chaining according to ISO/IEC 7816-4 must be applied and the certificate transmitted in two consecutive PSO: Verify Certificate APDUs.

The certificate structure and the domain parameters are defined in Appendix 11.

TCS_86The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.U.K.

TCS_87 Command Message U.K.

TCS_88For short length APDUs the following provisions apply: The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU according to the value of the Information Field Size Card Byte, see TCS_14. If the IFD behaves differently, the behavior of the card is out of scope.U.K.

TCS_89For extended length APDUs the following provisions apply: If the certificate does not fit into a single APDU, the card shall support command chaining. The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU. If the IFD behaves differently, the behavior of the card is out of scope.U.K.

Note: According to Appendix 11 the card stores the certificate or the relevant contents of the certificate and updates its currentAuthenticatedTime.U.K.

The response message structure and status words are as defined in TCS_85.

TCS_90In addition to the error codes listed in TCS_85, the card may return the following error codes:U.K.

• If the selected public key (used to unwrap the certificate) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the certificate verification according to Appendix 11, the processing state returned is ‘6985’.

• If the currentAuthenticatedTime of the card is later than the Certificate Expiration Date, the processing state returned is ‘6985’.

• If the last command of the chain is expected, the card returns ‘6883’.

• If incorrect parameters are sent in the command data field, the card returns ‘6A80’ (also used in case the data objects are not sent in the specified order).

3.5.8 INTERNAL AUTHENTICATE U.K.

This command is compliant with ISO/IEC 7816-4.

TCS_91All tachograph cards shall support this command in the DF Tachograph generation 1. The command may or may not be accessible in the MF and / or the DF Tachograph_G2. If so, the command shall terminate with a suitable error code as the private key of the card (Card.SK) for the generation 1 authentication protocol is only accessible in the DF_Tachograph generation 1.U.K.

Using the INTERNAL AUTHENTICATE command, the IFD can authenticate the card. The authentication process is described in Appendix 11. It includes the following statements:

TCS_92The INTERNAL AUTHENTICATE command uses the card Private Key (implicitly selected) to sign authentication data including K1 (first element for session key agreement) and RND1, and uses the Public Key currently selected (through the last MSE command) to encrypt the signature and form the authentication token (more details in Appendix 11).U.K.

TCS_93 Command Message U.K.

TCS_94 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If no Public Key is present in the Security Environment, the processing state returned is ‘6A88’.

• If no Private Key is present in the Security Environment, the processing state returned is ‘6A88’.

• If VU.CHR does not match the current public key identifier, the processing state returned is ‘6A88’.

• If the selected private key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

[F1TCS_95 If the INTERNAL AUTHENTICATE command is successful, the current generation 1 session key, if existing, is erased and no longer available. In order to have a new generation 1 session key available, the EXTERNAL AUTHENTICATE command for the generation 1 authentication mechanism must be successfully performed. U.K.

Note: For generation 2 session keys see Appendix 11 CSM_193 and CSM_195. If generation 2 session keys are established and the tachograph card receives the plain INTERNAL AUTHENTICATE command APDU, it aborts the generation 2 secure messaging session and destroys the generation 2 session keys.] U.K.

3.5.9 EXTERNAL AUTHENTICATE U.K.

This command is compliant with ISO/IEC 7816-4.

Using the EXTERNAL AUTHENTICATE command, the card can authenticate the IFD. The authentication process is described in Appendix 11 for Tachograph G1 and G2 (VU authentication).

TCS_96The command variant for the generation 1 mutual authentication mechanism is only supported by a generation 1 tachograph application.U.K.

[F1TCS_97 The command variant for the second generation VU-card mutual authentication can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34. If this generation 2 EXTERNAL AUTHENTICATE command is successful, the current generation 1 session key, if existing, is erased and no longer available. U.K.

Note: For generation 2 session keys see Appendix 11 CSM_193 and CSM_195. If generation 2 session keys are established and the tachograph card receives the plain EXTERNAL AUTHENTICATE command APDU, it aborts the generation 2 secure messaging session and destroys the generation 2 session keys.] U.K.

TCS_98 Command Message U.K.

TCS_99 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the CHA of the currently set public key is not the concatenation of the Tachograph application AID and of a VU equipment Type, the processing state returned is ‘6F00’.

• If the command is not immediately preceded with a GET CHALLENGE command, the processing state returned is ‘6985’.

The Generation 1 Tachograph application may return the following additional error codes:

• If no Public Key is present in the Security Environment, ‘6A88’ is returned.

• If no Private Key is present in the Security Environment, the processing state returned is ‘6A88’.

• If the verification of the cryptogram is wrong, the processing state returned is ‘6688’.

• If the selected private key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

The command variant for the Generation 2 authentication may return the following additional error code:

• If signature verification failed, the card returns ‘6300’.

3.5.10 GENERAL AUTHENTICATE U.K.

This command is used for the generation 2 chip authentication protocol specified in Appendix 11 Part B and is compliant with ISO/IEC 7816-4.

TCS_100The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.

TCS_101 Command Message U.K.

TCS_102 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• The card returns ‘6A80’ to indicate incorrect parameters in data field.

• The card returns ‘6982’ if the External Authenticate command has not been performed successfully

The response Dynamic Authentication Data object ‘7Ch’

• must be present if the operation is successful, i.e. the Status Words are ‘9000’,

• must be absent in case of an execution error or checking error, i.e. if the Status Words are in the range ‘6400’ — ‘6FFF’, and

• may be absent in case of a warning, i.e. if the Status Words are in the range ‘6200’ — ‘63FF’.

3.5.11 MANAGE SECURITY ENVIRONMENT U.K.

This command is used to set a public key for authentication purpose.

3.5.11.1 Generation 1 Command — Response pair U.K.

This command is compliant with ISO/IEC 7816-4. The use of this command is restricted regarding the related standard.

TCS_103This command is only supported by a generation 1 tachograph application.U.K.

TCS_104The key referenced in the MSE data field remains the current public key until the next correct MSE command, a DF is selected or the card is reset.U.K.

TCS_105If the key referenced is not (already) present into the card, the security environment remains unchanged.U.K.

TCS_106 Command Message U.K.

TCS_107 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the referenced key is not present into the card, the processing state returned is ‘6A88’.

• If some expected data objects are missing in the secure messaging format, the processing state ‘6987’ is returned. This can happen if the tag ‘83h’ is missing.

• If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if the length of the key identifier is not ‘08h’.

• If the selected key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

3.5.11.2 Generation 2 Command — Response pairs U.K.

For the Generation 2 authentication the tachograph card supports the following MSE: Set command versions which are compliant with ISO/IEC 7816-4. These command versions are not supported for the Generation 1 authentication.

3.5.11.2.1 MSE:SET AT for Chip Authentication U.K.

The following MSE:SET AT command is used to select the parameters for the Chip Authentication that is performed by a subsequent General Authenticate command.

TCS_108The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.

TCS_109 MSE:SET AT Command Message for Chip Authentication U.K.

3.5.11.2.2 MSE:SET AT for VU Authentication U.K.

The following MSE:SET AT command is used to select the parameters and keys for the VU Authentication that is performed by a subsequent External Authenticate command.

TCS_110The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.

TCS_111 MSE:SET AT Command Message for VU Authentication U.K.

3.5.11.2.3 MSE:SET DST U.K.

The following MSE:SET DST command is used to set a public key either

• for the verification of a signature that is provided in a subsequent PSO: Verify Digital Signature command or

• for the signature verification of a certificate that is provided in a subsequent PSO: Verify Certificate command

TCS_112The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.U.K.

TCS_113 MSE:SET DST Command Message U.K.

For all command versions the response message structure and status words are given by:

TCS_114 Response Message U.K.

• If the command is successful, the card returns ‘9000’. The protocol has been selected and initialised.

• ‘6A80’ indicates incorrect parameters in the command data field.

• ‘6A88’ indicates that referenced data (i.e. a referenced key) is not available.

• [F2If the currentAuthenticatedTime of the card is later than the Expiration Date of the selected public key, the processing state returned is ‘ 6A88 ’ .

Note: In the case of a MSE: SET AT for VU Authentication command, the referenced key is a VU_MA public key. The card shall set the VU_MA public key for use, if available in its memory, which matches the Certificate Holder Reference (CHR) given in the command data field (the card can identify VU_MA public keys by means of the certificate's CHA field). A card shall return ‘ 6A 88 ’ to this command in case only the VU_Sign public key or no public key of the Vehicle Unit is available. See the definition of the CHA field in Appendix 11 and of data type equipmentType in Appendix 1. U.K.

Similarly, in case an MSE: SET DST command referencing an EQT (i.e. a VU or a card) is sent to a control card, according to CSM_234 the referenced key is always an EQT_Sign key that has to be used for the verification of a digital signature. According to Figure 13 in Appendix 11, the control card will always have stored the relevant EQT_Sign public key. In some cases, the control card may have stored the corresponding EQT_MA public key. The control card shall always set the EQT_Sign public key for use when it receives an MSE: SET DST command.]

3.5.12 PSO: HASH U.K.

This command is used to transfer to the card the result of a hash calculation on some data. This command is used for the verification of digital signatures. The hash value is stored temporarily for the subsequent command PSO: Verify Digital Signature

This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.

Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.

The control card application generation 1 supports only SHA-1.

TCS_115The temporarily stored hash value shall be deleted if a new hash value is computed by means of the PSO: HASH command, if a DF is selected, and if the tachograph card is reset.U.K.

TCS_116 Command Message U.K.

TCS_117 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the tag ‘90h’ is missing.

• If some data objects are incorrect, the processing state returned is ‘6988’. This error happens if the required tag is present but with a length different from ‘14h’ for SHA-1, ‘20h’ for SHA-256, ‘30h’ for SHA-384, ‘40h’ for SHA-512 (Generation 2 application).

3.5.13 PERFORM HASH of FILE U.K.

This command is not compliant with ISO/IEC 7816-8. Thus the CLA byte of this command indicates that there is a proprietary use of the PERFORM SECURITY OPERATION / HASH.

Only the driver card and the workshop card are required to support this command in the DF Tachograph and DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command. If a company or control card implements this command, the command shall be implemented as specified in this chapter.

The command may or may not be accessible in the MF. If so, the command shall be implemented as specified in this chapter, i.e. shall not allow the calculation of a hash value, but terminate with a suitable error code.

TCS_118The PERFORM HASH of FILE command is used to hash the data area of the currently selected transparent EF.U.K.

TCS_119A tachograph card shall support this command only for the EFs that are listed in chapter 4 under the DF_Tachograph and DF_Tachograph_G2 with the following exception. A tachograph card shall not support the command for the EF Sensor_Installation_Data of DF Tachograph_G2..U.K.

TCS_120The result of the hash operation is stored temporarily in the card. It can then be used to get a digital signature of the file, using the PSO: COMPUTE DIGITAL SIGNATURE command.U.K.

[F1TCS_121 The temporarily stored hash of file value shall be deleted if a new hash of file value is computed by means of the PERFORM HASH of FILE command, if a DF is selected, and if the tachograph card is reset.] U.K.

TCS_122The Tachograph Generation 1 application shall support SHA-1.U.K.

[F1TCS_123 The Tachograph Generation 2 application shall support the SHA-2 algorithm (SHA-256, SHA-384 or SHA-512), specified by the cipher suite in Appendix 11 Part B for the card signature key Card_Sign.] U.K.

TCS_124 Command Message U.K.

TCS_125 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the current EF does not allow this command (EF Sensor_Installation_Data in DF Tachograph_G2), the processing state ‘6985’ is returned.

• If the selected EF is considered corrupted (file attributes or stored data integrity errors), the processing state returned is ‘6400’ or ‘6581’.

• If the selected file is not a transparent file or if there is no current EF, the processing state returned is ‘6986’.

3.5.14 PSO: COMPUTE DIGITAL SIGNATURE U.K.

[F1This command is used to compute the digital signature of previously computed hash code (see PERFORM HASH of FILE, §3.5.13).

Only the driver card and the workshop card are required to support this command in the DF Tachograph and DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command. In case of the Generation 2 tachograph application, only the driver card and the workshop card have a generation 2 signature key, other cards are not able to successfully perform the command and terminate with a suitable error code.

The command may or may not be accessible in the MF. If the command is not accessible in the MF, it shall terminate with a suitable error code.

This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.]

TCS_126This command shall not compute a digital signature of previously computed hash code with the PSO: HASH command.U.K.

TCS_127The card private key is used to compute the digital signature and is implicitly known by the card.U.K.

TCS_128The Generation 1 tachograph application performs a digital signature using a padding method compliant with PKCS1 (see Appendix 11 for details).U.K.

TCS_129The Generation 2 tachograph application computes an elliptic curve based digital signature (see Appendix 11 for details).U.K.

TCS_130 Command Message U.K.

TCS_131 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the implicitly selected private key is considered as corrupted, the processing state returned is ‘6400’ or ‘6581’.

• If the hash which was computed in a previous Perform Hash of File command is not available, the processing state returned is ‘6985’.

3.5.15 PSO: VERIFY DIGITAL SIGNATURE U.K.

This command is used to verify the digital signature, provided as an input, whose hash is known to the card. The signature algorithm is implicitly known by the card.

This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.

Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.

TCS_132The VERIFY DIGITAL SIGNATURE command always uses the public key selected by the previous Manage Security Environment MSE: Set DST command and the previous hash code entered by a PSO: HASH command.U.K.

TCS_133 Command Message U.K.

TCS_134 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• If the verification of the signature fails, the processing state returned is ‘6688’. The verification process is described in Appendix 11.

• If no public key is selected, the processing state returned is ‘6A88’.

• If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the required tag is missing.

• If no hash code is available to process the command (as a result of a previous PSO: Hash command), the processing state returned is ‘6985’.

• If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if one of the required data objects length is incorrect.

• If the selected public key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

• [F2If the selected public key (used to verify the digital signature) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the digital signature verification according to Appendix 11, the processing state returned is ‘ 6985 ’.]

3.5.16 PROCESS DSRC MESSAGE U.K.

This command is used to verify the integrity and authenticity of the DSRC message and to decipher the data communicated from a VU to a control authority or a workshop over the DSRC link. The card derives the encryption key and the MAC key used to secure the DSRC message as described in Appendix 11 Part B chapter 13.

Only the control card and the workshop card are required to support this command in the DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command, but shall not have a DSRC master key. Therefore these cards cannot perform the command successfully, but terminate with a suitable error code.

The command may or may not be accessible in the MF and / or the DF Tachograph. If so, the command shall terminate with a suitable error code.

TCS_135The DSRC master key is accessible only in the DF Tachograph_G2, i.e. the control and workshop card shall support a successful execution of the command only in the DF Tachograph_G2.U.K.

TCS_136The command shall only decrypt the DSRC data and verify the cryptographic checksum, but not interpret the input data.U.K.

TCS_137The order of the data objects in the command data field is fixed by this specification.U.K.

TCS_138 Command Message U.K.

TCS_139 Response Message U.K.

• If the command is successful, the card returns ‘9000’.

• ‘6A80’ indicates incorrect parameters in the command data field (also used in case the data objects are not sent in the specified order).

• ‘6A88’ indicates that referenced data is not available, i.e. the referenced DSRC master key is not available.

• ‘6900’ indicates that the verification of the cryptographic checksum or the decryption of the data failed.

• ‘ [F26985 ’ indicates that the 4-byte time stamp provided in the command data field is earlier than cardValidityBegin or later than cardExpiryDate.]