Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.
ANNEX I CU.K. Requirements for construction, testing, installation, and inspection
Appendix 2
TACHOGRAPH CARDS SPECIFICATION U.K.
3.HARDWARE AND COMMUNICATIONU.K.
3.5. Command descriptions U.K.
The mandatory commands for the Tachograph cards are described in this chapter.
Additional relevant details, related to cryptographic operations involved, are given in Appendix 11 Common security mechanisms for Tachograph Generation 1 and Generation 2.
All commands are described independently of the used protocol (T=0 or T=1). The APDU bytes CLA, INS, P1, P2, Lc and Le are always indicated. If Lc or Le is not needed for the described command, the associated length, value and description are empty.
TCS_31If both length bytes (Lc and Le) are requested, the described command has to be split in two parts if the IFD is using protocol T=0: the IFD sends the command as described with P3=Lc + data and then sends a GET RESPONSE (see § 3.5.6) command with P3=Le.U.K.
TCS_32If both length bytes are requested, and Le=0 (secure messaging):U.K.
When using protocol T=1, the card shall answer to Le=0 by sending all available output data.
When using protocol T=0, the IFD shall send the first command with P3=Lc + data, the card shall answer (to this implicit Le=0) by the Status bytes ‘61La’, where La is the number of response bytes available. The IFD shall then generate a GET RESPONSE command with P3 = La to read the data.
TCS_33A tachograph card may support extended length fields according to ISO/IEC 7816-4 as an optional feature. A tachograph card that supports extended length fields shallU.K.
Indicate the extended length field support in the ATR
Provide the supported buffer sizes by means of the extended length information in the EF ATR/INFO see TCS_146.
Indicate whether it supports extended length fields for T = 1 and / or T = 0 in the EF Extended Length, see TCS_147.
Support extended length fields for the tachograph application generation 1 and 2.
Notes: U.K.
All commands are specified for short length fields. The usage of extended length APDUs is clear from ISO/IEC 7816-4.U.K.
In general the commands are specified for the plain mode, i.e. without secure messaging, as the secure messaging layer is specified in Appendix 11. It is clear from the access rules for a command whether the command shall support secure messaging or not and whether the command shall support generation 1 and / or generation 2 secure messaging. Some command variants are described with secure messaging to illustrate the usage of secure messaging.U.K.
TCS_34The VU shall perform the complete generation 2 VU — card mutual authentication protocol for a session including the certificate verification (if required) either in the DF Tachograph, the DF Tachograph_G2 or the MF.U.K.
3.5.1 SELECT U.K.
This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
The SELECT command is used:
to select an application DF (selection by name must be used)
to select an elementary file corresponding to the submitted file ID
3.5.1.1 Selection by name (AID) U.K.
This command allows selecting an application DF in the card.
TCS_35This command can be performed from anywhere in the file structure (after the ATR or at any time).U.K.
TCS_36The selection of an application resets the current security environment. After performing the application selection, no current public key is selected anymore. The EXT-AUT-G1 access condition is also lost. If the command was performed without secure messaging, the former secure messaging session keys are no longer available.U.K.
TCS_37 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘A4h’ | |
| P1 | 1 | ‘04h’ | Selection by name (AID) |
| P2 | 1 | ‘0Ch’ | No response expected |
| Lc | 1 | ‘NNh’ | Number of bytes sent to the card (length of the AID): ‘06h’ for the Tachograph application |
| #6-#(5+NN) | NN | ‘XX..XXh’ | AID: ‘FF 54 41 43 48 4F’ for the Generation 1 tachograph application AID: ‘FF 53 4D 52 44 54’ for the Generation 2 tachograph application |
No response to the SELECT command is needed (Le absent in T=1, or no response asked in T=0).
TCS_38 Response Message (no response asked) U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the application corresponding with the AID is not found, the processing state returned is ‘6A82’.
In T=1, if the byte Le is present, the state returned is ‘6700’.
In T=0, if a response is asked after the SELECT command, the state returned is ‘6900’.
[F1If the selected application is considered to be corrupted (integrity error is detected within the file attributes), the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
Textual Amendments
3.5.1.2 Selection of an Elementary File using its File Identifier U.K.
TCS_39 Command Message U.K.
TCS_40A tachograph card shall support the generation 2 secure messaging as specified in Appendix 11 Part B for this command variant.U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘A4h’ | |
| P1 | 1 | ‘02h’ | Selection of an EF under the current DF |
| P2 | 1 | ‘0Ch’ | No response expected |
| Lc | 1 | ‘02h’ | Number of bytes sent to the card |
| #6-#7 | 2 | ‘XXXXh’ | File Identifier |
No response to the SELECT command is needed (Le absent in T=1, or no response asked in T=0).
TCS_41 Response Message (no response asked) U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the file corresponding with the file identifier is not found, the processing state returned is ‘6A82’.
In T=1, if the byte Le is present, the state returned is ‘6700’.
In T=0, if a response is asked after the SELECT command, the state returned is ‘6900’.
[F1If the selected file is considered to be corrupted (integrity error is detected within the file attributes), the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
3.5.2 READ BINARY U.K.
This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
The READ BINARY command is used to read data from a transparent file.
The response of the card consists of returning the data read, optionally encapsulated in a secure messaging structure.
3.5.2.1 Command with offset in P1-P2 U.K.
This command enables the IFD to read data from the EF currently selected, without secure messaging.
Note: This command without secure messaging can only be used to read a file that supports the ALW security condition for the Read access mode.U.K.
TCS_42 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Most Significant Byte |
| P2 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Least Significant Byte |
| Le | 1 | ‘XXh’ | Length of data expected. Number of Bytes to be read. |
Note: bit 8 of P1 must be set to 0.U.K.
TCS_43 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#X | X | ‘XX..XXh’ | Data read |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
3.5.2.1.1 Command with secure messaging (examples) U.K.
This command enables the IFD to read data from the EF currently selected with secure messaging, in order to verify the integrity of the data received and to protect the confidentiality of the data if the security condition SM-R-ENC-MAC-G1 (generation 1) or SM-R-ENC-MAC-G2 (generation 2) is applied.
TCS_44 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | P1 ( offset in bytes from the beginning of the file): Most Significant Byte |
| P2 | 1 | ‘XXh’ | P2 ( offset in bytes from the beginning of the file): Least Significant Byte |
| Lc | 1 | ‘XXh’ | Length of input data for secure messaging |
| #6 | 1 | ‘97h’ | TLE: Tag for expected length specification. |
| #7 | 1 | ‘01h’ | LLE: Length of expected length |
| #8 | 1 | ‘NNh’ | Expected length specification (original Le): Number of Bytes to be read |
| #9 | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #10 | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum
|
| #11-#(10+L) | L | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
TCS_45 Response Message if SM-R-ENC-MAC-G1 (generation 1) / SM-R-ENC-MAC-G2 (generation 2) is not required and if Secure Messaging input format is correct: U.K.
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘ 81h ’ | T PV : Tag for plain value data |
| #2 | L | ‘ NNh ’ or ‘ 81 NNh ’ | L PV : length of returned data (=original Le). L is 2 bytes if L PV >127 bytes. |
| #(2+L) - #(1+L+NN) | NN | ‘ XX..XXh ’ | Plain Data value |
| #(2+L+NN) | 1 | ‘ 99h ’ | Tag for Processing Status (SW1-SW2) – optional for generation 1 secure messaging |
| #(3+L+NN) | 1 | ‘ 02h ’ | Length of Processing Status – optional for generation 1 secure messaging |
| #(4+L+NN) - #(5+L+NN) | 2 | ‘ XX XXh ’ | Processing Status of the unprotected response APDU – optional for generation 1 secure messaging |
| #(6+L+NN) | 1 | ‘ 8Eh ’ | TCC: Tag for cryptographic checksum |
| #(7+L+NN) | 1 | ‘ XXh ’ | LCC: Length of following cryptographic checksum
|
| #(8+L+NN)-#(7+M+L+NN) | M | ‘ XX..XXh ’ | Cryptographic checksum |
| SW | 2 | ‘ XXXXh ’ | Status Words (SW1,SW2)] |
TCS_46 Response Message if SM-R-ENC-MAC-G1 (generation 1) / SM-R-ENC-MAC-G2 (generation 2) is required and if Secure Messaging input format is correct: U.K.
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘ 87h ’ | T PI CG : Tag for encrypted data (cryptogram) |
| #2 | L | ‘ MMh ’ or ‘ 81 MMh ’ | L PI CG : length of returned encrypted data (different of original Le of the command due to padding). L is 2 bytes if LPI CG > 127 bytes. |
| #(2+L)-#(1+L+MM) | MM | ‘ 01XX..XXh ’ | Encrypted Data: Padding Indicator and cryptogram |
| #(2+L+MM) | 1 | ‘ 99h ’ | Tag for Processing Status (SW1-SW2) – optional for generation 1 secure messaging |
| #(3+L+MM) | 1 | ‘ 02h ’ | Length of Processing Status – optional for generation 1 secure messaging |
| #(4+L+MM) - #(5+L+MM) | 2 | ‘ XX XXh ’ | Processing Status of the unprotected response APDU – optional for generation 1 secure messaging |
| #(6+L+MM) | 1 | ‘ 8Eh ’ | TCC: Tag for cryptographic checksum |
| #(7+L+MM) | 1 | ‘ XXh ’ | LCC: Length of following cryptographic checksum
|
| #(8+L+MM)-#(7+N+L+MM) | N | ‘ XX..XXh ’ | Cryptographic checksum |
| SW | 2 | ‘ XXXXh ’ | Status Words (SW1,SW2)] |
The READ BINARY command may return regular processing states listed in TCS_43 under Tag ‘99h’ as described in TCS_59 using the secure messaging response structure.
Additionally, some errors specifically related to secure messaging can happen. In that case, the processing state is simply returned, with no secure messaging structure involved:
TCS_47 Response Message if incorrect Secure Messaging input format U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If no current session key is available, the processing state ‘6A88’ is returned. It happens either if the session key has not already been generated or if the session key validity has expired (in this case the IFD must re-run a mutual authentication process to set a new session key).
If some expected data objects (as specified above) are missing in the secure messaging format, the processing state ‘6987’ is returned: this error happens if an expected tag is missing or if the command body is not properly constructed.
If some data objects are incorrect, the processing state returned is ‘6988’: this error happens if all the required tags are present but some lengths are different from the ones expected.
If the verification of the cryptographic checksum fails, the processing state returned is ‘6688’.
3.5.2.2 Command with short EF (Elementary File) identifier U.K.
This command variant enables the IFD to select an EF by means of a short EF identifier and read data from this EF.
TCS_48A tachograph card shall support this command variant for all Elementary Files with a specified short EF identifier. These short EF identifiers are specified in chapter 4.U.K.
TCS_49 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | Bit 8 is set to 1 Bit 7 and 6 are set to 00 Bit 5 — 1 encode the short EF identifier of the corresponding EF |
| P2 | 1 | ‘XXh’ | Encodes an offset from 0 to 255 bytes in the EF referenced by P1 |
| Le | 1 | ‘XXh’ | Length of data expected. Number of Bytes to be read. |
Note: The short EF identifiers used for the Generation 2 tachograph application are specified in chapter 4.U.K.
If P1 encodes a short EF identifier and the command is successful, the identified EF becomes the currently selected EF (current EF).
TCS_50 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Data read |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the file corresponding with the short EF identifier is not found, the processing state returned is ‘6A82’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
3.5.2.3 Command with odd instruction byte U.K.
This command variant enables the IFD to read data from an EF with 32 768 bytes or more.
TCS_51A tachograph card which supports EFs with 32 768 bytes or more shall support this command variant for these EFs. A tachograph card may or may not support this command variant for other EFs with the exception of the EF Sensor_Installation_Data see TCS_156 and TCS_160.U.K.
TCS_52 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B1h’ | Read Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘NNh’ | Lc Length of offset data object. |
| #6-#(5+NN) | NN | ‘XX..XXh’ | Offset data object: Tag ‘54h’ Length ‘01h’ or ‘02h’ Value offset |
| [F1Le | 1 | 'XXh' | As specified in ISO/IEC 7816-4] |
The IFD shall encode the offset data object's length with a minimum possible number of octets, i.e. using the length byte ‘01h’ the IFD shall encode an offset from 0 to 255 and using the length byte ‘02h’ an offset from ‘256’ up to ‘65 535’ bytes.
[F2In case of T = 0 the card assumes the value Le = ‘ 00h ’ if no secure messaging is applied.
Textual Amendments
In case of T = 1 the processing state returned is ‘ 6700 ’ if Le= ‘ 01h ’ .]
TCS_53 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Data read encapsulated in a discretionary data object with tag ‘53h’. |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
3.5.2.3.1 Command with secure messaging (example) U.K.
The following example illustrates the usage of secure messaging if the security condition SM-MAC-G2 applies.
TCS_54Command messageU.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘B1h’ | Read Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘XXh’ | Length of the secured data field |
| #6 | 1 | ‘B3h’ | Tag for plain value data encoded in BER-TLV |
| #7 | 1 | ‘NNh’ | LPV: length of transmitted data |
| #(8)-#(7+NN) | NN | ‘XX..XXh’ | Plain Data encoded in BER-TLV, i.e. the offset data object with tag ‘54’ |
| #(8+NN) | 1 | ‘97h’ | TLE: Tag for expected length specification. |
| #(9+NN) | 1 | ‘01h’ | LLE: Length of expected length |
| #(10+NN) | 1 | ‘XXh’ | Expected length specification (original Le): Number of bytes to be read |
| #(11+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(12+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(13+NN)-#(12+M+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
TCS_55Response message if the command is successfulU.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘B3h’ | Plain Data encoded in BER-TLV |
| #2 | L | ‘NNh’ or ‘81 NNh’ | LPV: length of returned data (=original Le). L is 2 bytes if LPV>127 bytes. |
| #(2+L)-#(1+L+NN) | NN | ‘XX..XXh’ | Plain Data value encoded in BER-TLV, i.e. data read encapsulated in a discretionary data object with tag ‘53h’. |
| #(2+L+NN) | 1 | ‘99h’ | Processing Status of the unprotected response APDU |
| #(3+L+NN) | 1 | ‘02h’ | Length of Processing Status |
| #(4+L+NN) — #(5+L+NN) | 2 | ‘XX XXh’ | Processing Status of the unprotected response APDU |
| #(6+L+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(7+L+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(8+L+NN)-#(7+M+L+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
3.5.3 UPDATE BINARY U.K.
This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
The UPDATE BINARY command message initiates the update (erase + write) of the bits already present in an EF binary with the bits given in the command APDU.
3.5.3.1 Command with offset in P1-P2 U.K.
This command enables the IFD to write data into the EF currently selected, without the card verifying the integrity of data received.
Note: This command without secure messaging can only be used to update a file that supports the ALW security condition for the Update access mode.U.K.
TCS_56 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘D6h’ | Update Binary |
| P1 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Most Significant Byte |
| P2 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Least Significant Byte |
| Lc | 1 | ‘NNh’ | Lc Length of data to Update. Number of bytes to be written. |
| #6-#(5+NN) | NN | ‘XX..XXh’ | Data to be written |
Note: bit 8 of P1 must be set to 0.U.K.
TCS_57 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.
If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘6400’ or ‘6500’.
If writing is unsuccessful, the processing state returned is ‘6581’.
3.5.3.1.1 Command with secure messaging (examples) U.K.
This command enables the IFD to write data into the EF currently selected, with the card verifying the integrity of data received. As no confidentiality is required, the data are not encrypted.
TCS_58 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘D6h’ | Update Binary |
| P1 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Most Significant Byte |
| P2 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Least Significant Byte |
| Lc | 1 | ‘XXh’ | Length of the secured data field |
| #6 | 1 | ‘81h’ | TPV: Tag for plain value data |
| #7 | L | ‘NNh’ or ‘81 NNh’ | LPV: length of transmitted data. L is 2 bytes if LPV > 127 bytes. |
| #(7+L)-#(6+L+NN) | NN | ‘XX..XXh’ | Plain Data value (Data to be written) |
| #(7+L+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(8+L+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum‘04h’ for Generation 1 secure messaging (see Appendix 11 Part A) ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(9+L+NN)-#(8+M+L+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
TCS_59 Response message if correct Secure Messaging input format U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘99h’ | TSW: Tag for Status Words (to be protected by CC) |
| #2 | 1 | ‘02h’ | LSW: length of returned Status Words |
| #3-#4 | 2 | ‘XXXXh’ | Processing Status of the unprotected response APDU |
| #5 | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #6 | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum
|
| #7-#(6+L) | L | ‘XX..XXh’ | Cryptographic checksum |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
The ‘regular’ processing states, described for the UPDATE BINARY command with no secure messaging (see §3.5.3.1), can be returned using the response message structure described above.
Additionally, some errors specifically related to secure messaging can happen. In that case, the processing state is simply returned, with no secure messaging structure involved:
TCS_60 Response Message if error in secure messaging U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If no current session key is available, the processing state ‘6A88’ is returned.
If some expected data objects (as specified above) are missing in the secure messaging format, the processing state ‘6987’ is returned: this error happens if an expected tag is missing or if the command body is not properly constructed.
If some data objects are incorrect, the processing state returned is ‘6988’: this error happens if all the required tags are present but some lengths are different from the ones expected.
If the verification of the cryptographic checksum fails, the processing state returned is ‘6688’.
3.5.3.2 Command with short EF identifier U.K.
This command variant enables the IFD to select an EF by means of a short EF identifier and write data from this EF.
TCS_61A tachograph card shall support this command variant for all Elementary Files with a specified short EF identifier. These short EF identifiers are specified in chapter 4.U.K.
TCS_62 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘D6h’ | Update Binary |
| P1 | 1 | ‘XXh’ | Bit 8 is set to 1 Bit 7 and 6 are set to 00 Bit 5 — 1 encode the short EF identifier of the corresponding EF |
| P2 | 1 | ‘XXh’ | Encodes an offset from 0 to 255 bytes in the EF referenced by P1 |
| Lc | 1 | ‘NNh’ | Lc Length of data to Update. Number of bytes to be written. |
| #6-#(5+NN) | NN | ‘XX..XXh’ | Data to be written |
TCS_63 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
Note: The short EF identifiers used for the generation 2 tachograph application are specified in chapter 4.U.K.
If P1 encodes a short EF identifier and the command is successful, the identified EF becomes the currently selected EF (current EF).
If the command is successful, the card returns ‘9000’.
If the file corresponding with the short EF identifier is not found, the processing state returned is ‘6A82’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If writing is unsuccessful, the processing state returned is ‘6581’.
3.5.3.3 Command with odd instruction byte U.K.
This command variant enables the IFD to write data to an EF with 32 768 bytes or more.
TCS_64A tachograph card which supports EFs with 32 768 bytes or more shall support this command variant for these EFs. A tachograph card may or may not support this command variant for other EFs.U.K.
TCS_65 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘D7h’ | Update Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘NNh’ | Lc Length of data in the command data field |
| #6-#(5+NN) | NN | ‘XX..XXh’ | Offset data object with tag ‘54h’ || Discretionary data object with tag ‘53h’ that encapsulates the data to be written |
The IFD shall encode the offset data object's and the discretionary data object's length with the minimum possible number of octets, i.e. using the length byte ‘01h’ the IFD shall encode an offset / length from 0 to 255 and using the length byte ‘02h’ an offset / length from ‘256’ up to ‘65 535’ bytes.
TCS_66 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be written is not compatible with the size of the EF (Offset + Lc > EF size) the processing state returned is ‘6700’.
If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘6400’ or ‘6500’.
If writing is unsuccessful, the processing state returned is ‘6581’.
3.5.3.3.1 Command with secure messaging (example) U.K.
The following example illustrates the usage of secure messaging if the security condition SM-MAC-G2 applies.
TCS_67Command messageU.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘D7h’ | Update Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘XXh’ | Length of the secured data field |
| #6 | 1 | ‘B3h’ | Tag for plain value data encoded in BER-TLV |
| #7 | L | ‘NNh’ or ‘81 NNh’ | LPV: length of transmitted data. L is 2 bytes if LPV > 127 bytes. |
| #(7+L)-#(6+L+NN) | NN | ‘XX..XXh’ | Plain Data encoded in BER-TLV, i.e. offset data object with tag ‘54h’ || Discretionary data object with tag ‘53h’ that encapsulates the data to be written |
| #(7+L+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(8+L+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(9+L+NN)-#(8+M+L+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
TCS_68Response message if the command is successfulU.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘99h’ | TSW: Tag for Status Words (to be protected by CC) |
| #2 | 1 | ‘02h’ | LSW: length of returned Status Words |
| #3-#4 | 2 | ‘XXXXh’ | Processing Status of the unprotected response APDU |
| #5 | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #6 | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #7-#(6+L) | L | ‘XX..XXh’ | Cryptographic checksum |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
3.5.4 GET CHALLENGE U.K.
This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
The GET CHALLENGE command asks the card to issue a challenge in order to use it in a security related procedure in which a cryptogram or some ciphered data are sent to the card.
TCS_69The Challenge issued by the card is only valid for the next command, which uses a challenge, sent to the card.U.K.
TCS_70 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘84h’ | INS |
| P1 | 1 | ‘00h’ | P1 |
| P2 | 1 | ‘00h’ | P2 |
| Le | 1 | ‘08h’ | Le (Length of Challenge expected). |
TCS_71 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#8 | 8 | ‘XX..XXh’ | Challenge |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If Le is different from ‘08h’, the processing state is ‘6700’.
If parameters P1-P2 are incorrect, the processing state is ‘6A86’.
3.5.5 VERIFY U.K.
This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
Only the workshop card is required to support this command.
Other types of tachograph cards may or may not implement this command, but for these cards no reference CHV is personalized. Therefore these cards cannot perform this commend successfully. For other types of tachograph cards than workshop cards the behavior, i.e. the error code returned, is out of the scope of this specification, if this command is sent.
The Verify command initiates the comparison in the card of the CHV (PIN) data sent from the command with the reference CHV stored in the card.
[F1TCS_72 The PIN entered by the user must be ASCII encoded and right padded with ‘ FFh ’ bytes up to a length of 8 bytes by the IFD, see also the data type WorkshopCardPIN in Appendix 1.] U.K.
TCS_73The tachograph applications generation 1 and 2 shall use the same reference CHV.U.K.
TCS_74The tachograph card shall check whether the command is encoded correctly. If the command is not encoded correctly the card shall not compare the CHV values, not decrement the remaining CHV attempt counter and not reset the security status ‘PIN_Verified’, but abort the command. A command is encoded correctly, if the CLA, INS, P1, P2, Lc bytes have the specified values, Le is absent, and the command data field has the correct length.U.K.
TCS_75If the command is successful, the remaining CHV attempt counter is reinitialised. The initial value of the remaining CHV attempt counter is 5. If the command is successful the card shall set the internal security status ‘PIN_Verified’. The card shall reset this security status, if the card is reset or if the CHV code transmitted in the command does not match the stored reference CHV.U.K.
Note: Using the same reference CHV and a global security status prevents that a workshop employee must re-enter the PIN after a selection of another tachograph application DF.U.K.
TCS_76An unsuccessful comparison is recorded in the card, i.e. the remaining CHV attempts counter shall be decremented by one, in order to limit the number of further attempts of the use of the reference CHV.U.K.
TCS_77 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘20h’ | INS |
| P1 | 1 | ‘00h’ | P1 |
| P2 | 1 | ‘00h’ | P2 (the verified CHV is implicitly known) |
| Lc | 1 | ‘08h’ | Length of CHV code transmitted |
| #6-#13 | 8 | ‘XX..XXh’ | CHV |
TCS_78 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the reference CHV is not found, the processing state returned is ‘6A88’.
If the CHV is blocked, (the remaining attempt counter of the CHV is null), the processing state returned is ‘6983’. Once in that state, the CHV can never be successfully presented anymore.
If the comparison is unsuccessful, the remaining attempt Counter is decreased and the status ‘63CX’ is returned (X>0 and X equals the remaining CHV attempts counter.
If the reference CHV is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
If Lc is different from ‘08h’, the processing state is ‘6700’.
3.5.6 GET RESPONSE U.K.
This command is compliant with ISO/IEC 7816-4.
This command (only necessary and available for T=0 Protocol) is used to transmit prepared data from the card to the interface device (case where a command had included both Lc and Le).
The GET RESPONSE command has to be issued immediately after the command preparing the data, otherwise, the data are lost. After the execution of the GET RESPONSE command (except if the error ‘61xx’ or ‘6Cxx’ occur, see below), the previously prepared data are no longer available.
TCS_79 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘C0h’ | |
| P1 | 1 | ‘00h’ | |
| P2 | 1 | ‘00h’ | |
| Le | 1 | ‘XXh’ | Number of bytes expected |
TCS_80 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#X | X | ‘XX..XXh’ | Data |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no data have been prepared by the card, the processing state returned is ‘6900’ or ‘6F00’.
If Le exceeds the number of available bytes or if Le is null, the processing state returned is ‘6Cxx’, where xx denotes the exact number of available bytes. In that case, the prepared data are still available for a subsequent GET RESPONSE command.
If Le is not null and is smaller than the number of available bytes, the required data are sent normally by the card, and the processing state returned is ‘61xx’, where ‘xx’ indicates a number of extra bytes still available by a subsequent GET RESPONSE command.
If the command is not supported (protocol T=1), the card returns ‘6D00’.
3.5.7 PSO: VERIFY CERTIFICATE U.K.
This command is compliant with ISO/IEC 7816-8, but has a restricted usage compared to the command defined in the norm.
The VERIFY CERTIFICATE command is used by the card to obtain a Public Key from the outside and to check its validity.
3.5.7.1 Generation 1 Command — Response pair U.K.
TCS_81This command variant is only supported by a generation 1 tachograph application.U.K.
TCS_82When a VERIFY CERTIFICATE command is successful, the Public Key is stored for a future use in the Security environment. This key shall be explicitly set for the use in security related commands (INTERNAL AUTHENTICATE, EXTERNAL AUTHENTICATE or VERIFY CERTIFICATE) by the MSE command (see § 3.5.11) using its key identifier.U.K.
TCS_83In any case, the VERIFY CERTIFICATE command uses the public key previously selected by the MSE command to open the certificate. This public key must be the one of a Member State or of Europe.U.K.
TCS_84 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘2Ah’ | Perform Security Operation |
| P1 | 1 | ‘00h’ | P1 |
| P2 | 1 | ‘AEh’ | P2: non BER-TLV coded data (concatenation of data elements) |
| Lc | 1 | ‘C2h’ | Lc: Length of the certificate, 194 bytes |
| #6-#199 | 194 | ‘XX..XXh’ | Certificate: concatenation of data elements (as described in Appendix 11) |
TCS_85 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the certificate verification fails, the processing state returned is ‘6688’. The verification and unwrapping process of the certificate is described in Appendix 11 for G1 and G2.
If no Public Key is present in the Security Environment, ‘6A88’ is returned.
If the selected public key (used to unwrap the certificate) is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
Generation 1 only: If the selected public key (used to unwrap the certificate) has a CHA.LSB (
) different from ‘00’ (i.e. is not the one of a Member State or of Europe), the processing state returned is ‘6985’.
3.5.7.2 Generation 2 Command — Response pair U.K.
Depending on the curve size ECC certificates may be so long that they cannot be transmitted in a single APDU. In this case command chaining according to ISO/IEC 7816-4 must be applied and the certificate transmitted in two consecutive PSO: Verify Certificate APDUs.
The certificate structure and the domain parameters are defined in Appendix 11.
TCS_86The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.U.K.
TCS_87 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘X0h’ | CLA byte indicating command chaining:
|
| INS | 1 | ‘2Ah’ | Perform Security Operation |
| P1 | 1 | ‘00h’ | |
| P2 | 1 | ‘BEh’ | Verify self-descriptive certificate |
| Lc | 1 | ‘XXh’ | Length of the command data field, see TCS_88 and TCS_89. |
| #6-#5+L | L | ‘XX..XXh’ | DER-TLV encoded data: ECC Certificate Body data object as first data object concatenated with the ECC Certificate Signature data object as second data object or a part of this concatenation. The tag ‘7F21’ and the corresponding length shall not be transmitted. The order of these data objects is fixed. |
TCS_88For short length APDUs the following provisions apply: The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU according to the value of the Information Field Size Card Byte, see TCS_14. If the IFD behaves differently, the behavior of the card is out of scope.U.K.
TCS_89For extended length APDUs the following provisions apply: If the certificate does not fit into a single APDU, the card shall support command chaining. The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU. If the IFD behaves differently, the behavior of the card is out of scope.U.K.
Note: According to Appendix 11 the card stores the certificate or the relevant contents of the certificate and updates its currentAuthenticatedTime.U.K.
The response message structure and status words are as defined in TCS_85.
TCS_90In addition to the error codes listed in TCS_85, the card may return the following error codes:U.K.
If the selected public key (used to unwrap the certificate) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the certificate verification according to Appendix 11, the processing state returned is ‘6985’.
If the currentAuthenticatedTime of the card is later than the Certificate Expiration Date, the processing state returned is ‘6985’.
If the last command of the chain is expected, the card returns ‘6883’.
If incorrect parameters are sent in the command data field, the card returns ‘6A80’ (also used in case the data objects are not sent in the specified order).
3.5.8 INTERNAL AUTHENTICATE U.K.
This command is compliant with ISO/IEC 7816-4.
TCS_91All tachograph cards shall support this command in the DF Tachograph generation 1. The command may or may not be accessible in the MF and / or the DF Tachograph_G2. If so, the command shall terminate with a suitable error code as the private key of the card (Card.SK) for the generation 1 authentication protocol is only accessible in the DF_Tachograph generation 1.U.K.
Using the INTERNAL AUTHENTICATE command, the IFD can authenticate the card. The authentication process is described in Appendix 11. It includes the following statements:
TCS_92The INTERNAL AUTHENTICATE command uses the card Private Key (implicitly selected) to sign authentication data including K1 (first element for session key agreement) and RND1, and uses the Public Key currently selected (through the last MSE command) to encrypt the signature and form the authentication token (more details in Appendix 11).U.K.
TCS_93 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | CLA |
| INS | 1 | ‘88h’ | INS |
| P1 | 1 | ‘00h’ | P1 |
| P2 | 1 | ‘00h’ | P2 |
| Lc | 1 | ‘10h’ | Length of data sent to the card |
| #6 — #13 | 8 | ‘XX..XXh’ | Challenge used to authenticate the card |
| #14 -#21 | 8 | ‘XX..XXh’ | VU.CHR (see Appendix 11) |
| Le | 1 | ‘80h’ | Length of the data expected from the card |
TCS_94 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#128 | 128 | ‘XX..XXh’ | Card authentication token (see Appendix 11) |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no Public Key is present in the Security Environment, the processing state returned is ‘6A88’.
If no Private Key is present in the Security Environment, the processing state returned is ‘6A88’.
If VU.CHR does not match the current public key identifier, the processing state returned is ‘6A88’.
If the selected private key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
[F1TCS_95 If the INTERNAL AUTHENTICATE command is successful, the current generation 1 session key, if existing, is erased and no longer available. In order to have a new generation 1 session key available, the EXTERNAL AUTHENTICATE command for the generation 1 authentication mechanism must be successfully performed. U.K.
Note: For generation 2 session keys see Appendix 11 CSM_193 and CSM_195. If generation 2 session keys are established and the tachograph card receives the plain INTERNAL AUTHENTICATE command APDU, it aborts the generation 2 secure messaging session and destroys the generation 2 session keys.] U.K.
3.5.9 EXTERNAL AUTHENTICATE U.K.
This command is compliant with ISO/IEC 7816-4.
Using the EXTERNAL AUTHENTICATE command, the card can authenticate the IFD. The authentication process is described in Appendix 11 for Tachograph G1 and G2 (VU authentication).
TCS_96The command variant for the generation 1 mutual authentication mechanism is only supported by a generation 1 tachograph application.U.K.
[F1TCS_97 The command variant for the second generation VU-card mutual authentication can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34. If this generation 2 EXTERNAL AUTHENTICATE command is successful, the current generation 1 session key, if existing, is erased and no longer available. U.K.
Note: For generation 2 session keys see Appendix 11 CSM_193 and CSM_195. If generation 2 session keys are established and the tachograph card receives the plain EXTERNAL AUTHENTICATE command APDU, it aborts the generation 2 secure messaging session and destroys the generation 2 session keys.] U.K.
TCS_98 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | CLA |
| INS | 1 | ‘82h’ | INS |
| P1 | 1 | ‘00h’ | Keys and algorithms implicitly known |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘XXh’ | Lc (Length of the data sent to the card ) |
| #6-#(5+L) | L | ‘XX..XXh’ | Generation 1 authentication: Cryptogram (see Appendix 11 Part A) Generation 2 authentication: Signature generated by the IFD (see Appendix 11 Part B) |
TCS_99 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the CHA of the currently set public key is not the concatenation of the Tachograph application AID and of a VU equipment Type, the processing state returned is ‘6F00’.
If the command is not immediately preceded with a GET CHALLENGE command, the processing state returned is ‘6985’.
The Generation 1 Tachograph application may return the following additional error codes:
If no Public Key is present in the Security Environment, ‘6A88’ is returned.
If no Private Key is present in the Security Environment, the processing state returned is ‘6A88’.
If the verification of the cryptogram is wrong, the processing state returned is ‘6688’.
If the selected private key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
The command variant for the Generation 2 authentication may return the following additional error code:
If signature verification failed, the card returns ‘6300’.
3.5.10 GENERAL AUTHENTICATE U.K.
This command is used for the generation 2 chip authentication protocol specified in Appendix 11 Part B and is compliant with ISO/IEC 7816-4.
TCS_100The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.
TCS_101 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘86h’ | |
| P1 | 1 | ‘00h’ | Keys and protocol implicitly known |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘NNh’ | Lc: length of subsequent data field |
| #6-#(5+L) | L | ‘7Ch’ + L7C + ‘80h’ + L80 + ‘XX..XXh’ | DER-TLV encoded ephemeral public key value (see Appendix 11) The VU shall send the data objects in this order. |
| [F25 + L + 1 | 1 | ‘ 00h ’ | As specified in ISO/IEC 7816-4] |
TCS_102 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘7Ch’ + L7C + ‘81h’ + ‘08h’ + ‘XX..XXh’ + ‘82h’ + L82 + ‘XX..XXh’ | DER-TLV encoded Dynamic Authentication Data: nonce and authentication token (see Appendix 11) |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
The card returns ‘6A80’ to indicate incorrect parameters in data field.
The card returns ‘6982’ if the External Authenticate command has not been performed successfully
The response Dynamic Authentication Data object ‘7Ch’
must be present if the operation is successful, i.e. the Status Words are ‘9000’,
must be absent in case of an execution error or checking error, i.e. if the Status Words are in the range ‘6400’ — ‘6FFF’, and
may be absent in case of a warning, i.e. if the Status Words are in the range ‘6200’ — ‘63FF’.
3.5.11 MANAGE SECURITY ENVIRONMENT U.K.
This command is used to set a public key for authentication purpose.
3.5.11.1 Generation 1 Command — Response pair U.K.
This command is compliant with ISO/IEC 7816-4. The use of this command is restricted regarding the related standard.
TCS_103This command is only supported by a generation 1 tachograph application.U.K.
TCS_104The key referenced in the MSE data field remains the current public key until the next correct MSE command, a DF is selected or the card is reset.U.K.
TCS_105If the key referenced is not (already) present into the card, the security environment remains unchanged.U.K.
TCS_106 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | CLA |
| INS | 1 | ‘22h’ | INS |
| P1 | 1 | ‘C1h’ | P1: referenced key valid for all cryptographic operations |
| P2 | 1 | ‘B6h’ | P2 (referenced data concerning Digital Signature) |
| Lc | 1 | ‘0Ah’ | Lc: length of subsequent data field |
| #6 | 1 | ‘83h’ | Tag for referencing a public key in asymmetric cases |
| #7 | 1 | ‘08h’ | Length of the key reference (key identifier) |
| #8-#15 | 8 | ‘XX..XXh’ | Key identifier as specified in Appendix 11 |
TCS_107 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the referenced key is not present into the card, the processing state returned is ‘6A88’.
If some expected data objects are missing in the secure messaging format, the processing state ‘6987’ is returned. This can happen if the tag ‘83h’ is missing.
If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if the length of the key identifier is not ‘08h’.
If the selected key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
3.5.11.2 Generation 2 Command — Response pairs U.K.
For the Generation 2 authentication the tachograph card supports the following MSE: Set command versions which are compliant with ISO/IEC 7816-4. These command versions are not supported for the Generation 1 authentication.
3.5.11.2.1 MSE:SET AT for Chip Authentication U.K.
The following MSE:SET AT command is used to select the parameters for the Chip Authentication that is performed by a subsequent General Authenticate command.
TCS_108The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.
TCS_109 MSE:SET AT Command Message for Chip Authentication U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘22h’ | |
| P1 | 1 | ‘41h’ | Set for internal authentication |
| P2 | 1 | ‘A4h’ | Authentication |
| Lc | 1 | ‘NNh’ | Lc: length of subsequent data field |
| #6-#(5+L) | L | ‘80h’ + ‘0Ah’ + ‘XX..XXh’ | DER-TLV encoded cryptographic mechanism reference: Object Identifier of Chip Authentication (value only, Tag ‘06h’ is omitted). See Appendix 1 for the values of object identifiers; the byte notation shall be used. See Appendix 11 for guidance on how to select one of these object identifiers. |
3.5.11.2.2 MSE:SET AT for VU Authentication U.K.
The following MSE:SET AT command is used to select the parameters and keys for the VU Authentication that is performed by a subsequent External Authenticate command.
TCS_110The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34.U.K.
TCS_111 MSE:SET AT Command Message for VU Authentication U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘22h’ | |
| P1 | 1 | ‘81h’ | Set for external authentication |
| P2 | 1 | ‘A4h’ | Authentication |
| Lc | 1 | ‘NNh’ | Lc: length of subsequent data field |
| #6-#(5+L) | L | ‘80h’ + ‘0Ah’ + ‘XX..XXh’ | DER-TLV encoded cryptographic mechanism reference: Object Identifier of VU Authentication (value only, Tag ‘06h’ is omitted). See Appendix 1 for the values of object identifiers; the byte notation shall be used. See Appendix 11 for guidance on how to select one of these object identifiers. |
| ‘83h’ + ‘08h’ + ‘XX..XXh’ | DER-TLV encoded reference of the VU public key by the Certificate Holder Reference mentioned in its certificate. | ||
| ‘91h’ + L91 + ‘XX..XXh’ | DER-TLV encoded compressed representation of the ephemeral public key of the VU that will be used during Chip Authentication (see Appendix 11) |
3.5.11.2.3 MSE:SET DST U.K.
The following MSE:SET DST command is used to set a public key either
for the verification of a signature that is provided in a subsequent PSO: Verify Digital Signature command or
for the signature verification of a certificate that is provided in a subsequent PSO: Verify Certificate command
TCS_112The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.U.K.
TCS_113 MSE:SET DST Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘22h’ | |
| P1 | 1 | ‘81h’ | Set for verification |
| P2 | 1 | ‘B6h’ | Digital Signature |
| Lc | 1 | ‘NNh’ | Lc: length of subsequent data field |
| #6-#(5+L) | L | ‘83h’ + ‘08h’ + ‘XX...XXh’ | DER-TLV encoded reference of a public key, i.e. the Certificate Holder Reference in the certificate of the public key (see Appendix 11) |
For all command versions the response message structure and status words are given by:
TCS_114 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’. The protocol has been selected and initialised.
‘6A80’ indicates incorrect parameters in the command data field.
‘6A88’ indicates that referenced data (i.e. a referenced key) is not available.
[F2If the currentAuthenticatedTime of the card is later than the Expiration Date of the selected public key, the processing state returned is ‘ 6A88 ’ .
Note: In the case of a MSE: SET AT for VU Authentication command, the referenced key is a VU_MA public key. The card shall set the VU_MA public key for use, if available in its memory, which matches the Certificate Holder Reference (CHR) given in the command data field (the card can identify VU_MA public keys by means of the certificate's CHA field). A card shall return ‘ 6A 88 ’ to this command in case only the VU_Sign public key or no public key of the Vehicle Unit is available. See the definition of the CHA field in Appendix 11 and of data type equipmentType in Appendix 1. U.K.
Similarly, in case an MSE: SET DST command referencing an EQT (i.e. a VU or a card) is sent to a control card, according to CSM_234 the referenced key is always an EQT_Sign key that has to be used for the verification of a digital signature. According to Figure 13 in Appendix 11, the control card will always have stored the relevant EQT_Sign public key. In some cases, the control card may have stored the corresponding EQT_MA public key. The control card shall always set the EQT_Sign public key for use when it receives an MSE: SET DST command.]
3.5.12 PSO: HASH U.K.
This command is used to transfer to the card the result of a hash calculation on some data. This command is used for the verification of digital signatures. The hash value is stored temporarily for the subsequent command PSO: Verify Digital Signature
This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.
Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.
The control card application generation 1 supports only SHA-1.
TCS_115The temporarily stored hash value shall be deleted if a new hash value is computed by means of the PSO: HASH command, if a DF is selected, and if the tachograph card is reset.U.K.
TCS_116 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | CLA |
| INS | 1 | ‘2Ah’ | Perform Security Operation |
| P1 | 1 | ‘90h’ | Return Hash code |
| P2 | 1 | ‘A0h’ | Tag: data field contains DOs relevant for hashing |
| Lc | 1 | ‘XXh’ | Length Lc of the subsequent data field |
| #6 | 1 | ‘90h’ | Tag for the hash code |
| #7 | 1 | ‘XXh’ | Length L of the hash code:
|
| #8-#(7+L) | L | ‘XX..XXh’ | Hash code |
TCS_117 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the tag ‘90h’ is missing.
If some data objects are incorrect, the processing state returned is ‘6988’. This error happens if the required tag is present but with a length different from ‘14h’ for SHA-1, ‘20h’ for SHA-256, ‘30h’ for SHA-384, ‘40h’ for SHA-512 (Generation 2 application).
3.5.13 PERFORM HASH of FILE U.K.
This command is not compliant with ISO/IEC 7816-8. Thus the CLA byte of this command indicates that there is a proprietary use of the PERFORM SECURITY OPERATION / HASH.
Only the driver card and the workshop card are required to support this command in the DF Tachograph and DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command. If a company or control card implements this command, the command shall be implemented as specified in this chapter.
The command may or may not be accessible in the MF. If so, the command shall be implemented as specified in this chapter, i.e. shall not allow the calculation of a hash value, but terminate with a suitable error code.
TCS_118The PERFORM HASH of FILE command is used to hash the data area of the currently selected transparent EF.U.K.
TCS_119A tachograph card shall support this command only for the EFs that are listed in chapter 4 under the DF_Tachograph and DF_Tachograph_G2 with the following exception. A tachograph card shall not support the command for the EF Sensor_Installation_Data of DF Tachograph_G2..U.K.
TCS_120The result of the hash operation is stored temporarily in the card. It can then be used to get a digital signature of the file, using the PSO: COMPUTE DIGITAL SIGNATURE command.U.K.
[F1TCS_121 The temporarily stored hash of file value shall be deleted if a new hash of file value is computed by means of the PERFORM HASH of FILE command, if a DF is selected, and if the tachograph card is reset.] U.K.
TCS_122The Tachograph Generation 1 application shall support SHA-1.U.K.
[F1TCS_123 The Tachograph Generation 2 application shall support the SHA-2 algorithm (SHA-256, SHA-384 or SHA-512), specified by the cipher suite in Appendix 11 Part B for the card signature key Card_Sign.] U.K.
TCS_124 Command Message U.K.
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘ 80h ’ | CLA |
| INS | 1 | ‘ 2Ah ’ | Perform Security Operation |
| P1 | 1 | ‘ 90h ’ | Tag: Hash |
| P2 | 1 | ‘ 00h ’ | Algorithm implicitly known For the Tachograph Generation 1 application: SHA-1 For the Tachograph Generation 2 application: SHA-2 algorithm (SHA-256, SHA-384 or SHA-512) defined by the cipher suite in Appendix 11 Part B for the card signature key Card_Sign] |
TCS_125 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the current EF does not allow this command (EF Sensor_Installation_Data in DF Tachograph_G2), the processing state ‘6985’ is returned.
If the selected EF is considered corrupted (file attributes or stored data integrity errors), the processing state returned is ‘6400’ or ‘6581’.
If the selected file is not a transparent file or if there is no current EF, the processing state returned is ‘6986’.
3.5.14 PSO: COMPUTE DIGITAL SIGNATURE U.K.
[F1This command is used to compute the digital signature of previously computed hash code (see PERFORM HASH of FILE, §3.5.13).
Only the driver card and the workshop card are required to support this command in the DF Tachograph and DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command. In case of the Generation 2 tachograph application, only the driver card and the workshop card have a generation 2 signature key, other cards are not able to successfully perform the command and terminate with a suitable error code.
The command may or may not be accessible in the MF. If the command is not accessible in the MF, it shall terminate with a suitable error code.
This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.]
TCS_126This command shall not compute a digital signature of previously computed hash code with the PSO: HASH command.U.K.
TCS_127The card private key is used to compute the digital signature and is implicitly known by the card.U.K.
TCS_128The Generation 1 tachograph application performs a digital signature using a padding method compliant with PKCS1 (see Appendix 11 for details).U.K.
TCS_129The Generation 2 tachograph application computes an elliptic curve based digital signature (see Appendix 11 for details).U.K.
TCS_130 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | CLA |
| INS | 1 | ‘2Ah’ | Perform Security Operation |
| P1 | 1 | ‘9Eh’ | Digital signature to be returned |
| P2 | 1 | ‘9Ah’ | Tag: data field contains data to be signed. As no data field is included, the data are supposed to be already present in the card (hash of file) |
| Le | 1 | ‘NNh’ | Length of the expected signature |
TCS_131 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Signature of the previously computed hash |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the implicitly selected private key is considered as corrupted, the processing state returned is ‘6400’ or ‘6581’.
If the hash which was computed in a previous Perform Hash of File command is not available, the processing state returned is ‘6985’.
3.5.15 PSO: VERIFY DIGITAL SIGNATURE U.K.
This command is used to verify the digital signature, provided as an input, whose hash is known to the card. The signature algorithm is implicitly known by the card.
This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.
Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.
TCS_132The VERIFY DIGITAL SIGNATURE command always uses the public key selected by the previous Manage Security Environment MSE: Set DST command and the previous hash code entered by a PSO: HASH command.U.K.
TCS_133 Command Message U.K.
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘ 00h ’ | CLA |
| INS | 1 | ‘ 2Ah ’ | Perform Security Operation |
| P1 | 1 | ‘ 00h ’ | |
| P2 | 1 | ‘ A8h ’ | Tag: data field contains DOs relevant for verification |
| Lc | 1 | ‘ XXh ’ | Length Lc of the subsequent data field |
| #6 | 1 | ‘ 9Eh ’ | Tag for Digital Signature |
| #7 or #7-#8 | L | ‘ NNh ’ or ‘ 81 NNh ’ | Length of digital signature (L is 2 bytes if the digital signature is longer than 127 bytes):
|
| #(7+L)-#(6+L+NN) | NN | ‘ XX..XXh ’ | Digital signature content] |
TCS_134 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the verification of the signature fails, the processing state returned is ‘6688’. The verification process is described in Appendix 11.
If no public key is selected, the processing state returned is ‘6A88’.
If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the required tag is missing.
If no hash code is available to process the command (as a result of a previous PSO: Hash command), the processing state returned is ‘6985’.
If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if one of the required data objects length is incorrect.
If the selected public key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
[F2If the selected public key (used to verify the digital signature) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the digital signature verification according to Appendix 11, the processing state returned is ‘ 6985 ’.]
3.5.16 PROCESS DSRC MESSAGE U.K.
This command is used to verify the integrity and authenticity of the DSRC message and to decipher the data communicated from a VU to a control authority or a workshop over the DSRC link. The card derives the encryption key and the MAC key used to secure the DSRC message as described in Appendix 11 Part B chapter 13.
Only the control card and the workshop card are required to support this command in the DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command, but shall not have a DSRC master key. Therefore these cards cannot perform the command successfully, but terminate with a suitable error code.
The command may or may not be accessible in the MF and / or the DF Tachograph. If so, the command shall terminate with a suitable error code.
TCS_135The DSRC master key is accessible only in the DF Tachograph_G2, i.e. the control and workshop card shall support a successful execution of the command only in the DF Tachograph_G2.U.K.
TCS_136The command shall only decrypt the DSRC data and verify the cryptographic checksum, but not interpret the input data.U.K.
TCS_137The order of the data objects in the command data field is fixed by this specification.U.K.
TCS_138 Command Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘80h’ | Proprietary CLA |
| INS | 1 | ‘2Ah’ | Perform Security Operation |
| P1 | 1 | ‘80h’ | Response data: plain value |
| P2 | 1 | ‘B0h’ | Command data: plain value encoded in BER-TLV and including SM DOs |
| Lc | 1 | ‘NNh’ | Length Lc of the subsequent data field |
| #6-#(5+L) | L | ‘87h’ + L87 + ‘XX..XXh’ | DER-TLV encoded padding-content indicator byte followed by encrypted tachograph payload. For the padding-content indicator byte the value ‘00h’ (‘no further indication’ according to ISO/IEC 7816-4:2013 Table 52) shall be used. For the encryption mechanism see Appendix 11, Part B chapter 13. Allowed values for the length L87 are the multiples of the AES block length plus 1 for the padding-content indicator byte, i.e. from 17 bytes up to and including 193 bytes. Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘87h’. |
| ‘81h’ + ‘10h’ | DER-TLV encoded Control Reference Template for Confidentiality nesting the concatenation of the following data elements (see Appendix 1 DSRCSecurityData and Appendix 11 Part B chapter 13):
Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘81h’. | ||
| ‘8Eh’ + L8E + ‘XX..XXh’ | DER-TLV encoded MAC over the DSRC message. For the MAC algorithm and calculation see Appendix 11, Part B chapter 13. Note: See ISO/IEC 7816-4:2013 Table 49 for the SM data object with tag ‘8Eh’. | ||
| [F25 + L + 1 | 1 | ‘ 00h ’ | As specified in ISO/IEC 7816-4] |
TCS_139 Response Message U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Absent (in case of an error) or deciphered data (padding removed) |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
‘6A80’ indicates incorrect parameters in the command data field (also used in case the data objects are not sent in the specified order).
‘6A88’ indicates that referenced data is not available, i.e. the referenced DSRC master key is not available.
‘6900’ indicates that the verification of the cryptographic checksum or the decryption of the data failed.
‘ [F26985 ’ indicates that the 4-byte time stamp provided in the command data field is earlier than cardValidityBegin or later than cardExpiryDate.]