Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance) (c. 799)

Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.

ANNEX I CU.K. Requirements for construction, testing, installation, and inspection

Appendix 2

TACHOGRAPH CARDS SPECIFICATION U.K.

3.HARDWARE AND COMMUNICATIONU.K.

3.5. Command descriptions U.K.

3.5.7 PSO: VERIFY CERTIFICATE U.K.

3.5.7.2 Generation 2 Command — Response pair U.K.

Depending on the curve size ECC certificates may be so long that they cannot be transmitted in a single APDU. In this case command chaining according to ISO/IEC 7816-4 must be applied and the certificate transmitted in two consecutive PSO: Verify Certificate APDUs.

The certificate structure and the domain parameters are defined in Appendix 11.

TCS_86The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.U.K.

TCS_87 Command Message U.K.

Byte	Length	Value	Description
CLA	1	‘X0h’	CLA byte indicating command chaining: ‘00h’ the only or last command of the chain ‘10h’ not the last command of a chain
INS	1	‘2Ah’	Perform Security Operation
P1	1	‘00h’
P2	1	‘BEh’	Verify self-descriptive certificate
Lc	1	‘XXh’	Length of the command data field, see TCS_88 and TCS_89.
#6-#5+L	L	‘XX..XXh’	DER-TLV encoded data: ECC Certificate Body data object as first data object concatenated with the ECC Certificate Signature data object as second data object or a part of this concatenation. The tag ‘7F21’ and the corresponding length shall not be transmitted. The order of these data objects is fixed.

TCS_88For short length APDUs the following provisions apply: The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU according to the value of the Information Field Size Card Byte, see TCS_14. If the IFD behaves differently, the behavior of the card is out of scope.U.K.

TCS_89For extended length APDUs the following provisions apply: If the certificate does not fit into a single APDU, the card shall support command chaining. The IFD shall use the minimum number of APDUs required to transmit the command payload and transmit the maximum number of bytes in the first command APDU. If the IFD behaves differently, the behavior of the card is out of scope.U.K.

Note: According to Appendix 11 the card stores the certificate or the relevant contents of the certificate and updates its currentAuthenticatedTime.U.K.

The response message structure and status words are as defined in TCS_85.

TCS_90In addition to the error codes listed in TCS_85, the card may return the following error codes:U.K.

If the selected public key (used to unwrap the certificate) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the certificate verification according to Appendix 11, the processing state returned is ‘6985’.
If the currentAuthenticatedTime of the card is later than the Certificate Expiration Date, the processing state returned is ‘6985’.
If the last command of the chain is expected, the card returns ‘6883’.
If incorrect parameters are sent in the command data field, the card returns ‘6A80’ (also used in case the data objects are not sent in the specified order).