Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance) (c. 799)

ANNEX I CU.K.Requirements for construction, testing, installation, and inspection

Appendix 2

TACHOGRAPH CARDS SPECIFICATION U.K.

3.HARDWARE AND COMMUNICATIONU.K.

3.5. Command descriptions U.K.

3.5.9 EXTERNAL AUTHENTICATE U.K.

This command is compliant with ISO/IEC 7816-4.

Using the EXTERNAL AUTHENTICATE command, the card can authenticate the IFD. The authentication process is described in Appendix 11 for Tachograph G1 and G2 (VU authentication).

TCS_96The command variant for the generation 1 mutual authentication mechanism is only supported by a generation 1 tachograph application.U.K.

[F1TCS_97 The command variant for the second generation VU-card mutual authentication can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_34. If this generation 2 EXTERNAL AUTHENTICATE command is successful, the current generation 1 session key, if existing, is erased and no longer available. U.K.

Note: For generation 2 session keys see Appendix 11 CSM_193 and CSM_195. If generation 2 session keys are established and the tachograph card receives the plain EXTERNAL AUTHENTICATE command APDU, it aborts the generation 2 secure messaging session and destroys the generation 2 session keys.] U.K.

Textual Amendments

F1 Substituted by Commission Implementing Regulation (EU) 2018/502 of 28 February 2018 amending Implementing Regulation (EU) 2016/799 laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance).

TCS_98 Command Message U.K.

Byte	Length	Value	Description
CLA	1	‘00h’	CLA
INS	1	‘82h’	INS
P1	1	‘00h’	Keys and algorithms implicitly known
P2	1	‘00h’
Lc	1	‘XXh’	Lc (Length of the data sent to the card )
#6-#(5+L)	L	‘XX..XXh’	Generation 1 authentication: Cryptogram (see Appendix 11 Part A) Generation 2 authentication: Signature generated by the IFD (see Appendix 11 Part B)

TCS_99 Response Message U.K.

Byte	Length	Value	Description
SW	2	‘XXXXh’	Status Words (SW1,SW2)

If the command is successful, the card returns ‘9000’.
If the CHA of the currently set public key is not the concatenation of the Tachograph application AID and of a VU equipment Type, the processing state returned is ‘6F00’.
If the command is not immediately preceded with a GET CHALLENGE command, the processing state returned is ‘6985’.

The Generation 1 Tachograph application may return the following additional error codes:

If no Public Key is present in the Security Environment, ‘6A88’ is returned.
If no Private Key is present in the Security Environment, the processing state returned is ‘6A88’.
If the verification of the cryptogram is wrong, the processing state returned is ‘6688’.
If the selected private key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

The command variant for the Generation 2 authentication may return the following additional error code:

If signature verification failed, the card returns ‘6300’.