Commission Implementing Regulation (EU) 2016/799Show full title

DATA DOWNLOADING PROTOCOLS U.K.

1.INTRODUCTIONU.K.

This appendix specifies the procedures to follow in order to perform the different types of data download to an External Storage Medium, together with the protocols that must be implemented to assure the correct data transfer and the full compatibility of the downloaded data format to allow any controller to inspect these data and be able to control their authenticity and their integrity before analysing them.

[F11.1. Scope U.K.

Data may be downloaded to an ESM:

• from a Vehicle Unit by an Intelligent Dedicated Equipment (IDE) connected to the VU,

• from a tachograph card by an IDE fitted with a card interface device (IFD),

• from a tachograph card via a vehicle unit by an IDE connected to the VU.

To give the possibility to verify the authenticity and integrity of downloaded data stored on an ESM, data is downloaded with a signature appended in accordance with Appendix 11 Common Security Mechanisms. The source equipment (VU or card) identification and its security certificates (Member state and equipment) are also downloaded. The verifier of the data must possess independently a trusted European public key.

Data downloaded from a VU are signed using Appendix 11 Common Security Mechanisms Part B (Second-generation tachograph system), except when drivers' control is performed by a non EU control authority, using a first generation control card, in which case data are signed using Appendix 11 Common Security Mechanisms Part A (First-generation tachograph system), as requested by Appendix 15 Migration, requirement MIG_015.

This Appendix specifies therefore two types of data downloads from the VU:

• Generation 2 type of VU data download, providing the generation 2 data structure, signed using Appendix 11 Common Security Mechanisms Part B,

• Generation 1 type of VU data download, providing the generation 1 data structure, signed using Appendix 11 Common Security Mechanisms Part A.

Similarly, there are two types of data downloads from second generation driver cards inserted in a VU, as specified in paragraphs 3 and 4 of this Appendix.]

1.2. Acronyms and notations U.K.

The following acronyms are used in this appendix:

2.V.U. DATA DOWNLOADINGU.K.

2.1. Download procedure U.K.

In order to carry on a VU data download, the operator must perform the following operations:

• Insert his tachograph card inside a card slot of the VU(1);

• Connect the IDE to the VU download connector;

• Establish the connection between the IDE and the VU;

• Select on the IDE the data to download and send the request to the VU;

• Close the download session.

2.2. Data download protocol U.K.

The protocol is structured on a master-slave basis, with the IDE playing the master role and the VU playing the slave role.

The message structure, types and flow are principally based on the Keyword Protocol 2000 (KWP) (ISO 14230-2 Road vehicles — Diagnostic systems — Keyword protocol 2000 — Part2: Data link layer).

The application layer is principally based on the current draft to date of ISO 14229-1 (Road vehicles — Diagnostic systems — Part 1: Diagnostic services, version 6 of 22 February 2001).

2.2.1 Message structure U.K.

DDP_002All the messages exchanged between the IDE and the VU are formatted with a structure consisting of three parts:U.K.

• Header composed by a Format byte (FMT), a Target byte (TGT), a Source byte (SRC) and possibly a Length byte (LEN),

• Data field composed by a Service Identifier byte (SID) and a variable number of data bytes, which can include an optional diagnostic session byte (DS_) or an optional transfer parameter byte (TRTP or TREP).

• Checksum composed by a Checksum byte (CS).

The TGT and SRC byte represent the physical address of the recipient and originator of the message. Values are F0 Hex for the IDE and EE Hex for the VU.

The LEN byte is the length of the Data field part.

The Checksum byte is the 8 bit sum series modulo 256 of all the bytes of the message excluding the CS itself.

FMT, SID, DS_, TRTP and TREP bytes are defined later in this document.

DDP_003In the case where the data to be carried by the message is longer than the space available in the data field part, the message is actually sent in several sub messages. Each sub message bears a header, the same SID, TREP and a 2-byte sub message counter indicating the sub message number within the total message. To enable error checking and abort the IDE acknowledges every sub message. The IDE can accept the sub message, ask for it to be re-transmitted, request the VU to start again or abort the transmission.U.K.

DDP_004If the last sub message contains exactly 255 bytes in the data field, a final sub message with an empty (except SID TREP and sub message counter) data field must be appended to show the end of the message.U.K.

Example:

Will be transmitted as:

…

or as:

…

2.2.2 Message types U.K.

The communication protocol for data download between the VU and the IDE requires the exchange of 8 different message types.

The following table summarises these messages.

Notes: U.K.

• [F2TRTP 21 to 25 are used for Generation 2 type of VU data download requests, TRTP 01 to 05 are used for Generation 1 type of VU data download requests, which can only be accepted by the VU in the frame of drivers' control performed by a non EU control authority, using a first generation control card.

• TRTP 11 to 19 and 31 to 39 are reserved for manufacturer specific download requests.]

• Sid Req = the Sid of the corresponding request.

• TREP = the TRTP of the corresponding request.

• Dark cells denote that nothing is transmitted.

• The term upload (as seen from the IDE) is used for compatibility with ISO 14229. It means the same as download (as seen from the VU).

• Potential 2-byte sub message counters are not shown in this table.

• Slot is the slot number, either “1” (card on driver slot) or “2” (card on co-driver slot)

• In case the slot is not specified, the VU shall select slot 1 if a card is inserted in this slot and it shall select slot 2 only in case it is specifically selected by the user.

2.2.2.1 Start Communication Request (SID 81) U.K.

DDP_005This message is issued by the IDE to establish the communication link with the VU. Initial communications are always performed at 9 600 baud (until baud rate is eventually changed using the appropriate Link control services).U.K.

2.2.2.2 Positive Response Start Communication (SID C1) U.K.

DDP_006This message is issued by the VU to answer positively to a start communication request. It includes the 2 key bytes ‘EA’‘8F’ indicating that the unit supports protocol with header including target source and length information.U.K.

2.2.2.3 Start Diagnostic Session Request (SID 10) U.K.

DDP_007The Start Diagnostic Session request message is issued by the IDE in order to request a new diagnostic session with the VU. The sub function ‘default session’ (81 Hex) indicates a standard diagnostic session is to be opened.U.K.

2.2.2.4 Positive Response Start Diagnostic (SID 50) U.K.

DDP_008The Positive Response Start Diagnostic message is sent by the VU to answer positively to Diagnostic Session Request.U.K.

2.2.2.5 Link Control Service (SID 87) U.K.

DDP_052The Link Control Service is used by the IDE to initiate a change in baud rate. This takes place in two steps. In step one the IDE proposes the baud rate change, indicating the new rate. On receipt of a positive message from the VU the IDE sends out confirmation of the baud rate change to the VU (step two). The IDE then changes to the new baud rate. After receipt of the confirmation the VU changes to the new baud rateU.K.

2.2.2.6 Link Control Positive Response (SID C7) U.K.

DDP_053The Link Control Positive Response is issued by the VU to answer positively to Link Control Service request (step one). Note that no response is given to the confirmation request (step two).U.K.

2.2.2.7 Request Upload (SID 35) U.K.

DDP_009The Request Upload message is issued by the IDE to specify to the VU that a download operation is requested. To meet the requirements of ISO14229 data is included covering address, the size and format details for the data requested. As these are not known to the IDE prior to a download, the memory address is set to 0, format is unencrypted and uncompressed and the memory size is set to the maximum.U.K.

2.2.2.8 Positive Response Request Upload (SID 75) U.K.

DDP_010The Positive Response Request Upload message is sent by the VU to indicate to the IDE that the VU is ready to download data. To meet the requirements of ISO 14229 data is included in this positive response message, indicating to the IDE that further Positive Response Transfer Data messages will include 00FF hex bytes maximum.U.K.

2.2.2.9 Transfer Data Request (SID 36) U.K.

[F1DDP_011 The Transfer Data Request is sent by the IDE to specify to the VU the type of data that are to be downloaded. A one byte Transfer Request Parameter (TRTP) indicates the type of transfer. U.K.

There are six types of data transfer. For VU data download, two different TRTP values can be used for each transfer type:

[F1DDP_054 It is mandatory for the IDE to request the overview data transfer (TRTP 01 or 21) during a download session as this only will ensure that the VU certificates are recorded within the downloaded file (and allow for verification of digital signature). U.K.

In the second case (TRTP 02 or 22) the Transfer Data Request message includes the indication of the calendar day ( format) to be downloaded.]

2.2.2.10 Positive Response Transfer Data (SID 76) U.K.

DDP_012The Positive Response Transfer Data is sent by the VU in response to the Transfer Data Request. The message contains the requested data, with a Transfer Response Parameter (TREP) corresponding to the TRTP of the request.U.K.

[F1DDP_055 In the first case (TREP 01 or 21), the VU will send data helping the IDE operator to choose the data he wants to download further. The information contained within this message is: U.K.

• Security certificates,

• Vehicle identification,

• VU current date and time,

• Min and Max downloadable date (VU data),

• Indication of cards presence in the VU,

• Previous download to a company,

• Company locks,

• Previous controls.]

2.2.2.11 Request Transfer Exit (SID 37) U.K.

DDP_013The Request Transfer Exit message is sent by the IDE to inform the VU that the download session is terminated.U.K.

2.2.2.12 Positive Response Request Transfer Exit (SID 77) U.K.

DDP_014The Positive Response Request Transfer Exit message is sent by the VU to acknowledge the Request Transfer Exit.U.K.

2.2.2.13 Stop Communication Request (SID 82) U.K.

DDP_015The Stop Communication Request message is sent by the IDE to disconnect the communication link with the VU.U.K.

2.2.2.14 Positive Response Stop Communication (SID C2) U.K.

DDP_016The Positive Response Stop Communication message is sent by the VU to acknowledge the Stop Communication Request.U.K.

2.2.2.15 Acknowledge Sub Message (SID 83) U.K.

DDP_017The Acknowledge Sub Message is sent by the IDE to confirm receipt of each part of a message that is being transmitted as several sub messages. The data field contains the SID received from the VU and a 2-byte code as follows:U.K.

• MsgC+1 Acknowledges correct receipt of sub message number MsgC.

  Request from the IDE to the VU to send next sub message

• MsgC indicates a problem with the receipt of sub message number MsgC.

  Request from the IDE to the VU to send the sub message again.

• FFFF requests termination of the message.

  This can be used by the IDE to end the transmission of the VU message for any reason.

The last sub message of a message (LEN byte < 255) may be acknowledged using any of these codes or not acknowledged.

The VU responses that will consist of several sub messages are:

• Positive Response Transfer Data (SID 76)

2.2.2.16 Negative Response (SID 7F) U.K.

DDP_018The Negative Response message is sent by the VU in response to the above request messages when the VU cannot satisfy the request. The data fields of the message contains the SID of the response (7F), the SID of the request, and a code specifying the reason of the negative response. The following codes are available:U.K.

• 10 general reject

  The action cannot be performed for a reason not covered below.

• 11 service not supported

  The SID of the request is not understood.

• 12 sub function not supported

  The DS_ or TRTP of the request is not understood, or there are no further sub messages to be transmitted.

• 13 incorrect message length

  The length of the received message is wrong.

• 22 conditions not correct or request sequence error

  The required service is not active or the sequence of request messages is not correct.

• 31 Request out of range

  The request parameter record (data field) is not valid.

• 50 upload not accepted

  The request cannot be performed (VU in a non appropriate mode of operation or internal fault of the VU).

• 78 response pending

  The action requested cannot be completed in time and the VU is not ready to accept another request.

• [F1FA data not available

  The data object of a data transfer request are not available in the VU (e.g. no card is inserted, generation 1 type of VU data download requested outside the frame of a driver’s control by a non EU control authority…).]

2.2.3 Message flow U.K.

A typical message flow during a normal data download procedure is the following:

2.2.4 Timing U.K.

DDP_019During normal operation the timing parameters shown in the following figure are relevant:U.K.

Where:

The allowed values for the timing parameters are showed in the following table (KWP extended timing parameters set, used in case of physical addressing for faster communication).

2.2.5 Error handling U.K.

If an error occurs during the message exchange, the message flow scheme is modified depending on which equipment has detected the error and on the message generating the error.

In figure 2 and figure 3 the error handling procedures for the VU and the IDE are respectively shown.

2.2.5.1 Start Communication phase U.K.

DDP_020If the IDE detects an error during the Start Communication phase, either by timing or by the bit stream, then it will wait for a period P3 min before issuing again the request.U.K.

DDP_021If the VU detects an error in the sequence coming from the IDE, it shall send no response and wait for another Start Communication Request message within a period P3 max.U.K.

2.2.5.2 Communication phase U.K.

Two different error handling areas can be defined:

2.2.6 Response Message content U.K.

This paragraph specifies the content of the data fields of the various positive response messages.

Data elements are defined in Appendix 1 data dictionary.

Remark: For generation 2 downloads, each top-level data element is represented by a record array, even if it contains only one record. A record array starts with a header; this header contains the record type, the record size and the number of records. Record arrays are named by ‘…RecordArray’ (with header) in the following tables.U.K.

2.2.6.1 Positive Response Transfer Data Overview U.K.

DDP_029 [F1The data field of the ‘Positive Response Transfer Data Overview’ message shall provide the following data in the following order under the SID 76 Hex, the TREP 01 or 21 Hex and appropriate sub message splitting and counting:] U.K.

2.2.6.2 Positive Response Transfer Data Activities U.K.

DDP_030 [F1The data field of the ‘Positive Response Transfer Data Activities’ message shall provide the following data in the following order under the SID 76 Hex, the TREP 02 or 22 Hex and appropriate sub message splitting and counting:] U.K.

2.2.6.3 Positive Response Transfer Data Events and Faults U.K.

DDP_031 [F1The data field of the ‘Positive Response Transfer Data Events and Faults’ message shall provide the following data in the following order under the SID 76 Hex, the TREP 03 or 23 Hex and appropriate sub message splitting and counting:] U.K.

2.2.6.4 Positive Response Transfer Data Detailed Speed U.K.

DDP_032 [F1The data field of the ‘Positive Response Transfer Data Detailed Speed’ message shall provide the following data in the following order under the SID 76 Hex, the TREP 04 or 24 Hex and appropriate sub message splitting and counting:] U.K.

2.2.6.5 Positive Response Transfer Data Technical Data U.K.

DDP_033 [F1The data field of the ‘Positive Response Transfer Data Technical Data’ message shall provide the following data in the following order under the SID 76 Hex, the TREP 05 or 25 Hex and appropriate sub message splitting and counting:] U.K.

2.3. ESM File storage U.K.

DDP_034When a download session has included a VU data transfer, the IDE shall store within one single physical file all data received from the VU during the download session within Positive Response Transfer Data messages. Data stored excludes message headers, sub-message counters, empty sub-messages and checksums but include the SID and TREP (of the first sub-message only if several sub-messages).U.K.

3.TACHOGRAPH CARDS DOWNLOADING PROTOCOLU.K.

3.1. Scope U.K.

This paragraph describes the direct card data downloading of a tachograph card to an IDE. The IDE is not part of the secure environment; therefore no authentication between the card and the IDE is performed.

3.2. Definitions U.K.

3.3. Card Downloading U.K.

[F1DDP_035 The download of a tachograph card includes the following steps: U.K.

• Download the common information of the card in the EFs and This information is optional and is not secured with a digital signature.

• (for first and second generation tachograph cards) Download EFs within :

  • Download the EFs and This information is not secured with a digital signature.

    It is mandatory to download these files for each download session.

  • Download the other application data EFs (within ) except EF . This information is secured with a digital signature, using Appendix 11 Common Security Mechanisms Part A.

  • It is mandatory to download at least the EFs and for each download session.

  • When downloading a driver card it is also mandatory to download the following EFs:

    

  • (for second generation tacograph cards only) Except when a download of a driver card inserted in a VU is performed during drivers' control by a non EU control authority, using a first generation control card, download EFs within :

    • Download the EFs CardSignCertificate, CA_Certificate and Link_Certificate (if present). This information is not secured with a digital signature.

      It is mandatory to download these files for each download session.

    • Download the other application data EFs (within ) except EF . This information is secured with a digital signature, using Appendix 11 Common Security Mechanisms Part B.

    • It is mandatory to download at least the EFs and for each download session.

    • When downloading a driver card it is also mandatory to download the following EFs:

      

    • When downloading a driver card, update the date in EF , in the and, if applicable, DFs.

    • When downloading a workshop card, reset the calibration counter in EF in the and, if applicable, DFs.

    • When downloading a workshop card the EF in the and, if applicable, DFs shall not be downloaded.]

3.3.1 Initialisation sequence U.K.

DDP_036The IDE shall initiate the sequence as follows:U.K.

It is optional to use PPS to switch to a higher baud rate as long as the ICC supports it.

3.3.2 Sequence for un-signed data files U.K.

DDP_037 [F1The sequence to download EFs ICC, IC, Card_Certificate (or CardSignCertificate for DF Tachograph_G2), CA_Certificate and Link_Certificate (for DF Tachograph_G2 only) is as follows:] U.K.

Note 1: Before selecting the Card_Certificate (or CardSignCertificate) EF, the Tachograph Application must be selected (selection by AID).U.K.

Note 2: Selecting and reading a file may also be performed in one step using a Read Binary command with a short EF identifier.U.K.

3.3.3 Sequence for Signed data files U.K.

DDP_038The following sequence shall be used for each of the following files that has to be downloaded with their signature:U.K.

Note: Selecting and reading a file may also be performed in one step using a Read Binary command with a short EF identifier. In this case the EF may be selected and read before the command Perform Hash of File is applied.U.K.

3.3.4 Sequence for resetting the calibration counter. U.K.

DDP_039The sequence to reset the counter in the EF in a workshop card is the following:U.K.

Note: Selecting and updating a file may also be performed in one step using an Update Binary command with a short EF identifier.U.K.

3.4. Data storage format U.K.

3.4.1 Introduction U.K.

DDP_040The downloaded data has to be stored according to the following conditions:U.K.

• The data shall be stored transparent. This means that the order of the bytes as well as the order of the bits inside the byte that are transferred from the card has to be preserved during storage.

• All files of the card downloaded within a download session are stored in one file on the ESM.

3.4.2 File format U.K.

DDP_041The file format is a concatenation of several TLV objects.U.K.

DDP_042The tag for an EF shall be the FID plus the appendix „00“.U.K.

DDP_043The tag of an EF's signature shall be the FID of the file plus the appendix „01“.U.K.

DDP_044The length is a two byte value. The value defines the number of bytes in the value field. The value „FF FF“ in the length field is reserved for future use.U.K.

DDP_045When a file is not downloaded nothing related to the file shall be stored (no tag and no zero length).U.K.

[F1DDP_046 A signature shall be stored as the next TLV object directly after the TLV object that contains the data of the file. U.K.

Example of data in a download file on an ESM:

4.DOWNLOADING A TACHOGRAPH CARD VIA A VEHICLE UNIT.U.K.

DDP_047The VU must allow for downloading the content of a driver card inserted to a connected IDE.U.K.

DDP_048The IDE shall send a ‘Transfer Data Request Card Download’ message to the VU to initiate this mode (see 2.2.2.9).U.K.

[F1DDP_049 First generation driver cards: Data shall be downloaded using the first generation data download protocol, and downloaded data shall have the same format as data downloaded from a first generation vehicle unit. U.K.

Second generation driver cards: the VU shall then download the whole card, file by file, in accordance with the card downloading protocol defined in paragraph 3, and forward all data received from the card to the IDE within the appropriate TLV file format (see 3.4.2) and encapsulated within a ‘ Positive Response Transfer Data ’ message.]

DDP_050The IDE shall retrieve card data from the ‘Positive Response Transfer Data’ message (stripping all headers, SIDs, TREPs, sub message counters, and checksums) and store them within one single physical file as described in paragraph 2.3.U.K.

DDP_051The VU shall then, as applicable, update the or the file of the driver card.U.K.