2004/54/EC - Directive 2004/52/EC of the European Parliament and of the Council of 29 April 2004 on the interoperability of electronic road toll systems in the Community (Text with EEA relevance)

This document covers the test purposes for Front End Communications API covering functionalities
related to instance handling, session handling, communication service primitives (i.e.
sending/receiving of ADUs) and visible state transitions. It covers EFC communication services
described in ISO 17575-2:2016, Clause 5 and PICS proforma in ISO 17575-2:2016, B.2. Claims related to
Front End storage capacity are out of scope of this document.
This document covers the test purposes for Front End Application related to session establishment on
Back End request and related to session re-establishment when session requested by Back End failed.
There are no other claims with respect to Front End Application described in ISO 17575-2.
The underlying communication technology requirements for layer 1 to 4 specified in ISO 17575-2:2016,
Clause 6 are out of scope of this document.
Similarly, Back End Communications API is out of scope of this document. According to ISO 17575-2
it is expected that these Front End Communications API will be “reflected” in the BE; however, BE
Communications API is out of scope of ISO 17575-2.
Test purposes have been organized into the test suite groups, designated for the Front End
Communications API and Front End Application, respectively.
Aside from the test purposes, this document also provides proforma conformance test reports
templates for both the Front End and Back End test purposes.
ISO 17575-2 contains more information regarding the requirements against which the conformance is
evaluated in this document.

The ISO 16407 series of standards specifies a suite of tests in order to assess the Front End and Back
End behaviour compliancy towards the requirements listed in ISO 17575-1. This document contains the
definition of such tests in the form of test purposes, listing the required initial conditions, references
and individual steps in a structured textual manner.
Test purposes defined in this document reflect the structural and semantical requirements stated in
ISO 17575-1:
— presence/absence of particular data elements;
— semantics related to various data elements:
— data group General (see ISO 17575-1:2016, 7.3);
— data group Security (see ISO 17575-1:2016, 7.4);
— data group Contract (see ISO 17575-1:2016, 7.5);
— data group Usage (see ISO 17575-1:2016, 7.6);
— data group Account (see ISO 17575-1:2016, 7.7);
— data group Versioning (see ISO 17575-1:2016, 7.8).
With regard to the individual data sets and EFC attributes defined in ISO 17575-1, the test purposes
have been organized into the test suite groups designated for the Front End and Back End, respectively.
Besides the test purposes, this document also specifies proforma conformance test report templates for
both the Front End and Back End test purposes.
For more information regarding the requirements against which the conformance is evaluated in this
document, see ISO 17575-1.
Testing of the following behaviours and functionalities is outside of the scope of this document:
— dynamic behaviour, i.e. sequence of messages and triggering events that can be exchanged/happen
to fulfil certain charging scenarios;
— profiles and business logic built on top of particular pricing schemas;
— as ISO 17575-1 does not specify any Behaviour Invalid of Front End and Back End, BI test purposes
are not applicable for any test purpose group.

ISO/TR 16401-1:2018 covers the test purposes for Front End Communications API covering functionalities related to instance handling, session handling, communication service primitives (i.e. sending/receiving of ADUs) and visible state transitions. It covers EFC communication services described in ISO 17575‑2:2016, Clause 5 and PICS proforma in ISO 17575‑2:2016, B.2. Claims related to Front End storage capacity are out of scope of this document.
ISO/TR 16401-1:2018 covers the test purposes for Front End Application related to session establishment on Back End request and related to session re-establishment when session requested by Back End failed. There are no other claims with respect to Front End Application described in ISO 17575‑2.
The underlying communication technology requirements for layer 1 to 4 specified in ISO 17575‑2:2016, Clause 6 are out of scope of this document.
Similarly, Back End Communications API is out of scope of this document. According to ISO 17575‑2 it is expected that these Front End Communications API will be "reflected" in the BE; however, BE Communications API is out of scope of ISO 17575‑2.
Test purposes have been organized into the test suite groups, designated for the Front End Communications API and Front End Application, respectively.
Aside from the test purposes, this document also provides proforma conformance test reports templates for both the Front End and Back End test purposes.
ISO 17575‑2 contains more information regarding the requirements against which the conformance is evaluated in this document.

The ISO 16407 series of standards specifies a suite of tests in order to assess the Front End and Back End behaviour compliancy towards the requirements listed in ISO 17575-1. ISO 16407-1:2017 contains the definition of such tests in the form of test purposes, listing the required initial conditions, references and individual steps in a structured textual manner.

The scope for this European Standard is limited to
-   payment method: Central account based on EFC-DSRC,
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts),
-   DSRC-link requirements,
-   EFC transactions over the DSRC interface,
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions,
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.
The scope of this European Standard is illustrated in Figure 1.
It is outside the scope of this European Standard to define
-   contractual and procedural interoperability requirements (including issues related to a Memorandum of Understanding, MoU),
-   conformance procedures and test specification (this is provided in a separate set of standards),
-   setting-up of operating organisations (e.g. clearing operator, issuing, trusted third party etc.),
-   legal issues,
-   other payment methods in DSRC-based EFC (e.g. on-board accounts using integrated circuit cards),
-   other basic technologies (e.g. GNSS/CN or video registration based EFC). However, this European Standard may be used for defining the DSRC-EFC parts for the use in applications that implement a mix of different technologies.
-   other interfaces or functions in EFC-systems than those specified above (i.e. information flows and data exchange between operators or personalisation, initialisation and customisation of the OBU).
Some of these issues are subject to separate standards prepared by CEN/TC 278, ISO/TC 204 or ETSI ERM.
Figure 2 shows the scope of this European Standard from a DSRC-stack perspective.
This European Standard defines an Application Profile based on the ISP-concept. The base standards that this Application Profile is based upon are
-   EN ISO 14906 on EFC application interface definition for DSRC (this implies indirect references to EN ISO 14816 on Numbering and data structures),
-   EN 12834: on DSRC application layer (L7),
-   EN 13372 on DSRC profiles (this implies indirect references to the DSRC L1, L2 and L7 standards: EN 12253, EN 12795 and EN 12834).
The relationship and references between base standards and EN 15509 are illustrated in Figure 3.

The scope for this European Standard is limited to:
-   payment method: Central account based on EFC-DSRC;
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
-   DSRC-link requirements;
-   EFC transactions over the DSRC interface;
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.
The scope of this European Standard is illustrated in Figure 1.
It is outside the scope of this European Standard to define:
-   contractual and procedural interoperability requirements (including issues related to a Memorandum of Understanding, MoU);
-   conformance procedures and test specification (this is provided in a separate set of standards);
-   setting-up of operating organizations (e.g. toll charger, toll service provider, trusted third party, etc.);
-   legal issues;
-   other payment methods in DSRC-based EFC (e.g. on-board accounts using integrated circuit cards);
-   other basic technologies (e.g. GNSS/CN or video registration based EFC). However, this European Standard may be used for defining the DSRC-EFC parts for the use in applications that implement a mix of different technologies;
-   non-EFC transactions over the DSRC interface (e.g. CCC and LAC communication, which is defined in other standards);
-   other interfaces or functions in EFC-systems than those specified above (i.e. information flows and data exchange between operators or personalization, initialization and customization of the OBU).
Some of these issues are subject to separate standards prepared by CEN/TC 278, ISO/TC 204 or ETSI ERM.
Figure 2 shows the scope of this European Standard from a DSRC-stack perspective.

Value Added Services, VAS, is a term that was coined in the telecommunications industry for services that go beyond core service, such as mobile voice communications. Such additional services are intended to add value for the consumers in order to encourage them to use the telecommunications service more often and to add an additional revenue stream for the Service Provider.
In the context of EFC, a VAS in this strict sense is a telematics service offered to the Service User by means of an EFC OBE. This service might directly be consumed by the driver in the vehicle, or might, particularly in the case of heavy vehicles, be targeted at the freight operator and be consumed in a back office. Such services can be fleet management services like track-and-trace, payment services such as paying petrol automatically at the pump, or regulatory applications such as Electronic Licence Plate or access control. Such additional services and applications create additional value to the user, either by the value the new service creates to him, or in the case of regulatory services, by combining several functionalities in a single device, thus removing the need to install and maintain several pieces of equipment simultaneously. In a wider sense, the operator of the EFC service can draw additional benefit from the data collected by the EFC system. Data from EFC OBE gives a good account of the traffic situation on the charged network, and may be utilised for statistical purposes, for traffic planning or even in real-time for traffic information purposes. The scope of this TR covers both the original meaning of VAS, namely both additional services to the user of the core EFC service and additional value created for the operator of the charging system.

1.1 Definition of VAS
Value Added Services, VAS, is a term that was coined in the telecommunications industry for services that go
beyond core service, such as mobile voice communications. Such additional services are intended to add
value for the consumers in order to encourage them to use the telecommunications service more often and to
add an additional revenue stream for the Service Provider.
In the context of EFC, a VAS in this strict sense is a telematics service offered to the Service User by means
of an EFC OBE. This service might directly be consumed by the driver in the vehicle, or might, particularly in
the case of heavy vehicles, be targeted at the freight operator and be consumed in a back office. Such
services can be fleet management services like track-and-trace, payment services such as paying petrol
automatically at the pump, or regulatory applications such as Electronic Licence Plate or access control. Such
additional services and applications create additional value to the user, either by the value the new service
creates to him, or in the case of regulatory services, by combining several functionalities in a single device,
thus removing the need to install and maintain several pieces of equipment simultaneously.
In a wider sense, the operator of the EFC service can draw additional benefit from the data collected by the
EFC system. Data from EFC OBE gives a good account of the traffic situation on the charged network, and
may be utilised for statistical purposes, for traffic planning or even in real-time for traffic information purposes.
The scope of this TR covers both the original meaning of VAS, namely both additional services to the user of
the core EFC service and additional value created for the operator of the charging system.
1.2 Coverage
The TR analyses all telematics applications that have the potential to be delivered as a VAS to EFC. The
analysis covers the requirements of the VAS applications and the fit to the resources offered by the EFC
system. It also analyses prerequisites in terms of business and technical system architecture in order to
enable VAS to be delivered, including questions of control and governance, security aspects and privacy
issues.
The TR does not analyse commercial viability. Cost to benefit ratio and market potential for VAS are
considered to be out of scope.
The TR analyses the potential and pre-conditions for EFC equipment to serve as platforms for a diverse range
of VAS. The VAS are considered to be add-ons to EFC equipment. The TR does not analyse the reverse
situation, namely the situation where an EFC application is added to a telematics platform that has been
deployed for another core service, such as the suitability of navigation systems to serve as platforms for EFC.

The scope for this European Standard is limited to:
-   payment method: Central account based on EFC-DSRC;
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
-   DSRC-link requirements;
-   EFC transactions over the DSRC interface;
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.

The scope for this European Standard is limited to:
-   payment method: Central account based on EFC-DSRC;
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
-   DSRC-link requirements;
-   EFC transactions over the DSRC interface;
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.

The standard will define the conformity evaluation tests suite for equipment to the EFC standard on "Application interface definition for autonomous systems - Communication and connection to the lower layers" (i.e. CEN ISO/TS 17575 - Part 2).
This part will contain the test suite structure and test purposes ("the human readable part"), and use the methodology for defining conformity tests as defined in the TTCN suite of standards (i.e. ISO/IEC 9646). It will cover tests for the Back End equipment and for the Front End (as either a proxy or a smart client OBE) equipment.
The approach and structure will be analogous to "Conformity evaluation of on-board and road equipment to EN 15509" (prEN 15876-1, cf CEN Enquiry version).
The Front End and Back End equipment will most likely be subject to additional testing of physical, environmental endurance, quality assurance and control at manufacturing, charge point integration, as part of factory, site and system acceptance testing. The definition of these tests is outside the scope of this standard.
Conformity evaluation tests for non-functional requirements like sensor accuracy, performance levels and computing power are outside the scope of this standard. They should be covered by the conformity evaluation to the appropriate profile standard.

The standard will define the conformity evaluation tests suite for equipment to the EFC standard on "Application interface definition for autonomous systems - Charging" (i.e. CEN ISO/TS 17575 - Part 1).
This part will contain the test suite structure and test purposes ("the human readable part"), and use the methodology for defining conformity tests as defined in the TTCN suite of standards (i.e. ISO/IEC 9646). It will cover tests for the Back End equipment and for the Front End (as either a proxy or a smart client OBE) equipment.
The approach and structure will be analogous to "Conformity evaluation of on-board and road equipment to EN 15509" (prEN 15876-1, cf CEN Enquiry version).
The Front End and Back End equipment will most likely be subject to additional testing of physical, environmental endurance, quality assurance and control at manufacturing, charge point integration, as part of factory, site and system acceptance testing. The definition of these tests is outside the scope of this standard.
Conformity evaluation tests for non-functional requirements like sensor accuracy, performance levels and computing power are outside the scope of this standard. They should be covered by the conformity evaluation to the appropriate profile standard.

ISO/TS 16401-1:2011 specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity of Front End Communications API and Front End application to ISO/TS 17575-2.

ISO/TS 16407-1:2011 specifies the test suite structure (TSS) and test purposes (TP) to evaluate the conformity of Front End and Back End to ISO/TS 17575-1.
The objective of ISO/TS 16407-1:2011 is to provide a basis for conformance tests for the Front End and the Back End in electronic fee collection (EFC) based on autonomous on-board equipment (OBE) to enable interoperability between different equipment supplied by different manufacturers.

This European Standard contains the Test Suite Structure (TSS) and Test Purposes (TP) to evaluate the conformity of On Board Units (OBU) and Roadside Equipment (RSE) to EN 15509.
The objective of this document is to provide a basis for conformance tests for DSRC equipment (on board units and roadside units) to enable interoperability between different equipment supplied by different manufacturers.

This European Standard contains the Test Suite Structure (TSS) and Test Purposes (TP) to evaluate the conformity of On Board Units (OBU) and Roadside Equipment (RSE) to EN 15509.
The objective of this document is to provide a basis for conformance tests for DSRC equipment (on board units and roadside units) to enable interoperability between different equipment supplied by different manufacturers.

ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.

1.1   EFC specific scope
ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.
Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application.
The scope of this security framework comprises the following:
-   general information security objectives of the stakeholders;
-   threat analysis;
-   definition of a trust model;
-   security requirements;
-   security measures – countermeasures;
-   security specifications for interface implementation;
-   key management;
-   security policies;
-   privacy-enabled implementations.
The following is outside the scope of this Technical Specification:
-   a complete risk assessment for an EFC system;
-   security issues rising from an EFC application running on an ITS station;
NOTE   Security issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on "Guidelines for EFC-applications based on in vehicle ITS Stations" that is being developed at the time of publication of this document.
-   entities and interfaces of the interoperability management role;
-   the technical trust relation of the model between TSP and User;
-   a complete specification and description of all necessary security measures to all identified threats;
-   concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS);
-   detailed specifications required for privacy-friendly EFC implementations.
The detailed scope of the bullet points and the clause with the corresponding content is given below:
-   General information security objectives of the stakeholders (informative, Annex C)
To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment.
-   Threat analysis (informative, Annex D)
The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities).
-   Definition of a trust model (normative, Clause 5)
The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.
-   Security requirements (normative, Clause 6)
(...)

The scope for this European Standard is limited to:
-   payment method: Central account based on EFC-DSRC;
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
-   DSRC-link requirements;
-   EFC transactions over the DSRC interface;
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.
Figure 1 - Scope for this European Standard (within the box delimited with a dotted line)
It is outside the scope of this European Standard to define:
-   contractual and procedural interoperability requirements (including issues related to a Memorandum of Understanding, MoU);
-   conformance procedures and test specification (this is provided in a separate set of standards);
-   setting-up of operating organizations (e.g. clearing operator, issuing, trusted third party etc.);
-   legal issues;
-   other payment methods in DSRC-based EFC (e.g. on-board accounts using integrated circuit cards);
-   other basic technologies (e.g. GNSS/CN or video registration based EFC). However, this European Standard may be used for defining the DSRC-EFC parts for the use in applications that implement a mix of different technologies.
-   other interfaces or functions in EFC-systems than those specified above (i.e. information flows and data exchange between operators or personalisation, initialisation and customisation of the OBU).
Some of these issues are subject to separate standards prepared by CEN/TC 278, ISO/TC 204 or ETSI ERM.
The following figure shows the scope of this European Standard from a DSRC-stack perspective.
Figure 2 - Relations between this European Standard and DSRC-stack elements
This European Standard defines an Application Profile based on the ISP-concept. The base standards that this Application Profile is based upon are:
-   EN ISO 14906:2004 on EFC application interface definition for DSRC (this implies indirect ref

The scope for this European Standard is limited to:
   payment method: Central account based on EFC-DSRC;
   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
   DSRC-link requirements;
   EFC transactions over the DSRC interface;
   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
   security mechanisms for OBU and RSE used in EFC-DSRC transactions.
Figure 1 — Scope for this European Standard (within the box delimited with a dotted line)
It is outside the scope of this European Standard to define:
   contractual and procedural interoperability requirements (including issues related to a Memorandum of Understanding, MoU);
   conformance procedures and test specification (this is provided in a separate set of standards);
   setting-up of operating organizations (e.g. clearing operator, issuing, trusted third party etc.);
   legal issues;
   other payment methods in DSRC-based EFC (e.g. on-board accounts using integrated circuit cards);
   other basic technologies (e.g. GNSS/CN or video registration based EFC). However, this European Standard may be used for defining the DSRC-EFC parts for the use in applications that implement a mix of different technologies.
   other interfaces or functions in EFC-systems than those specified above (i.e. information flows and data exchange between operators or personalisation, initialisation and customisation of the OBU).
Some of these issues are subject to separate standards prepared by CEN/TC 278, ISO/TC 204 or ETSI ERM.
The following figure shows the scope of this European Standard from a DSRC-stack perspective.
Figure 2 — Relations between this European Standard and DSRC-stack elements
This European Standard defines an Application Profile based on the ISP-concept. The base standards that this Application Profile is based upon are:
   EN ISO 14906 on EFC application interface definition for DSRC (this implies indirect ref

This European Standard contains the Test Suite Structure (TSS) and Test Purposes (TP) to evaluate the conformity of On Board Units (OBU) and Roadside Equipment (RSE) to EN 15509. The objective of this document is to provide a basis for conformance tests for DSRC equipment (on board units and roadside units) to enable interoperability between different equipment supplied by different manufacturers.

This European Standard contains the Test Suite Structure (TSS) and Test Purposes (TP) to evaluate the conformity of On Board Units (OBU) and Roadside Equipment (RSE) to EN 15509.
The objective of this document is to provide a basis for conformance tests for DSRC equipment (on board units and roadside units) to enable interoperability between different equipment supplied by different manufacturers.