iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN ISO 19299:2020

(Main)

Electronic fee collection - Security framework (ISO 19299:2020)

Electronic fee collection - Security framework (ISO 19299:2020)

This document defines an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1. The security framework describes a set of security requirements and associated security measures.
Annex D contains a list of potential threats to EFC systems and a possible relation to the defined security requirements. These threats can be used for a threat analysis to identify the relevant security requirements for an EFC system.
The relevant security measures to secure EFC systems can then be derived from the identified security requirements.

Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)

[Not available]

Perception de télépéage - Cadre de sécurité (ISO 19299:2020)

Ce document définit un cadre de sécurité de l'information pour toutes les entités organisationnelles et techniques d'un système EFC et pour les interfaces correspondantes, sur la base de l'architecture système définie dans la norme ISO 17573-1. Le cadre de sécurité décrit un ensemble d'exigences de sécurité et de mesures de sécurité associées.
L'Annexe D contient une liste des menaces potentielles pour les systèmes EFC et une relation possible avec les exigences de sécurité définies. Ces menaces peuvent être utilisées pour une analyse des menaces afin d'identifier les exigences de sécurité pertinentes pour un système EFC.
Les mesures de sécurité pertinentes pour sécuriser les systèmes EFC peuvent ensuite être dérivées des exigences de sécurité identifiées.

Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)

General Information

Status
Published
Publication Date
08-Sep-2020
Withdrawal Date
30-Mar-2021
ICS
03.220.20 - Road transport
35.240.60 - IT applications in transport
Technical Committee
CEN/TC 278 - Road transport and traffic telematics
Drafting Committee
CEN/TC 278/WG 1 - Electronic fee collection and access control (EFC)
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
09-Sep-2020
Completion Date
09-Sep-2020
Directive
2010/40/EU - Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport Text with EEA relevance
Mandate
M/338 - Standardisation mandate to CEN, CENELEC and ETSI in support of interoperabilty of electonic road toll systems in the community
Ref Project
SIST EN ISO 19299:2020 - Electronic fee collection - Security framework (ISO 19299:2020)

Relations

Replaces
CEN ISO/TS 19299:2015 - Electronic fee collection - Security framework (ISO/TS 19299:2015)
Effective Date
16-Sep-2020

Buy Standard

EN ISO 19299:2020EN ISO 19299:2020
PreviousNext
Standard
EN ISO 19299:2020
English language
144 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-november-2020
Nadomešča:
SIST-TS CEN ISO/TS 19299:2016
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)
Electronic fee collection - Security framework (ISO 19299:2020)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)
Perception de télépéage -- Cadre de sécurité (ISO 19299:2020)
Ta slovenski standard je istoveten z: EN ISO 19299:2020
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 19299
EUROPEAN STANDARD
NORME EUROPÉENNE
September 2020
EUROPÄISCHE NORM
ICS 35.240.60; 03.220.20 Supersedes CEN ISO/TS 19299:2015
English Version
Electronic fee collection - Security framework (ISO
19299:2020)
Perception de télépéage - Cadre de sécurité (ISO Elektronische Gebührenerhebung -
19299:2020) Sicherheitsgrundstruktur (ISO 19299:2020)
This European Standard was approved by CEN on 10 August 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19299:2020 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 19299:2020) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by March 2021, and conflicting national standards shall
be withdrawn at the latest by March 2021.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN ISO/TS 19299:2015.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 19299:2020 has been approved by CEN as EN ISO 19299:2020 without any modification.

INTERNATIONAL ISO
STANDARD 19299
First edition
2020-08
Electronic fee collection — Security
framework
Perception de télépéage — Cadre de sécurité
Reference number
ISO 19299:2020(E)
©
ISO 2020
ISO 19299:2020(E)
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

ISO 19299:2020(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 3
5 Trust model . 4
5.1 Overview . 4
5.2 Stakeholders trust relations . 5
5.3 Technical trust model . 6
5.3.1 General. 6
5.3.2 Trust model for TC and TSP relations . 6
5.3.3 Trust model for TSP and service user relations . 7
5.3.4 Trust model for interoperability management relations . 7
5.4 Implementation . 7
5.4.1 Setup of trust relations . 7
5.4.2 Trust relation renewal and revocation . 8
5.4.3 Issuing and revocation of sub CA and end-entity certificates . 8
5.4.4 Certificate and certificate revocation list profile and format . 9
5.4.5 Certificate extensions . 9
6 Security requirements .10
6.1 General .10
6.2 Information security management system .11
6.3 Communication interfaces .12
6.4 Data storage .12
6.5 Toll charger .12
6.6 Toll service provider .14
6.7 Interoperability management .16
6.8 Limitation of requirements .17
7 Security measures — Countermeasures .17
7.1 Overview .17
7.2 General security measures .18
7.3 Communication interfaces security measures .18
7.3.1 General.18
7.3.2 DSRC-EFC interface . .19
7.3.3 CCC interface .20
7.3.4 LAC interface .21
7.3.5 Front End to TSP back end interface .21
7.3.6 TC to TSP interface .22
7.3.7 ICC interface .23
7.4 End-to-end security measures .24
7.5 Toll service provider security measures .25
7.5.1 Front end security measures .25
7.5.2 Back end security measures .26
7.6 Toll charger security measures .27
7.6.1 RSE security measures . .27
7.6.2 Back end security measures .28
7.6.3 Other TC security measures .28
8 Security specifications for interoperable interface implementation .29
8.1 General .29
8.1.1 Subject.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 13141:2024(Main)
Electronic fee collection - Localization augmentation communication for autonomous systems (ISO 13141:2024)
SIST EN ISO 13141:2024

This document establishes requirements for short-range communication for the purposes of augmenting the localization in autonomous electronic fee collection (EFC) systems. Localization augmentation serves to inform on-board equipment (OBE) about geographical location and the identification of a charge object. This document specifies the provision of location and heading information and security means to protect against the manipulation of the OBE with false RSE.
The localization augmentation communication (LAC) takes place between an OBE in a vehicle and fixed RSE. This document is applicable to OBE in an autonomous mode of operation.
This document specifies attributes and functions for the purpose of localization augmentation, by making use of the dedicated short-range communications (DSRC) communication services provided by DSRC Layer 7, and makes these LAC attributes and functions available to the LAC applications at the RSE and the OBE. Attributes and functions are specified on the level of application data units (ADUs; see Figure 1).
As depicted in Figure 1, this document is applicable to:
—     the application interface definition between OBE and RSE;
—     the interface to the DSRC application layer, as specified in ISO 15628 and EN 12834;
—     the use of the DSRC stack.
The LAC is suitable for a range of short-range communication media. This document provides specific definitions regarding the CEN-DSRC stack as specified in EN 15509. Annexes C, D, E and H provide for the use of the Italian DSRC as specified in ETSI/ES 200 674-1, ISO CALM IR ARIB DSRC and WAVE DSRC.
This document contains a protocol implementation conformance statement (PICS) proforma in Annex B and transaction examples in Annex F. Annex G highlights how to use this document for the European Electronic Toll Service (EETS).
Test specifications are not within the scope of this document.

  • Standard
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 12813:2024(Main)
Electronic fee collection - Compliance check communication for autonomous systems (ISO 12813:2024)
SIST EN ISO 12813:2024

This document specifies requirements for short-range communication for the purposes of compliance checking in autonomous electronic fee collecting systems. Compliance checking communication (CCC) takes place between a road vehicle's on-board equipment (OBE) and an interrogator [fixed and mobile roadside equipment (RSE) or hand-held unit] and serves to establish whether the data that are delivered by the OBE correctly reflect the road usage of the corresponding vehicle according to the rules of the pertinent toll regime.
The operator of the compliance checking interrogator is assumed to be part of the toll charging role as defined in ISO 17573-1. The CCC permits identification of the OBE, vehicle and contract, and verification of whether the driver has fulfilled their obligations and the checking status and performance of the OBE. The CCC reads, but does not write, OBE data.
This document is applicable to OBE in an autonomous mode of operation. It is not applicable to compliance checking in dedicated short-range communication (DSRC)-based charging systems.
It specifies data syntax and semantics, but not a communication sequence. All the attributes specified herein are required in any OBE claimed to be compliant with this document, even if some values are set to “not specified” in cases where a certain functionality is not present in an OBE. The interrogator is free to choose which attributes are read in the data retrieval phase, as well as the sequence in which they are read. In order to achieve compatibility with existing systems, the communication makes use of the attributes specified in ISO 17573-3 wherever useful.
The CCC is suitable for a range of short-range communication media. Specific definitions are given for the CEN-DSRC as specified in EN 15509, as well as for the use of ISO CALM IR, the Italian DSRC as specified in ETSI ES 200 674-1, ARIB DSRC, and WAVE DSRC as alternatives to the CEN-DSRC. The attributes and functions specified are for compliance checking by means of the DSRC communication services provided by DSRC application layer, with the CCC attributes and functions made available to the CCC applications at the RSE and OBE. The attributes and functions are specified on the level of application data units (ADUs).
The definition of the CCC includes:
—     the application interface between OBE and RSE (as depicted in Figure 2);
—     use of the generic DSRC application layer as specified in ISO 15628 and EN 12834;
—     CCC data type specifications given in Annex A;
—     a protocol implementation conformance statement (PICS) proforma is given in Annex B;
—     use of the CEN-DSRC stack as specified in EN 15509, or other equivalent DSRC stacks as described in Annex C, Annex D, Annex E and Annex F;
—     security services for mutual authentication of the communication partners and for signing of data (see Annex H);
In addition, an example CCC transaction is presented in Annex G and Annex I highlights how to use this document for the European Electronic Toll Service (EETS).
Test specifications are not within the scope of this document.

  • Standard
    71 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17419:2018/A1:2024(Amendment)
Intelligent transport systems - Cooperative systems - Globally unique identification - Amendment 1: Regions of a closed polygon in a plane (ISO 17419:2018/Amd 1:2024)
SIST EN ISO 17419:2018/A1:2024
  • Amendment
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17905:2023(Main)
Intelligent transport systems - eSafety - eCall HLAP in hybrid circuit switched/packet switched network environments
SIST EN 17905:2024

In respect of 112-eCall (pan-European eCall) (operating requirements defined in EN 16072), this document defines the additional high level application protocols, procedures and processes required to provide the eCall service whilst there are still both circuit switched and packet switched wireless communication networks in operation.
NOTE    The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003 or IMS packet switched network) and to provide a means of manually triggering the notification of an emergency incident.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16062:2023(Main)
Intelligent transport systems - ESafety - eCall high level application requirements (HLAP) using GSM/UMTS circuit switched networks
SIST EN 16062:2023

In respect of pan-European eCall (operating requirements defined in EN 16072), this document defines the high-level application protocols, procedures and processes required to provide the eCall service using a TS12 emergency call over a circuit-switched mobile communications network.
NOTE 1   The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003) and to provide a means of manually triggering the notification of an emergency incident.
NOTE 2   HLAP requirements for third-party services supporting eCall can be found in EN 16102, and have been developed in conjunction with the development of this work item, and is consistent in respect of the interface to the PSAP. This deliverable makes reference to those provisions but does not duplicate them.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17573-3:2023(Main)
Electronic fee collection - System architecture for vehicle-related tolling - Part 3: Data dictionary (ISO 17573-3:2023)
SIST EN ISO 17573-3:2023

This document specifies the syntax and semantics of data objects in the field of electronic fee collection (EFC). The definitions of data types and assignment of semantics are provided in accordance with the abstract syntax notation one (ASN.1) technique, as specified in ISO/IEC 8824-1. This document defines:
—     ASN.1 (data) types within the fields of EFC;
—     ASN.1 (data) types of a more general use that are used more specifically in standards related to EFC.
This document does not seek to define ASN.1 (data) types that are primarily related to other fields that operate in conjunction with EFC, such as cooperative intelligent transport systems (C-ITS), the financial sector, etc.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17870:2023(Main)
Intelligent transport systems - eSafety - eCall additional data concept for equipment limitations
SIST EN 17870:2023

This document defines an additional data concept that can be transferred as the ‘optional additional data’ part of an eCall MSD, as defined in EN 15722, that can be transferred from a vehicle to a PSAP in the event of a crash or emergency via an eCall communication session.
The purpose of this document is to provide means to notify the PSAP of any limitations to the sending equipment that are endorsed by other standards, but not (immediately) apparent to the receiver. Lack of knowledge about these limitations can hamper the emergency process. This document describes an additional data concept which facilitates the inclusion of information about such limitations in a consistent and usable matter.
This document can be seen as an addendum to EN 15722; it contains as little redundancy as possible.
NOTE 1   The communications media protocols and methods for the transmission of the eCall message are not specified in this document.
NOTE 2   Additional data concepts can also be transferred, and it is advised to register any such data concepts using a data registry as defined in EN ISO 24978 [1]. See www.esafetydata.com for an example.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 14906:2023(Main)
Electronic fee collection - Application interface definition for dedicated short-range communication (ISO 14906:2022)
SIST EN ISO 14906:2023

This document specifies the application interface in the context of electronic fee collection (EFC) systems using dedicated short-range communication (DSRC).
The EFC application interface is the EFC application process interface to the DSRC application layer, as can be seen in Figure 1. This document comprises specifications of:
—    EFC attributes (i.e. EFC application information) that can also be used for other applications and/or interfaces;
—    the addressing procedures of EFC attributes and (hardware) components (e.g. integrated circuit(s) card);
—    EFC application functions, i.e. further qualification of actions by definitions of the concerned services, assignment of associated ActionType values, and content and meaning of action parameters;
—    the EFC transaction model, which defines the common elements and steps of any EFC transaction;
—    the behaviour of the interface so as to ensure interoperability on an EFC-DSRC application interface level.
This is an interface standard, adhering to the open systems interconnection (OSI) philosophy (see ISO/IEC 7498-1), and it is as such not primarily concerned with the implementation choices to be realized at either side of the interface.
This document provides security-specific functionality as place holders (data and functions) to enable the implementation of secure EFC transactions. Yet the specification of the security policy (including specific security algorithms and key management) remains at the discretion and under the control of the EFC operator, and hence is outside the scope of this document.

  • Standard
    131 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 20524-1:2022(Main)
Intelligent transport systems - Geographic Data Files (GDF) GDF5.1 - Part 1: Application independent map data shared between multiple sources (ISO 20524-1:2020)
SIST EN ISO 20524-1:2023

This document specifies the conceptual and logical data model and physical encoding formats for geographic databases for Intelligent Transport Systems (ITS) applications and services. It includes a specification of potential contents of such databases (data dictionaries for Features, Attributes and Relationships), a specification of how these contents shall be represented, and of how relevant information about the database itself may be specified (metadata).
The focus of this document is on ITS applications and services and it emphasizes road and road-related information. ITS applications and services, however, also require information in addition to road and road-related information.
EXAMPLE 1    ITS applications and services need information about addressing systems in order to specify locations and/or destinations. Consequently, information about the administrative and postal subdivisions of an area is essential.
EXAMPLE 2    Map display is an important component of ITS applications and services. For proper map display, the inclusion of contextual information such as land and water cover is essential.
EXAMPLE 3    Point-of-Interest (POI) or service information is a key feature of traveller information. It adds value to end-user ITS applications and services.
Typical ITS applications and services targeted by this document are in-vehicle or portable navigation systems, traffic management centres, or services linked with road management systems, including public transport systems.
The Conceptual Data Model has a broader focus than ITS applications and services. It is application independent, allowing for future harmonization of this document with other geographic database standards.

  • Standard
    1077 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 20524-2:2022(Main)
Intelligent transport systems - Geographic Data Files (GDF) GDF5.1 - Part 2: Map data used in automated driving systems, Cooperative ITS, and multi-modal transport (ISO 20524-2:2020)
SIST EN ISO 20524-2:2023

This document specifies the conceptual and logical data model in addition to the physical encoding formats for geographic databases for Intelligent Transport Systems (ITS) applications and services. This document includes a specification of potential contents of such databases (data dictionaries for Features, Attributes and Relationships), a specification of how these contents are to be represented, and how relevant information about the database itself can be specified (metadata). This document further defines map data used in automated driving systems, Cooperative-ITS, and Multi-modal transport.
The focus of this document is firstly on emerging ITS applications and services, such as Cooperative-ITS and automated driving systems, and it emphasizes road, lane and relevant information on road and lane. However, ITS applications and services also require other information in addition to road and road-related information, which are provided as external databases to connect with GDF and to complement each other. Highly defined public transport databases, for instance, are indispensable in multi-modal transport applications and services in particular. Thus, this document focuses secondly on an expansion of the specification to connect with externally existing databases. It is particularly designed to connect a Transmodel (EN 12896-1 and EN 12896-2) conformant public transport database.
Typical ITS applications and services targeted by this document are in-vehicle or portable navigation systems, traffic management centres, or services linked with road management systems, including public transport systems.
The conceptual data model specified here has a broader focus than ITS applications and services. It is application independent, allowing for future harmonization of this model with other geographic database standards.

  • Standard
    604 pages
    English language
    sale 10% off
    e-Library read for
    1 day