iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

CEN/TS 16439:2013

(Main)

Electronic fee collection - Security framework

Electronic fee collection - Security framework

1.1   EFC specific scope
ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.
Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application.
The scope of this security framework comprises the following:
-   general information security objectives of the stakeholders;
-   threat analysis;
-   definition of a trust model;
-   security requirements;
-   security measures – countermeasures;
-   security specifications for interface implementation;
-   key management;
-   security policies;
-   privacy-enabled implementations.
The following is outside the scope of this Technical Specification:
-   a complete risk assessment for an EFC system;
-   security issues rising from an EFC application running on an ITS station;
NOTE   Security issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on "Guidelines for EFC-applications based on in vehicle ITS Stations" that is being developed at the time of publication of this document.
-   entities and interfaces of the interoperability management role;
-   the technical trust relation of the model between TSP and User;
-   a complete specification and description of all necessary security measures to all identified threats;
-   concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS);
-   detailed specifications required for privacy-friendly EFC implementations.
The detailed scope of the bullet points and the clause with the corresponding content is given below:
-   General information security objectives of the stakeholders (informative, Annex C)
To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment.
-   Threat analysis (informative, Annex D)
The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities).
-   Definition of a trust model (normative, Clause 5)
The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.
-   Security requirements (normative, Clause 6)
(...)

Elektronische Gebührenerhebung - Sicherheitsgrundstruktur

Perception de télépéage - Cadre de sécurité

Elektronsko pobiranje pristojbin - Varnostni okvir

Standard ISO 17573 določa vloge in funkcije ter notranje in zunanje subjekte okolja sistema za elektronsko pobiranje pristojbin (EFC). Varnostni okvir na podlagi sistemske arhitekture iz standarda ISO 17573 opisuje sklop zahtev in varnostnih ukrepov za zainteresirane strani, da lahko svoj del sistema za okoljsko pobiranje pristojbin izvajajo in upravljajo v skladu z zahtevami za zaupanja vredno okolje ob upoštevanju osnovne politike informacijske varnosti. Na splošno je skupno področje uporabe okvir informacijske varnosti za vse organizacijske in tehnične subjekte, podrobno pa za vmesnike med njimi.

General Information

Status
Withdrawn
Publication Date
29-Jan-2013
Withdrawal Date
13-Oct-2015
ICS
35.240.60 - IT applications in transport
Technical Committee
CEN/TC 278 - Road transport and traffic telematics
Drafting Committee
CEN/TC 278/WG 1 - Electronic fee collection and access control (EFC)
Current Stage
9960 - Withdrawal effective - Withdrawal
Completion Date
14-Oct-2015
Directive
2004/54/EC - Directive 2004/52/EC of the European Parliament and of the Council of 29 April 2004 on the interoperability of electronic road toll systems in the Community (Text with EEA relevance)
Mandate
M/338 - Standardisation mandate to CEN, CENELEC and ETSI in support of interoperabilty of electonic road toll systems in the community
Ref Project
SIST-TS CEN/TS 16439:2013 - Electronic fee collection - Security framework

Relations

Replaced By
CEN ISO/TS 19299:2015 - Electronic fee collection - Security framework (ISO/TS 19299:2015)
Effective Date
04-Sep-2013

Buy Standard

TS CEN/TS 16439:2013TS CEN/TS 16439:2013
PreviousNext
Technical specification
TS CEN/TS 16439:2013
English language
141 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 16439:2013
01-april-2013
Elektronsko pobiranje pristojbin - Varnostni okvir
Electronic fee collection - Security framework
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur
Perception de télépéage - Cadre de sécurité
Ta slovenski standard je istoveten z: CEN/TS 16439:2013
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
SIST-TS CEN/TS 16439:2013 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 16439:2013

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 16439:2013


TECHNICAL SPECIFICATION
CEN/TS 16439

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
January 2013
ICS 35.240.60
English Version
Electronic fee collection - Security framework
Perception de télépéage - Cadre de sécurité Elektronische Gebührenerhebung -
Sicherheitsgrundstruktur
This Technical Specification (CEN/TS) was approved by CEN on 27 August 2012 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 16439:2013: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 16439:2013
CEN/TS 16439:2013 (E)
Contents Page
Foreword . 6
0 Introduction . 7
0.1 Reader's guide . 7
0.2 EFC role model . 8
0.3 Relation to other security standards . 9
1 Scope . 11
1.1 EFC specific scope . 11
1.2 Scope in relation to other security frameworks . 14
2 Normative references . 15
3 Terms and definitions . 16
4 Symbols and abbreviations . 22
5 Trust model . 24
5.1 Introduction . 24
5.2 Stakeholders trust relations . 24
5.3 Technical trust model . 25
5.3.1 General . 25
5.3.2 Trus
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 21177:2024(Main)
Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)
oSIST prEN ISO 21177:2024

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.:
—     between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and
—     between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

  • Draft
    111 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13141:2024(Main)
Electronic fee collection - Localization augmentation communication for autonomous systems (ISO 13141:2024)
oSIST prEN ISO 13141:2023

This document establishes requirements for short-range communication for the purposes of augmenting the localization in autonomous electronic fee collection (EFC) systems. Localization augmentation serves to inform on-board equipment (OBE) about geographical location and the identification of a charge object. This document specifies the provision of location and heading information and security means to protect against the manipulation of the OBE with false RSE.
The localization augmentation communication (LAC) takes place between an OBE in a vehicle and fixed RSE. This document is applicable to OBE in an autonomous mode of operation.
This document specifies attributes and functions for the purpose of localization augmentation, by making use of the dedicated short-range communications (DSRC) communication services provided by DSRC Layer 7, and makes these LAC attributes and functions available to the LAC applications at the RSE and the OBE. Attributes and functions are specified on the level of application data units (ADUs; see Figure 1).
As depicted in Figure 1, this document is applicable to:
—     the application interface definition between OBE and RSE;
—     the interface to the DSRC application layer, as specified in ISO 15628 and EN 12834;
—     the use of the DSRC stack.
The LAC is suitable for a range of short-range communication media. This document provides specific definitions regarding the CEN-DSRC stack as specified in EN 15509. Annexes C, D, E and H provide for the use of the Italian DSRC as specified in ETSI/ES 200 674-1, ISO CALM IR ARIB DSRC and WAVE DSRC.
This document contains a protocol implementation conformance statement (PICS) proforma in Annex B and transaction examples in Annex F. Annex G highlights how to use this document for the European Electronic Toll Service (EETS).
Test specifications are not within the scope of this document.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 12813:2024(Main)
Electronic fee collection - Compliance check communication for autonomous systems (ISO 12813:2024)
SIST EN ISO 12813:2024

This document specifies requirements for short-range communication for the purposes of compliance checking in autonomous electronic fee collecting systems. Compliance checking communication (CCC) takes place between a road vehicle's on-board equipment (OBE) and an interrogator [fixed and mobile roadside equipment (RSE) or hand-held unit] and serves to establish whether the data that are delivered by the OBE correctly reflect the road usage of the corresponding vehicle according to the rules of the pertinent toll regime.
The operator of the compliance checking interrogator is assumed to be part of the toll charging role as defined in ISO 17573-1. The CCC permits identification of the OBE, vehicle and contract, and verification of whether the driver has fulfilled their obligations and the checking status and performance of the OBE. The CCC reads, but does not write, OBE data.
This document is applicable to OBE in an autonomous mode of operation. It is not applicable to compliance checking in dedicated short-range communication (DSRC)-based charging systems.
It specifies data syntax and semantics, but not a communication sequence. All the attributes specified herein are required in any OBE claimed to be compliant with this document, even if some values are set to “not specified” in cases where a certain functionality is not present in an OBE. The interrogator is free to choose which attributes are read in the data retrieval phase, as well as the sequence in which they are read. In order to achieve compatibility with existing systems, the communication makes use of the attributes specified in ISO 17573-3 wherever useful.
The CCC is suitable for a range of short-range communication media. Specific definitions are given for the CEN-DSRC as specified in EN 15509, as well as for the use of ISO CALM IR, the Italian DSRC as specified in ETSI ES 200 674-1, ARIB DSRC, and WAVE DSRC as alternatives to the CEN-DSRC. The attributes and functions specified are for compliance checking by means of the DSRC communication services provided by DSRC application layer, with the CCC attributes and functions made available to the CCC applications at the RSE and OBE. The attributes and functions are specified on the level of application data units (ADUs).
The definition of the CCC includes:
—     the application interface between OBE and RSE (as depicted in Figure 2);
—     use of the generic DSRC application layer as specified in ISO 15628 and EN 12834;
—     CCC data type specifications given in Annex A;
—     a protocol implementation conformance statement (PICS) proforma is given in Annex B;
—     use of the CEN-DSRC stack as specified in EN 15509, or other equivalent DSRC stacks as described in Annex C, Annex D, Annex E and Annex F;
—     security services for mutual authentication of the communication partners and for signing of data (see Annex H);
In addition, an example CCC transaction is presented in Annex G and Annex I highlights how to use this document for the European Electronic Toll Service (EETS).
Test specifications are not within the scope of this document.

  • Draft
    62 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17419:2018/A1:2024(Amendment)
Intelligent transport systems - Cooperative systems - Globally unique identification - Amendment 1: Regions of a closed polygon in a plane (ISO 17419:2018/Amd 1:2024)
SIST EN ISO 17419:2018/A1:2024
  • Draft
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17905:2023(Main)
Intelligent transport systems - eSafety - eCall HLAP in hybrid circuit switched/packet switched network environments
SIST EN 17905:2024

In respect of 112-eCall (pan-European eCall) (operating requirements defined in EN 16072), this document defines the additional high level application protocols, procedures and processes required to provide the eCall service whilst there are still both circuit switched and packet switched wireless communication networks in operation.
NOTE    The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003 or IMS packet switched network) and to provide a means of manually triggering the notification of an emergency incident.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16454:2023(Main)
Intelligent transport systems - ESafety - ECall end to end conformance testing
SIST EN 16454:2024

This European Standard defines the key actors in the eCall chain of service provision as:
1) In-Vehicle System (IVS)/vehicle,
2) Mobile network Operator (MNO),
3) Public safety assistance point [provider](PSAP),
in some circumstances may also involve:
4) Third Party Service Provider (TPSP),
and to provide conformance tests for actor groups 1) - 4).
NOTE Conformance tests are not appropriate nor required for vehicle occupants, although they are the recipient of the service.
This European Standard covers conformance testing (and approval) of new engineering developments, products and systems, and does not imply testing associated with individual installations in vehicles or locations.

  • Standard
    264 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17573-3:2023(Main)
Electronic fee collection - System architecture for vehicle-related tolling - Part 3: Data dictionary (ISO 17573-3:2023)
SIST EN ISO 17573-3:2023

This document specifies the syntax and semantics of data objects in the field of electronic fee collection (EFC). The definitions of data types and assignment of semantics are provided in accordance with the abstract syntax notation one (ASN.1) technique, as specified in ISO/IEC 8824-1. This document defines:
—     ASN.1 (data) types within the fields of EFC;
—     ASN.1 (data) types of a more general use that are used more specifically in standards related to EFC.
This document does not seek to define ASN.1 (data) types that are primarily related to other fields that operate in conjunction with EFC, such as cooperative intelligent transport systems (C-ITS), the financial sector, etc.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16062:2023(Main)
Intelligent transport systems - ESafety - eCall high level application requirements (HLAP) using GSM/UMTS circuit switched networks
SIST EN 16062:2023

In respect of pan-European eCall (operating requirements defined in EN 16072), this document defines the high-level application protocols, procedures and processes required to provide the eCall service using a TS12 emergency call over a circuit-switched mobile communications network.
NOTE 1   The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003) and to provide a means of manually triggering the notification of an emergency incident.
NOTE 2   HLAP requirements for third-party services supporting eCall can be found in EN 16102, and have been developed in conjunction with the development of this work item, and is consistent in respect of the interface to the PSAP. This deliverable makes reference to those provisions but does not duplicate them.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17870:2023(Main)
Intelligent transport systems - eSafety - eCall additional data concept for equipment limitations
SIST EN 17870:2023

This document defines an additional data concept that can be transferred as the ‘optional additional data’ part of an eCall MSD, as defined in EN 15722, that can be transferred from a vehicle to a PSAP in the event of a crash or emergency via an eCall communication session.
The purpose of this document is to provide means to notify the PSAP of any limitations to the sending equipment that are endorsed by other standards, but not (immediately) apparent to the receiver. Lack of knowledge about these limitations can hamper the emergency process. This document describes an additional data concept which facilitates the inclusion of information about such limitations in a consistent and usable matter.
This document can be seen as an addendum to EN 15722; it contains as little redundancy as possible.
NOTE 1   The communications media protocols and methods for the transmission of the eCall message are not specified in this document.
NOTE 2   Additional data concepts can also be transferred, and it is advised to register any such data concepts using a data registry as defined in EN ISO 24978 [1]. See www.esafetydata.com for an example.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 15876:2023(Main)
Electronic fee collection - Conformity evaluation of on-board and roadside equipment to EN 15509
SIST EN 15876:2023

This document specifies the test suite structure (TSS) and test purposes (TPs) for evaluation of on-board equipment (OBE) and roadside equipment (RSE) to EN 15509.
Normative Annex A presents the test purposes for the OBE.
Normative Annex B presents the test purposes for the RSE.
Normative Annex C provides the protocol conformance test report (PCTR) proforma for OBE.
Normative Annex D provides the PCTR proforma for RSE.

  • Standard
    122 pages
    English language
    sale 10% off
    e-Library read for
    1 day