Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication

This document defines: — personalization interface: dedicated short-range communication (DSRC), — physical systems: on-board equipment and the personalization equipment, — DSRC-link requirements, — EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface, and — security data elements and mechanisms to be used over the DSRC interface. A protocol information conformance statement (PICS) proforma is provided in Annex B, and security computation examples are provided in Annex E. It is outside the scope of this document to define: — conformance procedures and test specifications, — setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third party), and — legal issues. NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278 or ETSI ERM.

Perception de télépéage — Personnalisation des équipements embarqués — Partie 2: Utilisation des communications dédiées à courte portée

General Information

Status
Published
Publication Date
13-Oct-2022
Current Stage
6060 - International Standard published
Due Date
03-Nov-2023
Completion Date
14-Oct-2022
Ref Project

RELATIONS

Buy Standard

Technical specification
ISO/TS 21719-2:2022 - Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication Released:14. 10. 2022
English language
37 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/PRF TS 21719-2 - Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication Released:5/30/2022
English language
38 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/PRF TS 21719-2 - Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication Released:5/30/2022
English language
38 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/TS
SPECIFICATION 21719-2
Second edition
2022-10
Electronic fee collection —
Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range
communication
Perception de télépéage — Personnalisation des équipements
embarqués —
Partie 2: Utilisation des communications dédiées à courte portée
Reference number
ISO/TS 21719-2:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO/TS 21719-2:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 21719-2:2022(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction .................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 2

4 Abbreviated terms ............................................................................................................................................................................................. 4

5 Conformance ............................................................................................................................................................................................................ 5

5.1 General ........................................................................................................................................................................................................... 5

5.2 Base standards ....................................................................................................................................................................................... 5

5.3 Main contents of an EFC personalization AP ............................................................................................................... 5

5.4 Conformance statement ................................................................................................................................................................. 6

6 Personalization overview ..........................................................................................................................................................................6

6.1 Process ........................................................................................................................................................................................................... 6

6.2 System architecture ........................................................................................................................................................................... 6

7 OBE requirements ..............................................................................................................................................................................................6

7.1 General ........................................................................................................................................................................................................... 6

7.2 DSRC lower layer requirements .............................................................................................................................................. 6

7.2.1 Supported DSRC stacks ................................................................................................................................................ 6

7.2.2 CEN DSRC stack ................................................................................................................................................................... 7

7.3 OBE personalization functions................................................................................................................................................. 8

7.3.1 General ........................................................................................................................................................................................ 8

7.3.2 Initialization and termination ................................................................................................................................ 8

7.3.3 Retrieving the OBE identifier .................................................................................................................................. 8

7.3.4 Writing of data ..................................................................................................................................................................... 8

7.4 Security requirements ......... ......................................................................................................................................................... 11

7.5 Transaction requirements ........................................................................................................................................................12

8 Personalization equipment requirements ............................................................................................................................13

8.1 General ........................................................................................................................................................................................................13

8.2 DSRC lower layer requirements ...........................................................................................................................................13

8.2.1 Supported DSRC stacks .............................................................................................................................................13

8.2.2 CEN DSRC stack ................................................................................................................................................................13

8.3 PE personalization functions ........................................................................................................................................... .......13

8.4 Security requirements ......... ......................................................................................................................................................... 13

8.5 Transaction requirements ........................................................................................................................................................13

Annex A (normative) Security calculations ..............................................................................................................................................14

Annex B (normative) PICS proforma ........................................................................................................................................... ......................19

Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 ...............................................24

Annex D (informative) Transaction example ..........................................................................................................................................29

Annex E (informative) Security computation examples ..............................................................................................................33

Bibliography .............................................................................................................................................................................................................................37

iii
© ISO 2022 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/TS 21719-2:2022(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in

collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC

278, Intelligent transport systems, in accordance with the Agreement on technical cooperation between

ISO and CEN (Vienna Agreement).

This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been

technically revised.
The main changes are as follows:
— addition of subclause 5.4 on the Conformance statement;

— minor updating of terms, including a reference to ISO/TS 17573-2 as the primary source.

A list of all parts in the ISO 21719 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 21719-2:2022(E)
Introduction

On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to

support different intelligent transport system (ITS) implementations such as electronic fee collection

(EFC).

To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed.

This means that unique user- and vehicle-related data needs to be transferred and stored in the OBE.

CEN/TR 16152 assessed many aspects of the personalization process and defined the overall

personalization assets: application data, application keys and vehicle data.

Different communication media may be used for transferring the personalization assets to the OBE. An

overall message exchange framework and required security functionality may be applied for all media

common procedures, to ensure data protection and integrity.

By standardizing the personalization procedure, compatibility of personalization equipment is

supported, and the entity responsible for the personalization [e.g. a toll service provider (TSP)] will

further be able to outsource partial or complete personalization to a third party or to another service

provider or personalization agent.

The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated

short-range communication (DSRC) interface between the personalization equipment (PE) and the OBE.

Figure 1 — Scope for this document (box delimited by a dotted line)

This document defines a complete application profile using the personalization functionality described

in ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as

specified in EN 13372 and using the EFC Application Interface according to ISO 14906.

This document further defines in the annexes the use of this application profile on top of other DSRC

communication stacks that are compliant with the application layer interfaces as defined in ISO 14906

and EN 12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
© ISO 2022 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/TS 21719-2:2022(E)
Key
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
© ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 21719-2:2022(E)
Electronic fee collection — Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range communication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
— physical systems: on-board equipment and the personalization equipment,
— DSRC-link requirements,

— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface,

and
— security data elements and mechanisms to be used over the DSRC interface.

A protocol information conformance statement (PICS) proforma is provided in Annex B, and security

computation examples are provided in Annex E.
It is outside the scope of this document to define:
— conformance procedures and test specifications,

— setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third

party), and
— legal issues.

NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278 or ETSI

ERM.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes

(MACs) — Part 1: Mechanisms using a block cipher

ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit

block cipher

ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range

communication

ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC

application layer
© ISO 2022 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/TS 21719-2:2022(E)

ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:

Block ciphers

EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) —

DSRC application layer

EN 15509:2022, Electronic fee collection — Interoperability application profile for DSRC

ETSI/ES 200 674-1:2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics

(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test

methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,

Scientific and Medical (ISM) band (V2.4.1, 2013-05)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
access credentials

trusted attestation or secure module that establishes the claimed identity of an object or application

[SOURCE: ISO/TS 17573-2:2020, 3.4, modified — admitted term removed (listed in Clause 4).]

3.2
attribute

addressable package of data consisting of a single data element or structured sequences of data

elements
[SOURCE: ISO/TS 17573-2:2020, 3.13]
3.3
authentication
security mechanism allowing verification of the provided identity
[SOURCE: ISO/TS 17573-2:2020, 3.15]
3.4
authenticator
data, possibly encrypted, that is used for authentication (3.3)
[SOURCE: ISO/TS 17573-2:2020, 3.16]
3.5
base standard
approved International Standard, Technical Specification or ITU-T Recommendation

Note 1 to entry: This includes but is not limited to approved standard deliverables from ISO, ITU, CEN, CENELEC,

ETSI and IEEE.
[SOURCE: ISO/TS 17573-2:2020, 3.23]
3.6
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[SOURCE: ISO/TS 17573-2:2020, 3.56]
© ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 21719-2:2022(E)
3.7
electronic fee collection
fee collection by electronic means

[SOURCE: ISO/TS 17573-2:2020, 3.70, modified — admitted term removed (listed in Clause 4).]

3.8
EFC Element
coherent set of data and functionality

Note 1 to entry: The functionality includes, where applicable, the security-related functions and the associated

security keys.

Note 2 to entry: EFC Elements are created by the applications and addressed using Element identifiers.

Note 3 to entry: In a given on-board equipment (OBE) (3.9), the EID is used to address a toll context, identified by

the EFC-ContextMark, in which attributes (3.2) can be addressed unambiguously by AttributeIDs inside an EFC

Element of the OBE.
[SOURCE: ISO/TS 17573-2:2020, 3.71]
3.9
on-board equipment

all required equipment on-board a vehicle for performing required electronic fee collection (EFC) (3.7)

functions and communication services

[SOURCE: ISO/TS 17573-2:2020, 3.126, modified — admitted term removed (listed in Clause 4).]

3.10
OBE personalization
transferring personalization assets (3.11) to the on-board equipment (OBE) (3.9)
[SOURCE: ISO/TS 17573-2:2020, 3.123]
3.11
personalization assets

specific data stored in the on-board equipment (OBE) (3.9) related to the user and the vehicle

[SOURCE: ISO/TS 17573-2:2020, 3.137]
3.12
personalization equipment

equipment for transferring personalization assets (3.11) to the on-board equipment (OBE) (3.9)

[SOURCE: ISO/TS 17573-2:2020, 3.138]
3.13
profile

set of requirements and selected options from base standards (3.5) or international standardized

profiles used to provide a specific functionality
[SOURCE: ISO/TS 17573-2:2020, 3.146]
3.14
toll service provider
entity providing toll services in one or more toll domains

[SOURCE: ISO/TS 17573-2:2020, 3.206, modified — admitted term removed (listed in Clause 4).]

© ISO 2022 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/TS 21719-2:2022(E)
3.15
transaction

whole of the exchange of information between two physically separated communication facilities

[SOURCE: ISO/TS 17573-2:2020, 3.211]
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
Ack acknowledgement
AcK access key
AC_CR access credentials
ADU application data unit
APDU application protocol data unit
AP application profile
ASN.1 abstract syntax notation one
AVEI automatic vehicle and equipment identification
BST beacon service table
CBC cipher block chaining
DSRC dedicated short-range communication
EFC electronic fee collection
EID element identifier
ICS implementation conformance statement
IUT implementation under test
MAC message authentication code
OBE on-board equipment
PE personalization equipment
PICS protocol implementation conformance statement
SAM secure application module
TSP toll service provider
T-APDU transfer-application protocol data unit
VST vehicle service table
© ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 21719-2:2022(E)
5 Conformance
5.1 General

This clause describes in general terms what it means to be conformant with (the profile in) this

document.
5.2 Base standards

This document defines one application profile (AP). The base standards that this AP is based upon are

as follows:
— standards for security functionality;
— standards for EFC application definition as, e.g. ISO 14906;
— standards for the DSRC communication stack definition.

An overview of the relationship and references between base standards and this AP is illustrated in

Figure 3.
Key
AVEI automatic vehicle and equipment identification
Figure 3 — Relationship and references between base standards and this document

All requirements defined in this document are either choices made from these base standards or more

specific and limited requirement based on the general provisions of these standards.

5.3 Main contents of an EFC personalization AP

The conformance requirements of an AP are divided between requirements for the on-board equipment

(OBE) and the personalization equipment (PE). The requirements are listed separately for OBE and PE.

This applies for all parts, requirements, PICS and conformance testing.
© ISO 2022 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/TS 21719-2:2022(E)

The conformance requirements of an AP according to this document shall include the following parts

(divided into separate requirements for OBE and PE):
— DSRC lower layer requirements;
— EFC personalization functions;
— security requirements;
— transaction requirements.
5.4 Conformance statement

A supplier of OBE that claims conformity of their OBE to this document shall provide a statement of

conformance to this document by completing the protocol implementation conformance statement

(PICS) as provided in B.5.
6 Personalization overview
6.1 Process
The overall personalization process is described in ISO/TS 21719-1:2018, 5.1.

Personalization means that an existing EFC application structure in the OBE is populated with

personalization assets such as user or vehicle data.

Creation of the EFC application and entering initial data, such as initial security keys, is performed

before the personalization and is out of scope of this document.

During personalization, the OBE shall be within the communication range of the PE in order for the data

exchange according to this document to take place.

Application data and security keys are transferred to the OBE during the personalization process in an

attribute list using standardized DSRC commands according to the requirements in this document.

6.2 System architecture
The overall system architecture is described in ISO/TS 21719-1:2018, 5.2.

For personalization over a DSRC interface, the OBE and PE shall contain a DSRC stack and the application

services as described in this document.

Security functionality and secure key storage may either be implemented within the PE or the PE may

be connected to a central system where this functionality may reside. This is outside the scope of this

document.
7 OBE requirements
7.1 General

This clause contains the normative conformance requirements on the OBE for profile number 1: EFC-

DSRC-Personalization Profile 1.
7.2 DSRC lower layer requirements
7.2.1 Supported DSRC stacks
This document supports the DSRC stacks as defined in Table 1.
© ISO 2022 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TS 21719-2:2022(E)
Table 1 — Supported DSRC stacks
DSRC stack Application layer Lower layers Detailed specifications
CEN-DSRC ISO 15628 EN 12795 Specification in 7.2.2
EN 12834 EN 12253

Italian DSRC ETSI/ES 200 674– ETSI/ES 200 674– Specification and implementation example in

1:2013, Clause 11 1:2013, Clauses 7 to Annex C
and Annex C 10 and Annex C
Japanese DSRC ARIB STD-T75 ARIB STD-T75
Wave DSRC IEEE1609.11 IEEE 802.11p
IEEE 1609.3/4
7.2.2 CEN DSRC stack

The following requirements apply for the personalization profile when using the CEN DSRC stack.

The OBE shall comply with EN 15509:2022, 6.1.2 which implicitly requires conformance with the

underlying standards as shown in Figure 4.
Figure 4 — Relationship and references between standards for the CEN DSRC stack
© ISO 2022 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/TS 21719-2:2022(E)
7.3 OBE personalization functions
7.3.1 General
The OBE shall offer the following functions in order to support personalization:

— initialization of communication: used to establish a communication session with the OBE;

— transferring OBE identifier(s) to the PE; (optional);
— writing of data: used to update data in the OBE;
— terminate session: used to terminate the personalization session with the OBE.
7.3.2 Initialization and termination
For CEN-DSRC, the OBE shall provide the following functions:

— INITIALIZATION, and RELEASE application layer services according to ISO 15628 and EN 12834.

DSRC stack implementations of initialization and termination according to ETSI ES 200 674-1 shall be in

accordance with Annex C.

During initialization, the OBE shall transfer the following security parameters to the PE:

— random number from the OBE, RndOBE;
— key diversifier (optional);
— key reference (optional).
7.3.3 Retrieving the OBE identifier

In order for the PE to know the identity of the unit and, if necessary, provide a parameter for key

derivation to the PE, the function GET according to ISO 15628 and EN 12834 may optionally be

implemented.

It is out of the scope of this document to define the exact parameter to be used as the identifier.

7.3.4 Writing of data

The main functionality of personalization is to write or update data to already existing data fields

(attributes) in an EFC application in the OBE.

The writing of data shall be performed by using the EFC function SET_SECURE as defined in ISO 14906.

Application attributes are defined with their container types in the application interface standard

ISO 14906. Security keys are stored in attributes with container type 2 (octet string).

The SET_SECURE.request shall, for personalization, be used as shown in Table 2 where the settings of

optional parameters are defined and shown in bold for the purpose of this document.

Table 2 — SET_SECURE.request
parameter name ASN.1 type Value Remark/constraints
Element identifier EID Dsrc-EID 1–127
ActionType INTEGER(0..127,...) 3
AccessCredentials OCTET STRING PRESENT, Length = 8 octets
ActionParameter OCTET STRING Content; see Table 3
© ISO 2022 – All rights reserved
---------------------- Page: 14 ----------------------
ISO/TS 21719-2:2022(E)
TTabablele 2 2 ((ccoonnttiinnueuedd))
parameter name ASN.1 type Value Remark/constraints
Mode BOOLEAN TRUE Confirmed mode

The ActionParameter shall carry the attributes to be written into the OBE plus any information required

by the algorithm providing the security measures. SET_SECURE.request shall be used in confirmed

mode, and a reply shall always be expected.

The content of the action parameter (OCTET STRING) within the scope of this document is defined in

Table 3.
Table 3 — Action parameter content definition
Parameter Length Definition
(octets)
Option_indicator request 1 Always present
Bit string that defines which optional parameters are present
in Action Parameter; it is defined as follows:
b – AttributeList present
b – AttributeListEncrypted present
b – KeyRefEnc present
b – RndPE present
b – Autenticator_Request present
b – KeyRefAuthReq present
b – KeyRefAuthRes present
b – Not used
Table 4 shows allowed combinations of the Option Indicator.
AttributeList n. Optional
An attributeList according to ISO 14906-
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
AttributeListEncrypted m. Optional
An octet string that contains an AttributeList that has been
padded to even 16 octet blocks and encrypted.
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
KeyRefEnc 1 Optional
Encryption Key reference.
Shall be present if AttributeListEncrypted is present.
RndPE 16 Optional
Random number from the PE.
Shall be present if AttributeListEncrypted is present or if
KeyRefAut
...

© ISO 2022 – All rights reserved
Style Definition: List Continue 5: Font: Indent: Hanging:
0.71 cm, Don't add space between paragraphs of the same
ISO/TC 204/SC
style
Style Definition: RefNorm
ISO/TC 204
Style Definition: Base_Text: Tab stops: 0.7 cm, Left + 1.4
cm, Left + 2.1 cm, Left + 2.8 cm, Left + 3.5 cm, Left + 4.2
ISO/DTS 21719-2
cm, Left + 4.9 cm, Left + 5.6 cm, Left + 6.3 cm, Left + 7
cm, Left
Second edition
Style Definition: Body Text_Center
Style Definition: Code: Tab stops: 0.57 cm, Left + 1.15
2022-0205-27
cm, Left + 1.72 cm, Left + 2.3 cm, Left + 2.87 cm, Left +
3.45 cm, Left + 4.02 cm, Left + 4.6 cm, Left + 5.17 cm,
ISO/TC 204/WG 5
Left + 5.74 cm, Left
Style Definition: Dimension_100
ISO/TC 204/WG 5
Style Definition: Figure Graphic
Secretariat: ANSIANSI
Style Definition: Figure subtitle
Style Definition: List Continue 1
Style Definition: List Number 1: Tab stops: Not at 0.71
Style Definition: Example indent 2: Tab stops: 2.39 cm,
Left
Electronic fee collection — Personalization of on-board equipment (OBE) —
Style Definition: Note indent 2 continued: Tab stops: 3.1
Part 2: Using dedicated short-range comunicationcommunication
cm, Left
Style Definition: Note indent 2
Perception de télépéage — Personnalisation des équipements embarqués — Partie 2:
Style Definition: AMEND Heading 1 Unnumbered:
Utilisation des communications à courte portée
Pattern: 15%
Formatted: Font: 13 pt
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: Font: 13 pt, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Font color: Black
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: Font: 13 pt, Font color: Black, French
(Switzerland)
Formatted: Font: Not Bold, French (Switzerland)
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 1 ----------------------
© ISO 2022 – All rights reserved
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 2 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted
© 2022 Copyright notice
Formatted: Justified, Border: Right: (Single solid line,

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While Blue, 0.5 pt Line width), Tab stops: 16.97 cm, Left

the reproduction of working drafts or committee drafts in any form for use by participants in the

Formatted: Font: 11 pt

ISO standards development process is permitted without prior permission from ISO, neither this

Formatted: Font: 11 pt, Not Bold

document nor any extract from it may be reproduced, stored or transmitted in any form for any

other purpose without prior written permission from ISO.

Requests for permission to reproduce this document for the purpose of selling it should be

addressed as shown below or to ISO's member body in the country of the requester:

ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
copyright@iso.org
www.iso.org

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.

Violators may be prosecuted.
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
iiiiii
---------------------- Page: 3 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Contents Page

Foreword .......................................................................................................................................................................... 4

Introduction .................................................................................................................................................................... 5

1 Scope .................................................................................................................................................................... 1

2 Normative references .................................................................................................................................... 1

3 Terms and definitions ................................................................................................................................... 2

4 Abbreviated terms .......................................................................................................................................... 4

5 Conformance ..................................................................................................................................................... 6

5.1 General ................................................................................................................................................................ 6

5.2 Base standards ................................................................................................................................................. 6

5.3 Main contents of an EFC Personalization AP ......................................................................................... 6

5.4 Conformance statement ................................................................................................................................ 7

6 Personalization overview ............................................................................................................................ 7

6.1 Process ................................................................................................................................................................ 7

6.2 System architecture ....................................................................................................................................... 7

7 OBE requirements ........................................................................................................................................... 7

7.1 General ................................................................................................................................................................ 7

7.2 DSRC lower layer requirements ................................................................................................................ 8

7.2.1 Supported DSRC stacks ................................................................................................................................. 8

7.2.2 CEN DSRC stack ................................................................................................................................................ 8

7.3 OBE personalization functions ................................................................................................................... 9

7.3.1 General ................................................................................................................................................................ 9

7.3.2 Initialization and termination .................................................................................................................... 9

7.3.3 Retrieving OBE identifier .......................................................................................................................... 10

7.3.4 Writing of data .............................................................................................................................................. 10

7.4 Security requirements ............................................................................................................................... 13

7.5 Transaction requirements ........................................................................................................................ 15

8 Personalization equipment requirements ......................................................................................... 15

8.1 General ............................................................................................................................................................. 15

8.2 DSRC lower layer requirements ............................................................................................................. 15

8.2.1 Supported DSRC stacks .............................................................................................................................. 15

8.2.2 CEN DSRC stack ............................................................................................................................................. 15

8.3 PE personalization functions ................................................................................................................... 15

8.4 Security requirements ............................................................................................................................... 15

8.5 Transaction requirements ........................................................................................................................ 16

Annex A (normative) Security calculations ..................................................................................................... 17

Annex B (normative) PICS proforma .................................................................................................................. 22

Annex C (normative) Personalization of ES 200 674-1-compliant OBE ................................................ 27

Annex D (informative) Transaction example .................................................................................................. 32

Annex E (informative) Security computation examples ............................................................................. 37

Bibliography ................................................................................................................................................................. 41

Foreword ........................................................................................................................................................................ vii

Introduction ................................................................................................................................................................... ix

© ISO 2022 – All rights reserved
iviv
---------------------- Page: 4 ----------------------
N/AISO/TS 21719-2:2022(E)

1 Scope .................................................................................................................................................................... 1

2 Normative references .................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................... 2

4 Abbreviated terms .......................................................................................................................................... 4

5 Conformance ..................................................................................................................................................... 6

5.1 General ................................................................................................................................................................ 6

5.2 Base standards ................................................................................................................................................. 6

5.3 Main contents of an EFC personalization AP ......................................................................................... 8

5.4 Conformance statement ................................................................................................................................ 8

6 Personalization overview ............................................................................................................................. 8

6.1 Process ................................................................................................................................................................ 8

6.2 System architecture ........................................................................................................................................ 8

7 OBE requirements ........................................................................................................................................... 9

7.1 General ................................................................................................................................................................ 9

7.2 DSRC lower layer requirements ................................................................................................................. 9

7.2.1 Supported DSRC stacks .................................................................................................................................. 9

7.2.2 CEN DSRC stack ................................................................................................................................................. 9

7.3 OBE personalization functions ................................................................................................................ 11

7.3.1 General ............................................................................................................................................................. 11

7.3.2 Initialization and termination ................................................................................................................. 11

7.3.3 Retrieving the OBE identifier ................................................................................................................... 12

7.3.4 Writing of data ............................................................................................................................................... 12

7.4 Security requirements ................................................................................................................................ 15

7.5 Transaction requirements ........................................................................................................................ 17

8 Personalization equipment requirements .......................................................................................... 17

8.1 General ............................................................................................................................................................. 17

8.2 DSRC lower layer requirements .............................................................................................................. 17

8.2.1 Supported DSRC stacks ............................................................................................................................... 17

8.2.2 CEN DSRC stack .............................................................................................................................................. 17

8.3 PE personalization functions ................................................................................................................... 17

8.4 Security requirements ................................................................................................................................ 17

8.5 Transaction requirements ........................................................................................................................ 18

Annex A (normative) Security calculations ...................................................................................................... 19

Annex B (normative) PICS proforma .................................................................................................................. 24

Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 ............................... 29

Annex D (informative) Transaction example .................................................................................................. 35

Annex E (informative) Security computation examples .............................................................................. 40

Bibliography ................................................................................................................................................................. 44

Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
---------------------- Page: 5 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies

(ISO member bodies). The work of preparing International Standards is normally carried out through ISO

technical committees. Each member body interested in a subject for which a technical committee has been

established has the right to be represented on that committee. International organizations, governmental and

non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International

Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2

The main task of technical committees is to prepare International Standards. Draft International Standards

adopted by the technical committees are circulated to the member bodies for voting. Publication as an

International Standard requires approval by at least 75 % of the member bodies casting a vote.

ln other circumstances, particularly when there is an urgent market requirement for such documents, a

technical committee may decide to publish other types of documents:

an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO

working group and is accepted for publication if it is approved by more than 50 % of the members of the parent

committee casting a vote;

an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical

committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a

vote.

An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed tor a further

three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed,

it is reviewed again after a further three years, at which time it must either be transformed into an International

Standard or be withdrawn.

The procedures used to develop this document and those intended for its further maintenance are described in

the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO

documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC

Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights

identified during the development of the document will be in the Introduction and/or on the ISO list of patent

declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute

an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions

related to conformity assessment, as well as information about ISO's adherence to the World Trade

Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in collaboration

with the European Committee for Standardization (CEN) Technical Committee CEN/TC 278, Intelligent

transport systems, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna

Agreement).
© ISO 2022 – All rights reserved
vivi
---------------------- Page: 6 ----------------------
N/AISO/TS 21719-2:2022(E)

This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been technically

revised.
The main changes are as follows:
— addition of subclause 5.4 on Conformance statement;

— minor updating of terms, including the reference to ISO/TS 17573-2 as the primary source.

A list of all parts in the ISO 21719 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.www.iso.org/members.html.

Formatted: English (United States)
A list of all parts in the ISO/TS 21719 series can be found on the ISO website.
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
viivii
---------------------- Page: 7 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Introduction

On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to support

different intelligent transport system (ITS) implementations such as electronic fee collection (EFC).

To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed. This

means that unique user- and vehicle -related data, needs to be transferred and stored in the OBE.

CEN/TR 16152 assessed many aspects of the personalization process and defin personalization assets;: application data, application keys and vehicle data.

Different communication media may be used for transferring the personalization assets to the OBE. An overall

message exchange framework and neededrequired security functionality may be applied, for all media common

procedures, to ensure data protection and integrity.

By standardizing the personalization procedure, compatibility of personalization equipment is supported, and

the entity responsible for the personalization (e.g. a toll service provider -, TSP), will further be able to outsource

parts of,partial or a complete, personalization to a third party or to another service provider or personalization

agent.

The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated short-

range communication (DSRC) interface between the personalization equipment (PE) and the OBE.

Domain of the entity responsible for personalization
Central System Personalization On-Board Equipment
DSRC
Equiment (OBE)
(PE)
Scope of this document
Figure 1 — Scope for this document (box delimited by a dotted line)

This document defines a complete application profile using the personalization functionality described in Formatted: Don't adjust space between Latin and Asian

text, Don't adjust space between Asian text and numbers

ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as specified in

EN 13372 and using the EFC Application Interface according to ISO 14906.

This document further defines in the annexes the use of this application profile on top of other DSRC

communication stacks that are compliant with the application layer interfaces as defined in ISO 14906 and EN

12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
© ISO 2022 – All rights reserved
viiiviii
---------------------- Page: 8 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
ixix
---------------------- Page: 9 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Key
ADU Application data unit
T-APDU Transfer-application protocol data unit
LPDU LLC protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
Formatted: Level 1, Don't adjust space between Latin
and Asian text, Don't adjust space between Asian text and
numbers
© ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
DRAFT TECHNICAL SPECIFICATION ISO/DTS TS 21719-2:2022(E)
Formatted: Font: 11.5 pt, English (United Kingdom)
Electronic fee collection — Personalization of on-board
equipment (OBE) — Part 2: Using dedicated short-range
comunicationcommunication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers,
Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1 cm, Left + 2.8
— physical systems: on-board equipment and the personalization equipment,
cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9 cm, Left + 5.6
cm, Left + 6.3 cm, Left + 7 cm, Left
— DSRC-link requirements,

— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface, and

— security data elements and mechanisms to be used over the DSRC interface.

A protocol information conformance statement (PICS) proforma is provided in Annex B, and security Formatted: Don't adjust space between Latin and Asian

text, Don't adjust space between Asian text and numbers
computation examples are provided in Annex E.
It is outside the scope of this document to define:

— conformance procedures and test specificationspecifications, Formatted: Don't adjust space between Latin and Asian

text, Don't adjust space between Asian text and numbers,
Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1 cm, Left + 2.8

— setting-up of operating organizations (e.g. TSPtoll service provider, personalization agent, trusted

cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9 cm, Left + 5.6
third party), and
cm, Left + 6.3 cm, Left + 7 cm, Left
— legal issues.

NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278, or ETSI ERM.

2 Normative references Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers

The following documents are referred to in the text in such a way that some or all of their content

Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes Formatted: Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1

cm, Left + 2.8 cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9
(MACs) — Part 1: Mechanisms using a block cipher
cm, Left + 5.6 cm, Left + 6.3 cm, Left + 7 cm, Left

ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit

block cipher
© ISO 2022 – All rights reserved
---------------------- Page: 11 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header

ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range

communication

ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC

application layer

ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:

Block ciphers

EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) — DSRC

application layer

FprENEN 15509:2022, Electronic Fee Collectionfee collection — Interoperability application profile for

Formatted: Default Paragraph Font
DSRC
Formatted: Default Paragraph Font
Formatted: Default Paragraph Font

ETSI /ES 200 674-1: 2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics

Formatted: Default Paragraph Font

(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test

methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,

Formatted: std_publisher
Scientific and Medical (ISM) band (V2.4.1, 2013-05)
Formatted: std_documentType
Formatted: std_docNumber
3 Terms and definitions
Formatted: std_docPartNumber

For the purposes of this document, the following terms and definitions apply. Formatted: std_year

Formatted: std_docTitle, Font: Not Italic

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— IEC Electropedia: available at www.electropedia.org

— ISO Online browsing platform: available at www.iso.org/obphttps://www.iso.org/obp

Formatted: English (United States)
Formatted: Adjust space between Latin and Asian text,
— IEC Electropedia: available at https://www.electropedia.org/
Adjust space between Asian text and numbers
Formatted: Hyperlink, English (United States)
3.1
access credentials
AC_CR

trusted attestation or secure module that establishes the claimed identity of an object or application

[SOURCE: ISO/TS 17573-2:2020, 3.4]
3.2
attribute
addressable package
...

TECHNICAL ISO/TS
SPECIFICATION 21719-2
Second edition
Electronic fee collection —
Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range
communication
Perception de télépéage — Personnalisation des équipements
embarqués —
Partie 2: Utilisation des communications dédiées à courte portée
PROOF/ÉPREUVE
Reference number
ISO/TS 21719-2:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO/TS 21719-2:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 21719-2:2022(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction .................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 2

4 Abbreviated terms ............................................................................................................................................................................................. 4

5 Conformance ............................................................................................................................................................................................................ 5

5.1 General ........................................................................................................................................................................................................... 5

5.2 Base standards ....................................................................................................................................................................................... 5

5.3 Main contents of an EFC personalization AP ............................................................................................................... 6

5.4 Conformance statement ................................................................................................................................................................. 6

6 Personalization overview ..........................................................................................................................................................................6

6.1 Process ........................................................................................................................................................................................................... 6

6.2 System architecture ........................................................................................................................................................................... 6

7 OBE requirements ..............................................................................................................................................................................................6

7.1 General ........................................................................................................................................................................................................... 6

7.2 DSRC lower layer requirements .............................................................................................................................................. 7

7.2.1 Supported DSRC stacks ................................................................................................................................................ 7

7.2.2 CEN DSRC stack ................................................................................................................................................................... 7

7.3 OBE personalization functions................................................................................................................................................. 8

7.3.1 General ........................................................................................................................................................................................ 8

7.3.2 Initialization and termination ................................................................................................................................ 8

7.3.3 Retrieving the OBE identifier .................................................................................................................................. 9

7.3.4 Writing of data ..................................................................................................................................................................... 9

7.4 Security requirements ......... ......................................................................................................................................................... 11

7.5 Transaction requirements ........................................................................................................................................................13

8 Personalization equipment requirements ............................................................................................................................13

8.1 General ........................................................................................................................................................................................................13

8.2 DSRC lower layer requirements ...........................................................................................................................................13

8.2.1 Supported DSRC stacks .............................................................................................................................................13

8.2.2 CEN DSRC stack ................................................................................................................................................................13

8.3 PE personalization functions ........................................................................................................................................... .......13

8.4 Security requirements ......... ......................................................................................................................................................... 14

8.5 Transaction requirements ........................................................................................................................................................ 14

Annex A (normative) Security calculations ..............................................................................................................................................15

Annex B (normative) PICS proforma ........................................................................................................................................... ......................20

Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 ...............................................25

Annex D (informative) Transaction example ..........................................................................................................................................30

Annex E (informative) Security computation examples ..............................................................................................................34

Bibliography .............................................................................................................................................................................................................................38

iii
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 3 ----------------------
ISO/TS 21719-2:2022(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see

www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in

collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC

278, Intelligent transport systems, in accordance with the Agreement on technical cooperation between

ISO and CEN (Vienna Agreement).

This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been

technically revised.
The main changes are as follows:
— addition of subclause 5.4 on Conformance statement;

— minor updating of terms, including the reference to ISO/TS 17573-2 as the primary source.

A list of all parts in the ISO 21719 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html.
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 21719-2:2022(E)
Introduction

On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to

support different intelligent transport system (ITS) implementations such as electronic fee collection

(EFC).

To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed.

This means that unique user- and vehicle-related data needs to be transferred and stored in the OBE.

CEN/TR 16152 assessed many aspects of the personalization process and defined the overall

personalization assets: application data, application keys and vehicle data.

Different communication media may be used for transferring the personalization assets to the OBE. An

overall message exchange framework and required security functionality may be applied for all media

common procedures, to ensure data protection and integrity.

By standardizing the personalization procedure, compatibility of personalization equipment is

supported, and the entity responsible for the personalization (e.g. a toll service provider, TSP), will

further be able to outsource partial or complete personalization to a third party or to another service

provider or personalization agent.

The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated

short-range communication (DSRC) interface between the personalization equipment (PE) and the OBE.

Figure 1 — Scope for this document (box delimited by a dotted line)

This document defines a complete application profile using the personalization functionality described

in ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as

specified in EN 13372 and using the EFC Application Interface according to ISO 14906.

This document further defines in the annexes the use of this application profile on top of other DSRC

communication stacks that are compliant with the application layer interfaces as defined in ISO 14906

and EN 12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 5 ----------------------
ISO/TS 21719-2:2022(E)
Key
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 21719-2:2022(E)
Electronic fee collection — Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range communication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
— physical systems: on-board equipment and the personalization equipment,
— DSRC-link requirements,

— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface,

and
— security data elements and mechanisms to be used over the DSRC interface.

A protocol information conformance statement (PICS) proforma is provided in Annex B, and security

computation examples are provided in Annex E.
It is outside the scope of this document to define:
— conformance procedures and test specifications,

— setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third

party), and
— legal issues.

NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278, or ETSI

ERM.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes

(MACs) — Part 1: Mechanisms using a block cipher

ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit

block cipher

ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range

communication

ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC

application layer
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 7 ----------------------
ISO/TS 21719-2:2022(E)

ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:

Block ciphers

EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) —

DSRC application layer

EN 15509:2022, Electronic fee collection — Interoperability application profile for DSRC

ETSI/ES 200 674-1:2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics

(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test

methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,

Scientific and Medical (ISM) band (V2.4.1, 2013-05)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
access credentials
AC_CR

trusted attestation or secure module that establishes the claimed identity of an object or application

[SOURCE: ISO/TS 17573-2:2020, 3.4]
3.2
attribute

addressable package of data consisting of a single data element (3.10) or structured sequences of data

elements
[SOURCE: ISO/TS 17573-2:2020, 3.13]
3.3
authentication
security mechanism allowing verification of the provided identity
[SOURCE: ISO/TS 17573-2:2020, 3.15]
3.4
authenticator
data, possibly encrypted, that is used for authentication (3.3)
[SOURCE: ISO/TS 17573-2:2020, 3.16]
3.5
base standard
approved International Standard, Technical Specification or ITU-T Recommendation

Note 1 to entry: This includes but is not limited to approved standard deliverables from ISO, ITU, CEN, CENELEC,

ETSI and IEEE.
[SOURCE: ISO/TS 17573-2:2020, 3.23]
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 21719-2:2022(E)
3.6
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[SOURCE: ISO/TS 17573-2:2020, 3.56]
3.7
electronic fee collection
EFC
fee collection by electronic means
[SOURCE: ISO/TS 17573-2:2020, 3.70]
3.8
EFC Element
coherent set of data and functionality

Note 1 to entry: The functionality includes, where applicable, the security-related functions and the associated

security keys.

Note 2 to entry: EFC Elements are created by the applications and addressed using Element identifiers.

Note 3 to entry: In a given on-board equipment (OBE) (3.11), the EID is used to address a toll context, identified by

the EFC-ContextMark, in which attributes (3.1) can be addressed unambiguously by AttributeIDs inside an EFC

Element of the OBE.
[SOURCE: ISO/TS 17573-2:2020, 3.71]
3.9
on-board equipment
OBE

all required equipment on-board a vehicle for performing required electronic fee collection (EFC) (3.9)

functions and communication services
[SOURCE: ISO/TS 17573-2:2020, 3.126]
3.10
OBE personalization

transferring personalization assets (3.14) to the on-board equipment (OBE) (3.12)

[SOURCE: ISO/TS 17573-2:2020, 3.123]
3.11
personalization assets

specific data stored in the on-board equipment (OBE) (3.12) related to the user and the vehicle

[SOURCE: ISO/TS 17573-2:2020, 3.137]
3.12
personalization equipment

equipment for transferring personalization assets (3.14) to the on-board equipment (OBE) (3.12)

[SOURCE: ISO/TS 17573-2:2020, 3.138]
3.13
profile

set of requirements and selected options from base standards (3.5) or international standardized

profiles used to provide a specific functionality
[SOURCE: ISO/TS 17573-2:2020, 3.146]
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 9 ----------------------
ISO/TS 21719-2:2022(E)
3.14
toll service provider
TSP
entity providing toll services in one or more toll domains
[SOURCE: ISO/TS 17573-2:2020, 3.206]
3.15
transaction

whole of the exchange of information between two physically separated communication facilities

[SOURCE: ISO/TS 17573-2:2020, 3.211]
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
Ack acknowledgement
AcK access key
AC_CR access credentials
ADU application data unit
APDU application protocol data unit
AP application profile
ASN.1 abstract syntax notation one
AVEI automatic vehicle and equipment identification
BST beacon service table
CBC cipher block chaining
DSRC dedicated short-range communication
EID element identifier
EFC electronic fee collection
ICS implementation conformance statement
IUT implementation under test
MAC message authentication code
OBE on-board equipment
PE personalization equipment
PICS protocol implementation conformance statement
SAM secure application module
TSP toll service provider
T-APDU transfer-application protocol data unit
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 21719-2:2022(E)
VST vehicle service table
5 Conformance
5.1 General

This clause describes in general terms what it means to be conformant with (the profile in) this

document.
5.2 Base standards

This document defines one application profile (AP). The base standards that this AP is based upon are

as follows:
— standards for security functionality;
— standards for EFC application definition as, e.g. ISO 14906;
— standards for the DSRC communication stack definition.

An overview of the relationship and references between base standards and this AP is illustrated in

Figure 3.
Key
AVEI automatic vehicle and equipment identification
Figure 3 — Relationship and references between base standards and this document

All requirements defined in this document are either choices made from these base standards or more

specific and limited requirement based on the general provisions of these standards.

© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 11 ----------------------
ISO/TS 21719-2:2022(E)
5.3 Main contents of an EFC personalization AP

The conformance requirements of an AP are divided between requirements for the on-board equipment

(OBE) and the personalization equipment (PE). The requirements are listed separately for OBE and PE.

This applies for all parts, requirements, PICS and conformance testing.

The conformance requirements of an AP according to this document shall include the following parts

(divided into separate requirements for OBE and PE):
— DSRC lower layer requirements;
— EFC personalization functions;
— security requirements;
— transaction requirements.
5.4 Conformance statement

A supplier of OBE that claims conformity of their OBE to this document shall provide a statement of

conformance to this document by completing the protocol implementation conformance statement

(PICS) as provided in B.5.
6 Personalization overview
6.1 Process
The overall personalization process is described in ISO/TS 21719-1:2018, 5.1.

Personalization means that an existing EFC application structure in the OBE is populated with

personalization assets such as user or vehicle data.

Creation of the EFC application and entering initial data, such as initial security keys, is performed

before the personalization and is out of scope of this document.

During personalization, the OBE shall be within the communication range of the PE in order for the data

exchange according to this document to take place.

Application data and security keys are transferred to the OBE during the personalization process in an

attribute list using standardized DSRC commands according to the requirements in this document.

6.2 System architecture
The overall system architecture is described in ISO/TS 21719-1:2018, 5.2.

For personalization over a DSRC interface, the OBE and PE shall contain a DSRC stack and the application

services as described in this document.

Security functionality and secure key storage may either be implemented within the PE or the PE may

be connected to a central system where this functionality may reside. This is outside the scope of this

document.
7 OBE requirements
7.1 General

This clause contains the normative conformance requirements on the OBE for profile number 1: EFC-

DSRC-Personalization Profile 1.
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TS 21719-2:2022(E)
7.2 DSRC lower layer requirements
7.2.1 Supported DSRC stacks
This document supports the DSRC stacks as defined in Table 1.
Table 1 — Supported DSRC stacks
DSRC stack Application layer Lower layers Detailed specifications
CEN-DSRC ISO 15628 EN 12795 Specification in 7.2.2
EN 12834 EN 12253

Italian DSRC ETSI/ES 200 674– ETSI/ES 200 674– Specification and implementation example in

1:2013, Clause 11 1:2013, Clauses 7 to Annex C
and Annex C 10 and Annex C
Japanese DSRC ARIB STD-T75 ARIB STD-T75
Wave DSRC IEEE1609.11 IEEE 802.11p
IEEE 1609.3/4
7.2.2 CEN DSRC stack

The following requirements apply for the personalization profile when using the CEN DSRC stack.

The OBE shall comply with EN 15509:2022, 6.1.2 which implicitly requires conformance with the

underlying standards as shown in Figure 4.
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 13 ----------------------
ISO/TS 21719-2:2022(E)
Figure 4 — Relationship and references between standards for the CEN DSRC stack
7.3 OBE personalization functions
7.3.1 General
The OBE shall offer the following functions in order to support personalization:

— initialization of communication: used to establish a communication session with the OBE;

— transferring OBE identifier(s) to the PE; (optional);
— writing of data: used to update data in the OBE;
— terminate session: used to terminate the personalization session with the OBE.
7.3.2 Initialization and termination
For CEN-DSRC, the OBE shall provide the following functions:

— INITIALIZATION, and RELEASE application layer services according to ISO 15628 and EN 12834.

DSRC stack implementations of initialization and termination according to ETSI ES 200 674-1 shall be in

accordance with Annex C.
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 14 ----------------------
ISO/TS 21719-2:2022(E)

During initialization, the OBE shall transfer the following security parameters to the PE:

— random number from the OBE, RndOBE;
— key diversifier (optional);
— key reference (optional).
7.3.3 Retrieving the OBE identifier

In order for the PE to know the identity of the unit and, if necessary, provide a parameter for key

derivation to the PE, the function GET according to ISO 15628 and EN 12834 may optionally be

implemented.

It is out of the scope of this document to define the exact parameter to be used as the identifier.

7.3.4 Writing of data

The main functionality of personalization is to write or update data to already existing data fields

(attributes) in an EFC application in the OBE.

The writing of data shall be performed by using the EFC function SET_SECURE as defined in ISO 14906.

Application attributes are defined with their container types in the application interface standard

ISO 14906. Security keys are stored in attributes with container type 2 (octet string).

The SET_SECURE.request shall, for personalization, be used as shown in Table 2 where the settings of

optional parameters are defined and shown in bold for the purpose of this document.

Table 2 — SET_SECURE.request
parameter name ASN.1 type Value Remark/constraints
Element identifier EID Dsrc-EID 1–127
ActionType INTEGER(0..127,...) 3
AccessCredentials OCTET STRING PRESENT, Length = 8 octets
ActionParameter OCTET STRING Content; see Table 3
Mode BOOLEAN TRUE Confirmed mode

The ActionParameter shall carry the attributes to be written into the OBE plus any information required

by the algorithm providing the security measures. SET_SECURE.request shall be used in confirmed

mode, and a reply shall always be expected.

The content of the action parameter (OCTET STRING) within the scope of this document is defined in

Table 3.
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 15 ----------------------
ISO/TS 21719-2:2022(E)
Table 3 — Action parameter content definition
Parameter Length Definition
(octets)
Option_indicator request 1 Always present
Bit string that defines which optional parameters are present
in Action Parameter; it is defined as follows:
b – AttributeList present
b – AttributeListEncrypted present
b – KeyRefEnc present
b – RndPE present
b – Autenticator_Request present
b – KeyRefAuthReq present
b – KeyRefAuthRes present
b – Not used
Table 4 shows allowed combinations of the Option Indicator.
AttributeList n. Optional
An attributeList according to ISO 14906-
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
AttributeListEncrypted m. Optional
An octet string that contains an AttributeList that has been
padded to even 16 octet blocks and encrypted.
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
KeyRefEnc 1 Optional
Encryption Key reference.
Shall be present if AttributeListEncrypted is present.
RndPE 16 Optional
Random number from the PE.
Shall be present if AttributeListEncrypted is pres
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.