ISO/TS 21719-2:2022
(Main)Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication
Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication
This document defines: — personalization interface: dedicated short-range communication (DSRC), — physical systems: on-board equipment and the personalization equipment, — DSRC-link requirements, — EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface, and — security data elements and mechanisms to be used over the DSRC interface. A protocol information conformance statement (PICS) proforma is provided in Annex B, and security computation examples are provided in Annex E. It is outside the scope of this document to define: — conformance procedures and test specifications, — setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third party), and — legal issues. NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278 or ETSI ERM.
Perception de télépéage — Personnalisation des équipements embarqués — Partie 2: Utilisation des communications dédiées à courte portée
General Information
Relations
Buy Standard
Standards Content (Sample)
TECHNICAL ISO/TS
SPECIFICATION 21719-2
Second edition
2022-10
Electronic fee collection —
Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range
communication
Perception de télépéage — Personnalisation des équipements
embarqués —
Partie 2: Utilisation des communications dédiées à courte portée
Reference number
ISO/TS 21719-2:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO/TS 21719-2:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 21719-2:2022(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Conformance . 5
5.1 General . 5
5.2 Base standards . 5
5.3 Main contents of an EFC personalization AP . 5
5.4 Conformance statement . 6
6 Personalization overview .6
6.1 Process . 6
6.2 System architecture . 6
7 OBE requirements .6
7.1 General . 6
7.2 DSRC lower layer requirements . 6
7.2.1 Supported DSRC stacks . 6
7.2.2 CEN DSRC stack . 7
7.3 OBE personalization functions. 8
7.3.1 General . 8
7.3.2 Initialization and termination . 8
7.3.3 Retrieving the OBE identifier . 8
7.3.4 Writing of data . 8
7.4 Security requirements . . 11
7.5 Transaction requirements .12
8 Personalization equipment requirements .13
8.1 General .13
8.2 DSRC lower layer requirements .13
8.2.1 Supported DSRC stacks .13
8.2.2 CEN DSRC stack .13
8.3 PE personalization functions . .13
8.4 Security requirements . . 13
8.5 Transaction requirements .13
Annex A (normative) Security calculations .14
Annex B (normative) PICS proforma . .19
Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 .24
Annex D (informative) Transaction example .29
Annex E (informative) Security computation examples .33
Bibliography .37
iii
© ISO 2022 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/TS 21719-2:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in
collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC
278, Intelligent transport systems, in accordance with the Agreement on technical cooperation between
ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been
technically revised.
The main changes are as follows:
— addition of subclause 5.4 on the Conformance statement;
— minor updating of terms, including a reference to ISO/TS 17573-2 as the primary source.
A list of all parts in the ISO 21719 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
© ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 21719-2:2022(E)
Introduction
On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to
support different intelligent transport system (ITS) implementations such as electronic fee collection
(EFC).
To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed.
This means that unique user- and vehicle-related data needs to be transferred and stored in the OBE.
CEN/TR 16152 assessed many aspects of the personalization process and defined the overall
personalization assets: application data, application keys and vehicle data.
Different communication media may be used for transferring the personalization assets to the OBE. An
overall message exchange framework and required security functionality may be applied for all media
common procedures, to ensure data protection and integrity.
By standardizing the personalization procedure, compatibility of personalization equipment is
supported, and the entity responsible for the personalization [e.g. a toll service provider (TSP)] will
further be able to outsource partial or complete personalization to a third party or to another service
provider or personalization agent.
The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated
short-range communication (DSRC) interface between the personalization equipment (PE) and the OBE.
Figure 1 — Scope for this document (box delimited by a dotted line)
This document defines a complete application profile using the personalization functionality described
in ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as
specified in EN 13372 and using the EFC Application Interface according to ISO 14906.
This document further defines in the annexes the use of this application profile on top of other DSRC
communication stacks that are compliant with the application layer interfaces as defined in ISO 14906
and EN 12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
v
© ISO 2022 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/TS 21719-2:2022(E)
Key
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
vi
© ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 21719-2:2022(E)
Electronic fee collection — Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range communication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
— physical systems: on-board equipment and the personalization equipment,
— DSRC-link requirements,
— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface,
and
— security data elements and mechanisms to be used over the DSRC interface.
A protocol information conformance statement (PICS) proforma is provided in Annex B, and security
computation examples are provided in Annex E.
It is outside the scope of this document to define:
— conformance procedures and test specifications,
— setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third
party), and
— legal issues.
NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278 or ETSI
ERM.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes
(MACs) — Part 1: Mechanisms using a block cipher
ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit
block cipher
ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range
communication
ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC
application layer
1
© ISO 2022 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/TS 21719-2:2022(E)
ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:
Block ciphers
EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) —
DSRC application layer
EN 15509:2022, Electronic fee collection — Interoperability application profile for DSRC
ETSI/ES 200 674-1:2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics
(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test
methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,
Scientific and Medical (ISM) band (V2.4.1, 2013-05)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
access credentials
trusted attestation or secure module that establishes the claimed identity of an object or application
[SOURCE: ISO/TS 17573-2:2020, 3.4, modified — admitted term removed (listed in Clause 4).]
3.2
attribute
addressable package of data consisting of a single data element or structured sequences of data
elements
[SOURCE: ISO/TS 17573-2:2020, 3.13]
3.3
authentication
security mechanism allowing verification of the provided identity
[SOURCE: ISO/TS 17573-2:2020, 3.15]
3.4
authenticator
data, possibly encrypted, that is used for authentication (3.3)
[SOURCE: ISO/TS 17573-2:2020, 3.16]
3.5
base standard
approved International Standard, Technical Specification or ITU-T Recommendation
Note 1 to entry: This includes but is not limited to approved standard deliverables from ISO, ITU, CEN, CENELEC,
ETSI and IEEE.
[SOURCE: ISO/TS 17573-2:2020, 3.23]
3.6
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[SOURCE: ISO/TS 17573-2:2020, 3.56]
2
© ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 21719-2:2022(E)
3.7
electronic fee collection
fee collection by electronic means
[SOURCE: ISO/TS 17573-2:2020, 3.70, modified — admitted term removed (listed in Clause 4).]
3.8
EFC Element
coherent set of data and functionality
Note 1 to entry: The functionality includes, where applicable, the security-related functions and the associated
security keys.
Note 2 to entry: EFC Elements are created by the applications and addressed using Element identifiers.
Note 3 to entry: In a given on-board equipment (OBE) (3.9), the EID is used to address a toll context, identified by
the EFC-ContextMark, in which attributes (3.2) can be addressed unambiguously by AttributeIDs inside an EFC
Element of the OBE.
[SOURCE: ISO/TS 17573-2:2020, 3.71]
3.9
on-board equipment
all required equipment on-board a vehicle for performing required electronic fee collection (EFC) (3.7)
functions and communication services
[SOURCE: ISO/TS 17573-2:2020, 3.126, modified — admitted term removed (listed in Clause 4).]
3.10
OBE personalization
transferring personalization assets (3.11) to the on-board equipment (OBE) (3.9)
[SOURCE: ISO/TS 17573-2:2020, 3.123]
3.11
personalization assets
specific data stored in the on-board equipment (OBE) (3.9) related to the user and the vehicle
[SOURCE: ISO/TS 17573-2:2020, 3.137]
3.12
personalization equipment
equipment for transferring personalization assets (3.11) to the on-board equipment (OBE) (3.9)
[SOURCE: ISO/TS 17573-2:2020, 3.138]
3.13
profile
set of requirements and selected options from base standards (3.5) or international standardized
profiles used to provide a specific functionality
[SOURCE: ISO/TS 17573-2:2020, 3.146]
3.14
toll service provider
entity providing toll services in one or more toll domains
[SOURCE: ISO/TS 17573-2:2020, 3.206, modified — admitted term removed (listed in Clause 4).]
3
© ISO 2022 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/TS 21719-2:2022(E)
3.15
transaction
whole of the exchange of information between two physically separated communication facilities
[SOURCE: ISO/TS 17573-2:2020, 3.211]
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
Ack acknowledgement
AcK access key
AC_CR access credentials
ADU application data unit
APDU application protocol data unit
AP application profile
ASN.1 abstract syntax notation one
AVEI automatic vehicle and equipment identification
BST beacon service table
CBC cipher block chaining
DSRC dedicated short-range communication
EFC electronic fee collection
EID element identifier
ICS implementation conformance statement
IUT implementation under test
MAC message authentication code
OBE on-board equipment
PE personalization equipment
PICS protocol implementation conformance statement
SAM secure application module
TSP toll service provider
T-APDU transfer-application protocol data unit
VST vehicle service table
4
© ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 21719-2:2022(E)
5 Conformance
5.1 General
This clause describes in general terms what it means to be conformant with (the profile in) this
document.
5.2 Base standards
This document defines one application profile (AP). The base standards that this AP is based upon are
as follows:
— standards for security functionality;
— standards for EFC application definition as, e.g. ISO 14906;
— standards for the DSRC communication stack definition.
An overview of the relationship and references between base standards and this AP is illustrated in
Figure 3.
Key
AVEI automatic vehicle and equipment identification
Figure 3 — Relationship and references between base standards and this document
All requirements defined in this document are either choices made from these base standards or more
specific and limited requirement based on the general provisions of these standards.
5.3 Main contents of an EFC personalization AP
The conformance requirements of an AP are divided between requirements for the on-board equipment
(OBE) and the personalization equipment (PE). The requirements are listed separately for OBE and PE.
This applies for all parts, requirements, PICS and conformance testing.
5
© ISO 2022 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/TS 21719-2:2022(E)
The conformance requirements of an AP according to this document shall include the following parts
(divided into separate requirements for OBE and PE):
— DSRC lower layer requirements;
— EFC personalization functions;
— security requirements;
— transaction requirements.
5.4 Conformance statement
A supplier of OBE that claims conformity of their OBE to this document shall provide a statement of
conformance to this document by completing the protocol implementation conformance statement
(PICS) as provided in B.5.
6 Personalization overview
6.1 Process
The overall personalization process is described in ISO/TS 21719-1:2018, 5.1.
Personalization means that an existing EFC application structure in the OBE is populated with
personalization assets such as user or vehicle data.
Creation of the EFC application and entering initial data, such as initial security keys, is performed
before the personalization and is out of scope of this document.
During personalization, the OBE shall be within the communication range of the PE in order for the data
exchange according to this document to take place.
Application data and security keys are transferred to the OBE during the personalization process in an
attribute list using standardized DSRC commands according to the requirements in this document.
6.2 System architecture
The overall system architecture is described in ISO/TS 21719-1:2018, 5.2.
For personalization over a DSRC interface, the OBE and PE shall contain a DSRC stack and the application
services as described in this document.
Security functionality and secure key storage may either be implemented within the PE or the PE may
be connected to a central system where this functionality may reside. This is outside the scope of this
document.
7 OBE requirements
7.1 General
This clause contains the normative conformance requirements on the OBE for profile number 1: EFC-
DSRC-Personalization Profile 1.
7.2 DSRC lower layer requirements
7.2.1 Supported DSRC stacks
This document supports the DSRC stacks as defined in Table 1.
6
© ISO 2022 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TS 21719-2:2022(E)
Table 1 — Supported DSRC stacks
DSRC stack Application layer Lower layers Detailed specifications
CEN-DSRC ISO 15628 EN 12795 Specification in 7.2.2
EN 12834 EN 12253
Italian DSRC ETSI/ES 200 674– ETSI/ES 200 674– Specification and implementation example in
1:2013, Clause 11 1:2013, Clauses 7 to Annex C
and Annex C 10 and Annex C
Japanese DSRC ARIB STD-T75 ARIB STD-T75
Wave DSRC IEEE1609.11 IEEE 802.11p
IEEE 1609.3/4
7.2.2 CEN DSRC stack
The following requirements apply for the personalization profile when using the CEN DSRC stack.
The OBE shall comply with EN 15509:2022, 6.1.2 which implicitly requires conformance with the
underlying standards as shown in Figure 4.
Figure 4 — Relationship and references between standards for the CEN DSRC stack
7
© ISO 2022 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/TS 21719-2:2022(E)
7.3 OBE personalization functions
7.3.1 General
The OBE shall offer the following functions in order to support personalization:
— initialization of communication: used to establish a communication session with the OBE;
— transferring OBE identifier(s) to the PE; (optional);
— writing of data: used to update data in the OBE;
— terminate session: used to terminate the personalization session with the OBE.
7.3.2 Initialization and termination
For CEN-DSRC, the OBE shall provide the following functions:
— INITIALIZATION, and RELEASE application layer services according to ISO 15628 and EN 12834.
DSRC stack implementations of initialization and termination according to ETSI ES 200 674-1 shall be in
accordance with Annex C.
During initialization, the OBE shall transfer the following security parameters to the PE:
— random number from the OBE, RndOBE;
— key diversifier (optional);
— key reference (optional).
7.3.3 Retrieving the OBE identifier
In order for the PE to know the identity of the unit and, if necessary, provide a parameter for key
derivation to the PE, the function GET according to ISO 15628 and EN 12834 may optionally be
implemented.
It is out of the scope of this document to define the exact parameter to be used as the identifier.
7.3.4 Writing of data
The main functionality of personalization is to write or update data to already existing data fields
(attributes) in an EFC application in the OBE.
The writing of data shall be performed by using the EFC function SET_SECURE as defined in ISO 14906.
Application attributes are defined with their container types in the application interface standard
ISO 14906. Security keys are stored in attributes with container type 2 (octet string).
The SET_SECURE.request shall, for personalization, be used as shown in Table 2 where the settings of
optional parameters are defined and shown in bold for the purpose of this document.
Table 2 — SET_SECURE.request
parameter name ASN.1 type Value Remark/constraints
Element identifier EID Dsrc-EID 1–127
ActionType INTEGER(0.127,.) 3
AccessCredentials OCTET STRING PRESENT, Length = 8 octets
ActionParameter OCTET STRING Content; see Table 3
8
© ISO 2022 – All rights reserved
---------------------- Page: 14 ----------------------
ISO/TS 21719-2:2022(E)
TTabablele 2 2 ((ccoonnttiinnueuedd))
parameter name ASN.1 type Value Remark/constraints
Mode BOOLEAN TRUE Confirmed mode
The ActionParameter shall carry the attributes to be written into the OBE plus any information required
by the algorithm providing the security measures. SET_SECURE.request shall be used in confirmed
mode, and a reply shall always be expected.
The content of the action parameter (OCTET STRING) within the scope of this document is defined in
Table 3.
Table 3 — Action parameter content definition
Parameter Length Definition
(octets)
Option_indicator request 1 Always present
Bit string that defines which optional parameters are present
in Action Parameter; it is defined as follows:
b – AttributeList present
7
b – AttributeListEncrypted present
6
b – KeyRefEnc present
5
b – RndPE present
4
b – Autenticator_Request present
3
b – KeyRefAuthReq present
2
b – KeyRefAuthRes present
1
b – Not used
0
Table 4 shows allowed combinations of the Option Indicator.
AttributeList n. Optional
An attributeList according to ISO 14906-
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
AttributeListEncrypted m. Optional
An octet string that contains an AttributeList that has been
padded to even 16 octet blocks and encrypted.
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
KeyRefEnc 1 Optional
Encryption Key reference.
Shall be present if AttributeListEncrypted is present.
RndPE 16 Optional
Random number from the PE.
Shall be present if AttributeListEncrypted is present or if
KeyRefAut
...
© ISO 2022 – All rights reserved
Style Definition: List Continue 5: Font: Indent: Hanging:
0.71 cm, Don't add space between paragraphs of the same
ISO/TC 204/SC
style
Style Definition: RefNorm
ISO/TC 204
Style Definition: Base_Text: Tab stops: 0.7 cm, Left + 1.4
cm, Left + 2.1 cm, Left + 2.8 cm, Left + 3.5 cm, Left + 4.2
ISO/DTS 21719-2
cm, Left + 4.9 cm, Left + 5.6 cm, Left + 6.3 cm, Left + 7
cm, Left
Second edition
Style Definition: Body Text_Center
Style Definition: Code: Tab stops: 0.57 cm, Left + 1.15
2022-0205-27
cm, Left + 1.72 cm, Left + 2.3 cm, Left + 2.87 cm, Left +
3.45 cm, Left + 4.02 cm, Left + 4.6 cm, Left + 5.17 cm,
ISO/TC 204/WG 5
Left + 5.74 cm, Left
Style Definition: Dimension_100
ISO/TC 204/WG 5
Style Definition: Figure Graphic
Secretariat: ANSIANSI
Style Definition: Figure subtitle
Style Definition: List Continue 1
Style Definition: List Number 1: Tab stops: Not at 0.71
cm
Style Definition: Example indent 2: Tab stops: 2.39 cm,
Left
Electronic fee collection — Personalization of on-board equipment (OBE) —
Style Definition: Note indent 2 continued: Tab stops: 3.1
Part 2: Using dedicated short-range comunicationcommunication
cm, Left
Style Definition: Note indent 2
Perception de télépéage — Personnalisation des équipements embarqués — Partie 2:
Style Definition: AMEND Heading 1 Unnumbered:
Utilisation des communications à courte portée
Pattern: 15%
Formatted: Font: 13 pt
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: Font: 13 pt, Font color: Black
Formatted: Font: 13 pt, Bold, Font color: Black
Formatted: Font: 13 pt, Font color: Black
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: Font: 13 pt, Font color: Black, French
(Switzerland)
Formatted: Font: Not Bold, French (Switzerland)
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 1 ----------------------
© ISO 2022 – All rights reserved
Document type:
Document subtype:
Document stage:
Document language:
---------------------- Page: 2 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted
© 2022 Copyright notice
Formatted: Justified, Border: Right: (Single solid line,
This ISO document is a working draft or committee draft and is copyright-protected by ISO. While Blue, 0.5 pt Line width), Tab stops: 16.97 cm, Left
the reproduction of working drafts or committee drafts in any form for use by participants in the
Formatted: Font: 11 pt
ISO standards development process is permitted without prior permission from ISO, neither this
Formatted: Font: 11 pt, Not Bold
document nor any extract from it may be reproduced, stored or transmitted in any form for any
other purpose without prior written permission from ISO.
Requests for permission to reproduce this document for the purpose of selling it should be
addressed as shown below or to ISO's member body in the country of the requester:
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
copyright@iso.org
www.iso.org
Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
iiiiii
---------------------- Page: 3 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Contents Page
Foreword . 4
Introduction . 5
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Conformance . 6
5.1 General . 6
5.2 Base standards . 6
5.3 Main contents of an EFC Personalization AP . 6
5.4 Conformance statement . 7
6 Personalization overview . 7
6.1 Process . 7
6.2 System architecture . 7
7 OBE requirements . 7
7.1 General . 7
7.2 DSRC lower layer requirements . 8
7.2.1 Supported DSRC stacks . 8
7.2.2 CEN DSRC stack . 8
7.3 OBE personalization functions . 9
7.3.1 General . 9
7.3.2 Initialization and termination . 9
7.3.3 Retrieving OBE identifier . 10
7.3.4 Writing of data . 10
7.4 Security requirements . 13
7.5 Transaction requirements . 15
8 Personalization equipment requirements . 15
8.1 General . 15
8.2 DSRC lower layer requirements . 15
8.2.1 Supported DSRC stacks . 15
8.2.2 CEN DSRC stack . 15
8.3 PE personalization functions . 15
8.4 Security requirements . 15
8.5 Transaction requirements . 16
Annex A (normative) Security calculations . 17
Annex B (normative) PICS proforma . 22
Annex C (normative) Personalization of ES 200 674-1-compliant OBE . 27
Annex D (informative) Transaction example . 32
Annex E (informative) Security computation examples . 37
Bibliography . 41
Foreword . vii
Introduction . ix
© ISO 2022 – All rights reserved
iviv
---------------------- Page: 4 ----------------------
N/AISO/TS 21719-2:2022(E)
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Conformance . 6
5.1 General . 6
5.2 Base standards . 6
5.3 Main contents of an EFC personalization AP . 8
5.4 Conformance statement . 8
6 Personalization overview . 8
6.1 Process . 8
6.2 System architecture . 8
7 OBE requirements . 9
7.1 General . 9
7.2 DSRC lower layer requirements . 9
7.2.1 Supported DSRC stacks . 9
7.2.2 CEN DSRC stack . 9
7.3 OBE personalization functions . 11
7.3.1 General . 11
7.3.2 Initialization and termination . 11
7.3.3 Retrieving the OBE identifier . 12
7.3.4 Writing of data . 12
7.4 Security requirements . 15
7.5 Transaction requirements . 17
8 Personalization equipment requirements . 17
8.1 General . 17
8.2 DSRC lower layer requirements . 17
8.2.1 Supported DSRC stacks . 17
8.2.2 CEN DSRC stack . 17
8.3 PE personalization functions . 17
8.4 Security requirements . 17
8.5 Transaction requirements . 18
Annex A (normative) Security calculations . 19
Annex B (normative) PICS proforma . 24
Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 . 29
Annex D (informative) Transaction example . 35
Annex E (informative) Security computation examples . 40
Bibliography . 44
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
vv
---------------------- Page: 5 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
ln other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of documents:
an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO
working group and is accepted for publication if it is approved by more than 50 % of the members of the parent
committee casting a vote;
an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a
vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed tor a further
three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed,
it is reviewed again after a further three years, at which time it must either be transformed into an International
Standard or be withdrawn.
The procedures used to develop this document and those intended for its further maintenance are described in
the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO
documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC
Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights
identified during the development of the document will be in the Introduction and/or on the ISO list of patent
declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute
an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in collaboration
with the European Committee for Standardization (CEN) Technical Committee CEN/TC 278, Intelligent
transport systems, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna
Agreement).
© ISO 2022 – All rights reserved
vivi
---------------------- Page: 6 ----------------------
N/AISO/TS 21719-2:2022(E)
This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been technically
revised.
The main changes are as follows:
— addition of subclause 5.4 on Conformance statement;
— minor updating of terms, including the reference to ISO/TS 17573-2 as the primary source.
A list of all parts in the ISO 21719 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.www.iso.org/members.html.
Formatted: English (United States)
A list of all parts in the ISO/TS 21719 series can be found on the ISO website.
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
viivii
---------------------- Page: 7 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Introduction
On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to support
different intelligent transport system (ITS) implementations such as electronic fee collection (EFC).
To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed. This
means that unique user- and vehicle -related data, needs to be transferred and stored in the OBE.
CEN/TR 16152 assessed many aspects of the personalization process and defin
personalization assets;: application data, application keys and vehicle data.
Different communication media may be used for transferring the personalization assets to the OBE. An overall
message exchange framework and neededrequired security functionality may be applied, for all media common
procedures, to ensure data protection and integrity.
By standardizing the personalization procedure, compatibility of personalization equipment is supported, and
the entity responsible for the personalization (e.g. a toll service provider -, TSP), will further be able to outsource
parts of,partial or a complete, personalization to a third party or to another service provider or personalization
agent.
The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated short-
range communication (DSRC) interface between the personalization equipment (PE) and the OBE.
Domain of the entity responsible for personalization
Central System Personalization On-Board Equipment
DSRC
Equiment (OBE)
(PE)
Scope of this document
Figure 1 — Scope for this document (box delimited by a dotted line)
This document defines a complete application profile using the personalization functionality described in Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers
ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as specified in
EN 13372 and using the EFC Application Interface according to ISO 14906.
This document further defines in the annexes the use of this application profile on top of other DSRC
communication stacks that are compliant with the application layer interfaces as defined in ISO 14906 and EN
12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
© ISO 2022 – All rights reserved
viiiviii
---------------------- Page: 8 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Tab stops: 5.71 cm, Left + Not at 17.2 cm
© ISO 2022 – All rights reserved
ixix
---------------------- Page: 9 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
Key
ADU Application data unit
T-APDU Transfer-application protocol data unit
LPDU LLC protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
Formatted: Level 1, Don't adjust space between Latin
and Asian text, Don't adjust space between Asian text and
numbers
© ISO 2022 – All rights reserved
xx
---------------------- Page: 10 ----------------------
DRAFT TECHNICAL SPECIFICATION ISO/DTS TS 21719-2:2022(E)
Formatted: Font: 11.5 pt, English (United Kingdom)
Electronic fee collection — Personalization of on-board
equipment (OBE) — Part 2: Using dedicated short-range
comunicationcommunication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers,
Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1 cm, Left + 2.8
— physical systems: on-board equipment and the personalization equipment,
cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9 cm, Left + 5.6
cm, Left + 6.3 cm, Left + 7 cm, Left
— DSRC-link requirements,
— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface, and
— security data elements and mechanisms to be used over the DSRC interface.
A protocol information conformance statement (PICS) proforma is provided in Annex B, and security Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers
computation examples are provided in Annex E.
It is outside the scope of this document to define:
— conformance procedures and test specificationspecifications, Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers,
Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1 cm, Left + 2.8
— setting-up of operating organizations (e.g. TSPtoll service provider, personalization agent, trusted
cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9 cm, Left + 5.6
third party), and
cm, Left + 6.3 cm, Left + 7 cm, Left
— legal issues.
NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278, or ETSI ERM.
2 Normative references Formatted: Don't adjust space between Latin and Asian
text, Don't adjust space between Asian text and numbers
The following documents are referred to in the text in such a way that some or all of their content
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes Formatted: Tab stops: 0.7 cm, Left + 1.4 cm, Left + 2.1
cm, Left + 2.8 cm, Left + 3.5 cm, Left + 4.2 cm, Left + 4.9
(MACs) — Part 1: Mechanisms using a block cipher
cm, Left + 5.6 cm, Left + 6.3 cm, Left + 7 cm, Left
ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit
block cipher
© ISO 2022 – All rights reserved
11
---------------------- Page: 11 ----------------------
N/AISO/TS 21719-2:2022(E)
Formatted: Header
ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range
communication
ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC
application layer
ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:
Block ciphers
EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) — DSRC
application layer
FprENEN 15509:2022, Electronic Fee Collectionfee collection — Interoperability application profile for
Formatted: Default Paragraph Font
DSRC
Formatted: Default Paragraph Font
Formatted: Default Paragraph Font
ETSI /ES 200 674-1: 2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics
Formatted: Default Paragraph Font
(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test
methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,
Formatted: std_publisher
Scientific and Medical (ISM) band (V2.4.1, 2013-05)
Formatted: std_documentType
Formatted: std_docNumber
3 Terms and definitions
Formatted: std_docPartNumber
For the purposes of this document, the following terms and definitions apply. Formatted: std_year
Formatted: std_docTitle, Font: Not Italic
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— IEC Electropedia: available at www.electropedia.org
— ISO Online browsing platform: available at www.iso.org/obphttps://www.iso.org/obp
Formatted: English (United States)
Formatted: Adjust space between Latin and Asian text,
— IEC Electropedia: available at https://www.electropedia.org/
Adjust space between Asian text and numbers
Formatted: Hyperlink, English (United States)
3.1
access credentials
AC_CR
trusted attestation or secure module that establishes the claimed identity of an object or application
[SOURCE: ISO/TS 17573-2:2020, 3.4]
3.2
attribute
addressable package
...
TECHNICAL ISO/TS
SPECIFICATION 21719-2
Second edition
Electronic fee collection —
Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range
communication
Perception de télépéage — Personnalisation des équipements
embarqués —
Partie 2: Utilisation des communications dédiées à courte portée
PROOF/ÉPREUVE
Reference number
ISO/TS 21719-2:2022(E)
© ISO 2022
---------------------- Page: 1 ----------------------
ISO/TS 21719-2:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TS 21719-2:2022(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 4
5 Conformance . 5
5.1 General . 5
5.2 Base standards . 5
5.3 Main contents of an EFC personalization AP . 6
5.4 Conformance statement . 6
6 Personalization overview .6
6.1 Process . 6
6.2 System architecture . 6
7 OBE requirements .6
7.1 General . 6
7.2 DSRC lower layer requirements . 7
7.2.1 Supported DSRC stacks . 7
7.2.2 CEN DSRC stack . 7
7.3 OBE personalization functions. 8
7.3.1 General . 8
7.3.2 Initialization and termination . 8
7.3.3 Retrieving the OBE identifier . 9
7.3.4 Writing of data . 9
7.4 Security requirements . . 11
7.5 Transaction requirements .13
8 Personalization equipment requirements .13
8.1 General .13
8.2 DSRC lower layer requirements .13
8.2.1 Supported DSRC stacks .13
8.2.2 CEN DSRC stack .13
8.3 PE personalization functions . .13
8.4 Security requirements . . 14
8.5 Transaction requirements . 14
Annex A (normative) Security calculations .15
Annex B (normative) PICS proforma . .20
Annex C (normative) Personalization of OBE conforming to ETSI ES 200 674-1 .25
Annex D (informative) Transaction example .30
Annex E (informative) Security computation examples .34
Bibliography .38
iii
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 3 ----------------------
ISO/TS 21719-2:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in
collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC
278, Intelligent transport systems, in accordance with the Agreement on technical cooperation between
ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO/TS 21719-2:2018), which has been
technically revised.
The main changes are as follows:
— addition of subclause 5.4 on Conformance statement;
— minor updating of terms, including the reference to ISO/TS 17573-2 as the primary source.
A list of all parts in the ISO 21719 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TS 21719-2:2022(E)
Introduction
On-board equipment (OBE) is an in-vehicle device that contains one or more application instances to
support different intelligent transport system (ITS) implementations such as electronic fee collection
(EFC).
To assign the EFC application in the OBE to a certain user or/and vehicle, personalization is performed.
This means that unique user- and vehicle-related data needs to be transferred and stored in the OBE.
CEN/TR 16152 assessed many aspects of the personalization process and defined the overall
personalization assets: application data, application keys and vehicle data.
Different communication media may be used for transferring the personalization assets to the OBE. An
overall message exchange framework and required security functionality may be applied for all media
common procedures, to ensure data protection and integrity.
By standardizing the personalization procedure, compatibility of personalization equipment is
supported, and the entity responsible for the personalization (e.g. a toll service provider, TSP), will
further be able to outsource partial or complete personalization to a third party or to another service
provider or personalization agent.
The scope of the personalization functionality is illustrated in Figure 1 and is limited to the dedicated
short-range communication (DSRC) interface between the personalization equipment (PE) and the OBE.
Figure 1 — Scope for this document (box delimited by a dotted line)
This document defines a complete application profile using the personalization functionality described
in ISO/TS 21719-1, on top of a CEN DSRC stack according to the DSRC communication profiles as
specified in EN 13372 and using the EFC Application Interface according to ISO 14906.
This document further defines in the annexes the use of this application profile on top of other DSRC
communication stacks that are compliant with the application layer interfaces as defined in ISO 14906
and EN 12834.
Figure 2 shows the scope of this document from a DSRC-stack perspective.
v
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 5 ----------------------
ISO/TS 21719-2:2022(E)
Key
ADU application data unit
T-APDU transfer-application protocol data unit
LPDU logical link control (LLC) protocol data unit
PPDU physical layer protocol data unit
DSRC L1 DSRC layer 1 (physical layer)
DSRC L2 DSRC layer 2 (data link layer)
DSRC L7 DSRC layer 7 (application layer)
Figure 2 — Relationship between this document and DSRC-stack elements
vi
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 21719-2:2022(E)
Electronic fee collection — Personalization of on-board
equipment (OBE) —
Part 2:
Using dedicated short-range communication
1 Scope
This document defines:
— personalization interface: dedicated short-range communication (DSRC),
— physical systems: on-board equipment and the personalization equipment,
— DSRC-link requirements,
— EFC personalization functions according to ISO/TS 21719-1 when defined for the DSRC interface,
and
— security data elements and mechanisms to be used over the DSRC interface.
A protocol information conformance statement (PICS) proforma is provided in Annex B, and security
computation examples are provided in Annex E.
It is outside the scope of this document to define:
— conformance procedures and test specifications,
— setting-up of operating organizations (e.g. toll service provider, personalization agent, trusted third
party), and
— legal issues.
NOTE Some of these issues are subject to separate standards prepared by ISO/TC 204, CEN/TC 278, or ETSI
ERM.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 9797-1:2011, Information technology — Security techniques — Message Authentication Codes
(MACs) — Part 1: Mechanisms using a block cipher
ISO/IEC 10116:2017, Information technology — Security techniques — Modes of operations for an n-bit
block cipher
ISO 14906, Electronic fee collection — Application interface definition for dedicated short-range
communication
ISO 15628, Intelligent transport systems — Dedicated short range communication (DSRC) — DSRC
application layer
1
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 7 ----------------------
ISO/TS 21719-2:2022(E)
ISO/IEC 18033-3:2010, Information technology — Security techniques — Encryption algorithms — Part 3:
Block ciphers
EN 12834, Road transport and traffic telematics — Dedicated Short Range Communication (DSRC) —
DSRC application layer
EN 15509:2022, Electronic fee collection — Interoperability application profile for DSRC
ETSI/ES 200 674-1:2013, Intelligent Transport Systems (ITS) — Road Transport and Traffic Telematics
(RTTT) — Dedicated Short Range Communications (DSRC) — Part 1: Technical characteristics and test
methods for High Data Rate (HDR) data transmission equipment operating in the 5,8 GHz Industrial,
Scientific and Medical (ISM) band (V2.4.1, 2013-05)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
access credentials
AC_CR
trusted attestation or secure module that establishes the claimed identity of an object or application
[SOURCE: ISO/TS 17573-2:2020, 3.4]
3.2
attribute
addressable package of data consisting of a single data element (3.10) or structured sequences of data
elements
[SOURCE: ISO/TS 17573-2:2020, 3.13]
3.3
authentication
security mechanism allowing verification of the provided identity
[SOURCE: ISO/TS 17573-2:2020, 3.15]
3.4
authenticator
data, possibly encrypted, that is used for authentication (3.3)
[SOURCE: ISO/TS 17573-2:2020, 3.16]
3.5
base standard
approved International Standard, Technical Specification or ITU-T Recommendation
Note 1 to entry: This includes but is not limited to approved standard deliverables from ISO, ITU, CEN, CENELEC,
ETSI and IEEE.
[SOURCE: ISO/TS 17573-2:2020, 3.23]
2
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TS 21719-2:2022(E)
3.6
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[SOURCE: ISO/TS 17573-2:2020, 3.56]
3.7
electronic fee collection
EFC
fee collection by electronic means
[SOURCE: ISO/TS 17573-2:2020, 3.70]
3.8
EFC Element
coherent set of data and functionality
Note 1 to entry: The functionality includes, where applicable, the security-related functions and the associated
security keys.
Note 2 to entry: EFC Elements are created by the applications and addressed using Element identifiers.
Note 3 to entry: In a given on-board equipment (OBE) (3.11), the EID is used to address a toll context, identified by
the EFC-ContextMark, in which attributes (3.1) can be addressed unambiguously by AttributeIDs inside an EFC
Element of the OBE.
[SOURCE: ISO/TS 17573-2:2020, 3.71]
3.9
on-board equipment
OBE
all required equipment on-board a vehicle for performing required electronic fee collection (EFC) (3.9)
functions and communication services
[SOURCE: ISO/TS 17573-2:2020, 3.126]
3.10
OBE personalization
transferring personalization assets (3.14) to the on-board equipment (OBE) (3.12)
[SOURCE: ISO/TS 17573-2:2020, 3.123]
3.11
personalization assets
specific data stored in the on-board equipment (OBE) (3.12) related to the user and the vehicle
[SOURCE: ISO/TS 17573-2:2020, 3.137]
3.12
personalization equipment
equipment for transferring personalization assets (3.14) to the on-board equipment (OBE) (3.12)
[SOURCE: ISO/TS 17573-2:2020, 3.138]
3.13
profile
set of requirements and selected options from base standards (3.5) or international standardized
profiles used to provide a specific functionality
[SOURCE: ISO/TS 17573-2:2020, 3.146]
3
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 9 ----------------------
ISO/TS 21719-2:2022(E)
3.14
toll service provider
TSP
entity providing toll services in one or more toll domains
[SOURCE: ISO/TS 17573-2:2020, 3.206]
3.15
transaction
whole of the exchange of information between two physically separated communication facilities
[SOURCE: ISO/TS 17573-2:2020, 3.211]
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
Ack acknowledgement
AcK access key
AC_CR access credentials
ADU application data unit
APDU application protocol data unit
AP application profile
ASN.1 abstract syntax notation one
AVEI automatic vehicle and equipment identification
BST beacon service table
CBC cipher block chaining
DSRC dedicated short-range communication
EID element identifier
EFC electronic fee collection
ICS implementation conformance statement
IUT implementation under test
MAC message authentication code
OBE on-board equipment
PE personalization equipment
PICS protocol implementation conformance statement
SAM secure application module
TSP toll service provider
T-APDU transfer-application protocol data unit
4
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TS 21719-2:2022(E)
VST vehicle service table
5 Conformance
5.1 General
This clause describes in general terms what it means to be conformant with (the profile in) this
document.
5.2 Base standards
This document defines one application profile (AP). The base standards that this AP is based upon are
as follows:
— standards for security functionality;
— standards for EFC application definition as, e.g. ISO 14906;
— standards for the DSRC communication stack definition.
An overview of the relationship and references between base standards and this AP is illustrated in
Figure 3.
Key
AVEI automatic vehicle and equipment identification
Figure 3 — Relationship and references between base standards and this document
All requirements defined in this document are either choices made from these base standards or more
specific and limited requirement based on the general provisions of these standards.
5
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 11 ----------------------
ISO/TS 21719-2:2022(E)
5.3 Main contents of an EFC personalization AP
The conformance requirements of an AP are divided between requirements for the on-board equipment
(OBE) and the personalization equipment (PE). The requirements are listed separately for OBE and PE.
This applies for all parts, requirements, PICS and conformance testing.
The conformance requirements of an AP according to this document shall include the following parts
(divided into separate requirements for OBE and PE):
— DSRC lower layer requirements;
— EFC personalization functions;
— security requirements;
— transaction requirements.
5.4 Conformance statement
A supplier of OBE that claims conformity of their OBE to this document shall provide a statement of
conformance to this document by completing the protocol implementation conformance statement
(PICS) as provided in B.5.
6 Personalization overview
6.1 Process
The overall personalization process is described in ISO/TS 21719-1:2018, 5.1.
Personalization means that an existing EFC application structure in the OBE is populated with
personalization assets such as user or vehicle data.
Creation of the EFC application and entering initial data, such as initial security keys, is performed
before the personalization and is out of scope of this document.
During personalization, the OBE shall be within the communication range of the PE in order for the data
exchange according to this document to take place.
Application data and security keys are transferred to the OBE during the personalization process in an
attribute list using standardized DSRC commands according to the requirements in this document.
6.2 System architecture
The overall system architecture is described in ISO/TS 21719-1:2018, 5.2.
For personalization over a DSRC interface, the OBE and PE shall contain a DSRC stack and the application
services as described in this document.
Security functionality and secure key storage may either be implemented within the PE or the PE may
be connected to a central system where this functionality may reside. This is outside the scope of this
document.
7 OBE requirements
7.1 General
This clause contains the normative conformance requirements on the OBE for profile number 1: EFC-
DSRC-Personalization Profile 1.
6
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TS 21719-2:2022(E)
7.2 DSRC lower layer requirements
7.2.1 Supported DSRC stacks
This document supports the DSRC stacks as defined in Table 1.
Table 1 — Supported DSRC stacks
DSRC stack Application layer Lower layers Detailed specifications
CEN-DSRC ISO 15628 EN 12795 Specification in 7.2.2
EN 12834 EN 12253
Italian DSRC ETSI/ES 200 674– ETSI/ES 200 674– Specification and implementation example in
1:2013, Clause 11 1:2013, Clauses 7 to Annex C
and Annex C 10 and Annex C
Japanese DSRC ARIB STD-T75 ARIB STD-T75
Wave DSRC IEEE1609.11 IEEE 802.11p
IEEE 1609.3/4
7.2.2 CEN DSRC stack
The following requirements apply for the personalization profile when using the CEN DSRC stack.
The OBE shall comply with EN 15509:2022, 6.1.2 which implicitly requires conformance with the
underlying standards as shown in Figure 4.
7
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 13 ----------------------
ISO/TS 21719-2:2022(E)
Figure 4 — Relationship and references between standards for the CEN DSRC stack
7.3 OBE personalization functions
7.3.1 General
The OBE shall offer the following functions in order to support personalization:
— initialization of communication: used to establish a communication session with the OBE;
— transferring OBE identifier(s) to the PE; (optional);
— writing of data: used to update data in the OBE;
— terminate session: used to terminate the personalization session with the OBE.
7.3.2 Initialization and termination
For CEN-DSRC, the OBE shall provide the following functions:
— INITIALIZATION, and RELEASE application layer services according to ISO 15628 and EN 12834.
DSRC stack implementations of initialization and termination according to ETSI ES 200 674-1 shall be in
accordance with Annex C.
8
PROOF/ÉPREUVE © ISO 2022 – All rights reserved
---------------------- Page: 14 ----------------------
ISO/TS 21719-2:2022(E)
During initialization, the OBE shall transfer the following security parameters to the PE:
— random number from the OBE, RndOBE;
— key diversifier (optional);
— key reference (optional).
7.3.3 Retrieving the OBE identifier
In order for the PE to know the identity of the unit and, if necessary, provide a parameter for key
derivation to the PE, the function GET according to ISO 15628 and EN 12834 may optionally be
implemented.
It is out of the scope of this document to define the exact parameter to be used as the identifier.
7.3.4 Writing of data
The main functionality of personalization is to write or update data to already existing data fields
(attributes) in an EFC application in the OBE.
The writing of data shall be performed by using the EFC function SET_SECURE as defined in ISO 14906.
Application attributes are defined with their container types in the application interface standard
ISO 14906. Security keys are stored in attributes with container type 2 (octet string).
The SET_SECURE.request shall, for personalization, be used as shown in Table 2 where the settings of
optional parameters are defined and shown in bold for the purpose of this document.
Table 2 — SET_SECURE.request
parameter name ASN.1 type Value Remark/constraints
Element identifier EID Dsrc-EID 1–127
ActionType INTEGER(0.127,.) 3
AccessCredentials OCTET STRING PRESENT, Length = 8 octets
ActionParameter OCTET STRING Content; see Table 3
Mode BOOLEAN TRUE Confirmed mode
The ActionParameter shall carry the attributes to be written into the OBE plus any information required
by the algorithm providing the security measures. SET_SECURE.request shall be used in confirmed
mode, and a reply shall always be expected.
The content of the action parameter (OCTET STRING) within the scope of this document is defined in
Table 3.
9
© ISO 2022 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 15 ----------------------
ISO/TS 21719-2:2022(E)
Table 3 — Action parameter content definition
Parameter Length Definition
(octets)
Option_indicator request 1 Always present
Bit string that defines which optional parameters are present
in Action Parameter; it is defined as follows:
b – AttributeList present
7
b – AttributeListEncrypted present
6
b – KeyRefEnc present
5
b – RndPE present
4
b – Autenticator_Request present
3
b – KeyRefAuthReq present
2
b – KeyRefAuthRes present
1
b – Not used
0
Table 4 shows allowed combinations of the Option Indicator.
AttributeList n. Optional
An attributeList according to ISO 14906-
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
AttributeListEncrypted m. Optional
An octet string that contains an AttributeList that has been
padded to even 16 octet blocks and encrypted.
Either the parameter AttributeList or AttributeListEncrypted
shall be present.
KeyRefEnc 1 Optional
Encryption Key reference.
Shall be present if AttributeListEncrypted is present.
RndPE 16 Optional
Random number from the PE.
Shall be present if AttributeListEncrypted is pres
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.