ISO/TS 14904:2002

TECHNICAL ISO/TS
SPECIFICATION 14904
First edition
2002-12-15

Road transport and traffic telematics —
Electronic fee collection (EFC) —
Interface specification for clearing
between operators
Télématique de la circulation et du transport routier — Perception
du télépéage — Spécification des interfaces pour la compensation
des recettes entre opérateurs




Reference number
ISO/TS 14904:2002(E)
©
ISO 2002

---------------------- Page: 1 ----------------------
ISO/TS 14904:2002(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO 2002
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2002 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 14904:2002(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
— an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
— an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee
casting a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is
confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an
International Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 14904 was prepared by the European Committee for Standardization (CEN) in collaboration with
Technical Committee ISO/TC 204, Transport information and control systems, in accordance with the
Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
Throughout the text of this document, read “.this European pre-Standard.” to mean “.this Technical
Specification.”.
This first edition of ISO/TS 14904 cancels and replaces ISO/TR 14904:1997, which has been technically
revised.

© ISO 2002 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 14904:2002(E)

Contents
page
Foreword.v
Introduction. vi
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Basic interfaces for clearing between operators .4
5 Interface framework .4
6 Method of description.10
7 Message.11
Annex A (informative) Conceptual Model .13
Annex B (informative) Relation between Conceptual and Organisational Models.15
Annex C (informative) Message frame format .19
Annex D (informative) Protocol Data Unit.23
Annex E (informative) Payment Objects based on data elements defined in ISO 8583 .30
Bibliography.31
iv © ISO 2002 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 14904:2002(E)

Foreword
The text of ENV ISO 14904:2002 has been prepared by Technical Committee CEN/TC 278 "Road
Transport and Traffic Telematics", the secretariat of which is held by NEN, in collaboration with Technical
Committee ISO/TC 204 "Transport Information and Control Systems".
This European Prestandard supersedes ENV ISO 14094:1997.
In this European Prestandard, the annexes A to F are informative.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this European Prestandard: Austria, Belgium, Czech Republic, Denmark,
Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway,
Portugal, Spain, Sweden, Switzerland and the United Kingdom.
© ISO 2002 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/TS 14904:2002(E)

Introduction

Integration of payment systems concerns the co-ordination and handling of all payment services for traffic
and transport applications. This co-ordination involves:
a) the use of a common payment concept for services within or related to road traffic and transport;
b) the enabling of exchange of payment transactions and operational information between different
operators involved in public and private transport services; and
c) the method of payment itself, i.e. the access to electronic payment means, for the settlement of these
acquired services.
In order to enable the integration of payment systems on a higher (e.g. pan-European) level and make
clearing between operators possible, the interfaces involved need to be standardised.
Therefore this European Prestandard / ISO Technical Standard is designed as an interface specification
enabling data to be exchanged between different operators and systems adopting a variety of application
specifications.
It should be noted that although the data structures defined in the current version of the European
Prestandard / ISO Technical Standard reflect a focus on information transfers for clearing purposes, the
interface specification defined herein supports equally well other types of information transfers required
within and between payment systems.
vi © ISO 2002 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/TS 14904:2002(E)

1 Scope
This European Prestandard specifies the interfaces for clearing between operators and gives a framework
of the common message structure and data elements to be used on the interfaces. Its objective is to make
the transfer of payment and Electronic Fee Collection (EFC) related data possible both between different
payment systems and between different operators such as collection agents, clearing operators, or
providers of public and private transport services.
This European Prestandard supports:
a) different payment modes (e.g. pre-payment, post-payment);
b) a wide variety of transport and transport related services (tolling, parking, ferry/bridge/tunnel, public
transport, payment for route guidance etc.);
c) operator services (co-ordination between collectors of money and charge points etc.);
d) security and privacy.
It is not within the scope of this European Prestandard to define administrative procedures and
organisational structures. The specification of a higher (e.g. pan-European) level inter-operable payment
system is outside the scope of this European Prestandard.
Not described within this European Prestandard are indirect (external) participants such as authorities,
enacting general or special legislation concerning the payment system and other national regulations.
The models presented in this standard are generic. Simple systems (closed systems) can be designed by
selecting subsets of the interface framework described herein.
2 Normative references
This European Prestandard incorporates by dated or undated reference, provisions from other publications.
These normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications apply
to this European Prestandard only when incorporated in it by amendment or revision. For undated
references, the latest edition of the publication referred to applies (including amendments).
ISO/IEC 7812 (all parts), Identification cards — Identification of issuers
ISO/IEC 7816-5, Identification cards — Integrated circuit(s) cards with contacts — Part 5: Numbering
system and registration procedure for application identifiers
ISO 8583, Financial transaction card originated messages — Interchange message specifications
ISO/IEC 8825-1, Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules
(BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
ISO 9594 (all parts), Information technology — Open Systems Interconnection — The Directory
ISO 11770-1, Information technology — Security techniques — Key management — Part 1: Framework
ENV ISO 14816, Road transport and traffic telematics — Automatic vehicle and equipment identification —
Numbering and data structure
ENV ISO 14906, Road Transport and Traffic Telematics (RTTT) — Electronic Fee Collection (EFC) —
Application interface definition for dedicated short range communications
ENV 1545-1, Identification card systems — Surface transport applications — Part 1: General data elements

© ISO 2002 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/TS 14904:2002(E)

3 Terms and definitions
For the purpose of this European Prestandard, the following terms and definitions apply.
3.1
Apportionment
allocation of money to transport service operators according to the consumption of the services provided,
e.g. a bus operator being paid an amount based on the number of a particular type of customer carried
3.2
Chained Services
combination of services that result in a discount and/or access rights in one or more of the consumed
services. The discount or access rights are usually given to the User as a result of having consumed a
previous service
3.3
Clearing
operation of re-allocating value generated in the payment system(s) between the various operators in a
payment system or between payment systems. This operation reflects commercial agreements existing
between those parties. An example of such an operation is the exchange of information between Service
Providers and an Issuer which enables the transfer of money from the Issuer, collecting the money from the
User, to the Service Provider
3.4
Clearing Operator
entity that collects and possibly aggregates transactions from one or more Service Providers for delivery to
the Issuer(s). The Clearing Operator can also handle the Apportionment between the Service Providers. In
the financial world this operator is equivalent to an Acquirer
3.5
Collection Agent
entity responsible for selling, reloading or delivering the Payment Means to the User and collecting the
payment from the User. The Collection Agent can also collect user related application specific data from
the User
3.6
Contract
expression of an agreement between two or more parties in a payment system or between payment
systems. An example of a contract is the specific relationship between a User and an Operator in a
payment system. The contract in this case defines the conditions under which the user may use the
services and the amount to be charged
3.7
(Intersector) Electronic Purse
application in an Integrated Circuit Card which stores and manipulates electronic value in a secure way and
which replaces cash for payments by the User
3.8
Electronic Fee Collection
collection of a fee for a transport service where the fee is collected via the exchange of data, e.g. via an air-
link communication, enabling the user to pay for the service with electronic values, e.g. an electronic purse
or values stored in a central account
3.9
Enforcement Operator
entity responsible for prosecution on the basis of violation information provided by the Service Providers.
2 © ISO 2002 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TS 14904:2002(E)
3. 10
Integrated Payment Systems
common framework of payment methods and information exchange between operators or payment
systems that makes transfer of money from one payment system or operator to another possible
(Clearing/Apportionment)
3.11
Issuer
entity responsible for the payment system and responsible for issuing the Payment Means to the User
3.12
Operator
generic term for the entities Issuer, Clearing Operator, Collection Agent, Service Provider, Enforcement
Operator or Trusted Third Party
3.13
Payment Means
expression of a Contract between the User and the Issuer (or via a Collection Agent) that allows the User to
access the services available in the Payment System, e.g. an account in a credit card system or an
Electronic Purse
3.14
Payment Method
combination of a Payment Means, a Payment Mode and a Payment Scope
3.15
Payment Mode
parameter defining the time dimension in payment by the User, e.g. Pre-payment or Post-payment
3.16
Payment Scope
application extent of the Payment Method, e.g. national transport or inter-sector
3.17
Payment System
financial system that includes the complete process of Issuing, use of Payment Means, Clearing and
Settlement of transactions
3.18
Service Provider
person, company, authority or abstract entity offering a service to the User for which the user has to pay a
fee (the fee can in some cases be zero, e.g. emergency vehicles)
3.19
Settlement
transfer of funds from one Operator to another according to the Clearing rules
3.20
Trusted Third Party
entity who might be responsible for operation monitoring, system and security assessment (including
security key management) as well as granting licences
© ISO 2002 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/TS 14904:2002(E)
3. 21
User
entity that uses services provided by the Service Provider according to the terms of the Contract expressed
by the Payment Means. The User receives and reloads the electronic Payment Means through the
Collection Agent
4 Basic interfaces for clearing between operators
This European Prestandard identifies the following basic interfaces required for clearing between operators
within a payment system and between payment systems (see annex A Conceptual Model for further
explanations):
Table 1 – Overview of operator interfaces
Operators interfaced Interfaces covered by Interfaces NOT covered by
the standard the standard
Any Operator to any Operator (see X-
definition of Operator in 3)
User - Service Provider - X
Collection Agent – User - X
NOTE The interface specification defined in this European Prestandard is designed to be flexible enough to
accommodate any additional operator-to-operator information transfer paths which can be required by the integration
and operation of payment systems.
5 Interface framework
5.1 Introduction
Clause 5 defines a common message structure to enable the exchange of data on any of the interfaces
between operators.
The common message structure is summarised in 5.2 and described in more detail in annex C.
NOTE Message class, message type, sender ID, receiver ID and message ID are only normative requirements when
they are not provided by other communication layers.
5.2 Summary of message structure
The message structure shall be transferred either explicitly defined in this standard or implicitly using
services defined by other communication protocols.
EXAMPLE TCP/IP, XML/EDIFACT can be used to transfer messages.
Figure 1 shows graphically an example of the message structure for the Electronic fee Collection (EFC)
related Protocol Data Unit (PDU). The objects shown in the diagram (the information forming the Message
Body) can either be unsecured or secured globally or individually.
4 © ISO 2002 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TS 14904:2002(E)

Figure 1 - Example of the message structure
5.3 Message header
At the beginning of each message is a message header. The message header contains a version identifier.
The version identifier is an integer that identifies the version of the protocol. As this integer is always the first
element in the sequence, the receiving party is always able to identify the version of the protocol being used
to send the data. This European Prestandard defines version 2 of the protocol.
NOTE ENV ISO 14904:1997 defines version 1 of the protocol.
5.4 Message frame
The message frame may be included in the message structure defined in 5.2. Annex C shows how the
message frame can be formatted.
5.5 Security data
The main objective of Data Protection in EFC systems is to protect the interests of those relying on the EFC
systems, from any harm or damage caused by lack of availability, confidentiality, integrity, non-repudiation
and privacy of personal data.
Part of the information exchanged over the interfaces is covered by this European Prestandard, constituting
an important asset for the respective parties involved. Whilst meeting the security needs of a closed system
remains the domain of the parties concerned, an interface specification constitutes a common ground for
the implementation of real-world interfaces for clearing between operators within the scope of a higher (e.g.
pan-European) level integrated payment system. The interface specification should make sufficient
provision to incorporate current and future security related items.
The security data at the message level and the secured data objects provide support for security related
items. The various security issues can be stated as follows:
Confidentiality Sensitive data and information are available only to authorised parties
(confidentiality of contents);
In addition to pure financial transaction information which may naturally be
subject to tampering, other, more transport related types of information are to
be carried through the same interface (i.e. volumes, type of operations, details
© ISO 2002 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/TS 14904:2002(E)
of activities, network etc.). This information can prove very sensitive in an

increasingly competitive environment;
Integrity Sensitive data, information and message sequencing are guarded in such a
way that any alteration or destruction by unauthorised parties is detected
(integrity of contents, integrity of message sequence);
Authentication The origin and destination of information and the entities involved in the
exchange of information are authenticated (message origin authentication,
message destination authentication, peer entity authentication);
Non-repudiation Protection against the denial, by one of the parties involved in the
communication through the interface, of having participated in all or part of the
communications. Support for the following forms of non-repudiation services
may be required:
- Non-repudiation with proof of origin;
- Non-repudiation with proof of delivery;
- Non-repudiation with proof of submission;
Availability Data, information are available to authorised parties;
Auditing/Accountability Protection against anomalies in the flow of transactions by the use of time
variant parameters. This may also include recording of system activity for
security related monitoring purposes.
5.6 Security and Privacy
As EFC systems need to address both data security and privacy issues, defined in the following as a
combined domain called Data Protection, their architecture needs also to provide the adequate support. In
EFC system architectures, and for the purposes of this standard, privacy is taken as being related to the
rights of individual users of the system in respect with the way their personal data is stored and handled
within the EFC system and possibly across EFC systems, e.g. clearing between operators.
5.7 Data Protection Framework
The model shown in Figure 2 provides a general framework for interpreting the primary relationships
between the main issues and elements involved in the planning design and operation of data protection
schemes:
6 © ISO 2002 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/TS 14904:2002(E)

Figure 2 - Data protection framework
In the Operator and Users domain, a data protection policy is defined based on the overall needs and
objectives of the operators and users of the EFC systems, the results of the risk analysis, and the
awareness of the general issues involved in data protection (i.e. data protection principles).
The results of the risk analysis — which consists mainly in an evaluation of the possible threats to the EFC
systems, their probability of occurrence and the possible impact — as well as the data protection policy and
the overall needs and objectives, are used to define detailed and precise Data Protection Requirements.
These requirements are in turn used as the basis for the definition of the measures to be applied in the EFC
systems to counter the threats or minimise their effect. In the associated process the constraints and
additional requirements of the application domain, as well as the costs associated with the measures and
their implementation — in accordance with the proportionality principle — are also taken into account when
defining the countermeasures.
In addition, the legal and institutional framework, as well as the constraints and other requirements of the
application domain need to be considered when establishing the data protection policy and data protection
requirements for the system(s).
Finally, in accordance with the reassessment principle, the system in operation is subjected to auditing
procedures, resulting in an evaluation and a reassessment of the threats, their probability and their impact.
5.8 Data Protection measures
Figure 3 gives an overview of a methodology for specifying the Data Protection:
© ISO 2002 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO/TS 14904:2002(E)

Figure 3 - Specification of data protection measures
5.9 Keys and keys management
This part provides a general introduction to the use and handling of keys and key management, which is an
important part of clearing between operators. The description is according to ISO 11770-1.
5.9.1 Keys
Keys are a critical part in EFC systems when relying on cryptographic techniques. Keys have to be
protected against disclosure, modification and deletion.
Keys are generally organised in hierarchies, where keys in one level of hierarchy may only be used to
protect keys in the next level, while the lower keys are used for providing the security services. A security
system normally consists of two types of keys:
1) keys that are used for encryption of data;
2) keys that are used for encryption of keys.
Generally the latter need more protection than the first. A so-called Secure Application Module (SAM) may
provide secure storage of keying material.
8 © ISO 2002 – All rights reserved

---------------------- Page: 14 ----------------------
ISO/TS 14904:2002(E)
A cryptographic key undergoes different phases in its life cycle, as shown in Figure 4:

Figure 4 - The life cycle of a cryptographic key
5.9.2 Key management
The objective of key management is to provide secure administration of the key management services. The
key management services are generation, registration, certification, de-registration, distribution, storage,
archiving, recovery, deletion, derivation and destruction of cryptographic keying material.
As shown in Figure 5, several users may use the key management services. In EFC systems this includes
first of all the Service Providers and the Trusted Third Party, but also the other entities are involved in
mainly the distribution service.
Figure 5 - Key management services
A key enters different states depending on the type of security and cryptographic system it consists of. This
means that key management varies between symmetric and asymmetric techniques.
© ISO 2002 – All rights reserved 9

---------------------- Page: 15 ----------------------
ISO/TS 14904:2002(E)
5.9.3 Key distribution

The distribution of keys can be done either within one security domain or between two security domains.
Within one security domain the distribution may be done directly between the two entities that need to share
keys, or it can be done through a Key Distribution Centre, which is a common security authority (e.g. TTP)
that generates and distributes a common key between the two. This latter model may also be used when
the entities belong to two different security domains if they trust the authority of one of the domains. One of
the security authorities then generates and distributes the key to the respective authority of the other
domain, see Figure 6.
Figure 6 - Key distribution
6 Method of description
The data types used in the interface are specified using Abstract Syntax Notation One (ASN.1). This allows
for a flexible, yet unambiguous use of the interface as new data types can be defined that are uniquely
recognisable by interfacing parties.
To encode the data types specified in abstract notation into a transmittable data stream, encoding rules are
used.
To ensure inter-operability on a higher (e.g. pan-European) level, BER (Basic Encoding Rules) as defined
by ISO/IEC 8825-1 shall be used, unless the two interfacing parties have bilateral agreements which specify
the use of other encoding rules.
NOTE 1 ASN.1 (Abstract Syntax Notation One) is a formal language that defines a set of primitive data types and
provides a facility to construct new elements with their own typing inherent in the structure. The data types used in the
interface are specified using Abstract Syntax Notation One (ASN.1). This notation allows for the definition of abstract
syntaxes, enabling application layer standards to define the types of information required to transfer using the
presentation service."
NOTE 2 BER (Basic Encoding Rules) is a transfer syntax notation which maps the ASN.1 into a form where each data
type is encoded as tag, length and value.
NOTE 3 Since all data types are described using ASN.1, they can be transmitted applying different encoding rules. Of
the many encoding rules currently defined two types of encoding rules are most common: BER (Basic Encoding
Rules) and PER (Packed Encoding Rules).
The description includes the basic data elements that two communicating parties need. If additional data
elements are needed, the description can be extended to include these elements. It is also possible for
parties, other than the ones covered by this standard, to e
...