Alcohol interlocks - Test methods and performance requirements - Part 6: Data security

This European Standard specifies security requirements for the protection and handling of event records which are stored in the data memory of breath alcohol controlled alcohol interlocks and which may be downloaded, processed and transferred to supervising persons or organisations.
This European Standard is a supplement to EN 50436-1. It has to be selected by the respective juris-diction whether the present standard has to be applied in addition to EN 50436-1.
This European standard may also be used as a supplement to EN 50436-2 if a juris¬diction or a vehicle fleet operator decides that the data security in his preventive application has to have the same high level of requirements as for alcohol interlocks used in drink-driving-offender programmes.
This European Standard is mainly directed to test houses, manufacturers for alcohol inter¬locks, legis-lating authorities and organisations which handle and use the alcohol interlock event records.
In this European Standard, the alcohol interlock consists basically of handset and control unit. Optional accessory devices (e.g. camera, module for data transmission) which are intended to be used in the vehicle shall also be considered to be part of the alcohol interlock, where applicable.
The service application communicates with the alcohol interlock and sends out the event records to a register, either directly or alternatively indirectly through a broker.

Alkohol-Interlocks - Prüfverfahren und Anforderungen an das Betriebsverhalten - Teil 6: Datensicherheit

Diese Europäische Norm legt Sicherheitsanforderungen für den Schutz und die Handhabung von Ereignisdaten fest, die im Datenspeicher von atemalkohol-gesteuerten Alkohol-Interlocks aufgezeichnet werden und die ausgelesen, verarbeitet und an aufsichtführende Personen oder Organisationen übermittelt werden können.
Diese Europäische Norm ist eine Ergänzung zu EN 50436-1. Es muss durch die jeweils zuständige Behörde entschieden werden, ob die vorliegende Norm zusätzlich zu EN 50436-1 angewendet werden muss.
Diese Europäischen Norm kann auch als Ergänzung zu EN 50436-2 angewendet werden, wenn eine zuständige Behörde oder ein Fahrzeugflottenbetreiber entscheidet, dass die Datensicherheit in ihrer, bzw. seiner präventiven Anwendung denselben hohen Anforderungsgrad wie für Alkohol-Interlocks haben muss, die in Programmen mit Trunkenheitsfahrern eingesetzt werden.
Diese Europäische Norm richtet sich hauptsächlich an Prüflaboratorien, Hersteller von Alkohol-Interlocks, gesetzgebende Behörden und Organisationen, die die Alkohol-Interlock-Ereignisdaten handhaben und nutzen.
In dieser Europäischen Norm besteht das Alkohol-Interlock grundsätzlich aus Handteil und Steuereinheit. Optionale Zusatzgeräte (zum Beispiel Kamera, Modul zur Datenübertragung), die zur Benutzung im Fahrzeug vorgesehen sind, müssen auch als Bestandteil des Alkohol-Interlocks betrachtet werden, falls zutreffend.
Die Serviceanwendung kommuniziert mit dem Alkohol-Interlock und sendet die Ereignisdaten entweder direkt oder alternativ indirekt über einen Makler an ein Datenregister.

Ethylotests anti-démarrage - Méthodes d’essai et exigences de performance - Partie 6: Sécurité des données

1.1   Généralités
La présente Norme européenne spécifie les exigences de sécurité pour la protection et le traitement des enregistrements d'événement stockés dans la mémoire de données des éthylotests antidémarrage qui réagissent au taux d'alcoolémie de l'air expiré, et qui peuvent être téléchargés, traités et transmis aux personnes ou organismes de supervision.
La présente Norme européenne complète l'EN 50436-1. La juridiction respective est tenue de déterminer si la présente norme est à appliquer en plus de l'EN 50436-1.
La présente Norme européenne peut également être utilisée en complément de l'EN 50436-2 si une juridiction ou un exploitant de parc automobile décide que la sécurité des données dans son application préventive est tenue de présenter le même niveau élevé d'exigences que pour les éthylotests antidémarrage utilisés dans les programmes de lutte contre la conduite en état d'ivresse.
La présente Norme européenne s'adresse essentiellement aux laboratoires d'essai, aux fabricants d'éthylotests antidémarrage, aux autorités législatives et aux organisations qui gèrent et utilisent les enregistrements d'événement de l'éthylotest antidémarrage.
Dans la présente Norme européenne, l'éthylotest antidémarrage est composé essentiellement d'un combiné et d'une unité de contrôle. Les dispositifs accessoires en option (par exemple, caméras ou systèmes GPS qui génèrent des données relatives aux informations d'événement de l'éthylotest antidémarrage, ainsi que des dispositifs accessoires qui traitent ou transfèrent des données propres à un programme de lutte contre la conduite en état d'ivresse) autorisés par le fabricant comme faisant partie intégrante du système d'éthylotest antidémarrage et dont l'utilisation est prévue dans le véhicule en fonctionnement, sont également à considérer comme faisant partie de l'éthylotest antidémarrage, le cas échéant.
L'application de service communique avec l'éthylotest antidémarrage et envoie les enregistrements d'événement à un registre, directement ou par un intermédiaire.
Le schéma est présenté à la Figure 1. Il présente également les parties relevant du domaine d'application de la présente Norme européenne et celles qui n'en relèvent pas.
NOTE   Dans cette Figure, et dans toutes les autres, le sens des flèches indique le flux des enregistrements d'événement.
La présente Norme européenne s'applique
-   à l'éthylotest antidémarrage,
-   à l'application de service.
La présente Norme européenne ne s'applique pas
-   à la sécurité des données de l'intermédiaire,
-   à la sécurité des données du registre,
-   au stockage des données téléchargées,
-   aux exigences de processus organisationnels (définition des droits d'accès aux données, par exemple).
1.2   Déclaration de conformité
Conformément aux Critères communs d'évaluation de la sécurité des technologies de l'information en tant que Profil de protection, la présente Norme européenne satisfait:
-   aux critères communs, Version 3.1, Révision 4, tels que définis par CCp1, CCp2, CCp3 et CEMe,
-   aux critères communs - Partie 2 en tant que conformité aux critères communs - Partie 2,
-   aux critères communs - Partie 3 en tant que conformité aux critères communs - Partie 3.
NOTE 1   Une version antérieure de CCp1 est publiée sous la forme de l'ISO/IEC 15408 1.
NOTE 2   Une version antérieure de CCp2 est publiée sous la forme de l'ISO/IEC 15408 2.
NOTE 3   Une version antérieure de CCp3 est publiée sous la forme de l'ISO/IEC 15408 3.
NOTE 4   Une version antérieure de CEMe est publiée sous la forme de l'ISO/IEC 18045.

Alkoholne zapore - Preskusne metode in zahtevane lastnosti - 6. del: Varnost podatkov

Ta evropski standard določa varnostne zahteve za zaščito in obravnavanje zapisov dohodkov, ki so shranjeni v pomnilniku alkoholnih zapor, ki merijo alkohol v sapi, pri čemer jih je možno prenesti, obdelati in posredovati nadzornim osebam ali organizacijam.
Ta evropski standard dopolnjuje standard EN 50436-1. Ustrezni pristojni organ mora izbrati, ali je treba trenutni standard uporabiti poleg standarda EN 50436-1.
Ta evropski standard se lahko uporablja tudi kot dodatek k standardu EN 50436-2, če se pristojni organ ali upravljavec voznega parka odloči, da mora za varnost podatkov v njegovi preventivni aplikaciji veljati enako visoka raven zahtev kot za alkoholne zapore, ki se uporabljajo v programih za prevzgojo voznikov, ki so vozili pod vplivom alkohola.
Ta evropski standard je namenjen zlasti preskusnim laboratorijem, proizvajalcem alkoholnih zapor, zakonodajnim organom in organizacijam, ki obravnavajo ter uporabljajo zapise dogodkov alkoholnih zapor.
V tem evropskem standardu alkoholna zapora v osnovi zajema ročni element in nadzorno enoto. Izbirne dodatne naprave (npr. kamera, modul za prenos podatkov), ki so namenjene uporabi v vozilu, se prav tako štejejo za del alkoholne zapore, kadar je to primerno.
Aplikacija storitve komunicira z alkoholno zaporo in pošlje zapise dogodkov v register, in sicer neposredno ali posredno prek posrednika.

General Information

Status
Published
Public Enquiry End Date
24-Sep-2013
Publication Date
13-Aug-2015
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
03-Apr-2015
Due Date
08-Jun-2015
Completion Date
14-Aug-2015

Buy Standard

Standard
EN 50436-6:2015
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 50436-6:2015
01-september-2015
Alkoholne zapore - Preskusne metode in zahtevane lastnosti - 6. del: Varnost
podatkov
Alcohol interlocks - Test methods and performance requirements - Part 6: Data security
Alkohol-Interlocks - Prüfverfahren und Anforderungen an das Betriebsverhalten - Teil 6:
Datensicherheit
Ethylotests anti-démarrage - Méthodes d’essai et exigences de performance - Partie 6:
Sécurité des données
Ta slovenski standard je istoveten z: EN 50436-6:2015
ICS:
43.040.10 (OHNWULþQDLQHOHNWURQVND Electrical and electronic
RSUHPD equipment
71.040.40 Kemijska analiza Chemical analysis
SIST EN 50436-6:2015 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 50436-6:2015

---------------------- Page: 2 ----------------------

SIST EN 50436-6:2015

EUROPEAN STANDARD EN 50436-6

NORME EUROPÉENNE

EUROPÄISCHE NORM
March 2015
ICS 43.040.10; 71.040.40
English Version
Alcohol interlocks - Test methods and performance requirements
- Part 6: Data security
Éthylotests antidémarrage - Méthodes d'essai et exigences Alkohol-Interlocks - Prüfverfahren und Anforderungen an
de performance - Partie 6: Sécurité des données das Betriebsverhalten - Teil 6: Datensicherheit
This European Standard was approved by CENELEC on 2014-12-29. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.



European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN 50436-6:2015 E

---------------------- Page: 3 ----------------------

SIST EN 50436-6:2015
EN 50436-6:2015 -2-

Contents Page
Foreword . 5
Introduction . 6
1 Scope . 7
1.1 General . 7
1.2 Conformance claim . 8
2 Normative references . 8
3 Terms and definitions . 9
4 General . 11
4.1 Use of the alcohol interlock . 11
4.2 Major security features . 11
4.3 Hardware, software and firmware not being part of the alcohol interlock and the
service application . 12
5 Alcohol interlock classes . 12
5.1 General . 12
5.2 Class A: transparent service application without broker . 12
5.3 Class B: transparent service application with broker . 13
5.4 Class C: opaque service application . 14
5.5 Class D: service application without broker and without register . 15
6 Security objectives . 15
6.1 General . 15
6.2 Security objectives for the alcohol interlock and the service application. 16
6.3 Security objectives for the operational environment (informative) . 18
6.3.1 Overview . 18
6.3.2 General security objectives for the operational environment . 19
6.3.3 Security objectives for the register . 19
6.3.4 Security objectives for the broker . 20
7 Security requirements. 21
7.1 Terms . 21
7.2 Security Functional Requirements . 22
7.2.1 General . 22
7.2.2 FAU_GEN.1 Audit event records generation . 23
7.2.3 FAU_STG.1 Protected data memory . 24
7.2.4 FAU_STG.3 Action in case of possible event records loss . 24
7.2.5 FAU_STG.4 Prevention of event records loss . 24
7.2.6 FCS_COP.1(1) Cryptographic operation . 24
7.2.7 FCS_COP.1(2) Cryptographic operation . 25
7.2.8 FCS_COP.1(3) Cryptographic operation . 25
7.2.9 FDP_ACC.1 Subset access control . 25
7.2.10 FDP_ACF.1 Security attribute based access control . 25

---------------------- Page: 4 ----------------------

SIST EN 50436-6:2015
-3- EN 50436-6:2015


7.2.11 FDP_ITT.1 Basic internal transfer protection . 26
7.2.12 FDP_ITT.3 Integrity monitoring . 27
7.2.13 FDP_RIP.1 Subset residual information protection . 27
7.2.14 FIA_UAU.2 User authentication before any action (not applicable if the authentication is
done in the operational environment) . 27
7.2.15 FIA_UID.2 User identification before any action (not applicable if the authentication is done
in the operational environment) . 27
7.2.16 FPT_PHP.1(1) Passive detection of physical attack . 28
7.2.17 FPT_PHP.1(2) Passive detection of physical attack . 28
7.2.18 FPT_STM.1 Reliable time stamps . 28
7.3 Cryptographic algorithms . 28
7.4 Security assurance requirements . 29
Annex A (informative) Security problem definition . 30
A.1 General . 30
A.2 Assets . 30
A.3 Threat agents . 30
A.4 Threat overview . 30
A.5 Threats . 32
A.5.1 Interfering with the sensors and the signals to the vehicle (I) . 32
A.5.2 Prevention of detection of events (II) . 33
A.5.3 Prevention of generation of event records or generation of undesirable event records
(III) . 33
A.5.4 Failure to correctly store event records in the alcohol interlock (IV) . 33
A.5.5 Failure to correctly transfer event records between alcohol interlock and service
application (V) . 34
A.5.6 Failure to correctly handle the event records in the service application (VI) . 34
A.5.7 Failure to correctly transfer event records between service application and register
(VII) . 35
A.5.8 Failure to correctly register event records at the register (VIII). 35
A.5.9 Failure to correctly transfer event records between service application and broker
(IX) . 35
A.5.10 Failure to correctly convert event records at the broker (X) . 36
A.5.11 Failure to correctly transfer event records between broker and register (XI) . 36
Annex B (informative) Rationales . 37
B.1 General . 37
B.2 Security objectives rationale . 37
B.2.1 Interfering with the sensors and the signals to the vehicle (I) . 37
B.2.2 Prevention of detection of events (II) . 38
B.2.3 Prevention of generation of event records or generation of undesirable event records
(III) . 38
B.2.4 Failure to correctly store event records in the alcohol interlock (IV) . 39
B.2.5 Failure to correctly transfer event records between alcohol interlock and service
application (V) . 40
B.2.6 Failure to correctly handle the event records in the service application (VI) . 41
B.2.7 Failure to correctly transfer event records between service application and register
(VII) . 42
B.2.8 Failure to correctly register event records at the register (VIII). 44

---------------------- Page: 5 ----------------------

SIST EN 50436-6:2015
EN 50436-6:2015 -4-

B.2.9 Failure to correctly transfer event records between service application and broker
(IX) . 44
B.2.10 Failure to correctly convert event records at the broker (X) . 46
B.2.11 Failure to correctly transfer event records between broker and register (XI) . 46
B.3 Security requirements rationale . 47
B.4 Dependencies . 51
Annex C (informative) Security testing . 52
Annex D (informative) Use of this standard . 53
D.1 Additional information required to use this standard . 53
D.2 Additional requirements for the data handling process. 53
Blibliography . 55

---------------------- Page: 6 ----------------------

SIST EN 50436-6:2015
-5- EN 50436-6:2015


Foreword
This document (EN 50436-6:2015) has been prepared by CLC/BTTF 116-2 "Alcohol interlocks".
The following dates are fixed:
• latest date by which this document has (dop) 2015-12-29
to be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2017-12-29
standards conflicting with this
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.

---------------------- Page: 7 ----------------------

SIST EN 50436-6:2015
EN 50436-6:2015 -6-

Introduction
The series of European Standards EN 50436 specifies test methods and essential performance
requirements for alcohol interlocks and gives guidance for decision makers, purchasers and users.
The content and requirements of the European Standard EN 50436-1 "Alcohol interlocks – Test
methods and performance requirements, Part 1: Instruments for drink-driving-offender programs" are
based on the experience and necessities of drink driving offender programmes in different countries
over several decades.
The present document should be used in conjunction with the European Standard EN 50436-1 and
optionally with EN 50436-2. It defines additional requirements for the security of event records which
are stored in the data memory of the alcohol interlock and which may be downloaded, processed and
transferred to supervising persons or organizations.
The security objectives describing how the threats are addressed are divided into security objectives
for the alcohol interlock with the service application and for the operational environment.
The security objectives for the alcohol interlock and the service application describe what is necessary
for the alcohol interlock and the service application to do to address the threats. In the context of this
European Standard, the combination of alcohol interlock and service application are to meet all listed
security objectives, and this is to be assessed as part of determining compliance with this European
Standard.
The security objectives for the operational environment describe what other entities should do to
address the threats. In the context of this European Standard, whether these entities actually achieve
these objectives are not to be assessed as part of determining compliance with this European
Standard. Therefore, in this European Standard these security objectives are informative only.
This European Standard is intended also to be listed as a Protection Profile for alcohol interlocks under
the Common Criteria Recognition Arrangement and the Senior Officials Group - Information Systems
Security (SOG-IS). For the purpose of being a Protection Profile, all sections (including also the
operational environment) are considered normative.

---------------------- Page: 8 ----------------------

SIST EN 50436-6:2015
-7- EN 50436-6:2015


1 Scope
1.1 General
This European Standard specifies security requirements for the protection and handling of event
records which are stored in the data memory of breath alcohol controlled alcohol interlocks and which
may be downloaded, processed and transferred to supervising persons or organizations.
This European Standard is a supplement to EN 50436-1. It is to be decided by the respective
jurisdiction whether the present standard has to be applied in addition to EN 50436-1.
This European standard may also be used as a supplement to EN 50436-2 if a jurisdiction or a vehicle
fleet operator decides that the data security in his preventive application has to have the same high
level of requirements as for alcohol interlocks used in drink-driving-offender programmes.
This European Standard is mainly directed to test houses, manufacturers of alcohol interlocks,
legislating authorities and organizations which handle and use the alcohol interlock event records.
In this European Standard, the alcohol interlock consists basically of handset and control unit. Optional
accessory devices (e.g. cameras or GPS systems generating data related to event data of the alcohol
interlock, as well as accessory devices handling or transferring data for a drink-driving-offender
programme) authorized by the manufacturer as being part of the alcohol interlock system and which
are intended to be used in the vehicle during operation are also to be considered part of the alcohol
interlock, where applicable.
The service application communicates with the alcohol interlock and sends out the event records to a
register, either directly or alternatively indirectly through a broker.
The scheme is depicted in Figure 1. It also shows which parts are within the scope of this European
Standard and which are outside of the scope.

Figure 1 – Alcohol interlock, service application, broker and register
NOTE In this, and all other figures, the direction of the arrows indicates the flow of event records.
This European Standard applies to
– the alcohol interlock,

---------------------- Page: 9 ----------------------

SIST EN 50436-6:2015
EN 50436-6:2015 -8-

– the service application.
This European Standard does not apply to
– data security of the broker,
– data security of the register,
– storage of downloaded data,
– requirements for organizational processes, for example defining rights of access to the data.
1.2 Conformance claim
This European Standard conforms according to the Common Criteria for Information Technology
Security Evaluation as Protection Profile to:
– Common Criteria, Version 3.1, Revision 4, as defined by CCp1, CCp2, CCp3 and CEMe,
– Common Criteria - Part 2 as Common Criteria - Part 2 conformant,
– Common Criteria - Part 3 as Common Criteria - Part 3 conformant.
NOTE 1 An earlier revision of CCp1 is published as ISO/IEC 15408-1.
NOTE 2 An earlier revision of CCp2 is published as ISO/IEC 15408-2.
NOTE 3 An earlier revision of CCp3 is published as ISO/IEC 15408-3.
NOTE 4 An earlier revision of CEMe is published as ISO/IEC 18045.
This European Standard is not based on any other Protection Profile.
This European Standard conforms to the evaluation assurance level EAL3 + ALC_FLR.2 (for
explanation see 7.4).
Protection profiles or security targets that conform to this Protection Profile shall apply "Strict
Protection-Profile-Conformance".
For more information, see CCp1, Annex B5.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
EN 50436-1:2014, Alcohol interlocks – Test methods and performance requirements –
Part 1: Instruments for drink-driving-offender programs
EN 50436-2:2014, Alcohol interlocks – Test methods and performance requirements –
Part 2: Instruments having a mouthpiece and measuring breath alcohol for general preventive use

---------------------- Page: 10 ----------------------

SIST EN 50436-6:2015
-9- EN 50436-6:2015


3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
alcohol interlock
device which is normally in the blocking state when installed to prevent the starting of a vehicle engine,
and which can be brought into the not-blocking state only after the presentation and analysis of an
accepted breath sample with an alcohol concentration below a limit value
Note 1 to entry: In this European Standard the expression “starting of the vehicle engine” includes provision
of an output signal from the alcohol interlock to the vehicle to enable the starting or operation of the vehicle.
Note 2 to entry: In this European Standard, the alcohol interlock consists of the following parts: handset,
control unit and optional accessory devices.
Note 3 to entry: According to the Common Criteria the alcohol interlock and the service application are the
Target of Evaluation (TOE).
3.2
handset
part of the alcohol interlock which is usually located inside the driver compartment of the vehicle, which
contains an alcohol measuring system, may store event records in a data memory, is connected to the
control unit and is able to interact with the driver
3.3
control unit
part of the alcohol interlock which is usually located under the dashboard of the vehicle, which is
electrically connected to the vehicle to prevent or to allow the starting of the vehicle engine, and which
may store event records in a data memory
Note 1 to entry: The electrical connections to the vehicle are considered to be part of the control unit.
3.4
accessory device
optional supplementary device being part of the alcohol interlock intended to be used in the vehicle
during operation
Note 1 to entry: Accessory devices may for example be a camera or a module for data transmission.
Note 2 to entry: The use of certain accessory devices may be required by national regulations.
3.5
event records
record of breath test results, other events and supporting data with date and time generated by the
alcohol interlock
Note 1 to entry: For this European Standard it is assumed that the event records are stored in the data
memory of the control unit and/or of the handset and optionally of the accessory devices.
Note 2 to entry: This European Standard uses the term “event records" instead of the Common Criteria
term “audit records”.

---------------------- Page: 11 ----------------------

SIST EN 50436-6:2015
EN 50436-6:2015 -10-

3.6
service application
computer programme being used for functions such as adjustment of the alcohol interlock,
downloading and optionally viewing the event records and other data of the alcohol interlock, as well as
for uploading event records from the alcohol interlock to a register or broker
Note 1 to entry: A service application may have some or all of these functions, depending on its
implementation and the alcohol interlock class (see Clause 5).
Note 2 to entry: The service application is usually located inside a service centre.
Note 3 to entry: The service application may be used by a technician or an automatic system.
Note 4 to entry: The service application may be either transparent or opaque.
3.7
transparent service application
service application which is not able to decrypt the event records
Note 1 to entry: The functionality of the transparent service application for uploading event records from the
alcohol interlock to a register or broker may be incorporated into the alcohol interlock. In this case the alcohol
interlock uploads the event records to the register or boker.
3.8
opaque service application
service application that is able to decrypt the event records and performs the required conversion of
event records
3.9
adjustment
operation that calibrates and/or adjusts the sensor systems, sets parameters and/or changes the
firmware of the alcohol interlock
3.10
register
central register of event records, which stores the event records for future use
Note 1 to entry: The register is usually operated by the alcohol interlock manufacturer and/or the
authorities.
3.11
broker
processing centre which converts the records into a required format and then sends them to the
register or the service application
Note 1 to entry: The broker is usually operated by the service provider of the alcohol interlock.
3.12
security target
description and analysis of the assets, the threats to those assets, the countermeasures (in the form of
security objectives) and a demonstration that the countermeasures are sufficient to counter the threats
Note 1 to entry: For details see CCp1, clause 7.1.1.
3.13
security objective
concise statement of the intended solution to the problem defined by the security problem definition
Note 1 to entry: For details see CCp1, clause A.7.

---------------------- Page: 12 ----------------------

SIST EN 50436-6:2015
-11- EN 50436-6:2015


3.14
security problem definition
statement which in a formal manner defines the nature and scope of the security that the alcohol
interlock and the service application are intended to address, consisting of a combination of threats to
be countered by the alcohol interlock and the service application, the organizational security policies
enforced by the alcohol interlock and the service application, and the assumptions that are upheld for
the alcohol interlock and the service application and their operational environment
Note 1 to entry: For details see CCp1, clause A.6.
3.15
operational environment
environment in which the alcohol interlock and the service application are operated, containing all
entities that the alcohol interlock and the service application interact with, such as broker, register
service centre, vehicle, driver
4 General
4.1 Use of the alcohol interlock
Before the engine of the vehicle can start, the driver has to deliver an accepted breath sample into the
handset. If the measured alcohol concentration is equal to or above the limit value, the control unit
does not allow the vehicle engine to start.
At random intervals while driving, the driver may have to deliver an additional accepted breath sample
into the handset. Passing or failing a breath alcohol test generates event records. Additionally, other
events may generate event records (e.g. interruption of power to the control unit, or vehicle motion
without starting of the motor, indicating bypass of the alcohol interlock).
At set intervals, when the memory of the alcohol interlock fills up, or after certain events the handset
instructs the driver to go to a service centre. These service centres (which are for drink-driving-
offender programmes normally certified by the government) poss
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.