Skip to content
Please enter a keyword to search

  • PD CEN/TS 16702-1:2014

    View superseded by
    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
    View superseded by

    Electronic fee collection. Secure monitoring for autonomous toll system Compliance checking

    Available format(s):  Hardcopy, PDF

    Superseded date:  15-04-2020

    Language(s):  English

    Published date:  30-11-2014

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    0 Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Abbreviations
    5 Processes
    6 Transactions
    7 Security
    Annex A (normative) - Data type specification
    Annex B (normative) - Protocol Implementation
            Conformance Statement
    Annex C (informative) - Example transactions
    Annex D (informative) - Addressed threats (in CEN/TS
            16439)
    Annex E (informative) - Essentials of the SM_CC concept
    Annex F (informative) - Use of this Technical Specification
            for the EETS
    Bibliography

    Abstract - (Show below) - (Hide below)

    Defines transactions and data for Compliance Checking - Secure Monitoring.

    Scope - (Show below) - (Hide below)

    1.1 General scope

    This Technical Specification specifies transactions and data for Compliance Checking - Secure Monitoring. The scope of this technical specification consists of:

    • The concept and involved processes for Secure Monitoring.

    • The definition of new transactions and data.

    • The use of the OBE compliance checking transaction as specified in CEN ISO/TS 12813:2009, for the purpose of Compliance Checking - Secure Monitoring.

    • The use of back end transactions as specified in EN ISO 12855:2012, for the purpose of Compliance Checking – Secure Monitoring. This includes definitions for the use of optional elements and reserved attributes.

    • A specification of technical and organisational security measures involved in Secure Monitoring, on top of measures provided for in the EFC Security Framework.

    • The interrelations between different options in the OBE, TSP and TC domain and their high level impacts. Outside the scope of this Technical Specification are:

    • Information exchange between OBE and TR.

    • Choices related to compliance checking policies e.g. which options are used, whether undetected/unexpected observations are applied, whether fixed, transportable and/or mobile compliance checking are deployed, locations and intensity of checking of itinerary freezing and checking of toll declaration.

    • Details of procedures and criteria for assessing the validity or plausibility of Itinerary Records.

    • Choices concerning the storage location of itinerary records, and data retention policy.

    • Recommendations for a single specific implementation due to different applicable privacy laws. Instead, a set of options is provided.

    1.2 Relation to CEN/TS 16439

    Secure Monitoring can be regarded as a set of specific measures addressing a number of serious threats identified in the EFC Security Framework, namely:

    Threats assigned to the User agent:

    • Manipulating the system to not register road usage.

    • Manipulating the system to register the wrong (lower) road usage.

    • Manipulating the system to lose road usage data.

    Threats assigned to Toll Service Provider agent:

    • Modifying usage data reported from the OBE.

    • Suppressing reporting of road use.

    • Faulty interpretation of usage data.

    • Wrongly configuring the front end.

    NOTE The Technical Specification EFC Security Framework (CEN/TS 16439:2013) analyses the general requirements of the stakeholders and provides a comprehensive threat analysis for an interoperable EFC scheme. A number of identified threats may result in less revenue of the toll charger, incorrect charging and billing and not meeting required service levels between Toll Service Provider and Toll Charger. The EFC Security Framework further specifies requirements to counter the identified threats. Some of these requirements can be fulfilled by implementing basic security measures that are specified in the same document, but more specific security measures are left to other standards and specifications or to local choices.

    Secure Monitoring makes use of basic cryptographic security measures and procedures provided for in the EFC Security Framework as far as possible. The relation between the EFC Security Framework and the Secure Monitoring technical specifications is illustrated in Figure 2.

    Based on the threat analysis that has been carried out in the EFC Security Framework, Figure 2 specifies which attacks Secure Monitoring addresses.

    1.3 Relation to other standards

    This Technical Specification complies with the allocation of roles and responsibilities as specified in ISO 17573:2010 Electronic fee collection – Systems architecture for vehicle related tolling.

    This Technical Specification defines transactions in the interfaces between the TSP Front end and the Toll Charger\'s road side equipment (RSE) as well as between the Toll Service Providers and the Toll Chargers back end. As these interfaces are also covered by CEN ISO/TS 12813:2009 (Compliance Checking Communication) and EN ISO 12855:2012 (Information Exchange between service provision and Toll Charging), SM_CC reuses these standards by specifying which options to choose and by defining the content of data fields. Extensions and additions are only specified in cases where it is not possible to specify the SM_CC with the tools available in these standards. The relation between this Technical Specification, the interfaces between TC and TSP and the aforementioned standards is illustrated in Figure 3 below.

    General Product Information - (Show below) - (Hide below)

    Committee EPL/278
    Document Type Standard
    Publisher British Standards Institution
    Status Superseded
    Superseded By

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC TR 10000-1:1998 Information technology Framework and taxonomy of International Standardized Profiles Part 1: General principles and documentation framework
    ISO/IEC 18033-1:2015 Information technology Security techniques Encryption algorithms Part 1: General
    ISO 12855:2015 Electronic fee collection Information exchange between service provision and toll charging
    ISO/IEC 9646-7:1995 Information technology Open Systems Interconnection Conformance testing methodology and framework Part 7: Implementation Conformance Statements
    ISO/IEC 8825-2:2015 Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2:
    ISO/IEC 14888-3:2016 Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms
    ISO/IEC 8825-1:2015 Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
    ISO 14813-6:2009 Intelligent transport systems Reference model architecture(s) for the ITS sector Part 6: Data presentation in ASN.1
    CEN/TS 16439:2013 Electronic fee collection - Security framework
    ISO 17573:2010 Electronic fee collection Systems architecture for vehicle-related tolling
    ISO/IEC 8825-4:2015 Information technology ASN.1 encoding rules: XML Encoding Rules (XER) Part 4:
    ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
    EN ISO 12855:2015 (edition 2) Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015)
    ISO/TS 17575-1:2010 Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
    ISO 14906:2011 Electronic fee collection Application interface definition for dedicated short-range communication
    ISO/TS 17444-1:2017 Electronic fee collection — Charging performance — Part 1: Metrics
    ISO/IEC 19505-2:2012 Information technology — Object Management Group Unified Modeling Language (OMG UML) — Part 2: Superstructure
    CEN ISO/TS 17444-1:2017 Electronic fee collection - Charging performance - Part 1: Metrics (ISO/TS 17444-1:2017)
    ISO/IEC 19505-1:2012 Information technology — Object Management Group Unified Modeling Language (OMG UML) — Part 1: Infrastructure
    CEN ISO/TS 17575-3:2011/AC:2013 ELECTRONIC FEE COLLECTION - APPLICATION INTERFACE DEFINITION FOR AUTONOMOUS SYSTEMS - PART 3: CONTEXT DATA (ISO/TS 17575-3:2011/COR 1:2013)
    CEN ISO/TS 17575-1:2010/AC:2013 ELECTRONIC FEE COLLECTION - APPLICATION INTERFACE DEFINITION FOR AUTONOMOUS SYSTEMS - PART 1: CHARGING (ISO/TS 17575-1:2010/COR 1:2013)
    FIPS PUB 186 : 0 DIGITAL SIGNATURE STANDARD (DSS)
    ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
    ISO/TS 12813:2009 Electronic fee collection Compliance check communication for autonomous systems
    ISO/IEC 8824-1:2015 Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1:
    ISO/TS 17575-3:2011 Electronic fee collection Application interface definition for autonomous systems Part 3: Context data
    FIPS PUB 180 : 2002 SECURE HASH STANDARD
    CEN ISO/TS 12813:2009 Electronic fee collection - Compliance check communication for autonomous systems (ISO/TS 12813:2009)
    ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective