ISO/TS 19299:2015
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Electronic fee collection Security framework
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
16-07-2021
English, French
28-09-2015
The overall scope of ISO/TS 19299:2015 is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.
The scope of ISO/TS 19299:2015 comprises the following:
- definition of a trust model;
Basic assumptions and principles for establishing trust between the stakeholders.
- security requirements;
- security measures - countermeasures;
Security requirements to support actual EFC system implementations.
- security specifications for interface implementation;
These specifications represent an add-on for security to the corresponding standards.
- key management;
Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.
- security profiles;
- implementation conformance statement provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to ISO/TS 19299:2015;
- general information security objectives of the stakeholders which provide a basic motivation for the security requirements;
- threat analysis on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;
- security policy examples;
- recommendations for privacy-focused implementation;
- proposal for end-entity certificates.
DocumentType |
Technical Specification
|
Pages |
137
|
PublisherName |
International Organization for Standardization
|
Status |
Withdrawn
|
SupersededBy |
Standards | Relationship |
ONORM ONR CEN ISO/TS 19299 : 2016 | Identical |
DIN CEN ISO/TS 19299;DIN SPEC 74125:2016-02 | Identical |
S.R. CEN ISO/TS 19299:2015 | Identical |
UNI CEN ISO/TS 19299 : 2015 | Identical |
UNE-CEN ISO/TS 19299:2015 | Identical |
PD CEN ISO/TS 19299:2015 | Identical |
CEN ISO/TS 19299:2015 | Identical |
I.S. EN ISO 12855:2015 | ELECTRONIC FEE COLLECTION - INFORMATION EXCHANGE BETWEEN SERVICE PROVISION AND TOLL CHARGING (ISO 12855:2015) |
PD CEN ISO/TS 14907-1:2015 | Electronic fee collection. Test procedures for user and fixed equipment Description of test procedures |
BS EN ISO 12813 : 2015 | ELECTRONIC FEE COLLECTION - COMPLIANCE CHECK COMMUNICATION FOR AUTONOMOUS SYSTEMS |
ISO 25110:2017 | Electronic fee collection — Interface definition for on-board account using integrated circuit card (ICC) |
I.S. EN ISO 12813:2015 | ELECTRONIC FEE COLLECTION - COMPLIANCE CHECK COMMUNICATION FOR AUTONOMOUS SYSTEMS (ISO 12813:2015) |
EN ISO 25110:2017 | Electronic fee collection - Interface definition for on-board account using integrated circuit card (ICC) (ISO 25110:2017) |
UNE-EN ISO 17575-3:2016 | Electronic fee collection - Application interface definition for autonomous systems - Part 3: Context data (ISO 17575-3:2016) |
CEN ISO/TS 17574:2017 | Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017) |
EN ISO 13140-1:2016 | Electronic fee collection - Evaluation of on-board and roadside equipment for conformity to ISO 13141 - Part 1: Test suite structure and test purposes (ISO 13140-1:2016) |
I.S. EN ISO 25110:2017 | ELECTRONIC FEE COLLECTION - INTERFACE DEFINITION FOR ON-BOARD ACCOUNT USING INTEGRATED CIRCUIT CARD (ICC) (ISO 25110:2017) |
BS EN ISO 13140-1:2016 | Electronic fee collection. Evaluation of on-board and roadside equipment for conformity to ISO 13141 Test suite structure and test purposes |
PD ISO/TR 19639:2015 | Electronic fee collection. Investigation of EFC standards for common payment schemes for multimodal transport services |
I.S. EN ISO 16407-1:2017 | ELECTRONIC FEE COLLECTION - EVALUATION OF EQUIPMENT FOR CONFORMITY TO ISO 17575-1 - PART 1: TEST SUITE STRUCTURE AND TEST PURPOSES (ISO 16407-1:2017) |
ISO 16407-1:2017 | Electronic fee collection — Evaluation of equipment for conformity to ISO 17575-1 — Part 1: Test suite structure and test purposes |
CEN ISO/TS 21719-2:2018 | Electronic fee collection - Personalization of on-board equipment (OBE) - Part 2: Using dedicated short-range communication (ISO/TS 21719-2:2018) |
EN ISO 16407-1:2017 | Electronic fee collection - Evaluation of equipment for conformity to ISO 17575-1 - Part 1: Test suite structure and test purposes (ISO 16407-1:2017) |
I.S. EN ISO 13140-1:2016 | ELECTRONIC FEE COLLECTION - EVALUATION OF ON-BOARD AND ROADSIDE EQUIPMENT FOR CONFORMITY TO ISO 13141 - PART 1: TEST SUITE STRUCTURE AND TEST PURPOSES (ISO 13140-1:2016) |
DIN CEN ISO/TS 14907-1;DIN SPEC 91192:2015-12 | ELECTRONIC FEE COLLECTION - TEST PROCEDURES FOR USER AND FIXED EQUIPMENT - PART 1: DESCRIPTION OF TEST PROCEDURES (ISO/TS 14907-1:2015) |
S.R. CEN ISO/TS 21719-1:2018 | ELECTRONIC FEE COLLECTION - PERSONALIZATION OF ON-BOARD EQUIPMENT (OBE) - PART 1: FRAMEWORK (ISO/TS 21719-1:2018) |
PD CEN/TR 16968:2016 | Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication |
ISO/TS 21719-2:2018 | Electronic fee collection — Personalization of on-board equipment (OBE) — Part 2: Using dedicated short-range communication |
BS EN ISO 12855:2015 | Electronic fee collection. Information exchange between service provision and toll charging |
CEN/TR 16968:2016 | Electronic Fee Collection - Assessment of security measures for applications using Dedicated Short-Range Communication |
S.R. CEN ISO/TS 21719-2:2018 | ELECTRONIC FEE COLLECTION - PERSONALIZATION OF ON-BOARD EQUIPMENT (OBE) - PART 2: USING DEDICATED SHORT-RANGE COMMUNICATION (ISO/TS 21719-2:2018) |
BS EN ISO 16407-1:2017 | Electronic fee collection. Evaluation of equipment for conformity to ISO 17575-1 Test suite structure and test purposes |
ISO 5127:2017 | Information and documentation Foundation and vocabulary |
ISO 13140-1:2016 | Electronic fee collection — Evaluation of on-board and roadside equipment for conformity to ISO 13141 — Part 1: Test suite structure and test purposes |
BS ISO 13111-1:2017 | Intelligent transport systems (ITS). The use of personal ITS station to support ITS service provision for travellers General information and use case definitions |
ISO/TS 21719-1:2018 | Electronic fee collection — Personalization of on-board equipment (OBE) — Part 1: Framework |
BS ISO 5127:2017 | Information and documentation. Foundation and vocabulary |
BS EN ISO 17575-3:2016 | Electronic fee collection. Application interface definition for autonomous systems Context data |
S.R. CEN ISO/TS 17574:2017 | ELECTRONIC FEE COLLECTION - GUIDELINES FOR SECURITY PROTECTION PROFILES (ISO/TS 17574:2017) |
S.R. CEN/TS 16986:2016 | ELECTRONIC FEE COLLECTION - INTEROPERABLE APPLICATION PROFILES FOR INFORMATION EXCHANGE BETWEEN SERVICE PROVISION AND TOLL CHARGING |
I.S. EN ISO 17575-3:2016 | ELECTRONIC FEE COLLECTION - APPLICATION INTERFACE DEFINITION FOR AUTONOMOUS SYSTEMS - PART 3: CONTEXT DATA (ISO 17575-3:2016) |
S.R. CEN ISO/TS 14907-1:2015 | ELECTRONIC FEE COLLECTION - TEST PROCEDURES FOR USER AND FIXED EQUIPMENT - PART 1: DESCRIPTION OF TEST PROCEDURES (ISO/TS 14907-1:2015) |
ISO 12855:2015 | Electronic fee collection Information exchange between service provision and toll charging |
ISO 12813:2015 | Electronic fee collection Compliance check communication for autonomous systems |
ISO/TS 14907-1:2015 | Electronic fee collection Test procedures for user and fixed equipment Part 1: Description of test procedures |
ISO/TS 17574:2017 | Electronic fee collection — Guidelines for security protection profiles |
ISO 17575-3:2016 | Electronic fee collection Application interface definition for autonomous systems Part 3: Context data |
EN ISO 12855:2015 | Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015) |
PD CEN/TS 16986:2016 | Electronic Fee Collection. Interoperable application profiles for information exchange between Service Provision and Toll Charging |
PD CEN ISO/TS 17574:2017 | Electronic fee collection. Guidelines for security protection profiles |
CEN ISO/TS 21719-1:2018 | Electronic fee collection - Personalization of on-board equipment (OBE) - Part 1: Framework (ISO/TS 21719-1:2018) |
S.R. CEN/TR 16968:2016 | ELECTRONIC FEE COLLECTION - ASSESSMENT OF SECURITY MEASURES FOR APPLICATIONS USING DEDICATED SHORT-RANGE COMMUNICATION |
BS EN ISO 25110:2017 | Electronic fee collection. Interface definition for on-board account using integrated circuit card (ICC) |
ISO/TR 19639:2015 | Electronic fee collection Investigation of EFC standards for common payment schemes for multi-modal transport services |
EN ISO 17575-3:2016 | Electronic fee collection - Application interface definition for autonomous systems - Part 3: Context data (ISO 17575-3:2016) |
CEN ISO/TS 14907-1:2015 | Electronic fee collection - Test procedures for user and fixed equipment - Part 1: Description of test procedures (ISO/TS 14907-1:2015) |
ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
ISO 12855:2015 | Electronic fee collection Information exchange between service provision and toll charging |
ISO/IEC 9646-7:1995 | Information technology Open Systems Interconnection Conformance testing methodology and framework Part 7: Implementation Conformance Statements |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC 8825-2:2015 | Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2: |
ISO/IEC 14888-3:2016 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
ISO/IEC 27003:2017 | Information technology — Security techniques — Information security management systems — Guidance |
EN 15509:2014 | Electronic fee collection - Interoperability application profile for DSRC |
ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
ISO 17573:2010 | Electronic fee collection Systems architecture for vehicle-related tolling |
TR 102 893 : 1.1.1 | INTELLIGENT TRANSPORT SYSTEMS (ITS); SECURITY; THREAT, VULNERABILITY AND RISK ANALYSIS (TVRA) |
ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
ISO/IEC 8825-4:2015 | Information technology ASN.1 encoding rules: XML Encoding Rules (XER) Part 4: |
ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
FIPS PUB 140-2 : 0 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
CEN/TS 16702-1:2014 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/TS 14907-2:2016 | Electronic fee collection Test procedures for user and fixed equipment Part 2: Conformance test for the on-board unit application interface |
CEN/TR 16690:2014 | Electronic fee collection - Guidelines for EFC applications based on in-vehicle ITS stations |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/TS 17575-1:2010 | Electronic fee collection Application interface definition for autonomous systems Part 1: Charging |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO 14906:2011 | Electronic fee collection Application interface definition for dedicated short-range communication |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 14888-1:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 1: General |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
CEN/TR 16092:2011 | Electronic fee collection - Requirements for pre-payment systems |
ISO/IEC 7816-3:2006 | Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical interface and transmission protocols |
ISO/TS 13141:2010 | Electronic fee collection Localisation augmentation communication for autonomous systems |
ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
ISO/TS 12813:2009 | Electronic fee collection Compliance check communication for autonomous systems |
CEN/TS 16702-2:2015 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder |
ISO/TS 17575-3:2011 | Electronic fee collection Application interface definition for autonomous systems Part 3: Context data |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO/IEC 14888-2:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms |
ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.