DIN EN ISO 24534-4-2011 Automatic vehicle and equipment identification - Electronic Registration Identification (ERI) for vehicles - Part 4 Secure communications using asymmetrical.pdf

1、Oktober 2011DEUTSCHE NORM Normenausschuss Automobiltechnik (NAAutomobil) im DINPreisgruppe 31DIN Deutsches Institut fr Normung e. V. Jede Art der Vervielfltigung, auch auszugsweise, nur mit Genehmigung des DIN Deutsches Institut fr Normung e. V., Berlin, gestattet.ICS 35.240.60; 43.020!$t.“1811199ww

2、w.din.deDDIN EN ISO 24534-4Automatische Identifizierung von Fahrzeugen und Ausrstungen Elektronische Identifizierung fr die Registrierung (ERI) vonFahrzeugen Teil 4: Sichere Anwendungsebene mittels asymmetrischer Techniken(ISO 24534-4:2010);Englische Fassung EN ISO 24534-4:2010Automatic vehicle and

3、equipment identification Electronic Registration Identification (ERI) for vehicles Part 4: Secure communications using asymmetrical techniques (ISO 24534-4:2010);English version EN ISO 24534-4:2010Identification automatique des vhicules et des quipements Identification denregistrement lectronique (E

4、RI) pour les vhicules Partie 4: Communications sres utilisant des techniques asymtriques(ISO 24534-4:2010);Version anglaise EN ISO 24534-4:2010Alleinverkauf der Normen durch Beuth Verlag GmbH, 10772 Berlin www.beuth.deGesamtumfang 100 SeitenDIN EN ISO 24534-4:2011-10Nationales Vorwort Dieses Dokumen

5、t (EN ISO 24534-4:2010) wurde vom technischen Komitee CEN/TC 278 Straentransport und Verkehrstelematik“ ausgearbeitet, dessen Sekretariat vom NEN (Niederlande) gehalten wird in Verbindung mit dem technischen Komitee ISO/TC 204 Intelligent transport systems“. Das zustndige deutsche Normungsgremium is

6、t der Gemeinschaftsarbeitsausschuss NA 052-02-71 GA Straenverkehrtelematik“ des Normenausschusses Automobiltechnik (NA-Automobil). Das Prsidium des DIN hat mit seinem Beschluss 1/2004 festgelegt, dass von dem in den Regeln der europischen Normungsarbeit von CEN/CENELEC verankerten Grundsatz, wonach

7、Europische Normen in den drei offiziellen Sprachen Deutsch, Englisch und Franzsisch verffentlicht werden, in begrndeten Ausnahmefllen abgewichen und auf die deutsche Sprachfassung verzichtet werden kann. 2 EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 24534-4 July 2010 ICS 35.240.60; 03.2

8、20.20 Supersedes CEN ISO/TS 24534-4:2008English Version Automatic vehicle and equipment identification Electronic Registration Identification (ERI) for vehicles Part 4: Secure communications using asymmetrical techniques(ISO 24534-4:2010) Identification automatique des vhicules et des quipements Ide

9、ntification denregistrement lectronique (ERI) pour les vhicules Partie 4: Communications sres utilisant des techniques asymtriques (ISO 24534-4:2010) Automatische Identifizierung von Fahrzeugen und Ausrstungen Elektronische Identifizierung fr die Registrierung (ERI)von Fahrzeugen Teil 4: Sichere Anw

10、endungsebene mittels asymmetrischer Techniken (ISO 24534-4:2010) This European Standard was approved by CEN on 16 June 2010. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard wi

11、thout any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other langua

12、ge made by translation under the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia

13、, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPIS

14、CHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2010 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 24534-4:2010: EEN ISO 24534-4:2010 (E) 2 Contents Page Foreword3 Introduction .4 1 Scope 5 2 Norm

15、ative references 6 3 Terms and definitions .6 4 Abbreviations 14 5 System communications concept. 15 5.1 Introduction. 15 5.2 Overview 15 5.3 Security services 22 5.4 Communication architecture description 27 5.5 Interfaces. 29 6 Interface requirements . 30 6.1 Overview 30 6.2 Abstract transaction d

16、efinitions 31 6.3 The ERT interfaces . 67 Annex A (normative) ASN.1 modules. 70 Annex B (normative) PICS pro forma. 81 Annex C (informative) Operational scenarios . 85 Bibliography. 97 DIN EN ISO 24534-4:2011-10EN ISO 24534-4:2010 (E) 3 Foreword This document (EN ISO 24534-4:2010) has been prepared

17、by Technical Committee CEN/TC 278 “Road transport and traffic telematics”, the secretariat of which is held by NEN, in collaboration with Technical Committee ISO/TC 204 “Intelligent transport systems”. This European Standard shall be given the status of a national standard, either by publication of

18、an identical text or by endorsement, at the latest by January 2011, and conflicting national standards shall be withdrawn at the latest by January 2011. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not

19、be held responsible for identifying any or all such patent rights. This document supersedes CEN ISO/TS 24534-4:2008. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bul

20、garia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Endorsement notic

21、e The text of ISO 24534-4:2010 has been approved by CEN as a EN ISO 24534-4:2010 without any modification. DIN EN ISO 24534-4:2011-10EN ISO 24534-4:2010 (E) 4 Introduction A quickly emerging need has been identified with administrations to improve the unique identification of vehicles for a variety

22、of services. Situations are already occurring where manufacturers intend to fit lifetime tags to vehicles. Various governments are considering the needs and benefits of electronic registration identification (ERI) as a legal proof of vehicle identity with potential mandatory uses. There is commercia

23、l and economic justification in respect of both tags and infrastructure that a standard enables an interoperable solution. ERI is a means of uniquely identifying road vehicles. The application of ERI will offer significant benefits over existing techniques for vehicle identification. It will be a su

24、itable tool for the future management and administration of traffic and transport, including applications in free-flow, multi-lane traffic conditions with the capability to support mobile transactions. ERI addresses the need of authorities and other road users for a trusted electronic identification

25、, including roaming vehicles. This part of ISO 24534 specifies the application layer interfaces for the exchange of data between an onboard component containing the ERI data and a reader or writer inside or outside the vehicle. The exchanged identification data consists of a unique vehicle identifie

26、r and may also include data typically found in the vehicles registration certificate. The authenticity of the exchanged vehicle data can be further enhanced by ensuring data has been obtained by request from a commissioned device, with the data electronically signed by the registration authority. In

27、 order to facilitate (international) resales of vehicles, the ERI interface includes provisions for another accredited registration authority to take over the registration of a vehicle. The ERI interface supports confidentiality measures to adhere to (inter)national privacy regulation and to prevent

28、 other misuse of electronic identification of vehicles. A registration authority may authorize other authorities to access the vehicles data. A holder of a registration certificate may authorize an additional service provider to identify the vehicle when he/she wants commercial service. However, it

29、is perceived that different users may have different requirements for authentication and confidentiality. This International Standard therefore supports different levels of security with maximum compatibility. Much attention is given to the interoperability of the component containing the ERI data a

30、nd readers of various levels of capability, e.g. the identification of a vehicle with a less capable ERI data component by a more sophisticated reader equipment and vice versa. The supported complexity of the device containing the ERI data may range from a very simple read-only device that only cont

31、ains the vehicles identifier, to a sophisticated device that includes both authentication and confidentiality measures and maintains a historic list of the vehicle data written by the manufacturer and by vehicle registration authorities. Following the events of 11 September 2001, and subsequent revi

32、ews of anti-terrorism measures, the need for ERI has been identified as a possible anti-terrorism measure. The need for international or pan-European harmonization of such ERI is therefore important. It is also important to ensure that any ERI measures contain protection against misuse by terrorists

33、. This part of ISO 24534 makes use of the basic automatic vehicle identification (AVI) provisions already defined in ISO 14814 and ISO 14816. DIN EN ISO 24534-4:2011-10EN ISO 24534-4:2010 (E) 5 1 Scope This part of ISO 24534 provides requirements for electronic registration identification (ERI) that

34、 are based on an identifier assigned to a vehicle (e.g. for recognition by national authorities) suitable to be used for: electronic identification of local and foreign vehicles by national authorities; vehicle manufacturing, in-life maintenance and end-of-life identification (vehicle life cycle man

35、agement); adaptation of vehicle data (e.g. for international resales); safety-related purposes; crime reduction; commercial services. It adheres to privacy and data protection regulations. This part of ISO 24534 specifies the interfaces for a secure exchange of data between an ERT and an ERI reader

36、or ERI writer in or outside the vehicle using asymmetric encryption techniques. NOTE 1 The onboard device containing the ERI data is called the electronic registration tag (ERT). This part of ISO 24534 includes: the application layer interface between an ERT and an onboard ERI reader or writer; the

37、application layer interface between the onboard ERI equipment and external ERI readers and writers; security issues related to the communication with the ERT. NOTE 2 The vehicle identifiers and possible additional vehicle data (as typically contained in vehicle registration certificates) are defined

38、 in ISO 24534-3. NOTE 3 The secure application layer interfaces for the exchange of ERI data with an ERI reader or writer are specified in both this part of ISO 24534 and ISO 24534-5. DIN EN ISO 24534-4:2011-10EN ISO 24534-4:2010 (E) 6 2 Normative references The following referenced documents are in

39、dispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 8824 (all parts), Information technology Abstract Syntax Notation One (ASN.1) ISO/

40、IEC 8825-2, Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2 ISO/IEC 14443 (all parts), Identification cards Contactless integrated circuit cards Proximity cards ISO 15628:2007, Road transport and traffic telematics Dedicated short range communication

41、(DSRC) DSRC application layer 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 access control prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner ISO 7498-2:1989, definition 3.3

42、.1 3.2 access control list list of entities, together with their access rights, which are authorized to have access to a resource ISO 7498-2:1989, definition 3.3.2 3.3 active threat threat of a deliberate unauthorized change to the state of the system ISO 7498-2:1989, definition 3.3.4 EXAMPLE Exampl

43、es of security-relevant active threats may include modification of messages, replay of messages, and insertion of spurious messages, masquerading as an authorized entity and denial of service. 3.4 additional vehicle data ERI data in addition to the vehicle identifier ISO 24534-3:2008, definition 3.1

44、 3.5 air interface conductor-free medium between onboard equipment (OBE) and the reader/interrogator through which the linking of the OBE to the reader/interrogator is achieved by means of electromagnetic signals ISO 14814:2006, definition 3.2 3.6 authority organization that is allowed by public law

45、 to identify a vehicle using ERI DIN EN ISO 24534-4:2011-10EN ISO 24534-4:2010 (E) 7 3.7 authorization granting of rights, which includes the granting of access based on access rights ISO 7498-2:1989, definition 3.3.10 3.8 certification authority natural or legal person trusted to create public key

46、certificates NOTE See also top-level certification authority and intermediate certification authority. 3.9 challenge data item chosen at random and sent by the verifier to the claimant, which is used by the claimant, in conjunction with secret information held by the claimant, to generate a response

47、 which is sent to the verifier ISO/IEC 9798-1:1997, definition 3.3.5 NOTE In this part of ISO 24534 the term challenge is also used in case an ERT does not have enabled encryption capabilities and the challenge is merely copied without any secret information applied. 3.10 ciphertext data produced, t

48、hrough the use of encipherment; the semantic content of the resulting data is not available ISO 7498-2:1989, definition 3.3.14 3.11 claimant entity which is or represents a principal for the purposes of authentication NOTE A claimant includes the functions necessary for engaging in authentication ex

49、changes on behalf of a principal. ISO/IEC 10181-2:1996, definition 3.10 3.12 cleartext intelligible data, the semantic content of which is available ISO 7498-2:1989, definition 3.3.15 3.13 confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes ISO 7498-2:1989, definition 3.3.16 3.14 credentials data that is transferred to establish the claimed identity of an entity ISO 7498-2:1989, definition 3.3.1