1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication PD CEN/TR 16152:2011 Electronic fee collection Personalisation and mounting of first mount OBEPD CEN/TR 16152:2011 PUBLISHED DOCUMENT National foreword This Published Document
2、 is the UK implementation of CEN/TR 16152:2011. The UK participation in its preparation was entrusted to T e c h n i c a l C o m m i t t e e E P L / 2 7 8 , R o a d t r a n s p o r t i n f o r m a t i c s . A list of organizations represented on this committee can be obtained on request to its secre
3、tary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 67647 5 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document wa
4、s published under the authority of the Standards Policy and Strategy Committee on 31 May 2011. Amendments issued since publication Date T e x t a f f e c t e dPD CEN/TR 16152:2011TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16152 March 2011 ICS English Version Electronic fee collect
5、ion - Personalisation and mounting of first mount OBE Perception de tlpage - Personnalisation et installation des quipements embarqus en premire monte Elektronische Gebhrenerhebung - Personalisierung und Einbau von Fahrzeuggerten der Erstausstattung This Technical Report was approved by CEN on 17 Ja
6、nuary 2011. It has been drawn up by the Technical Committee CEN/TC 278. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, M
7、alta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2011 CEN All rights of ex
8、ploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16152:2011: EPD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 Background and expected benefits of first-mount OBE .5 1.2 Personalisation concept .5
9、2 Normative references 6 3 Terms and definitions .6 4 Symbols and abbreviations 6 5 Context Description .7 5.1 General 7 5.2 Actors and Roles .8 5.3 Overview of Assets . 10 5.4 Use cases 12 5.4.1 Initialisation: Mounting of OBE . 12 5.4.2 Initialisation: Assignment of individual data . 12 5.4.3 Init
10、ialisation: Assignment of vehicle data 13 5.4.4 Contracting of the OBE with the Service Provider 14 5.4.5 Enabling long range mobile communication . 15 5.4.6 Change of the vehicle for the same contract . 16 5.4.7 Cancellation of an existing contract . 17 5.4.8 Change of the contract for the same veh
11、icle . 17 5.4.9 Normal EFC use cases: charging and enforcement . 18 5.4.10 Repair and upgrade of the OBE 19 5.4.11 Change of vehicle properties 20 5.4.12 Decommissioning and replacement of the OBE . 21 6 Personalisation concept 22 6.1 Overall requirements 22 6.1.1 Functional requirements 22 6.1.2 Se
12、curity Requirements . 26 6.2 Vehicle interface requirements and constraints . 34 6.2.1 Introduction . 34 6.2.2 Installation principles . 35 7 Personalisation data . 35 7.1 EFC Attibutes 35 7.2 OBE related data . 37 7.3 Access protection information 37 7.4 Vehicle registration data 37 8 Recommendatio
13、ns 38 Bibliography . 40 PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 3 Foreword This document (CEN/TR 16152:2011) has been prepared by Technical Committee CEN/TC 278 “Road transport and traffic telematics”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the
14、 elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 4 Introduction With the increased use of OBE for EFC, the need for effective distribution is growing. The OBE co
15、uld potentially be integrated into the vehicle by the vehicle manufacturer as part of manufacturing process. The EETS provider (according to ECs European Electronic Toll Service business model) would in such a scenario be faced with the issue on how to personalize the data in the OBE, including the
16、data related to the contract between him and the user. This issue is relevant for both DSRC and satellite based OBEs. The issues addressed by the document include: 1) vehicle interfacing requirements and constraints a) vehicle data buses b) requirements and constraints from the automotive industry (
17、e.g. in terms of electronic, mechanics) c) safety d) security 2) personalization requirements and constraints a) Access to the protected data inside the OBE e.g. ContractNumber b) Where are the EETS and contract data located? (inside the OBE or in a smart card). c) Activation and deactivation of the
18、 OBE This Technical Report is not a substitute for regulations and standards and these should always be respected and used by manufacturers. PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 5 1 Scope 1.1 Background and expected benefits of first-mount OBE It could be foreseen that in future the DSRC OBE w
19、ill be delivered by car manufacturer as a feature of the vehicle as they do today with car radio which are parts of the most sold vehicles. For the vehicle owner, the OBE supplier is the car manufacturer acting as an OEM (Original Equipment Manufacturer). The integration of first mount OBE by car ma
20、nufacturer is the only way to create a future mass market for EFC application based upon DSRC as well as GNSS/CN, as at present the integration of this type of OBEs cannot be achieved except for heavy goods vehicles. Regarding DSRC, this is also an opportunity to extend the capability of todays EFC
21、technologies by providing increased quality of service, and possibly a greater range of services using in-vehicle electronics and resources. 1.2 Personalisation concept The personalisation procedure is the procedure where the EFC Service Provider initialize, customise, and finally activate the EFC i
22、nteroperable service to OBE, for a customer with or without existing account. Two different kinds of personalisation methods can be defined: a) the personalisation procedure can be done “over the air”. In such case, personalisation data can be encoded in the OBE by the Service Provider over a secure
23、 air-link, or b) personalisation data can be loaded directly by the driver into the OBE or Service Provider via a personal storage media. Theses are two fundamentally different approaches. The second method is perfectly fitted for critical initialisation data, such as encryption keys, to enable the
24、driver to use the same EFC contract in different vehicles, and also to send personalisation data via post to a large number of customers. In any case, the personalisation procedure shall be implemented in a practical way. It was reminded that the very large majority of Service Provider distribution
25、networks (and related point of sales) are not suited to allow point-to-point communication with vehicles. They are suited mainly for front-desk operations such as initialisation of an account, data collection of user information, and so on. For both methods, all access protection information, OBE co
26、ntract information, shall be stored in a secure storage area within the OBE. During the personalisation procedure, any OBE and Service Provider service point will only communicate, but only further to a successful check of access rights. The use of an air-link for personalisation purposes includes s
27、ome risks with respect to the security of the EFC system. The present document addresses appropriate measures to counteract these risks. Security services such as integrity protection and authentication protocols shall be defined to prevent unauthorised access to the content of the OBE memory area r
28、etaining personalisation data. This statement of principles summarises essential aspects to be taken into account for the personalisation of OBE. These principles are valid: a) whether the EFC system is based upon DSRC, GNSS-CN, or a combination of both technologies; b) for permanently installed OBE
29、; c) for both original equipment manufacturers (first mount) and after sales permanently attached to the vehicle by OBE manufacturers. PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 6 2 Normative references The following referenced documents are indispensable for the application of this document. For da
30、ted references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN ISO 14906, Road transport and traffic telematics Electronic fee collection Application interfaces definition for dedicated short-range communic
31、ation (ISO 14906:2004) CEN ISO/TS 175751, Electronic fee collection Application interface definition for autonomous systems Part 1: Charging (ISO/TS 17575-1:2010) ISO 11568-2, Banking Key management (retail) Part 2: Symmetric ciphers, their key management and life cycle prEN ISO 17573, Electronic fe
32、e collection System architecture for vehicle related tolling (ISO 17573:2010) 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 on-Board Equipment (OBE) equipment fitted within or on the outside of a vehicle and used for toll purposes 3.2 elect
33、ronic fee collection (EFC) toll charging by electronic means via a wireless interface 3.3 roadside equipment equipment located along the road transport network, for the purpose of communication and data exchanges with on-board equipments 3.4 Toll Charger legal entity charging toll for vehicles in a
34、toll domain 3.5 Toll Service Provider legal entity providing to his customers toll services on one or more toll domains for one or more classes of vehicles NOTE The Toll Service Provider may provide the OBE or may provide only a magnetic card or a smart card to be used with OBE provided by a third p
35、arty (like a mobile telephone and a SIM card can be obtained from different parties). The Toll Service Provider is responsible for the operation (functioning) of the OBE. 4 Symbols and abbreviations CC Common Criteria AID Application Interface Definition BST Beacon Service Table CESARE Common EFC Sy
36、stem for ASECAP Road tolling European system PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 7 DSRC Dedicated Short-Range Communication DTCO Digital TaCOgraph EAcK Element Access Key EAuK Element Authentication Key EC European Commission ECU Electronic Control Unit EID Element Identifier EFC Electronic F
37、ee Collection HGV Heavy Goods Vehicle KVC Key Verification Code L1 Layer 1 of DSRC (Physical Layer) L2 Layer 2 of DSRC (Data Link Layer) L7 Layer 7 of DSRC (Application Layer) LLC Logical Link Control MAC Message Authentication Code MEAcK Master Element Access Key MEAuK Master Element Authentication
38、 Key MMI Man-Machine Interface OBE On-Board Equipment OBU On-Board Unit PAN Personal Account Number RSE Road-Side Equipment T-APDU Transfer-Application Protocol Data Unit VST Vehicle Service Table 5 Context Description 5.1 General In many existing systems OBEs are delivered by the Service Provider.
39、The process to add vehicle and service user data is normally a part of the contract between the Service Provider and the OBE manufacturer. In this situation there is one Security Domain within which full trust must exist. As it is foreseen that the OBE will be integrated with the vehicle the persona
40、lization process of the OBE must support that the OBE is mounted to the Vehicle when the personalisation takes place. PD CEN/TR 16152:2011 CEN/TR 16152:2011 (E) 8 Furthermore, it is possible that different contracts issued by different Service Providers will be in place and related sets of personali
41、sation assets implemented in the same OBE throughout its lifetime. 5.2 Actors and Roles The following actors have been identified as actors who are related to assets related to the OBE. a) Toll Charger. He is responsible for the collection of road usage charges on a specific part of the road infrast
42、ructure. He is interested in personalisation data as far as he needs them for the determination or checking of the charges. His special interest is in the correctness of the vehicle data and of the Service Provider identification (assuming that the Service Provider guarantees him for the payment of
43、the fees if he can proof the usage of the road infrastructure). b) Service Provider. He offers the EFC service to users of the road infrastructure. A user subscribing to the service will pay the fees to the Service Provider who will forward them to the appropriate toll charger according to the usage
44、. To contribute to the determination of the road usage and the charges due, the Service Provider will operate the OBE mounted to the vehicle of the service user, after having added his personalization data to it. Anyway, the personalization data responsibility is kept by the Service Provider towards
45、 the User and the Toll Charger. His interest is that only road usages of customers having subscribed his service are charged to him and that he can assign the charges to the appropriate service user. c) OBE Manufacturer. He produces the OBE and delivers it to the vehicle manufacturer to be mounted t
46、o a vehicle. d) Vehicle Manufacturer. He is responsible for the integration of the OBE into the vehicle. e) Vehicle registration authority. The involvement of this actor in the personalization of first mount OBE is to be defined. In any case it may serve as a trusted source of at least part of the v
47、ehicle data. f) EFC service user. He subscribes to the EFC service of a Service Provider for a specific vehicle with an OBE. His interest is that he is charged only for his road usage. g) Mobile communication provider (in case of GNSS system). He offers a wide range communication service that may be
48、 used not only during EFC, but also for personalization of the OBE. The OBE has to be initialized for the specific service before it can use the communication channel. These actors are present in the EFC environment independent from the issue of personalisation of first mount OBE. Not all of them mu
49、st have an active role in personalisation - some of them may just have a specific interest (like for instance the toll charger). For retrofitted OBE it is usually assumed that the overall responsibility for this OBE is at the Service Provider. This also covers the responsibility for the personalisation. The Service Provider may get the OBE from the OBE Manufacturer at a stage where part of the personalisation took place already. But as soon as the Service Provider takes over the OBE, the OBE Manufacturer is not involved any more and in case there is some inf
