scope:

This Technical Specification defines the requirements for the Secure Application Module (SAM) used in the secure monitoring compliance checking concept. It specifies two different configurations of a SAM:

- Trusted Recorder, for use inside an OBE;

- Verification SAM, for use in other EFC system entities. The Technical Specification describes

- terms and definitions used to describe the two Secure Application Module configurations;

- operation of the two Secure Application Modules in the secure monitoring compliance checking concept;

- functional requirements for the two Secure Application Modules configurations, including a classification of different security levels;

- the interface, by means of transactions, messages and data elements, between an OBE or Front End and the Trusted Recorder;

- requirements on basic security primitives and key management procedures to support Secure Monitoring using a Trusted Recorder.

This Technical Specification is consistent with the EFC architecture as defined in ISO 17573 and the derived suite of standards and Technical Specifications, especially CEN/TS 16702-1:2014 and CEN/TS 16439.

The following is outside the scope of this Technical Specification:

- The life cycle of a Secure Application Module and the way in which this is managed.

- The interface commands needed to get a Secure Application Module in an operational state.

- The interface definition of the Verification SAM.

- Definition of a hardware platform for the implementation of a Secure Application Module.