UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CEN ISO/TS 19299

Electronic fee collection - Security framework

inactive
Organization: CEN
Publication Date: 1 October 2015
Status: inactive
Page Count: 154
ICS Code (Road transport): 03.220.20
ICS Code (IT applications in transport): 35.240.60
scope:

The overall scope of this Technical Specification is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.

The scope of this Technical Specification comprises the following:

- definition of a trust model (Clause 5);

Basic assumptions and principles for establishing trust between the stakeholders.

- security requirements (Clause 6);

- security measures

- countermeasures (Clause 7);

Security requirements to support actual EFC system implementations.

- security specifications for interface implementation (Clause 8);

These specifications represent an add-on for security to the corresponding standards. Figure 5 above shows the relevant interfaces and the corresponding relevant interface standards, as illustrated in Figure 6.

- key management (Clause 9);

Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.

- security profiles (Annex A);

- implementation conformance statement (Annex B) provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to this Technical Specification;

- general information security objectives of the stakeholders (Annex C) which provide a basic motivation for the security requirements;

- threat analysis (Annex D) on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;

- security policy examples (Annex E and Annex F);

- recommendations for privacy-focused implementation (Annex G);

- proposal for end-entity certificates (Annex H).

The following are outside the scope of this Technical Specification:

- a complete risk assessment for an EFC system;

- security issues rising from an EFC application running on an ITS station;

NOTE Security issues associated with an EFC application running on an ITS station are covered in CEN/TR 16690.

- entities and interfaces of the interoperability management role;

- the technical trust relation between TSP and service user;

- concrete implementation specifications for implementation of security for EFC system [e.g. European electronic toll service (EETS)];

- detailed specifications required for privacy-friendly EFC implementations;

- any financial transactions between the payment service provider and the payment medium issued by the latter (e.g. ICC).

Document History

September 1, 2020
Electronic fee collection - Security framework
This document defines an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO...
CEN ISO/TS 19299
October 1, 2015
Electronic fee collection - Security framework
The overall scope of this Technical Specification is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them,...

References

Advertisement