BS EN ISO 19299:2020
$215.11
Electronic fee collection. Security framework
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 144 |
This document defines an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1. The security framework describes a set of security requirements and associated security measures.
Annex D contains a list of potential threats to EFC systems and a possible relation to the defined security requirements. These threats can be used for a threat analysis to identify the relevant security requirements for an EFC system.
The relevant security measures to secure EFC systems can then be derived from the identified security requirements.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 7 | Foreword |
| 8 | Introduction |
| 15 | 1 Scope 2 Normative references |
| 16 | 3 Terms and definitions |
| 17 | 4 Abbreviated terms |
| 18 | 5 Trust model 5.1 Overview |
| 19 | 5.2 Stakeholders trust relations |
| 20 | 5.3 Technical trust model 5.3.1 General 5.3.2 Trust model for TC and TSP relations |
| 21 | 5.3.3 Trust model for TSP and service user relations 5.3.4 Trust model for interoperability management relations 5.4 Implementation 5.4.1 Setup of trust relations |
| 22 | 5.4.2 Trust relation renewal and revocation 5.4.3 Issuing and revocation of sub CA and end-entity certificates |
| 23 | 5.4.4 Certificate and certificate revocation list profile and format 5.4.5 Certificate extensions |
| 24 | 6 Security requirements 6.1 General |
| 25 | 6.2 Information security management system |
| 26 | 6.3 Communication interfaces 6.4 Data storage 6.5 Toll charger |
| 28 | 6.6 Toll service provider |
| 30 | 6.7 Interoperability management |
| 31 | 6.8 Limitation of requirements 7 Security measures — Countermeasures 7.1 Overview |
| 32 | 7.2 General security measures 7.3 Communication interfaces security measures 7.3.1 General |
| 33 | 7.3.2 DSRC-EFC interface |
| 34 | 7.3.3 CCC interface |
| 35 | 7.3.4 LAC interface 7.3.5 Front End to TSP back end interface |
| 36 | 7.3.6 TC to TSP interface |
| 37 | 7.3.7 ICC interface |
| 38 | 7.4 End-to-end security measures |
| 39 | 7.5 Toll service provider security measures 7.5.1 Front end security measures |
| 40 | 7.5.2 Back end security measures |
| 41 | 7.6 Toll charger security measures 7.6.1 RSE security measures |
| 42 | 7.6.2 Back end security measures 7.6.3 Other TC security measures |
| 43 | 8 Security specifications for interoperable interface implementation 8.1 General 8.1.1 Subject 8.1.2 Signature and hash algorithms 8.2 Security specifications for DSRC-EFC 8.2.1 Subject 8.2.2 OBE 8.2.3 RSE |
| 44 | 9 Key management 9.1 Overview 9.2 Asymmetric keys 9.2.1 Key exchange between stakeholders 9.2.2 Key generation and certification 9.2.3 Protection of keys |
| 45 | 9.2.4 Application 9.3 Symmetric keys 9.3.1 General 9.3.2 Key exchange between stakeholders |
| 46 | 9.3.3 Key lifecycle |
| 47 | 9.3.4 Key storage and protection |
| 48 | 9.3.5 Session keys |
| 49 | Annex A (normative) Security profiles |
| 53 | Annex B (informative) Implementation conformance statement (ICS) proforma |
| 71 | Annex C (informative) Stakeholder objectives and generic requirements |
| 75 | Annex D (informative) Threat analysis |
| 132 | Annex E (informative) Security policies |
| 138 | Annex F (informative) Example for an EETS security policy |
| 140 | Annex G (informative) Recommendations for privacy-focused implementation |
| 142 | Bibliography |
