CEN ISO/TS 19299:2015
(Main)Electronic fee collection - Security framework (ISO/TS 19299:2015)
Electronic fee collection - Security framework (ISO/TS 19299:2015)
The overall scope of ISO/TS 19299:2015 is an information security framework for all organizational and technical entities of an EFC scheme and in detail for the interfaces between them, based on the system architecture defined in ISO 17573. The security framework describes a set of requirements and associated security measures for stakeholders to implement and thus ensure a secure operation of their part of an EFC system as required for a trustworthy environment according to its security policy.
The scope of ISO/TS 19299:2015 comprises the following:
definition of a trust model;
Basic assumptions and principles for establishing trust between the stakeholders.
security requirements;
security measures - countermeasures;
Security requirements to support actual EFC system implementations.
security specifications for interface implementation;
These specifications represent an add-on for security to the corresponding standards.
key management;
Covering the (initial) setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation, etc.
security profiles;
implementation conformance statement provides a checklist to be used by an equipment supplier, a system implementation, or an actor of a role declaring his conformity to ISO/TS 19299:2015;
general information security objectives of the stakeholders which provide a basic motivation for the security requirements;
threat analysis on the EFC system model and its assets using two different complementary methods, an attack-based analysis, and an asset-based analysis;
security policy examples;
recommendations for privacy-focused implementation;
proposal for end-entity certificates.
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO/TS 19299:2015)
Perception de télépéage - Cadre de sécurité (ISO/TS 19299:2015)
Le domaine d'application général de l'ISO/TS 19299:2015 consiste à fournir un cadre de sécurité de l'information pour l'ensemble des entités organisationnelles et techniques d'un plan de perception du télépéage (EFC), et plus particulièrement pour les interfaces entre elles, sur la base de l'architecture système définie dans l'ISO 17573. Le cadre de sécurité décrit un ensemble d'exigences et de mesures de sécurité associées destinées à être mises en ?uvre par les parties prenantes, garantissant ainsi un fonctionnement sécurisé de leur partie d'un système EFC, tel que l'exige la politique de sécurité d'un environnement de confiance.
Le domaine d'application de l'ISO/TS 19299:2015 inclut:
la définition d'un modèle de confiance;
Principes et hypothèses de base pour l'établissement de relations de confiance entre les parties prenantes.
les exigences de sécurité;
les mesures de sécurité ? contre-mesures;
Exigences de sécurité relatives à la prise en charge des mises en ?uvre du système EFC actuel.
les spécifications de sécurité relatives à la mise en ?uvre de l'interface;
Ces spécifications offrent une extension de sécurité aux normes correspondantes.
la gestion des clés;
Couvre l'instauration (initiale) de l'échange de clés entre les parties prenantes et plusieurs procédures opérationnelles telles que le renouvellement de clés, la révocation de certificats, etc.
les profils de sécurité;
la déclaration de conformité de la mise en ?uvre propose une liste de contrôle devant être utilisée par un fournisseur d'équipement, un chargé de mise en ?uvre d'un système ou l'acteur d'un rôle pour déclarer sa conformité à l'ISO/TS 19299:2015;
les objectifs généraux de sécurité de l'information des parties prenantes qui constituent le principal motif des exigences de sécurité;
l'analyse des menaces inhérentes au modèle de système EFC et à ses actifs en utilisant deux méthodes complémentaires distinctes, une analyse basée sur les attaques et une analyse basée sur les actifs;
des exemples de politiques de sécurité;
les recommandations relatives à une mise en ?uvre axée sur la protection de la vie privée;
une proposition relative aux certificats d'entité finale.
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO/TS 19299:2015)
Ta tehnična specifikacija:
– Opisuje zahteve in priporočene metode, na podlagi katerih lahko zdravniki zbirajo, analizirajo in označujejo klinične kontekste, vsebine ter strukture podrobnih kliničnih modelov.
– Določa podrobne klinične modele (DCM) na podlagi osnovnega logičnega modela. To so logični modeli kliničnih pojmov in jih je mogoče uporabiti za določitev in strukturiranje kliničnih informacij.
– Opisuje zahteve in načela za modele DCM, metapodatke, shranjevanje različic, specifikacijo vsebine in konteksta, specifikacijo podatkovnih elementov in razmerij med njimi ter podaja napotke in primere.
– Določa načela upravljanja modelov DCM za namene zagotavljanja zasnovne celovitosti vseh atributov DCM
in natančnosti logičnega modela.
– Opisuje razvoj modelov DCM in metodološka načela, s katerimi se podpre izdelava
kakovostnih modelov DCM za namene zmanjšanja tveganja in zagotavljanja varnosti pacientov.
Ta tehnična specifikacija se ne uporablja za:
– Podrobno vsebino primerkov podrobnih kliničnih modelov. Primer: ta tehnična specifikacija ne določa konkretnih podatkovnih elementov za Glasgowsko lestvico nezavesti, telesno višino ipd. (razen nekaterih primerov razlag členov). Vključuje pa navodila o tem, kako pravilno določiti klinično znanje po Glasgowski lestvici nezavesti ali telesni višini, kako pravilno prepoznati, poimenovati in modelirati podatkovne elemente za te klinične koncepte ter kako podati enolične kode posameznim podatkovnim elementom in (če je mogoče) naborom vrednosti. Povedano drugače, opisuje način ustvarjanja primerkov, vendar ne vključuje posameznih primerkov.
– Specifikacije dinamičnega modeliranja, npr. poteka dela.
– Specifikacije za modeliranje celotnih domen ali agregatov številnih podrobnih kliničnih modelov, npr. celotne dokumentacije pregledov ali povzetkov odpustnic. Ne določa sestave modelov DCM.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-marec-2016
1DGRPHãþD
SIST-TS CEN/TS 16439:2013
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO/TS 19299:2015)
Electronic fee collection - Security framework (ISO/TS 19299:2015)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO/TS 19299:2015)
Perception de télépéage - Cadre de sécurité (ISO/TS 19299:2015)
Ta slovenski standard je istoveten z: CEN ISO/TS 19299:2015
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN ISO/TS 19299
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
October 2015
TECHNISCHE SPEZIFIKATION
ICS 35.240.60; 03.220.20 Supersedes CEN/TS 16439:2013
English Version
Electronic fee collection - Security framework (ISO/TS
19299:2015)
Perception de télépéage - Cadre de sécurité (ISO/TS Elektronische Gebührenerhebung -
19299:2015) Sicherheitsgrundstruktur (ISO/TS 19299:2015)
This Technical Specification (CEN/TS) was approved by CEN on 26 June 2015 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TS 19299:2015 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
European foreword
This document (CEN ISO/TS 19299:2015) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
This document supersedes CEN/TS 16439:2013.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO/TS 19299:2015 has been approved by CEN as CEN ISO/TS 19299:2015 without any
modification.
TECHNICAL ISO/TS
SPECIFICATION 19299
First edition
2015-10-01
Electronic fee collection — Security
framework
Perception de télépéage — Cadre de sécurité
Reference number
ISO/TS 19299:2015(E)
©
ISO 2015
ISO/TS 19299:2015(E)
© ISO 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2015 – All rights reserved
ISO/TS 19299:2015(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 4
4 Symbols and abbreviated terms . 9
5 Trust model .10
5.1 Overview .10
5.2 Stakeholders trust relations .10
5.3 Technical trust model .11
5.3.1 General.11
5.3.2 Trust model for TC and TSP relations .11
5.3.3 Trust model for TSP and service user relations .13
5.3.4 Trust model for Interoperability Management relations .13
5.4 Implementation .13
5.4.1 Setup of trust relations .13
5.4.2 Trust relation renewal and revocation .14
5.4.3 Issuing and revocation of sub CA and end-entity certificates .14
5.4.4 Certificate and certificate revocation list profile and format .15
5.4.5 Certificate extensions .15
6 Security requirements .17
6.1 General .17
6.2 Information security management system .18
6.3 Communication interfaces .18
6.4 Data storage .19
6.5 Toll charger .19
6.6 Toll service provider .21
6.7 Interoperability Management .23
6.8 Limitation of requirements .23
7 Security measures — countermeasures .24
7.1 Overview .24
7.2 General security measures .24
7.3 Communication interfaces security measures .25
7.3.1 General.25
7.3.2 DSRC-EFC interface . .26
7.3.3 CCC interface .27
7.3.4 LAC interface .28
7.3.5 Front End to TSP back end interface .28
7.3.6 TC to TSP interface .29
7.3.7 ICC interface .30
7.4 End-to-end security measures .30
7.5 Toll service provider security measures .32
7.5.1 Front end security measures .32
7.5.2 Back end security measures .33
7.6 Toll charger security measures .34
7.6.1 RSE security measures . .34
7.6.2 Back end security measures .34
7.6.3 Other TC security measures .35
8 Security specifications for interoperable interface implementation .35
8.1 General .35
8.1.1 Subject.
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.