DIN CEN ISO/TS 19299, DIN SPEC 74125:2016 Edition

Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an electronic fee collection (EFC) system as required for a trustworthy environment according to its basic information security policy. In general the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and does neither consider value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application. The scope of this security framework comprises the following:- general information security objectives of the stakeholders;- threat analysis;- definition of a trust model;- security requirements;- security measures ? countermeasures;- security specifications for interface implementation;- key management;- security policies;- privacy-enabled implementations. Outside the scope of this Technical Specification is:- a complete risk assessment for an EFC system;- security issues rising from an EFC application running on an ITS station;- entities and interfaces of the interoperability management role;- the technical trust relation of the model between TSP and User;- a complete specification and description of all necessary security measures to all identified threats;- concrete implementation specifications for implementation of security for EFC system, e. g. European electronic toll service (EETS);-detailed specifications required for privacy-friendly EFC implementations.