This document defines the requirements for the secure application module (SAM) used in the secure monitoring compliance checking concept. It specifies two different configurations of a SAM:
— trusted recorder, for use inside a piece of on-board equipment (OBE);
— verification SAM, for use in other EFC system entities.
This document describes
— terms and definitions used to describe the configurations of the two SAMs;
— operation of the two SAMs in the secure monitoring compliance checking concept;
— functional requirements for the configurations of the two SAMs, including a classification of different security levels;
— the interface, by means of transactions, messages and data elements, between an OBE or front end and the trusted recorder;
— requirements on basic security primitives and key management procedures to support Secure Monitoring using a trusted recorder.
This document is consistent with the EFC architecture as defined in EN ISO 17573-1 and the derived suite of standards and Technical Specifications, especially CEN/TS 16702-1 and CEN ISO/TS 19299.
The following is outside the scope of this document:
— The life cycle of a SAM and the way in which this is managed;
— The interface commands needed to get a SAM in an operational state;
— The interface definition of the verification SAM;
— Definition of a hardware platform for the implementation of a SAM.