Nr.Referenz
ERCA policy		AnforderungReferenz D-MSA-Policy
 1.§ 5.3.1The MSA Policy shall identify the entities in charge of operations.§ 1.1 Zuständige Organisationen
 2.§ 5.3.2The MSCA key pairs for equipment key certification and for motion sensor key distribution shall be generated and stored within a device which either:
is certified to meet the requirements identified in FIPS 140-2 (or FIPS 140-1) level 3 or higher [10];
is certified to be compliant with the requirements identified in the CEN Workshop Agreement 14167-2 [11];
is a trustworthy system which is assured to EAL4 or higher in accordance with ISO 15408 [12]; to level E3 or higher in ITSEC [13]; or equivalent security criteria. These evaluations shall be to a protection profile or security target,
is demonstrated to provide an equivalent level of security.
§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
 3.§ 5.3.3Member State Key Pair generation shall take place in a physically secured environment by personnel in trusted roles under, at least dual control.§ 6 Schlüsselmanagement in der
D-CA (Absatz 3)
§ 6 Schlüsselmanagement in der
D-CA [r6.5]
§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.10]
§ 7.3 Schlüsselverwendung [r7.9]
§ 9.2 Besondere Anforderungen an das Sicherheitskonzept [r9.7]
 4.§ 5.3.4The Member State Key Pairs shall be used for a period of at most two years starting from certification by the ERCA.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.7]
 5.§ 5.3.5The generation of new Member State Key Pairs shall take into account the one month turnaround time required for certification by the ERCA.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.13]
 6.§ 5.3.6The MSA shall submit MSCA public keys for certification by the ERCA using the key certification request (KCR) protocol described in Annex A.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.14]
 7.§ 5.3.7The MSA shall request motion sensor master keys from the ERCA using the key distribution request (KDR) protocol described in Annex D.§ 6.3 Symmetrische Schlüssel
für Werkstattkarten und Weg-/
Geschwindigkeitsgeber (Km, Km, Km) [r6.20]
 8.§ 5.3.8The MSA shall recognise the ERCA public key in the distribution format described in Annex B.§ 6.2 Schlüsselpaar der
D-CA (MS.SK, MS.PK) [r6.15]
 9.§ 5.3.9The MSA shall use the physical media for key and certificate transport described in Annex C.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r 6.16]
10.§ 5.3.10The MSA shall ensure that the Key Identifier (KID) and modulus (n) of keys submitted to the ERCA for certification are unique within the domain of the MSCA.§ 8.4 Zertifikatinhalte und
-formate [r8.9]
11.§ 5.3.11The MSA shall ensure that expired keys are not used for any purpose. The Member State private key shall be either:
destroyed so that the private key cannot be recovered
or
retained in a manner preventing its use.		§ 6.2 Schlüsselpaar der
D-CA (MS.SK, MS.PK) [r6.7]
12.§ 5.3.12The MSA shall ensure that an equipment RSA key is generated, transported, and inserted into the equipment, in such a way as to preserve its confidentiality and integrity. For this purpose, the MSA shall
ensure that any relevant prescription mandated by security certification of the equipment is met;
ensure that both generation and insertion (if not onboard) takes place in a physically secured environment;
unless key generation was covered by the security certification of the equipment, ensure that specified and appropriate cryptographic key generation algorithms are used.
The last two of these requirements on generation shall be met by generating equipment keys within a device which either:
a)
is certified to meet the requirements identified in FIPS 140-2 (or FIPS 140-1) level 3 or higher [9];
b)
is certified to be compliant with the requirements identified in the CEN Workshop Agreement 14167-2 [10];
c)
is a trustworthy system which is assured to EAL4 or higher in accordance with ISO 15408 [11]; to level E3 or higher in ITSEC [12]; or equivalent security criteria. These evaluations shall be to a protection profile or security target;
d)
is demonstrated to provide an equivalent level of security.
§ 7.1 Allgemeine Anforderungen, Protokollierung [r7.1]
§ 7.2 Schlüsselerzeugung [r7.5]
13.§ 5.3.13The MSA shall ensure confidentiality, integrity and availability of the private keys generated, stored and used under control of the MSA Policy.§ 5 Karten- und Gerätemanagement [r5.6]
§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
§ 7.1 Allgemeine Anforderungen, Protokollierung [r7.2]
14.§ 5.3.14The MSA shall prevent unauthorised use of the private keys generated, stored and used under control of the MSA Policy.§ 7.1 Allgemeine Anforderungen, Protokollierung (Absatz 2)
§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.9]
§ 7.2 Schlüsselerzeugung [r7.8]
15.§ 5.3.15The Member State private keys may be backed up using a key recovery procedure requiring at least dual control.§ 7.3 Schlüsselerzeugung [r7.11]
16.§ 5.3.16Key certification requests that rely on transportation of private keys are not allowed.§ 8.2 Zertifikatserteilung [r8.7]
17.§ 5.3.17Key escrow is strictly forbidden.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.11]
18.§ 5.3.18The MSA shall prevent unauthorised use of its motion sensor keys.§ 6.3 Symmetrische Schlüssel für Werkstattkarten und Weg-/
Geschwindigkeitsgeber
(Km, Km, Km) [r6.18]
19.§ 5.3.19The MSA shall ensure that the motion sensor master key (Km) is used only to encrypt motion sensor data for the purposes of motion sensor manufacturers. The data to be encrypted is defined in the ISO / IEC 16844-3 standard [7].§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
20.§ 5.3.20The motion sensor master key (Km) shall never leave the secure and controlled environment of the MSA.§ 6.3 Symmetrische Schlüssel für Werkstattkarten und Weg-/
Geschwindigkeitsgeber
(Km, Km, Km)
[r 6.18]
21.§ 5.3.21The MSA shall forward the workshop card motion sensor key (Km) to the component personaliser
(in this case, the card personalisation service), by appropriately secured means, for the sole purpose of insertion into workshop cards.		§ 6.3 Symmetrische Schlüssel für Werkstattkarten und Weg-/
Geschwindigkeitsgeber
(Km, Km, Km) [r6.18]
22.§ 5.3.22The MSA shall forward the vehicle unit motion sensor key (Km) to the component personaliser (in this case, a vehicle unit manufacturer), by appropriately secured means, for the sole purpose of insertion into vehicle units.§ 6.3 Symmetrische Schlüssel für Werkstattkarten und Weg-/
Geschwindigkeitsgeber
(Km, Km, Km) [r6.18]
23.§ 5.3.23The MSA shall maintain the confidentiality, integrity and availability of its motion sensor key copies.§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
24.§ 5.3.24The MSA shall ensure that its motion sensor key copies are stored within a device which either:
a)
is certified to meet the requirements identified in FIPS 140-2 (or FIPS 140-1) level 3 or higher [9];
b)
is a trustworthy system which is assured to EAL4 or higher in accordance with ISO 15408 [11]; to level E3 or higher in ITSEC [12]; or equivalent security criteria. These evaluations shall be to a protection profile or security target.
§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
25.§ 5.3.25The MSA shall possess different Member State Key Pairs for the production of vehicle unit and tachograph card equipment public key certificates.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.3]
§ 7.3 Schlüsselverwendung [r7.9]
26.§ 5.3.26The MSA shall ensure availability of its equipment public key certification service.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.6]
27.§ 5.3.27The MSA shall only use the Member State Private Keys for:
a)
the production of Annex I(B) equipment key certificates using the ISO / IEC 9796-2 digital signature algorithm as described in Annex I(B) Appendix 11 Common Security Mechanisms [6];
b)
production of the ERCA key certification request as described in Annex A;
c)
issuing Certificate Revocation Lists if this method is used for providing certificate status information (see 5.3.30).
§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.4]
28.§ 5.3.28The MSA shall sign equipment certificates within the same device used to store the Member State Private Keys (see 5.3.2).§ 6 Schlüsselmanagement in der
D-CA (Absatz 2)
29.§ 5.3.29Within its domain, the MSA shall ensure that equipment public keys are identified by a unique key identifier which follows the prescriptions of Annex I(B) [6].§ 8.4 Zertifikatinhalte und -formate [r8.9]
30.§ 5.3.30Unless key generation and certification is performed in the same physically secured Environment, the key certification request protocol shall provide proof of origin and integrity of certification requests, without revealing the private key.§ 8 Zertifikatsmanagement [r8.3]
31.§ 5.3.31The MSA shall maintain and make certificate status information available.§ 8.5 Informationspflichten der
D-CA [r8.13]
32.§ 5.3.32The validity of a tachograph card certificate shall equal the validity of the tachograph card.§ 8.3 Zertifikatgültigkeit [r8.8]
33.§ 5.3.33The MSA shall prevent the insertion of undefined validity certificates into tachograph cards.§ 8.3 Zertifikatgültigkeit [r8.8]
34.§ 5.3.34The MSA may allow the insertion of undefined validity Member State certificates into vehicle units.§ 8.3 Zertifikatgültigkeit [r8.8]
35.§ 5.3.35The MSA shall ensure that users of cards are identified at some stage of the card issuing process.§ 5 Karten- und Gerätemanagement [r5.8]
§ 7.3 Schlüsselverwendung [r7.10]
36.§ 5.3.36The MSA shall ensure that ERCA is notified without delay of loss, theft, or potential compromise of any MSA keys.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.12]
37.§ 5.3.37The MSA shall implement appropriate disaster recovery mechanisms which do not depend on the ERCA response time.§ 6.2 Schlüsselpaar der D-CA
(MS.SK, MS.PK) [r6.6]
§ 9 Informations-Sicherheit [r9.13]
38.§ 5.3.38The MSA shall establish an information security
management system (ISMS) based on a risk assessment for all the operations involved.		§ 9.1 Informations-Sicherheitsmanagement (ISMS) [r9.1]
39.§ 5.3.39The MSA shall ensure that the policies address
personnel training, clearance and roles.		§ 9.2 Besondere Anforderungen an das Sicherheitskonzept [r9.5]
§ 9.3 Rollentrennung [r9.15]
40.§ 5.3.40The MSA shall ensure that appropriate records of certification operations are maintained.§ 9 Informations-Sicherheit [r9.10]
[r9.11] [r9.12]
41.§ 5.3.41The MSA shall include provisions for MSCA termination in the MSA Policy.§ 10.1 Verantwortlichkeit
42.§ 5.3.42The MSA Policy shall include change procedures.§ 12 Änderungen und Anpassungen der [r12.1]
43.§ 5.3.43The MSA audit shall establish whether the Requirements of this Section are being maintained.§ 11.1 D-CA [r11.1]
2. Paragraph
44.§ 5.3.44The MSA shall audit the operations covered by the approved policy at intervals of not more than 12 months.§ 11.1 D-CA [r11.1]
1. Paragraph
45.§ 5.3.45The MSA shall report the results of the audit as mentioned in 5.3.43 and provide the audit report, in English, to the ERCA.§ 11.1 D-CA [r11.3]
46.§ 5.3.46The audit report shall define any corrective actions, including an implementation schedule, required to fulfil the MSA obligations.§ 11.1 D-CA [r11.3]

BMVIBundesministerium für Verkehr und digitale Infrastruktur
CA-Administrator
BSIBundesamt für Sicherheit in der Informationstechnik
CAACA-Administrator
CA-RDer D-CA-Verantwortliche
CP-RDer D-CP-Verantwortliche
D-MSA-PolicyZertifizierungs-Policy der Bundesrepublik Deutschland für den elektronischen Fahrtenschreiber gemäß Anlage 11 des Anhangs I(B) VO (EG) 2135/98
Change
Management		Behandlung technischer, organisatorischer und/oder fachlicher Änderungen des Verfahrens
D-CADie Zertifizierungsstelle der Bundesrepublik Deutschland für den elektronischen Fahrtenschreiber gemäß der VO (EG) 3821/85, VO (EG) 2135/98 und VO (EG) 1360/2002, Kraftfahrt-Bundesamt.
Nach internationalem Sprachgebrauch (CA = certification authority)
D-CIAAntragsbearbeitende und Ausgabestelle für Tachografenkarten
D-CPKartenpersonalisierer. Stelle, die asymmetrische Schlüsselpaare und die gemäß VO (EG) 3821/85, VO (EG) 2135/98 und VO (EG) 1360/2002 zugehörigen Zertifikate auf die in der VO (EG) 2135/98 definierten Fahrer-, Werkstatt-, Kontroll- und Unternehmenskarten aufbringt.
D-MSADie für die Umsetzung der EU-Richtlinie in der Bundesrepublik Deutschland verantwortliche Stelle, BMVBS.
Nach internationalem Sprachgebrauch (MSA = Member State Authority)
Digitale SignaturVerfahren zur Sicherung der Unverfälschtheit (Integrität) und zum Herkunftsnachweis (Authentizität) eines elektronischen Dokuments mittels Anwendung der asymmetrischen Kryptographie.
ERCAEuropäische Route Zertifizierungsstelle
FEFahrzeugeinheiten nach Definition der VO (EG) 3821/85, VO (EG) 2135/98 und VO (EG) 1360/2002
ISMSInformations-Sicherheitsmanagement-System
ISSODer Sicherheitsbeauftragte
Nach internationalem Sprachgebrauch (ISSO = Information System Security Officer)
KartenpersonalisiererSiehe D-CP
KDRKey Distribution Request (Schlüssel-Auslieferungsantrag für den Hauptschlüssel des Weg-/Geschwindigkeitsgebers)
KMDer Key-Manager
Öffentlicher SchlüsselIn der asymmetrischen Kryptographie der öffentliche Teil eines Schlüsselpaars. Dieser dient meistens zur Verifizierung einer digitalen Signatur oder zur Verschlüsselung einer Nachricht.
PersonalisierungAuch: logische P. Einbringung von privaten/geheimen Schlüsseln und den zugehörigen Zertifikaten in Kontrollgerätkarten und Kontrollgeräte.
Diese ist zu unterscheiden von der optischen P. einer Karte, bei der Namen, Fotos u. Ä. auf den Kartenkörper aufgebracht werden.
Privater SchlüsselIn der asymmetrischen Kryptographie der private (geheime) Teil eines Schlüsselpaars. Dieser dient meistens zur Erzeugung einer digitalen Signatur oder zur Entschlüsselung einer Nachricht.
(s. auch Öffentlicher Schlüssel)
PSDas Practice Statement der D-CA, des D-CP, der Hersteller von Fahrzeugeinheiten und der Hersteller von Weg-/Geschwindigkeitsgebern, wie es in Kapitel 4 der D-MSA-Policy definiert ist.
Im internationalen Kontext ist dafür die Bezeichnung „Certification Practice Statement (CPS)“ gebräuchlich.
Root-CADie europäische Zertifizierungsstelle für den elektronischen Fahrtenschreiber gemäß der VO (EG) 3821/85, VO (EG) 2135/98 und VO (EG) 1360/2002.
Root-Policy„Digital Tachograph System – European Root Policy“ erstellt vom JRC in Ispra.
RSASpezielles Verfahren der asymmetrischen Kryptographie. Gemäß Anlage 11 des Anhangs I (B) der VO (EG) 2135/98 wird im elektronischen Fahrtenschreiber das RSA-Verfahren zur Erstellung digitaler Signaturen eingesetzt.
SysAdminDer Systemadministrator des D-CP
ZertifikatIn der asymmetrischen Kryptographie wird durch ein Z. die Bindung eines öffentlichen Schlüssels an eine im Z. bezeichnete Identität (Person, Organisation, Maschine usw.), die sich im Besitz des zugehörigen privaten Schlüssels befindet, bestätigt.
Im Kontext der D-MSA-Policy werden hierunter insbesondere die in Anlage 11 zum Anhang I (B) der VO (EG) 2135/98 definierten Zertifikate verstanden.
ZertifizierungsstelleStelle, die ein Zertifikat ausstellt. Im Kontext der VO (EG) 3821/85, VO (EG) 2135/98 und VO (EG) 1360/2002 existieren die Europäische Zertifizierungsstelle (Root-CA) und die Zertifizierungsstellen der Mitgliedstaaten (für Deutschland D-CA), die die für ihre Tätigkeit benötigten Zertifikate von der Root-CA erhalten.