Electronic fee collection — Requirements for EFC application interfaces on common media

This document defines requirements to support information exchanges among related entities of a common payment scheme. It defines: a) electronic fee collection (EFC) functional requirements for a common payment medium; b) an application structure in a common payment medium; c) EFC application data in a common payment medium. The following are outside the scope of this document: — requirements and data definitions for any other transport services such as public transport; — a complete risk assessment for an EFC system using a common payment medium; — security issues arising from an EFC application among all transport services; — the technical trust relationship between a CSRP and a service user; — concrete implementation specifications for implementation of security for an EFC system; — detailed specifications required for privacy-friendly EFC implementations; — any financial transactions of the CSRP.

Perception du télépéage — Exigences relatives aux interfaces d'application de télépéage sur média commun

General Information

Status
Published
Publication Date
30-Sep-2019
Current Stage
9060 - Close of review
Start Date
04-Jun-2026
Ref Project

Buy Standard

Technical specification
ISO/TS 21193:2019 - Electronic fee collection -- Requirements for EFC application interfaces on common media
English language
40 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/TS
SPECIFICATION 21193
First edition
2019-10
Electronic fee collection —
Requirements for EFC application
interfaces on common media
Perception du télépéage — Exigences relatives aux interfaces
d'application de télépéage sur média commun
Reference number
ISO/TS 21193:2019(E)
©
ISO 2019

---------------------- Page: 1 ----------------------
ISO/TS 21193:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 21193:2019(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 3
5 Requirements for a common payment medium . 4
5.1 Requirements for EFC architecture . 4
5.2 EFC functional requirements . 5
6 Application structure in a common payment medium . 9
7 EFC application data in a common payment medium . 9
7.1 General . 9
7.2 EFC attribute data for a common payment medium .10
7.3 Additional EFC attribute data .11
7.3.1 Data group RECEIPT .11
7.3.2 Data group PAYMENT .12
Annex A (normative) Data type specifications .14
Annex B (normative) Implementation conformance statement (ICS) pro forma .15
Annex C (informative) Common payment medium concept .19
Annex D (informative) Application structure examples in common payment medium .21
Annex E (informative) General information for common payment medium and OBE .23
Annex F (informative) System migration .25
Annex G (informative) Reloading system for pre-payment medium in Korean ETC .28
Annex H (informative) EFC security requirements for common payment medium and EFC
scheme .36
Bibliography .39
© ISO 2019 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 21193:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 21193:2019(E)

Introduction
Transportation network improvement, including road and railway, is essential to drive economic
growth. Integrated transport service has been aimed at topics such as user convenience, transport
safety, reliability, efficiency and availability. For example, a traffic manager can find which kinds of
improvements are needed to relieve traffic bottlenecks by analysing user transport flows in a transport
system considered as a whole.
It is usually necessary to use different transport services to transfer people or goods from origin to
destination. Sometimes, using different transport services in the same trip becomes cumbersome when
transport services are operated by different operators, e.g. bad interconnections between different
transport modes due to user needs to search and compare transportation modes, need for separate
charging or payment for the transport services used. The connections between different transport
modes and the means to achieve seamless travel are improving with the use of information and
communication technologies (ICT).
ISO/TR 19639 investigated case studies on the use of a common payment medium when combining
public transport services and road services, based on the use of a common payment schema. This
common payment schema is further categorised into integrated central accounts and integrated on-
board accounts.
ISO/TR 19639 concluded by stating the need for new electronic fee collection (EFC) standards to
support on-board integrated accounts, among which is an application interface between the common
payment medium and the common service rights provider (CSRP). The background of on-board
accounts in EFC are:
— Operational methods of EFC systems might be different due to regional and local circumstances. EFC
systems can be classified into central accounts and on-board accounts, using a common payment
medium, which are widely adopted in Asian countries.
— On-board account payment media are commonly used for public transport in several countries, e.g.
Singapore, Malaysia and China.
— Central payment accounts are considered one of the common service rights methods explained in
ISO/TR 20526, whereas the EFC standards are currently predominantly based on a central account.
— A convergence on the usage of on-board account for both EFC systems and public transport should
be considered.
This document describes an EFC application as one type of transport service specific application and
the application interface requirements for a common service rights application. A common service
rights application is explained in informative Annex C of this document for understanding a common
payment scheme based on this concept as shown in Figure 1.
© ISO 2019 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/TS 21193:2019(E)

Figure 1 — Common payment medium concept for EFC scheme
Arrow lines (4) labelled 'money' and 'e-money' are monetary flows and out scope of this document.
Arrow line (2) labelled 'Transport service' is not an ICT interface but a physical transport service.
Other arrow lines are in the scope of ISO/TC 204 (EFC and public transport standards) and the thick
arrow line between common payment medium and OBE is within the scope of this document.
This document will extend the set of EFC standards to allow provisions for multi-modal transport
services by using a common payment medium.
This document defines among others, the role and responsibilities of a CSRP. The CSRP provides
a common payment medium for enabling use of EFC, a public transport service and retail shopping
service to service users with one account. CSRP may provide the usage record of user's multi modal
transport trip as a form of customer service.
This document contains a number of annexes. Data type specifications are given in Annex A, an
implementation conformance statement (ICS) proforma is given in Annex B. The common payment
medium concept for any transport service is presented in Annex C. General kinds of application
structure in a medium are presented in Annex D. General requirements from medium relating standards
is presented in Annex E. A typical system migration method and technical solution supporting medium
upgrading are presented in Annex F. Examples of reloading types and transactions are presented in
Annex G. The EFC security requirements for a common payment medium are presented in Annex H
based on EFC functional requirements.
The scope of this document includes an EFC application interface for a common payment medium as
shown in Figure 2, as well as the role and responsibilities of a Common Service Rights Provider (CSRP).
NOTE Figure 2 explains the relation of CSRP among related sectors including EFC. E-money is exchanged
between the Transport Service Provider (TSP) in the EFC sector and the CSRP. E-money is exchanged between
retail in the commerce sector and the CSRP.
vi © ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/TS 21193:2019(E)

Figure 2 — Scope within the EFC computational architecture
© ISO 2019 – All rights reserved vii

---------------------- Page: 7 ----------------------
TECHNICAL SPECIFICATION ISO/TS 21193:2019(E)
Electronic fee collection — Requirements for EFC
application interfaces on common media
1 Scope
This document defines requirements to support information exchanges among related entities of a
common payment scheme. It defines:
a) electronic fee collection (EFC) functional requirements for a common payment medium;
b) an application structure in a common payment medium;
c) EFC application data in a common payment medium.
The following are outside the scope of this document:
— requirements and data definitions for any other transport services such as public transport;
— a complete risk assessment for an EFC system using a common payment medium;
— security issues arising from an EFC application among all transport services;
— the technical trust relationship between a CSRP and a service user;
— concrete implementation specifications for implementation of security for an EFC system;
— detailed specifications required for privacy-friendly EFC implementations;
— any financial transactions of the CSRP.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14906:2018, Electronic fee collection — Application interface definition for dedicated short-range
communication
ISO 17573-1:2019, Electronic fee collection — System architecture for vehicle-related tolling — Part 1:
Reference model
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
central account
payment means (3.11) or common service rights in an electronic fee collection (EFC) system, stored in a
central system
© ISO 2019 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/TS 21193:2019(E)

3.2
common service rights
rights to use services offered by several toll domains or more than one transport mode
EXAMPLE Usage allowance for a number of trips or for a certain time span.
3.3
common service rights provider
CSRP
entity providing common service rights (3.2) to the service user
3.4
EFC architecture
description of the key elements of an electronic fee collection (EFC) system, their functions and
interrelationships
3.5
electronic money
e-money
value having its equivalence in real money, electronically stored, e.g. in a bank account or an IC-card,
which can be used by the user for payments
3.6
fare collection regime
set of rules, including enforcement rules, governing the fare system in the public transport domain
3.7
integrated circuit card
IC card
ICC
card with electronic components performing processing or memory functions with the capability to
communicate with an interrogator
Note 1 to entry: Contact IC cards are specified in the ISO/IEC 7816 series of standards, contactless proximity
IC cards are specified in the ISO/IEC 14443 series of standards, contactless near-field communication IC cards
are specified in ISO/IEC 18092 and ISO/IEC 21481, whereas contactless vicinity IC cards are specified in the
ISO/IEC 15693 series of standards.
Note 2 to entry: All references to an IC card are understood to be references to the IC of the card and not to any
other storage on the card (e.g. magnetic stripe).
3.8
issuer
entity responsible for issuing the payment means (3.11) to the user
3.9
multi-modal transport
the transportation performed with at least two different means of transport
3.10
on-board account
payment means (3.11) or common service rights (3.2) in an electronic fee collection (EFC) system, stored
on-board either in a payment medium (3.12) (e.g. IC card) or in an on-board equipment
3.11
payment means
value in an on-board account (3.10) (e.g. cash, tokens or stored electronic values) or a reference to a
central account (3.1) (e.g. a fleet card, bank account, credit card number or a contract ID) that gives the
user access to available services
2 © ISO 2019 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 21193:2019(E)

3.12
payment medium
carrier of payment means (3.11)
EXAMPLE Paper ticket, IC-card, smart phone.
3.13
public transport services
shared passenger transport service which is available for use by the public
EXAMPLE Bus, tram, train.
3.14
sensitive EFC data
EFC related data, either the data itself or combined with other EFC related data, that could be used for
identifying an EFC user
3.15
toll regime
set of rules, including enforcement rules, governing the collection of a toll in a toll domain
[SOURCE: ISO 17573-1:2019, 3.18]
3.16
transaction model
functional model describing the structure of electronic payment transactions
[SOURCE: ISO 14906:2018, 3.17]
4 Symbols and abbreviated terms
CSR Common Service Rights
CSRP Common Service Rights Provider
DSRC Dedicated Short-Range Communications
EFC Electronic Fee Collection
ETC Electronic Toll Collection
OBE On-Board Equipment
PCI DSS Payment Card Industry Data Security Standard
PT Public Transport
RSE Roadside Equipment
RSU Roadside Unit
SAM Secure Access Module
SLA Service Level Agreement
SU Service User
TC Toll Charger
TSP Transport Service Provider
© ISO 2019 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO/TS 21193:2019(E)

5 Requirements for a common payment medium
5.1 Requirements for EFC architecture
Any EFC architecture using a common payment medium shall comply with the EFC Roles model defined
in ISO 17573-1. The relation of role and responsibility of the "Provision of common service rights" and
the EFC role model described in ISO 17573-1 is shown in Figure 3 when enabling interoperability with
any transport services. The role of a common service rights provision includes a part of EFC function for
EFC regime. As an example, the EFC transaction data described in ISO 14906 and ISO 17575-1 include
account information stored in the common payment medium. The EFC role model belongs to the tolling
domain and the "Provision of the common service rights" role belongs to another domain, but the two
domains are linked together by the use of common service rights in EFC.
NOTE ISO 17573-1 also explains how any EFC-specific common payment medium is used when there is no
interoperability with other transport services.
Figure 3 — EFC role model with provision of common service rights
The role related to CSRP is responsible for providing the basic artefacts, mechanism, organizational
structure, and information transfer tools needed to integrate an interoperable EFC system into a multi-
modal transport system.
Responsibilities related to this role are only restricted to CSRP and include:
— providing basic provision, including
— providing a common payment medium,
— guaranteeing that the entity performing the charging of the transport service rights role will be
paid for it,
— providing the common service rights to the user or accepting an existing one,
— collecting the money from the signer of the EFC service contract and performing reloading
transaction for common payment medium,
— collecting all transport service transactions, clearing and distributing the money to the
Transport Service Provider (TSP),
— managing the customer relationships related to the use of the transport service concerning
information, claims, questions and answers, error handling and any contractual or financial
matters,
— implementing and adhering to the security and privacy policies for the transport systems, and
4 © ISO 2019 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/TS 21193:2019(E)

— monitoring the actual operational quality relative to agreed service level agreements (SLAs);
— acting as a contract agent, including
— offering contractual relations according to defined conditions to interested users and concluding
contractual agreements, and
The user needs to contract both use of OBE and use of common payment medium for EFC service.
— providing and managing the transport service contract including the service rights for the toll
service user;
— customizing the common payment medium, including
— customizing the common payment medium in a secure way;
— maintaining the common payment medium, including
— maintaining the functionality of the common payment medium,
— maintaining the hot listing of the common payment medium, and
— performing the refund of values stored on the common payment medium.
A common service right provider may make requirements to the TSP such as protecting some data,
security keys and so on for the TSP, toll service provider in an EFC environment.
5.2 EFC functional requirements
While an OBE is generally related to a vehicle, a common payment medium can be carried by the owner/
user also for use outside a vehicle. This means that the common payment medium should be considered
from the following points of view:
— Enabling the use in all transaction models, for payment modes (pre-pay and/or post pay) and
applying security requirements.
— Enabling the use of the EFC service with an OBE.
NOTE Enabling flexible EFC operation both with OBE and without OBE.
— Enabling confirmation of account information and usage record of service as basic user services.
Based on these viewpoints, requirements are derived for support of a common payment medium, as
shown in Table 1.
© ISO 2019 – All rights reserved 5

---------------------- Page: 12 ----------------------
ISO/TS 21193:2019(E)

Table 1 — Basic EFC functional requirements
Functional EFC function item Functional requirement for a common
areas payment medium
Transaction types Closed Toll - Entry Transaction — Common payment medium shall be usable for all
transaction types with OBE
Closed Toll - Exit Transaction
— Common payment medium shall store EFC
Open Toll Transaction
contract information
Transit Transaction
— Common payment medium shall securely store
Checking Transaction
a minimum of 3 usage log entries including
Purse Reloading Transaction
transaction type and date and time for use of a
service
— Common payment medium shall store the entry
a
data for closed tolling system with OBE
Payment types Central Account — Common payment medium shall be usable for all
payment types
On-Board Account
— Common payment medium shall be usable for
Pre-Payment
common payment among transport services
Post-Payment
— Common payment medium shall be usable for
Electronic Purse Based Payment
reloading transaction if user signed a contract
Token Based Payment
'Open'(multiple service) Payment
System
'Closed'(single service) Payment
System
No/Zero Payment
Refunding
Contract types Area Dependent Contract — Common payment medium shall be usable for all
contract types
Time Dependent Contract
— Common payment medium shall be usable with
Vehicle Dependent Contract
OBE for vehicle dependent contract since vehicle
Person Dependent Contract
information is stored in OBE. Otherwise RSE shall
detect vehicle information for this contract when
Group of Persons Dependent
only common payment medium is used.
Contract
Anonymous Contract
Contract Contract Selection — Common payment medium shall be able to store
b
handling multiple contract information if necessary
Implicit Contract
Explicit Contract
Multiple Simultaneous Contracts
a
This also enables performing flexible EFC operations both with OBE and without OBE.
b
Multiple application access method is defined in ISO/IEC 7816-4.
6 © ISO 2019 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/TS 21193:2019(E)

Table 1 (continued)
Functional EFC function item Functional requirement for a common
areas payment medium
Security One Way Authentication — Common payment medium shall implement the
mechanism required security function(s)
Two Way Authentication
— Common service right provider as a common
Data Integrity Mechanism
payment medium issuer shall provide secure
No Specific Security
processing environment to toll service provider
Segment Integrity Mechanism
Signature Based Mechanism
Time/Event Based Mechanism
Password-based Access Mechanism
Encryption Mechanism
Operational Different gantries configurations — Operational requirements when a common
issues payment medium is used in EFC shall be
Different lane configurations
considered before implementation
OBE components addressing
— Common payment medium shall store Version
Alert/Warning information to the
Handling Mechanism
customer
— Common payment medium shall be able to be used
Dynamic classification
for Multi-Application Handling
Declared classification
— Common payment medium shall store a minimum
OBE Transaction Release
of 3 usage log entries including transaction type
and date and time for the use of a service
OBE Remote Switch Off
Version Handling Mechanism
— Common payment medium shall prevent
manipulating the road usage data by user
OBE Capability Handling Mechanism
Multi-Application Handling
Tariffing schemes Distance Dependent — Tariffing schemes shall be considered whenever
a common payment medium stores parameters
Time Dependent
corresponding to the tariff
Vehicle Dependent
Event Dependent
Fixed
Combined tariffing Scheme
a
This also enables performing flexible EFC operations both with OBE and without OBE.
b
Multiple application access method is defined in ISO/IEC 7816-4.
The requirements on the common payment medium relating to Payment Card Industry Data Security
Standard (PCI DSS) should also be considered as a part of EFC functional requirements. PCI DSS is the
security standard of the card industry that was developed for cardholder data protection including
technical requirements. Technical requirements relating to an EFC system using a common payment
medium are derived from a part of the 12 categories of requirements in PCI DSS. These are described in
Table 2.
No actor in an EFC system needs to be certified as PCI DSS compliant.
© ISO 2019 – All rights reserved 7

---------------------- Page: 14 ----------------------
ISO/TS 21193:2019(E)

Table 2 — Requirements of PCI DSS for EFC function requirements
Functional PCI DSS requirement Functional requirement for common
areas payment medium
Data protection — Keep cardholder data storage to a minimum — Primary account number (PAN), shall
by implementing data retention and disposal be secured with strong encryption
policies, procedures and processes
— EFC system shall store necessary and
— Do not store sensitive authentication data minimalized personal account data
after authorization (even if encrypted) for operation, not store it if not used
— Mask primary account number (PAN) when — EFC system shall not store sensitive
displayed (first six and last four digits are authentication data after used
the maximum displayed)
— Render PAN unreadable anywhere it
is stored (including on portable digital
medium, backup medium, and in logs) by
using any of the approaches
Cryptographic key — Document and implement procedures to — Key lifecycle management, kind of
management protect keys used to secure stored cardholder key and key generation
data against disclosure and misuse
— Key updating method, on-line and
— Fully document and implement all key- off-line, secure transmission, key
management processes and procedures for switching during operation
cryptographic keys used for encryption of
— Secure key storage in hard and soft
cardholder data, including the following:
— List management, quantity of list,
— Generation of strong cryptographic keys
updating method, ensuring real-time
— Secure cryptographic key distribution
— Secure cryptographic key storage
— Cryptographic key changes for keys
— Retirement or replacement of keys
— If manual key management operations are
used, keys must be managed using split
knowledge and dual control
— Prevention of unauthorized substitution of
cryptographic keys
— Requirement for cryptographic key
custodians
Transmission — Use strong cryptography and security — Sensitive EFC data such as cardholder
of sensitive EFC protocols to safeguard sensitive cardholder data and PAN shall be encrypted
data data during transmission over open, public using strong cryptography at
networks, including the following: air interfac
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.