Dossierholder BCT

The Dossierholder BCT issues so-called smartcards for use with the onBoard Computer Taxi (BCT).

These onboardcomputercards are issued with certificates from the hierarchy of the Public Key Infrastructure of the Dutch government (PKIoverheid). The onboardcomputercards are used to gain access to the onBoard Computer Taxi and to digitally sign the data gathered by the BCT.

Organisation and Certification

The Dossierholder BCT is not an independent Trust Service Provider (TSP) under PKIoverheid, but is part of the central TSP of the Ministry of Infrastructure and Water Management.

The Trust Service Provider (TSP) enables the issuance of certificates from the PKIoverheid hierarchy by divisions of the Ministry. To this end the TPS of the Ministry has realised a management system that has been certified against the ETSI EN 319 411-2 en ETSI EN 319 411-1 standards.

As part of this TSP the Dossierholder BCT has also been certified against the ETSI EN 319 411-2 and ETSI EN 319 411-1 standards.

Terms and conditions and other documentation

Certification practices, terms and conditions

The issuance and use of the cards are bound by both rights and obligations. For instance only a taxidriver that meets certain criteria can request a Driverscard. The following information on the issuance and use of onboardcomputercards is available mainly in Dutch:

Other documentation

The following documentation is relevant for manufacturers of onboard computers.

CA certificates and CRL's

The Dossierholder BCT issues two types of card. These are onboardcomputercards and systemcards. The onboardcomputercards are used by the different users of the onboard computer, while the systemcard is used by the device itself. The certificates on both types of card have their own Certification Authority (CA) hierarchy.

To verify the validity of a certificate requires at least the following checks are required:

  • the certificate must not be expired;
  • the CA hierarchy must lead to a valid PKIoverheid root CA certificate;
  • the certificate must not be revoked i.e. the certificate serialnumber must not be listed on the so called Certificate Revocation List (CRL).

Below the download links of CA certificates and CRL's are listed both for the G3 and G2 generation.

CA Certificates generation G3

Root CA (all card types)

CA certificates Taxidriver and Inspection cards

CA certificates Entrepreneur and Examination cards

CA certificates systemcards

CRL's generation G3

Generation G2

Onboardcomputercards

The complete CA hierarchy of G2 onboardcomputercards is as follows:

Revoked G2 onboardcomputercards are listed on this Certificate Revocation List (CRL).

Systemcards

The complete CA hierarchy of G2 systemcards is as follows:

Revoked G2 systemcards are listed on this Certificate Revocation List (CRL).

Responsible Disclosure

If you discover a weak spot in one of the ICT systems of the Ministry of Infrastructure and Water Management, let us know before you make this known to the outside world. We can then take measures first. We call this method 'responsible disclosure'.

The Ministry of Infrastructure and Water Management makes use of the facilities described on Rijksoverheid.nl. For more information, see for example how to make a report and the further conditions on the 'Responsible Disclosure' page of Rijksoverheid.nl.