diff --git a/src/config.c b/src/config.c
index 55442e6..d5891ff 100644
--- a/src/config.c
+++ b/src/config.c
@@ -341,8 +341,10 @@ int facilities_config() {
 
     // TPM
     facilities.tolling.enabled = config->facilities.tpm.activate;
-    if (!strcmp("simple", config->facilities.tpm.protocol)) {
-        facilities.tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
+    if (!strcmp("gn-spki", config->facilities.tpm.protocol)) {
+        facilities.tolling.protocol.p = TOLLING_PROTOCOL_GN_SPKI;
+    } else if (!strcmp("gn-dpki", config->facilities.tpm.protocol)) {
+        facilities.tolling.protocol.p = TOLLING_PROTOCOL_GN_DPKI;
     } else if (!strcmp("tls", config->facilities.tpm.protocol)) {
         facilities.tolling.protocol.p = TOLLING_PROTOCOL_TLS;
     } else if (!strcmp("tls-gn", config->facilities.tpm.protocol)) {
@@ -350,8 +352,8 @@ int facilities_config() {
     } else if (!strcmp("tls-shs", config->facilities.tpm.protocol)) {
         facilities.tolling.protocol.p = TOLLING_PROTOCOL_TLS_SHS;
     } else {
-        log_error("[config] unrecognized tolling protocol, defaulting to 'simple'");
-        facilities.tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
+        log_error("[config] unrecognized tolling protocol, defaulting to 'gn-spki'");
+        facilities.tolling.protocol.p = TOLLING_PROTOCOL_GN_SPKI;
     }
     facilities.tolling.station.obu.client_id = config->facilities.tpm.client_id;
 
diff --git a/src/saem.c b/src/saem.c
index 6933fdd..fd9c18e 100644
--- a/src/saem.c
+++ b/src/saem.c
@@ -203,7 +203,8 @@ static int mk_saem(uint8_t* b_saem, uint32_t* b_saem_len) {
         ServiceInfoExts_t* exts = saem->sam.body.serviceInfos->list.array[i]->chOptions.extensions;
 
         switch (facilities.tolling.protocol.p) {
-            case TOLLING_PROTOCOL_SIMPLE:
+            case TOLLING_PROTOCOL_GN_SPKI:
+            case TOLLING_PROTOCOL_GN_DPKI:
                 exts->list.count = 3;
                 exts->list.size = 3 * sizeof(void*);
                 exts->list.array = malloc(3 * sizeof(void*));
@@ -211,7 +212,7 @@ static int mk_saem(uint8_t* b_saem, uint32_t* b_saem_len) {
                 exts->list.array[0] = calloc(1, sizeof(ServiceInfoExt_t));
                 exts->list.array[0]->present = ServiceInfoExt_PR_providerServiceContext;
                 
-                char ctx_s[] = "tolling:simple";
+                char ctx_s[] = "tolling:gn";
                 exts->list.array[0]->choice.providerServiceContext.size = strlen(ctx_s);
                 exts->list.array[0]->choice.providerServiceContext.buf = malloc(strlen(ctx_s));
                 memcpy(exts->list.array[0]->choice.providerServiceContext.buf, ctx_s, strlen(ctx_s));
@@ -399,7 +400,7 @@ void *sa_service() {
                 bulletin->to_consume[a]->its_aid == 1 && 
                 (
                     now > bulletin->to_consume[a]->t_trigger + TOLLING_PAYMENT_MIN_PERIOD_MS || 
-                    (facilities.tolling.protocol.p == TOLLING_PROTOCOL_SIMPLE && tpm_should_retransmit())
+                    ((facilities.tolling.protocol.p == TOLLING_PROTOCOL_GN_SPKI || facilities.tolling.protocol.p == TOLLING_PROTOCOL_GN_DPKI) && tpm_should_retransmit())
                 ) &&
                 facilities.station_type != 15) {
 
@@ -410,7 +411,8 @@ void *sa_service() {
                 }
 
                 switch (facilities.tolling.protocol.p) {
-                    case TOLLING_PROTOCOL_SIMPLE:
+                    case TOLLING_PROTOCOL_GN_SPKI:
+                    case TOLLING_PROTOCOL_GN_DPKI:
                         tpm_pay(info, &security_socket, bulletin->to_consume[a]->certificate_id, NULL);
                         ++bulletin->to_consume[a]->n_trigger;
                         bulletin->to_consume[a]->t_trigger = now;
diff --git a/src/tpm.c b/src/tpm.c
index 6ac8301..ce2102d 100644
--- a/src/tpm.c
+++ b/src/tpm.c
@@ -203,7 +203,7 @@ int tpm_pay(tolling_info_t* info, void** security_socket, uint8_t* neighbour, ui
         goto cleanup;
     }
 
-    if (tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE) {
+    if (tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) {
         // Sign
         sreq = calloc(1, sizeof(SecurityRequest_t));
         sreq->present = SecurityRequest_PR_sign;
@@ -263,7 +263,8 @@ int tpm_pay(tolling_info_t* info, void** security_socket, uint8_t* neighbour, ui
     uint64_t id = 0;
 
     switch (facilities.tolling.protocol.p) {
-        case TOLLING_PROTOCOL_SIMPLE:
+        case TOLLING_PROTOCOL_GN_SPKI:
+        case TOLLING_PROTOCOL_GN_DPKI:
             tr->choice.packet.present = TransportPacketRequest_PR_btp;
             BTPPacketRequest_t* bpr = &tr->choice.packet.choice.btp;
 
@@ -377,7 +378,8 @@ int tpm_pay(tolling_info_t* info, void** security_socket, uint8_t* neighbour, ui
     }
 
     itss_queue_send(facilities.tx_queue, buf1, enc.encoded+1, ITSS_TRANSPORT, id, 
-            tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE ? "TR.packet.btp" : "TR.packet.tcp");
+            (tolling->protocol.p == TOLLING_PROTOCOL_GN_SPKI || tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) 
+                ? "TR.packet.btp" : "TR.packet.tcp");
 
     // Retransmission
     uint64_t now = itss_ts_get(TIME_MICROSECONDS);
@@ -567,7 +569,8 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
     tolling_t* tolling = &facilities.tolling;
 
     switch (tolling->protocol.p) {
-        case TOLLING_PROTOCOL_SIMPLE:
+        case TOLLING_PROTOCOL_GN_SPKI:
+        case TOLLING_PROTOCOL_GN_DPKI:
             log_info("[tolling] received toll %s.request | client: %lld (certificate id: 0x%02x%02x%02x) nonce: %lld", 
             tts(type_rx->present),
             (long long) client_id, 
@@ -594,7 +597,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
     FacilitiesIndication_t* fi = NULL;
     TPM_t* tpm = NULL;
 
-    if (tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE) {
+    if (tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) {
 
         if (!tpm_rx->tpmSignature) {
             log_error("[tolling] in simple mode but TPM without signature received");
@@ -845,7 +848,8 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
 
     // [transport] request (TR)
     switch (tolling->protocol.p) {
-        case TOLLING_PROTOCOL_SIMPLE:
+        case TOLLING_PROTOCOL_GN_SPKI:
+        case TOLLING_PROTOCOL_GN_DPKI:
             tr->choice.packet.present = TransportPacketRequest_PR_btp;
             BTPPacketRequest_t* bpr = &tr->choice.packet.choice.btp;
 
@@ -956,7 +960,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
     }
 
     itss_queue_send(facilities.tx_queue, buf1, enc.encoded+1, ITSS_TRANSPORT, id, 
-            tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE ? "TR.packet.btp" : "TR.packet.tcp");
+            (tolling->protocol.p == TOLLING_PROTOCOL_GN_SPKI || tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) ? "TR.packet.btp" : "TR.packet.tcp");
 
     // Logging 
     if (facilities.logging.dbms) {
@@ -1106,7 +1110,7 @@ static void veh_handle_recv(tolling_t* tolling, TPM_t* tpm_rx, void** security_s
     }
 
     bool accepted = true;
-    if (tolling->protocol.p == TOLLING_PROTOCOL_SIMPLE) {
+    if (tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) {
         // Verify
         sreq = calloc(1, sizeof(SecurityRequest_t));
         sreq->present = SecurityRequest_PR_verify;
diff --git a/src/tpm.h b/src/tpm.h
index 4c7cfda..05c3936 100644
--- a/src/tpm.h
+++ b/src/tpm.h
@@ -16,7 +16,8 @@
 #define TOLLING_CLIENT_LIFETIME_MS 300000
 
 typedef enum TOLLING_PROTOCOL {
-    TOLLING_PROTOCOL_SIMPLE,
+    TOLLING_PROTOCOL_GN_SPKI,
+    TOLLING_PROTOCOL_GN_DPKI,
     TOLLING_PROTOCOL_TLS,
     TOLLING_PROTOCOL_TLS_GN,
     TOLLING_PROTOCOL_TLS_SHS