iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/TR 23791:2019

(Main)

Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series

Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series

This document presents the assessment of the safety, security, competition, responsibilities, and data protection risks that can originate from the ISO 20078 series. In particular, the following risks are outside the scope of this assessment, because they relate to elements that are excluded from the scope of the ISO 20078 series: — the risks associated with the implementation of the ISO 20078 series; — the risks associated with the process that the accessing parties or any other parties would later on use to communicate the information they obtained; — the risks associated with the process used by the resource owner to provide, modify, or revoke their authorization to pass information; — the risks associated with the mitigation of the risks, should such a mitigation be necessary.

Véhicules routiers — Web services du véhicule étendu (ExVe) — Résultats de l'évaluation des risques de la série de normes ISO 20078

General Information

Status
Published
Publication Date
03-Sep-2019
ICS
43.040.15 - Car informatics. On board computer systems
Technical Committee
ISO/TC 22/SC 31 - Data communication
Drafting Committee
ISO/TC 22/SC 31/WG 6 - Extended vehicle/Remote diagnostics
Current Stage
6060 - International Standard published
Start Date
04-Sep-2019
Due Date
15-Oct-2021
Completion Date
15-Oct-2021
Ref Project

Relations

Consolidated By
ISO 3451-4:2024 - Plastics — Determination of ash — Part 4: Polyamides
Effective Date
03-Dec-2022
ISO/TR 23791:2019 - Road vehicles -- Extended vehicle (ExVe) web services -- Result of the risk assessment on ISO 20078 seriesISO/TR 23791:2019 - Road vehicles -- Extended vehicle (ExVe) web services -- Result of the risk assessment on ISO 20078 series
PreviousNext
Technical report
ISO/TR 23791:2019 - Road vehicles -- Extended vehicle (ExVe) web services -- Result of the risk assessment on ISO 20078 series
English language
39 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/TR
REPORT 23791
First edition
2019-09
Road vehicles — Extended vehicle
(ExVe) web services — Result of the
risk assessment on ISO 20078 series
Véhicules routiers — Web services du véhicule étendu (ExVe) —
Résultats de l'évaluation des risques de la série de normes ISO 20078
Reference number
©
ISO 2019
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 3
4 General result of the risk assessment . 3
5 Categories of the assessed risks . 3
6 Assessment of the risks r elated to the safety of the persons and the goods during
the ExVe life cycle . 3
6.1 Safety risks considered . 3
6.2 Analysis of the situation presented by the ISO 20078 series . 4
6.2.1 SAFE 1: Possible overload of the electronic system of the moving vehicle
(numerous requests) . . 4
6.2.2 SAFE 2: Possible overload of the electronic system of the moving vehicle
(frequent requests) . . . 4
6.2.3 SAFE 3: Possible overload of the electronic system of the moving vehicle
(unexpected requests) . 5
6.2.4 SAFE 4: Possible illicit or malicious remote control of vehicles . 5
6.2.5 SAFE 5: Lack of compatibility with the existing systems and mechanisms . 5
6.2.6 SAFE 6: Failures of the remote communication solution itself of the ExVe
(including the back-end system of the manufacturer) . 6
6.2.7 SAFE 7: Lack of consideration of the complete ExVe life cycle. 6
6.2.8 SAFE 8: Risks related to the design validation process . 6
6.2.9 SAFE 9: Lack of misuse prevention . 6
6.2.10 SAFE 10: Lack of, or inappropriate measures aiming at reducing the risks
in case of illicit or malicious remote control of vehicles. 7
6.3 Conclusion: Assessment of the safety risks possibly originating from the
ISO 20078 series . 7
7 Assessment of the risks associat ed to the security of the ExVe communication system .8
7.1 Security risks considered . 8
7.2 Analysis of the situation presented by the ISO 20078 series . 8
7.2.1 General considerations relative to the specification of the OAuth2 framework . 8
7.2.2 General consideration related to cybersecurity . 8
7.2.3 SEC 1: Risks related to integrity and authenticity. 8
7.2.4 SEC 2: Security risks at vehicle systems that are not located at the moving
vehicle . 9
7.2.5 SEC 3: Risks related to the consequences of a complete or partial
cybersecurity breach (this includes safety, security, competition,
confidentiality and data protection risks) . 9
7.2.6 SEC 4: Lack of misuse prevention measures . 9
7.3 Conclusion: Assessment of the security risks possibly originating from the
ISO 20078 series .10
8 Assessment of the risks associat ed to the fair competition among the concerned actors .10
8.1 Competition risks considered .10
8.2 Analysis of the situation presented by the ISO 20078 series .10
8.2.1 Involved actors .10
8.2.2 FAIR 1: Possible misuse of the acquired knowledge .11
8.2.3 FAIR 2: Possible gaining of unique knowledge of the market through
monitoring . .11
8.2.4 FAIR 3: Possible gaining of unique knowledge of the customer’s behaviour
through monitoring .12
8.2.5 FAIR 4: Competition risks among the involved parties .12
8.2.6 FAIR 5: Risk of excluding competitors from playing roles .12
8.2.7 FAIR 6: Risks related to the development of new after-sales applications .12
8.2.8 FAIR 7: Competition risks among manufacturers and/or vehicle
components (systems) suppliers . .13
8.3 Conclusion: Assessment of the competition risks possibly originating from the
ISO 20078 series .13
9 Assessment of the risks r elated to the responsibility of the concerned actors .13
9.1 Liability and responsibility .13
9.2 Analysis of the situation presented by the ISO 20078 series .14
9.3 Conclusion: Assessment of the risks related to the responsibility of the concerned
actors possibly originating from the ISO 20078 series .14
10 Assessment of the risks r elated to the protection of the resources owned by the
resource owner (data protection) .14
10.1 Data protection risks considered .14
10.2 Analysis of the situation presented by the ISO 20078 series .15
10.3 Conclusion: Assessment of the risks related to the protection of the resources
owned by the resource owner and possibly originating from the ISO 20078 series
(data protection risks).16
Annex A (informative) Assessment of safety risks .17
Annex B (informative) Assessment of security risks .26
Annex C (informative) Assessment of competition risks .29
Annex D (informative) Assessment of the risks related to responsibility and liability of the
concerned actors .35
Annex E (informative) Assessment of data protection risks.37
Bibliography .39
iv © ISO 2019 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,
Data communication.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 17987-3:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 3: Protocol specification

This document specifies the LIN protocol including the signal management, frame transfer, schedule table handling, task behaviour, status management, and commander and responder node. It contains also OSI layer 5 properties according to ISO 14229-7 UDSonLIN-based node configuration and identification services (SID: B016 to B816) belonging to the core protocol specification. A node (normally a commander node) that is connected to more than one LIN network is handled by higher layers (i.e. the application) not within the scope of this document.

  • Standard
    74 pages
    English language
    sale 15% off
  • Draft
    74 pages
    English language
    sale 15% off
  • Draft
    74 pages
    English language
    sale 15% off
ISO
ISO 17987-2:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 2: Transport protocol and network layer services

This document specifies a transport protocol and network layer services tailored to meet the requirements of LIN‑based vehicle network systems on local interconnect networks. The protocol specifies an unconfirmed communication. The LIN protocol supports the standardized service primitive interface as specified in ISO 14229-2. This document provides the transport protocol and network layer services to support different application layer implementations such as: — normal communication messages, and — diagnostic communication messages. The transport layer defines transportation of data that is contained in one or more frames. The transport layer messages are transported by diagnostic frames. A standardized API is specified for the transport layer. Use of the transport layer is targeting systems where diagnostics are performed on the backbone bus (e.g. CAN) and where the system builder wants to use the same diagnostic capabilities on the LIN sub-bus clusters. The messages are in fact identical to ones in ISO 15765-2 and the PDUs carrying the messages are very similar. The goals of the transport layer are: — to have low load on commander node, — to provide full (or a subset thereof) diagnostics directly on the responder nodes, and — to target clusters built with powerful LIN nodes (not the mainstream low cost).

  • Standard
    75 pages
    English language
    sale 15% off
ISO
ISO 17987-4:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 4: Electrical physical layer (EPL) specification 12 V/24 V

This document specifies the 12 V and 24 V electrical physical layers (EPL) of the LIN communications system. The electrical physical layer for LIN is designed for low-cost networks with bit rates up to 20 kbit/s to connect automotive electronic control units (ECUs). The medium that is used is a single wire for each receiver and transmitter with reference to ground. Annex A provides recommendations on the LIN physical layer peripheral interface design of type UART and frame controller for commander and responder nodes. This document includes the definition of electrical characteristics of the transmission itself and also the documentation of basic functionality for bus driver devices. This document also provides the physical layer definitions for nodes with LIN AA capabilities according to one of the procedures C, D and E. All parameters in this document are defined for the ambient temperature range from −40 °C to 125 °C.

  • Standard
    43 pages
    English language
    sale 15% off
ISO
ISO 17987-7:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 7: Electrical physical layer (EPL) conformance test specification

This document specifies the conformance test for the electrical physical layer (EPL) of the LIN communications system. The purpose of this document is to provide a standardised way to verify whether a LIN bus driver conforms to ISO 17987-4. The primary motivation is to ensure a level of interoperability of LIN bus drivers from different sources in a system environment. This document provides all the necessary technical information to ensure that test results are consistent even on different test systems, provided that the particular test suite and the test system are conformant to the content of this document.

  • Standard
    195 pages
    English language
    sale 15% off
ISO
ISO 17987-1:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 1: General information and use case definition

This document gives an overview of the structure and the partitioning of the ISO 17987 series. In addition, it outlines the use cases where the ISO 17987 series is used. The terminology defined in this document is common for all LIN communication systems and is used throughout the ISO 17987 series. This document has been established to define the use cases for LIN.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO 17987-6:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 6: Protocol conformance test specification

This document specifies the LIN protocol conformance test. This test verifies the conformance of LIN communication controllers with respect to ISO 17987-2 and ISO 17987-3. This document provides all necessary technical information to ensure that test results are identical even on different test systems, provided that the particular test suite and the test system are compliant to the content of this document. Annex A, Annex B and Annex C specify the protocol conformance test plans for responder nodes supporting auto addressing procedures according procedure C, procedure D or procedure E, see ISO 17987-3:2025, Annex C.

  • Standard
    104 pages
    English language
    sale 15% off
ISO
ISO 13209-4:2024(Main)
Road vehicles — Open Test sequence eXchange format (OTX) — Part 4: Expanded extensions interface definition

This document defines the Open Test sequence eXchange (OTX) additional extension requirements and data model specifications. The requirements are derived from the use cases described in ISO 13209-1. They are listed in Clause 4. The data model specification aims at an exhaustive definition of all features of the OTX extensions which have been implemented to satisfy the requirements. This document establishes rules for the syntactical entities of each extension. Each of these syntactical entities is accompanied by semantic rules which determine how OTX documents containing extension features are interpreted. The syntax rules are provided by UML[2] class diagrams and XML schemas, whereas the semantics are given by UML activity diagrams and prose definitions.

  • Standard
    457 pages
    English language
    sale 15% off
ISO
ISO 11898-1:2024(Main)
Road vehicles — Controller area network (CAN) — Part 1: Data link layer and physical coding sublayer

This document specifies the controller area network (CAN) data link layer (DLL) and the physical coding sub-layer (PCS). The CAN DLL features data fields of up to 2048 byte when the CAN extended data field length (XL) frame format is used. This document divides the CAN DLL into the logical link control (LLC) and the medium access control (MAC) sub-layers. The DLL’s service data unit (SDU), which interfaces the LLC and the MAC, is implemented by means of the LLC frame. The LLC frame also features the service data unit type (SDT) and the virtual CAN channel identifier (VCID), which provide higher-layer protocol configuration and identification information. How the higher-layer functions are handled is not specified in this document. There are five implementation options: 1) support of the CAN classic frame format only, not tolerating the CAN flexible data rate (FD) frame format; 2) support of the CAN classic frame format and tolerating the CAN FD frame format; 3) support of the CAN classic frame format and the CAN FD frame format; 4) support of the CAN classic frame format, the CAN FD frame format and the CAN XL frame format; 5) support of the CAN FD frame format for CAN FD light responders (Annex A). NOTE Nodes of the first option can communicate with nodes of the third and fourth option when only the CAN classic frame format is used. Nodes of the first option cannot communicate with nodes of the fifth option: any attempt at communication generates error frames. Therefore, new designs implementing the fourth option can communicate with all other nodes.

  • Standard
    82 pages
    English language
    sale 15% off
ISO
ISO 15765-2:2024(Main)
Road vehicles — Diagnostic communication over Controller Area Network (DoCAN) — Part 2: Transport protocol and network layer services

This document specifies a transport and network layer protocol with transport and network layer services tailored to meet the requirements of CAN-based vehicle network systems on controller area networks as specified in ISO 11898-1. The diagnostic communication over controller area network (DoCAN) protocol supports the standardized abstract service primitive interface as specified in ISO 14229-2 (UDS). This document supports different application layer protocols such as: — enhanced vehicle diagnostics (emissions-related system diagnostics beyond legislated functionality, non-emissions-related system diagnostics); — emissions-related on-board diagnostics (OBD) as specified in the ISO 15031 series and SAE J1979 series; — world-wide harmonized on-board diagnostics (WWH-OBD) as specified in the ISO 27145 series; and — end of life activation of on-board pyrotechnic devices (the ISO 26021 series). The transport protocol specifies an unconfirmed communication. NOTE This document does not determine whether CAN CC, CAN FD or both are recommended or required to be implemented by other standards referencing this document.

  • Standard
    47 pages
    English language
    sale 15% off
ISO
ISO 11898-2:2024(Main)
Road vehicles — Controller area network (CAN) — Part 2: High-speed physical medium attachment (PMA) sublayer

This document specifies physical medium attachment (PMA) sublayers for the controller area network (CAN). This includes the high-speed (HS) PMA without and with low-power mode capability, without and with selective wake-up functionality. Additionally, this document specifies PMAs supporting the signal improvement capability (SIC) mode and the FAST mode in Annex A. The physical medium dependent (PMD) sublayer is not in the scope of this document.

  • Standard
    64 pages
    English language
    sale 15% off