ISO/IEC 15045-3-1:2024

ISO/IEC 15045-3-1
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Home Electronic System (HES) gateway –
Part 3-1: Privacy, security, and safety – Introduction

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC 15045-3-1
Edition 1.0 2024-12
INTERNATIONAL
STANDARD
colour
inside
Information technology – Home Electronic System (HES) gateway –

Part 3-1: Privacy, security, and safety – Introduction

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.200; 35.240.99 ISBN 978-2-8327-0002-0

– 2 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
0.1 Overview. 6
0.2 Relation to existing work . 6
0.3 Relevant affected stakeholder categories . 7
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviated terms . 9
3.1 Terms and definitions . 9
3.2 Abbreviated terms . 11
4 Conformance . 11
5 Protection of privacy, security, and safety . 11
5.1 Privacy, security and safety concepts and principles in the HES gateway . 11
5.2 Structural protections provided by the HES gateway system . 11
5.3 Interface and application services protections . 12
5.3.1 Key concepts, principles and practices . 12
5.3.2 HES concept. 12
5.3.3 HES gateway concept . 12
5.3.4 Interface module concept . 13
5.3.5 Service module concept . 13
5.3.6 Application platform concept . 13
5.3.7 Internal communication bus concept . 13
5.3.8 DSS principle and practice. 13
5.4 Operational protections . 14
5.5 Risk management . 14
5.5.1 Overview . 14
5.5.2 Risk assessment . 14
5.5.3 Risk treatment . 27
5.6 Privacy, security, and safety guidelines and requirements . 28
5.6.1 Privacy-by-design approach . 28
5.6.2 External services non-reliance principle and practice . 28
5.6.3 Use of wireless or shared media principle and practice . 28
5.6.4 Privacy best practice . 29
5.6.5 Privacy next best practice . 29
5.6.6 Online update vulnerability principle . 29
5.6.7 Online OS update vulnerability principle . 29
5.6.8 "Social engineering" vulnerability principle . 29
5.6.9 Privacy-by-design principle and practice . 29
5.6.10 User priority principle . 29
5.6.11 Fail-safe principle . 30
5.6.12 Precautionary principle . 30
5.6.13 Normal accident principle . 30
5.6.14 Privacy principles . 30
5.6.15 Watchdog practice . 30
5.6.16 Redundancy principle . 30
6 Common services . 30

6.1 Common services . 30
6.2 Binding map . 31
6.3 HES gateway unique ID service module . 31
6.4 Cryptographic services . 31
6.5 Authorization and authentication service . 31
6.6 Time service . 32
Annex A (informative) Privacy protection principles and sources . 33
A.1 Privacy protection principles . 33
A.2 Sources . 33
Annex B (informative) Guidance to developers . 35
B.1 General protection . 35
B.2 Privacy protection . 35
B.3 Security protection . 36
B.4 Safety protection . 36
Bibliography . 38

Figure 1 – ISO/IEC 15045-3-1 within the core interoperability and
HES gateway standards . 8
Figure 2 – HES gateway generalized architecture . 12
Figure 3 – Risk assessment diagram . 15
Figure 4 – HAN masquerade and replay . 16
Figure 5 – WAN masquerade and replay . 17
Figure 6 – HAN interception: eavesdropping and modification . 18
Figure 7 – WAN interception: eavesdropping and modification . 20
Figure 8 – HAN denial-of-service and resource-exhaustion attack . 21
Figure 9 – WAN denial-of-service and resource-exhaustion attack . 22
Figure 10 – Worm, virus or Trojan horse . 23
Figure 11 – Risk level for HAN: example . 26
Figure 12 – Risk level of data inside user objects: example . 27
Figure 13 – Risk treatment and risk assessment flow . 28
Figure A.1 – Primary sources for privacy protection principles . 34

– 4 – ISO/IEC 15045-3-1:2024 © ISO/IEC 2024
INFORMATION TECHNOLOGY –
HOME ELECTRONIC SYSTEM (HES) GATEWAY –

Part 3-1: Privacy, security, and safety – Introduction

FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and ISO
documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether dir
...