EURUSD
Your shopping cart is empty.
ISO

ISO/TR 23791:2019

(Main)

Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series

Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series

This document presents the assessment of the safety, security, competition, responsibilities, and data protection risks that can originate from the ISO 20078 series. In particular, the following risks are outside the scope of this assessment, because they relate to elements that are excluded from the scope of the ISO 20078 series: — the risks associated with the implementation of the ISO 20078 series; — the risks associated with the process that the accessing parties or any other parties would later on use to communicate the information they obtained; — the risks associated with the process used by the resource owner to provide, modify, or revoke their authorization to pass information; — the risks associated with the mitigation of the risks, should such a mitigation be necessary.

Véhicules routiers — Web services du véhicule étendu (ExVe) — Résultats de l'évaluation des risques de la série de normes ISO 20078

General Information

Status
Published
Publication Date
03-Sep-2019
ICS
43.040.15 - Car informatics. On board computer systems
Technical Committee
ISO/TC 22/SC 31 - Data communication
Drafting Committee
ISO/TC 22/SC 31/WG 6 - Extended vehicle/Remote diagnostics
Current Stage
6060 - International Standard published
Start Date
04-Sep-2019
Due Date
15-Oct-2021
Completion Date
15-Oct-2021
Ref Project

Relations

Consolidated By
ISO 3451-4:2024 - Plastics — Determination of ash — Part 4: Polyamides
Effective Date
03-Dec-2022
ISO/TR 23791:2019 - Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series Released:9/4/2019ISO/TR 23791:2019 - Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series Released:9/4/2019
PreviousNext
Technical report
ISO/TR 23791:2019 - Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series Released:9/4/2019
English language
39 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/TR
REPORT 23791
First edition
2019-09
Road vehicles — Extended vehicle
(ExVe) web services — Result of the
risk assessment on ISO 20078 series
Véhicules routiers — Web services du véhicule étendu (ExVe) —
Résultats de l'évaluation des risques de la série de normes ISO 20078
Reference number
©
ISO 2019
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 3
4 General result of the risk assessment . 3
5 Categories of the assessed risks . 3
6 Assessment of the risks r elated to the safety of the persons and the goods during
the ExVe life cycle . 3
6.1 Safety risks considered . 3
6.2 Analysis of the situation presented by the ISO 20078 series . 4
6.2.1 SAFE 1: Possible overload of the electronic system of the moving vehicle
(numerous requests) . . 4
6.2.2 SAFE 2: Possible overload of the electronic system of the moving vehicle
(frequent requests) . . . 4
6.2.3 SAFE 3: Possible overload of the electronic system of the moving vehicle
(unexpected requests) . 5
6.2.4 SAFE 4: Possible illicit or malicious remote control of vehicles . 5
6.2.5 SAFE 5: Lack of compatibility with the existing systems and mechanisms . 5
6.2.6 SAFE 6: Failures of the remote communication solution itself of the ExVe
(including the back-end system of the manufacturer) . 6
6.2.7 SAFE 7: Lack of consideration of the complete ExVe life cycle. 6
6.2.8 SAFE 8: Risks related to the design validation process . 6
6.2.9 SAFE 9: Lack of misuse prevention . 6
6.2.10 SAFE 10: Lack of, or inappropriate measures aiming at reducing the risks
in case of illicit or malicious remote control of vehicles. 7
6.3 Conclusion: Assessment of the safety risks possibly originating from the
ISO 20078 series . 7
7 Assessment of the risks associat ed to the security of the ExVe communication system .8
7.1 Security risks considered . 8
7.2 Analysis of the situation presented by the ISO 20078 series . 8
7.2.1 General considerations relative to the specification of the OAuth2 framework . 8
7.2.2 General consideration related to cybersecurity . 8
7.2.3 SEC 1: Risks related to integrity and authenticity. 8
7.2.4 SEC 2: Security risks at vehicle systems that are not located at the moving
vehicle . 9
7.2.5 SEC 3: Risks related to the consequences of a complete or partial
cybersecurity breach (this includes safety, security, competition,
confidentiality and data protection risks) . 9
7.2.6 SEC 4: Lack of misuse prevention measures . 9
7.3 Conclusion: Assessment of the security risks possibly originating from the
ISO 20078 series .10
8 Assessment of the risks associat ed to the fair competition among the concerned actors .10
8.1 Competition risks considered .10
8.2 Analysis of the situation presented by the ISO 20078 series .10
8.2.1 Involved actors .10
8.2.2 FAIR 1: Possible misuse of the acquired knowledge .11
8.2.3 FAIR 2: Possible gaining of unique knowledge of the market through
monitoring . .11
8.2.4 FAIR 3: Possible gaining of unique knowledge of the customer’s behaviour
through monitoring .12
8.2.5 FAIR 4: Competition risks among the involved parties .12
8.2.6 FAIR 5: Risk of excluding competitors from playing roles .12
8.2.7 FAIR 6: Risks related to the development of new after-sales applications .12
8.2.8 FAIR 7: Competition risks among manufacturers and/or vehicle
components (systems) suppliers . .13
8.3 Conclusion: Assessment of the competition risks possibly originating from the
ISO 20078 series .13
9 Assessment of the risks r elated to the responsibility of the concerned actors .13
9.1 Liability and responsibility .13
9.2 Analysis of the situation presented by the ISO 20078 series .14
9.3 Conclusion: Assessment of the risks related to the responsibility of the concerned
actors possibly originating from the ISO 20078 series .14
10 Assessment of the risks r elated to the protection of the resources owned by the
resource owner (data protection) .14
10.1 Data protection risks considered .14
10.2 Analysis of the situation presented by the ISO 20078 series .15
10.3 Conclusion: Assessment of the risks related to the protection of the resources
owned by the resource owner and possibly originating from the ISO 20078 series
(data protection risks).16
Annex A (informative) Assessment of safety risks .17
Annex B (informative) Assessment of security risks .26
Annex C (informative) Assessment of competition risks .29
Annex D (informative) Assessment of the risks related to responsibility and liability of the
concerned actors .35
Annex E (informative) Assessment of data protection risks.37
Bibliography .39
iv © ISO 2019 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 31,
Data communication.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
Introduction
The ISO 20078 series specifies a possible web service to implement a certain web interface of the
Extended Vehicle, depending on the concerned use case.
The development of this series has revealed several fears about possible risks related to safety, security,
competition, liability, and data protection that may originate from that interface.
To address these fears, a list of criteria was first developed to be considered independently of the
considered interface. This list is the object of ISO/TR 23786.
This list was then used for assessing the risks originating from the ISO 20078 series and concept to
issue this document.
Finally, the risk assessment demonstrated that there are no risks resulting from the ISO 20078 series
itself, however, there may be risks resulting from an implementation of that series.
vi © ISO 2019 – All rights reserved

TECHNICAL REPORT ISO/TR 23791:2019(E)
Road vehicles — Extended vehicle (ExVe) web services —
Result of the risk assessment on ISO 20078 series
1 Scope
This document presents the assessment of the safety, security, competition, responsibilities, and data
protection risks that can originate from the ISO 20078 series.
In particular, the following risks are outside the scope of this assessment, because they relate to
elements that are excluded from the scope of the ISO 20078 series:
— the risks associated with the implementation of the ISO 20078 series;
— the risks associated with the process that the accessing parties or any other parties would later on
use to communicate the information they obtained;
— the risks associated with the process used by the resource owner to provide, modify, or revoke their
authorization to pass information;
— the risks associated with the mitigation of the risks, should such a mitigation be necessary.
2 Normative references
There are no normative references in this document.
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1.1
accessing party
entity which accesses resources (3.1.8) via web services (3.1.11)
[SOURCE: ISO 20078-1:2019, 3.1.6, modified — Notes to entry have been deleted.]
3.1.2
authorization provider
entity at the offering party (3.1.7) that manages the access rights to resources and resource owner (3.1.9)
information
[SOURCE: ISO 20078-1:2019, 3.1.9, modified —Note 1 to entry has been deleted.]
3.1.3
extended vehicle
ExVe
entity, still in accordance with the specifications of the vehicle manufacturer, that extends beyond the
physical boundaries of the road vehicle and consists of the road vehicle, off-board systems, external
interfaces, and the data communication between the road-vehicle and the off-board systems
[SOURCE: ISO 20077-1:2017, 3.5, modified — Note 1 to entry has been deleted.]
3.1.4
ExVe manufacturer
vehicle manufacturer responsible for the extended vehicle (3.1.3)
[SOURCE: ISO 20077-1:2017, 3.6]
3.1.5
identity provider
entity responsible for authentication (identification) of users, through the use of credentials
Note 1 to entry: Offering party confirms the identity of the authenticated resource owner.
[SOURCE: ISO 20078-1:2019, 3.1.7, modified —Note 2 to entry has been deleted.]
3.1.6
intermediate body
party that manages the authorizations given by the resource owner (3.1.9) to communicate resources to
the accessing party (3.1.1) via web service (3.1.11)
3.1.7
offering party
entity who provides web services (3.1.11) access to resources (3.1.8)
[SOURCE: ISO 20078-1:2019, 3.1.3.]
3.1.8
resource
data, aggregated information or functionalities of the connected vehicle
[SOURCE: ISO 20078-1:201, 3.2.1, modified —Note 1 to entry has been deleted.]
3.1.9
resource owner
responsible party for the resource(s) (3.1.8)
Note 1 to entry: The resource owner is responsible for granting, denying, and revoking access to resource(s).
Note 2 to entry: The responsible resource owner is determined by the concrete resource.
[SOURCE: ISO 20078-1:2019, 3.1.4.]
3.1.10
resource provider
entity at the offering party (3.1.7) that protects and provides resources (3.1.8)
[SOURCE: ISO 20078-1:2019, 3.1.8.]
3.1.11
web service
software system, with an interface described in a machine-processable format, and designed to support
interoperable machine-to-machine interaction over a network
[SOURCE: ISO 20077-1:2017, 3.21.]
2 © ISO 2019 – All rights reserved

3.2 Abbreviated terms
ExVe Extended Vehicle
VM Vehicle Manufacturer
4 General result of the risk assessment
This document presents a risk assessment of the ISO 20078 series. This means it intends to answer
to the following question: “Does the ISO 20078 series generate any safety, security, competition,
responsibility, liability, or data protection risks?”
The answer is NO: The ISO 20078 series does not generate any safety, security, competition,
responsibility, liability, or data protection risks.
Nevertheless, the risk assessment did not consider the manner the ISO 20078 series is implemented.
Therefore, there may be safety, security, competition, responsibility, liability, or data protection risks
resulting from implementation.
It is therefore recommended to conduct a risk assessment by the vehicle manufacturer on safety,
security, competition, responsibility, liability, or data protection for the individual implemented
solution.
5 Categories of the assessed risks
In this document, the risks that have been assessed are the one listed in ISO/TR 23786. They are
regrouped as follows:
— safety risks: risks related to the safety of persons and goods during the vehicle life cycle;
— security risks: risks associated to the security of the vehicle communication system;
— competition risks: risks associated to the fair competition among the concerned actors;
— responsibility and liability risks: risks related to the responsibility and liability of the concerned
actors;
— data protection risks: risks related to the protection of the resources owned by the resource owner.
More precisely, the assessment results from the answer to the following question: “Can the ExVe web
service interface, when designed according to the ISO 20078 series for a certain use case, present safety,
security, competition, responsibility, liability, or data protection risks originating from that series?”
The risks resulting from the implementation of the ISO 20078 series are excluded from the assessment.
In particular, when implementing the ISO 20078 series, the ExVe manufacturer will design all the
arbitration mechanisms, including the mechanisms aiming at mitigating the risks. To address these
risks the ExVe manufacturer is invited to apply the design methodology specified in ISO 20077-2.
6 Assessment of the risks r elated to the safety of the persons and the goods
during the ExVe life cycle
6.1 Safety risks considered
“Can the ExVe web service interface, when designed according to the ISO 20078 series for a certain use
case, present safety risks originating from that series?”
The safety risks considered for this assessment are the following:
— overload safety risks that are not resulting from cybersecurity issues or problems:
— SAFE 1. Possible overload of the electronic system of the moving vehicle (numerous simultaneous
requests);
— SAFE 2. Possible overload of the electronic system of the moving vehicle (frequent requests);
— SAFE 3. Possible overload of the electronic system of the moving vehicle (unexpected requests);
— SAFE 4. Possible illicit or malicious remote control of vehicles;
— SAFE 5. Lack of compatibility with the existing systems and mechanisms;
— SAFE 6. Failures of the remote communication solution itself of the ExVe (including the VM
back-end server when applicable);
— SAFE 7. Lack of consideration of the complete vehicle life cycle;
— SAFE 8. Risks related to the design validation process;
— SAFE 9. Lack of misuse prevention;
— safety risks that are resulting from cybersecurity issues or problems:
— SAFE 10. Lack of, or inappropriate measures aiming at reducing the risks in case of illicit or
malicious remote control of vehicles;
— SAFE 11. Other safety risks resulting from cybersecurity issues or problems.
NOTE In these two lists the electronic system encompasses both the hardware and the software.
6.2 Analysis of the situation presented by the ISO 20078 series
6.2.1 SAFE 1: Possible overload of the electronic system of the moving vehicle (numerous
requests)
To the question:
“Does the ISO 20078 series generate safety risks related to a possible overload of the electronic system
of the moving vehicle in the case of several requests at the same time?”
The answer is NO.
The safety risks related to a possible overload of the electronic system of the moving vehicle in the case
of several requests at the same time are only related to the implementation of the ISO 20078 series.
The series reduces these risks because it introduces the interface at the backend server of the
manufacturer. However, the ISO 20078 series does not provide any recommendation regarding
that implementation. It is suggested that the ISO 20078 series could recommend designing this
implementation according to the methodology specified in ISO 20077-2.
The detailed analysis addressing this question can be found in Annex A.
6.2.2 SAFE 2: Possible overload of the electronic system of the moving vehicle (frequent
requests)
To the question:
“Does the ISO 20078 series generate risks related to highly frequently repeated requests?”
The answer is NO.
4 © ISO 2019 – All rights reserved

The safety risks related to a possible overload of the electronic system of the moving vehicle in the case
of frequently repeated requests are only related to the implementation of the ISO 20078 series.
The series reduces these risks because it introduces the interface at the backend server of the
manufacturer. However, the ISO 20078 series does not provide any recommendation regarding
that implementation. It is suggested that the ISO 20078 series could recommend designing this
implementation according to the methodology specified in ISO 20077-2.
The detailed analysis addressing this question can be found in Annex A.
6.2.3 SAFE 3: Possible overload of the electronic system of the moving vehicle (unexpected
requests)
To the question:
“Does the ISO 20078 series generate risks related to unexpected requests?”
The answer is NO.
The safety risks related to a possible overload of the electronic system of the moving vehicle in the case
of unexpected requests are only related to the implementation of the ISO 20078 series.
The ISO 20078 concept, by introducing the web-service communication via the back-end server of
the vehicle manufacturer, enables a possible substantial reduction of these risks, should the vehicle
manufacturer appropriately design this backend server.
It is recommended unexpected requests be denied. However, the ISO 20078 series does not provide
any such recommendation. It is suggested that the ISO 20078 series could recommend designing this
implementation according to the methodology specified in ISO 20077-2.
The detailed analysis addressing this question may be found in Annex A.
6.2.4 SAFE 4: Possible illicit or malicious remote control of vehicles
To the question:
“Does the ISO 20078 series prohibit illicit or malicious remote control of vehicles, or an illicit or
malicious remote activation of systems and components? Actively?”
The answer is NO.
The safety risks related to a possible illicit or malicious remote control of vehicles, or an illicit or
malicious remote activation of systems and components are only related to the implementation of the
ISO 20078 series.
The ISO 20078 concept, by introducing the web-service communication via the back-end server of
the vehicle manufacturer, enables a possible substantial reduction of these risks, should the vehicle
manufacturer appropriately design this backend server.
However, the ISO 20078 series introduces concepts that may facilitate the introduction of mechanisms
aiming at actively preventing or limiting uncontrolled or malicious remote take of control of vehicles, or
an uncontrolled or malicious remote activation of systems and components.
The detailed analysis addressing this question can be found in Annex A.
6.2.5 SAFE 5: Lack of compatibility with the existing systems and mechanisms
To the question:
“Does the ISO 20078 series generate risks related the lack of compatibility with the existing design of
the vehicle?”
The answer is NO.
To the question:
“Does the ISO 20078 concept address the risks related to the lack of compatibility with the existing
design of the vehicle?”
The answer is YES.
The ISO 20078 concept, by introducing the web-service communication via the back-end server of
the vehicle manufacturer, enables a possible substantial reduction of these risks, should the vehicle
manufacturer appropriately design this backend server.
The detailed analysis addressing this question can be found in Annex A.
6.2.6 SAFE 6: Failures of the remote communication solution itself of the ExVe (including the
back-end system of the manufacturer)
To the question:
“Does the ISO 20078 series generate safety risks in the case when e.g. the back-end server is down
(internal failures, hacking, etc…)?”
The answer is NO.
The detailed analysis addressing this question can be found in Annex A.
6.2.7 SAFE 7: Lack of consideration of the complete ExVe life cycle
To the question:
“Does the ISO 20078 series generate safety risks related to requests that are inappropriate in the actual
life cycle phase of the running vehicle?”
The answer is NO.
However, such safety issues may occur in the case of a dysfunction of the processes informing the
authorization provider of a change of the life cycle stage (manufacturing, sales, operation, maintenance
and repair, end of life).
The detailed analysis addressing this question can be found in Annex A.
6.2.8 SAFE 8: Risks related to the design validation process
To the question:
“Does the ISO 20078 series generate safety risks related to the validation of the design process and its
traceability?”
The answer is NO.
The detailed analysis addressing this question can be found in Annex A.
6.2.9 SAFE 9: Lack of misuse prevention
To the question:
“Does the ISO 20078 concept permit a limitation of the passed information to avoid safety issues?”
The answer is YES.
To the question:
6 © ISO 2019 – All rights reserved

“Does the ISO 20078 series specify or recommend a limitation of the passed information to avoid safety
issues?”
The answer is NO.
Addressing the issue is left by the ISO 20078 series to external actors (for example those involved at the
implementation stage of the series or at the specification of the considered use-cases).
The detailed analysis addressing this question can be found in Annex A.
6.2.10 SAFE 10: Lack of, or inappropriate measures aiming at reducing the risks in case of illicit
or malicious remote control of vehicles
To the question:
“Does the ISO 20078 series contain mechanisms or processes reducing the safety risks presented by a
remote control”?
The answer is YES.
However, the ISO 20078 series only partially addresses these risks because, while there is no guarantee
that the accessing party is free from impersonation risks (e.g. ID theft upstream its own accessing
request), the ISO 20078 series does not contain any recommendation for considering and possibly
limiting these risks (out of scope).
The ISO 20078 concept, by introducing the web-service communication via the back-end server of
the vehicle manufacturer, enables a possible substantial reduction of these risks, should the vehicle
manufacturer appropriately design this backend server.
The detailed analysis addressing these questions can be found in Annex A.
6.3 Conclusion: Assessment of the safety risks possibly originating from the
ISO 20078 series
The analysis of the ISO 20078 series regarding the possible safety risks considered in this document
have permitted to demonstrate:
— that the ISO 20078 concept per se, by introducing the concept of communicating via the back-end
server of the manufacturer, enables the vehicle manufacturer to endorse its full responsibility for
ensuring the safety of the persons and the goods during the ExVe life cycle;
— that the ISO 20078 series does not generate any risk relative to the persons and the goods during
the ExVe life cycle;
— that some of the risks relative to the safety of the persons and the goods are related to the
way the ISO 20078 series is implemented (see e.g. the arbitration mechanisms) and not to
the ISO 20078 series per se (it has not been possible to find a safety risk originating from the
ISO 20078 series itself);
— that the ISO 20078 series does not address these implementation risks; in particular, the
ISO 20078 series does not recommend any measure that may help preventing these risks, such
as, but not limited to the use of the design methodology specified in ISO 20077-2 for designing
this implementation.
7 Assessment of the risks associated to the security of the ExVe
communication system
7.1 Security risks considered
“Can the ExVe web service interface, when designed according to the ISO 20078 series, present security
risks originating from the series?”
The security risks considered for this assessment are the following:
— SEC 1. Risks related to integrity and authenticity;
— SEC 2. Risks at vehicle systems that are not located at the moving vehicle;
— SEC 3. Risks related to the consequences of a complete or partial cybersecurity breach (this includes
safety, security, competition, confidentiality and data protection risks);
— SEC 4. Lack of misuse prevention measures.
7.2 Analysis of the situation presented by the ISO 20078 series
7.2.1 General considerations relative to the specification of the OAuth2 framework
The ISO 20078 series specifies that the web service interface shall be designed according to the OAuth2
framework. This may be considered as the major contribution of the series to address the security risks
according to the 2018 state-of-the-art.
ISO 20078-3 references several cyber-security guidelines and relevant material for considering the
security risks.
The detailed analysis addressing this question can be found in Annex B.
7.2.2 General consideration related to cybersecurity
To the question:
“Does the ISO 20078 series address the 2018 state-of-the-art cybersecurity risks?”
The answer is YES.
The ISO 20078 series addresses the 2018 state-of-the-art cybersecurity risks. Nevertheless, due to its
scope, the ISO 20078 series does not address the state-of-the-art cybersecurity risks at all stages of the
communication between the vehicle and the service provider who is directly in contact with the vehicle
operator.
Recommending (without requiring) the ExVe manufacturer that implements the ISO 20078 series to
design this implementation according to the ISO 20077-2 methodology may help better addressing the
cybersecurity risks.
The detailed analysis addressing this question can be found in Annex B.
7.2.3 SEC 1: Risks related to integrity and authenticity
To the question:
“Does the solution prevent the manipulation of the system (e.g. regarding integrity and authenticity)?”
The answer is YES.
However, the final level of integrity and authenticity, that involves all actors in the process, is conditioned
by implementation of the ISO 20078 series.
8 © ISO 2019 – All rights reserved

The detailed analysis addressing this question can be found in Annex B.
7.2.4 SEC 2: Security risks at vehicle systems that are not located at the moving vehicle
To the question:
“Does the ISO 20078 series address security risks at other places than the vehicle itself?”
The answer is YES.
The ISO 20078 series addresses the security risks related to the communication between the back-end
server of the manufacturer and the accessing party.
To the question:
“Does the ISO 20078 series address all security risks at other places than at the vehicle itself?”
The answer is NO.
The ISO 20078 series only specifies a web service solution at the back-end server of the manufacturer.
The off-board components of the extended vehicle (including the back-end system itself) as well as the
equipment of the accessing parties are outside the scope of the ISO 20078 series.
There may be security risks related to these components but the manner to address them is outside of
the scope of the ISO 20078 series.
The detailed analysis addressing this question can be found in Annex B.
7.2.5 SEC 3: Risks related to the consequences of a complete or partial cybersecurity breach
(this includes safety, security, competition, confidentiality and data protection risks)
To the question:
“Does the ISO 20078 series include measures that limit the consequences of a security breach?”
The answer is YES.
These measures are mainly specified in ISO 20078-2.
The detailed analysis addressing this question can be found in Annex B.
7.2.6 SEC 4: Lack of misuse prevention measures
To the question:
“Does the ISO 20078 series include misuse prevention measures?”
The answer is YES.
This answer is primarily based on the fact that the ISO 20078 series is based on the OAuth2 framework,
but there are also important other technical measures that complete this assertion.
The detailed analysis addressing this question can be found in Annex B.
7.3 Conclusion: Assessment of the security risks possibly originating from the
ISO 20078 series
The analysis of the ISO 20078 series regarding the possible security risks considered in this
document have permitted to demonstrate:
— that the ISO 20078 series mainly addresses the security risks by specifying the OAuth2 framework;
— that the ISO 20078 series does not address nor provide any recommendation for addressing the
security risks related to its implementation and to the components or communication systems
outside its scope.
8 Assessment of the risks associat ed to the fair competition among the
concerned actors
8.1 Competition risks considered
“Can the ExVe web service interface, when designed according to the ISO 20078 series for a certain use
case, present competition risks originating from the series?”
The competition risks considered for this assessment are the following:
— FAIR 1. Possible misuse of the acquired knowledge;
— FAIR 2. Possible gaining of unique knowledge of the market through monitoring;
— FAIR 3. Possible gaining of unique knowledge of the customer’s behaviour through monitoring;
— FAIR 4. Competition risks among the involved parties;
— FAIR 5. Risk of excluding competitors from playing roles;
— FAIR 6. Risks related to the development of new after-sales applications;
— FAIR 7. Competition risks among manufacturers.
8.2 Analysis of the situation presented by the ISO 20078 series
8.2.1 Involved actors
To address these risks, it should be first considered who are the involved parties that can be affected by
an unfair competition situation. This is illustrated in Figure 1.
As the ISO 20078 series is fundamentally based on the OAuth2 process to secure the communication
according to the 2018 state-of-art, the ExVe manufacturer is always resource provider, authorization
provider, and in case of the personal data of the resource owner also identity provider. The difference
between the two cases illustrated in Figure 1 lies in the magnitude of the authorization managed by the
vehicle manufacturer in its role of authorization provider.
The ISO 20078 series mainly focuses on the case when the full authorization role is given to the vehicle
manufacturer (see example in green in Figure 1). In this case, it verifies for each and every request that
the resource owner has authorized to provide the requested information to the concerned party(ies)
and under the actual circumstances.
The ISO 20078 series is also fully compatible with use-cases where the main authorization role is given to
one or several intermediate bodies (see example in red in Figure 1). In the example of Figure 1 the ExVe
manufacturer only knows for each and every request who is the intermediate body, what is the information
that is requested. It only verifies that the resource owner has authorized the concerned intermediate body
10 © ISO 2019 – All rights reserved

to receive information. Such use-cases are nevertheless not technically described in the ISO 20078 series
and may be additionally defined by a description/specification for an intermediate body.
Figure 1 — Two communication cases: With and without an intermediate body
8.2.2 FAIR 1: Possible misuse of the acquired knowledge
To the question:
“Does the ISO 20078 series generates or address competition risks related to the ability for any of the
involved parties to misuse the data they have knowledge of due to their role(s) in the specified process?”
The answer is NO.
The detailed analysis addressing this question can be found in Annex C.
8.2.3 FAIR 2: Possible gaining of unique knowledge of the market through monitoring
To the question:
“Does the ISO 20078 series generate or address competition risks because, through monitoring, the
ExVe manufacturer gains unique knowledge of the market (for a certain, e.g. brand specific, after-sales
service)?”
The answer is NO.
The ISO 20078 series neither generates nor addresses the considered competition risk. This risk is
related to the manner the ExVe manufacturer implements the ISO 20078 series. This risk is not limited
to the ExVe manufacturer.
The detailed analysis addressing this question can be found in Annex C.
8.2.4 FAIR 3: Possible gaining of unique knowledge of the customer’s behaviour through
monitoring
To the question:
“Does the ISO 20078 series generate or address competition risks because, through monitoring, the
ExVe manufacturer gains unique knowledge of the customer’s behaviour?”
The answer is NO.
The ISO 20078 series neither generates nor addresses the considered competition risk. This risk is
related to the manner the ExVe manufacturer implements the ISO 20078 series. This risk is not limited
to the ExVe manufacturer.
In fact, the risk is not specific to the ISO 20078 series because, through monitoring, several competing
parties may have a unique knowledge of the customer’s behaviour.
The detailed analysis addressing this question can be found in Annex C.
8.2.5 FAIR 4: Competition risks among the involved parties
To the question:
“Does the ISO 20078 series generate or address competition risks among the actors involved in the
series?”
The answer is NO.
The ISO 20078 series neither generates nor addresses competition risks among the actors involved in
the series. These risks are linked with:
— the manner the ExVe manufacturer implements the ISO 20078 series, and
— the manner the accessing party and/or the intermediate body manage the knowledge they may
have acquired through monitoring.
The detailed analysis addressing this question can be found in Annex C.
8.2.6 FAIR 5: Risk of excluding competitors from playing roles
To the question:
“Does the ISO 20078 series exclude competitors from the market place to become, e.g. authorization
provider, without technical justifications?”
The answer is NO.
The ISO 20078 series does not preclude any party to be an intermediate body and to have accordingly
access to the competition sensitive information.
The detailed analysis addressing this question can be found in Annex C.
8.2.7 FAIR 6: Risks related to the development of new after-sales applications
To the question:
“Does the ISO 20078 series impact the competition risks among the parties aiming at the development
of similar but different applications?”
The answer is NO.
To the question:
12 © ISO 2019 – All rights reserved

“Does the ISO 20078 series impact the competition risks related to the availability in a non-
discriminatory manner of information that is necessary for developing new services and that has not
yet been made available?”
The answer is NO.
The ISO 20078 series is not impacting these risks.
The detailed analysis addressing this question can be found in Annex C.
8.2.8 FAIR 7: Competition risks among manufacturers and/or vehicle components (systems)
suppliers
To the question:
“Does the ISO 20078 series generate risks related to the competition among vehicle manufacturers and/
or vehicle components (systems) suppliers?”
The answer is NO.
To the question:
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 17987-3:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 3: Protocol specification

This document specifies the LIN protocol including the signal management, frame transfer, schedule table handling, task behaviour, status management, and commander and responder node. It contains also OSI layer 5 properties according to ISO 14229-7 UDSonLIN-based node configuration and identification services (SID: B016 to B816) belonging to the core protocol specification. A node (normally a commander node) that is connected to more than one LIN network is handled by higher layers (i.e. the application) not within the scope of this document.

  • Standard
    74 pages
    English language
    sale 15% off
ISO
ISO 17987-2:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 2: Transport protocol and network layer services

This document specifies a transport protocol and network layer services tailored to meet the requirements of LIN‑based vehicle network systems on local interconnect networks. The protocol specifies an unconfirmed communication. The LIN protocol supports the standardized service primitive interface as specified in ISO 14229-2. This document provides the transport protocol and network layer services to support different application layer implementations such as: — normal communication messages, and — diagnostic communication messages. The transport layer defines transportation of data that is contained in one or more frames. The transport layer messages are transported by diagnostic frames. A standardized API is specified for the transport layer. Use of the transport layer is targeting systems where diagnostics are performed on the backbone bus (e.g. CAN) and where the system builder wants to use the same diagnostic capabilities on the LIN sub-bus clusters. The messages are in fact identical to ones in ISO 15765-2 and the PDUs carrying the messages are very similar. The goals of the transport layer are: — to have low load on commander node, — to provide full (or a subset thereof) diagnostics directly on the responder nodes, and — to target clusters built with powerful LIN nodes (not the mainstream low cost).

  • Standard
    75 pages
    English language
    sale 15% off
ISO
ISO 17987-4:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 4: Electrical physical layer (EPL) specification 12 V/24 V

This document specifies the 12 V and 24 V electrical physical layers (EPL) of the LIN communications system. The electrical physical layer for LIN is designed for low-cost networks with bit rates up to 20 kbit/s to connect automotive electronic control units (ECUs). The medium that is used is a single wire for each receiver and transmitter with reference to ground. Annex A provides recommendations on the LIN physical layer peripheral interface design of type UART and frame controller for commander and responder nodes. This document includes the definition of electrical characteristics of the transmission itself and also the documentation of basic functionality for bus driver devices. This document also provides the physical layer definitions for nodes with LIN AA capabilities according to one of the procedures C, D and E. All parameters in this document are defined for the ambient temperature range from −40 °C to 125 °C.

  • Standard
    43 pages
    English language
    sale 15% off
ISO
ISO 17987-7:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 7: Electrical physical layer (EPL) conformance test specification

This document specifies the conformance test for the electrical physical layer (EPL) of the LIN communications system. The purpose of this document is to provide a standardised way to verify whether a LIN bus driver conforms to ISO 17987-4. The primary motivation is to ensure a level of interoperability of LIN bus drivers from different sources in a system environment. This document provides all the necessary technical information to ensure that test results are consistent even on different test systems, provided that the particular test suite and the test system are conformant to the content of this document.

  • Standard
    195 pages
    English language
    sale 15% off
ISO
ISO 17987-6:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 6: Protocol conformance test specification

This document specifies the LIN protocol conformance test. This test verifies the conformance of LIN communication controllers with respect to ISO 17987-2 and ISO 17987-3. This document provides all necessary technical information to ensure that test results are identical even on different test systems, provided that the particular test suite and the test system are compliant to the content of this document. Annex A, Annex B and Annex C specify the protocol conformance test plans for responder nodes supporting auto addressing procedures according procedure C, procedure D or procedure E, see ISO 17987-3:2025, Annex C.

  • Standard
    104 pages
    English language
    sale 15% off
ISO
ISO 17987-1:2025(Main)
Road vehicles — Local Interconnect Network (LIN) — Part 1: General information and use case definition

This document gives an overview of the structure and the partitioning of the ISO 17987 series. In addition, it outlines the use cases where the ISO 17987 series is used. The terminology defined in this document is common for all LIN communication systems and is used throughout the ISO 17987 series. This document has been established to define the use cases for LIN.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO 13209-4:2024(Main)
Road vehicles — Open Test sequence eXchange format (OTX) — Part 4: Expanded extensions interface definition

This document defines the Open Test sequence eXchange (OTX) additional extension requirements and data model specifications. The requirements are derived from the use cases described in ISO 13209-1. They are listed in Clause 4. The data model specification aims at an exhaustive definition of all features of the OTX extensions which have been implemented to satisfy the requirements. This document establishes rules for the syntactical entities of each extension. Each of these syntactical entities is accompanied by semantic rules which determine how OTX documents containing extension features are interpreted. The syntax rules are provided by UML[2] class diagrams and XML schemas, whereas the semantics are given by UML activity diagrams and prose definitions.

  • Standard
    457 pages
    English language
    sale 15% off
ISO
ISO 11898-1:2024(Main)
Road vehicles — Controller area network (CAN) — Part 1: Data link layer and physical coding sublayer

This document specifies the controller area network (CAN) data link layer (DLL) and the physical coding sub-layer (PCS). The CAN DLL features data fields of up to 2048 byte when the CAN extended data field length (XL) frame format is used. This document divides the CAN DLL into the logical link control (LLC) and the medium access control (MAC) sub-layers. The DLL’s service data unit (SDU), which interfaces the LLC and the MAC, is implemented by means of the LLC frame. The LLC frame also features the service data unit type (SDT) and the virtual CAN channel identifier (VCID), which provide higher-layer protocol configuration and identification information. How the higher-layer functions are handled is not specified in this document. There are five implementation options: 1) support of the CAN classic frame format only, not tolerating the CAN flexible data rate (FD) frame format; 2) support of the CAN classic frame format and tolerating the CAN FD frame format; 3) support of the CAN classic frame format and the CAN FD frame format; 4) support of the CAN classic frame format, the CAN FD frame format and the CAN XL frame format; 5) support of the CAN FD frame format for CAN FD light responders (Annex A). NOTE Nodes of the first option can communicate with nodes of the third and fourth option when only the CAN classic frame format is used. Nodes of the first option cannot communicate with nodes of the fifth option: any attempt at communication generates error frames. Therefore, new designs implementing the fourth option can communicate with all other nodes.

  • Standard
    82 pages
    English language
    sale 15% off
ISO
ISO 15765-2:2024(Main)
Road vehicles — Diagnostic communication over Controller Area Network (DoCAN) — Part 2: Transport protocol and network layer services

This document specifies a transport and network layer protocol with transport and network layer services tailored to meet the requirements of CAN-based vehicle network systems on controller area networks as specified in ISO 11898-1. The diagnostic communication over controller area network (DoCAN) protocol supports the standardized abstract service primitive interface as specified in ISO 14229-2 (UDS). This document supports different application layer protocols such as: — enhanced vehicle diagnostics (emissions-related system diagnostics beyond legislated functionality, non-emissions-related system diagnostics); — emissions-related on-board diagnostics (OBD) as specified in the ISO 15031 series and SAE J1979 series; — world-wide harmonized on-board diagnostics (WWH-OBD) as specified in the ISO 27145 series; and — end of life activation of on-board pyrotechnic devices (the ISO 26021 series). The transport protocol specifies an unconfirmed communication. NOTE This document does not determine whether CAN CC, CAN FD or both are recommended or required to be implemented by other standards referencing this document.

  • Standard
    47 pages
    English language
    sale 15% off
ISO
ISO 11898-2:2024(Main)
Road vehicles — Controller area network (CAN) — Part 2: High-speed physical medium attachment (PMA) sublayer

This document specifies physical medium attachment (PMA) sublayers for the controller area network (CAN). This includes the high-speed (HS) PMA without and with low-power mode capability, without and with selective wake-up functionality. Additionally, this document specifies PMAs supporting the signal improvement capability (SIC) mode and the FAST mode in Annex A. The physical medium dependent (PMD) sublayer is not in the scope of this document.

  • Standard
    64 pages
    English language
    sale 15% off