ISO/TR 24935:2025

FINAL DRAFT
Technical
Report
ISO/DTR 24935
ISO/TC 22/SC 32
Road vehicles — Software update
Secretariat: JISC
over the air using mobile cellular
Voting begins on:
network
2025-03-18
Véhicules routiers — Mise à jour du logiciel à distance (OTA) à
Voting terminates on:
l'aide d'un réseau cellulaire mobile
2025-05-13
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/DTR 24935:2025(en) © ISO 2025

FINAL DRAFT
ISO/DTR 24935:2025(en)
Technical
Report
ISO/DTR 24935
ISO/TC 22/SC 32
Road vehicles — Software update over
Secretariat: JISC
the air using mobile cellular network
Voting begins on:
Véhicules routiers — Mise à jour du logiciel à distance (OTA) à
l'aide d'un réseau cellulaire mobile
Voting terminates on:
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/DTR 24935:2025(en) © ISO 2025

ii
ISO/DTR 24935:2025(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 General . 3
5.1 Purpose .3
5.2 Structure of this document .3
5.3 Reference model .6
5.4 Cybersecurity model .7
5.4.1 General .7
5.4.2 Use of cryptography .7
5.4.3 Cryptographic key management model .9
6 Preparation of the SUP .11
6.1 General .11
6.2 Format of the SUP .11
6.2.1 General .11
6.2.2 Information to resolve the target vehicles and recipients into recipient vehicles . 12
6.2.3 Information to resolve the target ECUs into recipient ECUs . 12
6.2.4 Vehicle state for successful software-update operation . 12
6.2.5 Compatibility with the related ECUs in the recipient vehicles . 12
6.2.6 Dependency with the related ECUs in the recipient vehicles . 12
6.2.7 Interaction with the vehicle user . 13
6.2.8 Information for the prerequisite of the installation and the activation during
the software-update operation . 13
6.3 Verification and validation of an SUP . 13
7 Operation between infrastructure and vehicles .13
7.1 General . 13
7.2 Capabilities and functions in the infrastructure .14
7.2.1 Structure of update server .14
7.2.2 Cybersecurity check . 15
7.2.3 Resolving the target vehicles into recipients . 15
7.2.4 Failure handling .16
7.2.5 Mobile cellular network .16
7.3 Flow of activities .16
7.3.1 Uploading and storing SUP .17
7.3.2 Resolving target vehicles into recipients .18
7.3.3 Verifying the VCI .19
7.3.4 Transferring SUPs and receiving the results of the software-update operation. 20
7.3.5 Managing and maintaining of software-update campaign . 22
8 Software-update operation in vehicles . .22
8.1 General . 22
8.1.1 General . 22
8.1.2 Overview of EE architecture in vehicle . 23
8.1.3 Generic functions of components .24
8.2 Overview of procedures for software-update operation . 25
8.2.1 General . 25
8.2.2 Preparation and receipt of software-update operations . 25
8.2.3 Installation of software-update operation . 26
8.2.4 Activation of software-update operation .27
8.3 Generic redundant flash bootloader . 28

iii
ISO/DTR 24935:2025(en)
8.3.1 General . 28
8.3.2 General operation of the bootloader in an ECU . . 28
8.3.3 BSBs receipt and installation operations of the bootloader in an ECU . 29
8.3.4 Fail recovery operation of the bootloader in an ECU .31
8.4 Communications within the vehicle .32
8.4.1 General .32
8.4.2 Generic Ethernet protocols in vehicle.32
8.4.3 UDSonIP in AVTP for update in vehicle .32
9 Evaluation of overall software-update operation .34
9.1 General . 34
9.2 Evaluation of software-update operation . 35
9.2.1 General . 35
9.2.2 Evaluation of transmission speed between CM server and ECUs . 35
9.2.3 Evaluation of successful transfer . 36
Annex A (informative) KMIP request/response message .38
Bibliography .
...

ISO/DTR 24935:2025(E)
ISO/TC 22/SC 32/WG 12
Secretariat: JISC
Date: 2025-01-1603-04
Road vehicles — Software update over the air using mobile cellular
network
DTR stage
Warning for WDs and CDs
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change
without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which
they are aware and to provide supporting documentation.

A model document of an International Standard (the Model International Standard) is available at:
Véhicules routiers — Mise à jour du logiciel à distance (OTA) à l'aide d'un réseau cellulaire mobile
© ISO 24935 – All rights reserved

ISO/DTR 24935:(en)
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
ii
ISO/DTR 24935:(en)
Contents
Foreword . iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 General. 5
5.1 Purpose . 5
5.2 Structure of this document . 5
5.3 Reference model . 8
5.4 Cybersecurity model . 10
6 Preparation of the SUP . 15
6.1 General. 15
6.2 Format of the SUP . 16
6.3 Verification and validation of an SUP . 18
7 Operation between infrastructure and vehicles . 19
7.1 General. 19
7.2 Capabilities and functions in the infrastructure . 19
7.3 Flow of activities . 22
8 Software-update operation in vehicles . 30
8.1 General. 30
8.2 Overview of procedures for software-update operation . 33
8.3 Generic redundant flash bootloader . 38
8.4 Communications within the vehicle . 45
9 Evaluation of overall software-update operation . 49
9.1 General. 49
9.2 Evaluation of software-update operation . 50
Annex A (informative) KMIP request/response message . 53
Bibliography . 59

iii
ISO/DTR 24935:(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights
in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s)
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 22, “Road vehicles”,, Subcommittee SC 32,
“Electrical and electronic components and general system aspects”.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
ISO/DTR 24935:(en)
Introduction
ECUThe electronic control units (ECUs) and their software have become major components of road vehicles
in recent years. InSoftware, in particular, software needs tomust be updated as it is frequently revised.
— The need for updating software is more prominent as cybersecurity and passenger safety become more
dependent on software.
— The software-update operation was usually performed at workshops, which was very inconvenient for
vehicle users.
The ECUs requiring software-update operationoperations range from a smart key to power train ECUs.
— These days, the software-update operation for ECUs has become possible even while vehicles are serviced
in gas stations. Moreover, mobile cellular networks can be used to update vehicle software regardless of
the vehicle location.
ISO 24089:2023 was published as the standard for vehicle software update engineering. This standardISO
24089 addresses the requirements on the organization, software-update project, infrastructure level, vehicle
and vehicle-systems level, software-update package, and software-update campaign, among others. However,
ISO 24089:2023 does not address the actual technologies and procedures for updating software.
This technical reportdocument describes an actual experience involving technologies and systems for
updating software using mobile cellular networks. In addition, the results of verification by mounting the ECU
developed in this technical reportdocument on an actual vehicle are included.
v
ISO/DTR 24935:2025(E:(en)
Road vehicles — Software update over the air using mobile cellular
network
1 Scope
This technical reportdocument describes use cases and activities for updating software in vehicles over the
air using mobile cellular network. This document provides a case study on the use of international
standardsInternational Standards in preparing software-update packages, managing infrastructure and
operation within the vehicles.
This document includes descriptions of a reference model for software-update operations and metadata
which can be used during the software-update operations.
2 Normative references
There are no normative references in this document.
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 24089, Road vehicles — Software update engineering
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 24089:2023 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1
3.1
to archive
to store logs and records on a permanent medium such that they may be retrieved (3.9) at a later date
3.13.2 3.2
authentication
act of proving an assertion, such as the identity of a computer system user
3.23.3 3.3
authorization
formal permission to use a product within specified application constraints
3.33.4 3.4
cryptography
discipline that embodies the principles, means, and methods for the transformation of data in order to hide
their semantic content, prevent their unauthorized use, or prevent their undetected modification
[SOURCE: ISO/IEC 2382-8:1998:2015, 2126278]
© ISO 249352025 – All rights reserved
ISO #####-#:####(X/DTR 24935:(en)
3.43.5 3.5
Ethernet
communication protocol specified in ISO/IEC/8802-3:2021
3.53.6 3.6
metadata
data that provides information about other data
3.63.7 3.7
mobile cellular network
telecommunications network where the link to and from end nodes is wireless and the network is distributed
over land areas called cells
3.73.8 3.8
non-repudiation
ability to prove the occurrence of a claimed event or action and its originating entities
[SOUCRESOURCE: ISO/IEC 27002:2022, 3.1.19]
3.9
3.9
to retrieve
to restore from the archived (3.1) data
3.83.10 3.10
validation
confirmation, through the provision of objective evidence, that the cybersecurity goals of the item are
adequate and are achieved
[SOURCE: ISO/SAE 21434:2021, 3.1.36]
3.93.11 3.11
verification
confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
[SOURCE: ISO/SAE 21434:2021, 3.1.37]
4 Abbreviated terms
ACC Accessory
AVB Audio Video Bridge
AVN Audio Video Navigation
AVTP Audio Video Transport Protocol
BCU Body Control Unit
BSB Binary Software Block
CAN Controller Area Network
CM Campaign Management
© ISO #### 2025 – All rights reserved
ISO/DTR 24935:2025(E:(en)
DoIP Diagnostic communication over Internet Protocol
DS Digital Signature
ECU Electronic Control Unit
EOL End of Line
E2E End to End
HMI Human Machine Interface
HSM Hardware Security Module
ITS Intelligent Transport Systems
IVN In-Vehicle Network
KMIP Key Management Interoperability Protocol
KMS Key Management Server
LDM Local Dynamic Map
LKAS Lane Keeping Assist System
MAC Message Authentication Code
MFA Multi Factor Authentication
NIST National Institute of Standards and Technology
OTAM OTA Master
OTP One Time Password
SM Software Management
SUP Software Update Package
SUV Sport Utility Vehicles
TSN Time-Sensitive Networking
UDS Unified Diagnostic Services
URL Uniform Resource Locator
VCI Vehicle Configuration Information
VIN Vehicle Identification Number
VM Vehicle Management
VMG Vehicle Mobile Gateway
© ISO 249352025 – All rights reserved
ISO #####-#:####(X/DTR
...