Road Vehicles -- Extended vehicle (ExVe) methodology

ISO 20077-2:2018 specifies general rules and basic principles the manufacturer of the extended vehicle (ExVe) considers when elaborating its own design method. It does not specify the manner in which these design methods are drafted and implemented. ISO 20077-2:2018 specifies by means of a template the necessary information that is communicated to the ExVe manufacturer for requesting the design of a new ExVe functionality. It also specifies, by means of a template, the information the ExVe manufacturer provides for responding to that request. ISO 20077-2:2018 does not specify the process leading to the elaboration of the request information nor the process associated to communication of the response information. ISO 20077-2:2018 concerns the design of the extended vehicles mentioned in the scope of ISO 20077‑1, regardless of the type of communication interface which is used between the ExVe and external systems or parties. It does not concern the internal communication of the ExVe. It does not standardize the implementation of software or hardware nor preclude any technical solution the ExVe manufacturer might select when designing a new ExVe functionality. ISO 20077-2:2018 relates to the design and production phases of a vehicle, where these phases include the subsequent design upgrades by the ExVe manufacturer of vehicle models, variants, or types still in production. NOTE Should new interfaces for remote communication with the vehicle become mandatory, then this document is also applicable for designing the requested ExVe functionalities.

Véhicules routiers -- Méthodologie du véhicule étendu (ExVe)

General Information

Status
Published
Publication Date
02-Jan-2018
Current Stage
6060 - International Standard published
Start Date
03-Nov-2017
Completion Date
03-Jan-2018
Ref Project

Buy Standard

Standard
ISO 20077-2:2018 - Road Vehicles -- Extended vehicle (ExVe) methodology
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 20077-2
First edition
2018-01
Road Vehicles — Extended vehicle
(ExVe) methodology —
Part 2:
Methodology for designing the
extended vehicle
Véhicules routiers — Méthodologie du véhicule étendu (ExVe) —
Partie 2: Méthodologie pour désigner le véhicule étendu
Reference number
ISO 20077-2:2018(E)
ISO 2018
---------------------- Page: 1 ----------------------
ISO 20077-2:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2018

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 20077-2:2018(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 Conventions for identifying rules and basic principles and for specifying their content ........3

6 Overview of the design methodology of the extended vehicle ............................................................................. 3

6.1 Role of the design methodology in the design process of an extended vehicle .............................. 3

6.2 The ExVe design methodology content .............................................................................................................................. 4

6.3 Consideration of new ExVe functionalities ..................................................................................................................... 5

7 ExVe design methodology — Rules .................................................................................................................................................... 6

7.1 General ........................................................................................................................................................................................................... 6

7.2 Safety related rule ................................................................................................................................................................................ 6

7.3 Security related rule ........................................................................................................................................................................... 7

8 ExVe Design Methodology — Basic principles ....................................................................................................................... 7

8.1 General ........................................................................................................................................................................................................... 7

8.2 General basic principles .................................................................................................................................................................. 8

8.3 Basic principles related to life-cycle (e.g. assembly, customer use) .......................................................... 8

8.4 Basic principle related to remote access .......................................................................................................................... 9

8.5 Basic principle related to the existing design of an extended vehicle ..................................................10

8.6 Basic principle related to interactions and management of priorities between the

ExVe functionalities .........................................................................................................................................................................12

8.7 Basic principle related to non-regression and availability of resources ............................................12

8.8 Basic principle related to validation of the ExVe functionality ..................................................................14

8.9 Basic principles related to non-monitoring ................................................................................................................14

9 ExVe design methodology — Templates ...................................................................................................................................14

9.1 General ........................................................................................................................................................................................................14

9.2 Template for technical request...............................................................................................................................................15

9.3 Template for technical response ...........................................................................................................................................16

Annex A (normative) Template for technical request .....................................................................................................................19

Annex B (normative) Template for technical response .................................................................................................................20

Bibliography .............................................................................................................................................................................................................................21

© ISO 2018 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 20077-2:2018(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee is ISO/TC 22 Road vehicles, Subcommittee SC 31,

Data communication.
A list of all parts in the ISO 20077 series can be found on the ISO website.
iv © ISO 2018 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 20077-2:2018(E)
Introduction
This document is dedicated to the extended vehicle (ExVe).

In the early 2010s, advances in technology have led to new ways of communicating with the vehicle

where digital information could be accessed not only in a physical way, but also wirelessly.

The removal of the constraint of a physical connection has enabled

— remote access to vehicle functionality that previously was impossible or very difficult, and

— simplified access to multiple information sources which have together created opportunities for

new functionalities.

These advances have generated an increased need for interconnection with data specific to each

vehicle. This phenomenon was similar to the increase of new functionalities enabled by the usage of

multiplexed buses in vehicles.

This evolution has led to the introduction of the “extended vehicle” (ExVe) concept as described in

ISO 20077-1.

Technical constraints and societal needs should be taken into account when designing these new

functionalities. It is also necessary to mitigate the risks introduced by the new communication means

between the ExVe and the external world.

In this context, this document aims at guiding the ExVe manufacturer by specifying a set of general

rules and basic principles from which each ExVe manufacturer derives their own detailed and specific

methods or procedures to design an extended vehicle.
© ISO 2018 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 20077-2:2018(E)
Road Vehicles — Extended vehicle (ExVe) methodology —
Part 2:
Methodology for designing the extended vehicle
1 Scope

This document specifies general rules and basic principles the manufacturer of the extended vehicle

(ExVe) considers when elaborating its own design method. It does not specify the manner in which

these design methods are drafted and implemented.

It specifies by means of a template the necessary information that is communicated to the ExVe

manufacturer for requesting the design of a new ExVe functionality. It also specifies, by means of a

template, the information the ExVe manufacturer provides for responding to that request. It does not

specify the process leading to the elaboration of the request information nor the process associated to

communication of the response information.

It concerns the design of the extended vehicles mentioned in the scope of ISO 20077-1, regardless of the

type of communication interface which is used between the ExVe and external systems or parties. It

does not concern the internal communication of the ExVe. It does not standardize the implementation

of software or hardware nor preclude any technical solution the ExVe manufacturer might select when

designing a new ExVe functionality.

It relates to the design and production phases of a vehicle, where these phases include the subsequent

design upgrades by the ExVe manufacturer of vehicle models, variants, or types still in production.

NOTE Should new interfaces for remote communication with the vehicle become mandatory, then this

document is also applicable for designing the requested ExVe functionalities.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 20077-1, Road vehicles — Extended vehicle (ExVe) — Methodology — Part 1: General information

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 20077-1 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1
basic principle
design principle that is considered when designing an extended vehicle
© ISO 2018 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO 20077-2:2018(E)
3.2
life cycle

various situations that the vehicle will encounter during its whole life including manufacture,

customer’s use, maintenance and recycling
3.3
local diagnostic facilitator

person at the vehicle that is in communication with the remote technician and facilitates the diagnostics

by that person’s capacity to act as requested by the remote technician and to answer the remote

technician’s questions

Note 1 to entry: Any person not able, at the minimum, to understand or describe the indications of the on-board

instruments and tell-tales shall not be considered as local diagnostic facilitator.

3.4
operator

person at the vehicle who is operating, controlling or working on an extended vehicle

EXAMPLE The local diagnostic facilitator.
3.5
requester

company or legal entity who is submitting to an ExVe manufacturer a request for a new ExVe

functionality in the ExVe

Note 1 to entry: When submitting a request, a vehicle manufacturer acting as an after-sales service provider

shall be considered as a requester.

Note 2 to entry: When the vehicle manufacturer is the same as the ExVe manufacturer, they may use their own

internal processes.
3.6
rule

fundamental design requirement that is complied with when designing an extended vehicle

4 Abbreviated terms
BP Basic Principle
ECU Electronic Control Unit
ExVe Extended Vehicle
LDF Local Diagnostic Facilitator
NUM rule or BP number
R Rule
VER Version of rule or BP number
VM Vehicle Manufacturer
2 © ISO 2018 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 20077-2:2018(E)
5 Conventions for identifying rules and basic principles and for specifying
their content
In this document, rules and basic principles are formalized as follows:
XX_NUM
Text of the rule or basic principle
VER
XX_NUM_VER: reference of the rule (R) or basic principle (BP) in which
— XX is a letter to identify rule (R) or basic principle (BP),

— NUM is an integer which allows the rule or basic principle to be distinguished. NUM is an integer

between 001 to and including 999, and

— VER: Version of the XX_NUM. VER is an integer between 001 and including 999. Any new version

shall have an integer greater than the previous version.

In this document, there can only be a single version (VER) for each rule or basic principle considered.

EXAMPLE 1
R_025_011 and R_026_011 are 2 different rules.
EXAMPLE 2

BP_025_010 and BP_025_030 are 2 versions of the same basic principle which cannot belong to the same version of the

standard.
NOTE Rules and basic principle can be followed by an explanatory text.
6 Overview of the design methodology of the extended vehicle
6.1 Role of the design methodology in the design process of an extended vehicle

The role of this methodology is to provide guidelines for the design of the extended vehicle and its

interfaces (physical, documentation, support, etc.) by specifying a system of general requirements,

including rules and basic principles, from which the ExVe manufacturer shall derive its own methods or

procedures to design an extended vehicle that address a specific set of use-cases and scenarios.

It does not specify these methods and procedures, which remain part of the know-how of the ExVe

manufacturer.

Each ExVe manufacturer has usually formalized the way of working in this design process through

corporate methods and procedures as illustrated in Figure 1.
© ISO 2018 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO 20077-2:2018(E)
NOTE Blue areas in this figure are within the scope of this document.
Figure 1 — Schematic of the ExVe design methodology context
6.2 The ExVe design methodology content
The ExVe design methodology contains (see Figure 2)

— a standardised template for providing the minimum information needed for a complete description

of the new requested ExVe functionality (see 9.2),

— a generic system of rules and basic principles enabling the introduction of a new ExVe functionality

(see Clauses 7 and 8), and

— a standardised template for providing the minimum information needed when responding to a

request for an ExVe functionality (see 9.2).

Figure 2 illustrates this content in the case when the request and response information is provided by

means of the templates specified in respectively Annexes A and B.
4 © ISO 2018 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 20077-2:2018(E)
Figure 2 — Structure of this document
6.3 Consideration of new ExVe functionalities

The ExVe design methodology is applied by the ExVe manufacturer by considering the rules and basic

principles of this document.

This applies during the design of or a design change to an extended vehicle involving direct or indirect

communication between that vehicle and third parties, which may, for example, be the vehicle operator,

the vehicle owner, service providers, or other ExVe’s.

The need for new ExVe functionalities can result from legislation, standards or individual requests

from requesters. In that case, the need for a new ExVe functionality shall be defined by the requester

through the request template describing precisely all the required elements (e.g. performance related).

Designing specific new interfaces for remote communication with the vehicle may result from

regulatory requirements. This methodology is also applicable in that case.

This methodology concerns any request from a requester for a new functionality of the ExVe. It also

concerns the case when an existing functionality is requested to be extended or remotely available. It is

applicable by all the involved manufacturers in the case of a multi-stage manufacturing.

Enabling new functionalities by just adding new equipment without taking the existing design

into account may not give a satisfying result. On the one hand, new requested functionalities may

uncontrollably interfere with functionalities which were installed in the initial or existing design. On

the other hand, all the components required for these additional functionalities are not usually found in

© ISO 2018 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO 20077-2:2018(E)

the vehicle itself (e.g. diagnosis, voice recognition, manufacturing part-list). The basic principles of this

methodology aims at highlighting the consideration of these risks.

The rules and basic principles specified in this document aim at considering, in a proper manner, the

risks within the ExVe that are attributed to a new ExVe functionality, whether or not this functionality

already exists. The consideration and management of these risks may lead to measures such as, but not

limited to:

— modifying the electronic system (resources, etc.) of the existing ExVe in order to permit the new

functionality;
— not implementing the new functionality;
— implementing the new functionality but only under specific conditions; and
— modifying other existing functionalities

Non-technical measures (e.g. contractual) may also be considered to manage the risks, for example,

those related to obsolescence or disruption of existing functionalities or services.

The VM formally responds to the request according to the requirements specified in Clause 9.

7 ExVe design methodology — Rules
7.1 General

The ExVe design methodology is fundamentally based on the consideration of the following constraint:

— remote access shall preserve the basic safety and security of the vehicle during all its life-cycle phases.

Accordingly, this document includes the following 2 rules (R_01 to R_02) the ExVe manufacturer shall

incorporate in its own design methods and procedures.
7.2 Safety related rule

When designing a new functionality in an extended vehicle, the ExVe manufacturer shall

R_001
consider possible safety risks.

Functions which may impact safety shall be addressed according to the best safety

002
practices.

The ExVe manufacturer is responsible for designing an ExVe in regard to the safety of the vehicle, its

driver and passengers, its operators and other users during all phases of its life-cycle.

NOTE For that purpose, some of the best safety practices can be found in existing standards (e.g. ISO 26262).

When designing a new functionality in an extended vehicle, the ExVe manufacturer shall therefore have

design methods and procedures that integrate rule R_001.

When applying rule R_001, ExVe functionalities can be classified based on the following safety criterion:

— ExVe functionality which has no influence on the behaviour of the vehicle on the road like

infotainment information/without any risk of disturbing the driver;

— ExVe functionality which has an impact on safety, either by interacting with the vehicle’s behaviour

(e.g. engine, brake, steering, suspension) or by distracting the driver’s attention.

This classification is obtained either because the risk is internally given by the ExVe functionality, or

because a risk is identified in a specific situation or in a specific operating function (the same action

does not cause the same risks in each of the situations).
6 © ISO 2018 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 20077-2:2018(E)
Examples of safety risks for moving vehicles:
EXAMPLE 1 Influence on the vehicle’s braking capability.

EXAMPLE 2 Inappropriate functionality such as immobilisation of the vehicle while driving on the road.

EXAMPLE 3 Inappropriate functionality outside of specified parameters.
Examples of safety risks for stationary vehicles:

EXAMPLE 1 Inappropriate airbag deployment request when the front seat is occupied.

EXAMPLE 2 Inappropriate activation of high voltage components when high voltage battery decoupled.

EXAMPLE 3 Inappropriate activation of components during repair or maintenance activities.

7.3 Security related rule

When designing a new functionality in an extended vehicle, the ExVe manufacturer shall

R_002
consider possible security risks.

Functions which may impact security shall be addressed according to the best security

002
practices.

The ExVe manufacturer is responsible for designing an ExVe in order to preserve the security of the

vehicle during all phases of its life-cycle.

When designing a new functionality in an extended vehicle, the ExVe manufacturer shall therefore have

design methods and procedures that integrate rule R_002.
NOTE 1 Cyber-security is considered as included in this general security area.

NOTE 2 Uncontrolled communication of information can have security harmful consequences like theft of the

vehicle or theft of the transported goods.

NOTE 3 When necessary, the extended vehicle can be secured (authentication of the requester, authentication

integrity and confidentiality of data) in order to protect the extended vehicle from risks of tampering and

unauthorized access.
NOTE 4 Some operational data could require confidential processing.

NOTE 5 Each data has an intrinsic confidentiality level. Association of data could lead to a confidentiality level

far greater than the confidentiality of each data, considering possible uses.
NOTE 6 Security issues can lead to safety issues.
Examples of security risks:
EXAMPLE 1 Unauthorized coding of additional keys.
EXAMPLE 2 Unauthorized Remote ECU reprogramming.
EXAMPLE 3 Cloning of the vehicle connection interface.
EXAMPLE 4 Mismatched access.
8 ExVe Design Methodology — Basic principles
8.1 General

When addressing the basic principles in its own design methods and procedures, the ExVe manufacturer

shall always fulfil the rules specified in this document.
© ISO 2018 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO 20077-2:2018(E)
8.2 General basic principles
BP_001
The ExVe manufacturer is responsible for the design of the extended vehicle.
002
BP_002

The ExVe manufacturer is responsible for the design of all the interfaces of the extended

vehicle that will permit communication with that extended vehicle.
002
BP_003

The ExVe manufacturer is responsible for deciding on the implementation of any extend-

ed vehicle functionality.
002

The ExVe manufacturer is responsible for the design of the Extended Vehicle, including its functionalities

(see BP_001). Therefore, the ExVe manufacturer is responsible for both the implementation in the ExVe

of each functionality and for the consistency of the whole set of functionalities.

When considering implementing a new functionality in an ExVe according to the methodology specified

in this document, the ExVe manufacturer may conclude that the following restrictions apply:

— restrictions on the availability of the functionalities;
— restrictions on the performance of the functionalities;

— restrictions due to differences between vehicles, model, variants, or types; and

— restrictions due to unique market conditions.
8.3 Basic principles related to life-cycle (e.g. assembly, customer use)
BP_004

The ExVe manufacturer is responsible for assessing the impacts of a new ExVe function-

ality during the life-cycle phases of the ExVe.
002

Usually, the requester expresses the availability and expected performance related to the requested

ExVe functionality without any restriction with regard to the life-cycle phases of the extended vehicle

when accessing data.

The ExVe manufacturer shall determine the impact of the integration of this functionality throughout

the life cycle of the vehicle (see Figure 3) and therefore determine possible incompatibilities of the

request considered in the situations not mentioned by the requester (e.g. manufacturing, maintenance,

recycling).

The result of this analysis can cause a reduction in performances and availability of the requested ExVe

functionality.

NOTE 1 Design and production phases are identified on the left part of this figure.

8 © ISO 2018 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 20077-2:2018(E)
NOTE 2 After sales phases are identified on the right part of this figure.
Figure 3 — Illustration of the life cycle phases of an extended vehicle
EXAMPLE of BP_004 contribution to the safety rule (see Figure 4):

This example illustrates possible mistaken remote activations that need to be assessed by the ExVe

manufacturer.

Mistaken remote activation by a provider of vehicle in « before sale » situation as in factory or show

room shall be avoided. Depending of vehicle and functionality activated, there can be major safety

risks for the people inside or outside of the vehicle as for goods. To avoid that, the ExVe functionality

has to be activated only by the authorized person in the considered situation.

In Figure 5, a wrong VIN is entered by the technician for accessing a vehicle in service. This incorrect

VIN may be the correct VIN of a vehicle still in production. This error may lead to critical issues dur-

ing the production phase of that vehicle.
Figure 4 — Example of a potential risk addressed by BP_004
8.4 Basic principle related to remote access

BP_005 The ExVe manufacturer is responsible for managing the additional risks within the ExVe

that are attributed to an existing functionality when this functionality becomes remote-

002
ly available.

A remote access can lead to operations in certain conditions in which the current status and the

environment of the vehicle cannot be established.

In certain situations, this could cause damage to the vehicle, other vehicles or injuries to the passengers

or people around the vehicle.

This may be the case for example of functionalities that control the engine injection system, the

electronic brakes valves, or a simple function like operating an electric window.

© ISO 2018 – All rights reserved 9
---------------------- Page: 14 ----------------------
ISO 20077-2:2018(E)

A fundamental analysis of the additional risks associated with the ExVe functionality is therefore

essential prior to the design.
EXAMPLE of BP_005 contribution to the safety rule (see Figure 5):

In the example of Figure 5, when the diagnosis of a vehicle is performed in the after-sales workshop

(“situation 1”), a professional can decide to control an engine injector after a prior visual inspection

of the vehicle.

This same functionality could be performed using a remote access through the extended vehicle

when the vehicle is stopped on the roadside (“situation 2”). In this situation, howeve

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.