ISO/TC 22/SC 31/WG 6 - Extended vehicle/Remote diagnostics

This document identifies criteria that can be considered for assessing the risks related to solutions for remote access to road vehicles, including extended vehicles (ExVe) and their implementation. Internal communication within the vehicle or the ExVe is out of the scope of this document. Cybersecurity risks related to the VM infrastructure (except the elements that are part of the extended vehicle) and the road-side equipment are out of the scope of this document. The criteria identified in this document are also applicable in the case of a risk assessment related to the specification of remote communication solutions, for example a technical standard. The list of criteria that is provided can be considered as sufficiently comprehensive but not exhaustive, from a global point of view, to allow coherent risk mitigation, if such mitigation is necessary. This document does not suggest nor specify any methodology for performing a risk assessment. It does not aim at replacing any methodology, technical specification or standard relative to one or other specific type of risks (for example cyber security risks).

This document presents the assessment of the safety, security, competition, responsibilities, and data protection risks that can originate from the ISO 20078 series. In particular, the following risks are outside the scope of this assessment, because they relate to elements that are excluded from the scope of the ISO 20078 series: — the risks associated with the implementation of the ISO 20078 series; — the risks associated with the process that the accessing parties or any other parties would later on use to communicate the information they obtained; — the risks associated with the process used by the resource owner to provide, modify, or revoke their authorization to pass information; — the risks associated with the mitigation of the risks, should such a mitigation be necessary.

This document defines how to authenticate users and Accessing Parties on a web services interface. It also defines how a Resource Owner can delegate Access to its Resources to an Accessing Party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection. All conditions and dependencies of the roles are defined towards a reference implementation using OAuth 2.0 compatible framework and OpenID Connect 1.0 compatible framework.

This document describes the processes of an Offering Party's implementation to provide (ISO 20078‑2) Access controlled (ISO 20078-3) Resources (ISO 20078‑1) to Accessing Parties. The processes are summarized as: Registration of different stakeholder as well as granting, denying and revoking of Access to Resources. Those processes are held as examples of combining ISO 20078‑1, ISO 20078‑2 and ISO 20078‑3 and can vary depending on the actual implementation of the Offering Party.

This document specifies general requirements and constraints applicable to a remote diagnostic process, the use cases and scenarios to support the implementation of a remote diagnostic process using a standardized interface of the ExVe. It concerns: — the road vehicles with four or more wheels designed and constructed primarily for the carriage of persons that are defined as Category 1 vehicles in the United Nations Special Resolution No.1 in TRANS/WP.29/1045, as last amended on 19 June 2012, and — the road vehicle with four or more wheels designed and constructed primarily for the carriage of goods that are defined as Category 2 vehicles in the United Nations Special Resolution No.1 in TRANS/WP.29/1045, as last amended on 19 June 2012, where these road vehicles are still in accordance with the specifications of the vehicle manufacturer. This document does not define the interfaces provided by the ExVe nor the internal implementation inside the ExVe. Processes like repair, prognostics, monitoring, configuration, re-programming and variant coding are not part of this document. The prerequisites (e.g. authentication and authorization) for all use cases are not covered within this document. A possible specification of the required content for the implementation of a remote diagnostic application using the web interface of the ExVe according to ISO 20078 is given in Annex A.

This document defines how to access Resources on a Web services interface of an Offering Party using the Hypertext Transfer Protocol Secure (HTTPS). For such an access, the Representational State Transfer (REST) architectural pattern is chosen as a common way to format Resource paths. Some specific extensions to this pattern are defined to allow for asynchronous Resource requests, such as, for example, forcing readouts of data from a connected vehicle.

This document defines the different concepts, entities and roles involved in implementing and delivering ExVe web services. In addition, it also gives an overview of the necessary activities that should be executed by the different roles involved and a logical order for those activities. This document defines the concept of identifiers (direct and correlated), different Resource categories (e.g. personal, vehicle related, pseudonymized and anonymized Resources) and different approaches on how to bundle sharable Resources (e.g. Resource Group or Container).

ISO 20077-2:2018 specifies general rules and basic principles the manufacturer of the extended vehicle (ExVe) considers when elaborating its own design method. It does not specify the manner in which these design methods are drafted and implemented. ISO 20077-2:2018 specifies by means of a template the necessary information that is communicated to the ExVe manufacturer for requesting the design of a new ExVe functionality. It also specifies, by means of a template, the information the ExVe manufacturer provides for responding to that request. ISO 20077-2:2018 does not specify the process leading to the elaboration of the request information nor the process associated to communication of the response information. ISO 20077-2:2018 concerns the design of the extended vehicles mentioned in the scope of ISO 20077‑1, regardless of the type of communication interface which is used between the ExVe and external systems or parties. It does not concern the internal communication of the ExVe. It does not standardize the implementation of software or hardware nor preclude any technical solution the ExVe manufacturer might select when designing a new ExVe functionality. ISO 20077-2:2018 relates to the design and production phases of a vehicle, where these phases include the subsequent design upgrades by the ExVe manufacturer of vehicle models, variants, or types still in production. NOTE Should new interfaces for remote communication with the vehicle become mandatory, then this document is also applicable for designing the requested ExVe functionalities.

ISO 20077-1:2017 defines the concepts and the terms related to extended vehicles. ISO 20077-1:2017 presents general information regarding these vehicles, specifies the dedicated terminology and describes the interrelation with other standards related to extended vehicles. ISO 20077-1:2017 concerns: - road vehicles with four or more wheels designed and constructed primarily for the carriage of persons that are defined as Category 1 vehicles in the United Nations Special Resolution No.1 in TRANS/WP.29/1045, as last amended on 19 June 2012; - road vehicles with four or more wheels designed and constructed primarily for the carriage of goods that are defined as Category 2 vehicles in the United Nations Special Resolution No.1 in TRANS/WP.29/1045, as last amended on 19 June 2012, where these road vehicles are still in accordance with the specifications of the vehicle manufacturer. While this document mentions already standardized interfaces and devices (e.g. external test equipment) connected to these interfaces, the specification of these interfaces and devices is not within the scope of this document.