ISO 15764:2004(E)
© ISO 2004 – All rights reserved v
Introduction
This International Standard is intended initially to supplement ISO 15031-7 in extending the security provisions
of, and facilitating access to, remote sources of sensitive data. PC-based external test equipment based on
ISO 15031-4, modified to incorporate the facilities described herein, could then access the vehicle using the
challenge-response provisions of ISO 15031-7, and the remote source using the extended security offered by
the present document.
While this would fully protect the transmission of data from the remote source to the external test equipment, it
would leave the data between the external test equipment and the vehicle unprotected, which might be
acceptable in a controlled environment. Where the electronic control unit (ECU) is capable of supporting the
encryption/decryption burden of full PKI infrastructure, this International Standard offers end-to-end security in
an open system in which the participants are not previously known to each other. It also includes provisions
for end-to-end security in a closed system where the symmetrical key is established with both participants
prior to use and the computing burden is reduced.
It is anticipated that this International Standard will be used, for example, by a vehicle manufacturer to send
data to a franchised dealer to enable the programming of an unprogrammed stock ECU or to release
immobiliser re-setting codes to approved users. Ultimately, it would protect over-air messages sent directly to
a vehicle for software corrections, service interrogation or other remote services.
In the vehicle manufacturer’s case, the present document extends the provisions of ISO 15031-7 in respect of
data link security to cover the access to data remote from the vehicle, such as that contained in a
manufacturer’s database — extensions which allow for control and monitoring of such access and thus
enhance the security of the data itself. No matter whether the amount of data is small, as in gaining entry to
the vehicle, or large, as in a complete code download for powertrain control, it establishes uniform practice for
protecting vehicle modules from unauthorized intrusion through a vehicle data link. The security system
described represents a recommendation for motor vehicle manufacturers while providing the flexibility for
them to tailor their systems to their specific needs.
The vehicle modules addressed are those able to of have solid state memory contents accessed through a
data communication link. Improper memory content alteration could potentially damage the electronics or
other vehicle components; or risk the vehicle compliance to government legislated requirements or the vehicle
manufacturer's security interests. Improper access to secure information could compromise security and
privacy of the vehicle or operator.
Other applications are envisaged. In many cases there will be a need for secured data transmission on
internal vehicle communication networks such as CAN (controller area network), and between after-market
equipment on the one hand, and components of the initial vehicle electronics or other-after market equipment
on the other. In particular, this document can be used to enable a tachograph reader to authenticate the data
sent by the on-vehicle recorder of the tachograph, for example, in tolling applications. It defines the
procedures to establish and use a secured data link and the specific security related data elements. It is
communication protocol independent. Another possible implementation is given by the
SecuredDataTransmission (84 hex) service defined in ISO 14229-1 on diagnostic services, with whose
defined properties its specification of data elements is in line.
Copyright International Organization for Standardization
Reproduced by IHS under license with ISO
No reproduction or networking permitted without license from IHS
--`,,,,,,-`-`,,`,,`,`,,`---
评论1