Road Vehicle
WITHDRAWN ISO 20828:2006
Road vehicles — Security certificate management
https://www.iso.org/standard/41891.html
####Normative Reference
ISO 3779, Road vehicles — Vehicle identification number (VIN) — Content and structure
ISO 3780, Road vehicles — World manufacturer identifier (WMI) code
ISO/IEC 8824-1, Information technology — Abstract Syntax Notation One (ASN.1) — Part 1: Specification of basic notation
ISO/IEC 8824-2, Information technology — Abstract Syntax Notation One (ASN.1) — Part 2: Information object specification
ISO/IEC 8824-3, Information technology — Abstract Syntax Notation One (ASN.1) — Part 3: Constraint specification
ISO/IEC 9594-2, Information technology — Open Systems Interconnection — Part 2:The Directory: Models
ISO/IEC 9594-8, Information technology — Open Systems Interconnection — Part 8: The Directory: Public-key and attribute certificate frameworks
ISO/IEC 15408-3, Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements
ISO 15764, Road vehicles — Extended data link security
IETF RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, R. Housley, W. Polk, W. Ford, D. Solo, April 2002
IETF RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, W. Polk, R. Housley, L. Bassham, April 2002
##ISO 15031-7:2013
Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 7: Data link security
https://www.iso.org/standard/62489.html
Normative Reference
ISO 9141-2, Road vehicles — Diagnostic systems — Part 2: CARB requirements for interchange of digital information
ISO 11898-1, Road vehicles — Controller area network (CAN) — Part 1: Data link layer and physical signalling
ISO 11898-2, Road vehicles — Controller area network (CAN) — Part 2: High-speed medium access unit
ISO 14229-2, Road vehicles — Unified diagnostic services (UDS) — Part 2: Session layer services
ISO 14230-2, Road vehicles — Diagnostic communication over K-Line (DoK-Line) — Part 2: Data link layer
ISO 14230-4, Road vehicles — Diagnostic systems — Keyword Protocol 2000 — Part 4: Requirements for emission-related systems
ISO 15031-2, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 2: Guidance on terms, definitions, abbreviations and acronyms
ISO 15031-5, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 5: Emissions-related diagnostic services
ISO 15031-6, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 6: Diagnostic trouble code definitions
ISO 15765-2, Road vehicles — Diagnostic communication over Controller Area Network (DoCAN) — Part 2: Transport protocol and network layer services
ISO 15765-4, Road vehicles — Diagnostic communication over Controller Area Network (DoCAN) — Part 4: Requirements for emissions-related systems
ISO 27145-2, Road vehicles — Implementation of World-Wide Harmonized On-Board Diagnostics (WWH-OBD) communication requirements — Part 2: Common data dictionary
ISO 27145-3, Road vehicles -- Implementation of World-Wide Harmonized On-Board Diagnostics (WWH-OBD) communication requirements — Part 3: Common message dictionary
ISO/IEC 7498-1, Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model
ISO/IEC 10731, Information technology — Open Systems Interconnection — Basic Reference Model — Conventions for the definition of OSI services
SAE J1850-DA, Digital Annex of Class B Data Communications Network Interface
SAE J1930-DA, Digital Annex of Electrical/Electronic Systems Diagnostic Terms, Definitions, Abbreviations, and Acronyms
SAE J1979-DA, Digital Annex of E/E Diagnostic Test Modes
SAE J2012-DA, Digital Annex of Diagnostic Trouble Code Definitions and Failure Type Byte Definitions
####Bibliography
[1] ISO 14229-1, Road vehicles — Unified diagnostic services (UDS) — Part 1: Specification and requirements
[2] ISO 15031-1, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 1: General information and use case definition
[3] ISO 15031-3, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 3: Diagnostic connector and related electrical circuits, specification and use
[4] ISO 15031-4, Road vehicles — Communication between vehicle and external equipment for emissions-related diagnostics — Part 4: External test equipment
##ISO 20078-3:2021(withdraw 2019)
ISO 20078-3:2021
Road vehicles — Extended vehicle (ExVe) web services — Part 3: Security
https://www.iso.org/standard/80185.html
Normative Reference
ISO 20078-1, Road vehicles — Extended vehicle (ExVe) ‘web services’ — Content
Bibliography
[1] The OAuth 2.0 Authorization Framework, RFC 6749, Internet Engineering Task Force (IETF); October 2012; https://tools.ietf.org/html/rfc6749
[2] OpenID Connect Core 1.0 incorporating errata set 1, OpenID Foundation; November 8, 2014; http://openid.net/specs/openid-connect-core-1_0.html
[3] Web Key JSON (JWK), RFC 7517, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7517
[4] OAuth 2.0 Token Introspection, RFC 7662, Internet Engineering Task Force (IETF); October 2015; https://tools.ietf.org/html/rfc7662
[5] Web Algorithms JSON (JWA), RFC 7518, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7518
[6] OAuth 2.0 Threat Model and Security Considerations, RFC 6819, Internet Engineering Task Force (IETF); January 2013; https://tools.ietf.org/html/rfc6819
[7] OAuth 2.0 Token Revocation, RFC 7009, Internet Engineering Task Force (IETF); August 2013; https://tools.ietf.org/html/rfc7009
[8] Web Signature JSON (JWS), RFC 7515, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7515
[9] The OAuth 2.0 Authorization Framework: Bearer Token Usage, RFC 6750, Internet Engineering Task Force (IETF); October 2012; https://tools.ietf.org/html/rfc6750
[10] Proof Key for Code Exchange by OAuth Public Clients, RFC 7636, Internet Engineering Task Force (IETF); September 2015; https://tools.ietf.org/html/rfc7636
[11] Web Token JSON (JWT), RFC 7519, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7519
[12] ISO 20078-2, Road vehicles — Extended vehicle (ExVe) ‘web services’ — Access
[13] IEEE 1003.1:2016 Edition — Standard for Information Technology — Portable Operating System Interface (POSIX®) Base Specifications, Issue 7
##ISO/TR 23791:2019
Road vehicles — Extended vehicle (ExVe) web services — Result of the risk assessment on ISO 20078 series
https://www.iso.org/standard/76962.html
####Bibliography
[1] ISO 20077-1:2017, Road Vehicles — Extended vehicle (ExVe) methodology — Part 1: General information
[2] ISO 20077-2:2018, Road Vehicles — Extended vehicle (ExVe) methodology — Part 2: Methodology for designing the extended vehicle
[3] ISO/TR 23786, Road vehicles — Solutions for remote access to vehicle — Criteria for risks assessment1
[4] ISO 20078-1:2019, Road vehicles — Extended vehicle (ExVe) web services — Part 1: Content
[5] ISO 20078-2:2019, Road vehicles — Extended vehicle (ExVe) web services — Part 2: Access
[6] ISO 20078-3:2019, Road vehicles — Extended vehicle (ExVe) web services — Part 3: Security
[7] ISO 20080, Road vehicles — Information for remote diagnostic support — General requirements, definitions and use cases
[8] ISO/SAE 21434, Road Vehicles — Cybersecurity engineering1)
[9] SP 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST
##ISO/TR 23786:2019
Road vehicles — Solutions for remote access to vehicle — Criteria for risk assessment
https://www.iso.org/standard/76961.html
####Bibliography
[1] ISO 20077-1:2017, Road Vehicles — Extended vehicle (ExVe) methodology — Part 1: General information
[2] ISO 20077-2:2018, Road Vehicles — Extended vehicle (ExVe) methodology — Part 2: Methodology for designing the extended vehicle
[3] ISO 20078-1:2019, Road vehicles — Extended vehicle (ExVe) web services — Part 1: Content
[4] ISO/SAE AWI 21434, Road Vehicles — Cybersecurity engineering
[5] TFCS-05-05-Rev2 (Chair) Table on CS threats - with explanations and draft definitions https://wiki.unece.org/download/attachments/44269802/TFCS-05-05-Rev2%20%28Chair%29%20Table%20on%20CS%20threats%20-%20with%20explanations%20and%20draft%20definitions.xlsx?api=v2
[6] NIST Special Publication 800-160, November 2016 (including updates as of January 3, 2018) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
[7] ENISA European Union Agency for Network and Information Security,
##withdrawn ISO 15764:2004
Road vehicles — Extended data link security
https://www.iso.org/standard/28775.html
IETF RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, R. Housley, W. Polk, W. Ford, D. Solo, April 2002
4 References
[FIPS 180-1] Federal Information Processing Standards Publication (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.[Supersedes FIPS PUB 180 dated 11 May 1993.]
[FIPS 186-2] Federal Information Processing Standards Publication (FIPS PUB) 186, Digital Signature Standard, 27 January 2000. [Supersedes FIPS PUB 186-1 dated 15 December 1998.]
[P1363] IEEE P1363, "Standard Specifications for Public-Key Cryptography", 2001.
[RC95] Rogier, N. and Chauvaud, P., "The compression function of MD2 is not collision free," Presented at Selected Areas in Cryptography '95, May 1995.
[RFC 1034] Mockapetris, P., "Domain Names - Concepts and Facilities", STD 13, RFC 1034, November 1987.
[RFC 1319] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, April 1992.
[RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC
1321, April 1992.
[RFC 1422] Kent, S., "Privacy Enhancement for Internet Electronic
Mail: Part II: Certificate-Based Key Management", RFC
1422, February 1993.
[RFC 1423] Balenson, D., "Privacy Enhancement for Internet
Electronic Mail: Part III: Algorithms, Modes, and
Identifiers", RFC 1423, February 1993.
[RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC 2313] Kaliski, B., "PKCS #1: RSA Encryption Version 1.5",
RFC 2313, March 1998.
[RFC 2459] Housley, R., Ford, W., Polk, W. and D. Solo "Internet
X.509 Public Key Infrastructure: Certificate and CRL
Profile", RFC 2459, January, 1999.
[RFC 3174] Eastlake, D. and P. Jones, "US Secure Hash Algorithm 1
(SHA1)", RFC 3174, September 2001.
[RFC 3280] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002.
[SDN.701r] SDN.701, "Message Security Protocol 4.0", Revision A
1997-02-06.
[X.208] CCITT Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1), 1988.
[X.660] ITU-T Recommendation X.660 Information Technology -
ASN.1 encoding rules: Specification of Basic Encoding
Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER), 1997.
[X9.42] ANSI X9.42-2000, "Public Key Cryptography for The
Financial Services Industry: Agreement of Symmetric
Keys Using Discrete Logarithm Cryptography", December,
1999.
[X9.62] X9.62-1998, "Public Key Cryptography For The Financial
Services Industry: The Elliptic Curve Digital
Signature Algorithm (ECDSA)", January 7, 1999.
[X9.63] ANSI X9.63-2001, "Public Key Cryptography For The
Financial Services Industry: Key Agreement and Key
Transport Using Elliptic Curve Cryptography", Work in
Progress.
IETF RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, W. Polk, R. Housley, L. Bassham, April 2002
[1] The OAuth 2.0 Authorization Framework, RFC 6749, Internet Engineering Task Force (IETF); October 2012; https://tools.ietf.org/html/rfc6749
[3] Web Key JSON (JWK), RFC 7517, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7517
[4] OAuth 2.0 Token Introspection, RFC 7662, Internet Engineering Task Force (IETF); October 2015; https://tools.ietf.org/html/rfc7662
[5] Web Algorithms JSON (JWA), RFC 7518, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7518
[6] OAuth 2.0 Threat Model and Security Considerations, RFC 6819, Internet Engineering Task Force (IETF); January 2013; https://tools.ietf.org/html/rfc6819
[7] OAuth 2.0 Token Revocation, RFC 7009, Internet Engineering Task Force (IETF); August 2013; https://tools.ietf.org/html/rfc7009
[8] Web Signature JSON (JWS), RFC 7515, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7515
[9] The OAuth 2.0 Authorization Framework: Bearer Token Usage, RFC 6750, Internet Engineering Task Force (IETF); October 2012; https://tools.ietf.org/html/rfc6750
[10] Proof Key for Code Exchange by OAuth Public Clients, RFC 7636, Internet Engineering Task Force (IETF); September 2015; https://tools.ietf.org/html/rfc7636
[11] Web Token JSON (JWT), RFC 7519, Internet Engineering Task Force (IETF); May 2015; https://tools.ietf.org/html/rfc7519
Related document
ISO 22320:2018
Security and resilience — Emergency management — Guidelines for incident management
https://www.iso.org/standard/67851.html
Normative Reference
ISO 22300, Security and resilience — Vocabulary
####Bibliography
[1] ISO 22324, Societal security — Emergency management — Guidelines for colour-coded alerts
[2] ISO/TR 22351, Societal security — Emergency management — Message structure for exchange of information
[3] ISO 22397, Societal security — Guidelines for establishing partnering arrangements
[4] ISO 31000, Risk management — Guidelines
ISO 22326:2018
Security and resilience — Emergency management — Guidelines for monitoring facilities with identified hazards
https://www.iso.org/standard/67159.html
Normative Reference
ISO 22300, Security and resilience — Vocabulary
####Bibliography
[1] ISO 13824, Bases for design of structures — General principles on risk assessment of systems involving structures
[2] ISO 22322, Societal security — Emergency management — Guidelines for public warning
[3] ISO 22327,1 Security and resilience — Emergency management — Community-based landslide early warning system
[4] ISO 28002, Security management systems for the supply chain — Development of resilience in the supply chain — Requirements with guidance for use
<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
#文書履歴(document history)
ver. 0.01 初稿 20200814
ver. 0.02 更新 20220102
最後までおよみいただきありがとうございました。
いいね 💚、フォローをお願いします。
Thank you very much for reading to the last sentence.
Please press the like icon 💚 and follow me for your happy life.