SAE J1760-2001 Data Security Services.pdf
《SAE J1760-2001 Data Security Services.pdf》由会员分享,可在线阅读,更多相关《SAE J1760-2001 Data Security Services.pdf(11页珍藏版)》请在三一文库上搜索。
1、SAE Technical Standards Board Rules provide that: “This report is published by SAE to advance the state of technical and engineering sciences. The use of this report is entirely voluntary, and its applicability and suitability for any particular use, including any patent infringement arising therefr
2、om, is the sole responsibility of the user.” SAE reviews each technical report at least every five years at which time it may be reaffirmed, revised, or cancelled. SAE invites your written comments and suggestions. TO PLACE A DOCUMENT ORDER: +1 (724) 776-4970 FAX: +1 (724) 776-0790 SAE WEB ADDRESS h
3、ttp:/www.sae.org Copyright 2001 Society of Automotive Engineers, Inc. All rights reserved.Printed in U.S.A. SURFACE VEHICLE 400 Commonwealth Drive, Warrendale, PA 15096-0001 RECOMMENDED PRACTICE J1760 ISSUED DEC2001 Issued2001-12 Data Security Services ForewordThe ISO/CD 15764 Road vehicles Extended
4、 data link security International Standard requires Security Services for all data transfer between a vehicle and a diagnostic scan tool. In summary, this standard requires Authentication of the scan tool and the vehicle by a Certification Authority and all communication interchange of data to use a
5、n encryption method for every instance or session of use. The objective of this SAE J1760 Recommended Practice is to require the use of these same Security Services modified by the Class of Security required by the data to be exchanged as determined by the Resource Provider. This document requires o
6、nly a one time Authentication of Security Services for the installation of an IDB Device. For a background discussion on the problem scenarios that require security, see Appendix A. TABLE OF CONTENTS 1.Scope. 2 1.1The IDB 3 1.2IDB Device . 3 1.3Classes of Security. 3 1.4Theft Deterrent . 3 1.5Compat
7、ible IDB Devices. 3 1.6Data Security Service Execution 4 2.References. 4 2.1Applicable Documents4 2.2Related Publications. 4 3.Definitions.4 3.1Access 4 3.2Authenticated Device . 4 3.3Authentication. 4 3.4Certification Authority . 4 3.5Ciphertext .4 3.6Classes of Security. 5 3.7Decryption 5 3.8Devic
8、e Resource Privileges 5 3.9Eavesdropping . 5 3.10Encryption 5 3.11Hash Function 5 3.12IDB Device . 5 SAE J1760 Issued DEC2001 -2- 3.13IDB Gateway.5 3.14Manipulation .5 3.15Masquerading.5 3.16Passwords or PINs .5 3.17Private Encryption Key .5 3.18Private Key .5 3.19Proxy.5 3.20Public Encryption Key.5
9、 3.21Public Key.5 3.22Resource Provider5 3.23Security Breach 5 3.24Security Service5 3.25Symmetric Key6 4.Abbreviations/Acronyms.6 5.Functional Requirements 6 5.1Authentication.6 5.2Access 6 5.3Message Security .6 5.4Security Breach Avoidance.6 5.5Vehicle Device Transfer6 5.6Usability 7 6.Security M
10、odel7 6.1Security Levels of IDB Device Resources 7 6.2Enabling Security8 6.3Disabling Security.8 6.4Process of authentication by Certification Authority .8 6.5The Process to Establish an Ability to Conduct Secured Communication on the IDB Network between Device Pairs9 Appendix A Problem Scenarios th
11、at Require Security.10 A.1Background.10 A.2Need for Data Security .10 A.3Assure Proper Function 10 A.4Disable and discourage the use of stolen ITS modules10 1.ScopeThe scope of this SAE Recommended Practice is to require the use of the same Security Services as defined by the International Standard
12、ISO/CD 15764, modified by the Class of Security as determined by the resource provider and referenced in Table 1, Extended Data Link Security References. TABLE 1EXTENDED DATA LINK SECURITY INTERNATIONAL STANDARD ISO/CD 15764 REFERENCES ParameterReferencesValues Hashing FunctionISO/IEC 9797-2 ISO/IEC
13、 10118-3 Symmetric Key ANSI X 9.52128 bits Public KeyISO/IEC 11770-1 ISO/IEC 11770-3 1024 bits modulus 1024 bits exponent Private KeyISO/IEC 11770-11024 bits modulus 1024 bits exponent SAE J1760 Issued DEC2001 -3- 1.1The IDB GatewayThe IDB Gateway shall be considered an IDB Device operating on the I
14、DB network. This SAE J1760 Data Security Services Recommended Practice defines security, when deemed necessary, between devices on the IDB, as granted by the resource providers. The Security Services required between the IDB Gateway and the vehicle are not within the scope of this document. 1.2IDB D
15、evice FunctionsThe device functions may be represented by “proxy”. Therefore devices such as those that are connected to the IDB may be a communication mechanism, external to the bounded vehicle communication system and shall by “proxy” be protected by the Authentication of Security Services require
16、d by this document. The Security Services required between the IDB network and outside the bounded vehicle communication system shall be within the scope of this document. (Reference Figure 1 for a data security services system diagram.) 1.3Classes of SecurityVarious capabilities (messages) shall be
17、 protected by different classes of security as required by 6.1. Security Services, which involve the transmission and/or reception of only Class 0 resources, are not within the scope of this document. 1.4Theft DeterrentThe data security services shall provide a mechanism that will discourage the the
18、ft of IDB Devices FIGURE 1DATA SECURITY SERVICE SYSTEM DIAGRAM 1.5Compatible IDB DevicesAll IDB Devices operating on the IDB network that claim to be IDB compatible and utilize resources from an IDB compatible device shall comply with the requirements set forth in this Recommended Practice. SAE J176
19、0 Issued DEC2001 -4- 1.6Data Security Service ExecutionThis Recommended Practice defines the functional requirements for providing data security service execution with IDB Devices. The methods used in implementing these services are found in the ISO/CD 15764 Road vehicles Extended data link security
20、 International Standard. 2.References 2.1Applicable PublicationsThe following publications form a part of this specification to the extent specified herein. Unless otherwise indicated, the latest version of SAE publications shall apply. 2.1.1SAE PUBLICATIONAvailable from SAE, 400 Commonwealth Drive,
21、 Warrendale, PA 15096-0001 SAE J2355ITS Data Bus Architecture Reference Model 2.1.2ANSI PUBLICATIONAvailable from ANSI, 25 West 43rd Street, New York, NY 10036-8002 ANSI X9.52American National Standard for Financial ServicesTriple Data Encryption Algorithm Modes of Operation 2.1.3ISO PUBLICATIONSAva
22、ilable from ANSI, 25 West 43rd Street, New York, NY 10036-8002. ISO/CD 15764Road vehiclesExtended data link security ISO/IEC9797-2Information technologySecurity techniquesData integrity mechanism using a cryptographic check function emplopying a block cipher algorithm ISO/IEC10118-3Information techn
23、ologySecurity techniquesHash-functionsPart 3: Dedicated hash-functions ISO/IEC 11770-1Information technologySecurity techniquesKey managementPart 1: Framework ISO/IEC11770-3Information technologySecurity techniquesKey managementPart 3: Mechanisms using asymmetric techniques 2.2Related PublicationsTh
24、e following publications are provided for information purposes only and are not a required part of this document. 2.2.1SAE PUBLICATIONSAvailable from SAE, 400 Commonwealth Drive, Warrendale, PA 15096-0001. SAE J2366 and all its parts SAE J2367IDB Gateway SAE J2590PMODE for In-Vehicle Networks 3.Defi
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- SAE J1760-2001 Data Security Services J1760 2001
链接地址:https://www.31doc.com/p-3678283.html