ISO 15031-7:2013

INTERNATIONAL ISO
STANDARD 15031-7
Second edition
2013-07-15
Road vehicles — Communication
between vehicle and external
equipment for emissions-related
diagnostics —
Part 7:
Data link security
Véhicules routiers — Communications entre un véhicule et un
équipement externe pour le diagnostic relatif aux émissions —
Partie 7: Sécurité de la liaison de données
Reference number
©
ISO 2013
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, and abbreviated terms . 2
3.1 Terms and definitions . 2
3.2 Abbreviated terms . 3
4 Conventions . 3
5 Document overview. 3
6 Technical requirements . 5
6.1 General . 5
6.2 Security characteristics . 5
6.3 Security implementation . 5
Bibliography . 6
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
The committee responsible for this document is ISO/TC 22, Road vehicles, Subcommittee SC 3, Electrical
and electronic equipment.
This second edition cancels and replaces the first edition (ISO 15031-7:2001) of which has been
technically revised.
ISO 15031 consists of the following parts, under the general title Road vehicles — Communication between
vehicle and external equipment for emissions-related diagnostics:
— Part 1: General information and use case definition
— Part 2: Guidance on terms, definitions, abbreviations and acronyms
— Part 3: Diagnostic connector and related electrical circuits, specification and use
— Part 4: External test equipment
— Part 5: Emissions-related diagnostic services
— Part 6: Diagnostic trouble code definitions
— Part 7: Data link security
iv © ISO 2013 – All rights reserved

Introduction
0.1 Overview
ISO 15031 consists of a number of parts which, taken together, provide a coherent self-consistent set of
specifications to facilitate emissions-related diagnostics. ISO 15031-1 provides an introduction to the
series of International Standards. ISO 15031-2 through ISO 15031-7 are based on Society of Automative
Engineers (SAE) recommended practices. This part of ISO 15031 is based on SAE J2186:1996, E/E Data
Link Security.
The ISO 15031 document set includes the communication between the vehicle’s On-Board Diagnostics
(OBD) systems and test equipment implemented across vehicles within the scope of the legislated
emissions-related OBD.
To achieve this, it is based on the Open Systems Interconnection (OSI) Basic Reference Model in accordance
with ISO/IEC 7498-1 and ISO/IEC 10731, which structures communication systems into seven layers.
When mapped on this model, the services specified by ISO 15031 are broken into the following:
— Diagnostic services (layer 7), specified in:
— ISO 15031-5 (emissions-related OBD);
— ISO 27145-3 (WWH-OBD);
— Presentation layer (layer 6), specified in:
— ISO 15031-2, SAE J1930-DA;
— ISO 15031-5, SAE J1979-DA;
— ISO 15031-6, SAE J2012-DA;
— ISO 27145-2, SAE J2012-DA;
— Session layer services (layer 5), specified in:
— ISO 14229-2 supports ISO 15765-4 DoCAN and ISO 14230-4 DoK-Line protocols;
— ISO 14229-2 is not applicable to the SAE J1850 and ISO 9141-2 protocols;
— Transport layer services (layer 4), specified in:
— DoCAN: ISO 15765-2 Transport protocol and network layer services;
— SAE J1850: ISO 15031-5 Emissions-related diagnostic services;
— ISO 9141-2: ISO 15031-5 Emissions-related diagnostic services;
— DoK-Line: ISO 14230-4, ISO 15031-5 Emissions-related diagnostic services;
— Network layer services (layer 3), specified in:
— DoCAN: ISO 15765-2 Transport protocol and network layer services;
— SAE J1850: ISO 15031-5 Emissions-related diagnostic services;
— ISO 9141-2: ISO 15031-5 Emissions-related diagnostic services;
— DoK-Line: ISO 14230-4, ISO 15031-5 Emissions-related diagnostic services;
— Data link layer (layer 2), specified in:
— DoCAN: ISO 15765-4, ISO 11898-1, ISO 11898-2;
— SAE J1850;
— ISO 9141-2;
— DoK-Line: ISO 14230-2;
— Physical layer (layer 1), specified in:
— DoCAN: ISO 15765-4, ISO 11898-1, ISO 11898-2;
— SAE J1850;
— ISO 9141-2;
— DoK-Line: ISO 14230-1;
in accordance with Table 1.
Table 1 — Legislated emissions-related OBD/WWH-OBD diagnostic specifications applicable to
the OSI layers
Emissions-related WWH-
Applicabil- Emissions-related OBD communication
OSI 7 layers OBD communication
ity requirements
requirements
Application (layer
ISO 15031-5 ISO 27145-3
7)
ISO 15031-2, ISO 15031-5, ISO 15031-6 ISO 27145-2
Presentation
SAE J1930-DA / SAE J1979-DA SAE J1930-DA / SAE J1979-DA
(layer 6)
Seven layer
SAE J2012-DA SAE J2012-DA
according to
ISO/IEC Session (layer 5) Not Applicable ISO 14229-2
7498-1
Transport (layer
and
ISO ISO ISO ISO
4)
ISO 15031-5
ISO/IEC
14230-4 15765-2 15765-2 13400-2
Network (layer 3)
ISO ISO
ISO
ISO 15765-4 ISO 27145-4
Data link (layer 2)
14230-2
SAE ISO 11898-1, 11898-1, ISO
J1850 9141-2 ISO ISO 13400-3
ISO
Physical (layer 1)
11898-2 11898-2
14230-1
0.2 SAE document reference concept
ISO 15031 references several SAE documents which contain all terms, data, and diagnostic trouble code
(DTC) definitions.
See Figure 1 with the following definition of content in ISO 15031-2, ISO 15031-5, and ISO 15031-6:
— SAE J1930: this document is concerned with a procedure for naming objects and systems and
with the set of words from which names are built. It references SAE J1930-DA which contains all
standardized naming objects, terms, and abbreviations.
— SAE J1979: this document is concerned with the definition of emissions-related diagnostic services
(diagnostic test modes). It references SAE J1979-DA which contains all standardized data items like
Parameter IDs, Test IDs, Monitor IDs, and InfoType IDs.
— SAE J2012: this document is concerned with the procedure for defining emissions-related diagnostic
trouble codes. It references SAE J2012-DA which contains all standardized data items like DTCs and
failure type bytes (FTBs).
vi © ISO 2013 – All rights reserved

ISO 15031-2
ISO 15031-5 ISO 15031-6
Terms, de
initions,
Emissions-related Diagnostic trouble
abbreviations, and
diagnostic services code (DTC ) de
initions
acronyms
SAE J2012-DA
SAE J1930-DA SAE J1979-DA
Emissions-related
Emissions-related Emissions-relate d
diagnostic trouble
acronym de
inition data de
inition
code de
inition
SAE J1930
SAE J2012
SAE J1979
Terms, de
initions,
Emissions-related Diagnostic trouble
abbreviations, and
diagnostic services code (DTC) de
initions
acronyms
Key
1 SAE Digital Annexes
Figure 1 — SAE Digital Annex document reference
OBD regulations require passenger cars and light, medium, and heavy-duty trucks to support a minimum
set of diagnostic information to external (off-board) “generic” test equipment.
0.3 SAE J1979-DA (Digital Annex)
This part of ISO 15031 references the SAE J1979-DA. The SAE J1979-DA is concerned with the definitions of
— Parameter Identifiers (PIDs),
— Test Identifiers (TIDs),
— OBD Monitor Identifiers (OBDMIDs),
— Unit and Scaling Identifiers (UASIDs), and
— INFOTYPEs (INFOTYPEs).
0.4 SAE Digital Annex revision procedure
New emissions-related regulatory requirements drive new in-vehicle technology to lower emissions.
New technology related OBD monitor data and DTCs need to be standardized to support the external
(off-board) “generic” test equipment. All relevant information is proposed by the automotive industry
represented by members of the appropriate SAE task force.
The revision request form and instructions for updating the Registers to ISO 15031-5 can be obtained
on the Registration Authority’s website at:
http://www.sae.org/servlets/works/committeeHome.do?comtID=TEVDS14
The column titled “Resources” shows a document with the title: J1979-DA_Revision_Request_Form.doc.
Double click on the name and you will be asked to download the document with the filename:
SAE_J1979-DA_Revision_Request_Form.doc
Fill out the revision request form with your request.
Please send an email with the completed revision request form as an attachment to:
SAE Headquarters
755 West Big Beaver Road
Suite 1600
Troy, MI 48084-4093, USA
Fax: +1 (248) 273-2494
Email: saej1979@sae.org
viii © ISO 2013 – All rights reserved

INTERNATIONAL STANDARD ISO 15031-7:2013(E)
Road vehicles — Communication between vehicle and
external equipment for emissions-related diagnostics —
Part 7:
Data link security
1 Scope
This part of ISO 15031 gives guidelines for the protection of road vehicle modules from unauthorized
intrusion through a vehicle diagnostic data link. These security measures offer vehicle manufacturers the
flexibility to tailor their security to their own specific needs and do not exclude other, additional measures.
This part of ISO 15031 applies to vehicle modules whose solid-state memory contents are able to be
altered from outside the electronic module through a diagnostic data communication link. Such alteration
could potentially damage a vehicle’s electronics or other components, placing at risk its compliance with
government legislation or the vehicle manufacturer’s interests in respect of security.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 9141-2, Road vehicles — Diagnostic systems — Part 2: CARB requirements for interchange of digital
information
ISO 11898-1, Road vehicles — Controller
...