Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2020 Directives for standardization — Part 1: Rules for the structure and drafting of standardizing documents.
Attention is drawn to the possibility that some of the elements of this standard may be the subject of patent rights. The issuing body of this standard shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by the Ministry of Industry and Information Technology of the People's Republic of China.
This standard is under the jurisdiction of the National Technical Committee of Auto Standardization (SAC/TC 114).
Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles
1 Scope
This standard specifies the technical requirements and test methods for information security of remote service and management system for electric vehicles.
This standard is applicable to data communication among on-board terminal, vehicle enterprise service and management platform, and public service and management platform of battery electric vehicle, plug-in hybrid electric vehicle and fuel cell electric vehicle.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 19596 Terminology of electric vehicles
GB/T 32960.1-2016 Technical specifications of remote service and management system for electric vehicles — Part 1: General principle
GB/T 32960.3-2016 Technical specifications of remote service and management system for electric vehicles — Part 3: Communication protocol and data format
3 Terms and definitions
For the purposes of this standard, the terms and definitions given in GB/T 19596, GB/T 32960.1-2016, GB/T 32960.3-2016 and the following apply.
3.1
remote service and management system for electric vehicles
system that collects, processes and manages electric vehicle information and provides information services for network users, which consists of public service and management platform, enterprise service and management platform and on-board terminal
[Source: GB/T 32960.1-2016, 3.1]
3.2
public service and management platform
platform established by the national and local governments or their designated agencies for data collection and unified management of electric vehicles within their jurisdiction
[Source: GB/T 32960.1-2016, 3.2]
3.3
enterprise service and management platform
platform where whole vehicle enterprises build or entrust a third-party technical unit to manage the electric vehicles and users within the service scope, and provide safe operation services and management
[Source: GB/T 32960.1-2016, 3.3]
3.4
on-board terminal
device or system which is installed on the vehicle to collect and save the key state parameters of the whole vehicle and system components and send them to the platform
[Source: GB/T 32960.1-2016, 3.4]
3.5
client platform
platform as the remote service and management platform of the vehicle data sender during the data interaction between the two platforms
[Source: GB/T 32960.3-2016, 3.1]
3.6
server platform
platform as the remote service and management platform of the vehicle data receiver during the data interaction between the two platforms
[Source: GB/T 32960.3-2016, 3.2]
3.7
trusted verification
integrity verification of the target program of the device based on the trusted root
4 Abbreviations
For the purposes of this standard, the following abbreviations apply.
AES: Advanced Encryption Standard
IP: Internet Protocol
JTAG: Joint Test Action Group
LTE: Long Term Evolution
PCB: Printed Circuit Board
SPI: Serial Peripheral Interface
SSL: Secure Sockets Layer
TCP: Transmission Control Protocol
TLS: Transport Layer Security
UART: Universal Asynchronous Receiver/Transmitter
USB: Universal Serial Bus
UTC: Universal Time Coordinated
5 Information security requirements
5.1 Overall structure diagram
The overall structure diagram of information security of remote service and management system for electric vehicles is shown in Figure 1.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Information security requirements
5.1 Overall structure diagram
5.2 Security requirements for on-board terminal
5.3 Communication security requirements between platforms
5.4 Security requirements for communications between on-board terminals and platforms
5.5 Security requirements for platforms
6 Test methods
6.1 General
6.2 Requirements for information security test samples of on-board terminals
6.3 Information security test environment of on-board terminal
6.4 Information security test of on-board terminal
6.5 Test of communication security between platforms
6.6 Test of communication security between on-board terminal and platform