< < PM02 : PM03 : PM04 > >

PM03: Parking Electronic Payment

This service package supports electronic collection of parking fees. This includes all types of parking fee collection including short term and long term parking and pay-for-use loading zones. It collects parking fees from in-vehicle equipment, contact or proximity cards, or any smart payment device. This service package supports both payment via a local point of sale in the parking area or direct payment via wide area wireless communications. User accounts may be established to facilitate secure payment using only a secure ID and enhance services offered to frequent customers.

Relevant Regions: Australia, Canada, European Union, and United States

Enterprise

Development Stage Roles and Relationships

Installation Stage Roles and Relationships

Operations Stage Roles and Relationships
(hide)

Source Destination Role/Relationship
Enforcement Center Manager Enforcement Center Manages
Enforcement Center Owner Enforcement Center Owns
Enforcement Center Owner Enforcement Center Manager Operations Agreement
Enforcement Center Supplier Enforcement Center Owner Warranty
Financial Center Manager Financial Center Manages
Financial Center Owner Financial Center Owns
Financial Center Owner Financial Center Manager Operations Agreement
Financial Center Owner Parking Management Center Owner Information Exchange Agreement
Financial Center Owner Payment Administration Center Owner Information Exchange Agreement
Financial Center Supplier Financial Center Owner Warranty
Parking Area Equipment Manager Parking Area Equipment Manages
Parking Area Equipment Manager Parking Operator System Usage Agreement
Parking Area Equipment Owner Parking Area Equipment Owns
Parking Area Equipment Owner Parking Area Equipment Manager Operations Agreement
Parking Area Equipment Owner Parking Management Center Owner Information Exchange Agreement
Parking Area Equipment Owner Payment Administration Center Owner Information Exchange Agreement
Parking Area Equipment Owner Payment Device Owner Expectation of Information Provision
Parking Area Equipment Owner Vehicle OBE Owner Expectation of Information Provision
Parking Area Equipment Supplier Parking Area Equipment Owner Warranty
Parking Management Center Manager Parking Management Center Manages
Parking Management Center Manager Parking Manager System Usage Agreement
Parking Management Center Owner Enforcement Center Owner Information Provision Agreement
Parking Management Center Owner Financial Center Owner Information Exchange Agreement
Parking Management Center Owner Parking Area Equipment Owner Information Exchange Agreement
Parking Management Center Owner Parking Management Center Owns
Parking Management Center Owner Parking Management Center Manager Operations Agreement
Parking Management Center Owner Payment Administration Center Owner Information Exchange Agreement
Parking Management Center Owner Personal Information Device Owner Information Exchange Agreement
Parking Management Center Supplier Parking Management Center Owner Warranty
Parking Manager Parking Management Center Operates
Parking Operator Parking Area Equipment Operates
Payment Administration Center Manager Payment Administration Center Manages
Payment Administration Center Owner Financial Center Owner Information Exchange Agreement
Payment Administration Center Owner Parking Area Equipment Owner Information Exchange Agreement
Payment Administration Center Owner Parking Management Center Owner Information Exchange Agreement
Payment Administration Center Owner Payment Administration Center Owns
Payment Administration Center Owner Payment Administration Center Manager Operations Agreement
Payment Administration Center Owner Personal Information Device Owner Information Exchange Agreement
Payment Administration Center Supplier Payment Administration Center Owner Warranty
Payment Device Manager Payment Device Manages
Payment Device Owner Payment Device Owns
Payment Device Owner Payment Device Manager Operations Agreement
Payment Device Supplier Payment Device Owner Warranty
Personal Information Device Manager Personal Information Device Manages
Personal Information Device Owner Personal Information Device Owns
Personal Information Device Owner Personal Information Device Manager Operations Agreement
Personal Information Device Supplier Personal Information Device Owner Warranty
Vehicle OBE Manager Vehicle OBE Manages
Vehicle OBE Owner Vehicle OBE Owns
Vehicle OBE Owner Vehicle OBE Manager Operations Agreement
Vehicle OBE Supplier Vehicle OBE Owner Warranty

Maintenance Stage Roles and Relationships

Functional

This service package includes the following Functional View PSpecs:

Physical Object Functional Object PSpec Number PSpec Name
Parking Area Equipment Parking Area Electronic Payment 7.2.1.1 Read Parking Lot Vehicle Payment Data
7.2.1.2 Calculate Vehicle Parking Lot Charges
7.2.1.5 Bill Driver for Parking Lot Charges
7.2.2 Produce Parking Lot Displays
Parking Management Center Parking Account and Fee Management 5.4.3 Process Parking Lot Violations
7.2.1.3 Collect Bad Charge Payment Data
7.2.1.4 Check for Advanced Parking Lot Payment
7.2.1.6 Manage Parking Lot Financial Processing
7.2.1.7 Update Parking Lot Data
7.2.1.8 Register for Advanced Parking Lot Payment
Payment Administration Center PAC Payment Administration 5.4.2 Process Violations for Tolls
7.1.1.3 Manage Bad Toll Payment Data
7.1.1.6 Collect Probe Data From Toll Transactions
7.1.1.7 Update Toll Price Data
7.1.1.8 Register for Advanced Toll Payment
7.1.1.9 Manage Toll Processing
7.1.8 Exchange Data with Other Payment Administration
7.4.1.8 Process Electric Charging Payments
7.6.1.2 Calculate Vehicle Road Use Payment Charges
7.6.1.4 Manage Road Use Charging Price Data
7.6.1.5 Manage Road Use Charges Processing
7.6.5 Exchange Road Use Charging Data with Other Payment Administration
7.6.6.1 Provide Road Use Charging Services User Interface
7.6.8 Provide Road Use Charging Enforcement Interface
7.7 Administer Multimodal Payments
Personal Information Device Personal Interactive Traveler Information 6.8.1.1.1 Determine Personal Portable Device Guidance Method
6.8.1.1.2 Provide Personal Portable Device Dynamic Guidance
6.8.3.1 Get Traveler Personal Request
6.8.3.2 Provide Traveler with Personal Travel Information
6.8.3.3 Provide Traveler Personal Interface
6.8.3.4 Update Traveler Personal Display Map Data
6.8.3.5 Provide Traveler Transit Services Interface
6.8.3.6 Provide Personal Safety Messages
6.8.3.7 Manage Traveler Personal Social Media Interface
7.5.3 Provide Personal Payment Device Interface
7.6.6.3 Provide Road Use Charging Services Personal Interface
Vehicle OBE Vehicle Basic Toll/Parking Payment 7.1.7 Provide Payment Device Interface for Tolls
Vehicle Payment Service 3.1.3 Process Vehicle On-board Data
6.7.3.2 Provide Driver with Personal Travel Information
6.7.3.3 Provide Driver Information Interface
7.1.4 Provide Driver Toll Payment Interface
7.1.7 Provide Payment Device Interface for Tolls
7.2.3 Provide Driver Parking Lot Payment Interface
7.2.5 Provide Payment Device Interface for Parking
7.4.1.10 Process Vehicle Electric Charging Payments
7.5.1 Provide Vehicle Payment Device Interface
7.6.3 Provide Driver Road Use Charging Payment Interface
7.6.4 Provide Payment Device Interface for Road Use Charging

Physical

The physical diagram can be viewed in SVG or PNG format and the current format is SVG.
SVG Diagram
PNG Diagram


Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object Class Description
Driver Vehicle The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects.
Enforcement Center Center The 'Enforcement Center' represents the systems that receive reports of violations detected by various ITS facilities including individual vehicle emissions, lane violations, toll violations, CVO violations, etc.
Financial Center Center The 'Financial Center' represents the organization that handles electronic fund transfer requests to enable the transfer of funds from the user of the service to the provider of the service. The functions and activities of financial clearinghouses are covered by this physical object.
Parking Area Equipment Field 'Parking Area Equipment' provides electronic monitoring and management of parking facilities. It supports an I2V link to the Vehicle that allows electronic collection of parking fees and monitors and controls parking meters that support conventional parking fee collection. It also includes the instrumentation, signs, and other infrastructure that monitors parking lot usage and provides local information about parking availability and other general parking information. The two primary approaches to monitoring parking area usage are sensing vehicles within parking spots or counting vehicles as they come in and as they leave the area. This portion of the functionality must be located in the parking area where it can monitor, classify, and share information with customers and their vehicles. See also the separate 'Parking Management Center' physical object that may be located in a back office, remote from the parking area, which interfaces with the financial infrastructure and broadly disseminates parking information to other operational centers in the region.
Parking Management Center Center The 'Parking Management Center' manages one or more parking lots by providing configuration and control of field infrastructure, user account management and interfaces with financial systems to manage payment. This p-object takes the back office portion of the Parking Management System's functionality as it was defined in ARC-IT 8.3 and prior.
Parking Manager Center 'Parking Manager' is the human operator that supports back office operations for one or more parking areas.
Parking Operator Field 'Parking Operator' is the human attendant that may be physically present at the parking lot facility to monitor the operational status of the facility.
Payment Administration Center Center The 'Payment Administration Center' provides general payment administration capabilities and supports the electronic transfer of funds from the customer to the transportation system operator or other service provider. Charges can be recorded for tolls, vehicle-mileage charging, congestion charging, or other goods and services. It supports traveler enrollment and collection of both pre-payment and post-payment transportation fees in coordination with the financial infrastructure supporting electronic payment transactions. The system may establish and administer escrow accounts depending on the clearinghouse scheme and the type of payments involved. It may post a transaction to the customer account, generate a bill (for post-payment accounts), debit an escrow account, or interface to a financial infrastructure to debit a customer designated account. It supports communications with the ITS Roadway Payment Equipment to support fee collection operations. As an alternative, a wide-area wireless interface can be used to communicate directly with vehicle equipment. It also sets and administers the pricing structures and may implement road pricing policies in coordination with the Traffic Management Center.
Payment Device Personal The 'Payment Device' enables the electronic transfer of funds from the user of a service (I.e. a traveler) to the provider of the service. Potential implementations include smart cards that support payment for products and services, including transportation services and general purpose devices like smart phones that support a broad array of services, including electronic payment. In addition to user account information, the payment device may also hold and update associated user information such as personal profiles, preferences, and trip histories.
Personal Information Device Personal The 'Personal Information Device' provides the capability for travelers to receive formatted traveler information wherever they are. Capabilities include traveler information, trip planning, and route guidance. Frequently a smart phone, the Personal Information Device provides travelers with the capability to receive route planning and other personally focused transportation services from the infrastructure in the field, at home, at work, or while en-route. Personal Information Devices may operate independently or may be linked with connected vehicle on-board equipment.
Vehicle OBE Vehicle The Vehicle On-Board Equipment (OBE) provides the vehicle-based sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. The Vehicle OBE includes general capabilities that apply to passenger cars, trucks, and motorcycles. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles, commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle OBE includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle OBE. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Route guidance capabilities assist in formulation of an optimal route and step by step guidance along the travel route. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems.

Includes Functional Objects:

Functional Object Description Physical Object
PAC Payment Administration 'PAC Payment Administration' provides administration and management of payments associated with electronic toll collection, parking payments, and other e-payments. It provides the back office functions that support enrollment, pricing, payment reconciliation with financial institutions, and violation notification to enforcement agencies. It also supports dynamic pricing to support demand management. Secure communications with the financial infrastructure and distributed payment infrastructure, including toll plazas, support electronic payments and other ancillary requirements such as lost payment device identification and management. Payment Administration Center
Parking Account and Fee Management 'Parking Account and Fee Management' manages parking fare collection at the Parking Management Center. It provides the back office functions that support control of field parking management systems, supporting payment reconciliation with links to financial institutions. It loads fee data into field systems when those systems are initialized or whenever such information is modified. Parking Management Center
Parking Area Electronic Payment 'Parking Area Electronic Payment' supports electronic payment of parking fees using in-vehicle equipment (e.g., tags) or contact or proximity cards. It includes the field elements that provide the interface to the in-vehicle or card payment device and the back-office functionality that performs the transaction. Parking Area Equipment
Personal Interactive Traveler Information 'Personal Interactive Traveler Information' provides traffic information, road conditions, transit information, yellow pages (traveler services) information, special event information, and other traveler information that is specifically tailored based on the traveler's request and/or previously submitted traveler profile information. It also supports interactive services that support enrollment, account management, and payments for transportation services. The interactive traveler information capability is provided by personal devices including personal computers and personal portable devices such as smart phones. Personal Information Device
Vehicle Basic Toll/Parking Payment 'Vehicle Basic Toll/Parking Payment' includes the traditional on-board systems that pay for tolls and parking electronically. It includes the in-vehicle equipment that communicates with the toll/parking plaza and an optional interface to a carry-in payment device. See also 'Vehicle Payment Services', which provides a broader range of payment services. Vehicle OBE
Vehicle Payment Service 'Vehicle Payment Service' supports vehicle payments including VMT- and zone-based payments and payments for other services including fuel/charging services, tolls, and parking. To support VMT-based payment, this application tracks the location of the vehicle at specific times and reports this VMT data along with vehicle identification. A variety of pricing strategies are supported, including strategies that include credits or incentives that reward desired driving patterns and behavior. The onboard equipment supports secure short range communications with connected vehicle roadside equipment to support secure payments. Vehicle OBE

Includes Information Flows:

Information Flow Description
account updates Updates to an account, such as purchases, uses, cancellation, secureID changes or similar material changes to account information.
actuate secure payment Initiation of a payment action based on an encrypted token or biometric marker.
authorization request Request to determine if a transportation user is authorized to use a particular transportation resource.
authorization response Notification of status of authorization request.
driver updates Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment.
parking area status Presentation of information to the parking operator including operational status and transaction reports.
parking manager input Input from the parking manager to query current status and control back office operations for a parking management system.
parking operator input User input from the parking operator to query current status and control the operation of the parking management system.
parking payment instructions Information provided to configure and support parking payment operations including pricing information, user account information, and operational parameters used to control equipment that controls access, collects payment, and detects and processes violations.
parking payment transactions Detailed list of parking payment transactions including violations. Each transaction includes the date/time, vehicle/customer, and transaction amount. Additional information is included to support delayed payment and violation processing.
parking status Presentation of information to the parking manager including operational status and transaction reports. This includes aggregated status for parking areas as well as status for back office operations.
payment device information The traveler personal information such as name, address, license number, user account information, trip records and profile data.
payment device update Information updated concerning traveler's personal data including name, address, user account information, trip records, and profile data.
payment methods A list of valid payment methods.
payment request Request for payment from financial institution or related financial service requests (e.g., balance inquiry)
payment transaction status The status of an electronic payment transaction provided directly to the driver via sign or other roadside infrastructure.
payment violation notification Notification to enforcement agency of a toll, parking, or transit fare payment violation.
registered secureIDs Cryptographically protected identifier indicating that the user associated with the identifier is entitled to use a particular service.
request for payment Request to deduct cost of service from user's payment account.
service registry Catalogue of products and values, access rights and related information.
settlement Information exchanged to settle charges and distribute or debit accounts appropriate to the authorized charges.
traveler payment information Information provided for payment of road use charges, tolls or parking fees including identification that can be used to identify the payment account or source and related vehicle and service information that are used to determine the type and price of service requested. The information exchange normally supports an account debit to pay fees, but an account credit may be initiated where pricing strategies include incentives.
traveler payment request Request for information supporting payments. For fee structures that include incentives, the request may support either an account debit or an account credit or reimbursement.
user account reports Reports on services offered/provided and associated charges.
user account setup Billing information, vehicle information (or registration information), and requests for reports. Also includes subsequent account changes.
vehicle payment information Information provided for payment of tolls, parking, and other transportation fees including identification that can be used to identify the payment account or source and related vehicle and service information that are used to determine the type and price of service requested. This flow supports one-time payments that may not be associated with a service account. See also 'actuate secure payment'. The information exchange normally supports an account debit to pay fees, but an account credit may be initiated where pricing strategies include incentives.
vehicle payment update Data written to vehicle equipment to support electronic toll collection or parking payment.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor Goal
D. Increase the accessibility and mobility of people and for freight; Achieve a significant reduction in congestion
G. Promote efficient system management and operation; Improve the efficiency of the surface transportation system

Associated Objective Categories

Objective Category
Special Event Management: Parking Management

Associated Objectives and Performance Measures

Objective Performance Measure
Enhance parking facility services and management Number of parking facilities with advanced parking information to customers
Enhance parking facility services and management Number of parking facilities with automated occupancy counting and space management
Enhance parking facility services and management Number of parking facilities with coordinated availability information
Enhance parking facility services and management Number of parking facilities with coordinated electronic payment systems
Enhance parking facility services and management Number of parking facilities with electronic fee collection
Enhance parking facility services and management Number parking facilities with electronic fee collection
Increase the use of flexible pricing mechanisms near special event locations on X percent of parking spaces in Y years. Percent of parking spaces near special event locations that use flexible pricing mechanisms.


 
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need Functional Object Requirement
01 Parking operators need to be able to support electronic collection of parking fees from in-vehicle equipment, contact or proximity cards, or any smart payment device. Parking Account and Fee Management 01 The center shall support parking electronic fare collection.
03 The center shall provide parking pricing and user account information.
Parking Area Electronic Payment 02 The parking element shall read data from the payment device on-board the vehicle or by the traveler.
03 The parking element shall provide an interface to the driver informing them of the success or failure of the financial transaction. This may involve a request for the driver to pull aside so the operator can resolve an issue.
05 The parking element shall manage the parking lot charges, considering such factors as location, vehicle types, and times of day.
06 The parking element shall process the financial requests and manage an interface to a Financial Institution.
07 The parking element shall support the payment of parking lot transactions using data provided by the traveler cards / payment instruments.
08 The parking element shall process requests for parking lot charges to be paid in advance.
Vehicle Basic Toll/Parking Payment 02 The vehicle shall respond to request from parking field equipment for credit identity, stored value card cash, etc.
Vehicle Payment Service 05 The vehicle shall provide payment information on request under control of the vehicle owner/operator.
09 The vehicle shall receive and present to the vehicle operator the actual cost of parking used when requested by the vehicle operator.
02 Parking operators need to be able to set up and manage electronic user accounts for customers. PAC Payment Administration 03 The center shall provide secure user account management, providing user access to rules and policies, current billing status, invoices, payments, and mechanisms for review and challenge of the collected data.
04 The center shall register vehicles for road or parking use payment, establishing accounts that identify owner billing information and preferences.
12 The center shall register users for an electronic payment system, establishing accounts that identify owner billing information and preferences.
Parking Account and Fee Management 02 The center shall support user electronic payment account registration.
Personal Interactive Traveler Information 08 The personal traveler interface shall support payment for services, such as confirmed trip plans, tolls, transit fares, parking lot charges, map updates, and advanced payment for tolls.
09 The personal traveler interface shall provide an interface through which credit identity, stored credit value, or traveler information may be collected from a traveler card being used by a traveler with a personal device.
03 Parking operators need to be able to provide notification to an enforcement agency of a parking payment violation. PAC Payment Administration 11 The center shall report payment violations including vehicle information and vehicle image to the designated Enforcement Agency.
Parking Area Electronic Payment 01 The parking element shall detect and classify vehicles entering and exiting a parking facility (vehicle size, type, identifiable features, etc.).
04 The parking element shall collect data on payment violations and send the data, including images of the violator and the vehicle registration data obtained from the Department of Motor Vehicles (DMV) office, to the appropriate enforcement agency.
10 The parking element shall maintain a list of invalid traveler credit identities.

Related Sources

Document Name Version Publication Date
ITS User Services Document 1/1/2005


Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object Confidentiality Integrity Availability Security Class
Enforcement Center Moderate Moderate Moderate Class 2
Financial Center Moderate Moderate Moderate Class 2
Parking Area Equipment High High High Class 5
Parking Management Center High High High Class 5
Payment Administration Center High High Moderate Class 4
Payment Device Moderate Moderate High Class 5
Personal Information Device High High High Class 5
Vehicle OBE High High High Class 5



In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source Destination Information Flow Confidentiality Integrity Availability
Basis Basis Basis
Financial Center Parking Management Center settlement Moderate Moderate Moderate
This may include PII and will include status information about a payment that could be used by a criminal for a variety of purposes, including identity theft, financial theft, or location-based activities, as the status is predictivie of what the account holder is doing and where they are doing it. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Financial Center Payment Administration Center settlement Moderate Moderate Moderate
This may include PII and will include status information about a payment that could be used by a criminal for a variety of purposes, including identity theft, financial theft, or location-based activities, as the status is predictivie of what the account holder is doing and where they are doing it. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Area Equipment Driver payment transaction status Low Moderate Moderate
Expected to be visually broadcast information between roadway equipment and a driver that includes no PII. If compromised, contains no information that could not be otherwise learned or impacts the driver. Payment response should be accurate and available so the driver knows what the result of his transaction was. Inaccurate data may lead to his performing other compensatory actions which are inconvient to that individual driver and may impact those behind him. Payment response should be accurate and available so the driver knows what the result of his transaction was. Inaccurate data may lead to his performing other compensatory actions which are inconvient to that individual driver and may impact those behind him.
Parking Area Equipment Parking Management Center authorization request Moderate Moderate Moderate
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Area Equipment Parking Management Center parking payment transactions Moderate Moderate Moderate
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Payment information should be accurate and available so the traveler can properly pay for parking. Inaccurate data may lead to his performing other compensatory actions which are inconvient to that traveler and may impact those behind him. Payment information should be accurate and available so the traveler can properly pay for parking. More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies.
Parking Area Equipment Parking Operator parking area status Moderate High High
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system.
Parking Area Equipment Payment Administration Center authorization request Moderate Moderate Moderate
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Area Equipment Payment Device payment device update Moderate Moderate High
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Parking Area Equipment Payment Device request for payment Moderate Moderate High
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Parking Area Equipment Vehicle OBE vehicle payment update Moderate Moderate Moderate
Contains payment status update information intended for an individual, and thus should be concealed as it is personal information with no legitimate use by an unintended recipient. Payment information should be correct and timely or the recipient may take action to correct, or may fail to take action he should take and be penalized. Payment information should be correct and timely or the recipient may take action to correct, or may fail to take action he should take and be penalized.
Parking Management Center Enforcement Center payment violation notification Moderate Moderate Moderate
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Violation information needs to be correct or the commercial vehicle may be improperly penalized, or not when it should be. This is probably not a severe consequence however, so MODERATE. More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies.
Parking Management Center Financial Center payment request Moderate Moderate Moderate
Contains account and related information that is personal and if compromised could financially impact the owner of the account. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Management Center Parking Area Equipment authorization response Moderate Moderate Moderate
While this may not contain any PII, it does expose behavior. While an observer in place may assume payment activity, there is no sound reason to not conceal this information. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Management Center Parking Area Equipment parking payment instructions Low Moderate Moderate
Should not have any PII, and is intended for distribution to anyone using the parking service. Payment information should be accurate and available so the traveler can properly pay for parking. Inaccurate data may lead to his performing other compensatory actions which are inconvient to that traveler and may impact those behind him. Payment information should be accurate and available so the traveler can properly pay for parking. More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies.
Parking Management Center Parking Manager parking status Moderate High High
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system.
Parking Management Center Payment Administration Center account updates Moderate Moderate Moderate
Contains an identifier that can be linked to an account which is in turn likely linked to a person, and thus PII that should be protected. Payment charge and similar information should be correct or it could lead to abuse or incorrect charges. Impact limited to individual accounts however. These exchanges can be delayed but eventually have to go through or accounts will not be properly updated, mostly impacting revenue collection.
Parking Management Center Payment Administration Center service registry Low Moderate Moderate
Much of this information will eventually be widely disseminated to transport users, though there seems little good reason to not obfuscate it. Could inconvience travelers if incorrect, and would hamper the operation of payment methods if incorrect or unavailable, which could have widespread network effect. Could inconvience travelers if incorrect, and would hamper the operation of payment methods if incorrect or unavailable, which could have widespread network effect.
Parking Management Center Personal Information Device registered secureIDs High High Moderate
These IDs are used to secure individual user's rights to use transportation assets. Compromising one of these would be a significant inconvenience but only for the user of that secureID. However, compromise of the algorithm securing all IDs would be catastrophic to the system that uses this mechanism as a means to pay for transportation services. Individual tokens should be correct or the user will not be able to use this method to pay for transport. A systemic integrity flaw would compromise the system similar to how an encryption flaw would however, which justifies HIGH. Should be relatively infrequently used by any one user, but over the sum of all transport users sees significant use. If the flow is not available, new or re-applying users will not be able to use this method to pay for transport.
Parking Management Center Personal Information Device traveler payment request Moderate Moderate Moderate
While this may not contain any PII, it does expose behavior. While an observer in place may assume payment activity, there is no sound reason to not conceal this information. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Parking Management Center Personal Information Device user account reports High High Moderate
Contains user identification and transaction history, which if compromised could lead to identity or financial theft. Payment setup information, if corrupted, could lead the user to not properly pay for his trips or perhaps pay for others. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. These exchanges can be delayed but eventually have to go through or accounts will not be properly updated, mostly impacting revenue collection.
Parking Manager Parking Management Center parking manager input Moderate High High
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system.
Parking Operator Parking Area Equipment parking operator input Moderate High High
Field operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. Field operations flows should generally be correct and available as these are the primary interface between operators and system. Field operations flows should generally be correct and available as these are the primary interface between maintenance personnel and the system.
Payment Administration Center Financial Center payment request Moderate Moderate Moderate
Contains account and related information that is personal and if compromised could financially impact the owner of the account. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Payment Administration Center Parking Area Equipment authorization response Moderate Moderate Moderate
While this may not contain any PII, it does expose behavior. While an observer in place may assume payment activity, there is no sound reason to not conceal this information. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability.
Payment Administration Center Parking Management Center payment methods Moderate Moderate Low
Payment methods should be widely disseminated and contain no information that could cause harm if exposed. Payment methods need to be correct so payment information can be exchanged. Could be LOW, as this should have redundancies and be able to tolerate significant latency. Payment methods need to be correct so payment information can be exchanged. Could be LOW, as this should have redundancies and be able to tolerate significant latency.
Payment Administration Center Personal Information Device registered secureIDs High High Moderate
These IDs are used to secure individual user's rights to use transportation assets. Compromising one of these would be a significant inconvenience but only for the user of that secureID. However, compromise of the algorithm securing all IDs would be catastrophic to the system that uses this mechanism as a means to pay for transportation services. Individual tokens should be correct or the user will not be able to use this method to pay for transport. A systemic integrity flaw would compromise the system similar to how an encryption flaw would however, which justifies HIGH. Should be relatively infrequently used by any one user, but over the sum of all transport users sees significant use. If the flow is not available, new or re-applying users will not be able to use this method to pay for transport.
Payment Administration Center Personal Information Device user account reports High High Moderate
Contains user identification and transaction history, which if compromised could lead to identity or financial theft. Payment history information, if corrupted, could lead the user to take action he or she should not take. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. There should be other mechanisms to retrieve this information, but if the flow has low reliability users will lose confidence and not use it. MODERATE for that reason only.
Payment Device Parking Area Equipment actuate secure payment Moderate Moderate High
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Payment Device Parking Area Equipment payment device information Moderate Moderate High
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Payment Device Vehicle OBE actuate secure payment Moderate Moderate High
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Payment Device Vehicle OBE payment device information Moderate Moderate High
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Personal Information Device Parking Management Center actuate secure payment Moderate Moderate High
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Personal Information Device Parking Management Center traveler payment information High High Moderate
Contains personal information, potentially including identity, payment information such as account numbers and location. All of this information is personal in nature and acceptable only for the intended destination to receive, as any 3rd party observation could lead to identity theft/compromise and/or payment method theft/compromise. This is information is used to process payment and/or detect fraud. Any losses, corruption or forgery has a direct impact on revenue collection, charges assessed and potentially legal action. This is information is used to process payment . Any losses, corruption or forgery has a direct impact on revenue collection, charges assessed and potentially legal action. Availability constrained to MODERATE the fact that alternative mechanisms and compromises exist to ameliorate not completing the flow.
Personal Information Device Parking Management Center user account setup High High Moderate
Contains user identification and transaction history, which if compromised could lead to identity or financial theft. Payment setup information, if corrupted, could lead the user to not properly pay for his trips or perhaps pay for others. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. These exchanges can be delayed but eventually have to go through or accounts will not be properly updated, mostly impacting revenue collection.
Personal Information Device Payment Administration Center user account setup High High Moderate
Contains user identification and matching vehicle information, which if compromised could lead to identity theft or remote tracking. Payment setup information, if corrupted, could lead the user to not properly pay for his trips or perhaps pay for others. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. There should be other mechanisms to provide this information, but if the flow has low reliability users will lose confidence and not use it. MODERATE for that reason only.
Vehicle OBE Driver driver updates Not Applicable Moderate Moderate
This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. If this information is not made available to the driver, then the system has not operated correctly.
Vehicle OBE Parking Area Equipment actuate secure payment Moderate Moderate High
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.
Vehicle OBE Parking Area Equipment vehicle payment information High High Moderate
Contains personal information, potentially including identity, payment information such as account numbers, location, and in some cases fraud detection data. All of this information is personal in nature and acceptable only for the intended destination to receive, as any 3rd party observation could lead to identity theft/compromise and/or payment method theft/compromise. This is information is used to process payment and/or detect fraud. Any losses, corruption or forgery has a direct impact on revenue collection, charges assessed and potentially legal action. This is information is used to process payment and/or detect fraud. Any losses, corruption or forgery has a direct impact on revenue collection, charges assessed and potentially legal action. Availability constrained to MODERATE the fact that alternative mechanisms and compromises exist to ameliorate not completing the flow.
Vehicle OBE Payment Device payment device update Moderate Moderate High
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. Payment related information needs to be correct or the user may be inconvenienced or defrauded. Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures.

Standards

The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.

Name Title Physical Object
NEMA TS 8 Cyber and Physical Security Cyber and Physical Security for Intelligent Transportation Systems Payment Administration Center