< < SU11 : SU12 : SU13 > >

SU12: Vehicle Maintenance

This service package identifies the interfaces and functionality that support vehicle maintenance, including maintenance of ITS equipment on board the vehicle. An interface with a Vehicle Service Center supports vehicle monitoring to support timely, effective maintenance. It also supports software configuration management and updates as part of maintenance of the software-based on-board systems. While this service package covers only maintenance of the Vehicle OBE, it is defined at the highest level of abstraction so that any center that is contemplating advanced maintenance concepts for its fleet vehicles can use this service package. Other service packages that provide maintenance support for fleet vehicles include CVO01, MC02, and PT06.

Relevant Regions: Australia, Canada, European Union, and United States

Enterprise

Development Stage Roles and Relationships

Installation Stage Roles and Relationships

Operations Stage Roles and Relationships
(hide)

Source Destination Role/Relationship
Basic Vehicle Manager Basic Vehicle Manages
Basic Vehicle Manager Driver System Usage Agreement
Basic Vehicle Owner Basic Vehicle Owns
Basic Vehicle Owner Basic Vehicle Manager Operations Agreement
Basic Vehicle Owner Vehicle OBE Owner Expectation of Data Provision
Basic Vehicle Supplier Basic Vehicle Owner Warranty
Driver Basic Vehicle Operates
Driver Vehicle OBE Operates
Enforcement Center Manager Enforcement Center Manages
Enforcement Center Owner Enforcement Center Owns
Enforcement Center Owner Enforcement Center Manager Operations Agreement
Enforcement Center Owner Vehicle OBE Owner Information Exchange Agreement
Enforcement Center Supplier Enforcement Center Owner Warranty
Service Monitor System Manager Service Monitor System Manages
Service Monitor System Owner Service Monitor System Owns
Service Monitor System Owner Service Monitor System Manager Operations Agreement
Service Monitor System Owner Vehicle Service Center Owner Information Provision Agreement
Service Monitor System Supplier Service Monitor System Owner Warranty
Vehicle OBE Manager Driver System Usage Agreement
Vehicle OBE Manager Vehicle OBE Manages
Vehicle OBE Owner Enforcement Center Owner Information Exchange Agreement
Vehicle OBE Owner Vehicle OBE Owns
Vehicle OBE Owner Vehicle OBE Manager Operations Agreement
Vehicle OBE Owner Vehicle Service Center Owner Information Exchange Agreement
Vehicle OBE Supplier Vehicle OBE Owner Warranty
Vehicle Service Center Manager Vehicle Service Center Manages
Vehicle Service Center Owner Vehicle OBE Owner Information Exchange Agreement
Vehicle Service Center Owner Vehicle Service Center Owns
Vehicle Service Center Owner Vehicle Service Center Manager Operations Agreement
Vehicle Service Center Supplier Vehicle Service Center Owner Warranty

Maintenance Stage Roles and Relationships

Physical

The physical diagram can be viewed in SVG or PNG format and the current format is SVG.
SVG Diagram
PNG Diagram


Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object Class Description
Basic Vehicle Vehicle 'Basic Vehicle' represents a complete operating vehicle. It includes the vehicle platform that interfaces with and hosts ITS electronics and all of the driver convenience and entertainment systems, and other non-ITS electronics on-board the vehicle. Interfaces represent both internal on-board interfaces between ITS equipment and other vehicle systems and other passive and active external interfaces or views of the vehicle that support vehicle/traffic monitoring and management. External interfaces may also represent equipment that is carried into the vehicle (e.g., a smartphone that is brought into the vehicle). Internal interfaces are often implemented through a vehicle databus, which is also included in this object. Note that 'Vehicle' represents the general functions and interfaces that are associated with personal automobiles as well as commercial vehicles, emergency vehicles, transit vehicles, and other specialized vehicles.
Driver Vehicle The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects.
Enforcement Center Center The 'Enforcement Center' represents the systems that receive reports of violations detected by various ITS facilities including individual vehicle emissions, lane violations, toll violations, CVO violations, etc.
Service Monitor System Support The 'Service Monitor System' represents one or more center-based systems that provide monitoring, management and control services necessary to other applications and/or devices operating within the Connected Vehicle Environment. These support services enable other applications to provide transportation services.
Vehicle OBE Vehicle The Vehicle On-Board Equipment (OBE) provides the vehicle-based sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. The Vehicle OBE includes general capabilities that apply to passenger cars, trucks, and motorcycles. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles, commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle OBE includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle OBE. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Route guidance capabilities assist in formulation of an optimal route and step by step guidance along the travel route. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems.
Vehicle Service Center Center 'Vehicle Service Center' represents vehicle service centers that collect vehicle diagnostic information from vehicles and provide service options for drivers of these vehicles. The physical object also includes centers operated by vehicle manufacturers that can coordinate with connected vehicles to obtain vehicle operating data and provide software or data updates to connected vehicles that they have manufactured.

Includes Functional Objects:

Functional Object Description Physical Object
SM Device Management 'SM Device Management' provides the functions necessary to manage devices, including network management, operational status monitoring, and application performance monitoring. Service Monitor System
Vehicle System Executive 'Vehicle System Executive' provides the operating system kernel and executive functions that manage the software configuration and operation and support computer resource management, security, and software installation and upgrade. Vehicle OBE
Vehicle System Monitoring and Diagnostics 'Vehicle System Monitoring and Diagnostics' includes on-board sensors and integrated self test software that monitors the condition of each of the vehicle systems and diagnostics that can be used to support vehicle maintenance. The status of the vehicle and ancillary equipment and diagnostic information is provided to the driver and service center. Vehicle OBE

Includes Information Flows:

Information Flow Description
driver input Driver input to the vehicle on-board equipment including configuration data, settings and preferences, interactive requests, and control commands.
driver updates Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment.
host vehicle status Information provided to the ITS on-board equipment from other systems on the vehicle platform. This includes the current status of the powertrain, steering, and braking systems, and status of other safety and convenience systems. In implementations where GPS is not integrated into the Vehicle On-Board Equipment, the host vehicle is also the source for data describing the vehicle's location in three dimensions (latitude, longitude, elevation) and accurate time that can be used for time synchronization across the ITS environment.
OBE fault data OBE fault information that can be used to identify OBEs that require initialization, reconfiguration, repair or replacement. This flow identifies the device, the nature of the fault, and associated error codes and diagnostic data.
OBE status Monitoring of OBE device status including current mode, operational status, and configuration settings. It includes device housekeeping/heartbeat monitoring and includes network information, the status of installed applications, and the configuration of managed devices.
request for service Driver inputs that summon an emergency response, request a financial transaction, or initiate other services.
service record Record of service performed that addresses an equipment or vehicle code violation
service request Notification that service is required to address an equipment or vehicle code violation
vehicle commands System-level control commands issued to vehicle equipment such as reset and remote diagnostics.
vehicle configuration settings Control settings and parameters that are used to configure vehicle equipment.
vehicle diagnostic data Information about the vehicle and its current operational status that supports vehicle performance monitoring, service, and repair. The flow identifies the vehicle and vehicle type and provides information about the vehicle's current operational status, the current performance of engine-related and other components, and notification of any identified malfunctions.
vehicle service information Vehicle problem diagnosis information and available vehicle service options, along with information about how to make a service reservation.
vehicle service request Request for a service reservation from a connected vehicle.
vehicle service response Response to a request for service reservation.
vehicle software install/upgrade This flow supports installation and update of software residing in vehicle on-board equipment. It supports download of the software installation files, including executable code and associated support files.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor Goal
H. Emphasize the preservation of the existing transportation system; Maintain the highway infrastructure asset system in a state of good repair

Associated Objective Categories

Objective Category
Preservation: Preserve Existing Infrastructure

Associated Objectives and Performance Measures

Objective Performance Measure
Distressed pavement condition lane-miles not to exceed X percent of total state highway system Distressed pavement condition lane miles
Enhance asset and resource management Extended pavement life due to truck weight enforcement
Enhance asset and resource management Number of assets tracked in real-time
Enhance asset and resource management Percentage of fleet/equipment within lifecycle
Enhance asset and resource management Percentage of geographic jurisdiction covered by agency electronic communications
Enhance asset and resource management Percentage of maintenance activities completed in required time-frame
Enhance asset and resource management Rate at which equipment is utilized
Enhance asset and resource management Vehicle operating costs
Maintain pavement condition index (PCI) of X or greater for local streets and roads Pavement condition index
Percentage of NHS bridges in Good condition to exceed X percent Percentage of NHS bridges in Good condition
Percentage of NHS bridges in Poor condition not to exceed X percent Percentage of NHS bridges in Poor condition
Percentage of pavements in Good condition to exceed X percent of the Interstate System Percentage of pavements in Good condition (Interstate System)
Percentage of pavements in Good condition to exceed X percent of the non-Interstate NHS Percentage of pavements in Good condition (non-Interstate NHS)
Percentage of pavements in Poor condition not to exceed X percent of the Interstate System Percentage of pavements in Poor condition (Interstate System)
Percentage of pavements in Poor condition not to exceed X percent of the non-Interstate NHS Percentage of pavements in Poor condition (non-Interstate NHS)
Reduce commercial vehicle size and weight violations Number of size and weight violations


 
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need Functional Object Requirement
01 Vehicle service agencies need to be able to remotely diagnose maintenance issues within vehicle on board equipment. SM Device Management 12 The service monitor system shall monitor the status of vehicle equipment.
Vehicle System Monitoring and Diagnostics 01 The vehicle shall be able to monitor on-board sensors to determine the operating conditions of on-board systems critical to safe and efficient operation of the vehicle.
02 The vehicle shall be capable of performing diagnostic tests using on-board data to identify problems in vehicle system operation and to determine possible causes of the problems.
03 The vehicle shall be capable of providing diagnostic information regarding on-board systems to the driver.
04 The vehicle shall be capable of providing diagnostic information regarding on-board systems to remote service centers.
02 Vehicle service agencies need to be able to remotely perform maintenance actions to vehicle on board equipment such as configuration adjustments or software installation or upgrade. SM Device Management 13 The service monitor system shall notify vehicle service centers of any faults detected in the operational status of vehicle equipment.
Vehicle System Executive 01 The vehicle shall include software operating system kernel and executive functions that manage the overall device software configuration and operation and support configuration management, computer resource management, and govern software installation and upgrade.
02 The vehicle shall allow a service center to remotely install or upgrade software in the vehicle.
03 The vehicle shall provide the capability for a driver to update the configuration of software or hardware in the vehicle.

Related Sources

Document Name Version Publication Date
ITS User Services Document 1/1/2005


Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object Confidentiality Integrity Availability Security Class
Basic Vehicle  
Enforcement Center Moderate Moderate Moderate Class 2
Service Monitor System Moderate Moderate Moderate Class 2
Vehicle OBE Moderate High Moderate Class 3
Vehicle Service Center Moderate High Moderate Class 3



In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source Destination Information Flow Confidentiality Integrity Availability
Basis Basis Basis
Basic Vehicle Vehicle OBE host vehicle status Low Moderate High
Unlikely that this includes any information that could be used against the originator. This can be MODERATE or HIGH, depending on the application: This is used later on to determine whether a vehicle is likely going to violate a red light or infringe a work zone. This needs to be correct in order for the application to work correctly. Since this monitors the health and safety of the vehicle and that information is eventually reported to the driver, it should be available at all times as it directly affects vehicle and operator safety.
Driver Vehicle OBE driver input Moderate High High
Data included in this flow may include origin and destination information, which should be protected from other's viewing as it may compromise the driver's privacy. Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner Commands must always be able to be given or the driver has no control.
Driver Vehicle OBE request for service Moderate High High
This request implies a declaration of intent, which if observed could provide leverage over the driver. Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner Commands must always be able to be given or the driver has no control.
Enforcement Center Vehicle OBE service request Moderate Moderate Moderate
Vehicle-specific and possibly PII. Could inconvenience the vehicle owner/operator if this flow is incorrect, manipulated or unavailable. Could inconvenience the vehicle owner/operator if this flow is incorrect, manipulated or unavailable.
Service Monitor System Vehicle Service Center OBE fault data Moderate Moderate Moderate
Device status information should not be viewable by third parties, as those with criminal intent may use this information toward their own ends. If incorrect or changed, could lead to inappropriate maintenance activity, which has a significant cost in itself and contributes negatively to system operational status. Scope is small, but impact significant if this occurs with many instances. A delay in reporting this may cause a delay in necessary maintenance. Considered higher availability requirement than the source flow (RSE status) because this information aggregates many instances of the source.
Vehicle OBE Driver driver updates Not Applicable Moderate Moderate
This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. If this information is not made available to the driver, then the system has not operated correctly.
Vehicle OBE Enforcement Center service record Moderate Moderate Moderate
Vehicle-specific and possibly PII. Could inconvenience the vehicle owner/operator if this flow is incorrect, manipulated or unavailable. Could inconvenience the vehicle owner/operator if this flow is incorrect, manipulated or unavailable.
Vehicle OBE Service Monitor System OBE status Moderate Moderate Low
Will include some sort of identifier for the OBE, which could be used in combination with the status and configuration data as a means of identifying the type of vehicle, or in areas of low penetration the actual vehicle. Since this is used to monitor the health of the OBE, any corruption or modification of this information could lead to unnecessary maintenance activity, or delay necessary such activity. Impact will be limited to the OBEs who's flows were so affected. Unlikely that this needs to be reported often.
Vehicle OBE Vehicle Service Center vehicle diagnostic data Moderate High Moderate
Vehicle OBE control, configuration and software/firmware update should all be protected from view. A hostile third party could use this information to reverse engineer control/configuration/update processes, and use that information in an attack across a broad swatch of vehicles, which would have severe effects to the connected vehicle environment. Vehicle device control, configuration and update need to be correct or the Vehicle OBE may be misconfigured, which for some applications could have severe safety impacts. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle OBE Vehicle Service Center vehicle service request Moderate High Moderate
Vehicle OBE control, configuration and software/firmware update should all be protected from view. A hostile third party could use this information to reverse engineer control/configuration/update processes, and use that information in an attack across a broad swatch of vehicles, which would have severe effects to the connected vehicle environment. Vehicle device control, configuration and update need to be correct or the Vehicle OBE may be misconfigured, which for some applications could have severe safety impacts. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle Service Center Vehicle OBE vehicle commands Moderate High Moderate
Commands could be sensitive and should include authentication data, thus should be MODERATE. Invalid or corrupted vehicle control commands could have a significant safety impact, depending on the level of isolation between the Vehicle OBE and vehicle control systems. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle Service Center Vehicle OBE vehicle configuration settings Moderate High Moderate
Vehicle OBE control, configuration and software/firmware update should all be protected from view. A hostile third party could use this information to reverse engineer control/configuration/update processes, and use that information in an attack across a broad swatch of vehicles, which would have severe effects to the connected vehicle environment. Vehicle device control, configuration and update need to be correct or the Vehicle OBE may be misconfigured, which for some applications could have severe safety impacts. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle Service Center Vehicle OBE vehicle service information Moderate High Moderate
Vehicle OBE control, configuration and software/firmware update should all be protected from view. A hostile third party could use this information to reverse engineer control/configuration/update processes, and use that information in an attack across a broad swatch of vehicles, which would have severe effects to the connected vehicle environment. Vehicle device control, configuration and update need to be correct or the Vehicle OBE may be misconfigured, which for some applications could have severe safety impacts. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle Service Center Vehicle OBE vehicle service response Moderate High Moderate
Vehicle OBE control, configuration and software/firmware update should all be protected from view. A hostile third party could use this information to reverse engineer control/configuration/update processes, and use that information in an attack across a broad swatch of vehicles, which would have severe effects to the connected vehicle environment. Vehicle device control, configuration and update need to be correct or the Vehicle OBE may be misconfigured, which for some applications could have severe safety impacts. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.
Vehicle Service Center Vehicle OBE vehicle software install/upgrade Low High Moderate
Equipment software could be sensitive, however this flow is local, meaning the Field Support Equipment is proximate to the TSE. Thus the risk of interception should be low. There may also be constraints on this flow that require this information to be transmitted in the clear. If it includes any authentication data however, this should be MODERATE. Software updates to the Vehicle OBE must be authenticated as having come from a source entitled to provide that software, or roadway equipment may be comprimised. Similarly, such software must be guaranteed to being the intent of the originator; not manipulated midstream or corrupted, or the OBE may be mis-configured or compromised. Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH.

Standards

Currently, there are no standards associated with the physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.