PM07: Automated Parking
This service package illustrates a range of functionality related to automation in parking operations, from the vehicle parking on its own to a driver-indicated spot, to remote control, to post-parking lot egress.
Relevant Regions:
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
- Implementations
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
| Source | Destination | Role/Relationship |
|---|
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
| Physical Object | Class | Description |
|---|---|---|
| Basic Vehicle | Vehicle | 'Basic Vehicle' represents a complete operating vehicle. It includes the vehicle platform that interfaces with and hosts ITS electronics and all of the driver convenience and entertainment systems, and other non-ITS electronics on-board the vehicle. Interfaces represent both internal on-board interfaces between ITS equipment and other vehicle systems and other passive and active external interfaces or views of the vehicle that support vehicle/traffic monitoring and management. External interfaces may also represent equipment that is carried into the vehicle (e.g., a smartphone that is brought into the vehicle). Internal interfaces are often implemented through a vehicle databus, which is also included in this object. Note that 'Vehicle' represents the general functions and interfaces that are associated with personal automobiles as well as commercial vehicles, emergency vehicles, transit vehicles, and other specialized vehicles. |
| Driver | Vehicle | The 'Driver' represents the person that operates a vehicle on the roadway. Included are operators of private, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle (e.g., interactions supporting vehicle safety applications). The Driver originates driver requests and receives driver information that reflects the interactions which might be useful to all drivers, regardless of vehicle classification. Information and interactions which are unique to drivers of a specific vehicle type (e.g., fleet interactions with transit, commercial, or emergency vehicle drivers) are covered by separate objects. |
| Parking Area Equipment | Field | 'Parking Area Equipment' provides electronic monitoring and management of parking facilities. It supports an I2V link to the Vehicle that allows electronic collection of parking fees and monitors and controls parking meters that support conventional parking fee collection. It also includes the instrumentation, signs, and other infrastructure that monitors parking lot usage and provides local information about parking availability and other general parking information. The two primary approaches to monitoring parking area usage are sensing vehicles within parking spots or counting vehicles as they come in and as they leave the area. This portion of the functionality must be located in the parking area where it can monitor, classify, and share information with customers and their vehicles. See also the separate 'Parking Management Center' physical object that may be located in a back office, remote from the parking area, which interfaces with the financial infrastructure and broadly disseminates parking information to other operational centers in the region. |
| Parking Management Center | Center | The 'Parking Management Center' manages one or more parking lots by providing configuration and control of field infrastructure, user account management and interfaces with financial systems to manage payment. This p-object takes the back office portion of the Parking Management System's functionality as it was defined in ARC-IT 8.3 and prior. |
| Personal Information Device | Personal | The 'Personal Information Device' provides the capability for travelers to receive formatted traveler information wherever they are. Capabilities include traveler information, trip planning, and route guidance. Frequently a smart phone, the Personal Information Device provides travelers with the capability to receive route planning and other personally focused transportation services from the infrastructure in the field, at home, at work, or while en-route. Personal Information Devices may operate independently or may be linked with vehicle on-board equipment. This subsystem also supports safety related services with the capability to broadcast safety messages and initiate a distress signal or request for help. |
| Potential Obstacles | Field | 'Potential Obstacles' represents any object that possesses the potential of being sensed and struck and thus also possesses physical attributes. Potential Obstacles include roadside obstructions, debris, animals, infrastructure elements (barrels, cones, barriers, etc.) or any other element that is in a potential path of the vehicle. Note that roadside objects and pieces of equipment that can become obstacles in a vehicle’s path can include materials, coatings, or labels (e.g., barcodes) that will improve the performance of the vehicle-based sensors that must detect and avoid these obstacles. See also 'Vulnerable Road Users' that more specifically represents the physical properties of shared users of the roadway that must also be detected. |
| Remote Vehicle Operator | Center | The 'Remote Vehicle Operator' represents the person or people that support remote vehicle control, monitoring the controlled vehicle and it's surrounding environment and providing control commands for use by the automated driving system in the remote vehicle. |
| Roadway Environment | Field | 'Roadway Environment' represents the physical condition and geometry of the road surface, markings, signs, and other objects on or near the road surface. It also represents the environmental conditions immediately surrounding the roadway. The roadway environment must be sensed and interpreted to support automated vehicle services. Surrounding conditions may include fog, ice, snow, rain, wind, etc. which will influence the way in which a vehicle can be safely operated on the roadway. The roadway environment must be monitored to enable corrective action and information dissemination regarding roadway conditions which may adversely affect travel. Infrastructure owner/operators can improve the roadway environment to improve the performance and accuracy of vehicle-based sensors that must sense and interpret this environment. Improvements could include changes in the shape, size, design, and materials used in signs, pavement markings, and other road features. |
| Traveler | Personal | The 'Traveler' represents any individual who uses transportation services. The interfaces to the traveler provide general pre-trip and en-route information supporting trip planning, personal guidance, and requests for assistance in an emergency that are relevant to all transportation system users. It also represents users of a public transportation system and addresses interfaces these users have within a transit vehicle or at transit facilities such as roadside stops and transit centers. |
| Vehicle | Vehicle | This 'Vehicle' physical object is used to model core capabilities that are common to more than one type of Vehicle. It provides the vehicle-based general sensory, processing, storage, and communications functions that support efficient, safe, and convenient travel. Many of these capabilities (e.g., see the Vehicle Safety service packages) apply to all vehicle types including personal vehicles (including motorcycles), commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle includes the common interfaces and functions that apply to all motorized vehicles. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle. Both one-way and two-way communications options support a spectrum of information services from basic broadcast to advanced personalized information services. Advanced sensors, processors, enhanced driver interfaces, and actuators complement the driver information services so that, in addition to making informed mode and route selections, the driver travels these routes in a safer and more consistent manner. This physical object supports all six levels of driving automation as defined in SAE J3016. Initial collision avoidance functions provide 'vigilant co-pilot' driver warning capabilities. More advanced functions assume limited control of the vehicle to maintain lane position and safe headways. In the most advanced implementations, this Physical Object supports full automation of all aspects of the driving task, aided by communications with other vehicles in the vicinity and in coordination with supporting infrastructure subsystems. |
| Vehicle Characteristics | Vehicle | 'Vehicle Characteristics' represents the external view of individual vehicles of any class from cars and light trucks up to large commercial vehicles and down to micromobility vehicles (MMVs). It includes vehicle physical characteristics such as height, width, length, weight, and other properties (e.g., magnetic properties, number of axles, occupants, emissions) of individual vehicles that can be sensed and measured or classified. This physical object represents the physical properties of vehicles that can be sensed by vehicle-based or infrastructure-based sensors to support vehicle automation and traffic sensor systems. The analog properties provided by this terminator represent the sensor inputs that are used to detect and assess vehicle(s) within the sensor's range to support safe AV operation and/or responsive and safe traffic management. |
| Vehicle Operations and Service Center | Center | 'Vehicle Operations and Service Center' (VOSC) represents centers that provide telematics services to vehicles using wide-area (e.g. cellular) communications, including traveler information, emergency services, vehicle diagnostics, over-the-air software updates, vehicle maintenance information and warnings, remote vehicle operation, and provision of service options for these vehicles. See also 'Transportation Information Center' that provides traveler information, trip planning, and routing services and 'Emergency Management Center' that provides call-taking and emergency response services that may also be implemented by a VOSC. |
| Vulnerable Road Users | Personal | 'Vulnerable Road Users' represents any roadway user not in a motorized vehicle capable of operating at the posted speed for the roadway in question, and also any roadway user in a vehicle not designed to encase (and thus protect) its occupants. This includes pedestrians, cyclists, wheelchair users, two-wheeled scooter micromobility users, as well as powered scooters and motorcycles. Note that this terminator represents the physical properties of vulnerable road users and their conveyance that may be sensed to support safe vehicle automation and traffic management in mixed mode applications where a variety of road users share the right-of-way. See also 'Pedestrian' and 'MMV User' Physical Objects that represent the human interface to these vulnerable road users. |
Includes Functional Objects:
| Functional Object | Description | Physical Object |
|---|---|---|
| Center Vehicle Remote Operations | 'Center Vehicle Remote Operations' provides communications, command and control capabilities sufficient for an operator in a remote location to monitor the performance of and control vehicles operating in the transportation environment. | Center |
| Parking Area Management | 'Parking Area Management' detects and classifies vehicles at parking facility entrances, exits, and other designated locations within the facility. Current parking availability is monitored and used to inform drivers through dynamic message signs/displays so that vehicles are efficiently routed to available spaces. Parking facility information, including current parking rates and directions to entrances and available exits, is also provided to drivers. | Parking Area Equipment |
| Parking Management | 'Parking Management' monitors parking area operations for one or more parking areas, monitoring current operational status including current parking occupancy and rates supporting back office operations. | Parking Management Center |
| Personal Vehicle Control | 'Personal Vehicle Control' provides command, control, and monitoring allowing a user to direct and monitor a vehicle in parking environments. | Personal Information Device |
| Vehicle Automated Parking | 'Vehicle Automated Parking' provides the capability for a vehicle to park itself, when commanded by the driver. | Vehicle |
| Vehicle Control Automation | 'Vehicle Control Automation' provides lateral and/or longitudinal control of a vehicle to allow 'hands off' and/or 'feet off' driving, automating the steering, accelerator, and brake control functions. It builds on the sensors included in 'Vehicle Safety Monitoring' and 'Vehicle Control Warning', receives warnings from 'Vehicle Intersection Movement', and uses the information about the area surrounding the vehicle to safely control the vehicle. It covers the range of incremental control capabilities from driver assistance systems that take over steering or acceleration/deceleration in limited scenarios with direct monitoring by the driver to full automation where all aspects of driving are automated under all roadway and environmental conditions, including providing, receiving, and acting on cooperation-related messaging. | Vehicle |
| Vehicle Remote Control | 'Vehicle Remote Control' receives control commands from a remote center or device and relays valid, authentic commands to the automated driving system for execution. It provides status of the vehicle and surrounding environment back to the remote operator. | Vehicle |
Includes Information Flows:
| Information Flow | Description |
|---|---|
| driver input | Driver input to the vehicle on-board equipment including configuration data, settings and preferences, interactive requests, and control commands. |
| driver input information | Driver input received from the driver-vehicle interface equipment via the vehicle bus. It includes configuration data, settings and preferences, interactive requests, and control commands for the connected vehicle on-board equipment. |
| driver update information | Information provided to the driver-vehicle interface to inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment. The flow includes the information to be presented to the driver and associated metadata that supports processing, prioritization, and presentation by the DVI as visual displays, audible information and warnings, and/or haptic feedback. |
| driver updates | Information provided to the driver including visual displays, audible information and warnings, and haptic feedback. The updates inform the driver about current conditions, potential hazards, and the current status of vehicle on-board equipment. |
| environmental conditions | Current road conditions (e.g., surface temperature, subsurface temperature, moisture, icing, treatment status) and surface weather conditions (e.g., air temperature, wind speed, precipitation, visibility) that are measured by environmental sensors. |
| host vehicle status | Information provided to the ITS on-board equipment from other systems on the vehicle platform. This includes the current status of the powertrain, steering, and braking systems, and status of other safety and convenience systems. In implementations where GPS is not integrated into the Vehicle On-Board Equipment, the host vehicle is also the source for data describing the vehicle's location in three dimensions (latitude, longitude, elevation) and accurate time that can be used for time synchronization across the ITS environment. |
| parking area arrival information | Detailed arrival information within a parking area and area entrances available for transit use. |
| parking area information | Current status for the parking area. This includes information on general parking area status (operating hours, open entrances and exits, entrance queue status, parking operator information, current parking occupancy and availability). |
| parking area management information | Parameters that support management of a parking area. Hours of operation, parking rules and regulations, parking operator (attendant) information, etc. |
| parking availability | Information on available parking. This flow identifies available spaces with associated information about parking restrictions and location for each available space. Specifically includes information on parking for commercial vehicles, coaches/buses, and cars - and likely also motorcycles, electric vehicle plugins, etc. |
| parking maneuver request | Request to move a vehicle to a designated parking spot, an intermediate staging area, or a pickup location. The request identifies the vehicle, the starting location, destination location, and information about the recommended route. |
| parking maneuver status | Current status of the vehicle during a parking maneuver, including the vehicle's location in three dimensions, heading, speed, acceleration, and braking status. |
| physical presence | Detection of an obstacle. Obstacle could include animals, incident management and construction elements such as cones, barrels and barriers, internal structures such as pillars and poles, rocks in roadway, etc. |
| remote operator data | Presentation of status of a remote controlled vehicle and its surrouding environment. This data keeps the operator appraised of current vehicle status and provides feedback to the operator as control commands are provided. It also supports review of historical data and preparation for future service activities. |
| remote operator input | User input from the remote vehicle operator including requests for information, configuration changes, remote vehicle control actions, and other operations data entry related to remote vehicle operation. |
| roadway characteristics | Detectable or measurable road characteristics such as friction coefficient and general surface conditions, road geometry, signs and indicators (e.g., speed limits, parking availability) and markings, etc. These characteristics are monitored or measured by ITS sensors and used to support advanced vehicle safety, parking, turning and lane change maneuvers and road maintenance capabilities. |
| traveler input | User input from a traveler to summon assistance, request travel information, make a reservation, or request any other traveler service. |
| traveler interface updates | Visual or audio information (e.g., routes, messages, guidance, emergency information) that is provided to the traveler. |
| vehicle automation commands | Direction to an automated driving system to perform vehicle control actions |
| vehicle characteristics | The physical or visible characteristics of individual vehicles that can be used to detect, classify, and monitor vehicles and imaged to uniquely identify vehicles and characterize their performance (e.g., speed, occupants, emissions). |
| vehicle commands | System-level control commands issued to vehicle equipment such as reset and remote diagnostics. |
| vehicle control | Control commands issued to vehicle actuators that control steering, throttle, and braking and other related commands that support safe transition between manual and automated vehicle control. This flow can also deploy restraints and other safety systems when a collision is unavoidable. |
| vehicle operating status | Information describing the operational state of a vehicle, including a range of potential information such as vehicle kinematics, occupancy and environmental conditions. |
| vehicle parking leave status | Status of the vehicle as it responds to a vehicle summons, including kinematics, location and estimated time of egress completion. |
| vehicle profile | Information about a vehicle such as vehicle make and model, fuel type, engine type, size and weight, vehicle performance and level of control automation, average emissions, average fuel consumption, passenger occupancy, or other data that can be used to classify vehicle eligibility for access to specific lanes, road segments, or regions or participation in cooperative vehicle control applications. |
| vehicle summons | Command to a vehicle to exit a parking area and rendezvous with the vehicle summoner. |
| vehicle video monitoring | Real-time images of the area inside or around the vehicle providing the information. |
| vulnerable road user presence | Detection of pedestrians, cyclists, and other vulnerable road users. This detection is based on physical characteristics of the user and their conveyance, which may be enhanced by design and materials that facilitate sensor-based detection and tracking of vulnerable road users. |
Goals and Objectives
Associated Planning Factors and Goals
| Planning Factor | Goal |
|---|
Associated Objective Categories 
| Objective Category |
|---|
Associated Objectives and Performance Measures
| Objective | Performance Measure |
|---|
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.
Needs and Requirements
| Need | Functional Object | Requirement | ||
|---|---|---|---|---|
Related Sources
| Document Name | Version | Publication Date |
|---|---|---|
| None |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
| Physical Object Security | ||||
|---|---|---|---|---|
| Physical Object | Confidentiality | Integrity | Availability | Security Class |
| Basic Vehicle | ||||
| Parking Area Equipment | Moderate | Moderate | Moderate | Class 2 |
| Parking Management Center | Moderate | Moderate | Moderate | Class 2 |
| Personal Information Device | Moderate | Moderate | Moderate | Class 2 |
| Potential Obstacles | ||||
| Roadway Environment | Not Applicable | Low | Low | Class 1 |
| Vehicle | Moderate | High | Moderate | Class 3 |
| Vehicle Characteristics | ||||
| Vehicle Operations and Service Center | Moderate | High | Moderate | Class 3 |
| Vulnerable Road Users | ||||
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
| Information Flow Security | |||||
|---|---|---|---|---|---|
| Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
| Basis | Basis | Basis | |||
| Basic Vehicle | Vehicle | driver input information | Moderate | High | High |
| Internal vehicle flow that if reverse engineered could enable third party vehicle control. Largely a competitive question, could be set LOW if manufacturer and operator are not concerned with this type of compromise. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | |||
| Basic Vehicle | Vehicle | host vehicle status | Low | Moderate | High |
| Unlikely that this includes any information that could be used against the originator. | This can be MODERATE or HIGH, depending on the application: This is used later on to determine whether a vehicle is likely going to violate a red light or infringe a work zone. This needs to be correct in order for the application to work correctly. | Since this monitors the health and safety of the vehicle and that information is eventually reported to the driver, it should be available at all times as it directly affects vehicle and operator safety. | |||
| Driver | Vehicle | driver input | Moderate | High | High |
| Data included in this flow may include origin and destination information, which should be protected from other's viewing as it may compromise the driver's privacy. | Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner | Commands must always be able to be given or the driver has no control. | |||
| Parking Area Equipment | Parking Management Center | parking area arrival information | Moderate | Moderate | Low |
| Does not include PII, but does include usage information for a managed facility that implies a number of vehicles. While this is observable information, it could be considered competitive, and regardless is accessible without being physically present, which is its own barrier. | Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken. | Most likely not a frequently updated flow. If application context requires frequent update this could be MODERATE. | |||
| Parking Area Equipment | Parking Management Center | parking area information | Moderate | Moderate | Low |
| Does not include PII, but does include usage information for a managed facility that implies a number of vehicles. While this is observable information, it could be considered competitive, and regardless is accessible without being physically present, which is its own barrier. | Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken. | While useful, there is no signficant impact if this flow is not available. | |||
| Parking Area Equipment | Vehicle | parking availability | Not Applicable | Moderate | Moderate |
| Intended for local public use, no need to obfuscate. | This data is used for trip planning for all types of vehicles. Failure to receive this information, or incorrect or fraudelent information, will negatively impact the trip for recipients of such data. | This data is used for trip planning for all types of vehicles. Failure to receive this information, or incorrect or fraudelent information, will negatively impact the trip for recipients of such data. | |||
| Parking Management Center | Parking Area Equipment | parking area management information | Moderate | Moderate | Low |
| This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. | If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation. | A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered. | |||
| Parking Management Center | Vehicle | parking availability | Not Applicable | Moderate | Moderate |
| Intended for local public use, no need to obfuscate. | This data is used for trip planning for all types of vehicles. Failure to receive this information, or incorrect or fraudelent information, will negatively impact the trip for recipients of such data. | This data is used for trip planning for all types of vehicles. Failure to receive this information, or incorrect or fraudelent information, will negatively impact the trip for recipients of such data. | |||
| Parking Management Center | Vehicle Operations and Service Center | parking area information | Moderate | Moderate | Low |
| Does not include PII, but does include usage information for a managed facility that implies a number of vehicles. While this is observable information, it could be considered competitive, and regardless is accessible without being physically present, which is its own barrier. | Generally transportation coordination information should be correct between source and destination, or inappropriate actions may be taken. | While useful, there is no signficant impact if this flow is not available. | |||
| Parking Management Center | Vehicle Operations and Service Center | parking maneuver request | Moderate | Moderate | Moderate |
| Vehicle commands should result in vehicle movement, which is directly observable. There may be instances where remote monitoring of these instructions enables a nefarious use case, which suggests a MODERATE level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | This flow directs vehicle movement, so needs to be unaltered lest the vehicle behave unexpectedly. There must always be a fallback for a driveable vehicle though, suggesting MODERATE at most. | Availability will depend on the parking structure; in some cases this will be MODERATE, in others LOW, depending on how much automated movements facilitate parking opreations. | |||
| Personal Information Device | Traveler | traveler interface updates | Not Applicable | Moderate | Moderate |
| Personalized data that includes directions and guidance for an individual, but eventually evident anyway. | Should be accurate as the Traveler will be relying on this information for routing and related choices. Lack of accuracy will result in lack of confidence from the traveler as well as an unsatisfactory trip, leading to a negative feedback spiral. | Users expect their devices to work. If information is not presented to the operator, the relevant applications simply won't be used. | |||
| Personal Information Device | Vehicle | vehicle summons | Moderate | Moderate | Moderate |
| Vehicle commands should result in vehicle movement, which is directly observable. There may be instances where remote monitoring of these instructions enables a nefarious use case, which suggests a MODERATE level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | This flow directs vehicle movement, so needs to be unaltered lest the vehicle behave unexpectedly. There must always be a fallback for a driveable vehicle though, suggesting MODERATE at most. | Availability will depend on the parking structure; in some cases this will be MODERATE, in others LOW, depending on how much automated movements facilitate parking opreations. | |||
| Personal Information Device | Vehicle Operations and Service Center | vehicle summons | Moderate | Moderate | Moderate |
| Vehicle commands should result in vehicle movement, which is directly observable. There may be instances where remote monitoring of these instructions enables a nefarious use case, which suggests a MODERATE level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | This flow directs vehicle movement, so needs to be unaltered lest the vehicle behave unexpectedly. There must always be a fallback for a driveable vehicle though, suggesting MODERATE at most. | Availability will depend on the parking structure; in some cases this will be MODERATE, in others LOW, depending on how much automated movements facilitate parking opreations. | |||
| Potential Obstacles | Vehicle | physical presence | |||
| Roadway Environment | Vehicle | environmental conditions | Not Applicable | Low | Low |
| Sensor-based information flows by definition have no confidentiality concerns. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | |||
| Roadway Environment | Vehicle | roadway characteristics | Not Applicable | Low | Low |
| Sensor-based information flows by definition have no confidentiality concerns. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | While typically security concerns related to sensing ignored, if considered this would be LOW, as the obfuscation or failure of any given environmental sensor is likely to be overcome by the mass of data necessary to draw environmental concluisions. | |||
| Traveler | Personal Information Device | traveler input | Not Applicable | Moderate | Low |
| This data is informing the vehicle of operational information that is relevant to the operation of the vehicle. It should not contain anything sensitive, and does not matter if another person can observe it. | While public, information must be correct or travelers may make incorrect decisions with regard to their travel plans. | Information is available through other means, though depending on the location this might not always be the case, in which case this would be MODERATE. | |||
| Vehicle | Basic Vehicle | driver update information | Low | Moderate | Moderate |
| This information is all presented to the vehicle operator. Encrypting this information may make it harder to reverse engineer vehicle systems, and may defeat criminal tracking tools when the vehicle has already been compromised. Unless those scenarios are of concern to the operator or manufacturer, this can safely be set LOW. | Any information presented to the operator of a vehicle should be both accurate and timely. By definition this includes safety information, but given that the driver has other means of learning about most threats, it seems difficult to justify HIGH. If HIGH is warranted, it should apply to both availability and integrity. | Any information presented to the operator of a vehicle should be both accurate and timely. By definition this includes safety information, but given that the driver has other means of learning about most threats, it seems difficult to justify HIGH. If HIGH is warranted, it should apply to both availability and integrity. | |||
| Vehicle | Basic Vehicle | vehicle control | Moderate | High | High |
| Internal vehicle flow that if reverse engineered could enable third party vehicle control. Largely a competitive question, could be set LOW if manufacturer and operator are not concerned with this type of compromise. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | Includes vehicle control commands, which must be timely and accurate to support safe vehicle operation. | |||
| Vehicle | Driver | driver updates | Not Applicable | Moderate | Moderate |
| This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. | This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. | If this information is not made available to the driver, then the system has not operated correctly. | |||
| Vehicle | Parking Area Equipment | vehicle profile | Low | High | Moderate |
| Includes no PII and probably includes information that could be observed, so no need for obfuscation. | As this information will be used to determine the vehicle's ability to access services or be charged usage fees, it must be correct and not easily forgeable. | This flow enables various services; if the flow is not available the vehicle may not be able to use those services, and also may be charged incorrectly. | |||
| Vehicle | Parking Management Center | vehicle profile | Low | High | Moderate |
| Includes no PII and probably includes information that could be observed, so no need for obfuscation. | As this information will be used to determine the vehicle's ability to access services or be charged usage fees, it must be correct and not easily forgeable. | This flow enables various services; if the flow is not available the vehicle may not be able to use those services, and also may be charged incorrectly. | |||
| Vehicle | Personal Information Device | vehicle parking leave status | Low | Moderate | Moderate |
| Vehicle status will be directly observable. There may be instances where remote monitoring of this status enables a nefarious use case, which suggests a LOW level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | If this flow is incorrect or unavailable, the vehicle owner/operator may be inconvenienced. It is unlikely there is a serious impact. | If this flow is incorrect or unavailable, the vehicle owner/operator may be inconvenienced. It is unlikely there is a serious impact. | |||
| Vehicle Characteristics | Parking Area Equipment | vehicle characteristics | |||
| Vehicle Characteristics | Vehicle | vehicle characteristics | |||
| Vehicle Operations and Service Center | Parking Management Center | parking maneuver status | Moderate | Moderate | Moderate |
| Vehicle commands should result in vehicle movement, which is directly observable. There may be instances where remote monitoring of these instructions enables a nefarious use case, which suggests a MODERATE level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | This flow directs vehicle movement, so needs to be unaltered lest the vehicle behave unexpectedly. There must always be a fallback for a driveable vehicle though, suggesting MODERATE at most. | Availability will depend on the parking structure; in some cases this will be MODERATE, in others LOW, depending on how much automated movements facilitate parking opreations. | |||
| Vehicle Operations and Service Center | Personal Information Device | vehicle parking leave status | Low | Moderate | Moderate |
| Vehicle status will be directly observable. There may be instances where remote monitoring of this status enables a nefarious use case, which suggests a LOW level of obfuscation is reasonable, as the impact is likely limited to a single vehicle with no safety impact. | If this flow is incorrect or unavailable, the vehicle owner/operator may be inconvenienced. It is unlikely there is a serious impact. | If this flow is incorrect or unavailable, the vehicle owner/operator may be inconvenienced. It is unlikely there is a serious impact. | |||
| Vehicle Operations and Service Center | Remote Vehicle Operator | remote operator data | Moderate | High | Moderate |
| While it is unlikely this has any safety impact, it may betray commercial operations, so should be protected for competitive reasons, and potentially for privacy reasons depending on the configuration of the vehicle. | If this flow is incorrect or unavailable remote operations will be negatively impacted, which can also impact surrounding vehicles; it may have a negative impact to convenience and safety, which could be MODERATE or HIGH depending on the type of vehicle, what it is carrying and where it is. | If this flow is incorrect or unavailable remote operations will be negatively impacted, which can also impact surrounding vehicles; it may have a negative impact to convenience and safety, which could be MODERATE or HIGH depending on the type of vehicle, what it is carrying and where it is. | |||
| Vehicle Operations and Service Center | Vehicle | vehicle commands | Moderate | High | Moderate |
| Commands could be sensitive and should include authentication data, thus should be MODERATE. | Invalid or corrupted vehicle control commands could have a significant safety impact, depending on the level of isolation between the Vehicle OBE and vehicle control systems. | Without the ability to locally diagnose, operate, update and configure the Vehicle OBE, the OBE is effectively out of control and would have to be taken out of service. Marked MODERATE and not HIGH however because a vehicle system is presumed to be able to operate without a connection to a backoffice service. For specific instances where this flow is used as part of a local, in-person configuration or maintenance service, would be HIGH. | |||
| Vulnerable Road Users | Vehicle | vulnerable road user presence | |||
Standards
The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages. These pages can be accessed directly from the SVG diagram(s) located on the Physical tab, by clicking on each information flow line on the diagram.
| Name | Title | Physical Object |
|---|---|---|
| SAE J3251 CDA Pedestrian Collision Avoidance | Cooperative Driving Automation (CDA) Feature: Perception Status Sharing for Occluded Pedestrian Collision Avoidance | Vehicle |
System Requirements
| No System Requirements |
