Date: 2013 (second edition)
ISO 14229 defines common requirements for diagnostic systems, whatever the serial data link is. The idea is to allow a diagnostic tester (client) to control diagnostic functions in an on-vehicle Electronic Control Unit (ECU, server) such as electronic fuel injection, automatic gearbox, anti-lock braking system, etc. connected to a serial data link embedded in a road vehicle.
ISO 14229 is based on the Open Systems Interconnection (OSI) Basic Reference Model in accordance with ISO 7498-1 and ISO/IEC 10731, which structures communication systems into seven layers. When mapped on this model, the services used by a diagnostic tester (client) and an Electronic Control Unit (ECU, server) are broken into the following layers: application layer (7), presentation layer (6), session layer services (5), transport layer services (4), network layer services (3), data link layer (2), and physical layer (1). UDS utilizes the application layer (ISO 14229-1) and the session layer services (ISO 14229-2).
The standard is split into a number of sections:
- Application layer services
- Application layer protocol
- Service description conventions
- Diagnostics and Communication Management functional unit
- Data Transmission functional unit
- Stored Data Transmission functional unit
- InputOutput Control functional unit
- Routine functional unit
- Upload Download functional unit
Specifically pertaining to security can be found in two sections, both under the Diagnostic and
Communication management unit.
Firstly, the Security Access service requirement details how an ECU can be securely accessed by a client. This includes the use of a seed-key exchange mechanism, with a seed generated by the control unit, which is then used to compute a key at the client end, before unlocking the security-critical services from the control unit.
Different levels of security access can be implemented by using different sub-function byte values to symbolize different levels of security. It is up to the vehicle OEMs to decide whether they want to add additional security levels to differentiate the level of access given.
Secondly, requirements are set for Secured Data Transmission service, which includes the use of the security sub-layer as defined in ISO 15764. The service is applicable if a client-server intends to use the UDS in a secure-mode, meaning that data transmitted will be cryptographically protected. The Security Sub Layer of the transmitter encodes the encapsulated service, while the equivalent of the receiver decodes it.