HJ 1239.1-2021_English: PDF (HJ1239.1-2021)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
HJ 1239.1-2021 | English | 295 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Technical specification for emission remote supervision system of heavy-duty vehicles - Part 1: On-board terminal
| Valid |
HJ 1239.1-2021
|
Preview PDF: HJ 1239.1-2021
Standard ID | HJ 1239.1-2021 (HJ1239.1-2021) | Description (Translated English) | Technical specification for emission remote supervision system of heavy-duty vehicles - Part 1: On-board terminal | Sector / Industry | Environmental Protection Industry Standard | Word Count Estimation | 19,159 | Date of Issue | 2021-12-27 | Date of Implementation | 2022-07-01 | Regulation (derived from) | Ministry of Ecology and Environment Announcement No. 79 [2021] | Proposing organization | Ministry of Ecology and Environment | Issuing agency(ies) | Ministry of Ecology and Environment |
HJ 1239.1-2021
ECOLOGICAL ENVIRONMENTAL STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
Technical specification for emission remote supervision
system of heavy-duty vehicles - Part 1: On-board terminal
ISSUED ON: DECEMBER 27, 2021
IMPLEMENTED ON: JULY 01, 2022
Issued by: Ministry of Ecology and Environment
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions... 5
4 General requirements ... 6
5 Functional requirements ... 7
6 Performance requirements ... 11
7 Test methods ... 12
8 Implementation requirements ... 13
Appendix A (Normative) Test method of on-board terminal ... 14
Appendix B (Normative) Test of on-board terminal security ... 17
Appendix C (Normative) Test of data transmission, positioning, data consistency ... 20
Technical specification for emission remote supervision
system of heavy-duty vehicles - Part 1: On-board terminal
1 Scope
This standard specifies the technical requirements for on-board terminals of emission
remote monitoring systems of heavy-duty vehicle, including functions, performance
requirements, test methods.
This standard applies to equipment, which is installed on heavy-duty vehicles, for
collecting, storing, transmitting vehicle's OBD information and engine emission data.
2 Normative references
This standard refers to the following documents or clauses thereof. For the dated
documents, only the versions with the dates indicated are applicable to this document;
for the undated documents, only the latest version (including all the amendments) is
applicable to this standard.
GB 17691 Limits and measurement methods for emissions from diesel fueled
heavy-duty vehicles (CHINA VI)
GB/T 2423.18 Environmental testing - Part 2: Test methods - Test Kb: Salt mist,
cyclic (sodium chloride solution)
GB/T 4208 Degrees of protection provided by enclosure (IP code)
GB/T 28046.1 Road vehicles - Environmental conditions and testing for electrical
and electronic equipment - Part 1: General
GB/T 32960.2 Technical specifications of remote service and management system
for electric vehicles - Part 2: On-board terminal
GB/T 32960.3 Technical specifications of remote service and management system
for electric vehicles - Part 3: Communication protocol and data format
GB/T 37027 Information security technology - Specifications of definition and
description for network attack
ISO 9001 Quality management system
ISO 14001 Environmental management system
GM/T 0008 Cryptography test criteria for security IC
GM/T 0009 SM2 Cryptography algorithm application specification
3 Terms and definitions
The terms and definitions, which are defined in GB 17691, as well as the following
terms and definitions, apply to this standard.
3.1
Heavy-duty vehicles (HDV)
Heavy-duty vehicles in this standard refer to vehicles, that undergo type inspection
and information disclosure, in accordance with the technical requirements specified
in GB 17691, including compression-ignition engine vehicles, gas-fuel ignition
engine vehicles, dual-fuel vehicles, hybrid electric vehicles.
3.2
On-board terminal
Equipment, which is installed on heavy-duty vehicles, to collect, store, transmit
vehicle's on-board diagnostic system (OBD) information and engine emission data,
AND shall not be artificially removed. It is a pollution control device.
3.3
Digital signature
Data attached to a data unit, or a cryptographic conversion of a data unit. Such data
or conversion allows the receipt of the data unit to confirm the origin and integrity
of the data unit AND to protect the data from forgery or denial by a person (such as
the recipient).
3.4
Key
A sequence of symbols, which are used to control cryptographic transformation
operations (such as encryption, decryption, cryptographic verification function
computation, signature generation, or signature verification). It is an asymmetric key
pair, which consists of a public and private key. The private key is used for signature
or decryption, which shall not be disclosed. The public key is used for signature
verification or encryption.
3.5
Time to first fix (TTFF)
The time to obtain the correct fix, after the navigation receiver is powered on.
3.6
Re-get time
After a brief interruption of the satellite signal, the time when the navigation receiver
reacquires the satellite signal AND determines its current position.
3.7
Real-time kinematic (RTK)
The carrier phase difference technology, which is a difference method for processing
the carrier phase observations of two measuring stations in real time. It sends the
carrier phase, which is collected by the base station, to the user receiver, to calculate
the difference and resolve the coordinates.
4 General requirements
4.1 The on-board terminals for emission remote monitoring of heavy-duty vehicles shall
meet the requirements of GB 17691; meet the functional requirements, which are
specified in Chapter 5 of this standard; meet the performance requirements, which are
specified in Chapter 6.
4.2 In principle, the original OBD interface shall not be occupied, by the installation of
the on-board terminal for emission remote monitoring. If it is required to be occupied,
an OBD interface, that meets the relevant standards, shall be reserved separately.
4.3 Vehicle manufacturers shall install alarm light-related indicators, in prominent
positions, such as on-board terminals, dashboards or display panels. Owners of heavy-
duty vehicles can use the alarm lights and other indicators of on-board terminals, to
know the networking situation of on-board terminals, in real time.
4.4 The on-board terminal shall have anti-dismantling technical measures, to ensure
that the on-board terminal cannot be dismantled, without the authorization of the
vehicle manufacturer.
4.5 The on-board terminal shall ensure the data quality of the collected data. The service
life shall not be less than 7 years.
4.6 The vehicle manufacturer shall carry out the function and performance test of the
on-board terminal; the test method shall meet the provisions of Chapter 7.
5.6 Data retransmission
When the data communication link is abnormal, the on-board terminal shall store the
emission remote monitoring data locally. After the data communication link returns to
normal, the stored data is retransmitted. The data to be retransmitted shall be the data,
which is stored during the abnormal period of the communication link, within 5 × 24
hours before the time of restoration of communication. The data format is the same as
that of real-time transmission data. The data retransmission shall be carried out,
according to the specified communication protocol.
5.7 Alarm of removal
When the on-board terminal fails or is dismantled, the vehicle shall activate the driver
alarm system. If the technology allows, the removal alarm information can be
transmitted to the Ministry of Ecology and Environment, according to the prescribed
communication protocol. The alarm information includes the removal status, removal
time, positioning latitude and longitude information.
6 Performance requirements
6.1 Adaptability
According to the provisions of Appendix Q.7 of GB 17691, the electrical adaptability,
environmental adaptability, electromagnetic compatibility of the on-board terminal
shall meet the requirements of 4.3.1 ~ 4.3.3 in GB/T 32960.2. Among them, for
electromagnetic compatibility, the requirements of the on-board terminal for the
electrical transient conduction immunity test pulse 1, along the power line, are category
C.
6.2 Protection
6.2.1 Salt spray protection
For on-board terminals, which are installed in the cockpit, two test cycles shall be
carried out, according to the severity level (4), which is specified in GB/T 2423.18. For
the on-board terminal, which is installed outside the cockpit, it shall carry out four test
cycles, according to the severity level (5), which is specified in GB/T 2423.18. The
tightness is unchanged; the signs and labels are clearly visible; the functional status
shall reach the level C, which is defined in GB/T 28046.1.
6.2.2 Enclosure protection
The on-board terminal, which is installed in the cockpit, shall at least meet the
protection level of IP53, which is specified in GB/T 4208. The on-board terminal, which
is installed outside the cockpit, shall at least meet the protection level of IP65, which is
specified in GB/T 4208. After the enclosure protection test in accordance the Appendix
Appendix A
(Normative)
Test method of on-board terminal
A.1 Overview
This Appendix specifies the method for the function and performance test of the on-
board terminal, for emission remote monitoring of heavy-duty vehicle.
A.2 Test preparation
It shall prepare 4 sets of on-board terminals, corresponding wiring harnesses,
supporting connectors.
A.3 Test method of on-board terminals
A.3.1 Data acquisition and transmission test
A.3.1.1 Self-test and activation test
After the on-board terminal is connected to the power supply, the activation operation
is performed, on the testing platform (referring to the test platform, which is used by
the inspection agency when testing the on-board terminal), according to the process
shown in Figure 1. The activation function of the on-board terminal must meet the
requirements of 5.2. Check whether the on-board terminal is working normally,
according to the product manual, which is provided by the manufacturer. The self-test
function of the on-board terminal shall meet the requirements of 5.1; then check
whether the on-board terminal can be normally connected to the testing platform AND
have data transmitted to the platform.
A.3.1.2 Time and date inspections
Read the data, which is transmitted from the on-board terminal to the testing platform.
Check the time format in the data. Record the error of the standard time 24 hours, as
corresponding to the transmission time of the on-board terminal. The time and date,
which are provided by the on-board terminal, must meet the requirements of 5.3.6.
A.3.1.3 Data collection inspection
Read the data, which is transmitted from the on-board terminal to the testing platform.
Check whether the data frequency, data collection frequency, data content meet the
requirements of 5.3.1 ~ 5.3.4.
A.3.1.4 Simulation test of satellite navigation positioning performance
a) First fix time:
- Cold start: TTFF ≤ 120 s;
- Hot start: TTFF ≤ 10 s.
b) Location update frequency: Update frequency ≥ 1 Hz.
A.3.1.5 Data storage
Query the data storage function of the on-board terminal, according to the
manufacturer's instructions. Calculate the internal storage medium's capacity of the on-
board terminal, according to the amount of data, which is continuously transmitted for
10 minutes; it shall meet the storage requirements of 5.4.
A.3.1.6 Data retransmission
Create abnormal communication failure of the on-board terminal artificially; then
restore the communication. Use the testing platform, to check whether there is any re-
transmitted data, which meets the requirements of 5.6.
A.3.2 Performance test
A.3.2.1 Adaptability test
The electrical adaptation performance test, environmental adaptation performance test,
electromagnetic compatibility performance test of the on-board terminal shall be
carried out, in accordance with the relevant requirements of 5.2.1 ~ 5.2.3 in GB/T
32960.2.
A.3.2.2 Protection test
The salt spray performance of the on-board terminal shall be tested, according to the
test method, which is specified in GB/T 2423.18.
The on-board terminal is tested, in accordance with the test method for the
corresponding protection level, which is specified in GB/T 4208.
A.3.2.3 Service life test
The service life of the on-board terminal shall not be less than 7 years. The reliability
test method adopts the temperature alternating endurance life test method, in Appendix
A of GB/T 32960.2.
in China. The verified vulnerabilities and test cases shall obtain public vulnerability
numbers, which are granted by the vulnerability library or shared platform. The types
of vulnerabilities shall cover general-purpose vulnerabilities and event-type
vulnerabilities.
B.3.2.3 Integrity test of data, which is stored and transmitted by on-board terminal.
Send the specified source data to the on-board terminal; the on-board terminal transmits
it to the testing platform. Analyze the data, which is stored in the on-board terminal;
compare it with the specified source data, to confirm the integrity of the stored data.
Analyze the data, which is transmitted from the on-board terminal to the testing
platform; compare it with the specified source data, to confirm the integrity of the
transmission data.
B.3.2.4 Connect the on-board terminal to the enterprise platform. Use the testing
platform, to simulate the non-enterprise operation command AND send it to the on-
board terminal, to test whether the on-board terminal accepts and executes the
command.
B.3.3 Evaluation index
B.3.3.1 Response time: The sample under test outputs the first detected abnormal
command: if it is within 10 s (including 10 s) after the attack start, it passes the test; if
it is more than 10 s OR fails to detect the abnormal command, it fails the test.
B.3.3.2 The tested sample outputs all detected abnormal commands. If the ratio of
detected abnormal commands is greater than (including) 95%, it passes the test;
otherwise, it fails the test.
B.3.3.3 In the case of satisfying B.3.3.2, compare the correspondence between the test
result and the abnormal command. If the correct rate is greater than (inclusive) 99%, it
passes the test; otherwise, it fails the test.
B.3.3.4 If the on-board terminal system does not have any vulnerabilities, which are
disclosed by the authoritative vulnerability library for 6 months or more, it passes the
test; otherwise, it fails the test.
B.3.3.5 The data, which is stored and transmitted by the on-board terminal, shall be
complete.
B.3.3.6 The on-board terminal shall not execute the commands, which are issued by the
non-manufacturing enterprise platform.
B.4 Realization of security test method by cryptographic algorithm
B.4.1 Test equipment
The cryptographic algorithm's security testing equipment is as follows:
1) Side channel signal acquisition and analysis system;
2) Oscilloscope;
3) Electromagnetic acquisition probe;
4) Fault signal injection system;
5) Electromagnetic radiation generator;
6) Test result recording computer.
B.4.2 Test method
B.4.2.1 The testing manufacturer shall provide design and description documents OR
relevant national encryption certification.
B.4.2.2 The on-board terminal operates normally and obtains the signed data of the on-
board terminal; uses the cryptographic algorithm, which is declared by the manufacturer,
to verify the signature of at least 100 pieces of information. Use the interface, to verify
the correctness of use of its national encryption algorithm SM2. The test sample sender
provides the public key, the ID used for the signature, the signed data.
B.4.2.3 Through the side channel acquisition and analysis system and the test result
recording computer, use the electromagnetic acquisition probe and oscilloscope to
conduct side channel analysis, monitoring or cracking of the sample signature's
processing and transmission process.
B.4.2.4 Perform laser, electromagnetic or burr injection tests, on the signature
processing process of the security chip, through the fault signal injection system, to
analyze and crack the private key of the security chip.
B.4.3 Evaluation index
B.4.3.1 If the chip of the sample has a copy of the testing report of security level 2,
which is specified in GM/T 0008; meanwhile the sample has a copy of the commercial
cryptographic certificate, it will pass the testing; otherwise, it fails.
B.4.3.2 If the correct rate of the data, which participates in the signature verification, is
not less than 99%, it passes the test; otherwise, it fails.
B.4.3.3 If the test sample is encrypted by hardware, meanwhile the private key of the
encryption chip cannot be obtained, it passes the test; otherwise, it fails.
B.4.3.4 If the private key of the security chip cannot be obtained, by means of fault
injection, it passes the test; otherwise, it fails.
positioning information, at a frequency of 1 Hz. At the same time, a high-precision RTK
differential positioning receiver is used, to obtain the transient positioning information
of the vehicle under test, during motion.
After the test, remove the positioning data, which has a plane precision factor HDOP >
4 or the position precision factor PDOP > 6, from all the real-time positioning data, as
collected by the on-board terminal. Then compare the coordinates, which are output by
the on-board terminal, with the standard point, which is provided by the high-precision
RTK differential positioning receiver. The 95th percentile value of the positioning
trajectory error shall be within 5 m.
C.4.3 Test of data consistency of on-board terminal
Start the test vehicle. Connect the OBD communication device to the OBD interface of
the test vehicle. Select the corresponding OBD communication protocol, for
communication. Confirm that the testing platform starts to receive the data, which is
transmitted by the on-board terminal of the tested vehicle.
Read and record each OBD information of the tested vehicle, through the OBD
communication device. The OBD information of the test vehicle, which is received by
the testing platform, shall comply with the provisions of this standard, with no missing
items; meanwhile it shall have the same content as the corresponding OBD information,
which is read by the OBD communication device.
During the test process of C.4.2 or driving the test vehicle according to the conditions
specified in C.4.2, read and record each data stream information of the test vehicle,
through the OBD communication device (except for the data items, that cannot be read
by the OBD communication device). The data recording frequency is 1 Hz. For test
vehicles, which are equipped with NOX sensors, start the test, after confirming that the
NOX sensor has reached normal operating conditions and begins transmitting valid data.
For each fitting data flow information in Table C.1, according to the method of
Appendix KA.2.1 in GB 17691, align the data, which is received by the testing platform
during the test, with the data, which is recorded by the OBD communication equipment.
Follow the method of Appendix KA.2.2 in GB 17691, to carry out fitting by the least
square method. The fitting results shall meet the judgement criteria in Table C.1.
For atmospheric pressure, DPF pressure difference, reactant balance, fuel tank's liquid
level, the judgment method and judgment criteria of fitting data items are preferentially
used. If the fluctuation during the test is small and the least squares fitting cannot be
performed, calculate the average value of the data, which is received by the testing
platform, and the average value of the data, which is recorded by the OBD
communication device, during the test process. The difference between the two shall
satisfy the judgement criteria of the comparison data item, in Table C.1.
......
|