Study on Standardization of Data Retrieval Tools for DSSAD based on SAE J1698

2.1 DSSAD

With the growing need for autonomous vehicle operation and testing on public roads, the state of California enacted legislation in September 2012 to permit autonomous vehicle testing.⁶⁾ Subsequently, the US Department of Motor Vehicles (DMV) certification requirements for autonomous vehicles on public roads stipulated that autonomous vehicles must record driving data and have a separate structure with functional requirements similar to those of an EDR.⁷⁾

In South Korea, the performance standards and minimum data recording requirements for autonomous driving data recorders were defined through a partial amendment to the Regulations for Performance and Safety Standards of Motor Vehicle and Vehicle Parts since December 2020. This amendment specifies that autonomous driving data recorders must be able to store at least six months or 2,500 records, and that the minimum data recording requirements include autonomous driving system activation, release methods, and driving transition requirements. Moreover, for accident analysis, like EDRs, the recorded data must be extracted after a collision, and all recorded information must be accessible even when the vehicle’s on-board power supply is unavailable. In October 2023, the “Regulations for Safe-driving Requirements and Test-driving of Autonomous Vehicles” were enacted, with reference to laws and regulations from various countries, stipulating in Articles 17 and 18 that the installation of driving recorders and video recorders shall be mandatory.

As such, as the need for DSSADs has emerged, related regulations and standardization efforts are being discussed, particularly within the United Nations Economic Commission for Europe(UNECE) and ISO TC 22, with particularly active legislative and regulatory developments taking place in the European Union(EU). First, the UNECE GRVA(Working Party on Automated/Autonomous and Connected Vehicles), a group of autonomous driving experts under UNECE WP.29, has initiated discussions on the standardization of autonomous driving recorders. Key topics of the discussion include the procedure for differentiating from EDR, clarifying the definition of an incident, developing performance criteria and evaluation methodologies for DSSAD, and cybersecurity and software updates. Specifically, the EDR/DSSAD UNECE IWG(Informal Working Group) in July 2023 discussed data items and format specifications to be added to DSSAD.⁸⁾ In addition, measures to ensure the post-incident operability of DSSAD data extraction devices, similar to EDR, were proposed for further review in South Korea.⁹⁾

2.2 DSSAD and EDR-AD

While EDR records vehicle driving data starting from five seconds before an accident, DSSAD records various data during driving, storing information related to autonomous driving not only in the event of an accident but also continuously. Therefore, a different data storage method, aside from EDR, is necessary, requiring significantly larger storage capacity. Specifically, while EDR aims to analyze and reconstruct the cause of an accident, DSSAD continuously stores various information related to autonomous driving, regardless of the accident, aiming to determine responsibility for autonomous driving. Hence, some argue that DSSAD and EDR should be considered separately. However, some argue that DSSAD incorporates the characteristics of a digital tachograph(DTG), which records data during the driving of an autonomous vehicle regardless of the occurrence of an accident, and therefore should not be subject to EDR functional requirements. Therefore, a growing view, particularly in North America, suggests that accident recorders for autonomous vehicles should be addressed under the concept of Event Data Recorders for Automated Driving (EDR-AD), rather than DSSAD. This is summarized below (Table 1).

Table 1

Comparison of DSSAD and EDR-AD

However, SAE J3197 designates DSSADs as “autonomous driving system data loggers” and specifies that their purpose is to reconstruct automobile accidents.¹⁰⁾ This means that, in the absence of a human “driver,” the Automated Driving System(ADS) itself may serve as the sole witness to an accident, highlighting the need for ADS data recording to standardize information for accident reconstruction while supplementing the EDR defined in SAE J1698-1 to provide contextual understanding and judgment of the incident. Table 2 summarizes the standards and standards organizations related to EDR and DSSAD.¹¹⁾

Table 2

Status of EDR and DSSAD related standards

2.3 Status of DSSAD Standardization

In South Korea, the Autonomous Vehicle Standardization Forum, hosted by the Korea Standards Association, was launched in 2019 with the core goal of “securing leadership in international standardization to become a global leader in autonomous vehicles.”¹²⁾ Six standardization subcommittees associated with autonomous driving technology, including a policy subcommittee, are currently in operation. Furthermore, in 2021, the Ministry of Trade, Industry and Energy(MOTIE), the Ministry of Science and ICT(MSIT), the Ministry of Land, Infrastructure and Transport(MOLIT), and the Korean National Police Agency(KNPA) are leading the Autonomous Driving Technology Development Innovation Project, aiming to complete “the foundation for commercialization of convergent Level 4 or higher autonomous vehicles by 2027.” Specifically, among these, the “Development of a DSSAD Computing Platform and Extraction and Analysis System” project is currently underway with three subprojects, and a cross-ministerial technical consultative body is being operated with participation from the MOTIE, the KNPA, and the MOLIT.

To achieve Level 4 autonomous driving capabilities and higher, vehicles must be able to exchange diverse information with surrounding vehicles, roads, and the environment. To this end, South Korea is building related infrastructure and conducting demonstration projects in various regions with the goal of developing a next-generation intelligent transportation system(C-ITS: Cooperative-Intelligent Transport System). The C-ITS is a technology that enables road components, such as vehicles, pedestrians, and road infrastructure, to exchange information through communication(V2X), and based on this, aims to improve the safety and convenience of roads and vehicles. The C-ITS requires developing an integrated control center for safe and efficient traffic operation and control, technologies for generating traffic information in shadow zones, and a real-time optimal signal operation system at the network level.¹³⁾ In particular, the development of an integrated control center is necessary for safe and optimized autonomous driving operation management in a mixed autonomous driving environment. ISO stipulates the application of autonomous driving integrated traffic control big data systems and platforms, infrastructure-based sensor data, and integrated traffic information management technologies.^14,15) Additionally, for autonomous driving Level 4 and above, accident records, vehicle sensors, Electronic Control Units(ECUs), and chassis control devices are monitored and recorded during autonomous driving, with necessary data transmitted and received via the cloud.

In South Korea, the Guarantee of Automobile Accident Compensation Act establishes the Autonomous Vehicle Accident Investigation Committee under MOLIT, Infrastructure and Transport, defines its duties, and outlines the obligations of stakeholders to investigate accidents involving autonomous vehicles currently in temporary operation and determine liability for damages. Here, various traffic information and infrastructure data necessary for autonomous vehicle operation are stored and managed on control servers within the control center. According to Article 33-15 of the Enforcement Decree of the Act on the Guarantee of Automobile Accident Compensation, recording and retaining autonomous driving information is required for a minimum of six months.¹⁶⁾

3.1 Functional Requirements of the DSSAD Data Extraction Device

The data recorded in the DSSAD is expected to incorporate, in addition to the current EDR recording data, 13 types of autonomous driving accident-related information and vehicle driving-related information as defined in Article 111-3 of the “Regulations for Performance and Safety Standards of Motor Vehicle and Vehicle Parts.”¹⁹⁾ Moreover, the data recording method of the DSSAD was assumed to comply with Article 56-2, Paragraph 2[Appendix 5-25] of the Standards for Installation of Event Data Recorders,²⁰⁾ including the recording method of other additional data stored in the EDR, and record at a frequency of 2 Hz to 100 Hz.

The functional requirements of the DSSAD data extraction device considered in this study are defined as follows:

• ⋅ Software Requirements
• ⋅ Software Installation and Upgrade
• ⋅ Connection Configuration and Communication
• ⋅ Power Supply and Data Extraction Method
• ⋅ Connector Specifications(Legacy Product Compatibility)
• ⋅ Fault(Error) Display and Verification Method

3.2 SAE J1698

SAE J1698 is a standard that defines the definition and functional elements of EDRs. It covers the following three sub-standards (Table 4).⁴⁾ Among these, the standard related to EDR data extraction devices is SAE J1698-2, which utilizes existing industry standards to identify common physical interfaces and defines the protocols necessary to retrieve records stored in the EDR.

Table 4

SAE J1698 series

The SAE J1698-2, revised in July 2023, clearly reflects the latest industry standards, defining how data extraction devices image, convert, and report accident record data, and also includes updates to protocols and physical interfaces. Furthermore, while the previous version provided general requirements for data extraction devices, the revised version specifically stipulates how data should be extracted, translated, and reported, resulting in stricter standardization and improved compatibility (Table 5).⁵⁾

Table 5

SAE J1698-2 overall changes

3.3 UNECE, IEEE Standard Trends

In 2021, UNECE's WP.29 enacted UN R160, a regulation related to vehicles and EDRs. The UN R160 defined specific data collection and implementation requirements for EDRs,²¹⁾ and accordingly, in 2022, the EU approved new legislation mandating the installation of EDRs in all vehicles in categories M and N(passenger cars and trucks), which has been applied to all new vehicles since July 2024. However, the format and method of data extraction devices are left to the laws and manufacturers of each country.

Recently, the standardization of Motor Vehicle Event Data Recorders(MVEDR) and DSSAD has been based on IEEE 1616²²⁾ and SAE J3197 individually, but the standardization trend of autonomous driving technology is increasingly relying on the DSSAD Guidance²³⁾ of UN R157 ALKS(Automated Lane Keeping Systems). IEEE 1616 defines the compatibility of MVEDR output data and the output protocol of data elements, but it does not specify the data elements to be recorded, only specifying the data attributes. Table 6 synthesizes recent international standards related to MVEDR by the standards organization(Table 6).

Table 6

Global standards related MVEDR

3.4 Trends in Cybersecurity Standards

Cybersecurity standards related to EDR and DSSAD establish systematic criteria to prevent unauthorized access and tampering with vehicle data. UN R155 mandates a Cyber Security Management System (CSMS) for the entire vehicle,²⁴⁾ while UN R156 specifies the safety and integrity of software updates.²⁵⁾ Furthermore, ISO/SAE 21434 requires that vehicle cybersecurity be considered from the design stage,²⁶⁾ and EDR and DSSAD are also included in this category. Notably, IEEE 1616.1:2023 outlines the inclusion of security features, such as NFC authentication, port locking, and access logs, in DSSAD data extraction devices.²⁷⁾ The following table details this(Table 7).

Table 7

Global standards regarding cyber security

4.1 Data Protocol

The data protocol of data extraction devices is expanding from the existing EDR-centric approach to one focused on DSSAD and ADS Levels 3-5, and there is an increasing use of event-based timestamp recording and structured formats in JSON/XML format. Technically, in addition to OBD-II, various interfaces, such as Ethernet and wireless communication, are being introduced, along with diagnostic/extraction protocols based on UDS(Unified Diagnostic Services, ISO 14229), Diagnostic communication over Internet Protocol (DoIP, ISO 13400), and Open diagnostic data exchange (ODX, ISO 22901).^28-30) In terms of authentication and security, NFC(Near Field Communication), PKI(Public Key Infrastructure)-based access authentication, OBD locking, and data transmission log management are being strengthened.

Current standards include IEEE 1616/1616.1, which defines the storage method and authentication requirements for DSSADs, SAE J1698-2, which provides the EDR extraction protocol, and ISO 22900/22901, which provides the structure of data extraction messages.³¹⁾ These standards are evolving to include OTA-based data access and remote auditing capabilities in the future(Table 8).

Table 8

DSSAD data protocol trend

The following is a proposed standard based on SAE J1698 for items related to the data protocol, considering different technological and standardization trends.

⋅ Data Security

All data extracted and stored from the DSSAD through the data extraction device must be authenticated and encrypted according to the CCM (counter with cipher block chaining-message authentication code) mode of NIST SP 800-38C³²⁾ or an equivalent publicly available authentication and encryption standard.

⋅ Data Integrity

- To ensure that the DSSAD record can be consistently imaged through the data extraction device, the data extraction device must automatically image the DSSAD record at least three times and verify that the imaged records are identical.

- To ensure that the imaged record is identical to the DSSAD record, the data extraction device must ensure data integrity using a message authentication code(MAC) or an equivalent algorithm.

- If the DSSAD records are not identical, the extraction device must display a message to the user indicating the occurrence of an error and describing the nature of the error. If an error is detected, the data extraction device should not store or convert the DSSAD record.

⋅ Data Neutrality

The data extraction device should request data in a manner that is as forensically neutral as possible.

4.2 Interface Function of the Data Extraction Device

The interface function of the DSSAD data extraction device aims for safe and standardized data access from outside the vehicle. The UNECE DSSAD Guidance stipulates that it should use open standard interfaces such as OBD-II or Ethernet, and that it should be readable by anyone through an authenticated procedure.³³⁾ The IEEE 1616.1:2023 standard emphasizes the introduction of NFC and PKI-based Secure Access Layer, and a design that allows access even in offline conditions.

Furthermore, the ODX message structure based on ISO 22900/22901 and the UDS protocol(ISO 14229) have been adopted as data extraction communication standards, whereby DSSAD data is defined as timestamped, event-driven flag data rather than simple logs, necessitating time synchronization and structured response formats such as JSON or XML.

The following is a standard proposal for items related to the interface of the data extraction device based on SAE J1698, based on these technological and standard trends.

⋅ On-board Data Extraction

Information recorded in the DSSAD must be extractable via standardized communication interfaces such as the SAE J1962 diagnostic connector,³⁴⁾ and extraction devices must accommodate manufacturers’ arbitrary use of pins on the SAE J1962 connector, which arise due to unique vehicle-specific pin layouts and electrical architectures; furthermore, on-board data extraction assumes the DSSAD is powered by the vehicle.

⋅ Off-board Data Extraction

If data extraction from the vehicle is impossible due to an accident, the DSSAD should be removable from the vehicle for data extraction. Hence, in this case, the extraction device must be able to supply sufficient power to the DSSAD. A special interface adapter may be used for direct communication with the DSSAD or ECUs that contain some of the data necessary for analyzing the cause of an autonomous vehicle accident.

⋅ Incident Analysis System Data Transmission

A security system is required to support wired/wireless communication interfaces and establish an authentication procedure for the extraction device(terminal) in order to directly transmit DSSAD data from the extraction device to the incident analysis system.

Data and imaged records extracted from the DSSAD by the data extraction device must be tamper-proof and protected against unauthorized access. De-identification and transformation through a dedicated encryption algorithm are required. The de-identified data should only be decryptable by authorized users, such as operators of the incident analysis system.

A mutual authentication system based on domestic and international standards must be established to issue and manage separate certificates for data extraction devices. To block network access by unauthorized devices, access must be granted only to authorized users and extraction devices (terminals) by verifying the status of network devices, extraction devices(terminals), and user IDs.

4.3 Operation of the Data Extraction Device

The operation of the DSSAD data extraction device focuses on ensuring security and reliability. The UNECE DSSAD Guidance mandates a data extraction device that can operate even when the vehicle’s power is off and stipulates the provision of accurate timestamps and machine-readable formats(e.g., JSON/XML). IEEE 1616.1-2023 defines the detailed functional requirements of data extraction devices, encompassing NFC/PKI-based secure access authentication, chain-of-custody log recording, and interoperability with over-the-air(OTA) systems.

ISO 22901(ODX) defines standardized structures for data request and response messages to ensure interoperability among data extraction devices, while SAE J1698-2 considers the potential integration or separation of existing EDR and DSSAD data extraction methods. Therefore, DSSAD data extraction devices are evolving toward functionalities centered on multi-channel interfaces, secure authentication procedures, structured messaging, and data extraction capabilities designed to support legal compliance.

The following is a proposed standard based on SAE J1698 for items related to the operation of the data extraction device proposed in this study, based on these technological and standardization trends.

⋅ Hardware

The extraction device includes an interface tool, cables, adapters, and a power supply unit capable of extracting DSSAD records.

The extraction device must be able to extract DSSAD data and imaged records in on-board and off-board states.

The extraction device must support protocols and physical interfaces capable of communicating with the DSSAD.

⋅ Software

The software must be able to monitor and download data stored in the DSSAD and read or image the downloaded data.

It must also be compatible with the hardware components of the extraction device. Lastly, the software must be updatable.