BS ISO 37163:2020 Smart community infrastructures — Smart transportation for parking lot allocation in cities.
8 Data security control with smart transportation for parking lot allocation
8.1 General
By following ISO 37156 guidance to organize smart transportation for parking lot allocation and protect private or personal information from use for other purposes besides parking lot allocation system management, all information collected, used, exchanged and shared shall be protected from illegal or unauthorized access, especially by or for the following actions:
— information duplication;
— impersonation;
— tampering;
— information repudiation;
— privacy disclosure.
In contrast, drivers legally registered with parking lot allocation systems through an app can access authenticated information on parking lots.
To achieve such data protection in data processing and transfer, one-time use public-key cryptography is applied. In this way, public and private keys are used dynamically and shall be matched in the same ways, where both public and private keys should be temporarily created by a data sender (e.g. parking lot owners) and a data recipient (e.g. data platform managers). When confirming private and public key matching, a matching field is also temporarily created. A sender’s private key created by the sender and the sender’s public key created by a recipient using a common algorithm are combined in a matching field also temporarily created by the recipient. In the same way, a field is temporarily created by the sender, where the recipient’s private key created by the recipient is combined with the recipient’s public key created by the sender in the same algorithm. When both combinations in the two fields are successfully matched, respectively, they recognize each other with higher accuracy.
To obtain such high security, all personal object data or public and private keys and matching fields should be temporarily created and used only once. The security level of this procedure is the highest. To quickly process the procedure, agreements on the procedure to use a common algorithm to temporarily create keys and fields are made in advance among the participants in smart transportation for parking lot allocation. To be technically correct, private keys are not recognizable to any participants except the data sender. Therefore, participants can see only public keys when finding the correct data recipient.
Based on their security, drivers’ identified personal information can be combined or related to an authenticated vehicle information through registration with an app. The information shall be encrypted and authenticated to protect from illegal access, including intention and action to disclose privacy. Access to the information shall also be limited.BS ISO 37163 pdf download.