UL 5500:2018 Remote Software Updates.
UL 5500 covers REMOTE software updates taking into account the manufacturer’s recommended process. It is limited to software elements having an influence on safety and on compliance with the particular end product safety standard.
This standard additionally covers hardware compatibility necessary for safety of the REMOTE software update.
NOTE 1 This standard does not cover:
— Functional SECURITY such as premises, physical, and other similar scurri purposes;
— Safety related availability or connectivity of REMOTE communications;
— Field updates done with physical access by qualihed personnel;
— Software development lifecycle and maturity;
— Cryptographic techniques for the purposes of user data confidentiality and consumer privacy;
— Insider threat (corporate espionage); and
— REMOTE control operation of the product.
NOTE 2 This standard is intended to be used in conjunction with the appropriate end product safety standard.
2 Normative references
For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies:
Fl PS 140-2, (Annexes A, B and C) Security Requirements for Cryptographic Modules
IEEE 802.3, Standard for Ethernet
IEEE 802.11, Information Technology — Telecommunications and Information Exchange Between
Systems — Local and Metropolitan Area Networks — Specific Requirements Part 11. Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY) Specifications
IEEE 802.15.4, Standard for Low-Rate Wireless Networks
ISO/IEC 9796, Information Technology — Security Technologies — Digital Signature Scheme Giving Message Recovery
ISO/IEC 9797-1, In formation Technology — Security Technologies — Message Authentication Codes (MA Cs)
ISO/IEC 9798 (all parts), Information Technology — Security Technologies — Entity Authentication lSO/IEC 10118-1, Information Tecn9ogy — SGurity Technologies — 1-jash-Functions — Part 1: General
ISO/IEC 14888-1, In formation Technology — Security Technologies — Digital Signatures with Appendix — Part 1: General
ISO/lEG 15946-1, Information Technology — Security Technologies — Cryptographic Techniques Based on Elliptic Curves — Part 1: General
ISO/lEG 18033-1, Information Technology — Security Technologies — Encryption Algorithms — Part 1: General
ISO/IEC 29192-1, Information Technology — Security Techniques — Lightweight Cryptography — Part 1: General
ISO/IEC 19772, Information Technology — Security Techniques — Authenticated Encryption
NIST SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
NIST SP 800-57, Recommendation for Key Management, Part 1: General
3 Terms and definitions
For the purposes of this standard, the following definitions apply.
AUTHENTICATION
the process of verifying the identity of an ENTITY.
3.2
AUTHORIZATION
the process of permitting an authenticated ENTITY to access or manipulate the product or the product property to the extent the ENTITY has such permission.
Note to entry: In this context, manipulation means the downloading, installation and verification of software.
3.3
ENTITY
a person, device, product or service which interacts with another via a network.
3.4
INCIDENT
an occurrence that actually or potentially results in adverse safety consequences in the end device application.
Note to entry: INCIDENT is modified from: https://niccs.us-cert.gov/glossary#l
3.5
REMOTE
a term defined by the end product standard.UL 5500 pdf download.