ST06: HOV/HOT Lane Management
This service package manages high-occupancy vehicle (HOV) and high-occupancy toll (HOT) lanes by coordinating freeway ramp meters and connector signals with HOV lane usage signals. Preferential treatment is given to HOV lanes using special bypasses, reserved lanes, and exclusive rights-of-way that may vary by time of day. Vehicle occupancy can be detected to verify HOV compliance and to notify enforcement agencies of violations. For HOT lane configurations, tolls are collected for vehicles that do not meet the high-occupancy criteria for the lane.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
Source | Destination | Role/Relationship |
---|---|---|
Connected Vehicle Roadside Equipment Maintainer | Connected Vehicle Roadside Equipment | Maintains |
Connected Vehicle Roadside Equipment Manager | Connected Vehicle Roadside Equipment | Manages |
Connected Vehicle Roadside Equipment Owner | Connected Vehicle Roadside Equipment Maintainer | System Maintenance Agreement |
Connected Vehicle Roadside Equipment Owner | Connected Vehicle Roadside Equipment Manager | Operations Agreement |
Connected Vehicle Roadside Equipment Owner | Enforcement Center Owner | Information Provision Agreement |
Connected Vehicle Roadside Equipment Owner | ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | ITS Roadway Payment Equipment Owner | Information Exchange and Action Agreement |
Connected Vehicle Roadside Equipment Owner | Traffic Management Center Owner | Information Exchange Agreement |
Connected Vehicle Roadside Equipment Owner | Vehicle OBE Owner | Expectation of Information Provision |
Connected Vehicle Roadside Equipment Supplier | Connected Vehicle Roadside Equipment Owner | Warranty |
Enforcement Center Maintainer | Enforcement Center | Maintains |
Enforcement Center Manager | Enforcement Center | Manages |
Enforcement Center Owner | Enforcement Center Maintainer | System Maintenance Agreement |
Enforcement Center Owner | Enforcement Center Manager | Operations Agreement |
Enforcement Center Supplier | Enforcement Center Owner | Warranty |
Financial Center Maintainer | Financial Center | Maintains |
Financial Center Manager | Financial Center | Manages |
Financial Center Owner | Financial Center Maintainer | System Maintenance Agreement |
Financial Center Owner | Financial Center Manager | Operations Agreement |
Financial Center Owner | Payment Administration Center Owner | Information Exchange Agreement |
Financial Center Supplier | Financial Center Owner | Warranty |
ITS Roadway Equipment Maintainer | ITS Roadway Equipment | Maintains |
ITS Roadway Equipment Manager | ITS Roadway Equipment | Manages |
ITS Roadway Equipment Owner | Connected Vehicle Roadside Equipment Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | ITS Roadway Equipment Maintainer | System Maintenance Agreement |
ITS Roadway Equipment Owner | ITS Roadway Equipment Manager | Operations Agreement |
ITS Roadway Equipment Owner | Other ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
ITS Roadway Equipment Owner | Traffic Management Center Owner | Information Exchange Agreement |
ITS Roadway Equipment Supplier | ITS Roadway Equipment Owner | Warranty |
ITS Roadway Payment Equipment Maintainer | ITS Roadway Payment Equipment | Maintains |
ITS Roadway Payment Equipment Manager | ITS Roadway Payment Equipment | Manages |
ITS Roadway Payment Equipment Owner | ITS Roadway Payment Equipment Maintainer | System Maintenance Agreement |
ITS Roadway Payment Equipment Owner | ITS Roadway Payment Equipment Manager | Operations Agreement |
ITS Roadway Payment Equipment Owner | Payment Administration Center Owner | Information Exchange Agreement |
ITS Roadway Payment Equipment Owner | Vehicle OBE Owner | Expectation of Information Provision |
ITS Roadway Payment Equipment Supplier | ITS Roadway Payment Equipment Owner | Warranty |
Other ITS Roadway Equipment Maintainer | Other ITS Roadway Equipment | Maintains |
Other ITS Roadway Equipment Manager | Other ITS Roadway Equipment | Manages |
Other ITS Roadway Equipment Owner | ITS Roadway Equipment Owner | Information Exchange and Action Agreement |
Other ITS Roadway Equipment Owner | Other ITS Roadway Equipment Maintainer | System Maintenance Agreement |
Other ITS Roadway Equipment Owner | Other ITS Roadway Equipment Manager | Operations Agreement |
Other ITS Roadway Equipment Supplier | Other ITS Roadway Equipment Owner | Warranty |
Payment Administration Center Maintainer | Payment Administration Center | Maintains |
Payment Administration Center Manager | Payment Administration Center | Manages |
Payment Administration Center Owner | Enforcement Center Owner | Information Provision Agreement |
Payment Administration Center Owner | Financial Center Owner | Information Exchange Agreement |
Payment Administration Center Owner | ITS Roadway Payment Equipment Owner | Information Exchange Agreement |
Payment Administration Center Owner | Payment Administration Center Maintainer | System Maintenance Agreement |
Payment Administration Center Owner | Payment Administration Center Manager | Operations Agreement |
Payment Administration Center Owner | Personal Information Device Owner | Information Exchange Agreement |
Payment Administration Center Owner | Vehicle OBE Owner | Information Exchange Agreement |
Payment Administration Center Supplier | Payment Administration Center Owner | Warranty |
Payment Device Maintainer | Payment Device | Maintains |
Payment Device Manager | Payment Device | Manages |
Payment Device Owner | Payment Device Maintainer | System Maintenance Agreement |
Payment Device Owner | Payment Device Manager | Operations Agreement |
Payment Device Owner | Vehicle OBE Owner | Expectation of Data Provision |
Payment Device Supplier | Payment Device Owner | Warranty |
Personal Information Device Maintainer | Personal Information Device | Maintains |
Personal Information Device Manager | Personal Information Device | Manages |
Personal Information Device Owner | Payment Administration Center Owner | Information Exchange and Action Agreement |
Personal Information Device Owner | Personal Information Device Maintainer | System Maintenance Agreement |
Personal Information Device Owner | Personal Information Device Manager | Operations Agreement |
Personal Information Device Supplier | Personal Information Device Owner | Warranty |
Traffic Management Center Maintainer | Traffic Management Center | Maintains |
Traffic Management Center Manager | Traffic Management Center | Manages |
Traffic Management Center Manager | Traffic Operations Personnel | System Usage Agreement |
Traffic Management Center Owner | Connected Vehicle Roadside Equipment Owner | Information Exchange Agreement |
Traffic Management Center Owner | Enforcement Center Owner | Information Provision Agreement |
Traffic Management Center Owner | ITS Roadway Equipment Owner | Information Exchange Agreement |
Traffic Management Center Owner | Traffic Management Center Maintainer | System Maintenance Agreement |
Traffic Management Center Owner | Traffic Management Center Manager | Operations Agreement |
Traffic Management Center Owner | Transportation Information Center Owner | Information Provision Agreement |
Traffic Management Center Supplier | Traffic Management Center Owner | Warranty |
Traffic Operations Personnel | Traffic Management Center | Operates |
Transportation Information Center Maintainer | Transportation Information Center | Maintains |
Transportation Information Center Manager | Transportation Information Center | Manages |
Transportation Information Center Owner | Transportation Information Center Maintainer | System Maintenance Agreement |
Transportation Information Center Owner | Transportation Information Center Manager | Operations Agreement |
Transportation Information Center Owner | Vehicle OBE Owner | Information Provision Agreement |
Transportation Information Center Supplier | Transportation Information Center Owner | Warranty |
Vehicle OBE Maintainer | Vehicle OBE | Maintains |
Vehicle OBE Manager | Vehicle OBE | Manages |
Vehicle OBE Owner | Connected Vehicle Roadside Equipment Owner | Expectation of Data Provision |
Vehicle OBE Owner | ITS Roadway Payment Equipment Owner | Expectation of Data Provision |
Vehicle OBE Owner | Payment Administration Center Owner | Information Exchange Agreement |
Vehicle OBE Owner | Payment Device Owner | Expectation of Data Provision |
Vehicle OBE Owner | Vehicle OBE Maintainer | System Maintenance Agreement |
Vehicle OBE Owner | Vehicle OBE Manager | Operations Agreement |
Vehicle OBE Supplier | Vehicle OBE Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
Physical Object | Class | Description |
---|---|---|
Connected Vehicle Roadside Equipment | Field | 'Connected Vehicle Roadside Equipment' (CV RSE) represents the Connected Vehicle roadside devices that are used to send messages to, and receive messages from, nearby vehicles using Dedicated Short Range Communications (DSRC) or other alternative wireless communications technologies. Communications with adjacent field equipment and back office centers that monitor and control the RSE are also supported. This device operates from a fixed position and may be permanently deployed or a portable device that is located temporarily in the vicinity of a traffic incident, road construction, or a special event. It includes a processor, data storage, and communications capabilities that support secure communications with passing vehicles, other field equipment, and centers. |
Enforcement Center | Center | The 'Enforcement Center' represents the systems that receive reports of violations detected by various ITS facilities including individual vehicle emissions, lane violations, toll violations, CVO violations, etc. |
Financial Center | Center | The 'Financial Center' represents the organization that handles electronic fund transfer requests to enable the transfer of funds from the user of the service to the provider of the service. The functions and activities of financial clearinghouses are covered by this physical object. |
ITS Roadway Equipment | Field | 'ITS Roadway Equipment' represents the ITS equipment that is distributed on and along the roadway that monitors and controls traffic and monitors and manages the roadway. This physical object includes traffic detectors, environmental sensors, traffic signals, highway advisory radios, dynamic message signs, CCTV cameras and video image processing systems, grade crossing warning systems, and ramp metering systems. Lane management systems and barrier systems that control access to transportation infrastructure such as roadways, bridges and tunnels are also included. This object also provides environmental monitoring including sensors that measure road conditions, surface weather, and vehicle emissions. Work zone systems including work zone surveillance, traffic control, driver warning, and work crew safety systems are also included. |
ITS Roadway Payment Equipment | Field | 'ITS Roadway Payment Equipment' represents the roadway components of a toll collection system. It provides the capability for vehicle operators to pay tolls without stopping their vehicles. It supports use of locally determined pricing structures and includes the capability to implement various variable pricing policies. Typically, transactions are accompanied by feedback to the customer and a record of the transactions is provided to a back office system (e.g., the Payment Administration Center). |
Light Vehicle Driver | Vehicle | The 'Light Vehicle Driver' represents the person that operates a light vehicle on the roadway. This physical object covers the interactions that are specific to light, passenger vehicles. See also the 'Driver' physical object that covers interactions that are shared by operators of light, transit, commercial, and emergency vehicles where the interactions are not particular to the type of vehicle. |
Light Vehicle OBE | Vehicle | The 'Light Vehicle OBE' includes traveler-oriented capabilities that apply to passenger cars, trucks, and motorcycles that are used for personal travel. The rules vary by jurisdiction, but generally light vehicles are restricted in their weight and the maximum number of passengers they can carry. In ARC-IT, the Light Vehicle OBE represents vehicles that are operated as personal vehicles that are not part of a vehicle fleet and are not used commercially; thus, the choice between the various vehicle subsystems should be based more on how the vehicle is used than how much the vehicle weighs. See also the 'Vehicle' subsystem that includes the general safety and information services that apply to all types of vehicles, including light vehicles. |
Other ITS Roadway Equipment | Field | Representing another set of ITS Roadway Equipment, 'Other ITS Roadway Equipment' supports 'field device' to 'field device' communication and coordination, and provides a source and destination for information that may be exchanged between ITS Roadway Equipment. The interface enables direct coordination between field equipment. Examples include the direct interface between sensors and other roadway devices (e.g., Dynamic Message Signs) and the direct interface between roadway devices (e.g., between a Signal System Master and Signal System Local equipment) or a connection between an arterial signal system master and a ramp meter controller. |
Payment Administration Center | Center | The 'Payment Administration Center' provides general payment administration capabilities and supports the electronic transfer of funds from the customer to the transportation system operator or other service provider. Charges can be recorded for tolls, vehicle-mileage charging, congestion charging, or other goods and services. It supports traveler enrollment and collection of both pre-payment and post-payment transportation fees in coordination with the financial infrastructure supporting electronic payment transactions. The system may establish and administer escrow accounts depending on the clearinghouse scheme and the type of payments involved. It may post a transaction to the customer account, generate a bill (for post-payment accounts), debit an escrow account, or interface to a financial infrastructure to debit a customer designated account. It supports communications with the ITS Roadway Payment Equipment to support fee collection operations. As an alternative, a wide-area wireless interface can be used to communicate directly with vehicle equipment. It also sets and administers the pricing structures and may implement road pricing policies in coordination with the Traffic Management Center. |
Payment Device | Personal | The 'Payment Device' enables the electronic transfer of funds from the user of a service (I.e. a traveler) to the provider of the service. Potential implementations include smart cards that support payment for products and services, including transportation services and general purpose devices like smart phones that support a broad array of services, including electronic payment. In addition to user account information, the payment device may also hold and update associated user information such as personal profiles, preferences, and trip histories. |
Personal Information Device | Personal | The 'Personal Information Device' provides the capability for travelers to receive formatted traveler information wherever they are. Capabilities include traveler information, trip planning, and route guidance. Frequently a smart phone, the Personal Information Device provides travelers with the capability to receive route planning and other personally focused transportation services from the infrastructure in the field, at home, at work, or while en-route. Personal Information Devices may operate independently or may be linked with vehicle on-board equipment. This subsystem also supports safety related services with the capability to broadcast safety messages and initiate a distress signal or request for help. |
Traffic Management Center | Center | The 'Traffic Management Center' monitors and controls traffic and the road network. It represents centers that manage a broad range of transportation facilities including freeway systems, rural and suburban highway systems, and urban and suburban traffic control systems. It communicates with ITS Roadway Equipment and Connected Vehicle Roadside Equipment (RSE) to monitor and manage traffic flow and monitor the condition of the roadway, surrounding environmental conditions, and field equipment status. It manages traffic and transportation resources to support allied agencies in responding to, and recovering from, incidents ranging from minor traffic incidents through major disasters. |
Traffic Operations Personnel | Center | 'Traffic Operations Personnel' represents the people that operate a traffic management center. These personnel interact with traffic control systems, traffic surveillance systems, incident management systems, work zone management systems, and travel demand management systems. They provide operator data and command inputs to direct system operations to varying degrees depending on the type of system and the deployment scenario. |
Transportation Information Center | Center | The 'Transportation Information Center' collects, processes, stores, and disseminates transportation information to system operators and the traveling public. The physical object can play several different roles in an integrated ITS. In one role, the TIC provides a data collection, fusing, and repackaging function, collecting information from transportation system operators and redistributing this information to other system operators in the region and other TICs. In this information redistribution role, the TIC provides a bridge between the various transportation systems that produce the information and the other TICs and their subscribers that use the information. The second role of a TIC is focused on delivery of traveler information to subscribers and the public at large. Information provided includes basic advisories, traffic and road conditions, transit schedule information, yellow pages information, ride matching information, and parking information. The TIC is commonly implemented as a website or a web-based application service, but it represents any traveler information distribution service. |
Vehicle Characteristics | Vehicle | 'Vehicle Characteristics' represents the external view of individual vehicles of any class from cars and light trucks up to large commercial vehicles and down to micromobility vehicles (MMVs). It includes vehicle physical characteristics such as height, width, length, weight, and other properties (e.g., magnetic properties, number of axles) of individual vehicles that can be sensed and measured or classified. This physical object represents the physical properties of vehicles that can be sensed by vehicle-based or infrastructure-based sensors to support vehicle automation and traffic sensor systems. The analog properties provided by this terminator represent the sensor inputs that are used to detect and assess vehicle(s) within the sensor's range to support safe AV operation and/or responsive and safe traffic management. |
Includes Functional Objects:
Functional Object | Description | Physical Object |
---|---|---|
Light Vehicle Basic Toll/Parking Payment | 'Vehicle Basic Toll/Parking Payment' includes the traditional on-board systems that pay for tolls and parking electronically. It includes the in-vehicle equipment that communicates with the toll/parking plaza and an optional interface to a carry-in payment device. See also 'Vehicle Payment Services', which provides a broader range of payment services. | Light Vehicle OBE |
Light Vehicle Payment Service | 'Light Vehicle Payment Service' supports vehicle payments including VMT- and zone-based payments and payments for other services including fuel/charging services, tolls, and parking. To support VMT-based payment, this application tracks the location of the vehicle at specific times and reports this VMT data along with vehicle identification. A variety of pricing strategies are supported, including strategies that include credits or incentives that reward desired driving patterns and behavior. The onboard equipment supports secure short range communications with connected vehicle roadside equipment to support secure payments. | Light Vehicle OBE |
Light Vehicle Restricted Lanes Application | The 'Light Vehicle Restricted Lanes Application' monitors and reports its own operating parameters and communicates with roadside equipment to safely enter, operate within, and exit eco-lanes and other controlled-access lanes. | Light Vehicle OBE |
Light Vehicle Roadside Information Reception | 'Light Vehicle Roadside Information Reception' receives advisories, vehicle signage data, and other driver information and presents this information to the driver using in-vehicle equipment. Information presented may include fixed sign information, traffic control device status (e.g., signal phase and timing data), advisory and detour information, warnings of adverse road and weather conditions, travel times, and other driver information. | Light Vehicle OBE |
PAC Payment Administration | 'PAC Payment Administration' provides administration and management of payments associated with electronic toll collection, parking payments, and other e-payments. It provides the back office functions that support enrollment, pricing, reduced fare eligibility, payment reconciliation with financial institutions, and violation notification to enforcement agencies. It also supports dynamic pricing to support demand management. | Payment Administration Center |
Personal Interactive Traveler Information | 'Personal Interactive Traveler Information' provides traffic information, road conditions, transit information, yellow pages (traveler services) information, special event information, and other traveler information that is specifically tailored based on the traveler's request and/or previously submitted traveler profile information. It also supports interactive services that support enrollment, account management, and payments for transportation services. The interactive traveler information capability is provided by personal devices including personal computers and personal portable devices such as smart phones. | Personal Information Device |
Roadway Basic Surveillance | 'Roadway Basic Surveillance' monitors traffic conditions using fixed equipment such as loop detectors and CCTV cameras. | ITS Roadway Equipment |
Roadway HOV Control | 'Roadway HOV Control' monitors and controls high occupancy vehicle (HOV) and high occupancy toll (HOT) lanes. It includes traffic sensors that monitor HOV lane usage and display equipment such as lane control signals that provide lane status to drivers. | ITS Roadway Equipment |
Roadway Toll Collection Support | 'Roadway Toll Collection Support' provides toll plazas the capability to identify properly equipped vehicles, collect electronic tolls, and provide a positive indication to the driver that a toll was collected. Violators are identified and images are collected. Toll transactions are stored and reported to the Payment Administration Center. | ITS Roadway Payment Equipment |
RSE Restricted Lanes Application | The 'RSE Restricted Lanes Application' uses short range communications to monitor and manage dynamic and static restricted lanes. It collects vehicle profile information from vehicles entering the lanes and monitors vehicles within the lanes, providing aggregate data to the back office center. It provides lane restriction information and signage data to the vehicles and optionally identifies vehicles that violate the current lane restrictions. These functions are performed based on operating parameters provided by the back office managing center(s). | Connected Vehicle Roadside Equipment |
RSE Traveler Information Communications | 'RSE Traveler Information Communications' includes field elements that distribute information to vehicles for in-vehicle display. The information may be provided by a center (e.g., variable information on traffic and road conditions in the vicinity of the field equipment) or it may be determined and output locally (e.g., static sign information and signal phase and timing information). This includes the interface to the center or field equipment that controls the information distribution and the short range communications equipment that provides information to passing vehicles. | Connected Vehicle Roadside Equipment |
TIC Traffic Control Dissemination | 'TIC Traffic Control Dissemination' disseminates intersection status, lane control information, and other traffic control related information that is real-time or near real-time in nature and relevant to vehicles in a relatively local area on the road network. It collects traffic control information from Traffic Management Center(s) and disseminates the relevant information to vehicles and other mobile devices. | Transportation Information Center |
TMC Basic Surveillance | 'TMC Basic Surveillance' remotely monitors and controls traffic sensor systems and surveillance (e.g., CCTV) equipment, and collects, processes and stores the collected traffic data. Current traffic information and other real-time transportation information is also collected from other centers. The collected information is provided to traffic operations personnel and made available to other centers. | Traffic Management Center |
TMC HOV Lane Management | 'TMC HOV Lane Management' provides center monitoring and control of HOV lanes. It coordinates freeway ramp meters and connector signals with HOV lane usage signals to provide preferential treatment to HOV lanes. In advanced implementations, it automatically detects HOV violators. | Traffic Management Center |
TMC In-Vehicle Signing Management | 'TMC In-Vehicle Signing Management' controls and monitors RSEs that support in-vehicle signing. Sign information that may include static regulatory, service, and directional sign information as well as variable information such as traffic and road conditions can be provided to the RSE, which uses short range communications to send the information to in-vehicle equipment. Information that is currently being communicated to passing vehicles and the operational status of the field equipment is monitored by this application. The operational status of the field equipment is reported to operations personnel. | Traffic Management Center |
TMC Restricted Lanes CV Application | 'TMC Restricted Lanes CV Application' manages dynamic lanes for connected vehicles. The application provides the back office functions and supports the TMC operator in establishing and managing dynamic lanes using communications to manage lane use for connected vehicles. | Traffic Management Center |
Includes Information Flows:
Information Flow | Description |
---|---|
authorization request | Request to determine if a transportation user is authorized to use a particular transportation resource. |
authorization response | Notification of status of authorization request. |
lane management control | Information used to configure and control dynamic lane management systems. |
lane management coordination | The direct flow of information between field equipment. This includes information used to configure and control dynamic lane management systems and the status of managed lanes including current operational state, violations, and logged information. This also includes lane usage information including both traditional traffic flow measures and special information associated with managed lanes such as measured passenger occupancies. It also includes the operational status of the lane management equipment. |
lane management information | System status of managed lanes including current operational state, violations, and logged information. This includes lane usage information including both traditional traffic flow measures and special information associated with managed lanes such as measured passenger occupancies. It also includes the operational status of the lane management equipment. |
lane violation notification | Notification to enforcement agency of detected lane entry violations, lane speed violations, or other dynamic lane violations. Lane entry violations may be issued for restricted vehicle types or vehicles that do not meet required emissions or passenger occupancy standards that enter a managed lane. This notification identifies the vehicle and documents the lane parameter that was violated. |
payment instructions | Information provided to configure and support fixed point payment operations including pricing information, user account information, and operational parameters used to control equipment that controls access, collects payment, and detects and processes violations. |
payment methods financial institution | A list of valid payment methods accepted by a financial center. |
payment request | Request for payment from financial institution or related financial service requests (e.g., balance inquiry) |
payment transactions | Detailed list of transactions including violations. Each transaction includes the date/time, vehicle/customer, and transaction amount. Additional information is included to support delayed payment and violation processing. |
payment violation notification | Notification to enforcement agency of a toll, parking, or transit fare payment violation. |
registered secureIDs | Cryptographically protected identifier indicating that the user associated with the identifier is entitled to use a particular service. |
restricted lanes application info | Restricted lane application configuration data and messaging parameters. This flow defines the location, duration, and operating parameters for lanes that are reserved for the exclusive use of certain types of vehicles (e.g., transit vehicles) or vehicles that meet other qualifications (e.g., number of occupants, low emissions criteria). It may also identify additional vehicles that may be allowed in the lanes as exceptions, though they don't meet specified criteria. It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, speed limits and platooning parameters. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted. |
restricted lanes application status | Current RSE application status that is monitored by the back office center including the operational state of the RSE, current configuration parameters, and a log of lane use (aggregate profiles of vehicles that checked in to the lane and reported vehicle speeds in the lanes) and RSE communications activity. |
restricted lanes information | This flow defines the location, duration, and operating parameters for lanes that are reserved for the exclusive use of certain types of vehicles (e.g., transit vehicles) or vehicles that meet other qualifications (e.g., number of occupants, low emissions criteria). It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, speed limits and platooning parameters. |
settlement | Information exchanged to settle charges and distribute or debit accounts appropriate to the authorized charges. |
traffic detector control | Information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors. |
traffic detector coordination | The direct flow of information between field equipment. This includes information used to configure and control traffic detector systems such as inductive loop detectors and machine vision sensors Raw and/or processed traffic detector data is returned that allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors |
traffic detector data | Raw and/or processed traffic detector data which allows derivation of traffic flow variables (e.g., speed, volume, and density measures) and associated information (e.g., congestion, potential incidents). This flow includes the traffic data and the operational status of the traffic detectors |
traffic operator data | Presentation of traffic operations data to the operator including traffic conditions, current operating status of field equipment, maintenance activity status, incident status, video images, security alerts, emergency response plan updates and other information. This data keeps the operator appraised of current road network status, provides feedback to the operator as traffic control actions are implemented, provides transportation security inputs, and supports review of historical data and preparation for future traffic operations activities. |
traffic operator input | User input from traffic operations personnel including requests for information, configuration changes, commands to adjust current traffic control strategies (e.g., adjust signal timing plans, change DMS messages), and other traffic operations data entry. |
user account reports | Reports on services offered/provided and associated charges. |
user account setup | Billing information, vehicle information (or registration information), and requests for reports. Also includes subsequent account changes. |
vehicle characteristics | The physical or visible characteristics of individual vehicles that can be used to detect, classify, and monitor vehicles and imaged to uniquely identify vehicles. |
vehicle occupancy | The number of occupants in a vehicle. |
vehicle occupancy coordination | The direct flow of information between field equipment. This flow shares the number of occupants detected in passing vehicles as well as the status of the vehicle occupant counting equipment, if applicable. |
vehicle signage application info | In-vehicle signing application configuration data and messaging parameters. This flow provides a list of regulatory, warning, and information messages to be displayed and parameters that support scheduling and prioritizing messages to be issued to passing vehicles. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted. |
vehicle signage application status | In-vehicle signing application status reported by the RSE. This includes current operational state and status of the RSE and a log of messages sent to passing vehicles. |
vehicle signage local data | Information provided by adjacent field equipment to support in-vehicle signing of dynamic information that is currently being displayed to passing drivers. This includes the dynamic information (e.g., local traffic and road conditions, work zone information, lane restrictions, detours, closures, advisories, parking availability, etc.) and control parameters that identify the desired timing, duration, and priority of the signage data. |
Goals and Objectives
Associated Planning Factors and Goals
Planning Factor | Goal |
---|---|
A. Support the economic vitality of the metropolitan area, especially by enabling global competitiveness, productivity, and efficiency; | Improve freight network |
D. Increase the accessibility and mobility of people and for freight; | Reduce congestion |
E. Protect and enhance the environment, promote energy conservation, improve the quality of life, and promote consistency between transportation improvements and State and local planned growth and economic development patterns; | Protect/Enhance the Environment |
G. Promote efficient system management and operation; | Improve efficiency |
Associated Objective Categories
Associated Objectives and Performance Measures
Needs and Requirements
Need | Functional Object | Requirement | ||
---|---|---|---|---|
01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. | Roadway Basic Surveillance | 03 | The field element shall collect, digitize, and send multimodal crossing and high occupancy vehicle (HOV), and high occupancy toll (HOT) lane sensor data to the center for further analysis and storage. |
Roadway HOV Control | 01 | The field element shall include sensors to detect high-occupancy vehicle (HOV) lane usage, under center control. | ||
02 | The field element shall include driver information systems to notify users of lane status for lanes that become HOV or High Occupancy Toll (HOT) lanes during certain times of the day on freeways, under center control. | |||
03 | The field element shall include freeway control devices, such as ramp signals and mainline metering and other systems associated with freeway operations that control use of HOV lanes, under center control. | |||
05 | The field element shall provide traffic flow measures and information regarding vehicle occupancy (i.e., lane usage) in HOV lanes to the center. | |||
06 | The field element shall return operational status for the HOV lane sensors to the controlling center. | |||
07 | The field element shall return fault data for the HOV lane sensors to the center for repair. | |||
RSE Restricted Lanes Application | 02 | The field device shall provide lane restriction information and signage data to vehicles. | ||
RSE Traveler Information Communications | 06 | The field element shall distribute the location, duration, and operating parameters for lanes that are reserved. | ||
TIC Traffic Control Dissemination | 01 | The center shall provide intersection status, lane control information, and other real time traffic control related information to vehicles. | ||
TMC Basic Surveillance | 03 | The center shall monitor, analyze, and store multimodal crossing, high occupancy vehicle (HOV) and high occupancy toll (HOT) lane sensor data under remote control of the center. | ||
TMC HOV Lane Management | 03 | The center shall remotely control freeway control devices, such as ramp signals and mainline metering and other systems associated with freeway operations that control use of HOV lanes. | ||
04 | The center shall collect traffic flow measures and information regarding vehicle occupancy (i.e., lane usage) in HOV lanes. | |||
06 | The center shall collect operational status for the freeway control devices associated with HOV lane control. | |||
07 | The center shall collect fault data for the freeway control devices associated with HOV lane control for repair. | |||
TMC In-Vehicle Signing Management | 06 | The center shall format and output restricted lane information to field equipment that supports in-vehicle signage communications. | ||
TMC Restricted Lanes CV Application | 06 | The center shall provide connected vehicle the location, duration, and operating parameters for lanes that are reserved for the HOV or HOT. It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, and vehicle occupancy. | ||
08 | The center shall report operators status information of the HOV or HOT lanes including start and stop locations, start and end times, vehicle restrictions, and vehicle occupancy. | |||
02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. | PAC Payment Administration | 20 | The center shall report enforcement agency of detected HOV or HOT lane entry violations including vehicle information and documents the lane parameter that was violated. |
Roadway HOV Control | 04 | The field element shall collect a count of vehicle occupants from passing vehicles using field-vehicle communications. | ||
RSE Restricted Lanes Application | 03 | The field element shall report enforcement agency of detected HOV or HOT lane entry violations. This notification identifies the vehicle and documents the lane parameter that was violated. | ||
TMC HOV Lane Management | 01 | The center shall remotely control sensors to detect high-occupancy vehicle (HOV) lane usage. | ||
05 | The center shall monitor the use of HOV lanes and detect vehicles that do not have the required number of occupants. | |||
08 | The center shall store violation parameters, detect HOV lane violators, obtain the vehicle registration data from the appropriate State Department of Motor Vehicles (DMV) office, and then provide the capability to send violation information to a law enforcement agency. | |||
TMC Restricted Lanes CV Application | 07 | The center shall report enforcement agency of detected HOV or HOT lane entry violations. This notification identifies the vehicle and documents the lane parameter that was violated. | ||
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | Light Vehicle Payment Service | 05 | The vehicle shall provide payment information on request under control of the vehicle owner/operator. |
PAC Payment Administration | 15 | The center shall provide the HOT pricing information, including variable pricing based on calendar, time of day, vehicle type and passenger occupancy. | ||
Roadway Basic Surveillance | 03 | The field element shall collect, digitize, and send multimodal crossing and high occupancy vehicle (HOV), and high occupancy toll (HOT) lane sensor data to the center for further analysis and storage. | ||
Roadway HOV Control | 02 | The field element shall include driver information systems to notify users of lane status for lanes that become HOV or High Occupancy Toll (HOT) lanes during certain times of the day on freeways, under center control. | ||
RSE Restricted Lanes Application | 02 | The field device shall provide lane restriction information and signage data to vehicles. | ||
RSE Traveler Information Communications | 06 | The field element shall distribute the location, duration, and operating parameters for lanes that are reserved. | ||
TMC Basic Surveillance | 03 | The center shall monitor, analyze, and store multimodal crossing, high occupancy vehicle (HOV) and high occupancy toll (HOT) lane sensor data under remote control of the center. | ||
TMC HOV Lane Management | 02 | The center shall remotely control driver information systems to notify users of lane status for lanes that become HOV or High Occupancy Toll (HOT) lanes during certain times of the day on freeways. | ||
TMC In-Vehicle Signing Management | 06 | The center shall format and output restricted lane information to field equipment that supports in-vehicle signage communications. | ||
TMC Restricted Lanes CV Application | 06 | The center shall provide connected vehicle the location, duration, and operating parameters for lanes that are reserved for the HOV or HOT. It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, and vehicle occupancy. | ||
08 | The center shall report operators status information of the HOV or HOT lanes including start and stop locations, start and end times, vehicle restrictions, and vehicle occupancy. | |||
04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. | Light Vehicle Basic Toll/Parking Payment | 01 | The vehicle shall respond to requests from toll collection equipment for credit identity, stored value card cash, etc. |
03 | The vehicle shall provide an interface to the driver to make requests for advance payments of tolls, parking, and transit fares and present the status of electronic payment transactions. | |||
04 | The vehicle shall provide an interface with the traveler card / payment instrument carried on-board the vehicle - to exchange identity information and payment transactions. | |||
PAC Payment Administration | 04 | The center shall register vehicles for road or parking use payment, establishing accounts that identify owner billing information and preferences. | ||
12 | The center shall register users for an electronic payment system, establishing accounts that identify owner billing information and preferences. | |||
Personal Interactive Traveler Information | 08 | The personal traveler interface shall support payment for services, such as confirmed trip plans, tolls, transit fares, parking lot charges, map updates, and advanced payment for tolls. | ||
16 | The personal traveler interface shall provide an interface to establish and manage user road pricing accounts, process road pricing payments, and access road pricing reports under user control | |||
Roadway Toll Collection Support | 01 | The field element shall read data from passing vehicles to support toll payment transactions. | ||
03 | The field element shall update the stored value after debiting the toll amount and send a record of the transaction to a center. |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
Physical Object Security | ||||
---|---|---|---|---|
Physical Object | Confidentiality | Integrity | Availability | Security Class |
Connected Vehicle Roadside Equipment | Moderate | High | Moderate | Class 3 |
Enforcement Center | Moderate | Moderate | Moderate | Class 2 |
Financial Center | Moderate | Moderate | Moderate | Class 2 |
ITS Roadway Equipment | Moderate | Moderate | Moderate | Class 2 |
ITS Roadway Payment Equipment | Moderate | Moderate | High | Class 5 |
Other ITS Roadway Equipment | Moderate | Moderate | Moderate | Class 2 |
Payment Administration Center | High | High | Moderate | Class 4 |
Payment Device | Moderate | Moderate | High | Class 5 |
Personal Information Device | High | High | Moderate | Class 4 |
Traffic Management Center | Moderate | High | Moderate | Class 3 |
Transportation Information Center | Not Applicable | Moderate | Moderate | Class 1 |
Vehicle | ||||
Vehicle Characteristics |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security | |||||
---|---|---|---|---|---|
Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
Basis | Basis | Basis | |||
Connected Vehicle Roadside Equipment | Enforcement Center | lane violation notification | Moderate | Moderate | Moderate |
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. | Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Must be correct to avoid false accusations. | More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies. | |||
Connected Vehicle Roadside Equipment | ITS Roadway Equipment | vehicle occupancy | Low | Moderate | Moderate |
This is all directly observable data. | This information is used to help with incident detection. It should be verified to ensure that it is not incorrectly influencing this. | This information is used as supplemental information. It should operate correctly if not every single message is received. | |||
Connected Vehicle Roadside Equipment | ITS Roadway Payment Equipment | vehicle occupancy | Low | Moderate | Moderate |
This is all directly observable data. | This information is used to help with incident detection. It should be verified to ensure that it is not incorrectly influencing this. | This information is used as supplemental information. It should operate correctly if not every single message is received. | |||
Connected Vehicle Roadside Equipment | Light Vehicle OBE | access violation notification | Moderate | High | Moderate |
May contain PII of a black listed user account, and/or vehicle identification. | Given the potential for PII to be involved, this needs to be correct and unalterable to avoid confusion or malfeasance. | Availability is at least MODERATE since the information has potential legal (or at least traffic law) implications that would otherwise involve a far less prompt and possibly manpower intensive interaction. | |||
Connected Vehicle Roadside Equipment | Light Vehicle OBE | vehicle signage data | Low | Moderate | Moderate |
This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone. | These signs are meant to augment other visual cues to the driver. They should be accurate, but any inaccuracies should be corrected for by other means. | These notifications are helpful to a driver, but if the driver does not receive this notification immediately, there should still be other visual cues. | |||
Connected Vehicle Roadside Equipment | Traffic Management Center | restricted lanes application status | Moderate | Moderate | Low |
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. | If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation. | A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered. | |||
Connected Vehicle Roadside Equipment | Traffic Management Center | vehicle signage application status | Moderate | Moderate | Low |
This information could be of interest to a malicious individual who is attempting to determine the best way to accomplish a crime. As such it would be best to not make it easily accessible. DISC: WYO believes this to be LOW | If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, leading to further unnecessary investigation. | A delay in reporting this may cause a delay in necessary maintenance, but (a) this is not time-critical and (b) there are other channels for reporting malfunctioning. Additionally, there is a message received notification, which means that RSE can ensure that all intersection safety issues are delivered. | |||
Financial Center | Payment Administration Center | payment methods financial institution | Moderate | Moderate | Low |
Payment methods should be widely disseminated and contain no information that could cause harm if exposed. | Payment methods need to be correct so payment information can be exchanged. Could be LOW, as this should have redundancies and be able to tolerate significant latency. | Payment methods need to be correct so payment information can be exchanged. Could be LOW, as this should have redundancies and be able to tolerate significant latency. | |||
Financial Center | Payment Administration Center | settlement | Moderate | Moderate | Moderate |
This may include PII and will include status information about a payment that could be used by a criminal for a variety of purposes, including identity theft, financial theft, or location-based activities, as the status is predictivie of what the account holder is doing and where they are doing it. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | |||
ITS Roadway Equipment | Connected Vehicle Roadside Equipment | vehicle signage local data | Low | Moderate | Moderate |
This data is intentionally transmitted to everyone via a broadcast. It is meant to augment other signage data, and by definition is meant to be shared with everyone. | This information impacts the vehicle signage data sent to neighboring ASDs and should be trusted to avoid sending wrong information. DISC: WYO believes this to be HIGH. | The system should know if these messages are not received. | |||
ITS Roadway Equipment | Light Vehicle Driver | driver information | Not Applicable | High | Moderate |
This data is sent to all drivers and is also directly observable, by design. | This is the primary signal trusted by the driver to decide whether to go through the intersection and what speed to go through the intersection at; if it's wrong, accidents will happen. | If the lights are out you have to get a policeman to direct traffic – expensive and inefficient and may cause a knock-on effect due to lack of coordination with other intersections. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | lane management coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | traffic detector coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Other ITS Roadway Equipment | vehicle occupancy coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
ITS Roadway Equipment | Traffic Management Center | lane management information | Moderate | Moderate | Moderate |
May contain PII, may contain source data describing device control and sensed status that if captured could be used in the commission of a crime or breaking of traffic laws or regulations. | Information related to violations must be correct so that incorrect accusations are not made. Information related to device status and control must be correct to avoid wasted maintenance efforts. | More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies. | |||
ITS Roadway Equipment | Traffic Management Center | traffic detector data | Low | Moderate | Moderate |
No impact if someone sees the data | Some minimal guarantee of data integrity is necessary for all C-ITS flows. THEA believes this to be LOW.only limited adverse effect if raw/processed traffic detector data is bad/compromised; DISC: WYO believes this to be HIGH | Only limited adverse effect of info is not timely/readily available, however without this information it will be difficult to perform traffic management activities, thus MODERATE. If not used for management, may be LOW. | |||
ITS Roadway Payment Equipment | Payment Administration Center | authorization request | Moderate | Moderate | Moderate |
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | |||
ITS Roadway Payment Equipment | Payment Administration Center | payment transactions | Moderate | Moderate | Moderate |
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. | Violation information needs to be correct or the commercial vehicle may be improperly penalized, or not when it should be. This is probably not a severe consequence however, so MODERATE. | More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies. | |||
Light Vehicle Driver | Light Vehicle OBE | light vehicle driver input | Moderate | High | High |
Data included in this flow may include origin and destination information, which should be protected from other's viewing as it may compromise the driver's privacy. | Commands from from the driver to the vehicle must be correct or the vehicle may behave in an unpredictable and possibly unsafe manner | Commands must always be able to be given or the driver has no control. | |||
Light Vehicle OBE | Connected Vehicle Roadside Equipment | vehicle profile | Low | High | Moderate |
This data is intentionally transmitted to other vehicles operating in a vehicle cluster. | Vehicle profile data is critical to the performance of a group of vehicles in a vehicle cluster scenario. Incorrect data here could trigger a severe accident scenario. | Vehicle clustering scenarios cannot function without this flow. Worst case is non-initiation of the platoon however, which while significant to mobility does not have a direct severe consequence. | |||
Light Vehicle OBE | ITS Roadway Payment Equipment | actuate secure payment | Moderate | Moderate | High |
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. | Payment related information needs to be correct or the user may be inconvenienced or defrauded. | Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures. | |||
Light Vehicle OBE | Light Vehicle Driver | light vehicle driver updates | Not Applicable | Moderate | Moderate |
This data is informing the driver about the safety of a nearby area. It should not contain anything sensitive, and does not matter if another person can observe it. | This is the information that is presented to the driver. If they receive incorrect information, they may act in an unsafe manner. However, there are other indicators that would alert them to any hazards, such as an oncoming vehicle or crossing safety lights. | If this information is not made available to the driver, then the system has not operated correctly. | |||
Light Vehicle OBE | Payment Administration Center | user account setup | High | High | Moderate |
Contains user identification and transaction history, which if compromised could lead to identity or financial theft. | Payment setup information, if corrupted, could lead the user to not properly pay for his trips or perhaps pay for others. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. | These exchanges can be delayed but eventually have to go through or accounts will not be properly updated, mostly impacting revenue collection. | |||
Light Vehicle OBE | Payment Device | payment device update | Moderate | Moderate | High |
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. | Payment related information needs to be correct or the user may be inconvenienced or defrauded. | Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures. | |||
Light Vehicle OBE | Payment Device | request for payment | Moderate | Moderate | High |
Contains charges and possibly balance or personal information. Charge information may or may not be public, and balance and personal information is not, though it may be displayed visually. Could be LOW if no personal or balance information and no identifier is not included in the flow. | Payment related information needs to be correct or the user may be inconvenienced or defrauded. | Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | lane management coordination | Moderate | Moderate | Moderate |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | traffic detector coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Other ITS Roadway Equipment | ITS Roadway Equipment | vehicle occupancy coordination | Moderate | Moderate | Low |
Any control flow has some confidentiality requirement, as observation of the flow may enable an attacker to analyze and learn how to assume control. MODERATE for most flows as the potential damage is likely contained, though anything that could have a significant safety impact may be assigned HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Since this directly impacts device control, we consider it the same as a control flow. Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Payment Administration Center | Enforcement Center | payment violation notification | Moderate | Moderate | Moderate |
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. | Violation information needs to be correct or the commercial vehicle may be improperly penalized, or not when it should be. This is probably not a severe consequence however, so MODERATE. | More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies. | |||
Payment Administration Center | Financial Center | payment request | Moderate | Moderate | Moderate |
Contains account and related information that is personal and if compromised could financially impact the owner of the account. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | |||
Payment Administration Center | ITS Roadway Payment Equipment | authorization response | Moderate | Moderate | Moderate |
While this may not contain any PII, it does expose behavior. While an observer in place may assume payment activity, there is no sound reason to not conceal this information. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | |||
Payment Administration Center | ITS Roadway Payment Equipment | payment instructions | Moderate | Moderate | Moderate |
This includes control information that can be considered sensitive and competitive, so it should be protected from viewing for competitive reasons. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | Payment flows must all have some integrity protection and consistent availability to prohibit forgery and instill confidence in the payment process. Repurcussions of roadway payment are individually fairly small, collectiviely significant but probably never catastrophic. Thus MODERATE for both integrity and availability. | |||
Payment Administration Center | Personal Information Device | registered secureIDs | High | High | Moderate |
These IDs are used to secure individual user's rights to use transportation assets. Compromising one of these would be a significant inconvenience but only for the user of that secureID. However, compromise of the algorithm securing all IDs would be catastrophic to the system that uses this mechanism as a means to pay for transportation services. | Individual tokens should be correct or the user will not be able to use this method to pay for transport. A systemic integrity flaw would compromise the system similar to how an encryption flaw would however, which justifies HIGH. | Should be relatively infrequently used by any one user, but over the sum of all transport users sees significant use. If the flow is not available, new or re-applying users will not be able to use this method to pay for transport. | |||
Payment Administration Center | Personal Information Device | user account reports | High | High | Moderate |
Contains user identification and transaction history, which if compromised could lead to identity or financial theft. | Payment history information, if corrupted, could lead the user to take action he or she should not take. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. | There should be other mechanisms to retrieve this information, but if the flow has low reliability users will lose confidence and not use it. MODERATE for that reason only. | |||
Payment Device | Light Vehicle OBE | actuate secure payment | Moderate | Moderate | High |
Contains an identifier linked to an individual or specific device, and thus PII by definition. Compromise of one secureID would likely impact only one user, but the nature of this flow requires that the same algorithm be used for every user; algorithm compromise would harm every user, which would have widespread impact. | Payment related information needs to be correct or the user may be inconvenienced or defrauded. | Contact/proximity payment mechanisms need to be very reliable or large numbers of users will be inconvenienced and the systems that use these interfaces (transit, parking etc.) will be hamstrung by interface failures. | |||
Personal Information Device | Payment Administration Center | user account setup | High | High | Moderate |
Contains user identification and matching vehicle information, which if compromised could lead to identity theft or remote tracking. | Payment setup information, if corrupted, could lead the user to not properly pay for his trips or perhaps pay for others. If intercepted by a malicious actor, this could be manipulated to trick the user into taking action not in his own best interest. | There should be other mechanisms to provide this information, but if the flow has low reliability users will lose confidence and not use it. MODERATE for that reason only. | |||
Traffic Management Center | Connected Vehicle Roadside Equipment | restricted lanes application info | Low | Moderate | Moderate |
Broadcast and intended for public consumtion. | Should be correct or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. In areas with a noted significant safety impact due to illegitimate use of the limited access facility, this may be HIGH. | Should be timely or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. | |||
Traffic Management Center | Connected Vehicle Roadside Equipment | vehicle signage application info | Moderate | Moderate | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. | If this is compromised, it could send unnecessary maintenance workers, or cause the appearance of excessive traffic violations, or not properly communicate areas where maintenance workers are operating for example. Not HIGH because regardless of the application, this flow alone does not directly drive injury or damage. DISC: WYO believes this to be HIGH. | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. This data should be received in a timely manner after it is sent. This will determine which lanes are blocked off for emergency vehicle use in incident management applications. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Traffic Management Center | Enforcement Center | lane violation notification | Moderate | Moderate | Moderate |
Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. | Contains PII and intended to be used for enforcement. Thus privacy implications that, while they may affect only a single individual at a time, could yield significant negative consequences to that individual. Must be correct to avoid false accusations. | More or less important depending on the context. Could even be LOW if areas of minimal import, depending on local policies. | |||
Traffic Management Center | ITS Roadway Equipment | lane management control | Moderate | High | Moderate |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH. | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH. | |||
Traffic Management Center | ITS Roadway Equipment | traffic detector control | Moderate | Moderate | Low |
Control flows, even for seemingly innocent devices, should be kept confidential to minimize attack vectors. While an individual installation may not be particularly impacted by a cyberattack of its sensor network, another installation might be severely impacted, and different installations are likely to use similar methods, so compromising one leads to compromising all. DISC: THEA, WYO believe this to be LOW: encrypted, authenticated, proprietary; but should not cause severe damage if seen | Control flows, even for seemingly innocent devices, should have MODERATE integrity at minimum, just to guarantee that intended control messages are received. Incorrect, corrupted, intercepted and modified control messages can or will result in target field devices not behaving according to operator intent. The severity of this depends on the type of device, which is why some devices are set MODERATE and some HIGH.. From THEA: should be accurate and not be tampered with; could enable outside control of traffic sensors but should not cause severe harm, but could cause issues with traffic sensor data received and be detrimental to operations | Control flow availability is related to the criticality of being able to remotely control the device. For most devices, this is MODERATE. For purely passive devices with no incident relationship, this will be LOW. All devices should have default modes that enable them to operate without backhaul connectivity, so no device warrants a HIGH.. From THEA: want updates but delayed information will not be severe; should be able to operate from a previous/default control/config. DISC: WYO believes this to be MODERATE | |||
Traffic Management Center | Traffic Operations Personnel | traffic operator data | Moderate | Moderate | Moderate |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Information presented to backoffice system operators must be consistent or the operator may perform actions that are not appropriate to the real situation. | The backoffice system operator should have access to system operation. If this interface is down then control is effectively lost, as without feedback from the system the operator has no way of knowing what is the correct action to take. | |||
Traffic Management Center | Transportation Information Center | restricted lanes information | Not Applicable | Moderate | Moderate |
Broadcast and intended for public consumption. | Should be correct or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. In areas with a noted significant safety impact due to illegitimate use of the limited access facility, this may be HIGH. | Should be timely or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. | |||
Traffic Operations Personnel | Traffic Management Center | traffic operator input | Moderate | High | High |
Backoffice operations flows should have minimal protection from casual viewing, as otherwise imposters could gain illicit control or information that should not be generally available. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | Backoffice operations flows should generally be correct and available as these are the primary interface between operators and system. | |||
Transportation Information Center | Light Vehicle OBE | restricted lanes information | Not Applicable | Moderate | Moderate |
Broadcast and intended for public consumption. | Should be correct or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. In areas with a noted significant safety impact due to illegitimate use of the limited access facility, this may be HIGH. | Should be timely or receiving vehicles may not take advantage of (if licensed) or violate (if not) limited access lanes. While there could be a safety impact, this is generally not the case. |
Standards
The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
Name | Title | Physical Object |
---|---|---|
CTI 4001 RSU | Dedicated Short-Range Communications Roadside Unit Specifications (FHWA-JPO-17-589) | Connected Vehicle Roadside Equipment |
ITE ATC ITS Cabinet | Intelligent Transportation System Standard Specification for Roadside Cabinets | ITS Roadway Equipment |
NEMA TS 8 Cyber and Physical Security | Cyber and Physical Security for Intelligent Transportation Systems | ITS Roadway Equipment |
ITS Roadway Payment Equipment | ||
Payment Administration Center | ||
Traffic Management Center |
System Requirements
System Requirement | Need | ||
---|---|---|---|
001 | The system shall register vehicles for road or parking use payment, establishing accounts that identify owner billing information and preferences. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
002 | The system shall register users for an electronic payment system, establishing accounts that identify owner billing information and preferences. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
003 | The system shall provide the HOT pricing information, including variable pricing based on calendar, time of day, vehicle type and passenger occupancy. | 03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. |
004 | The system shall report enforcement agency of detected HOV or HOT lane entry violations including vehicle information and documents the lane parameter that was violated. | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
005 | The system shall provide intersection status, lane control information, and other real time traffic control related information to vehicles. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
006 | The system shall monitor, analyze, and store multimodal crossing, high occupancy vehicle (HOV) and high occupancy toll (HOT) lane sensor data under remote control of the center. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
007 | The system shall remotely control sensors to detect high-occupancy vehicle (HOV) lane usage. | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
008 | The system shall remotely control driver information systems to notify users of lane status for lanes that become HOV or High Occupancy Toll (HOT) lanes during certain times of the day on freeways. | 03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. |
009 | The system shall remotely control freeway control devices, such as ramp signals and mainline metering and other systems associated with freeway operations that control use of HOV lanes. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
010 | The system shall collect traffic flow measures and information regarding vehicle occupancy (i.e., lane usage) in HOV lanes. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
011 | The system shall monitor the use of HOV lanes and detect vehicles that do not have the required number of occupants. | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
012 | The system shall collect operational status for the freeway control devices associated with HOV lane control. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
013 | The system shall collect fault data for the freeway control devices associated with HOV lane control for repair. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
014 | The system shall store violation parameters, detect HOV lane violators, obtain the vehicle registration data from the appropriate State Department of Motor Vehicles (DMV) office, and then provide the capability to send violation information to a law enfor | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
015 | The system shall format and output restricted lane information to field equipment that supports in-vehicle signage communications. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
016 | The system shall provide connected vehicle the location, duration, and operating parameters for lanes that are reserved for the HOV or HOT. It identifies the lane(s), the start and stop locations, start and end times, vehicle restrictions, and vehicle occ | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
017 | The system shall report enforcement agency of detected HOV or HOT lane entry violations. This notification identifies the vehicle and documents the lane parameter that was violated. | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
018 | The system shall report operators status information of the HOV or HOT lanes including start and stop locations, start and end times, vehicle restrictions, and vehicle occupancy. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
019 | The system shall collect, digitize, and send multimodal crossing and high occupancy vehicle (HOV), and high occupancy toll (HOT) lane sensor data to the center for further analysis and storage. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
020 | The system shall include sensors to detect high-occupancy vehicle (HOV) lane usage, under center control. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
021 | The system shall include driver information systems to notify users of lane status for lanes that become HOV or High Occupancy Toll (HOT) lanes during certain times of the day on freeways, under center control. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
022 | The system shall include freeway control devices, such as ramp signals and mainline metering and other systems associated with freeway operations that control use of HOV lanes, under center control. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
023 | The system shall collect a count of vehicle occupants from passing vehicles using field-vehicle communications. | 02 | Traffic Operations need to be able to measure the number of passengers in a vehicle in order to determine if the vehicles are violating the HOV lane usage requirements. |
024 | The system shall provide traffic flow measures and information regarding vehicle occupancy (i.e., lane usage) in HOV lanes to the center. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
025 | The system shall return operational status for the HOV lane sensors to the controlling center. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
026 | The system shall return fault data for the HOV lane sensors to the center for repair. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
027 | The system shall read data from passing vehicles to support toll payment transactions. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
028 | The system shall update the stored value after debiting the toll amount and send a record of the transaction to a center. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
029 | The system shall provide lane restriction information and signage data to vehicles. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
030 | The system shall distribute the location, duration, and operating parameters for lanes that are reserved. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. | ||
031 | The system shall support payment for services, such as confirmed trip plans, tolls, transit fares, parking lot charges, map updates, and advanced payment for tolls. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
032 | The system shall provide an interface to establish and manage user road pricing accounts, process road pricing payments, and access road pricing reports under user control | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
033 | The system shall respond to requests from toll collection equipment for credit identity, stored value card cash, etc. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
034 | The system shall provide an interface to the driver to make requests for advance payments of tolls, parking, and transit fares and present the status of electronic payment transactions. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
035 | The system shall provide an interface with the traveler card / payment instrument carried on-board the vehicle - to exchange identity information and payment transactions. | 04 | Travelers need to be able to sign up for an HOT account and use it to pay for HOT services. |
036 | The system shall provide payment information on request under control of the vehicle owner/operator. | 03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. |
037 | The system shall provide warnings and lane restrictions information to the driver. | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
038 | The system shall receive information about the location, duration, and operating parameters for lanes that are reserved for the HOV or HOT. It includes the lane(s), the start and stop locations, start and end times, vehicle restrictions, and vehicle occup | 01 | Traffic Operations need to be able to operate High Occupancy Vehicle (HOV) lanes on highways. |
03 | Traffic Operations need to be able to operate High Occupancy Toll (HOT) lanes on highways. |