UL 5500:2018 free download

UL 5500:2018 free download Remote Software Updates
1 Scope
This standard coverS REMOTE software updates taking into account the manufacturer’s recommendedprocess. lt is limited to software elements having an influence on safety and on compliance with theparticular end product safety standard.
This standard additionally covers hardware compatibility necessary for safety of the REMOTE softwareupdate.
NOTE 1 This standard does not cover:
– Functional sEcuRmY such as premises,physical, and other similar sECuRITY purposes;
– Safety related availability or connectivity of rEMOTE communications;
– Field updates done with physical access by qualified personnel;
– Software development lifecycle and maturity;
-Cryptographic techniques for the purposes of user data confidentiality and consumer privacy;
– Insider threat (corporate espionage); and
一 REMOTE control operation of the product.
NOTE 2 This standard is intended to be used in conjunction with the appropriate end product safety standard.
2 Normative references
For dated references,only the edition cited applies. For undated references, the latest edition of thereferenced document (including any amendments) applies:
FIPS 140-2,(Annexes A, B and C) Security Requirements for Cryptographic ModulesIEEE 802.3,Standard for Ethernet
IEEE 802.11，Information Technology – Telecommunications and Ilnformation Exchange BetweenSystems-Local and Metropolitan Area Networks -Specific Requirements Part 11: Wireless LAN MediumAccess Control (MAC) and Physical Layer (PHY) Specifications
IEEE 802.15.4,Standard for Low-Rate wireless Networks
ISO/IEC 9796，Information Technology – Security Technologies – Digital Signature Scheme GivingMessage Recovery
ISO/IEC 9797-1，Information Technology – Security Technologies – Message Authentication Codes(MACs)
ISO/IEC 9798 (all parts), Information Technology – Security Technologies – Entity Authentication
ISOIEC 14888-1,Information Technology – Security Technologies – Digital Signatures with Appendix -Part 1: General
ISOIEC 15946-1, Information Technology – Security Technologies -Cryptographic Techniques Based onElliptic Curves – Part 1: General
ISO/IEC 18033-1，Information Technology – Security Technologies – Encryption Algorithms – Part 1:General
ISOIEC 29192-1，Information Technology – Security Techniques – Lightweight Cryptography – Part 1:General
ISO/IEC 19772,Information Technology – Security Techniques – Authenticated Encryption
NIST SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete LogarithmCryptography
NIST SP 800-57,Recommendation for Key Management，Part 1: General3 Terms and definitions
For the purposes of this standard,the following definitions apply.
3.1
AUTHENTICATION
the process of verifying the identity of an ENTITY.
3.2
AuTHORIZATION
the process of permitting an authenticated EArrY to access or manipulate the product or the productproperty to the extent the ENTTv has such permission.
Note to entry: In this context,manipulation means the downloading, installation and verification of software.
3.3
ENTITY
a person, device, product or service which interacts with another via a network.
3.4
INGIDENT
an occurrence that actually or potentially results in adverse safety consequences in the end deviceapplication.
Note to entry: INCIDENT is modified from: https:/niccs.us-cert.gowglossary#l
3.5
REMOTE
a term defined by the end product standard.
Note to entry: In the end product application, the term potentially addresses, but is not limited to the following conditions: