J1939-91C describes Secure On-board Communications with optional Encryption (SecOC/E) for an internal CAN FD network and the processes and infrastructure required to make it secure. Authorized ECUs authenticate themselves within the vehicle by means of digital certificates in a public key infrastructure and subsequently obtain a shared secret used to secure relevant J1939 messages. These processes and techniques can be used to extend the security to multiple segments and non J1939 networks as required.
Rationale: This document facilitates the secure use of SAE J1939 CAN networks with flexible data rate (CAN FD) data frame format for communication use cases. This recommended practice provides methods for establishing trust and securing messages on CAN FD networks with optional encryption.
