Physical Object: Cooperative ITS Credentials Management System

CCMS Authorization

Overview

'CCMS Authorization' components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches.

This functional object is included in the "Cooperative ITS Credentials Management System" physical object.

This functional object is included in the following service packages:

This functional object is mapped to the following Functional View PSpecs:

Requirements

# Requirement
01 The Center shall generate credential identifiers using facilities that are independently owned and operated from one another.
02 The Center shall assign two or more non-unique identifiers, that when combined are unique, to each credential it distributes.
03 The Center shall verify information received in pseudonym requests.
04 The Center shall coordinate the distribution of credentials with other Centers.
05 The Center shall store credential identifiers using facilities that are independently owned and operated from one another.
06 The Center shall provide Vehicle pseudonymous credentials in response to valid Vehicle pseudonym requests.
07 The Center shall provide Personal Device pseudonymous credentials in response to valid Personal Device pseudonym requests.
08 The Center shall provide Center pseudonymous credentials in response to valid Center pseudonym requests.
09 The Center shall provide Connected Vehicle Roadside Equipment pseudonymous credentials in response to valid Connected Vehicle Roadside Equipment pseudonym requests.
10 The Center shall accept user permission information from Centers authorized to provide that information.
11 The Center shall acquire identifiers relevant to ITS services from the relevant registry of such identifiers

Standards

Currently, there are no standards associated with the functional object itself though the interfaces may have standards associated with them.