Physical Object: Cooperative ITS Credentials Management System

CCMS Authorization

Overview
Requirements
Information Flows
Standards

Overview

'CCMS Authorization' components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches.

This functional object is included in the "Cooperative ITS Credentials Management System" physical object.

This functional object is included in the following service packages:

This functional object is mapped to the following Functional View PSpecs:

10.1.3.1: Authorize Connected Vehicle Devices

Requirements

#	Requirement
01	The Center shall generate credential identifiers using facilities that are independently owned and operated from one another.
02	The Center shall assign two or more non-unique identifiers, that when combined are unique, to each credential it distributes.
03	The Center shall verify information received in pseudonym requests.
04	The Center shall coordinate the distribution of credentials with other Centers.
05	The Center shall store credential identifiers using facilities that are independently owned and operated from one another.
06	The Center shall provide Vehicle pseudonymous credentials in response to valid Vehicle pseudonym requests.
07	The Center shall provide Personal Device pseudonymous credentials in response to valid Personal Device pseudonym requests.
08	The Center shall provide Center pseudonymous credentials in response to valid Center pseudonym requests.
09	The Center shall provide Connected Vehicle Roadside Equipment pseudonymous credentials in response to valid Connected Vehicle Roadside Equipment pseudonym requests.
10	The Center shall accept user permission information from Centers authorized to provide that information.
11	The Center shall acquire identifiers relevant to ITS services from the relevant registry of such identifiers

Information Flows

Source	Flow	Destination
Authorizing Center	user permission sets	Cooperative ITS Credentials Management System
Cooperative ITS Credentials Management System	authorization coordination	Other Credentials Management Systems
Cooperative ITS Credentials Management System	credentials management operator presentation	Credentials Management System Operator
Cooperative ITS Credentials Management System	security credentials	ITS Object
Cooperative ITS Credentials Management System	security policy and networking information	ITS Object
Credentials Management System Operator	credentials management operator input	Cooperative ITS Credentials Management System
Identifier Registry	service identifiers	Cooperative ITS Credentials Management System
Other Credentials Management Systems	authorization coordination	Cooperative ITS Credentials Management System

Standards

Currently, there are no standards associated with the functional object itself though the interfaces may have standards associated with them.