Kind: Subsystem

Class: Support

Type: System

Cooperative ITS Credentials Management System

Overview

The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.



As the CCMS interacts with mobile devices and other devices in the Connected Vehicle (CV) environment, these devices pass through stages as certificates and cryptographic material are furnished that enable the device to have trusted interactions with other devices in the CV environment. A simplified version of the device security life cycle is depicted in the following figure.



Unprovisioned: The device does not have any of the crypto material or certificates necessary to interact with any parts of the CCMS other than the Provisioning components. Since the end entity is not part of the C-ITS at this stage, it cannot interact in trustworthy fashion with other end entities.

Provisioned and Unenrolled: The device has the crypto material and root certificates necessary to communicate with Enrollment components. At this stage the end entity is still not part of the C-ITS and cannot in trustworthy fashion interact with other end entities.

Enrolled and Unauthorized: The device has all the material it needs to communicate with Authorization components. It still cannot interact with other end entities in trustworthy fashion.

Operational: The device has all the material it needs to communicate with the Misbehavior components, Revocation components, and other operational end entities.

End-of-Life: The device is unable to communicate with any component of the CCMS or other end entities.

This physical object is included in the following Service Packages:

Triples

Source Flow Destination
Authorizing Center user permission sets Cooperative ITS Credentials Management System
Certification System certification results Cooperative ITS Credentials Management System
Cooperative ITS Credentials Management System credentials management operator presentation Credentials Management System Operator
Cooperative ITS Credentials Management System enrollment credentials ITS Object
Cooperative ITS Credentials Management System security credential revocations ITS Object
Cooperative ITS Credentials Management System security credentials ITS Object
Cooperative ITS Credentials Management System security policy and networking information ITS Object
Cooperative ITS Credentials Management System authorization coordination Other Credentials Management Systems
Cooperative ITS Credentials Management System enrollment coordination Other Credentials Management Systems
Cooperative ITS Credentials Management System misbehavior analysis coordination Other Credentials Management Systems
Cooperative ITS Credentials Management System revocation coordination Other Credentials Management Systems
Credentials Management System Operator credentials management operator input Cooperative ITS Credentials Management System
Identifier Registry service identifiers Cooperative ITS Credentials Management System
ITS Object device enrollment information Cooperative ITS Credentials Management System
ITS Object misbehavior report Cooperative ITS Credentials Management System
Other Credentials Management Systems authorization coordination Cooperative ITS Credentials Management System
Other Credentials Management Systems enrollment coordination Cooperative ITS Credentials Management System
Other Credentials Management Systems misbehavior analysis coordination Cooperative ITS Credentials Management System
Other Credentials Management Systems revocation coordination Cooperative ITS Credentials Management System

Security

This physical object has the following security levels for the associated service packages.

Physical Object Security
Security Class Confidentiality Integrity Availability Service Package
Class 5 High High High Device Certification and Enrollment
Class 5 High High High Security and Credentials Management
Class 4 High High Moderate Core Authorization



Interfaces Diagram

Interfaces diagram

Standards

Currently, there are no standards associated with the physical object itself though the interfaces may have standards associated with them. For standards related to interfaces, see the specific information flow triple pages.