CCMS Authorization Functional Area

Description

'CCMS Authorization' components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches.

Included In

ODOT Cooperative ITS Credentials Management System

Functional Requirements

IDRequirement
01The Center shall generate credential identifiers using facilities that are independently owned and operated from one another.
02The Center shall assign two or more non–unique identifiers, that when combined are unique, to each credential it distributes.
03The Center shall verify information received in pseudonym requests.
04The Center shall coordinate the distribution of credentials with other Centers.
05The Center shall store credential identifiers using facilities that are independently owned and operated from one another.
06The Center shall provide Vehicle pseudonymous credentials in response to valid Vehicle pseudonym requests.
07The Center shall provide Personal Device pseudonymous credentials in response to valid Personal Device pseudonym requests.
08The Center shall provide Center pseudonymous credentials in response to valid Center pseudonym requests.
09The Center shall provide Connected Vehicle Roadside Equipment pseudonymous credentials in response to valid Connected Vehicle Roadside Equipment pseudonym requests.
10The Center shall accept user permission information from Centers authorized to provide that information.
11The Center shall acquire identifiers relevant to ITS services from the relevant registry of such identifiers