10.3.3: Authorize Connected Vehicle Devices

This process shall provide authorization credentials (e.g., pseudonym certificates) to end entities (devices, systems, applications participating in the connected vehicle environment). Upon request or application from an end entity this process shall provide authorization credentials, enabling the end entity to enter the "Operational" state. This process shall support an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This process shall check each incoming request for validity, with the embedded enrollment certificate checked against an internal blacklist, i.e., certificate revocation list (CRL). If all checks are passed, this process shall distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. This process shall also provide the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches. This process shall provide the system operator with status information about the transmission of credentials and information about the entities receiving the credentials. This process shall also support the provision of additional privileges for certain geographic areas or applications, e.g. signal preemption. Upon receipt of user permission sets from an Authorization process this process shall generate the certificates to include the additional permissions granted for the application and/or geographic or jurisdiction.

This process is associated with the Cooperative ITS Credentials Management System physical object.

This process is associated with the following application objects:

This process is associated with the following data flows: