• About
  • Connected Vehicle
  • Architecture
  • Approach
  • Viewpoints
  • Security
• Applications
• Views
  • Enterprise
  • Functional
  • Physical
  • Communications
• Standards
  • CV Standards
  • CV Standards Plan
• Resources
  • Databases
  • Diagrams
  • Documents
  • Presentations
  • Tools
  • Training
• Glossary
  • Acronyms
• Contact Us

user permission sets Quintuple

Bidirectional?: False

user permission sets (A-Interconnect): This CVRIA application interconnect encapsulates all of the Layer 2 information flows between two application objects: 'Core Authorization', and 'CCMS Authorization'. In this case, there is only a single Layer 2 flow associated with this interconnect, so the Layer 1 application interconnect name and the Layer 2 information flow name are both 'user permission sets'. This application interconnect is uni-directional since the underlying layer 2 information flows go from 'Authorizing Center' to 'Cooperative ITS Credentials Management System'.

Authorizing Center (Source Physical Object): The 'Authorizing Center' provides the functionality needed to enable data exchange between and among mobile and fixed transportation users. Its primary mission is to enable safety, mobility and environmental communications-based applications for both mobile and non-mobile users. The Authorizing Center has some jurisdiction over limited access resources; typically this includes roadside application access and radio spectrum licensing. It may be implemented as an autonomous center or as a set of supporting services that are co-located within another center.

Core Authorization (Source Application Object): "Core Authorization" manages authorization mechanisms to define permissions for System Users. This enables the Core System to establish operational environments where different System Users may have different capabilities in terms of accessing Core services and interacting with one another. For instance, some Mobile elements may be authorized to request signal priority, or some Centers may be permitted to use the geographic broadcast service, while those without those permissions would not.

Cooperative ITS Credentials Management System (Destination Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.

CCMS Authorization (Destination Application Object): "CCMS Authorization" components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches.