Cooperative ITS Credentials Management System --> ITS Object:
enrollment credentials

Definition
Included In
Communication Solutions
Characteristics
Security

Definitions

enrollment credentials (Information Flow): Long-term security credentials such as 'enrollment certificates' that demonstrate the trust-worthiness of the source device or application.

Cooperative ITS Credentials Management System (Source Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.

ITS Object (Destination Physical Object): The general 'ITS Object' includes core capabilities common to any class of object.

Included In

This Triple is in the following Service Packages:

SU09: Device Certification and Enrollment

This Triple is described by the following Functional View Functional Objects:

This Triple is described by the following Functional View Data Flows:

enrollment_security_credentials

This Triple has the following triple relationships:

None

Communication Solutions

US: Device enrollment - Secure Internet (ITS) (3)
(None-Data) - Secure Internet (ITS) (32)

Solutions are sorted in ascending Gap Severity order. The Gap Severity is the parenthetical number at the end of the solution.

Selected Solution

US: Device enrollment - Secure Internet (ITS)

Solution Description

This solution is used within the U.S.. It combines standards associated with US: Device enrollment with those for I-I: Secure Internet (ITS). The US: Device enrollment standards include upper-layer standards required to support device enrollment services. The I-I: Secure Internet (ITS) standards include lower-layer standards that support secure communications between ITS equipment using X.509 or IEEE 1609.2 security certificates.

ITS Application Entity Application Specific			Click gap icons for more info.
Mgmt Bundle: SNMPv3 MIB	Facilities IEEE 1609.2.1	Security IEEE 1609.2.1 Secure Session Alternatives
	TransNet IP Alternatives Internet Transport Alternatives
	Access Internet Subnet Alternatives

Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.

Characteristics

Characteristic	Value
Time Context	Recent
Spatial Context	National
Acknowledgement	True
Cardinality	Unicast
Initiator	Destination
Authenticable	True
Encrypt	True

Interoperability	Description
National	This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union).

Security

Information Flow Security
	Confidentiality	Integrity	Availability
Rating	High	High	Moderate
Basis	Credentials need to be delivered to their intended target only. Interception and potential use by a third party compromises the C-ITS trust model.	Credentials need to be correct and intact on delivery, or they will not be functional. Without functional credentials, the end entity cannot operate.	Credentials will be granted as needed but generally not in real-time with operations; that is, an end entity will request credentials a significant time in advance of actually needing them for providing user services.

Security Characteristics	Value
Authenticable	True
Encrypt	True

Cooperative ITS Credentials Management System --> ITS Object:enrollment credentials