security credentials authorization information Quintuple
Bidirectional?: False
security credentials authorization information (A-Interconnect): This CVRIA application interconnect encapsulates all of the Layer 2 information flows between two application objects: 'CCMS Authorization', and 'Vehicle Trust Management'. This application interconnect is uni-directional since the underlying layer 2 information flows go from 'Cooperative ITS Credentials Management System' to 'Vehicle OBE'.
Cooperative ITS Credentials Management System (Source Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
CCMS Authorization (Source Application Object): "CCMS Authorization" components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches.
Vehicle OBE (Destination Physical Object): The Vehicle On-Board Equipment (OBE) provides the vehicle-based processing, storage, and communications functions necessary to support connected vehicle operations. The radio(s) supporting V2V and V2I communications are a key component of the Vehicle OBE. This communication platform is augmented with processing and data storage capability that supports the connected vehicle applications.
In CVRIA, the Vehicle OBE includes the functions and interfaces that support connected vehicle applications for passenger cars, trucks, and motorcycles. Many of these applications (e.g., V2V Safety applications) apply to all vehicle types including personal vehicles, commercial vehicles, emergency vehicles, transit vehicles, and maintenance vehicles. From this perspective, the Vehicle OBE includes the common interfaces and functions that apply to all motorized vehicles.
Vehicle Trust Management (Destination Application Object): "Vehicle Trust Management" manages the certificates and associated keys that are used to sign, encrypt, decrypt, and authenticate messages. It communicates with the Security and Credentials Management System to maintain a current, valid set of security certificates and identifies, logs, and reports events that may indicate a threat to the Connected Vehicle Environment security.