< < SU01 : SU02 : SU03 > >

SU02: Core Authorization

This service package manages the authorization mechanisms to define roles, responsibilities and permissions for connected vehicle applications . This allows system administrators to establish operational environments where different connected vehicle system users may have different capabilities. For instance, some Mobile elements may be authorized to request signal priority, or some Centers may be permitted to use the geographic broadcast service, while those without those permissions would not.

Relevant Regions: Australia, Canada, European Union, and United States

Enterprise

Development Stage Roles and Relationships

Installation Stage Roles and Relationships

Operations and Maintenance Stage Roles and Relationships
(hide)

Source Destination Role/Relationship
Authorizing Center Maintainer Authorizing Center Maintains
Authorizing Center Manager Authorizing Center Manages
Authorizing Center Owner Authorizing Center Maintainer System Maintenance Agreement
Authorizing Center Owner Authorizing Center Manager Operations Agreement
Authorizing Center Owner Center Maintainer Maintenance Data Exchange Agreement
Authorizing Center Owner Center Owner Information Exchange Agreement
Authorizing Center Owner Center User Service Usage Agreement
Authorizing Center Owner Cooperative ITS Credentials Management System Maintainer Maintenance Data Exchange Agreement
Authorizing Center Owner Cooperative ITS Credentials Management System Owner Information Provision Agreement
Authorizing Center Owner Cooperative ITS Credentials Management System User Service Usage Agreement
Authorizing Center Owner Other Authorizing Centers Maintainer Maintenance Data Exchange Agreement
Authorizing Center Owner Other Authorizing Centers Owner Information Exchange Agreement
Authorizing Center Owner Other Authorizing Centers User Service Usage Agreement
Authorizing Center Supplier Authorizing Center Owner Warranty
Center Maintainer Center Maintains
Center Manager Center Manages
Center Owner Authorizing Center Maintainer Maintenance Data Exchange Agreement
Center Owner Authorizing Center Owner Information Exchange Agreement
Center Owner Authorizing Center User Service Usage Agreement
Center Owner Center Maintainer System Maintenance Agreement
Center Owner Center Manager Operations Agreement
Center Owner ITS Object Maintainer Maintenance Data Exchange Agreement
Center Owner ITS Object Owner Information Provision Agreement
Center Owner ITS Object User Service Usage Agreement
Center Supplier Center Owner Warranty
Cooperative ITS Credentials Management System Maintainer Cooperative ITS Credentials Management System Maintains
Cooperative ITS Credentials Management System Manager Cooperative ITS Credentials Management System Manages
Cooperative ITS Credentials Management System Owner Cooperative ITS Credentials Management System Maintainer System Maintenance Agreement
Cooperative ITS Credentials Management System Owner Cooperative ITS Credentials Management System Manager Operations Agreement
Cooperative ITS Credentials Management System Supplier Cooperative ITS Credentials Management System Owner Warranty
Identifier Registry Maintainer Identifier Registry Maintains
Identifier Registry Manager Identifier Registry Manages
Identifier Registry Owner Cooperative ITS Credentials Management System Maintainer Maintenance Data Exchange Agreement
Identifier Registry Owner Cooperative ITS Credentials Management System Owner Information Provision Agreement
Identifier Registry Owner Cooperative ITS Credentials Management System User Service Usage Agreement
Identifier Registry Owner Identifier Registry Maintainer System Maintenance Agreement
Identifier Registry Owner Identifier Registry Manager Operations Agreement
Identifier Registry Owner Other Identifier Registries Maintainer Maintenance Data Exchange Agreement
Identifier Registry Owner Other Identifier Registries Owner Information Exchange Agreement
Identifier Registry Owner Other Identifier Registries User Service Usage Agreement
Identifier Registry Supplier Identifier Registry Owner Warranty
ITS Object Maintainer ITS Object Maintains
ITS Object Manager ITS Object Manages
ITS Object Owner Center Maintainer Maintenance Data Exchange Agreement
ITS Object Owner Center User Service Usage Agreement
ITS Object Owner ITS Object Maintainer System Maintenance Agreement
ITS Object Owner ITS Object Manager Operations Agreement
ITS Object Supplier ITS Object Owner Warranty
Other Authorizing Centers Maintainer Other Authorizing Centers Maintains
Other Authorizing Centers Manager Other Authorizing Centers Manages
Other Authorizing Centers Owner Authorizing Center Maintainer Maintenance Data Exchange Agreement
Other Authorizing Centers Owner Authorizing Center Owner Information Exchange Agreement
Other Authorizing Centers Owner Authorizing Center User Service Usage Agreement
Other Authorizing Centers Owner Other Authorizing Centers Maintainer System Maintenance Agreement
Other Authorizing Centers Owner Other Authorizing Centers Manager Operations Agreement
Other Authorizing Centers Supplier Other Authorizing Centers Owner Warranty
Other Identifier Registries Maintainer Other Identifier Registries Maintains
Other Identifier Registries Manager Other Identifier Registries Manages
Other Identifier Registries Owner Identifier Registry Maintainer Maintenance Data Exchange Agreement
Other Identifier Registries Owner Identifier Registry Owner Information Exchange Agreement
Other Identifier Registries Owner Identifier Registry User Service Usage Agreement
Other Identifier Registries Owner Other Identifier Registries Maintainer System Maintenance Agreement
Other Identifier Registries Owner Other Identifier Registries Manager Operations Agreement
Other Identifier Registries Supplier Other Identifier Registries Owner Warranty

Physical

The physical diagram can be viewed in SVG or PNG format and the current format is SVG.
SVG Diagram
PNG Diagram


Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object Class Description
Authorizing Center Center The 'Authorizing Center' provides the functionality needed to enable data exchange between and among mobile and fixed transportation users. Its primary mission is to enable safety, mobility and environmental communications-based applications for both mobile and non-mobile users. The Authorizing Center has some jurisdiction over limited access resources; typically this includes roadside application access and radio spectrum licensing. It may be implemented as an autonomous center or as a set of supporting services that are co-located within another center.
Center Center This general physical object is used to model core capabilities that are common to any center.
Cooperative ITS Credentials Management System Support The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
Identifier Registry Support The 'Identifier Registry' maintains identifiers that must be unique to facilitate interoperability in the connected vehicle environment.
ITS Object ITS The general 'ITS Object' includes core capabilities common to any class of object.
Other Authorizing Centers Center 'Other Authorizing Centers' provides a source and destination for information flows between multiple authorizing centers that manage permissions for the Connected Vehicle Environment. The interface represented by this object enables coordination of permissions between centers in different regions, jurisdictions, or application areas.
Other Identifier Registries Support 'Other Identifier Registries' provides a source and destination for information flows between registries, supporting coordination between registries.

Includes Functional Objects:

Functional Object Description Physical Object
CCMS Authorization 'CCMS Authorization' components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches. Cooperative ITS Credentials Management System
Center Permission Management 'Center Permission Management' enables Connected Vehicle system users to request permission to access connected vehicle services. A center may request permission for the center or the infrastructure devices and vehicles associated with the center. Center
Core Authorization 'Core Authorization' manages authorization mechanisms to define permissions for System Users. This enables the Core System to establish operational environments where different System Users may have different capabilities in terms of accessing Core services and interacting with one another. For instance, some Mobile elements may be authorized to request signal priority, or some Centers may be permitted to use the geographic broadcast service, while those without those permissions would not. Authorizing Center
ITS Security Support 'ITS Security Support' provides communications and system security functions to the ITS Object, including privacy protection functions. It may include firewall, intrusion management, authentication, authorization, profile management, identity management, cryptographic key management. It may include a hardware security module and security management information base. ITS Object
Registry Management 'Registry Management' maintains unique identifiers associated with cooperative and connected transportation services. It coordinates between registries and ensures that duplicate assignments are not made. Identifier Registry

Includes Information Flows:

Information Flow Description
device identification An identifier and device type designation that is used to uniquely identify a device in the Connected Vehicle Environment.
identifier coordination Coordination of identifiers between registries to help ensure no duplication of identifier assignments.
permission application A request for permission to access a Connected Vehicle service by an end-user that requires enrollment. This may include services granted to drivers of low emissions vehicles or pedestrians with special needs that require extended crossing times for example.
permission application receipt An acknowledgment that an end-user application for a Connected Vehicle service was received and processed.
permission request A request for permission to access or use connected vehicle applications or services. The request identifies the users that require permission, the applications or services that are requested, and the geographic coverage where the permission is required. In this context, the 'users' may be a center, infrastructure equipment (e.g., RSEs), or vehicles that are owned and operated by the requestor. This request is for an initial set of permissions. See also permission update request.
permission request coordination Coordination of permission requests between jurisdictions or regions that allow permissions to be managed that may span more than one jurisdiction.
permission request received An acknowledgement that the permission request or permission update request was received.
permission update request A request for an update to current permission to access or use connected vehicle applications or services. The request identifies the users that require updated permissions, the applications or services that are requested, and the geographic coverage where the permission is required. In this context, the 'users' may be a center, infrastructure equipment (e.g., RSEs), or vehicles that are owned and operated by the requestor. This request is for an update to existing permissions. See also permission request.
service identifiers Identifiers assigned to particular services, and the context necessary when and how to use these identifiers.
user permission sets This flow identifies users, user groups, and associated user permission sets for a geographic area or jurisdiction and set of connected vehicle applications or services.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor Goal
C. Increase the security of the transportation system for motorized and nonmotorized users; Improve security

Associated Objective Categories

Objective Category
Security: Crime
Security: Terrorism, Natural Disasters, and Hazardous Material Incidents

Associated Objectives and Performance Measures

Objective Performance Measure
Enhance tracking and monitoring of sensitive Hazmat shipments Number of Hazmat shipments tracked in real-time
Reduce exposure due to Hazmat & homeland security incidents Homeland security incident response time
Reduce exposure due to Hazmat & homeland security incidents Number of Hazmat incidents
Reduce exposure due to Hazmat & homeland security incidents Number of homeland security incidents
Reduce security risks to motorists and travelers Number of critical sites with security surveillance
Reduce security risks to motorists and travelers Number of security incidents on roadways
Reduce security risks to transit passengers and transit vehicle operators Number of security incidents at transit facilities
Reduce security risks to transit passengers and transit vehicle operators Number of security incidents on transit vehicles
Reduce security risks to transit passengers and transit vehicle operators Number of transit facilities and vehicles under security surveillance
Reduce security risks to transportation infrastructure Number of critical sites with hardened security enhancements
Reduce security risks to transportation infrastructure Number of critical sites with security surveillance
Reduce security risks to transportation infrastructure Number of security incidents on transportation infrastructure


 
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need Functional Object Requirement
01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity. CCMS Authorization 11 The Center shall acquire identifiers relevant to ITS services from the relevant registry of such identifiers
Center Permission Management 01 The Center shall manage the device permission request process on behalf of the devices it manages.
02 The Center shall acquire device identification information from ITS Objects it manages.
03 The Center shall request permissions for ITS Objects it manages from a center authorized to manage those permissions.
04 The Center shall request permissions for itself from a center authorized to manage those permissions.
05 The Center shall maintain the status of ITS Object permission requests.
06 The Center shall notify the ITS Object of the status of its permission request.
07 The Center shall accept permissions requests from ITS Object.
Core Authorization 02 The Center shall provide a response to the requesting Center identifying the validity and status of the permission request.
ITS Security Support 13 The ITS Object shall request permissions from the Center that manages permissions requests.
02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions. CCMS Authorization 10 The Center shall accept user permission information from Centers authorized to provide that information.
Center Permission Management 01 The Center shall manage the device permission request process on behalf of the devices it manages.
02 The Center shall acquire device identification information from ITS Objects it manages.
03 The Center shall request permissions for ITS Objects it manages from a center authorized to manage those permissions.
Core Authorization 01 The Center shall provide valid user permission information to the CCMS
03 The Center shall determine if a permission request is valid.
04 The Center shall coordinate user permission information with other centers authorized to provide that information.
05 The Center shall accept permissions requests from Centers.
03 Credential managers need to be able to issue credentials to system users; these credentials must in turn serve system user needs. CCMS Authorization 10 The Center shall accept user permission information from Centers authorized to provide that information.
04 The CCMS Operator needs access to a secure registry that maintains a list of globally unique identifiers for use in credentialing and permissions management Registry Management 01 The Identifier Registry shall operate a secure registry that maintains data and meta-data associated with unique identifiers used throughout ITS.
02 The Identifier Registry shall provide relevant service identifiers to the CCMS.

Related Sources

Document Name Version Publication Date
ITS User Services Document 1/1/2005
Core System Concept of Operations (ConOps) Final revE 10/24/2011
ISO 17419-2: Intelligent transport systems - Identifiers - Part 2: Management and operation of registries 4/1/2019


Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object Confidentiality Integrity Availability Security Class
Authorizing Center High High High Class 5
Center High High High Class 5
Cooperative ITS Credentials Management System High High Moderate Class 4
Identifier Registry Low High Low Class 3
ITS Object High High Moderate Class 4
Other Authorizing Centers High High Moderate Class 4
Other Identifier Registries Low High Low Class 3



In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source Destination Information Flow Confidentiality Integrity Availability
Basis Basis Basis
Authorizing Center Center permission request received High High High
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Authorizing Center Cooperative ITS Credentials Management System user permission sets High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Authorizing Center Other Authorizing Centers permission request coordination High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Center Authorizing Center permission request High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Center Authorizing Center permission update request High High High
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Center ITS Object permission application receipt High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Identifier Registry Cooperative ITS Credentials Management System service identifiers Low High Low
Likely openly published information. Identifiers are used with associated permissions to determine who/what can perform various activities. A compromise in this information would significantly compromise all of C-ITS that was affected. Identifiers are expected to be updated infrequently, thus requiring only intermittent connectivity to the CCMS.
Identifier Registry Other Identifier Registries identifier coordination Low High Low
Likely openly published information. Identifiers are used with associated permissions to determine who/what can perform various activities. A compromise in this information would significantly compromise all of C-ITS that was affected. Identifiers are expected to be updated infrequently, thus requiring only intermittent connectivity to the CCMS.
ITS Object Center device identification Moderate Moderate Moderate
This flow contains information that identifies the device and what it is allowed to do. If this information were compromised, an attacker may be able to impersonate the legitimate device. If device identification and capabilities were incorrect, the device would not be properly used or various center-based processes attempting to use the device compromised. If this flow is not available, the source system cannot be properly used by the destination system, limiting the capability of the C-ITS environment.
ITS Object Center permission application High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Other Authorizing Centers Authorizing Center permission request coordination High High Moderate
End entity identity and associated permissions could be contained. This PII could include that of emergency personnel, and could include permissions assigned, all of which, if easily accessed could have a high cost of recover. Flow is not realized by known standards, so it may be possible to lower it to MODERATE in the future, when it can be better characterized. Assignment of permissions with control over physical communications channels needs the greatest possible protection and cannot be mishandled or manipulated in transit. While update of this flow may be important, it is a non-real-time service in most cases. Could possibly be LOW.
Other Identifier Registries Identifier Registry identifier coordination Low High Low
Likely openly published information. Identifiers are used with associated permissions to determine who/what can perform various activities. A compromise in this information would significantly compromise all of C-ITS that was affected. Identifiers are expected to be updated infrequently, thus requiring only intermittent connectivity to the CCMS.

Standards

The following table lists the standards associated with physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.

Name Title Physical Object
FIPS 140-2 Security Requirements for Cryptographic Modules ITS Object
ISO 21217 Architecture Intelligent transport systems -- Communications access for land mobiles (CALM) -- Architecture ITS Object




System Requirements

System Requirement Need
001 The system shall request permissions from the Center that manages permissions requests. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
002 The system shall manage the device permission request process on behalf of the devices it manages. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
003 The system shall acquire device identification information from ITS Objects it manages. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
004 The system shall request permissions for ITS Objects it manages from a center authorized to manage those permissions. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
005 The system shall request permissions for itself from a center authorized to manage those permissions. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
006 The system shall maintain the status of ITS Object permission requests. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
007 The system shall notify the ITS Object of the status of its permission request. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
008 The system shall accept permissions requests from ITS Object. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
009 The system shall provide valid user permission information to the CCMS 02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
010 The system shall provide a response to the requesting Center identifying the validity and status of the permission request. 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
011 The system shall determine if a permission request is valid. 02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
012 The system shall coordinate user permission information with other centers authorized to provide that information. 02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
013 The system shall accept permissions requests from Centers. 02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
014 The system shall accept user permission information from Centers authorized to provide that information. 02 Credential managers and authorization system operators need to be able to verify the identity and justification for system users that request permissions.
03 Credential managers need to be able to issue credentials to system users; these credentials must in turn serve system user needs.
015 The system shall acquire identifiers relevant to ITS services from the relevant registry of such identifiers 01 System users need to be able to demonstrate that they are authorized to perform ITS functions without divulging their identity.
016 The system shall operate a secure registry that maintains data and meta-data associated with unique identifiers used throughout ITS. 04 The CCMS Operator needs access to a secure registry that maintains a list of globally unique identifiers for use in credentialing and permissions management
017 The system shall provide relevant service identifiers to the CCMS. 04 The CCMS Operator needs access to a secure registry that maintains a list of globally unique identifiers for use in credentialing and permissions management