Other Credentials Management Systems --> Cooperative ITS Credentials Management System:
enrollment coordination

This triple is bi-directional. See also Cooperative ITS Credentials Management System --> Other Credentials Management Systems: enrollment coordination

Definitions

enrollment coordination (Information Flow): Sharing of enrollment policies, certification mechanisms, registration and deregistration identifier types, registered and deregistered end entities, and other information that supports enrollment process coordination with another CCMS.

Other Credentials Management Systems (Source Physical Object): Representing another Cooperative ITS Credentials Management System (CCMS), 'Other Credentials Management Systems' is intended to provide a source and destination for information exchange between peer credentials management systems. It supports modeling of projects or regions that include multiple interconnected CCMS that manage credentials distribution and management in the connected vehicle environment.

Cooperative ITS Credentials Management System (Destination Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.

Included In

This Triple is in the following Service Packages:

This triple is associated with the following Functional Objects:

This Triple is described by the following Functional View Data Flows:

This Triple has the following triple relationships:

Communication Solutions

Solutions are sorted in ascending Gap Severity order. The Gap Severity is the parenthetical number at the end of the solution.

Selected Solution

US: Security Credentials - Guaranteed Secure Internet (ITS)

Solution Description

This solution is used within Canada and the U.S.. It combines standards associated with US: Security Credentials with those for I-I: Guaranteed Secure Internet (ITS). The US: Security Credentials standards include upper-layer standards required to provide and revoke security credentials, define security policy, and handle enrollment coordination. The I-I: Guaranteed Secure Internet (ITS) standards include lower-layer standards that support secure communications with guaranteed delivery between ITS equipment using X.509 or IEEE 1609.2 security certificates.

ITS Application Entity
Mind the gap

No Standard Needed
Click gap icons for more info.

Mgmt
Facilities

IEEE 1609.2.1
Security
Mind the gapMind the gap
TransNet

IP Alternatives
IETF RFC 9293
Access

Internet Subnet Alternatives
TransNet TransNet

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Access Access

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

ITS Application ITS Application

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Mgmt Mgmt

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Facility Facility

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Security Security

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.

Characteristics

Characteristic Value
Time Context Recent
Spatial Context National
Acknowledgement True
Cardinality Unicast
Initiator Destination
Authenticable True
Encrypt True


Interoperability Description
National This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union).

Security

Information Flow Security
  Confidentiality Integrity Availability
Rating High High High
Basis Coordination of credentialing and revocation should be maintained between the trust authorities and no one else. Outside observers may learn CCMS behaviors and may gain understanding of the timings between revocation/granting at one authority vs. propogation to another, which may enable attacks. Coordination of credentialing and revocation needs to be correct at all times, or trust/lack-of-trust may not be correctly propagated and end entities improperly served. Depending on the scale of the integrity/availability failure, this could affect a small or large amount of the C-ITS environment. Coordination of credentialing and revocation needs to be correct at all times, or trust/lack-of-trust may not be correctly propagated and end entities improperly served. Depending on the scale of the integrity/availability failure, this could affect a small or large amount of the C-ITS environment.


Security Characteristics Value
Authenticable True
Encrypt True