Page tree
Skip to end of metadata
Go to start of metadata

OBEs use this service to determine the earliest date on which a new batch of pseudonym certificate will become available. There will be a .info file for each device containing this information.

HTTP Request BodyEmpty
HTTP Request HeadersHTTP Header 'Download-Req' containing a Base64 encoded ASN.1 serialized SecuredAuthenticatedDownloadRequest, containing a SignedAuthenticatedDownloadRequest, containing a ScopedAuthenticatedDownloadRequest, containing an AuthenticatedDownloadRequest with a filename property matching the regular expression [0-9A-F]{16}\.info. That is, the name part of the file name is the 16 hexadecimal digits Request Hash obtained during initial provisioning request of this device.
HTTP Response BodyFile containing a time stamp of when the next batch is estimated to be available. Due to varying system load, an exact download time can not be provided. If the device receives error 5065 then it should reschedule the download for a later time.


  1. Device had previously requested a certificate batch
  2. Time stamp in the request AuthenticatedDownloadRequest is not more than 5 seconds apart from the server's time. (Controlled by the ra.client-signature-ttl-sec configuration setting.)


  1. RA returned a file containing a single IEEE 1609 format Time32 time stamp that the device will use to schedule a subsequent "top-up" download

Error Handling

See "RA-EE Errors" in Overview of Used Error Codes

Quality of Service

Estimated values are per logical unit, meaning multiple individual nodes can contribute to achieve the desired level of service. The number of vehicles that potentially invoke this service in a week is a function of the number of years in service:

Quality Metric
1 Year
3 Years
5 Years
10 Years

Assuming half of all new cars plus all existing vehicles need to check for notifications in the same week.

8,500,000 new vehicles / 604,800 seconds/week

14 requests / second

(8,500,000 new vehicles + 34,000,000 existing vehicles) / 604,800 seconds/week

70 requests / second

(8,500,000 new vehicles + 68,000,000 existing vehicles) / 604,800 seconds/week

126 requests / second

(8,500,000 new vehicles + 153,000,000 existing vehicles) / 604,800 seconds/week

267 requests / second

Quality of Protection

  • RA protects access with HTTPS (TLS V1.2)
  • Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256
  • Uses certificate-based client authentication of data signed by the device enrollment certificate, validated at the application layer. This is a supplement to the one-way TLS authentication, to provide two-way authentication with a TLS/1609.2 hybrid scheme.