Page tree
Skip to end of metadata
Go to start of metadata
Target releaseRelease 1.1
Document owner
Reviewer

Goals

The goal is to provide a reliable, secure, and timely method for certified devices to download OBE identification certificates. 

Background and Strategic Fit

The purpose of this use-case is to provide a defined method that a certified OBE can use to download OBE identification certificates. The download will include:

  1. File(s) X_i.zip that each include one file X_i with a certificate
  2. A .info file that includes the time when new certificates will be available 
  3. A local certificate chain file containing all PCA certificate chains required to validate the identification certificates, but not the policy file

Assumptions

Process Steps

  1. The OBE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF), as done before in Step 19.1: Request for OBE Identification Certificates
    1. If there is an updated LCCF, the EE applies all changes to its trust-store (necessary for the PCA Certificate Validations)
    2. If there is an updated LPF, the EE applies those changes
  2. The OBE downloads the new OBE identification certificates using the API documented in RA - Download Identification Certificate
  3. The OBE downloads .info file using the API documented in RA - Download .info File

Error Handling

  1. The OBE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in critical errors
  2. The OBE will not attempt to execute the certificate provisioning process if it finds itself on the latest CRL (assumes that a willful violator has not compromised the device). The device will need to execute the certification/bootstrap process again to exit a revoked state.

Requirements

Key Status Summary Description justification notes Component/s
Loading...
Refresh

Use Case 19.3 - Requirements