The goal is to provide a reliable, secure and timely method for certified devices to download credentials, while maintaining a minimum level of privacy that is expected by the end user. The solution should prevent a certified device (that has not been revoked) from running out of credentials required for critical safety systems to operate to the greatest extent possible.
Background and Strategic Fit
The purpose of this use case is to provide a defined method that a certified OBE can use to download batches of credentials. These credentials will be used to certify the device during transmission of critical safety messages, submission of misbehavior reports, and other critical system functions. The download will include:
- Files that include batches of certificates (each file holds certificates worth a week)
- The .info file that includes the time when the next batch of certificates will be available for download
- A local certificate chain file containing all PCA certificate chains required to validate the pseudonym certificates
- The local policy file
The OBE has successfully completed Step 3.1: Request for Pseudonym Certificates
The RA retrieved from PCA the issued certificates, zipped, and stored them in a folder for OBE to download
The OBE should follow the following steps to download the initial batch of pseudonym certificates. Neither order nor fulfillment of all steps is enforced, but highly recommended.
The OBE applies all changes to its trust-store (necessary for PCA Certificate Validations) if there is an updated LCCF
The OBE applies those changes if there is an updated LPF
The OBE downloads the pseudonym certificate batches using the API documented in RA - Download Pseudonym Certificate Batch
The OBE downloads the .info file using the API documented in RA - Download .info File
The OBE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in errors
The OBE will not attempt to execute the certificate provisioning process if it finds itself on the latest CRL (assumes that a willful violator has not compromised the device). The OBE will execute the certification/bootstrap process again to exit a revoked state.