The implementation of the elector scheme will affect how EE storage is used.

  1. An EE must be able to store securely a number of elector IEEE 1609.2 self-signed certificates. In the PoC, three electors will be operational. Storage for four electors and elector endorsements must be available. In deployment, perhaps nine will be operational, and storage for ten is assumed.
  2. An EE must be able to store securely a number of Root CA self-signed certificates. In the PoC, there will be at most two (to allow for testing of Root replacement). In deployment, storage for ten is assumed. If the EE will check the votesĀ on these Root CA self-signed certificates each time, then these need not be stored in the secure trust store.
  3. EEs must have secure software used to update the trust store through the correct processing of ballots. This also involves protection for basic parameters under which votesĀ are acted upon, the quorum, which is an assumed number less than ten.

Note that all EEs (and other SCMS components) must have a secure method for storing and recovering Root CA certificates. Developers of EE hardware and software may choose from a variety of methods for managing secure storage, but their chosen approach must be approved through an EE certification process. To demonstrate some of the various options that are available, three methods are suggested and described in the following diagram: