SCMS CV Pilots Documentation : Step 3.3: Initial Download of Pseudonym Certificates

Goals

The goal is to provide a reliable, secure and timely method for certified devices to download credentials, while maintaining a minimum level of privacy that is expected by the end user. The solution should prevent a certified device (that has not been revoked) from running out of credentials required for critical safety systems to operate to the greatest extent possible.

Background and Strategic Fit

The purpose of this use case is to provide a defined method that a certified OBE can use to download batches of credentials. These credentials will be used to certify the device during transmission of critical safety messages, submission of misbehavior reports, and other critical system functions. The download will include: 

1. Files that include batches of certificates (each file holds certificates worth a week) 
2. The .info file that includes the time when the next batch of certificates will be available for download 
3. A local certificate chain file containing all PCA certificate chains required to validate the pseudonym certificates
   
4. The local policy file

Assumptions

1. The OBE has successfully completed Step 3.1: Request for Pseudonym Certificates 

2. The RA retrieved from PCA the issued certificates, zipped, and stored them in a folder for OBE to download

Process Steps

The OBE should follow the following steps to download the initial batch of pseudonym certificates. Neither order nor fulfillment of all steps is enforced, but highly recommended.

1. The OBE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF), as before in Step 3.1: Request for Pseudonym Certificates

   1. The OBE applies all changes to its trust-store (necessary for PCA Certificate Validations) if there is an updated LCCF

   2. The OBE applies those changes if there is an updated LPF

2. The OBE downloads the pseudonym certificate batches using the API documented in RA - Download Pseudonym Certificate Batch

3. The OBE downloads the .info file using the API documented in RA - Download .info File

Error Handling 

1. The OBE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in errors

2. The OBE will not attempt to execute the certificate provisioning process if it finds itself on the latest CRL (assumes that a willful violator has not compromised the device). The OBE will execute the certification/bootstrap process again to exit a revoked state.