Goals

The OBE needs to perform several computational steps to check whether a received Basic Safety Message (BSM) has been sent by a revoked EE. This document lists the corresponding requirements. 

Assumptions

The OBE received a CRL as defined in Use Case 6: CRL Download.

Process Steps

  1. The OBE expands the CRL and calculates the linkage values for the current i-period based on the CRL entries (linkage seeds) of the CRL pseudonym certificate section
  2. Whenever the OBE receives a new, unknown pseudonym certificate, it checks whether the linkage value of that unknown certificate is listed in the OBE's expanded CRL (from Step 1)
    1. If yes, then the OBE discards the received certificate
    2. Otherwise, the OBE accepts the received certificate as verified
  3. Whenever the OBE receives a new, unknown OBE identification certificate, the OBE will calculate the certificate digest of that unknown certificate and will check whether the CRL lists it
    1. If yes, then the OBE discards the received certificate
    2. Otherwise, the OBE accepts the received certificate as verified
  4. Before the end of each i-period, the OBE will: 
    1. Update its expanded CRL and calculate the linkage value for the next i-period
    2. Remove entries from the expanded CRL that belong to revoked devices that ran out of certificates, if a CRL entry indicated that the revoked device does not have any more valid certificates. Note that the OBE may not immediately remove such entries, but add a safety buffer.
  5. If the OBE recognizes itself on the CRL, the OBE will stop sending over-the-air DSRC messages related to the indicated PSID/SSP. This also applies if the OBE recognizes that the Enrollment CA that issued the OBE's enrollment certificate, the Pseudonym CA that issued the OBE's certificates, any Intermediate CA that is in the chain between its ECA or PCA up to the Root CA, or the Root CA itself has been revoked.