OBEs use this service to request the initial batch of Pseudonym Certificates. After the initial batch is requested, subsequent batches are automatically provisioned.
PORT | 8892 |
---|---|
PATH | /provision-pseudonym-certificate-batch |
HTTP Method | POST |
HTTP Request Body | ASN.1 serialized SecuredPseudonymCertProvisioningRequest |
HTTP Response Body | SignedPseudonymCertProvisioningAck with a requestHash property containing the lower 8 bytes of the request hash. This value will identify this device for the download of the requested certificate. The reply property contains a PseudonymCertProvisioningAck with a certDLTime property containing the expected time for download of the requested batch, and a certDLURL property containing the URL where the batch can be downloaded. |
Preconditions
- Policy referenced in the request message is previously known
- PLV Cache has at least one PLV chain
- Device is not revoked
Postconditions
None.
Error Handling
See "RA-EE Errors" in Overview of Used Error Codes
Quality of Service
Estimated values are per logical unit, meaning multiple individual nodes can contribute to achieve the desired level of service. This service will be used once for each initial provisioning request for each new OBE. There may also be a very small addition of OBEs re-requesting provisioning in order to update their parameters. However, this should be a low enough volume to have no significant impact on these calculations.
Quality Metric | 1 Year | 3 Years | 5 Years | 10 Years |
---|---|---|---|---|
Throughput | (17,000,000 new vehicles) = .5 batch requests / second | (17,000,000 new vehicles) = .5 batch requests / second | (17,000,000 new vehicles) = .5 batch requests / second | (17,000,000 new vehicles) = .5 batch requests / second |
Quality of Protection
- RA protects access with HTTPS (TLS V1.2)
- Supports at a minimum OpenSSL cipher suite ECDHE-ECDSA-AES128-SHA256
- Uses certificate-based client authentication of data signed by the device enrollment certificate, validated at the application layer. This is a supplement to the one-way TLS authentication, to provide two-way authentication with a TLS/1609.2 hybrid scheme.
- Incoming message is encrypted (within the ASN.1 message structure) with the RA Component certificate public key