Vehicle-To-Everything
AutoCrypt V2X-PKI
Security Credential Management System for the V2X ecosystem
PKI-based message security for V2X communications.
The Security Credential Management System (SCMS) is a PKI-based two-way authentication system standardized for V2X communications. It builds trust in the V2X ecosystem by enabling road entities to anonymously verify one another’s identity.
AutoCrypt® V2X-PKI is an SCMS platform that facilitates the enrolment, issuance, and revocation of digital certificates for V2X end entities.
It is compatible with the North American Security Credential Management System (SCMS), the European C-ITS Credential Management System (CCMS), and the Chinese CCSA standard (C-SCMS), providing certificate registration, authentication, and management services for onboard units (OBU) and roadside units (RSU) in compliance with IEEE 1609.2, IEEE 1609.2.1, CAMP VSC3, ETSI, GB/T, and YD/T 3957-2021.
Unlike conventional PKI, V2X PKI requires two-way anonymous verification for an ecosystem that contains millions of certificates that need to be updated frequently. AUTOCRYPT helps OEMs and infrastructure operators establish and manage the entire V2X PKI (SCMS).
How It Works
The V2X PKI verification process
AutoCrypt V2X-EE
AutoCrypt® V2X-EE is a software security module embedded in the chipset of V2X end entities (e.g. OBUs, RSUs), consisting of a security library that contains the security protocol and algorithm needed for signing and verifying messages, as well as a Local Certificate Manager (LCM) that stores certificates locally. By running each certificate through the local certificate revocation list (CRL), the LCM ensures that only messages from trusted entities are opened.
AutoCrypt V2X-PKI
AutoCrypt® V2X-PKI provides the SCMS-based PKI architecture behind message signing and verification, as well as services including certificate generation, distribution, and revocation. It also offers a policy generator that maintains and signs updates for the global policy file, the global certificate chain file, as well as global configuration information.
Highlights
Cloud-hosted SCMS as-a-service
Easy Management
- No need for local deployment
- Receive 24/7 support
Cost Reduction
- No local servers
- No need for software installation and maintenance
Robust Security
- Security at the highest level managed by AUTOCRYPT
Scalability
- Supports deployment for millions of certificates
Worldwide compliance
AutoCrypt® V2X-PKI is the world’s first and only SCMS platform that supports all three major V2X-PKI standards, including the US SCMS, EU CCMS, and Chinese C-SCMS.
Lifecycle management
AutoCrypt® V2X-PKI enables management of the entire certificate lifecycle, from issuance to revocation. A 24/7 real-time monitoring system is provided for operation administrators.
Misbehaviour detection (MBD)
AutoCrypt® V2X-PKI is capable of misbehaviour detection based on IEEE 1609.2. By analyzing the behaviours of each end entity using its MBD algorithm, the SCMS detects devices with abnormal behaviours and submits a list of untrustworthy devices in its misbehaviour reports.
Certificate revocation list (CRL) and optimization
The certificates of untrustworthy devices are revoked and kept in a certificate revocation list that is stored globally and locally in each end entity’s Local Certificate Manager. This ensures that messages signed by these revoked certificates will be neglected. AUTOCRYPT supports both hash-based CRL and full linkage ID-based CRL.
Over time, the size of the CRL grows linearly. To accommodate the CRL with limited storage space, AUTOCRYPT optimizes the CRL by maintaining a prioritized list of as little as 10,000 entries.
Related Product
AutoCrypt V2X-EE
AutoCrypt V2X-EE is a security module that can be readily embedded into the chipsets of OBUs and RSUs, ensuring that each end entity is readily equipped for the SCMS.
Related Product
IMS for SCMS
AUTOCRYPT’s Integrated Management System (IMS) for SCMS is a central dashboard designed for SCMS operators to supervise and manage the entire SCMS across regions.