AutoCrypt V2X-PKI

Security Credential Management System for the V2X ecosystem
autocrypt v2x-pki featured

PKI-based message security for V2X communications.

The Security Credential Management System (SCMS) is a PKI-based two-way authentication system standardized for V2X communications. It builds trust in the V2X ecosystem by enabling road entities to anonymously verify one another’s identity.

AutoCrypt® V2X-PKI is an SCMS platform that facilitates the enrolment, issuance, and revocation of digital certificates for V2X end entities.

It is compatible with the North American Security Credential Management System (SCMS), the European C-ITS Credential Management System (CCMS), and the Chinese CCSA standard (C-SCMS), providing certificate registration, authentication, and management services for onboard units (OBU) and roadside units (RSU) in compliance with IEEE 1609.2, IEEE 1609.2.1, CAMP VSC3, ETSI, GB/T, and YD/T 3957-2021.

Unlike conventional PKI, V2X PKI requires two-way anonymous verification for an ecosystem that contains millions of certificates that need to be updated frequently. AUTOCRYPT helps OEMs and infrastructure operators establish and manage the entire V2X PKI (SCMS).

How It Works

The V2X PKI verification process

AutoCrypt V2X-EE

AutoCrypt® V2X-EE is a software security module embedded in the chipset of V2X end entities (e.g. OBUs, RSUs), consisting of a security library that contains the security protocol and algorithm needed for signing and verifying messages, as well as a Local Certificate Manager (LCM) that stores certificates locally. By running each certificate through the local certificate revocation list (CRL), the LCM ensures that only messages from trusted entities are opened.

AutoCrypt V2X-PKI

AutoCrypt® V2X-PKI provides the SCMS-based PKI architecture behind message signing and verification, as well as services including certificate generation, distribution, and revocation. It also offers a policy generator that maintains and signs updates for the global policy file, the global certificate chain file, as well as global configuration information.

v2x scms diagram


Cloud-hosted SCMS as-a-service

Easy Management
  • No need for local deployment
  • Receive 24/7 support
Cost Reduction
  • No local servers
  • No need for software installation and maintenance
Robust Security
  • Security at the highest level managed by AUTOCRYPT
  • Supports deployment for millions of certificates
*On-premises deployment available upon request

Worldwide compliance

AutoCrypt® V2X-PKI is the world’s first and only SCMS platform that supports all three major V2X-PKI standards, including the US SCMS, EU CCMS, and Chinese C-SCMS.

Lifecycle management

AutoCrypt® V2X-PKI enables management of the entire certificate lifecycle, from issuance to revocation. A 24/7 real-time monitoring system is provided for operation administrators.

ims for scms featured

Misbehaviour detection (MBD)

AutoCrypt® V2X-PKI is capable of misbehaviour detection based on IEEE 1609.2. By analyzing the behaviours of each end entity using its MBD algorithm, the SCMS detects devices with abnormal behaviours and submits a list of untrustworthy devices in its misbehaviour reports.

Certificate revocation list (CRL) and optimization

The certificates of untrustworthy devices are revoked and kept in a certificate revocation list that is stored globally and locally in each end entity’s Local Certificate Manager. This ensures that messages signed by these revoked certificates will be neglected. AUTOCRYPT supports both hash-based CRL and full linkage ID-based CRL.

Over time, the size of the CRL grows linearly. To accommodate the CRL with limited storage space, AUTOCRYPT optimizes the CRL by maintaining a prioritized list of as little as 10,000 entries.