AutoCrypt V2X-PKI

Security Credential Management System for the V2X ecosystem
autocrypt v2x-pki featured

PKI-based message security for V2X communications.

The Security Credential Management System (SCMS) is a PKI-based two-way authentication system standardized for V2X communications. It builds trust in the V2X ecosystem by enabling road entities to anonymously verify one another’s identity.

AutoCrypt® V2X-PKI (AutoCrypt® SCMS) is an SCMS platform that facilitates the enrolment, issuance, and revocation of digital certificates for V2X end entities.

AutoCrypt SCMS is compatible with the North American Security Credential Management System (SCMS), the European C-ITS Credential Management System (CCMS), and the Chinese CCSA standard (C-SCMS), providing certificate registration, authentication, and management services for onboard units (OBU) and roadside units (RSU) in compliance with IEEE 1609.2, ETSI, GB/T, and YD/T 3957-2021.

Unlike conventional PKI, V2X-PKI requires two-way anonymous verification for an ecosystem that contains millions of certificates that need to be updated frequently. AUTOCRYPT helps OEMs and infrastructure operators establish and manage the entire V2X-PKI (SCMS).

How It Works

The V2X-PKI verification process

AutoCrypt V2X

AutoCrypt V2X is a software security module embedded in the chipset of V2X end entities (e.g. OBUs, RSUs), consisting of a security library that contains the security protocol and algorithm needed for signing and verifying messages, as well as a Local Certificate Manager (LCM) that stores certificates locally. By running each certificate through the local certificate revocation list (CRL), the LCM ensures that only messages from trusted entities are opened.

AutoCrypt SCMS

AutoCrypt SCMS provides the V2X-PKI architecture behind message signing and verification, as well as services including certificate generation, distribution, and revocation. It also offers a policy generator that maintains and signs updates for the global policy file, the global certificate chain file, as well as global configuration information.

v2x scms diagram


Cloud-hosted SCMS as-a-service

Easy Management
  • No need for local deployment
  • Receive 24/7 support
Cost Reduction
  • No local servers
  • No need for software installation and maintenance
Robust Security
  • Security at the highest level managed by AUTOCRYPT
  • Supports deployment for millions of certificates
*On-premises deployment available upon request

Worldwide compliance

AutoCrypt SCMS is the world’s first and only SCMS platform that supports all three major V2X-PKI standards, including the US SCMS, EU CCMS, and Chinese C-SCMS.

Lifecycle management

AutoCrypt SCMS enables management of the entire certificate lifecycle, from issuance to revocation. A 24/7 real-time monitoring system is provided for operation administrators.

ims for scms featured

Misbehaviour detection (MBD)

AutoCrypt SCMS is capable of misbehaviour detection based on IEEE 1609.2. By analyzing the behaviours of each end entity using its MBD algorithm, the SCMS detects devices with abnormal behaviours and submits a list of untrustworthy devices in its misbehaviour reports.

Certificate revocation list (CRL) and optimization

The certificates of untrustworthy devices are revoked and kept in a certificate revocation list that is stored globally and locally in each end entity’s Local Certificate Manager. This ensures that messages signed by these revoked certificates will be neglected. AUTOCRYPT supports both hash-based CRL and full linkage ID-based CRL.

Over time, the size of the CRL grows linearly. To accommodate the CRL with limited storage space, AUTOCRYPT optimizes the CRL by maintaining a prioritized list of as little as 10,000 entries.