FDOT SCMS

Project Description: The FDOT Security and Credentials Management System (SCMS) will be used to ensure trusted communications between mobile devices and other mobile devices or roadside devices and protect data they handle from unauthorized access. The system will grant trust credentials to qualified mobile devices and infrastructure devices in the Connected Vehicle Environment so those devices may be considered trusted by other devices that receive trust credentials from the SCMS. The SCMS allows credentials to be requested and revoked and secures the exchange of trust credentials between parties, so that no other party can intercept and use those credentials illegitimately. It provides security to the transmissions between connected devices, ensuring authenticity and integrity of the transmissions. Additional security features include privacy protection, authorization and privilege class definition, as well as non–repudiation of origin.

Project Status: Planned

Project Stakeholders:

• FDOT CO
• FDOT Districts
• Generic CAV Stakeholder
• Travelers

Project Service Packages:

• SU08: Security and Credentials Management (FDOT SCMS)
• SU04: Map Management (CAV-ITS)
• SU09: Device Certification and Enrollment (FDOT SCMS)

Project Information Flows:

Information Flow	Source Element	Destination Element	Status
data query publication	Florida V2X Data Exchange Platform	Florida DEP Air Quality Management System	Planned
device enrollment information	CAV Field Equipment	FDOT SCMS	Planned
device enrollment information	Vehicle	FDOT SCMS	Planned
enrollment credentials	FDOT SCMS	CAV Field Equipment	Planned
enrollment credentials	FDOT SCMS	Vehicle	Planned
intersection geometry	CAV Field Equipment	Vehicle	Planned
intersection geometry	CAV-ITS Map Update System	CAV Field Equipment	Planned
intersection geometry	CAV-ITS Map Update System	FDOT District Transportation Management Centers using SunGuide	Planned
map update notification	FDOT District Transportation Management Centers using SunGuide	CAV-ITS Map Update System	Planned
map updates	CAV Field Equipment	Vehicle	Planned
map updates	CAV-ITS Map Update System	CAV Field Equipment	Planned
map updates	CAV-ITS Map Update System	FDOT District Transportation Management Centers using SunGuide	Planned
misbehavior report	CAV Field Equipment	FDOT SCMS	Planned
misbehavior report	Vehicle	FDOT SCMS	Planned
security credential revocations	FDOT SCMS	CAV Field Equipment	Planned
security credential revocations	FDOT SCMS	Vehicle	Planned
security credentials	FDOT SCMS	CAV Field Equipment	Planned
security credentials	FDOT SCMS	Vehicle	Planned
security policy and networking information	FDOT SCMS	CAV Field Equipment	Planned
security policy and networking information	FDOT SCMS	Vehicle	Planned
signed maps_ud	FDOT SCMS	CAV-ITS Map Update System	Planned
unsigned intersection maps_ud	CAV-ITS Map Update System	FDOT SCMS	Planned
vehicle location and motion for surveillance	Vehicle	CAV Field Equipment	Planned
vehicle location data for mapping	CAV Field Equipment	CAV-ITS Map Update System	Planned

Project Functional Requirements (Element - Functional Object):

• CAV Field Equipment - ITS Management Support
• 1: The ITS Object shall provide its network address, service offerings and metrics characterizing those services to vehicles within the broadcast range of the ITS Object's short range communications equipment.
• 2: The ITS Object shall provide its network address, service offerings and metrics characterizing those services to the Object Registration and Discovery Service.
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• CAV Field Equipment - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• CAV Field Equipment - RSE Map Management
• 1: The field element shall collect broadcasted vehicle location and motion information.
• 3: The field element shall provide roadway geometry update information to proximate Vehicles.
• 5: The field element shall provide intersection geometry update information to proximate Vehicles.


• CAV-ITS Map Update System - Center Map Management
• 1: The Center shall collect updates to basemaps from Map Update Systems .
• 2: The Center shall collect updates to intersection geometry from Map Update Systems.


• CAV-ITS Map Update System - Map Management
• 1: The Center shall collect Vehicle location information from Vehicles.
• 2: The Center shall collect updates to roadway geometry from other Centers.
• 4: The Center shall collect updates to intersection geometry from other Centers.


• Commercial Vehicle - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• Commercial Vehicle - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FDOT District Field Equipment - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FDOT District Field Equipment - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FDOT District Transportation Management Centers using SunGuide - Center Map Management
• 1: The Center shall collect updates to basemaps from Map Update Systems .
• 2: The Center shall collect updates to intersection geometry from Map Update Systems.
• 3: The Center shall provide roadway geometry updates to Map Update Systems.


• FDOT District Transportation Management Centers using SunGuide - ITS Management Support
• 1: The ITS Object shall provide its network address, service offerings and metrics characterizing those services to vehicles within the broadcast range of the ITS Object's short range communications equipment.
• 2: The ITS Object shall provide its network address, service offerings and metrics characterizing those services to the Object Registration and Discovery Service.
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FDOT District Transportation Management Centers using SunGuide - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FDOT District Transportation Management Centers using SunGuide - MCM Work Activity Coordination
• 1: The center shall provide work zone activities affecting the road network including the nature of the maintenance or construction activity, location, impact to the roadway, expected time(s) and duration of impact, anticipated delays, alternate routes, and suggested speed limits. This information may be augmented with images that provide a visual indication of current work zone status and traffic impacts.


• FDOT DIVAS - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FDOT DIVAS - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FDOT SCMS - CCMS Authorization
• 1: The Center shall generate credential identifiers using facilities that are independently owned and operated from one another.
• 2: The Center shall assign two or more non-unique identifiers, that when combined are unique, to each credential it distributes.
• 3: The Center shall verify information received in pseudonym requests.
• 4: The Center shall coordinate the distribution of credentials with other Centers.
• 5: The Center shall store credential identifiers using facilities that are independently owned and operated from one another.
• 6: The Center shall provide Vehicle pseudonymous credentials in response to valid Vehicle pseudonym requests.
• 7: The Center shall provide Personal Device pseudonymous credentials in response to valid Personal Device pseudonym requests.
• 8: The Center shall provide Center pseudonymous credentials in response to valid Center pseudonym requests.
• 9: The Center shall provide Connected Vehicle Roadside Equipment pseudonymous credentials in response to valid Connected Vehicle Roadside Equipment pseudonym requests.


• FDOT SCMS - CCMS Enrollment
• 1: The Center shall provide enrollment credentials in response to valid enrollment requests.


• FDOT SCMS - CCMS Misbehavior Reporting and Action
• 1: The Center shall accept misbehavior reports from ITS Objects.
• 2: The Center shall analyze misbehavior reports.
• 3: The Center shall coordinate misbehavior analysis with other Centers.


• FDOT SCMS - CCMS Provisioning
• 1: The Center shall provide security and regulatory policy information to ITS Objects.
• 2: The Center shall provide its credentials information to ITS Objects.
• 3: The Center shall provide the operator with mechanisms for monitoring the status of all credential-granting activities without compromising any other requirement.


• FDOT SCMS - CCMS Revocation
• 1: The Center shall place certificates on the revocation list of those certificates that are associated with misbehavior.
• 2: The Center shall provide to ITS Objects a list of credentials whose trust as been revoked.


• FDOT SCMS - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FDOT SCMS - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FHP CVE Vehicle - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FHP CVE Vehicle - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• FHP Vehicle - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• FHP Vehicle - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• Florida V2X Data Exchange Platform - ITS Management Support
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• Florida V2X Data Exchange Platform - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• Vehicle - ITS Management Support
• 1: The ITS Object shall provide its network address, service offerings and metrics characterizing those services to vehicles within the broadcast range of the ITS Object's short range communications equipment.
• 6: The ITS Object shall acquire regulatory information relevant to the operation of the ITS Object from the CCMS.


• Vehicle - ITS Security Support
• 1: The ITS Object shall obtain security policy information from the Cooperative Intelligent Transportation System Credentials Management System (CCMS).
• 10: The ITS Object shall maintain cryptographic secret information so that those secrets are accessible only to ITS Security Support, and not to any other Functional Object.
• 11: The ITS Object shall request pseudonymous credentials from the CCMS.
• 12: The ITS Object shall provide messages (that it receives) that indicate potential misbehavior/malfunction to the CCMS.
• 2: The ITS Object shall request enrollment credentials from the CCMS.
• 3: The ITS Object shall obtain the CCMS' trust credentials.
• 4: The ITS Object shall provide a mechanism for on-board applications to digitally sign messages using keys secured by the CCMS' trust authority.
• 5: The ITS Object shall provide a mechanism for on-board applications to authenticate messages secured by the CCMS' trust authority.
• 6: The ITS Object shall provide a mechanism for on-board applications to encrypt messages using keys secured by the CCMS' trust authority.
• 7: The ITS Object shall provide a mechanism for on-board applications to decrypt messages using keys secured by the CCMS' trust authority.
• 8: The ITS Object shall obtain a list of revoked credentials from the CCMS.
• 9: The ITS Object shall make the list of revoked credentials available to on-board applications.


• Vehicle - Vehicle Map Management
• 1: The Vehicle shall make basemap, roadway geometry, intersection geometry and parking facility geometry information available to other onboard vehicle applications.
• 3: The Vehicle shall obtain roadway geometry update information from proximate Connected Vehicle Roadside Equipment.
• 4: The Vehicle shall obtain intersection geometry update information from proximate Connected Vehicle Roadside Equipment.

Project Solutions:

• (None-Data) - Secure Internet (ITS)
• (None-Data) - WAVE WSMP
• US: Device enrollment - Secure Internet (ITS)
• US: Misbehavior reporting - Secure Internet (ITS)
• US: SAE Basic Safety Messages - WAVE WSMP
• US: SAE Other J2735 - Secure Internet (ITS)
• US: SAE Signal Control Messages - WAVE WSMP
• US: Security Credentials - Secure Internet (ITS)

Project Operational Concepts:

Roles and Responsibilities

• Travelers
• Operate connected vehicles.


• FDOT Districts
• Operates CAV Roadside Equipment.


• FDOT CO
• Enables trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access.
• Provide credentials information, route restriction information, and safety status information to private fleet operations after filing a credentials application.
• Provides security for CAV communications between vehicles and the roadside.
• Supports connected and autonomous vehicle operations.
• The SCMS provides secure certificates to users within the CAV environment.


• Generic CAV Stakeholder
• Operates CAV Roadside Equipment.