ASN.1 module Ieee1609Dot2Dot1AcaRaInterface

OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) aca-ra(4) major-version-3(3) minor-version-2(2)}

Imports:

Data Elements:

AcaRaInterfacePdu

This is the parent structure for all structures exchanged between the ACA and the RA. An overview of this structure is as follows:

AcaRaInterfacePdu ::= CHOICE { raAcaCertRequest RaAcaCertRequest, acaRaCertResponse AcaRaCertResponse, ... }

RaAcaCertRequest

This structure contains parameters needed to request an individual authorization certificate. An overview of this structure is as follows:

NOTE:

  1. In the case where the butterfly key mechanism is used to set certEncKey, the value of j is not communicated to the ACA. However, the EE that receives the certificate response can only decrypt the response if it knows j. The RA is therefore anticipated to store j so that it can be associated with the appropriate certificate response.
  2. The cracaId and crlSeries are set to the indicated values in the request. The ACA replaces these values with the appropriate values in the response.
  3. The ACA is not bound by the contents of the request and can issue certificates that are different from those requested, if so directed by policy.
RaAcaCertRequest ::= SEQUENCE { version Uint8 (2), generationTime Time32, type CertificateType, flags RaAcaCertRequestFlags, linkageInfo LinkageInfo OPTIONAL, certEncKey PublicEncryptionKey OPTIONAL, tbsCert ToBeSignedCertificate (WITH COMPONENTS { ..., cracaId ('000000'H), crlSeries (0), appPermissions PRESENT, certIssuePermissions ABSENT, certRequestPermissions ABSENT }), ... }

LinkageInfo

This structure is used to convey information from the RA to the ACA about operations to be carried out when generating the certificate. For more details see the specification of RaAcaCertRequest. An overview of this structure is as follows: This structure contains parameters needed to generate a linkage value for a given (EE, i, j). An overview of this structure is as follows:

See Annex F for further discussion of LAs.

LinkageInfo ::= SEQUENCE { encPlv1 EncryptedIndividualPLV, encPlv2 EncryptedIndividualPLV, ... }

EncryptedIndividualPLV

This structure contains an individual prelinkage value encrypted by the LA for the ACA using the shared secret key. An overview of this structure is as follows:

NOTE: How the ACA obtains the shared symmetric key and how the RA associates the encPlv1 and encPlv2 with the correct certificate request are outside the scope of this document.

EncryptedIndividualPLV ::= SEQUENCE { version Uint8 (2), laId LaId, encPlv Ieee1609Dot2Data-SymmEncryptedSingleRecipient { PreLinkageValue } }

PreLinkageValue

This structure contains an individual prelinkage value. It is an octet string of length 9 octets.

PreLinkageValue ::= OCTET STRING (SIZE(9))

AcaRaCertResponse

This structure contains a certificate response by the ACA, encapsulated for consumption by the EE, as well as associated data for consumption by the RA. The response is of form AcaEeCertResponsePlainSpdu, AcaEeCertResponsePrivateSpdu, or AcaEeCertResponseCubkSpdu, and is generated in response to a successful RaAcaCertRequestSpdu. In this structure:

AcaRaCertResponse ::= SEQUENCE { version Uint8 (2), generationTime Time32, requestHash HashedId8, acaResponse AcaResponse, ... }

AcaResponse

This structure contains the certificate for the EE in a suitable form as determined from the corresponding RaAcaCertRequestSPDU. In this structure:

AcaResponse ::= CHOICE { plain AcaEeCertResponsePlainSpdu, private AcaEeCertResponsePrivateSpdu, cubk AcaEeCertResponseCubkSpdu, ... }