Security Credential Management System (SCMS)

The FDOT has an active Connected and Automated Vehicles (CAV) Program and CAV Business Plan. The Security Credential Management System (SCMS) is a critical component of this connected vehicle (CV) environment. Currently, TrustPoint Systems, Inc. in partnership with Integrity Security Services, LLC (ISS) is the SCMS provider for FDOT. The SCMS is internet hosted and provides security certificate services to secure CV messages being broadcast in Florida’s CAV ecosystem. The ISS team provides V2X Security Credential Management services and software, including Certificate Management System (CMS) software, through a centralized contract managed by FDOT Central Office (CO). Automotive and other industry partners are required to be interoperable with the national SCMS Manager requirements, at a minimum, to securely interact with FDOT’s CV infrastructure. CV roadside units (RSUs) and onboard units (OBUs) must be enrolled and provisioned in the FDOT CMS software by their manufacturer prior to the delivery. 

Definition of fundamental components of FDOT’s SCMS ecosystem:

• End Entity (EE): a device that sends or receives messages within the Connected Vehicle ecosystem, e.g., an RSU, an OBU, or an Aftermarket Safety Device (ASD).
• Certificate: a digitally signed file provided by the SCMS vendor’s CMS software that has a configurable expiration date and enables an EE receiver to trust an EE message sender and that the message is unaltered.
• Attestation: a process through which the SCMS vendor verifies that the CV equipment manufacturer has included a Hardware Security Module (HSM) and correctly implemented security as per USDOT and Crash Avoidance Metrics Partnership (CAMP) recommendations. Attestation must be completed by CV equipment manufacturers as a precondition to EE Enrollment.
• Enrollment: the enrollment process is the point where an initial trust relationship is established between a new EE and the rest of the SCMS infrastructure. All EEs that participate in the SCMS must be enrolled. Manufacturers able to meet attestation requirements will be provided with CMS software user accounts that enable them to enroll and provision devices.
• Provisioning: a process where an enrollment certificate and bootstrap file are uploaded into the EE where the information is used to request an initial set of operational certificates from the SCMS vendor’s CMS software website via network communications.

Enrollment, Operations, and Maintenance of CV Devices in FDOT SCMS:

Related References:

• Connected Vehicle Deployment Technical Assistance: Security Credential Management System (SCMS) Technical Primer (Source: USDOT)
• Security Credential Management System Proof of Concept (Source: USDOT)
• https://www.scmsmanager.org/publications/
• National Security Credential Management System (SCMS) Deployment Support: SCMS Baseline Summary Report
  (Source: USDOT)

For more information, please contact Kenneth Shiver Kenneth.Shiver@dot.state.fl.us.