ISO 21177:2024 pdf download - Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices 智能运输系统 - ITS站点安全服务 - 用于可信设备之间的安全会话建立和验证

ISO 21177:2024 pdf download - Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices.
This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.:
—  between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and
—  between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.
智能运输系统 - ITS站点安全服务 - 用于可信设备之间的安全会话建立和验证
本文件包含一套ITS站点安全服务的规范，以确保可信实体之间交换的信息来源的真实性和完整性。
这些服务包括以可信和安全的方式交换信息所需的认证和安全会话建立。
这些服务对许多智能交通系统（ITS）应用和服务至关重要，包括时间关键型安全应用、自动驾驶、ITS站点的远程管理（ISO 24102-2）以及路边/基础设施相关服务。
This document specifies ITS station security services that provide authenticity of the source and confidentiality and integrity of application activities taking place between trusted devices.The two devices taking part in a data exchange establish a cryptographically secure session.As part of establishing this session,each device [or,more precisely,each end entity (EE)which is an application on the device] is sent one or more digital certificates that are cryptographically bound to the other EE and contain statements,made by a trusted third party,about the EE's capabilities,properties and permissions.This allows each EEto have assurance about the properties of the other EE in the session,and this in turn allows each EE tomake trust and access control decisions about data that the other EE can access,commands that the other EE can execute,states that the other EE can change,and other types of access that the other EE can request.In other words,the two EEs establish a trust relationship where each EE is trusted by the other EE to carry out specific actions,without requiring one EE to allow the other EE to have arbitrary access.
The mechanisms specified in this document allow each EE to establish trusted facts about the other EE.For these mechanisms to be used,the EE specification needs to include an access control policy,indicating which properties are required to be known to be true about the other EE for that other EE to be allowed to carry out particular actions.In other words,this document provides a means to obtain security-relevant information,but the use of that security-relevant information is to be specified in the specification of the EE.