标准摘要
[中文适用范围]: SAE 正在制定一系列标准,包括 SAE J2945/x 和 SAE J3161/x 系列,这些标准使用来自 SAE J2735 数据字典的消息集来指定一组应用程序。(“应用程序”在此处表示“一组活动,包括服务于相关目标集合并与给定 IEEE 提供商服务标识符 (PSID) 相关联的不同实体之间的交互”)。这些应用程序的通信的真实性和完整性通过数字签名和 IEEE 1609.2 数字证书来确保,它们还使用提供商服务标识符 (PSID) 和服务特定权限 (SSP) 来指示发送者的权限。PSID 是与应用程序规范相关联的全局唯一标识符,它明确描述了如何构建该应用程序的可互操作实例。 [外文原描述]: SAE is developing a number of StandardDetails, including the SAE J2945/x and SAE J3161/x series, that specify a set of applications using message sets from the SAE J2735 data dictionary. (“Application” is used here to mean “a collection of activities including interactions between different entities in the service of a collection of related goals and associated with a given IEEE Provider Service Identifier (PSID)”). Authenticity and integrity of the communications for these applications are ensured using digital signatures and IEEE 1609.2 digital certificates, which also indicate the permissions of the senders using Provider Service Identifiers (PSIDs) and Service Specific Permissions (SSPs). The PSID is a globally unique identifier associated with an application specification that unambiguously describes how to build interoperable instances of that application. If the application features multiple activities such that different activities have different security impacts, correspond to different roles, or require different capabilities, then the application specifier should define an SSP data structure such that the contents of the SSP in a given certificate indicate which activities the certificate holder is entitled to carry out.This document establishes a security systems engineering process that can be used by future application specifiers to (1) determine which fields and activities should be subject to SSP constraints, and (2) specify a syntax and semantics for the SSPs for that application. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.Cross Reference:
英文名称Service Specific Permissions and Security Guidelines for Connected Vehicle Applications