WHEREAS, Subscriber manufactures, supplies, or operates products and/or services that must operate in in the US Department of Transportation’s (“US-DOT”) vehicle-to-vehicle (“V2V”) and vehicle-to-infrastructure (“V2I”) programs (collectively, “V2X”); the European Commission’s Cooperative Intelligent Transport Systems (C-ITS) programs, the Car to Car (“C2C”) Consortium Car to Car (“C2C”) and Car to Infrastructure (“C2I”) programs (collectively C2X); and/or equivalent in China.
WHEREAS, ISS owns and operates the V2X Root CA (“V2XRCA”), C2X Root CA (“C2XRCA”) and the associated ISS Managed Certificate Management Service (“SCMS Service”) to issue US-DOT V2X, European C2X Pilot, Production and Test certificates and certificate revocation lists to Subscriber’s end entities including the ISS Traffic Management Center Authority (“TMCA”) and the ISS Device Management Dashboard (DMD) Service.
NOW, THEREFORE, in consideration of the mutual covenants and promises herein contained, the parties agree as follows:
All current and future business entities that, directly or indirectly, control, are controlled by, or are under common control with Subscriber, excluding retail dealerships. For purposes of this definition only, the term “control” is defined as the legal, beneficial, or equitable ownership, directly or indirectly, in such entity.
A digitally signed bit string issued by ISS’ V2XRCA, Test V2XRCA, C2XRCA, Subscriber C2XRCA, Test C2XRCA, ISS SCMS Test, Pilot and Production Service to a Subscriber identifying the holder (“Holder”) of the Private Key corresponding to the Public Key contained in the Certificate.
SCMS Test, Pilot and Production Service
As used herein “SCMS Test, Pilot and Production Service” refers to the service ordered by Subscriber hereunder, which may include any or all of: (i) SCMS Pilot ICA Service; (ii) SCMS Test Service; (iii) SCMS Production ICA Service; and (iv) SCMS TMCA Service.
(a) The “SCMS Pilot ICA Service” operates under the V2XRCA or C2XRCA (or Subscriber C2XRCA) and issues certificates to Subscriber for use in pre-production products that are deployed in state or government agency sponsored pilot V2X or C2X projects (e.g., the USDOT CV Pilots). At some point, these products will be removed from deployment or they will be transitioned to the SCMS Production ICA Service once they meet all applicable state or government agency requirements.
(b) The “SCMS Test Service” operates under the Test V2XRCA or the Test C2XRCA and issues certificates to Subscriber for use in product and service development. These certificates are not interoperable with those issued by the SCMS Pilot ICA Service and SCMS Production ICA Service.
(c) The “SCMS Production ICA Service” operates under the V2XRCA or C2XRCA and issues certificates to Subscriber for use in production products that meet all applicable state or government agency requirements for long term deployment in connected vehicle to vehicle and/or connected vehicle to infrastructure projects.
(d) The “SCMS TMCA Service” is an on premise or hosted service for encrypting, validating, accelerating and/or signing messages, MAP, TIM and other data.
(e) The “SCMS DMD Service” is a hosted service for monitoring and managing devices from a web interface and/or generating reports of fielded devices that have been privisioned by the ISS SCMS.
For asymmetric key cryptography, a Private Key and its corresponding Public Key.
A secret key known only to Holder of the Key Pair. This is the key of a Key Pair that is used by the Holder to create digital signatures.
This key is mathematically related to the Holder’s Private Key. It may be publicly disclosed by the Holder, and is used by Relying Parties to verify digital signatures created by the Holder using her Private Key.
The entity that relies on a valid Certificate.
CA Certificate Authority or Certification Authority
CAMP Crash Avoidance Metrics Partners LLC
SCMS Security Credential Management Service
C2XRCA ISS C2X Root Certification Authority
CRL Certificate Revocation List
DDA DLM Distributor Appliance
DLM Device Lifecycle Management
DMD Device Management Dashboard
DOT US Department of Transportation
EE End Entity
FIPS Federal Information Processing Standards
ISS INTEGRITY Security Services LLC
ICA Intermediate CA
IT Information Technology
OBU On Board Unit or Equipment
PKI Public Key Infrastructure
RSU Roadside Unit or Equipment
SCMS Security Credential Management System
TIM Traveler Information Message
TMCA ISS SCMS Traffic Management Center Authority
V2XRCA ISS V2X Root Certification Authority
The Licensed Material is supplied by ISS solely for use by Subscriber for its provisioning of its ISS-authorized products and services. All right, title, and inter¬est in and to the ISS SCMS Test, Pilot and Production Service, the Licensed Material, the ISS Root Certificate Authorities and their root certificates, and all related materials, excluding the issued certificates, are and shall at all times remain the sole property of ISS. Subscriber is not authorized to grant sublicenses for use of the ISS SCMS Test, Pilot or Production Service or the Licensed Materials or to permit usage on a time-sharing service. Subscriber shall not disassemble or re¬verse compile, reverse engineer, or otherwise attempt to learn the source code underlying the Licensed Material, or any algorithms or methods underlying the same. ISS preserves all rights not expressly licensed herein.
The SCMS Test, Pilot and Production Service produces Certificates that are compliant with USDOT’s, CAMP’s or ISS’ then current profile of IEEE 1609.2 and the European Union’s or ISS’ then current profile of ETSI TS 103 097 and TS 102 941 standards for infrastructure and OBU certificates. The SCMS Test Certificates must not be considered secure in the traditional sense of a certificate since there are no security controls protecting the Test Root CA private key, any signing or encryption process and keys, or the OBU/RSU private keys (if generated by the SCMS Test Service). These Test Certificates are not interoperable with Certificates from the ISS SCMS Pilot or Production Service which are certified under the ISS V2X or C2X Root Certificate Authority.
Subscriber’s obligations are as follows:
Subscriber agrees that its devices and/or services containing SCMS Test, Pilot and Production Certificates may have those Certificates revoked by ISS, USDOT (for US V2X products and services), the European Commission (for EU C-ITS products and services), state and government agencies deploying connected vehicle/infrastructure projects, or by an automated misbehavior detection service as appropriate, without a period for cure, should such devices/services be determined by these entities, as appropriate, to be misbehaving or hacked.
For the verification of CRL processing by a test OBU/RSU, Subscriber may request a specific OBU/RSU be revoked by emailing ISS the Test OBU/RSU certificate.
ISS will issue a CRL for the requested device and will send this CRL to the Subscriber by email. Note that this CRL may contain certificates for other OBU/RSU not belonging to Subscriber.
Upon termination of Subscriber’s right to use the SCMS Test, Pilot and Production Service, Subscriber will return all Licensed Material and Confidential Information (defined below) to ISS promptly upon such termination, and shall provide written certification of such return.
The SCMS Test Service is provided “As-Is” with no maintenance services.
In order to continue to be eligible to receive Revisions hereunder, Subscriber must be current in the payment of fees and charges due ISS under this Agreement and must have accepted and installed the Revision most recently provided by ISS under this Agreement.
(a) ISS promptly notify Subscriber of the claim;
(b) Subscriber has sole control of the defense and related settlement negotiations; and
(c) ISS shall cooperate with Subscriber in the defense at Subscriber’s cost.
Notices to the Subscriber shall be sent by email to the Subscriber’s contact information provided during registration for the SCMS Test, Pilot and Production Service on the ISS website. Notices to Subscriber are deemed effective when they are sent by ISS. Notices by Subscriber to ISS or the SCMS Administrator are effective when they are confirmed received by ISS or five (5) business days, whichever occurs first.
Subscriber agrees to maintain the SCMS Test, Pilot and Production Service and all methods and concepts utilized therein, technical and non-technical information including but not limited to the Licensed Materials (including any documentation, methods and algorithms related thereto), patent, copyright, trademark, trade secret, proprietary information, techniques, sketches, drawings, models, inventions, know-how, processes, apparatus, equipment, algorithms, benchmarks and similar studies, formulae related to current and future proposed products and services of ISS or its licensors or suppliers, or including, without limitation, information concerning research, intellectual property, experimental work, development, design details and specifications, architecture, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, pricing, availability time frames, business models, sales and merchandising, marketing and communications plans and information of ISS or its licensors or suppliers or and any information related thereto (hereinafter “Confidential Information”) in confidence as follows:
(a) Subscriber shall reproduce and include copyright and proprietary notices on all copies of the Confidential Information in the same form and manner that such copyright and proprietary notices are included on the Confidential Information.
(b) Subscriber agrees to maintain the Confidential Information in secure premises to prevent any unauthorized person from gaining access thereto.
(c) Subscriber agrees not to disclose the Confidential Information to any person or entity, except to employees of Subscriber to whom such disclosure is necessary to permit Subscriber to exercise its rights hereunder. Subscriber shall advise each employee to whom such disclosure is made of the need to maintain the Confidential Information in confidence and shall entered a confidentiality agreement with employee to protect third party confidential information.
(d) Subscriber warrants that all individuals having access to the Confidential Information will observe and perform the covenants set forth in this “Confidentiality” section.
(e) Subscriber shall give ISS written notice of any unauthorized disclosure or use of the Confidential Information as soon as Subscriber learns or becomes aware of it.
The Contact Information for official ISS or ISS SCMS correspondence:
ISS SCMS Administrator
INTEGRITY Security Services LLC
300 Spectrum Center Dr. Suite 800
Irvine, CA 92618
Phone: (888) 951-4477