Abstract: An example system for securely provisioning computerized devices of a plurality of tenants includes a Security Credential Management System (SCMS) host that is communicatively connected to the devices and is operable to receive provisioning requests from computerized devices needing certificates. Each provisioning request indicates a tenant identifier (ID) uniquely identifying a tenant of the plurality of tenants. The system also includes a virtual registration authority communicatively connected to the SCMS host and operable to transmit requests to SCMS backend components.

Abstract: Disclosed herein are systems, methods and devices system for identifying a misbehaving computerized device. In some implementations, the system includes a cloaking authority device for identifying a misbehaving computerized device, wherein the cloaking authority device includes a processor that can receive a request for a cloak index, wherein the request for the cloak index comprises a linkage value retrieved from a pseudonym certificate. In some examples, the processor can also request, from a pseudonym certificate authority device, first information that is used to produce the cloak index, wherein the first information is associated with the linkage value. Additionally, the processor can process, by the cloaking authority device, the linkage value to produce the cloak index based in part on the first information, wherein the cloak index identifies a misbehaving computerized device. Furthermore, the processor can transmit, by the cloaking authority device, the cloak index to a misbehavior authority device.

Abstract: An example system receives certificate requests from clients. Each request indicates: a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. It also includes a QoS arbiter that selects a sequence of entries from the client queues to be placed onto a QoS queue based on a number of entries in the QoS queue, a latency level of a certificate management service, and timestamps indicating when requests were transmitted, where the QoS manager retrieves entries from the QoS queue in the sequence selected by the QoS arbiter and transmits them to the certificate management service.

Abstract: A cloaking authority system that securely and anonymously identifies a misbehaving device based on its digital certificate. The system may include a cloaking authority server that is communicatively connected to a misbehavior authority server, a pseudonym certificate authority device, and a registration authority device. In response to a request from the misbehavior authority server to identify a misbehaving device using the device's pseudonym certificate, the cloaking authority server interacts with the pseudonym certificate authority device and the registration authority device to securely obtain a representation of the linkage chain identifier that is associated with the misbehaving device, while maintaining the anonymity of the real-world identifying information for the misbehaving device. The cloaking authority server creates a cloak index that corresponds to the linkage chain identifier and that identifies the misbehaving device, and provides the cloak index to the misbehavior authority server.