Get started Bring yourself up to speed with our introductory content.

Seamless authentication and access management: Securing the connected car and customer experience

The connected car is officially mainstream. With Tesla and other technologically advanced vehicles on the road and in the headlines, other car manufacturers are attempting to catch up to provide a connected car experience to satisfy growing consumer demand. That experience begins with satellite navigation systems, smartphones, applications and online services that are rapidly improving the everyday driving experience by transforming cars into sophisticated information hubs. These individual services and applications work together to form specialized telematics systems that deliver infotainment, navigation and personalized information in real time.

Central to the telematics solutions are personalized portals that customers use to activate and manage the apps and services they prefer. Because the solution is personalized for each customer and includes private user data, car manufacturers require an identity and access management system that’s both reliable and agile. In addition, it needs to be intelligent about which car and which driver is accessing the platform at any one moment — that is, it needs to understand the identities of cars as well as the identities of people, and be able to manage relationships between them, in order to deliver customized in-car services.

Now that consumers expect a custom experience every time they log into an application, such as Apple Music or Google News, car manufacturers are looking to duplicate that login experience. When the goal is integrating with other applications and brands, delivering a seamless customer experience across an entire telematics platform is important. With potentially hundreds of thousands or even millions of customers accessing a telematics solution online and through in-car connected devices, authentication technology needs to be highly scalable and adaptive.

Car manufacturers require an identity and access management solution that supports next-generation technology. The solution should support standards, such as OpenID Connect and OAuth 2.0, which can be used to establish logins and new accounts via social platform — an important feature in an era when we use the word “billion” to measure the number of existing users in Facebook. And it should support strong authentication methods that take into account contextual factors such as mobile device fingerprint, allowing car manufacturers to deliver a secure authentication experience that can provide a responsive experience to legitimate users both in the customer portal and in the car itself.

The ideal connected car authentication process should be short and sweet:

  1. Customers first register and authenticate at the customer portal to activate and manage services they want to access in their cars.
  2. Once in their cars, customers authenticate by logging into their car using the same username and password they set up for the customer portal (or social login).
  3. For added security, an open source access management platform enables a second authentication factor via the device. Once the user has logged in, the vehicle’s device automatically authenticates to the services platform using a dynamic token key.
  4. The secondary authentication happens automatically so the user doesn’t need to remember an additional code or enter a token password.

Note that passwordless authentication using push notifications to mobile phones is now supported by some of today’s more advanced identity and access management platforms, and manufacturers are likely to adopt this more convenient technology in years to come. As more automobiles become “connected” at the manufacture stage, it will become vital to the safety of drivers and their data to implement authentication at the chip level. Car manufacturers and the security companies they partner with need to know how to authenticate and authorize not only those who use and interact with devices, such as drivers, but also the devices themselves — down to the sensors built into them.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.