Putting Identity at the Center of the Connected Vehicle


The key to secure, seamless experiences

Would you be surprised to learn that 91% of all new car sales in the U.S. are "connected vehicles." Not me. I've been watching the automotive world evolve, creating an ecosystem bristling with distinct entities and relationships that shape the modern driving experience.

The complexity of this ecosystem can be overwhelming. There's the vehicle itself, with its multitude of sensors and software components, plus subscription-based services and smart city infrastructure. And, of course, there are the people involved — car owners, drivers, manufacturers, sales and service personnel, and more. By placing digital identity at the core of this ecosystem, we can unlock a world of possibilities and ensure secure connections between all entities, with seamless and personalized experiences for all stakeholders involved.

It's not just about any one of these parties or services; it's about the entire web of digital identities connecting within and around the vehicle — including the head unit in the car that connects to a manufacturer's control systems in the cloud, the sensors and cameras that connect with each other and to the cloud, and even person-to-person and person-to-device connections. With unified identity, we can protect, manage, and govern these digital entities, while personalizing experiences and supporting sustainable business models. Now that's what I call smart mobility.

Smart mobility requires identity

When digital identity is infused into every part of an automotive manufacturer's connected strategy, it becomes a powerful driver for success.

Consider digital buying journeys. Car manufacturers are shifting towards digital sales models, where customers lead the conversation and have full control over the process — from initial research, to customizing and ordering a vehicle online, to finalizing the purchase at the dealer or directly with the manufacturer. In many ways, this experience is heading towards becoming much like any other retail e-commerce experience.

Once a customer sets up a digital identity online at the beginning of the buying journey, that identity stays with them through the sales cycle. It lets them receive digital and physical car keys and sign up for in-car services. The vehicle-to-be can be represented with a digital identity, too, ultimately synchronizing its characteristics with its "physical twin" once manufacture is complete.

With a unified approach to identity, the owner can even apply meaningful access controls to other drivers, ensuring safety and personalization – think seat settings for different drivers or automotive performance guardrails for new teen drivers in the family.

The current reality: digital identity as an afterthought

In the absence of a unified identity framework, the integration of physical and digital security measures becomes disjointed and prone to vulnerabilities. The risk of leaking customers' personally identifiable information (PII) increases when each service and application handles identity management independently.

Without an identity-centric approach, it's easier for malicious actors to exploit weaknesses and gain unauthorized access to sensitive information. You can see this for yourself when you connect a smart mobile device to a rental car — often, you'll lose control of your entire contact list and driving history. Without proper identity management, the potential for unauthorized or unintentional data sharing becomes a real concern, jeopardizing privacy and leaving individuals vulnerable to unwanted solicitations or misuse of their personal data.

The vision: digital identity at the center

By placing digital identities and relationships between them at the core of the connected car ecosystem, we can solve these challenges from the inside out. Gradually building the security posture over time as digital identities are added, we can ensure a smooth and secure experience for car owners. From tracking the manufacturing process using digital identities to providing real-time updates through a digital key in the owner's phone wallet, the possibilities are endless.

Unified identity requires a powerful, scalable, and flexible solution. It involves storing identity profile information, ensuring synchronization with non-identity data feeds, and delivering a seamless human experience during registration and onboarding. At run time, checking identities and access rights becomes effortless, and reliable communication with various applications and APIs is established.

ForgeRock, a leading provider of identity solutions, drives these powerful, scalable, and flexible solutions. With components that separate policy enforcement from decision-making, ForgeRock empowers enterprises to adopt a Zero Trust architecture for all digital identities — both human and IoT "things." By leveraging strong authentication standards like FIDO2 WebAuthn and federation protocols like OAuth and OpenID Connect, identity-related issues, such as impersonation and unauthorized access, can be mitigated effectively.

Furthermore, with the integration of AI-driven technologies, such as Autonomous Identity and Autonomous Access, identity provisioning and authentication become self-driving and adaptive. This automation enables continuous authentication checks, ensuring a secure environment for all connected vehicles.

Putting digital identity at the center of the connected vehicle ecosystem is the key to unlocking seamless, personalized experiences. By embracing a unified identity, we can overcome challenges, enhance security and privacy, and foster a thriving connected car environment. With ForgeRock's powerful solutions, the future of connected vehicles looks brighter than ever before. So fasten your seat belts and get ready for a journey where identity drives innovation, convenience, and peace of mind on the road.

To learn more, visit: www.forgerock.com/automotive

Eve Maler and Tim Vogt presented "Driving Smart Innovation – Connected Car Identity at Scale" at RSAC 2023. They are posing behind a green model car used for the demonstration.
Eve Maler and Tim Vogt presented "Driving Smart Innovation – Connected Car Identity at Scale" at RSAC 2023. They are posing behind a green model car used for the demonstration.