The Connected Car: Digital Identity’s Next Stop

The relatively nascent and rapidly growing world of the connected car has yet to realize the business advantages that digital identity can bring to its vast ecosystem; but that’s about to change.

From early internet screen names to connected devices of every kind, digital identity is everywhere. Receive a shiny new Apple watch over the holidays? Step 5 - link to your watch to the Apple mothership by entering your apple ID password. Purchase a new Nest thermostat? Step 1 - go to and create a new account. In fact, start using just about any online service or application, and creating a new identity account is Job #1.

Many comparisons have been made between the smartphone and the connected car, and for good reason: both represent a microcosm of technology intersected with mobility. Both converge cellular and WiFi data with GPS, cameras, sensors, voice recognition, video, music, and an ever-growing variety of applications. Interesting fact: In Q1 of 2016, the number of net new connected cars surpassed that of new phones. But does your car know you like your smartphone? Not even close. And why? Because digital identity is missing.

Now imagine using your phone without the context of your identity – that’s essentially the state of today’s connected car. Your phone has become a critical appendage. Your text messages and emails, your personalized news feed, your apps – each authenticated using an account representing you. Your phone knows you better than most, including where you are and where you’ve been, how many steps you’ve taken today, who you’ve texted with, and so much more. Despite the ever-lurking privacy implications, most all of us continue to use these handheld computers, not just because of what they do, but because they are mobile. But without your car or some other vehicle, your smartphone is only as mobile as your legs can carry it.

Speaking of vehicles, can you logon to a web site or app and set your language preferences, favorite GPS destinations, infotainment screen layout, or payment card information for any of your cars? Not so much. Can you save your seat, radio and other personal settings to the cloud from one car and pull them into a different car later - even if it’s one you don’t own? Don’t think so. Can you share your car with a friend, family member, or as part of a car sharing service, and enforce what each one can do with your car based on their authenticated identity? Not yet.

For the most part, the best the industry has to offer at this point are car keys that can save your car settings to the key, or certain keys that can impose restrictions for certain drivers. But the keys are still anonymous. Whoever has the key has the settings. And what about privacy? If your car is already connected, can you manage what data goes where? Do you even know if the location data for every trip you make is transmitted to the manufacturer's cloud? Highly unlikely. Can you control it at all, with any level of granularity? No.

Digital Identity applied to the connected car and the people who interact with it can change all of this and so much more.

The auto industry is undergoing massive disruption, brought on by technologies that just 10 years ago – a very short time in auto OEM production planning timeline – seemed worlds apart. One key disruption is the “infotainment” system – the technology in the center dashboard that formerly used mechanical levers to control HVAC and the Radio – is now more like an embedded smartphone and provides camera views, GPS navigation, phone controls, and information about all of the vehicle’s connected systems. As the industry tried to apply typical car design and manufacturing processes to the ever-shortening change cycle of the now Linux-driven, smartphone-like infotainment systems, the problem became obvious, and its name was co$t.

Enter Automotive Grade Linux, a code-first organization under the Linux foundation founded by Auto OEMs and joined by Tier-1 suppliers and technology firms to create a cost-effective, secure, open source baseline Linux platform for modern infotainment and other connected code-driven vehicle systems. Still, even the forward-looking AGL had not built-in the core concept of digital identity for humans or the vehicles themselves.

ForgeRock joined AGL in early 2016 with the vision of bringing standards-based identity technologies to the heart of the AGL baseline build. In that time, we’ve started evangelizing the value of digital identity to this evolving industry, while developing a prototype with code that runs in the AGL Unified Code Base (UCB), setting the stage for owners, drivers, maintainers and renters to have a highly personalized experience by using the car’s internet connection to authenticate the user against a cloud-based ForgeRock Identity Service.

The current version of our prototype will be on display at the AGL Demonstrator in Las Vegas this January 5-6. In this demo, we’re running the latest version of the AGL UCB on a Renesas Porter development board. On the board, we are running our prototype Identity Binder, which is integrated with the existing security framework. In this first version, we’re using a VASCO Data Security DIGIPASS SecureClick as the token that is associated with the owner or driver using our cloud-based identity platform. Clicking the token initiates the authentication process via BlueTooth connection to the board, which then uses an Internet connection to complete the authentication process against the ForgeRock cloud, and return the user’s profile data, which is rendered on the large touch screen display using a slightly modified version of the latest AGL home screen.

I believe it’s just a matter of time before auto OEMs realize the opportunity they have to competitively differentiate themselves by offering a personalized, more secure, privacy-enhancing experience to their customers, while simultaneously opening up new monetization channels so that their products can literally evolve into vehicles of commerce. As so many other industries have discovered, the better you know your customer, the better experience you can provide, the more loyalty you can build, the more you can sell. And Digital Identity is the veritable traffic light at the intersection of Experience Avenue and Revenue Street.

In my next post, I’ll talk about how the trusted digital identity of the car itself is a critical part of the emerging ecosystem for everything from autonomous driving to car sharing, and all things V2X, such as vehicle-to-smart city and vehicle-to-vehicle communications.

Get more information on ForgeRock offerings for the connected car, Smart Cities and the Internet of Things.