Ignition to identification – the ‘car key’ is evolving – Lexology

The function of the car key is changing. The ignition lock was initially invented in the early 20th century although cars still required a driver to crank the engine by hand before the car could be driven. With the introduction of the starter motor the car key also functioned as a means of initiating ignition, as well as a means of securing access to the vehicle. In the mid-1990s central locking systems led to the development of the smart key, the mere presence of which enabled the driver to access and drive the car without placing it into the ignition. The car key was now electronic, and any mechanical engagement with car was no longer needed.

Recent developments have seen car keys evolve further, and the very idea of the car key is now as much about digital identity as it is about access and ignition.

Recent developments

UK-based security innovator Trustonic recently announced that it is providing a secure digital car key system to Volkswagen and Hyundai that is based on the provision of a secure communication path between a drivers mobile device and the cloud. This utilises the concept of a Trusted Execution Environment, which protects the part of the mobile device that executes the relevant program code from the threats from the remainder of the device; and a Trusted User Interface which enables applications to interact with the driver whilst providing complete isolation from the devices main operating system. This provides a secure cryptographic exchange between a drivers mobile device and the vehicle for the purpose of accessing the vehicle.

Less about access and more about the identity of the driver, the recently launched Volvo Care Key enables the owner of the car to set a speed limit on their car depending on who is driving it. This means that in the same way that parents have become used to setting user restrictions on phones and tablets, a car owner can set a reduced speed limit if lending their vehicle to a younger relative or a less experienced driver.

Direction

The development of these technologies have slightly different aims. The former is about authentication of the driver and the latter is about authorisation and the ability to place restrictions on the way a driver is able to control the vehicle.

As cars become more and more connected as part of the internet-of-things, this expanded functionality of the car key becomes more and more about the digital identity of the driver than about accessing the car or switching the engine on. The digital identity of the driver represents the interaction of the driver with the car and the wider network, whether that be the internet-of-things, the connected car infrastructure or even just the internal management systems which control the car whilst it is being driven. It seems likely that each of us will have a user profile linked to our car keys, that will allow the car to adapt automatically to our driving permissions, physical requirements and even our streaming playlists.

Cybersecurity

Digital identity management has been discussed as an improvement to cybersecurity and its application to drivers and their interaction with their vehicles is no different. The increased cybersecurity provided by the latest car key solutions will make cars more difficult to steal and more difficult to misuse as an entry point into a network of connected devices or as a physical tool to nefariously cause physical damage.

However, cybercriminals see opportunities and weaknesses even in the strongest systems and what seems ironclad today could become a weakness tomorrow. It is therefore imperative that innovators in the automotive sector stay ahead of cybercriminals by understanding the vulnerabilities in both their technologies and the wider transport infrastructure, as well as recognising the opportunities these provide for improving driver experience and security.

Moving forward

The management of a drivers digital identity is vitally important as cars become extensions of our connected environment rather than simply tools to move us from the proverbial A to B. Maintaining the cybersecurity is also vital as any vehicle can be a source of enormous problems in the hands of a cybercriminal. As personal data becomes intertwined with vehicle usage, it is also important that user privacy is respected, as indicated in the recently published guidelines from the European Data Protection Board, discussed previously. At the same time, the ability to identify a driver will remain essential for the purpose of law enforcement.

A trusted automotive infrastructure needs to meet all of these challenges if it is going to be fully accepted and adopted by the public. Embedding a car key inside a mobile device using cryptography is a very elegant solution to preventing unauthorised access to a vehicle, but the safety of the user and their data must remain a priority.

More here:
Ignition to identification - the 'car key' is evolving - Lexology