Solutions for Automotive

Trust, safety, and security

Abstract Example Scenario

Trust, safety, and security

The automotive sector is the hallmark example for dynamic scenarios, machine-to-machine communications and large scale, complex embedded systems design.

P3KI Technology is based on the automotive industry's own ISO 20828:2006 and is the only implementation of this standard known to date. Not only does our technology solve the challenges put forth by the ISO standard, we even go further. You get dynamic delegation, privacy enabling local-only permission, short-lived permissions for temporary delegations, ultimate flexibility by using scenario specific Trust Policy Languages to model mathematically enforced permission delegations.

Example Scenario: Safe and Flexible Rights Delegation

The Premise

At time of manufacturing, cars are equipped with wide-ranging access permissions for their manufacturer to provide services like firmware and navigation map updates. The car's owner can configure the car to delegate a certain subset of these permissions to herself.

A Practical Example

Applying critical updates affecting subsystems related to safety or under special scrutiny from a regulatory point of view can be delegated by the manufacturer to specially licensed third parties. In the example shown here a licensed auto shop is permitted to update all matters of different firmwares for cars but not buses or trucks. The licensed auto shop in turn delegates vehicle independent update rights for motor controllers to a specially trained engineer. To a car the maximum permission level available to that engineer would be for updating motor controllers (what the shop delegated) on cars (what the manufacturer delegated to the shop). P3KI Core ensures the minimum common permission level results from delegation chains at all times.

The owner on the other hand frequents an unlicensed auto shop she's been using for years and that she trusts ultimately. The car however only permits the owner with limited operations excluding those touching on regulatory and safety critical systems (like the motor controller). Despite the ultimate trust between the owner and the mechanic working for the unlicensed auto shop, P3KI Core ensures permissions only extend in so far as to not touch critical subsystems. In the scenario shown here, that's denoted as a permission for updating navigational map data.

P3KI Core ensures regulatory constraints are met and safety critical systems are not touched by unauthorized parties while still enabling flexible delegation of responsibilities and access.

Going Further

Actual deployments would go a lot more into detail. We can easily model permissions for unlocking doors, changing a car's configuration, teaching in new sub-owners (like family and friends) or even go as far as modeling car rental or car sharing scenarios. Also, permission for updating car subsystems could also be limited based on model ranges, geo-locations and time.

P3KI Core's system enables very specific and to-the-point expression of permissions while still enabling future compatibility by allowing further refinement and enhancement even after systems have been rolled out.