Solutions for Automotive


Trust, safety, and security

Abstract Example Scenario

Trust, safety, and security


The automotive sector is the hallmark example for dynamic scenarios, machine-to-machine communications and large scale, complex embedded systems design.

P3KI Technology is based on the automotive industry's own ISO 20828:2006 and is the only implementation of this standard known to date. Not only does our technology solve the challenges put forth by the ISO standard, we even go further. You get dynamic delegation, privacy enabling local-only trust, short-lived trust for temporary delegations, ultimate flexibility by using scenario specific Trust Policy Languages to model mathematically enforced trust relationships.

Example Scenario: Safe and Flexible Rights Delegation

The Premise

At time of manufacturing, cars are equipped with wide-ranging trust towards their manufacturer to provide services like firmware and navigation map updates. The car's owner can configure the car to delegate a certain subset of this trust to herself.

A Practical Example

Applying critical updates affecting subsystems related to safety or under special scrutiny from a regulatory point of view can be delegated by the manufacturer to specially licensed third parties. In the example shown here a licensed auto shop is trusted to update all matters of different firmwares for cars but not buses or trucks. The licensed auto shop in turn delegates vehicle independent update rights for motor controllers to a specially trained engineer. To a car the maximum trust available towards that engineer would be for updating motor controllers (what the shop delegated) on cars (what the manufacturer delegated to the shop). P3KI Core ensures the minimum common trust results from delegation chains at all times.

The owner on the other hand frequents an unlicensed auto shop she's been using for years and that she trusts ultimately. The car however only trusts the owner with limited operations excluding those touching on regulatory and safety critical systems (like the motor controller). Despite the ultimate trust between the owner and the mechanic working for the unlicensed auto shop, P3KI Core ensures trust only extends in so far as to not touch critical subsystems. In the scenario shown here, that's denoted as trust for updating navigational map data.

P3KI Core ensures regulatory constraints are met and safety critical systems are not touched by unauthorized parties while still enabling flexible delegation of responsibilities and access.

Going Further

Actual deployments would go a lot more into detail. We can easily model trust for unlocking doors, changing a car's configuration, teaching in new sub-owners (like family and friends) or even go as far as modeling car rental or car sharing scenarios. Also, trust for updating car subsystems could also be limited based on model ranges, geo-locations and time.

P3KI Core's system enables very specific and to-the-point expression of trust while still enabling future compatibility by allowing further refinement and enhancement even after systems have been rolled out.