The global automotive cybersecurity market size is projected to grow from USD 1.9 billion in 2020 to USD 4.0 billion by 2025,
at a CAGR of 16.5%, according to MarketsandMarkets. It analysed that increased use of electronics per vehicle and
a growing number of connected cars, and reinforcement of mandates by regulatory bodies for vehicle data protection are
some of the key factors that will drive the market for the automotive cybersecurity market.
Digital car key solution aims to complement traditional methods while being
robust enough to fully replace them. It allows individual owners to easily and
confidently use their mobile devices to access vehicles. However, it isn’t likely
to replace the physical keys any time soon. Since current digital key solutions
require network connectivity for certain operations, the driver’s mobiles and
vehicles should be connected to the network to receive and activate the key.
Drivers often come across an accessibility issue when the vehicle is located
in a basement or rural area where network connectivity is typically weak. We
need a better digital key solution to overcome the risk of relying on a network
connection for the user’s ultimate keyless access.
The in-vehicle network is designed to operate in a closed
environment, so security issues are unlikely to occur. However,
as the number of external interfaces to the in-vehicle network
increases, the probability of the occurrence of security issues
increases. Connecting inexpensive commercial devices or
continuous communication with external networks for
autonomous vehicles exposes drivers to constant threats.
Vehicles exposed to external threats are not only results in financial damage, but can be directly related to life, so more attention is required.
Manufacturers release their own mobile apps to facilitate communication with vehicles. As a result,
we are always facing malicious threats through these apps. For example, in the case of a token-based authentication process,
a hacker can remotely turn off the vehicle or issue an incorrect command.
In particular, if unnecessary in-vehicle systems are operated and the battery of the electric vehicle is forcibly consumed,
the vehicle may not move.
swIDch provides OTAC technology in the form of SDK/API to automotive companies to enhance authentication in security and user experience.
swIDch’s Dynamic Digital Key solution can bridge this connectivity gap.
Our underlying technology, OTAC (One-Time Authentication code) allows drivers to access a vehicle in a networkless environment.
Additionally, OTAC is designed to not only support a comprehensive level of security with Multi Factor Authentication,
but also to secure Bluetooth with Dynamic Authentication Mechanism to prevent hacking key threats.
OTAC is fully compliant with Secure Element capabilities and a Trusted Algorithm to host in Trusted Execution Environment (TEE).
No matter where the driver or car is located, there are no obstacles for drivers activating the digital key and sharing it with an authorized
person e.g. family members, rental car customers, car-sharing customers, etc. The system ensures multi-person access via smartphone app
without compromising security.
OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as
your card details, because the codes must have already been changed when others try to use them.
The network connection is NOT necessary at all for generating OTAC.
Reducing an authentication stage that requires the network connection directly means there are fewer gateways for
the hackers to access our personal information.
Moreover, this feature enables users
to authenticate even when they are
in networkless environments, such
as on a plane, underground, rural or foreign areas.
swIDch can guarantee that the code never duplicates with anyone
at any given moment.
There is NO chance of someone else having the same code.
The users or their devices can be identified with the code alone.
Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.
It means, you can forget about the bundles of static information including IDs and passwords.