FIDO Alliance

Passkey Central

Authenticate Conference

Automotive

Passkeys for the automotive industry

The automotive industry is undergoing a major transformation. Modern vehicles are no longer simply machines to transport people or goods, but also platforms for a range of digital services. This brings an unprecedented opportunity to innovate and capitalize on new business models (such as in-vehicle commerce and subscription services) and passkeys can play a critical role.

At the same time, the shift to software-defined and autonomous vehicles, advanced IT-like architectures, over-the-air (OTA) updates, and in-vehicle payments, introduces significant cybersecurity threats and user experience challenges. The FIDO Alliance is uniquely positioned to address these challenges using passkeys, FIDO Device Onboard (FDO), and existing and future certification programs.

Shaping the future of the automotive industry

In the white paper, Addressing Cybersecurity Challenges in the Automotive Industry, the FIDO Alliance has identified the role its standards and certification programs can play in supporting the automotive industry’s transformation. We encourage those interested to get involved with the alliance and its members to help shape how these standards evolve. Doing so will help automotive manufacturers and their suppliers to simplify their development processes, raise security levels, improve customer experience, reduce costs, and tap into new revenue opportunities.

Use cases explored in this white paper include:

In-vehicle services and commerce

Manufacturers can provide digital services and in-vehicle commerce to directly enhance driver and passenger experiences while opening new revenue opportunities. Passkeys are a critical component in ensuring:

  • Strong and user-friendly authentication for in-vehicle commerce and payments that consumers can trust.
  • New requirements and legislation for user identity verification, authentication, and authorization are met while providing a first-class user experience.
  • Vehicles can support secure access and authentication for users of shared vehicles including family members, friends, employees, or renters. 

Vehicle access and personalization

A traditional, physical key can only verify access to the vehicle but not the identity of the individual using it. Passkeys can provide a higher level of authentication that adds security and instills trust in consumers. This also opens up a range of compelling personalized services to users:

  • Vehicles are well-suited to biometric sensors and passkey-based authentication to prevent unauthorized usage or theft, including carjacking.
  • Biometric recognition can be used to identify drivers or passengers for customization of seat positions, climate controls, infotainment preferences, navigation routes according to stored profiles, and even to offer personalized insurance or leasing options.
  • Smooth transitions between users in car-sharing or fleet systems, loading personal settings for each verified driver. 

Electronic systems and manufacturing

Vehicles are increasingly moving to an IT-centric architecture with higher computing power requirements. Ethernet is also becoming the networking technology of choice for linking zone controllers and Electronic Control Units (ECU) inside a vehicle. FIDO Device Onboard (FDO) can be a fast and secure way to automate the onboarding of devices inside the vehicle and deliver important benefits. Examples of this include:

  • A secure and efficient way to onboard and connect devices like ECUs to the manufacturer’s cloud, making essential OTA software updates possible.
  • High speed and secure communication between the vehicle’s zone controllers and ECUs that are cryptographically authenticated against each other.  
  • Resilience to supply chain attacks and grey market counterfeits.

Workforce authentication

Within the automotive industry, there is an increasing risk of cyberattacks that target  an organization’s workforce and the third parties it relies upon. Passkeys, particularly those housed on FIDO security keys, help the IT industry ensure that only authorized staff have access to the systems they need. The same approach can be used across the automotive industry, whether at a development office, manufacturing site, or dealership.

Certification

The FIDO Alliance’s world-class certification programs validate that products conform to FIDO specifications, ensure they interoperate effectively, and assess security characteristics and biometric performance. 

  • By specifying FIDO Certification in their Request for Quotations (RFQ’s), manufacturers can be sure that their suppliers will deliver performant, secure, and interoperable products. 
  • Automotive Original Equipment Manufacturers (OEMs) can seek out and leverage components that are already certified, such as authenticators or biometric components.
  • FIDO Alliance’s certification team is developing an automotive profile with its lab partners that replicates in-car environments for more precise biometric tests. 

Read more in the FIDO Alliance’s Addressing Cybersecurity Challenges in the Automotive Industry white paper.