In a world of connected or even autonomously driving cars, privacy, integrity and confidentiality of the data exchanged must be paramount:
Data communication within the vehicle network
Data communication from the vehicle to the cloud or roadside equipment (e.g. geo-location, vehicle specific data, traffic conditions,…)
Data communication from the cloud or roadside equipment to the vehicle (e.g. remote diagnostics, SW updates, …)
Data communication from the user (owner, driver, fleet manager,…) to the vehicle via the mobile device
Java Card based solutions can help to protect and manage the identities of vehicles, their components and their owners / users / drivers from the time of production over the entire lifecycle of the vehicle /device. Java Card can maintain the authenticity and integrity of the exchanged data, as well as the protection against cyber attacks from the Internet or from the infrastructure (e.g. traffic lights, traffic control systems,…). Thanks to the latest Java Card IoT functionality, it can securely handle sensitive data coming from vehicle peripherals and sensors to protect it against tampering and spoofing.
The biggest cyber security challenge for the Automotive industry is that with the connected car; all of a sudden a device gets connected that was not foreseen to be part of the Internet. Yet, the benefits for customers, as well as for producers, are expected to justify the efforts AND the risk:
Consumers demand seamless mobile device integration for ubiquitous reachability
Regulators mandate eCall and collision avoidance capabilities to save lives and make driving more secure
Manufacturers aim to monetize on new opportunities (e.g. predictive maintenance, product
Four main challenges stem from this hunger for data communication:
Gather the relevant data from the independent sensor endpoints
Process the generated data in “real-time” – locally or in the cloud
Ensure the integrity and authenticity of the generated / collected data
Protect and manage the vehicle /sensor identities over the entire lifecycle of the vehicle (i.e. starting with production)
Java Card can be used to secure the vehicle communication in various ways:
As the security vault for the credentials
As the control gateway managing and controlling all connected endpoints
As the security gateway protecting the in-vehicle communication streams
As the security gateway protecting the communication streams to the cloud
Being already the preferred platform to deploy flexible connectivity Java Cards products are now considered by automotive OEMs to host secure connected car use cases as well.
Java Card is an open standard from Sun Microsystems for a smart card developmentplatform. Smart cards created using the Java Card platform have Java applets stored on them. The applets can be added to or changed after the card is issued.
There are two basic types of smart cards. The memory smart card is the familiar removable memory device; it usually features read and write capabilities and perhaps security features. The more complex version, the processor smart card, is a very small and extremely portable computing device that could be carried in your wallet. Java-based smart cards belong to the latter category. They store data on an integrated microprocessor chip. Applets are loaded into the memory of the microprocessor and run by the Java Virtual Machine. Similarly to MULTOS, another smart card development technology, Java Card enables multiple application programs to be installed and coexist independently. Individual applets are protected by a firewall to preserve their integrity and prevent tampering. Applications can be updated dynamically.
In the United States, the Department of Defense, Visa, and American Express are among the organizations creating Java Card-based applications.