Five principles to follow to build the secure connected car

Last updated: 05 July 2017


The car and smartphone are bound to interact more, as we enter an era of digital and smart mobility. Connectivity is enabling additional innovation around car keys, creating alternatives and complementary mechanisms for traditional key fobs.

What the industry is now calling a Virtual Car Key or VCK – opening and locking your car via an app – can bring additional convenience, as well as added security if combined with a second factor of authentication such as biometric technology (apps can use fingerprint recognition before granting access).

Therefore, building strong security mechanisms at this early stage has never been so critical. On top of this, anticipating interactions between the car and smartphone at the design stage can greatly improve security and user experience.

We’re thinking a lot about how best to protect the cars and passengers of the future. When building connected car security solutions, we’ve established five principles to follow. By adopting these, automotive & mobility services will be able to propose secure solutions against cyber-attackers.


If more people are to adopt virtual cars keys (VCKs), they need to trust their mobile apps are secure. Developers need to create the same sensation of certainty that by holding a physical key in your hand you can access your vehicle. To instill trust, security needs to be as visible as possible and biometrics can be a key success factor. Users should be reminded constantly they are under protection, whether it’s communicated via security icons, images, notifications or user recognition. Openness is an important quality in any successful security solution; digital security concerns everyone, not just a few cyber experts. It is both about informing users that the right security is in place and educating them on how to keep that security at the right level. Digital hygiene is critical.


Security is of course crucial, but so is the user experience. Building complicated and time-consuming authentication processes could be stop connected car apps and VCKs from becoming mainstream. Manufacturers should focus on constructing a seamless in-car connected experience, with real-time solutions to enable car connectivity, authenticate users and bring drivers’ preferences on board with seamless user experiences.

Strong partnerships

The new mobility era will inevitably involve multiple stakeholders. Teamwork is crucial nowadays; carmakers are collaborating with handset manufacturers, security vendors, entertainment and information service providers, and MNOs to enhance the user experience.

Security by design

Security will be central to the new mobility era as more data is transmitted between smartphones and vehicles. Cyber-attacks will focus on the weakest point in the chain. With hackers growing increasingly sophisticated, security really needs to be embedded at the design stage – “patching things up” afterwards simply won’t do. However, as discussed above, security processes should not jeopardize the user experience.

Risk assessment and lifecycle management

When building security solutions, it’s vital to consider the lifecycle of the car, as well as the delivery of the smartphone and mobility services. To counter the threat, we need to invest in real-time security checks and solutions that adapt while in the field.

By adopting these five principles, developers can successfully prepare for the new mobility era and ensure security concerns don’t jeopardize the user experience.

Beyond the car key functions (car access and car start who can be dissociated as keys go virtual), VCK could have a bright future, as long as it’s properly implemented, distributed and stored on the field.

Leave a Reply

Your email address will not be published. Required fields are marked *