Cars and road infrastructure are becoming much more sophisticated and connected, and this is a risk that needs to be secured before vehicles hit the road. South Korean secure mobility and V2X communications company, AUTOCRYPT, has been focusing on the need for secure vehicle connectivity for nearly two decades.
Established in 2019, it is a spin-off from parent company Penta Security Systems, a leading cybersecurity firm in South Korea.
The Seoul-based company has also announced that it has raised a $25.5 million Series B round, giving it a valuation of $120 million. But that’s not all. Talking to Auto Futures, CEO, Daniel ES Kim, revealed his company is planning to open up Series C later this year.
AUTOCRYPT’s core offerings are AutoCrypt V2X, AutoCrypt IVS, AutoCrypt PnC, and AutoCrypt FMS. These products cover different elements of the automotive and mobility ecosystem because connected and autonomous driving can’t be secure until all elements have been covered.
“Within these larger offerings are customisable subcomponents. For example, in AutoCrypt V2X, we have our Security Credential Management System (SCMS), a Public Key Infrastructure (PKI)-based authentication system with demonstrated tri-standard compatibility, interoperable in SCMS (Secure Console Management Switch) protocols across North America, Europe, and China,” says Kim.
“In our IVS product offering, we provide a wide range of tools and services to enhance in-vehicle systems security. We recently launched our Security Analyzer, an SBOM (Software Bill of Materials)-based software vulnerability analysis platform, and Security Fuzzer, which effectively detects software flaws with smart fuzzing.”
“For AutoCrypt FMS, we cover fleet management, and the increasing usage of mobility services. This includes AutoCrypt MOVE, our comprehensive mobility service suite, where we work with partners to develop and fully manage mobility services,” he adds.
As connected mobility takes over cars around the world, the risk of cybersecurity becomes more and more real. But as Kim explains, that’s just where AUTOCRYPT comes in.
The company secures the connected vehicle ecosystem using three fundamental technologies: authentication, encryption, and intrusion detection and protection.
In terms of authentication, to ensure every participant in a connection is truly who they claim to be, AUTOCRYPT uses its PKI to verify the digital certificate of every end-entity.
This serves as the security foundation for all types of vehicular connections – from the V2X connections for autonomous driving to the Plug and Charge (PnC) systems for smart EV charging, as well as fleet data management for mobility services
On encryption, AUTOCRYPT applies end-to-end encryption to secure all messages during transmission, making sure that all sensitive data are safe throughout the real-time communication process.
Lastly, AUTOCRYPT also plays a key role in cybersecurity quality assurance during the vehicle manufacturing process by helping OEMs and Tier 1 suppliers detect any software flaws. It then goes on to protect vehicles from intrusions throughout their entire lifecycle using its Intrusion Detection and Protection System (IDPS).
Developing a Smartphone-Based Digital Key
One of the major roadblocks coming in the way of adoption of connected car technologies is interoperability, which Kim agrees with. But he adds that it is one challenge that AUTOCRYPT is tackling head-on. A great example of this is the company’s collaboration with 5GAA and Connected Car Consortium (CCC).
“The biggest challenge for the connected car industry is that multiple layers of participants with different areas of technological expertise must stay on the same page to make things work. This is why standards and protocols are made, so that every supplier can follow the respective protocol to ensure their product is interoperable with other players in the supply chain,” Kim explains.
However, the industry often has multiple protocols for the same technology.
“Take V2X-PKI for example, every region of the world has its own protocol for PKI-based authentication in the V2X environment. North America uses the Security Credential Management System (US SCMS). Europe adopts the C-ITS Credential Management System (EU CCMS), while China uses the C-SCMS. AUTOCRYPT has been tackling this challenge since its inception by actively working on global interoperability, making it the only V2X-PKI provider in the world that is compatible with all three standards.” he adds.
AUTOCRYPT’s membership in 5GAA allows it to play an active role in industry collaboration and contribute its expertise into technology applications and standardisation. But the company’s work within the Car Connectivity Consortium is a different story.
“Instead of V2X, the CCC focuses on smartphone-to-car connectivity, with digital key and car data sharing being its main projects. In this regard, we have been working on a smartphone-based digital key that allows seamless entry and car sharing.”
When asked what other challenges the company has to solve for, Kim said: “Not only should vehicles benefit from autonomous driving, Vulnerable Road Users (VRU) like pedestrians, cyclists, scooterists, and those with mobility challenges, should all be included in this connected car ecosystem.”
To counter such challenges, AUTOCRYPT has recently launched its portable V2X Onboard Unit (OBU) that can be plugged into smartphones and tablets, allowing VRUs to benefit from cooperative autonomous driving and enhancing the safety of all road users.
Among some of the things that AUTOCRYPT has developed is its PnC environment for EV charging, which protects the EV and its supply equipment during the PnC. It provides secure communication modules and certificate management for automakers, charger manufacturers, CPOs, and MOs.
While many drivers are aware of the risks of autonomous and connected driving, the EV charging process doesn’t necessarily bring about thoughts of any kind of risks or vulnerabilities.
However, it is a connection that the vehicle makes with the charge point, and the internal servers that the charge points utilise to hold and transfer data. AutoCrypt PnC verifies the different identities involved in the charging process – the vehicle, the charge point, and the operators, ensuring a safe exchange of sensitive information between all of them. Not only does this allow for easy, seamless charging, but also secure charging.
Late last year, AUTOCRYPT demonstrated interoperability in China’s largest ‘Four Layers’ C-V2X demonstration. ‘Four Layers’ refers to interoperability in the physical layer, network layer, message layer, and security layer.
“For AUTOCRYPT’s demonstration, AutoCrypt V2X’s software development kit (SDK) was embedded in the OBUs of a major Tier 1 supplier, while our Security Credential Management System (SCMS) was paired with one of eight participating root CAs. We also showcased our latest technologies and offerings and provided consultations where we made two presentations regarding PnC security and in-vehicle security systems for meeting both WP.29 and Chinese regulations.”
AUTOCRYPT has its headquarters in Seoul, Korea, and the company currently has three additional offices in the country, with plans to open a separate R&D centre within the year. It’s also established global locations in Canada (Greater Toronto Area), as well as Germany (Munich).
Speaking about the recent funding and the road ahead for the company, he adds: “We plan on using the investments to further implement secure V2X connectivity in vehicles, roads, infrastructure, and also pedestrian devices.”
“The company plans on opening its Series C round of investments later this year and opening its Singaporean office very soon. Apart from connected vehicle security, AUTOCRYPT also looks forward to introducing its inclusive mobility service solutions to the global market, where it builds innovative and affordable mobility services for those with accessibility needs,” he tells us.
“Ultimately, AUTOCRYPT’s goal is to securely facilitate all connections for a mobility ecosystem that benefits everyone, regardless of their mode of transportation,” concludes Kim.
Keyword: How South Korea’s AUTOCRYPT is Connecting the Connected – CEO Daniel ES Kim