Vehicle data: safe and secure access for third parties
Today’s vehicles are increasingly ‘connected’ in the sense that they can exchange information wirelessly with the vehicle manufacturer, other vehicles and third-party service providers including insurance companies, financial and fleet service providers, users, infrastructure operators and diagnostic solution providers. This increases comfort and convenience for consumers, improves products and services, and contributes towards achieving societal goals such as improving road safety, reducing fuel consumption, and facilitating traffic management and parking.
This development is generating increasing demands from various market participants to access in-vehicle data. The data in question, generated by the vehicle, is known as ‘operating data’. It excludes data imported by vehicle users (such as mobile phone contact lists and selected destinations for navigation) and data received from external sources (like information transmitted by roadside units, other vehicles or vulnerable road users).
Access to in-vehicle data must be safe and secure. Direct third-party access to vehicle functions could increase exposure to hacker attacks, as every new external data interface increases the number of potential targets and entry points. Additional safety risks in terms of driver distraction could arise if external parties are granted uncontrolled access to the vehicle’s on-board systems, user interfaces and function displays.
To minimise risks, automobile manufacturers and suppliers have been working together on an alternative to direct in-vehicle access to data. This would involve vehicle manufacturers communicating the relevant data in a secure manner between the vehicle and an off-board facility, from where market participants can access it. This would provide an open but secure interface for the provision of third-party services.
In addition to an external server managed by the vehicle manufacturer, one or more neutral servers should be installed to offer service providers an alternative access method, ensuring their identity is not disclosed to the vehicle manufacturer and that customer data privacy rights are observed. These servers will not be operated, owned or financed by the vehicle manufacturers.
Source : ACEA