ForgeRock: Driving the Connected Automotive Era

Michael (Mike) Ellis, Chairman & CEO "The auto manufacturer that can create a real engaging relationship between the car, the people in the car, the digital services, cloud, and the onboard infotainment system–a truly unified experience–that will be the successful connected car manufacturer of the future.” So says Michael Ellis, Chairman, and CEO of ForgeRock, the digital identity company that recently announced a Series D funding round where it raised $88 million. Why would the CEO of a startup software company have such strong opinions on connected cars? Increasingly, digital automotive players such as Toyota, SiriusXM, TomTom and other manufacturers are relying on ForgeRock’s digital identity technology to secure and personalize the in-car experience.

Make no mistake: experience is king today. Take Apple, one of the most valued brands in the world. It leverages its hardware platforms (Mac, iPhone, AppleTV, etc.) as a launch pad to deliver engaging and successful digital experiences. At the epicenter of this winning model lies the Apple ID—a single sign-on service that identifies and authenticates users in a platform-agnostic manner. The world today is rallying around this concept of digital identity as the cornerstone of mobility. A new entrant to this ecosystem is the automotive industry. Equipped with digital interfaces and internet access, the ‘connected car’ is fast becoming a launch pad for auto manufacturers to deliver innovative services.

“Every connected vehicle is a rolling IoT ecosystem today, and there is a tremendous value proposition that car manufacturers can bring to this mobility paradigm,” explains Ellis. “They need to monetize services through their vehicle platforms, just as Apple did with apps and music." The ForgeRock Identity Platform is getting adopted by digital car players precisely because it makes it possible to create engaging personalized experiences and services in the mobile environment. The ForgeRock platform is a unique combination of access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform. Where conventional identity vendors designed their products for securing identities within an organization–usually for employees within large corporations–ForgeRock sees identity as key for companies that need to secure and personalize experiences for customers.

“The challenge with customer identity and access management (CIAM) is scale,” relates Ellis. “We have customers that have hundreds of millions of identities using ForgeRock solutions. Irrespective of whether a customer owns, rents, or subscribes to the car through Uber-like service, the digital identity of these entities in this rolling IoT ecosystem should suffice to launch new services, and provide secure access to entertainment and safety services—while on the move."

Based on the digital identity of the people inside the car, their mobile devices, and the car itself, ForgeRock enables auto OEMs and tier 1 suppliers to develop meaningful relationships that can drive personalized user experiences as well as revenue. With ForgeRock securing the relationships between the entities in the IoT environment, a broad range of monetization opportunities become a reality for their clients.

A Unique Digital Identity Platform

Today, ForgeRock is securing millions of identities of the individuals, cars, and digital devices globally. The massive scalability of the ForgeRock platform is enabled through four key principles: high scale digital identity management, information processing, authentication, and authorization. For digital identity management, the platform connects with multiple data sources to learn about the true attributes of a person, vehicle, software, service, or a subcomponent— such as infotainment system—that is connected to the vehicle.

It also keeps an updated version of the digital identities and provides that information to other services. The platform then issues, manages and processes those credentials for authentication. A user can use the biometric fingerprint, voice or facial recognition and even password on their smartphone—in the case of multifactor authentication—to authenticate themselves on the ForgeRock platform, and then to the vehicle. Once authenticated, the platform initiates a validated session and issues a token for the user. In the final step, authorization, the platform decides what actions the user can perform in the car environment.



We secure the communication transpiring across devices and platforms including chipset, edge, gateways, cars, and cloud


With ForgeRock, users inside the vehicle can authenticate themselves to their car and load personalized settings in a moment. They can download their preferred language, music playlist, and other settings through the car manufacturer’s cloud. With credentials cached in the vehicle, users can also authenticate the vehicle in the offline mode. As an IoT ecosystem, the vehicle itself or on behalf of the driver can authenticate the cloud service to publish data, secure updates, and facilitate vehicle-to-vehicle communication. In some locations, users can also authenticate the vehicle to city infrastructure, such as for paying tolls and parking. As “smart city” infrastructure comes online, ForgeRock will facilitate users sending payment tokens without depending on transponder and payment cards. Additionally, the edge controller built into the platform provides the passport level of security, trust, and the identity of the vehicle.

With billions of relationships between connected devices and users, IAM platforms will need to provide administrators a simple way to manage connections and data. To this end, ForgeRock enables multiple user authorization levels, for instance: owner, authorized driver, dealer, maintainer, renter, and so on. These capabilities are important for vehicle owners or managers who need to manage, enable or circumscribe certain rights to a vehicle. For instance, a parent might want to enable a teen driver to operate a vehicle only within a certain geographic area, or certain hours during the day. A fleet manager for a delivery service might want to grant full vehicle access to service mechanics, but limit drivers to operational rights only. Digital identity is also applicable to different sensors used in the vehicle. With the ability to create a graph of relationships between various types of identities managed by ForgeRock, users are in an advantageous position to leverage geolocation capabilities; for instance, finding the nearest dealership for service.

Effective User Managed Access

ForgeRock was an early adopter of the User Managed Access (UMA) standard, and has built UMA capabilities into the platform. In this way, ForgeRock allows users to express their consent to share or unshare specific personal information, and provides for fine-grained control over multiple systems in the car environment. A simple business case can be an app in the infotainment system that can advise the user on getting better rates from an insurance company if the information on the driving pattern is shared with that company. With the UMA capability, a driver could do a one-time share of their driving history, and revoke access to that data once a transaction has occurred. While allowing users to be very specific about what they want to share, UMA gives them a central place to manage data and avoid scenarios such as social engineering through unauthorized data access.

In addition to UMA, ForgeRock's API allows manufacturers and Tier 1 suppliers to quickly integrate new digital services into the platform. “Today, we have 12 separate app modules in the platform, tightly integrated, common architecture, a common platform of utilization of API and audit platform and interfaces platform,” says Ellis.
“Every connected vehicle is a rolling IoT ecosystem today, and there is a tremendous value proposition that car manufacturers can bring to this mobility paradigm”

A common programmatic interface smooths interaction between services, accelerates integration time and reduces cost. “We secure the communication transpiring across devices and platforms including chipset, edge, gateways, cars, and cloud.” ForgeRock also secures the holistic data through encryption for the data at rest and in transit.

Looking at the capabilities of a connected fleet, several automotive OEMs are doing pilots around fleet services, and are increasingly showing their interest in the marketplace. "However, they need to ensure that they create a secured environment around fleet management by authenticating the identity of the vehicles and the customer base," says Lasse Andresen, CTO, and co-founder, ForgeRock. “The OEMs can correlate to the identity of the car in customer's preferences, entertainment choices, payment terms, and even seat positions.” Bringing together the identity of the fleet, car, and the particular subscriber helps enable multiple types of value added opportunities—insurance, preferences, digital entertainment, payment, and connected payment streams—that can facilitate a smooth digital journey.

The Advantage of Digital Identity Management

ForgeRock has helped many leading auto manufacturers seamlessly deliver secure digital services. In one instance, Toyota required a reliable and agile access management system for its telematics solution, the “My Toyota” Customer Portal, a personalized portal that drivers can use to activate and manage their preferred applications and services. Toyota wanted the access management solution to be intelligent about which car and which driver is accessing the platform, to deliver customized services to each driver through their in-car Toyota Touch 2 with Go device. They also required an access management solution that supports next-generation standards and services such as OpenID Connect and OAuth 2.0, which can be used to facilitate social login. ForgeRock provided Toyota with identity management services for the web, cloud, mobile devices, and cars. With a standard programming interface (REST) and extensive standards support, it became easy for the Toyota development team to install and scale out the ForgeRock IAM solution. In another instance, SiriusXM, an internet radio company chose the ForgeRock platform to modernize its infotainment and telematics. “SiriusXM has a strong vision on how to create great new digital services within the connected car environment,” said Ellis. “They use ForgeRock digital identity as the common element for not only providing connection to the subscriber, but understanding the security aspect of that journey.”

Open Source – The Future of Automotive

As a proponent of open source technology in the automotive industry, ForgeRock has joined Automotive Grade Linux (AGL), a sub-organization under the Linux Foundation, whose objective is to create an open source, secure baseline to build engaging experiences to automotive customers. The group also focuses on Linux-based infotainment for automotive OEMs to cost effectively re-engineer their systems. "ForgeRock is the identity layer of the AGL,” highlights Ashley Stevenson, Identity Technology Director in ForgeRock’s office of the CTO. The company has contributed the code that allows core AGL operating system to be identity aware. "If an app or an infotainment system needs authentication, we can call that lower level API to know who the user is and can take that call," says Stevenson. ForgeRock has also done demonstrations in standardizing the infotainment system that is developed in the industry.

With the automotive industry facing dramatic transformation in their business—driven by new players like Tesla and Uber—there is massive pressure on OEMs to adjust and adapt quickly to the market trends. ForgeRock provides a robust platform to help companies accomplish just that. “We are thrilled to be in the connected car space and look forward to lending a helping hand in fast pacing automotive innovation,” concludes Ellis.

Company
ForgeRock

Headquarters
San Francisco, CA

Management
Michael (Mike) Ellis, Chairman & CEO and Lasse Andresen, CTO & Co-Founder

Description
Provides digital identity management platform to secure the connected car IoT ecosystem

ForgeRock