Contact Us

AUTOCRYPT Launches Cybersecurity Testing Platform for UN R155/156 and GB Compliance.Learn More

Tag: v2x

11 January, 2024 . 4 mins read

AUTOCRYPT and Cohda Wireless Sign MOU at CES 2024 to Collaborate on Security-Integrated V2X Solution

LAS VEGAS, Jan. 11, 2024 — AUTOCRYPT, a leading automotive cybersecurity and mobility solutions provider, and Cohda Wireless, a global connected vehicle solutions company, signed a Memorandum of Understanding on the opening day of CES 2024, kickstarting their collaborations on bringing a secure, full-stack solution for V2X communications.

Cohda Wireless is a global leader in V2X technology both in R&D and commercialization, with the world’s most advanced V2X software stacks supporting both 802.11p and C-V2X protocols. They are active in the European, US and Asian markets, with products compliant with the respective regional standards.  Cohda Wireless solutions have undergone extensive compliance and interoperability testing and have notched up over one million vehicle-days of field testing. 

As a pioneer in automotive cybersecurity, AUTOCRYPT has over a decade of experience and expertise in securing V2X connectivity. Its offerings encompass a security library for end entities, a V2X PKI platform with misbehaviour detection, and an integrated management dashboard for SCMS operations.

Both companies share a vision of a safe and seamless C-ITS ecosystem for all road users. As part of the collaboration, AUTOCRYPT’s V2X security library, AutoCrypt V2X-EE, will be integrated into the overall V2X software stacks of Cohda Wireless, shaping a full-stack, secure V2X solution for automotive OEMs and Tier-1 suppliers.

“AUTOCRYPT provides the world’s first and only V2X security solution adaptable to all major V2X PKI standards, including the US SCMS, EU CCMS, and Chinese C-SCMS. This enables us to offer customized solutions to clients across the globe.” said Daniel ES Kim, CEO of AUTOCRYPT. “We are excited to collaborate with Cohda Wireless on offering a complete V2X software stack to ensure the reliability of V2X communications.”

“We are delighted to be a part of another global first in our industry,” explained Cohda CEO Dr. Paul Gray. “As the implementation of connected intelligent transport systems rolls out across the globe, so will there be an ever-increasing need to safeguard sensitive data. Our partnership with AUTOCRYPT adds an additional layer of maturity to our product that we believe the market will recognize.”

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

Built to support both AUTOSAR and legacy vehicular platforms, AUTOCRYPT’s In-Vehicle Systems Security solution helps automotive OEMs and suppliers comply with both ISO/SAE 21434 and UN R155. The company is also the sole V2X security provider for all South Korea’s C-ITS projects, securing over 5,000 km of smart roads.

About Cohda Wireless Pty Ltd

Cohda Wireless is a global leader in the development of Connected Vehicles and Connected Autonomous Vehicle software with proven applications for Smart City, Mining and other environments. Cohda’s technology connects vehicles with infrastructure and pedestrians to make our streets, cities and working environments safer, smarter and greener.  Cohda is headquartered in Australia and has offices in Europe, China and the USA.  

Cohda Wireless’s innovative software solutions enable autonomous vehicles to connect with other vehicles and with Smart City infrastructure. These connections span Vehicle¬to¬Vehicle, Vehicle¬to¬Infrastructure, and Vehicle¬to-Pedestrian (collectively called V2X), and allow CAVs to ‘talk’ to each other, Smart Cities, and vulnerable road users in order to avoid accidents, reduce congestion and be more efficient. Cohda partners with Tier 1 Automotive Suppliers, ITS Equipment Vendors, and Mining Equipment Technology and Services (METS) vendors to provide complete hardware/software solutions to Car Makers, Smart Cities, and Mine Operators, respectively. Cohda’s products are used widely in locations including the USA, Europe, Australia, Japan, Africa, Middle East, China, Singapore and Korea.

26 December, 2023 . 3 mins read

AUTOCRYPT to Exhibit at CES, Highlighting Global Standard Compliant V2X Security Solution

SEOUL, KOREA, Dec. 26, 2023 — AUTOCRYPT announced its plans to exhibit at CES 2024, the world’s most influential event in technology. Known for its industry-leading vehicle-to-everything (V2X) and software-defined vehicle (SDV) security solutions, the company will be showing its newest comprehensive solutions at the prestigious event for the first time.

This news comes after AUTOCRYPT’s official partnership announcement with a world-renowned Tier 1 telematics supplier, where AUTOCRYPT will integrate its V2X security library into the supplier’s onboard units (OBU), establishing a production-ready V2X solution for automotive OEMs across the globe. Such partnerships are part of AUTOCRYPT’s long-term strategy of building a comprehensive security solution for software-defined vehicles.

Besides providing V2X security modules for OBUs and RSUs, AUTOCRYPT is also known for being the world’s only V2X PKI provider that supports all major regional SCMS standards, including the North American SCMS, European CCMS, and the Chinese C-SCMS. Having demonstrated the interoperability of its V2X solution within the European CCMS standard, AutoCrypt V2X-PKI has been recently adopted by a global automotive OEM to manage its worldwide SCMS operations.

To further enhance its partnership and client network in the United States, AUTOCRYPT will be highlighting the following at CES 2024 in Las Vegas from January 9 to 12:

  • Showcase of its tri-standard compliant V2X security solution for automotive OEMs, Tier 1 suppliers, and C-ITS operators
  • Demonstration of its in-vehicle system security solution and testing services for ISO/SAE 21434 and UN R155/156 compliance
  • Customized partnership models, with support worldwide (established subsidiaries in Europe, North America, and HQ in South Korea)

“We have established secure V2X infrastructure for over 3,000 miles of smart roads across South Korea. And our V2X security library has been deployed in some of the best-selling vehicle models in the world,” said Daniel ES Kim, CEO of AUTOCRYPT. “We look forward to bringing our experience in Asia and Europe to the forefront this year at CES and demonstrating our readiness for C-V2X infrastructure deployment and mass production on the North American continent.”

To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.

About Autocrypt Co., Ltd.

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.

6 November, 2023 . 4 mins read

Trends in Vehicle Vulnerabilities: A 2023 Report

In recent years, the automotive sector has undergone a profound transformation driven by innovation. The past decade witnessed a rapid digitization of vehicles, the ascent of electric powertrains, the advent of software-defined systems, and the ongoing development of autonomous vehicles. These technological advancements have elevated automobiles beyond mere modes of transportation. However, they also made vehicles increasingly susceptible to cyberattacks. Unfortunately, the pace of implementing in-vehicle cybersecurity measures has lagged behind the speed of innovation, leaving modern vehicles at an alarming risk.

A comprehensive study conducted by IOActive has meticulously analyzed the trends in vehicle vulnerabilities, pooling data from 2016 to 2022. This study sheds light on the evolving threat landscape within the automotive industry, classifying data according to various attack vectors, namely local, physical, network, and peripheral RF.

Key Findings:

Networked Connection Attacks: The most striking revelation from the study is the surge in attacks exploiting networked connections, accounting for nearly half of all attacks in 2022. This signifies a prominent shift towards remote cyberattacks targeting vehicles.

Local Attacks: Local vehicle software, including operating systems, Electronic Control Units (ECUs), and Software Bill of Materials (SBOMs), accounted for 40% of disclosed vulnerabilities. This highlights the growing risk of exploiting vulnerabilities within a vehicle’s software ecosystem.

Physical Hardware Attacks: Physical hardware-associated vulnerabilities witnessed a significant decline, plummeting by 15%. This decline can be attributed to the automotive industry’s increasing focus on remote attack vectors.

Peripheral RF Attacks: Intriguingly, a novel category of attack vectors, peripheral RF attacks, emerged, representing 1% of the total vulnerabilities. This indicates the shifting landscape of vehicle cybersecurity needs and the expanding spectrum of threats.

Now, let’s delve into a closer examination of each attack vector:

Local Attacks

Local attacks primarily exploit vulnerabilities within the vehicle’s software ecosystem. Examples include attacks on operating systems, ECUs, and SBOMs. A common local attack is spoofing, where malicious actors send synthetic signals to deceive the vehicle’s systems. Spoofing can lead to incorrect data interpretation, posing substantial risks to vehicle operation and passenger safety.

Over the past decade, local attacks have seen a 6% increase, reflecting the industry’s struggle to defend against software-based attacks, exacerbated by the increasing complexity of software in modern vehicles. Robust in-vehicle security systems are essential to mitigating the risks of local software attacks. Manufacturers must employ effective testing measures to identify and rectify software vulnerabilities.

Physical Hardware Attacks

While physical hardware attacks have experienced a notable decline, they continue to pose a tangible threat. These attacks necessitate the physical presence of a threat agent. An attack on vehicle hardware could provide unauthorized access to critical vehicle components, potentially allowing a takeover of the vehicle.

For instance, a USB attack targeting a vehicle’s infotainment system could compromise the Controller Area Network (CAN). To address these vulnerabilities, vehicle security systems must incorporate robust gateway security measures to protect against hardware-based intrusions.

Networked Connection Attacks

Emerging as a recent development, networked connection attacks exploit far-field RF spectrum, including wireless and cellular connections, backend networks, and vehicle-to-everything communications. Securing messages exchanged through vehicle-to-everything (V2X) communication channels is of paramount importance, particularly as the industry is gearing up for autonomous driving. Ensuring the authenticity of V2X messages is crucial to prevent masquerading attacks, which can disrupt traffic and compromise vehicle systems.

Original equipment manufacturers (OEMs) must implement cybersecurity practices that authenticate information and signals exchanged through V2X communications to mitigate the risks associated with networked connection attacks.

Peripheral RF Attacks

Peripheral RF attacks originate in the near-field RF spectrum, encompassing technologies like NFC, RFID, remote key entry, and on-board telematics. The 1% growth in peripheral RF attacks, as identified by IOActive’s analysis, is largely attributed to vulnerabilities related to Remote Key Entry (RKE) and Bluetooth.

One common manifestation of a peripheral RF attack is a relay attack, notably compromising key fob technology. Such attacks can allow unauthorized access to vehicles and even the ability to remotely start them. These attacks have become one of the most common causes of vehicle theft. In 2022, AUTOCRYPT’s Vehicle Threat Research Lab discovered a high severity (CVSS 8.1) relay attack vulnerability (CVE-2022-38766) in a popular electric vehicle in Europe. To counter these threats, vehicle owners can employ signal-blocking devices, while manufacturers should implement comprehensive cybersecurity measures to monitor and filter traffic at the gateway.

Vehicle attack vectors

In light of these evolving trends and vulnerabilities, it is imperative that advancements in the automotive sector go hand in hand with the development of robust cybersecurity measures.

AUTOCRYPT offers end-to-end vehicle cybersecurity solutions that safeguard vehicles from both internal and external threats, ensuring the continued safety and security of modern automobiles.

14 June, 2023 . 7 mins read

The V2X Deployment Roadmap in Europe: Progress, Challenges, and What to Expect by 2024

Vehicle-to-everything (V2X) technology is widely regarded by industry experts as a promising solution to improve road safety and achieve full autonomous driving in the long run. However, to establish a functional and interoperable V2X ecosystem, all stakeholders must be on the same page. This article dives into the current V2X deployment progress in Europe and what to expect in the near future.

Europe is often seen as an optimal testbed for V2X technology and Cooperative Intelligent Transport Systems (C-ITS), not only because the continent has some of the world’s most developed and well-maintained road networks, but also because it is home to dozens of road transport operators and has the highest concentration of global automotive OEMs.

As a promising strategy for achieving Vision Zero, V2X deployment has been on the agenda in Europe since the early 2010s. To facilitate the rollout of C-ITS, European Member States and road infrastructure operators joined forces to establish the C-Road Platform, a joint initiative to establish an integrated and interoperable C-ITS network that spans across European borders.

In the private sector, many automotive OEMs have been integrating V2X onboard units (OBU) into their new vehicles. As one of the early adopters, Volkswagen has equipped V2X OBUs in its entire ID. electric vehicle lineup. BMW recently announced plans to deploy V2X technology in its vehicles for vehicle-to-grid (V2G) bidirectional charging. Mercedes-Benz also has plans to deploy V2X, but has been so far promoting its cloud service as a medium to provide real-time vehicle-to-vehicle (V2V) warnings.

However, despite all these efforts, we haven’t yet seen any large-scale V2X use cases on the continent. This raises many questions. How developed is V2X technology? Where is Europe on the V2X deployment roadmap? What are some of the challenges the industry is facing? What can we expect years down the road?

Is V2X technology ready for commercial use?

This would have been tough to answer in the past few years. But as of 2023, V2X technology is fully ready for implementation and commercial use. The reliability and safety of the technology have been repeatedly validated at cross-industry interoperability tests, with AUTOCRYPT being a major contributor to message security. A lot of roadside equipment is now V2X capable. And many OEMs have equipped their vehicles with V2X OBUs.

Where is Europe on the V2X deployment roadmap?

Europe is now entering an early stage of commercial V2X deployment. Still, to operate V2X services on a large-scale, more OBUs and RSUs need to be deployed. This can take up to a decade because consumers will keep their older cars for many years before upgrading. Time is also needed for road operators to install RSUs into their roadside equipment.

At this stage, is V2X deployment only a matter of time? The reality is more complicated. There remain a few challenges that are preventing OEMs and road operators from rolling out V2X at full speed.

What challenges does the industry face?

1. The divide between DSRC and C-V2X: into the hybrid era

The biggest challenge that has been slowing down V2X deployment was a lack of agreement among industry players on the communication protocol. The debate between the WLAN-based DSRC (dedicated short-range communications) and the LTE and 5G-based C-V2X (cellular V2X) has significantly slowed down the implementation of V2X. Each industry player has their own stance and preference, leading to an ongoing rivalry between the two technologies.

As of 2023, North America and China have mostly agreed on using C-V2X as the de facto V2X communication protocol, phasing out DSRC. However, Europe remains largely divided. Whereas Volkswagen uses DSRC for its vehicles, BMW and Daimler have both been in favour of C-V2X.

Fortunately, this divide is becoming less of an obstacle. Seeing that the European industry isn’t likely to reach a consensus anytime soon, V2X hardware providers, software suppliers, and cybersecurity providers like AUTOCRYPT have developed solutions compatible with both protocols so that industry players can continue V2X deployment without having to worry about compatibility.

Nevertheless, since DSRC and C-V2X are not meant to be interoperable at the fundamental access layer, more sophisticated hardware and additional development efforts are needed for dual compatibility. As such, although this hybrid approach can help the industry overcome its immediate interoperability issues, it is by no means an optimal solution in the long run. Many experts predict that one of the two protocols will eventually die off, ending the hybrid era.

2. A lack of incentives

Another obstacle that has been slowing down V2X deployment is the lack of incentives. In most conventional markets, the first mover often gains a competitive advantage because clients and consumers tend to associate the new idea or technology with the brand, just like how Tesla is strongly associated with electric vehicles and Uber with ride-hailing platforms. However, this kind of first-mover advantage is not present in the V2X market, because the full benefit of V2X can only be realized after multiple OEMs and road operators deploy them. Although Volkswagen equipped V2X into the ID. lineup, consumers haven’t been able to experience any significant benefits and thus no association is formed between V2X and the ID. brand.

Under such circumstances, governments and regulators must incentivize early adopters to accelerate V2X deployment. As of now, the idea of regulating V2X is still in debate. But with the joint effort of governments and several industry associations, more and more incentives are beginning to surface.

For instance, Europe’s new car assessment program, Euro NCAP, announced in its 2025 Roadmap that beginning in 2024, all new cars must be equipped with V2X connectivity to receive a five-star safety rating. This move will serve as an effective incentive for OEMs to deploy V2X in their vehicles on a large scale. The Euro NCAP further explained in the report that it chose this timing because it expects all technical uncertainties to be resolved by 2024.

3. Demand uncertainty

Currently, the public has very limited knowledge about V2X technology and its potential. In fact, many have never heard of the technology. This leads to uncertainty in market demand, as it’s hard to gain a grasp of demand when consumers haven’t been informed about the supply.

This isn’t to say that there will be a lack of demand. The potential demand for V2X is immense, given that consumers have always had strong desires for safety and convenience, both of which V2X has a lot to offer. Therefore, the question is not whether there is enough demand, but whether consumers are educated enough to understand how V2X can fulfill these demands. In the end, industry players must not only invest in the technology itself, but also in promoting the benefits of the technology by establishing innovative services and attractive consumer offerings.

What can we expect in the future?

Overall, V2X technology is now nearing the end of its testing stage and ready for large-scale development. Most of the challenges and obstacles that have slowed down V2X deployment over the past few years are now resolved. With more and more incentives, we can expect to see a kickstart to full-scale V2X deployment beginning in 2024.

For a more detailed analysis of the current progress and future prospects of V2X, download the full white paper below:

v2x 2024 prospect white paper thumbnail
Download White Paper

As one of the top five V2X security providers in the world (recognized by Markets & Markets), AUTOCRYPT has always maintained a position ahead of the market in terms of technology and innovation. Not only does its V2X security module support both DSRC and C-V2X, but its Security Credential Management System (SCMS) is fully compatible with all three major standards in the world, including the US SCMS, EU CCMS, and Chinese C-SCMS. To prepare OEMs for full-scale deployment, it released its Integrated Management System (IMS) for SCMS, allowing OEMs to manage millions of vehicle certificates on a single dashboard.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

19 January, 2023 . 7 mins read

All You Need to Know About V2X PKI Certificates: Butterfly Key Expansion and Implicit Certificates

AutoCrypt SCMS now supports Butterfly Key Expansion for both implicit and explicit certificates of the V2X PKI ecosystem. This article explains why Butterfly Key Expansion is necessary for the SCMS and why implicit certificates might be a useful alternative to conventional certificates.

Vehicle-to-everything (V2X) communication allows vehicles to communicate with other vehicles and road entities for safety warnings, traffic coordination, and eventually vehicle-infrastructure cooperated autonomous driving (VICAD). Given that these V2X messages are critical to road safety, a vehicular public key infrastructure (PKI) known as the Security Credential Management System (SCMS) has been adopted worldwide to protect the integrity of V2X messages and the privacy of road users. V2X PKI certificates, or SCMS certificates, are therefore a crucial enabler of secure V2X communications.

What Is Unique About V2X PKI Certificates?

What makes V2X PKI certificates unique? The most significant difference between IT and V2X authentication is that IT authentication is centralized and hierarchical. Users use their digital signature to reveal their identity to the server, after which the server verifies the identity and grants the user access. There is apparently no need for users to prove their identity to other users. On the other hand, V2X authentication is decentralized, where users (vehicles) need to verify each other’s identity without revealing it. Sounds contradictory? This is made possible by using pseudonym certificates.

In the SCMS, pseudonym certificates are issued by authorization certification authorities (CA) to every road user (vehicle). As suggested by its name, these certificates are pseudonymous and thus do not contain the vehicle’s identity, but instead contain proof that the vehicle’s identity had been verified by the CA and that it is a legitimate entity.

Furthermore, to prevent a stalker from spying on the same pseudonym certificate over an extended period to trace its travel routes and behaviours, pseudonym certificates have very short validity periods. For an average private vehicle, up to 20 pseudonym certificates are issued weekly, rotating every few hours to prevent tracing. These numbers can vary depending on local regulations and the importance of the passenger. For instance, the vehicle for a head of state might require non-rotating, one-time pseudonym certificates issued every five minutes.

What Is Butterfly Key Expansion?

Every time a vehicle requests a pseudonym certificate, the responsible CA needs to sign a new certificate and return it to the vehicle. Given that a typical vehicle needs up to 20 certificates per week, the CA needs to sign over a thousand certificates to a single vehicle over a year. This is a scale never seen before in the IT or financial industry. As more and more vehicles join the V2X environment, it can soon become difficult for CAs to cope with the growing number of requests.

With advancements in cryptographic construction technology, a novel approach known as Butterfly Key Expansion now overcomes this disadvantage. Butterfly Keys allow a vehicle to request an arbitrary number of certificates all at once; each certificate with a different signing key and each encrypted with a different encryption key. A request using Butterfly Key Expansion contains only one signing public key seed, one encryption public key seed, and two expansion functions that enable expansion. Therefore, Butterfly Keys are very useful for requesting pseudonym certificates as they can drastically decrease the number of requests needed.

Note that Butterfly Keys are not needed for issuing application certificates* to roadside units (RSU). Since privacy is not a concern to roadside infrastructures, application certificates are issued once at a time and have very long validity periods, meaning that application CAs are fully capable of dealing with the volume of requests.

(*Pseudonym certificates are used by vehicles for self-identification in V2V communications, whereas application certificates are used by roadside infrastructures for self-identification in V2I applications.)

Explicit vs. Implicit Certificates

Pseudonym certificates can be constructed in two different forms: conventional (explicit) certificates and implicit certificates. Conventional certificates consist of three distinct pieces of data: 1) a public key, 2) the digital signature of the CA, binding the public key to the vehicle’s identification data, and 3) the vehicle’s identification data. During V2V message transmission, the sender signs the certificate with the private key, after which the receiver uses the public key in the certificate to verify and view the message. In this process, the sender’s identity is “explicitly verified” because by opening the message, the receiver knows that the sender is the only entity holding the private key. As such, these certificates are also known as explicit certificates.

However, a disadvantage of explicit certificates is that, since they contain three distinct pieces of data, their size can range between 2,000 bits to 30,000 bits, depending on the level of security needed. Such a size isn’t a concern in and of itself. But in the V2X environment, where traffic volume is high and transmission speeds are pivotal, smaller sizes can be more advantageous.

To enable speedier message transmission and more efficient certificate issuance, a new form of V2X PKI certificate is gaining popularity. Known as implicit certificates, or Elliptic Curve Qu-Vanstone (ECQV), these certificates contain the same three pieces of data as explicit certificates do, but do not carry them as three distinct elements. Instead, the public key and the digital signature are superimposed, leaving a single reconstruction value that is similar in size as the public key. The receiver of the message uses this reconstruction value to reconstruct the public key and verify the message. The way in which the public key and the digital signature are superimposed means that by verifying the public key, the digital signature and the legitimacy of the sender get “implicitly verified”.

Since implicit certificates contain a single reconstruction value, they are much lighter and thus require much less bandwidth to transmit. The typical size of an implicit certificate is only 200 to 500 bits, which is ideal for the SCMS, where a large volume of certificates needs to be transmitted within a constrained timeframe.

The concept of implicit certificates is developed and patented by Blackberry Certicom. Nevertheless, CAs are free to issue implicit certificates for applications in the SCMS in accordance with IEEE 1609.2.

V2X PKI Regional Requirements and Preferences

As mentioned earlier, Butterfly Key Expansion is only beneficial for issuing pseudonym certificates and is not used for generating application certificates. The same is true for implicit certificates. The lightweight advantage of implicit certificates is best seen when applied to pseudonym certificates, but less significant when applied to application certificates. Given that the mechanism behind implicit certificates is more complex, some parts of the world prefer to stay with explicit certificates.

As a result, a mix of different mechanisms is used in the real world. In fact, different transport authorities have established different requirements for the certificates used in their SCMS. In North America, implicit certificates have become the standard for all V2X PKI certificates, whereas, in China, explicit certificates are required. Europe has been establishing two different standards, one for explicit certificates and one for implicit certificates.

In general, V2X PKI certificates can be constructed using four different combinations.

AutoCrypt SCMS Ready to Support All Certificate Types

In late 2022, AUTOCRYPT completed its development on the issuance of both explicit and implicit certificates with Butterfly Key Expansion, gaining the full capability to issue and provision all types of V2X PKI certificates in the SCMS.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

7 December, 2022 . 2 mins read

AUTOCRYPT Accredited by WebTrust for CAs as V2X Root Certificate Authority

SEOUL, KOREA, December 7, 2022 — AUTOCRYPT, an industry-leading provider of automotive cybersecurity and connected mobility solutions, announced that it has been officially accredited by the AICPA/CICA WebTrust Program for CAs (Certification Authorities) as a root certificate authority for the V2X-PKI ecosystem, making it Asia’s first, and the world’s third V2X root certificate authority to receive the WebTrust seal.

The WebTrust Program accredits CAs after having licensed auditors conduct extensive audits to verify that the CA has adequate management capabilities and strictly follows its Certificate Practice Statement (CPS) by properly verifying organizations and protecting its certificate keys. The WebTrust seal is an internationally recognized symbol for safe practice in PKI and cryptography, to which many organizations demand WebTrust accreditation for all CAs involved in their supply chains.

AUTOCRYPT’s V2X-PKI CA (Certificate Authorization) Service acts as a root CA that registers, issues, manages, and revokes V2X certificates to subordinate CAs, supporting SCMS standards across North America, Europe, and China. Independently operated by its self-established security certification center, the service has undergone months of external audits and monitoring prior to receiving the accreditation.

“Aligning with our vision of enabling reliable and autonomous mobility for all road users, we developed our own root CA service to help establish trust within the V2X ecosystem,” said Daniel ES Kim, CEO of AUTOCRYPT. “By providing WebTrust-accredited certificate lifecycle management for V2X CAs, we look forward to enabling a streamlined V2X deployment process for our clients and partners, as well as encouraging more V2X implementations across a wider variety of use cases.”

Apart from serving as a V2X root CA, AUTOCRYPT offers a complete security solution for the V2X ecosystem, including a security module for OBU/RSUs, an SCMS backend, and an Integrated Management System (IMS) for SCMS that enables automotive OEMs to oversee all the SCMS certificates for their fleets via a graphical user interface.

For more information regarding AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.