The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architect, CA Layer 7 @...

The connected car App experienceImproving consumer adoption through secure APIs

6/4/2014

© 2014 CA. All rights reserved.

Francois LascellesVP Solutions Architecture, CA Technologies

2 © 2014 CA. ALL RIGHTS RESERVED.

Mobile

Car3rd party

service/soc

ial

Connected

Car Service

Provider

How do you connectany of these things?

The connected carConnected to what?

Manufacturer or service provider

– Telemetry, call home

Entertainment platforms

– E.g. Netflix

Weather, traffic info, gps

Social media

A mobile app used by driver


Connections = APIs

Web

Web API

Presentation, interface

Information

Information Presentation, interface

{ “min”: “23C”,

“max”: “11C”…}


APIs connect everything

{ “min”: “23C”,

“max”: “11C”…}


Mobile

Car 3rd party

service/soc

ial

Connected

Car Service

Provider

APIs of the connected car

APIs

APIsAPIs

App

App

App


Connected car user experience

In-car/IHU appsEmerging/immature app marketplace

Closed ecosystem

Mobile appsMature app marketplace

Rich experience


Mobile

Car 3rd party

service/soc

ial

Connected

Car Service

Provider

Companion app

APIs

APIsAPIs

{ unlock}

{ unlock}


Companion App


Mobile

Car 3rd party

service/soc

ial

Connected

Car Service

Provider

Mobile powered car sharing service

APIs

APIsAPIs

{book it}

{pickup}

{find it}


Good UX -> good business

UX

Ad

op

tio

n


Security matters too

Safety– When cars can be controlled

remotely …

“My car was hacked”

Privacy– Locate users

– Abuse of driver history data

APIs are becoming the attack vector of choice for the new

generation of hackers


UX Disruptors

Key defensive techniques, such as user authentication disrupt UX

The impact on user experience is more severe in mobile context

Compounding factors:– Challenge frequency

– Number of secrets

– Secret complexity


Reconciling UX and Security

Identify

yourself

Show me my

data


Public vs confidential apps

Public devices and public clients shift burden of authentication to a user (lowering UX)– Pattern: Secure API flows which assert registered device/client

Mobile

Connected

Car Service

Provider{prove

possession}

Register

device, app

In-car appHSM


User-managed delegation

Users delegate applications to act on their behalf– Pattern: revocation should be as easy as delegation

Connected

Car Service

Provider

… later, device lost or stolen

Connected

Car Service

Provider

Revoke app,

device

Authorize

app, device


Risk and context-based authorization

Low

– Must have valid session

Medium

– Must have a ‘fresh’ session

High

– Registered device only

– Challenge user every x minutes

Risk

associated

with API

call

Multifactor

– Infotainment + mobile


API-enabled connected car service provider

Beyond enhancing the user experience,

APIs enable new business and partnership

250M connected cars = big data

– Telemetry history

– APIs lets you monetize this information

Driving new business models and partnerships

Insurance

Urban planning

Emergency response

Real-time traffic info

Connected car API infrastructure

– Correlate

– Anonymize

– Secure

[your idea here]


API infrastructure for the connected car

Enable innovation

Layer 7 API Management Solutions

App developer servicesInternal/3rd party developer on boardingAPI discoveryApp registrationAPI Key issuingAnalyticsBillingMobile SDKs

Runtime API servicesSecure API delivery Access controlEnterprise integrationIdentity brokeringDevice registrationSocial/cloud integrationThreat protection, sanitization

Deliver, scale and secure

The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architect, CA Layer 7 @...

Technology

Transcript of The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architect, CA Layer 7 @...