Henry Lascelles - Architecture & Installation Portfolio 2016
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architect, CA Layer 7 @...
-
Upload
ca-api-management -
Category
Technology
-
view
787 -
download
0
Transcript of The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architect, CA Layer 7 @...
The connected car App experienceImproving consumer adoption through secure APIs
6/4/2014
© 2014 CA. All rights reserved.
Francois LascellesVP Solutions Architecture, CA Technologies
2 © 2014 CA. ALL RIGHTS RESERVED.
Mobile
Car3rd party
service/soc
ial
Connected
Car Service
Provider
How do you connectany of these things?
The connected carConnected to what?
Manufacturer or service provider
– Telemetry, call home
Entertainment platforms
– E.g. Netflix
Weather, traffic info, gps
Social media
A mobile app used by driver
3 © 2014 CA. ALL RIGHTS RESERVED.
Connections = APIs
Web
Web API
Presentation, interface
Information
Information Presentation, interface
{ “min”: “23C”,
“max”: “11C”…}
5 © 2014 CA. ALL RIGHTS RESERVED.
Mobile
Car 3rd party
service/soc
ial
Connected
Car Service
Provider
APIs of the connected car
APIs
APIsAPIs
App
App
App
6 © 2014 CA. ALL RIGHTS RESERVED.
Connected car user experience
In-car/IHU appsEmerging/immature app marketplace
Closed ecosystem
Mobile appsMature app marketplace
Rich experience
7 © 2014 CA. ALL RIGHTS RESERVED.
Mobile
Car 3rd party
service/soc
ial
Connected
Car Service
Provider
Companion app
APIs
APIsAPIs
{ unlock}
{ unlock}
9 © 2014 CA. ALL RIGHTS RESERVED.
Mobile
Car 3rd party
service/soc
ial
Connected
Car Service
Provider
Mobile powered car sharing service
APIs
APIsAPIs
{book it}
{pickup}
{find it}
11 © 2014 CA. ALL RIGHTS RESERVED.
Security matters too
Safety– When cars can be controlled
remotely …
“My car was hacked”
Privacy– Locate users
– Abuse of driver history data
APIs are becoming the attack vector of choice for the new
generation of hackers
12 © 2014 CA. ALL RIGHTS RESERVED.
UX Disruptors
Key defensive techniques, such as user authentication disrupt UX
The impact on user experience is more severe in mobile context
Compounding factors:– Challenge frequency
– Number of secrets
– Secret complexity
14 © 2014 CA. ALL RIGHTS RESERVED.
Public vs confidential apps
Public devices and public clients shift burden of authentication to a user (lowering UX)– Pattern: Secure API flows which assert registered device/client
Mobile
Connected
Car Service
Provider{prove
possession}
Register
device, app
In-car appHSM
15 © 2014 CA. ALL RIGHTS RESERVED.
User-managed delegation
Users delegate applications to act on their behalf– Pattern: revocation should be as easy as delegation
Connected
Car Service
Provider
… later, device lost or stolen
Connected
Car Service
Provider
Revoke app,
device
Authorize
app, device
16 © 2014 CA. ALL RIGHTS RESERVED.
Risk and context-based authorization
Low
– Must have valid session
Medium
– Must have a ‘fresh’ session
High
– Registered device only
– Challenge user every x minutes
Risk
associated
with API
call
Multifactor
– Infotainment + mobile
17 © 2014 CA. ALL RIGHTS RESERVED.
API-enabled connected car service provider
Beyond enhancing the user experience,
APIs enable new business and partnership
250M connected cars = big data
– Telemetry history
– APIs lets you monetize this information
Driving new business models and partnerships
Insurance
Urban planning
Emergency response
Real-time traffic info
Connected car API infrastructure
– Correlate
– Anonymize
– Secure
[your idea here]
18 © 2014 CA. ALL RIGHTS RESERVED.
API infrastructure for the connected car
Enable innovation
Layer 7 API Management Solutions
App developer servicesInternal/3rd party developer on boardingAPI discoveryApp registrationAPI Key issuingAnalyticsBillingMobile SDKs
Runtime API servicesSecure API delivery Access controlEnterprise integrationIdentity brokeringDevice registrationSocial/cloud integrationThreat protection, sanitization
Deliver, scale and secure