Automotive Cybersecurity and Manufacturers

By 2020, there will be a quarter billion connected vehicles on the road. We entrust our lives to these massive moving machines every day. Keeping them secure is priority one.



Connected vehicles offer a new level of ease and convenience to the modern consumer. The ability to stream music, freely communicate, access real-time data, navigation, and receive maintenance alerts are all tremendous and helpful features. Yet recent headlines have demonstrated notable security gaps confirming that the threat of hackers worming their way into automotive systems is real.

We designed Keyfactor Control to empower development teams to implement reliable, complete, robust PKI and cryptography during design. Incorporating security right from the start affords the confidence that your connected devices will stay secure and protect consumers throughout the vehicle’s entire lifecycle. Keyfactor Control’s flexible and scalable automotive cybersecurity options give you freedom and ease to secure the entire product line from end-to-end.

Managing 500 Million Connected Vehicles

Keyfactor performed a pilot designed to secure a large fleet of simulated connected vehicles. The premise was based on a catastrophic re-enrollment scenario where security was breached, which is a real-life threat in the automotive industry. The goal was to validate the ability to handle revocation and reissuance of 500 million certificates, and understand the time it would take to complete. The results were exceptional.


Security complexities of connected vehicles

The promise of connected vehicles is tremendous, and so are the security measures required to reach that destination without winding up in a ditch, both literally and figuratively. Highly complex systems from multiple vendors, with legacy standards, equipment and infrastructure, all make very attractive targets for malicious actors.


Scalable automotive cybersecurity

Keyfactor performed a pilot of securing a large fleet of simulated connected vehicles, based on a catastrophic re-enrollment scenario where the RoT was breached. The successful pilot demonstrated the ability to store, manage, and report on over 211 million certificates, and provide command-and-control instruction to 68 million simulated vehicle agents. Each vehicle’s agent polled for updates with a check-in rate of 800 per second, and pulled down the newly issued credentials and root.


When you’re the one running the line, there’s nothing more meaningful, or more challenging, than securing every product on a global scale. Whether it’s a controlled update, new certificate configuration, or an unexpected breach, it’s critical to stay on top of your entire device fleet down the street or around the world. Effective management of in-field updates can mean the difference between securing a satisfied customer, announcing a costly recall or embarking on a crisis management campaign. Including cybersecurity into device development should not be an afterthought – it should be rooted in the design.


With Keyfactor Command You Get:

Secure Code Signing

Signing firmware and software updates are a critical best practice to ensure that the software installed in your devices is genuine.

Extended Identity Attributes

Bind custom attributes to device identities without having to modify, revoke or reissue any certificate.

Installation and Identity Provisioning

Installation of Keyfactor Control and provisioning of a secure and unique identity during the device activation process.

IoT Ecosystem Integration

APIs and plug-ins allow the IoT ecosystem to authenticate device identities, and enforce granular access control based on extended attributes.


Keyfactor Control empowers one-step automation of certificate and Root of Trust (RoT) management, and is available for embedded Android, and native-C for real-time operating systems.

Mass Scalability

Proven in environments of 500-million devices, running either on-premise, in the cloud, or in a custom architected hybrid mode.

Centralized Root of Trust Management

Certificates, key stores, and trust stores across all devices, applications, servers and services within the IoT ecosystem.

Private and Public Certificate Authority

Includes a fully managed private PKI, and supports both internal certificate authorities as well as public issuers such as Certicom, DigiCert, and Entrust.


Incorporate encryption, authentication, and secure code signing within your IoT devices and applications using Keyfactor Control SDKs and APIs.

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.