- -, Author at AUTOCRYPT

29 October, 2025 . 5 mins read

Ensuring Safe, Seamless Vehicle Access

With the advent of software-defined vehicles, the concept of the car key has evolved from a physical device into a digital access system seamlessly connected to the driver’s smartphone. Through smartphone-based digital keys, drivers can lock, unlock, start vehicles and even share access to their vehicles — all through a single intuitive mobile experience.

As vehicles become increasingly connected, the need for robust security grows alongside the convenience these systems provide. Every interaction between the smartphone, vehicle and backend must occur within a trusted, interoperable ecosystem that protects against unauthorized access and data compromise. This article explores the core components of a secure Digital Key Ecosystem and highlights the measures and technologies that enable safe, seamless, and scalable vehicle access.

I. Secure Digital Key System Architecture

Digital key solutions operate within a complex ecosystem connecting multiple systems and communication layers. From user registration to daily vehicle operation and key revocation, every stage requires security embedded by design to ensure the digital key performs safely, reliably and seamlessly.

At the foundation of this ecosystem lies the Backend System & User Data Management layer, which links user accounts, vehicles and mobile devices through centralized control. This layer manages user registration, key issuance and access permissions across multiple vehicles, synchronizing updates between the mobile app and vehicle in real time. By continuously managing backend events such as invitations, temporary credentials and revocations, it ensures that digital key services remain scalable, interoperable and responsive to every user action.

The next layer, Vehicle and User Authentication, safeguards trust between the user’s smartphone and the vehicle before any operation takes place. Through certificate-based authentication and encrypted communication, this layer verifies that both the driver and vehicle are legitimate participants in each interaction. As the core of identity verification, it ensures that every connection within the ecosystem begins from a trusted foundation, maintaining cybersecurity from the very first handshake.

Beyond authentication, the In-Vehicle Key Management layer embeds protection directly within the vehicle. Every vehicle interaction is validated at the hardware level, controlling how digital keys are stored, verified and applied to vehicle systems. Whether online or offline, this layer preserves key confidentiality and enforces access rights while integrating proximity-based protection to prevent relay or spoofing attacks. In doing so, it enables continuous safeguarding of digital credentials throughout their active use.

Finally, the In-Vehicle Applications layer provides the user-friendly interface that connects security with convenience. Hosting in-vehicle infotainment (IVI) and head-unit control (HCP) applications, it allows drivers to view key status, manage profiles and control access settings. By coordinating commands such as unlock, start and key sharing with backend systems in real-time, this layer ensures user interaction and consistent connectivity across all digital key features — whether for individuals or fleets.

II. End-to-end Digital Key Solution

Digital key systems function as a unified ecosystem, with each component — backend, authentication, in-vehicle systems, applications — continuously exchanging data and trust signals. These interactions form a closed feedback loop, where every vehicle operation and user action is reported back to the backend for synchronization and validation. Building an effective digital key solution requires recognizing how these layers interact through a system-level approach.

A prime example of such an approach is the co-developed Digital Key Solution by AUTOCRYPT and Valtech Mobility, unveiled at IAA Mobility 2025. Designed around interconnection and interoperability, the joint solution demonstrates how a unified architecture can deliver a secure, reliable, and scalable digital key experience built on shared standards and complementary expertise.

The solution’s architecture enables continuous communication between the backend, authentication layer, in-vehicle key management and smartphone interface:

Backend System & User Data Management: Data synchronization and multi-user access are managed in alignment with Car Connectivity Consortium (CCC) guidelines.
Vehicle & User Authentication: Real-time authentication between smartphone, vehicle and cloud is reinforced with Ultra-Wideband (UWB) proximity verification for precise, relay-resistant access control.
In-Vehicle Key Management: Key credentials are handled within secure hardware environments, ensuring both performance and protection.
In-Vehicle Applications: Access and control are provided through an intuitive smartphone interface, integrating convenience with end-to-end security.

This solution delivers clear advantages for both OEMs and users. For OEMs, its CCC-compliant, globally interoperable solution framework ensures readiness for standardized deployment. The solution’s purpose-built cloud system with open APIs enables fast, cost-efficient integration while remaining scalable and adaptable across different vehicle models and mobility platforms. Over time, this flexibility also creates new revenue opportunities through premium digital key and connected services.

For users, the digital key can be accessed seamlessly through their smartphone, combining convenience with robust protection. Secure authentication and UWB-based proximity-based verification safeguard against unauthorized access, while controlled key sharing allows owners to grant temporary access to family members, friends, or service providers — without compromising privacy or data integrity.

III. Conclusion

This article explored how the digital key ecosystem connects multiple systems and communication layers – from backend platforms to in-vehicle components and user applications – to deliver an end-to-end vehicle access experience. The jointly developed solution by AUTOCRYPT and Valtech Mobility GmbH exemplifies how an integrated approach can achieve security, scalability and user accessibility in unision.

Building on its proven expertise in Digital Key solutions, AUTOCRYPT continues to develop tailored digital infrastructure and foster strong technology synergies with global partners to advance the future of connected mobility.

Learn more about our Digital Key expertise at https://autocrypt.io/products/digital-key/.

29 September, 2025 . 6 mins read

Securing Electric Vehicle Charging Infrastructure

EV charging infrastructure sits at the center of the electric mobility transition. Yet according to the The HERE-SBD EV Index 2025, limited charging access remains the top barrier to EV adoption, with more than half of respondents (53%) citing a perceived lack of charging access as their primary concern.

Expanding the availability of charging stations is crucial, but so is securing the digital backbone that supports them. Public charging points are no longer simple power outlets, but digital infrastructures that handle sensitive information such as personal identifiers, payment credentials and vehicle contract certificates. Without robust safeguards, these data can become points of vulnerability, slowing adoption.

This blog explores three cornerstone frameworks shaping EV charging security — ISO 15118-2 (2014), the Open Charge Point Protocol (OCPP) 2.0.1 (2020), and the EU Cyber Resilience Act (CRA) (2023). By examining their roles and how they interconnect, we aim to simplify compliance in the EV charging ecosystem and highlight how integrators like AUTOCRYPT can help turn these standards and regulations into practice.

I. Interconnected Pillars of EV Charging Security

Securing EV charging infrastructure depends on three complementary pillars, each addressing a different layer of the ecosystem.

A) ISO 15118-2 (2014): Securing the EV, Charger Interface

The ISO 15118 multi-part standard (i.e. Part 1 – 2013, Part 2 – 2014, Part 3 – 2015, Part 20 – 2022) defines secure, interoperable communication between the vehicle and the charging station. While each part addresses different aspects of EV-EVSE interaction, Part 2: Network and application protocol requirements is especially significant as it lays out the technical implementation for managing secure communication flows.

ISO 15118-2 (2014) mandates that EV and EVSE establish a TLS-secured channel for direct current (DC) charging using certificate-based authentication. Within this secure channel, the Plug&Charge contract exchange is executed: the EV presents its contract certificate and the charger verifies it with the backend, enabling seamless authentication and billing. Later updates in ISO 15118-20 (2022) expand these provisions to cover both alternating current (AC) and direct current (DC) charging, as well as Vehicle-to-Grid (V2G) bidirectional energy flows.

Together, these measures ensure that the EV-charger handshake is both seamless and secure, protecting against spoofing and unauthorized access.

B) Open Charge Point Protocol (OCPP) 2.0.1 (2020): Securing the Charger, Backend Interface

The Open Charge Point Protocol (OCPP) 2.0.1 provides an open, interoperable standard for communication between charging stations and backend systems such as Charging Station Management System (CSMS) and mobility operators (MO).

OCPP 2.0.1 requires charging stations and backend systems to establish a TLS 1.2-secured channel with mutual authentication. Over this protected connection, OCPP defines operational protocols ranging from standardized message formats for anomaly reporting to the use of digitally signed meter values that ensure billing accuracy.

By embedding these measures, OCPP ensures chargers remain trusted, manageable and interoperable throughout their operational life.

C) Cyber Resilience Act (CRA) (2023): Hardware and Software Lifecycle

Although the Cyber Resilience Act (CRA) does not specifically target EV charging infrastructure, it strengthens EVSE security by covering hardware, firmware and backend systems under the category of “products with digital elements.”

Under the baseline obligations of the CRA, all EVSE must be secure at launch and throughout use, with manufacturers required to conduct conformity assessments before placing products on the market. Moreover, the CRA mandates secure update mechanisms such as OTA updates, vulnerability handling processes including coordinated disclosure, and obliges manufacturers to report actively exploited vulnerabilities.

In doing so, the CRA provides the regulatory umbrella that ensures ISO 15118 and OCPP implementations are maintained securely and transparently across both hardware and software layers.

Interconnected Security Chain

Viewed together, these three pillars create a security chain rather than isolated requirements. ISO 15118-2 secures the EV-charger interface, OCPP 2.0.1 governs charger-backend communications, and the EU Cyber Resilience Act sets mandatory cybersecurity obligations across hardware and software. Combined, they form an interconnected framework that strengthens resilience, ensures compliance, and builds trust throughout the entire EV charging ecosystem.

II. Autocrypt as the Integrator

AUTOCRYPT combines a deep understanding of standards-based requirements with practical expertise to deliver a wide range of solutions for securing EV charging infrastructure. By aligning with ISO 15118 and OCPP, and offering dedicated guidance on CRA compliance, AUTOCRYPT acts as an integrator that embeds end-to-end trust across the entire EV charging chain.

A) AutoCrypt® PnC

The AutoCrypt® PnC protocol incorporates mechanisms for both secure communication and PKI-based certificate management. Built on the ISO 15118 PKI authentication framework, it secures the vehicle-to-grid (V2G) communication interface through encryption and certificate-based trust. Moreover, designed for integration with OCPP, AutoCrypt PnC ensures contracts verified in the backend are securely delivered to the vehicle.

In doing so, it bridges front-end communication between the EV and charger with back-end contract flows, creating an unbroken chain of trust.

B) EVIQ™ Platform

Addressing the growing need for a unified and secure EV charging ecosystem, the EVIQ™ Platform combines applications, charger tools and management systems into one solution. Supporting Plug&Charge protocol outlined in ISO 15118 and fully compliant with OCPP 1.6, EVIQ provides both user-facing and operator-facing functions.

Together, these components make EVIQ a comprehensive platform which strengthens both user convenience and operator control.

C) CRA Consulting Service

With the EU Cyber Resilience Act (CRA) set for full enforcement in 2027, AUTOCRYPT’s CRA Consulting Service helps stakeholders systematically prepare for compliance. This includes support for OEMs, CPOs and mobility operators on security-by-design requirements, vulnerability management and update processes, compliance documentation.

By guiding clients through each step, AUTOCRYPT ensures ISO 15118 and OCPP implementations are maintained securely and transparently, offering a clear pathway to regulatory readiness well ahead of the enforcement deadline.

III. Safeguarding the EV Charging Security Chain

The path to secure EV charging is not defined by a single standard or regulation, but by the interconnected security chain of ISO 15118, OCPP and the EU Cyber Resilience Act. Together, they safeguard the EV-charger handshake, protect the charger-backend connection, and ensure the long-term resilience of hardware and software systems.

AUTOCRYPT plays a pivotal role in uniting these layers. Through solutions such as AutoCrypt® PnC, EVIQ™ Platform and CRA Consulting Service, the company translates complex standards and regulatory requirements into practical, operational security across the charging ecosystem.

As EV adoption accelerates worldwide, AUTOCRYPT remains committed to building end-to-end trust and driving sustainable growth by continually expanding its suite of solutions for EVSE manufacturers, operators and mobility providers.

Learn more about our products and solutions at https://autocrypt.io/all-products-and-offerings/.

16 September, 2025 . 3 mins read

AUTOCRYPT and Valtech Mobility Showcase Digital Key solution at IAA Mobility 2025

AUTOCRYPT, a leading provider of automotive cybersecurity and digital key solutions, has partnered with Valtech Mobility GmbH to deliver a secure and flexible digital key ecosystem which references the standards of the Car Connectivity Consortium (CCC), for global OEMs and users. Both parties announced a strategic partnership at IAA Mobility 2025. As the first step in this partnership, the two companies revealed a jointly developed demo of their Digital Key management solution.

Under this partnership, Valtech Mobility leads the development and integration of in-vehicle applications and backend user data management, enabling seamless connectivity between in-vehicle apps and user management backends. AUTOCRYPT provides its cutting-edge expertise in vehicle and user authentication, certificate-based key management, and security infrastructure, ensuring robust protection of digital credentials throughout the lifecycle.

The Digital Key Solution with Ultra-Wideband (UWB) technology allows drivers to lock, unlock and start their vehicles seamlessly with their smartphone, while ensuring robust protection against cybersecurity threats. With built-in vehicle and user authentication and secure cross-account key management, the solution integrates with OEM servers to block unauthorized access and support for safe, efficient vehicle key management.

Developed on a purpose-built cloud system with APIs, the end-to-end solution builds on the proven expertise of both companies: AUTOCRYPT, a trusted CCC(Car Connectivity Consortium) member, provides security stacks for vehicle and user authentication, while Valtech Mobility is a global leader in backend platforms and in-vehicle applications, with over 25 years of experience supporting leading OEMs.

For OEMs and fleet operators, this enables seamless integration of a Digital Key system that follows the standards of the CCC and scales flexibly to their needs while unlocking new premium service opportunities. For users, it enhances accessibility and convenience, offering secure vehicle control through their smartphone and the ability to delegate access to others with confidence.

“We are excited to showcase our secure, flexible, future-proof Digital Key solution for OEMs and users, bringing together the strengths of both companies,” said Seokwoo Lee, Founder and CEO of AUTOCRYPT. “With rising demand for robust yet accessible Digital Key solutions, we aim to continue expanding our automotive infrastructure offerings to meet these needs.”

Moving forward, AUTOCRYPT and Valtech Mobility plan to deliver tailored digital infrastructure solutions for OEMs, mobility service providers, and other clients, accelerating user experience innovation through vehicle digitalization.

To learn more, visit autocrypt.io.

About Autocrypt Co., Ltd. 

AUTOCRYPT is the leading player in automotive cybersecurity. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, and CRA.

About Valtech Mobility

Valtech Mobility is a global software company delivering full-service digital solutions for connected mobility. The company designs, develops, and operates digital platform services and products for vehicle manufacturers and new mobility providers. With a team of more than 650 experts passionate about vehicle software, Valtech Mobility is a leader in User Experience, Automotive Cloud platform development and operations, Data & AI, and Android Automotive. The company manages the complexity of more than 50 OEM services across 370 versions within an ecosystem of 40 million connected cars in 65 markets.

3 September, 2025 . 8 mins read

Evolution of AI in Automotive Safety

In recent years, headlines showcasing how AI technology is being incorporated into automotive software solutions have become increasingly common. The establishment of dedicated AI facilities (e.g. Izmo’s Automotive AI Factory, Qualcomm’s AI R&D Center) and collaborative initiatives regarding Automated Driving Assistance System (ADAS) development (e.g Bosch & Cariad, GM & NVIDA) are just a few examples of how the automotive sector is rapidly embedding AI across the vehicle lifecycle.

When it comes to automotive safety software, AI adoption has advanced along two simultaneous fronts. In one dimension, AI is positioned as a Safety Enabler, actively embedded in tools and solutions to strengthen resilience, detect risks and improve the reliability of vehicle platforms. From another perspective, AI is treated as a Safety-Critical Element, subject to rigorous standards and certifications to ensure that its deployment is trustworthy, robust and auditable.

This blog aims to explore these two complementary perspectives on AI in automotive safety — one driven by industry innovation and the other shaped by regulatory and standards-based assurance. Together, they illustrate how AI has evolved from a promising technology to a core component of both engineering practice and compliance frameworks.

AI as a Safety Enabler

Across both the development and operational stages, OEMs, Tier1 suppliers and cybersecurity firms are applying AI to augment safety functions — strengthening resilience through proactive risk detection, automated testing and system-wide awareness.

I. Development Stage

In the development stage, AI is increasingly used to validate safety-critical components by automating test generation and expanding scenario coverage.

Fault Injection and Vulnerability Testing

Traditional fuzzing relies on random or manually crafted test inputs, which can miss subtle flaws. AI-enabled fuzzing, by contrast, generates protocol-specific, context-aware test cases at scale, uncovering vulnerabilities more quickly and systematically. A representative example is the AutoCrypt CSTP Security Fuzzer Solution which leverages AI-generated inputs to probe in-vehicle communication protocols and expose weaknesses in ECUs, braking controllers and telematic units with greater depth and coverage.

Scenario Generation & Simulation

Another area where AI enhances safety is in the generation of synthetic, edge-case scenarios that supplement baseline test datasets. Addressing a key challenge of ADAS and AV validation surrounding reflection for rare, safety-critical scenarios, AI allows engineers to proactively evaluate system safety under unusual conditions. The Gatik Arena platform illustrates this approach, employing techniques such as NeRFs, 3D Gaussian splatting and diffusion models to create synthetic scenarios, which are then fed into a modular simulation engine for end-to-end validation.

System-Level AI Safety Architecture

Beyond individual tools, AI is also embedded into holistic safety frameworks that span the entire lifecycle of software-defined vehicles. These frameworks account for the multi-dimensional nature of automotive software, monitoring and validating AI performance from training to deployment. The NVIDIA AI Systems Inspection Lab highlights this application, offering a safety framework that integrates cloud-based training oversight, model inspection and in-vehicle runtime validation to ensure system-wide assurance.

II. Operational Stage

AI also plays a crucial role in maintaining and extending safety during vehicle operation, both at the individual and fleet level.

Sensor-Aided Risk Detection

Leveraging multi-modal data fusion, AI enables vehicles to analyze real-time inputs from tires, cameras, radar and LiDAR to identify conditions that could compromise safety. The collaboration between AEye and Blue–Band illustrates this approach: by combining AEye’s OPTIS™ autonomous system and Apollo long-range LiDAR with Blue–Band’s AI orchestration platform, the solution delivers real-time insights for traffic monitoring, incident detection, and adaptive road safety management.

Fail-Safe & Safety Redundancy Systems

Overcoming the limitations of traditional automotive systems which often fail to account for systemic decision-making errors, AI continuously interprets both the driving environment and system health to determine when fallback responses are necessary. The patent for Guident’s Remote Monitoring and Control Center (RMCC) represents this scenario: it’s AI-driven fusion system processes sensor data from multiple autonomous vehicles and can assume remote control when risk levels exceed predefined safety limits.

Distributed Sensor Fusion & Fleet-Level Threat Analysis

Reflecting the fact that safety hazards regarding environmental disruptions affect entire fleets, AI enables fleet-level data aggregation and threat analysis, transforming distributed sensor inputs into system-wide safety insights. NIRA Dynamic’s partnership with BANF demonstrates this with the integration of triaxial tire sensor data into fleet management systems, enabling large-scale hazard detection and broadcast-level warnings to improve fleet safety.

AI as a Safety-Critical Element

While AI enables safer and more resilient automotive systems, it is also recognized as a safety-critical element requiring rigorous evaluation to ensure trustworthiness. This perspective is reflected in a series of international standards: ISO 26262: 2018, ISO 21448: 2022 and ISO/PAS 8800: 2024.

I. ISO 26262: 2018 (Functional Safety)

The ISO 26262 standard focuses on addressing hardware and software faults inside road vehicles that can lead to hazardous behavior. While it does not directly reference AI or ML, AI modules are implicitly covered as safety-related component that may fail due to defects in software implementation, hardware execution, or system integration.

The first connection appears in the definition of a “safety-related item” under Part 3. System & Item Definition. Any component which failure could lead to a hazard qualifies, and thus AI modules can be treated as such. Similarly, Part 3. System & Item Definition and Part 4. Hazard Analysis & Risk Assessment (HARA) define “hazards” as malfunctions requiring assignment of an Automotive Safety Integrity Level (ASIL). Under this framework, AI failures such as object misclassification or a neural network crash can be classified and addressed as safety hazards.

The standard also indirectly applies to AI within software and hardware development. For example, Part 5. Hardware Development requires diagnostic coverage and safety mechanisms for critical hardware faults. This extends to SoCs or accelerators running AI inference (e.g. GPUs, NPUs), which must be safeguarded to prevent silent failures that could compromise AI workflows.

While ISO 26262 provides a baseline framework for addressing AI malfunction scenarios, it falls short in covering the non-deterministic behavior of AI systems. These gaps have prompted the development of complementary standards — ISO 21448, ISO/PAS 8800 — to more fully address AI-related safety risks.

II. ISO 21448: 2022 (Safety of the intended functionality, SOTIF)

Whereas ISO 26262 focuses on risks from system malfunctions, ISO 21448 addresses situations where the system behaves as designed but still poses safety risks under certain conditions. As with ISO 26262, terms explicitly referencing AI or machine learning are absent. Nevertheless, the standard is widely recognized as highly relevant to AI-driven systems, which are especially sensitive to incomplete data, edge cases and unknown scenarios.

One key concept appears in Clause 11. Hazardous Scenarios, which introduces the distinction between “known hazards” (anticipated cases) and “unknown hazards” (unanticipated conditions). The latter is particularly relevant to AI, as machine learning models are prone to failure when exposed to out-of-distribution inputs. The standard emphasizes the need to achieve acceptable residual risk even in such unknown conditions.

Expanding beyond definitions, Clause 9. Verification and Validation stresses the importance of robust validations strategies that go beyond normal operating conditions. This is especially critical for AI/ML systems, as traditional deterministic testing methods cannot guarantee complete coverage of rare, long-tail scenarios.

By incorporating concepts of non-deterministic behavior and unquantifiable risks, ISO 21448 plays a crucial role in framing AI-related safety challenges in automotive systems. It highlights how limitations in AI perception and decision–making can result in unsafe outcomes. However, with methodologies for residual risk evaluation still relying on conventional statistical methods, there remain limitations in guaranteeing coverage for rare or unforeseen inputs.

III. ISO/PAS 8800: 2024 (Safety and artificial intelligence)

Building on the foundations of ISO 26262 and ISO 21448, ISO/PAS 8800 provides the first global assessment framework dedicated to systematically evaluating AI systems in road vehicles. The document explicitly states its intent to extend and adapt the principles of functional safety (ISO 26262) and SOTIF (ISO 21448) to AI and machine learning elements.

ISO/PAS 8800 raises AI-specific safety concerns directly, linking identified hazards to clear safety requirements and goals. It details procedures covering the entire lifecycle of AI systems including dataset quality management, model development and safe deployment practices. In addition, the standard also places emphasis on runtime monitoring and post-deployment governance, ensuring continuous oversight of AI performance.

Through this framework, ISO/PAS 8800 ensures that AI safety measures are embedded from the earliest stages of system design through post-deployment operation, closing gaps left by prior standards and providing a structured foundation for AI assurance in automotive systems.

Future Progress of AI in Automotive Safety

As illustrated in the previous sections, the automotive safety industry has approached AI from two contrasting angles: as a defense mechanism to strengthen safety levels, and as a potential risk factor requiring strict evaluation. Nevertheless, both perspectives converge on the same overarching goal — leveraging AI to improve resilience of automotive systems against internal flaws (i.e. software errors, model weakness) and external risks (i.e. environmental hazards, cyber threats).

Looking ahead, the progress of AI in vehicle systems will center on two parallel developments: advancing innovation in AI-driven safety tools and establishing rigorous compliance and certification frameworks. As this dual evolution unfolds, AUTOCRYPT is committed to playing a leading role in not only providing solutions that integrate AI to enhance safety and resilience but also by staying closely aligned with the evolving regulatory landscape that governs the safe deployment of AI-embedded vehicle systems.

Learn more about our products and solutions at https://autocrypt.io/all-products-and-offerings/.

21 August, 2025 . 3 mins read

AUTOCRYPT Designated as Official AWS Software Partner 

AUTOCRYPT, a leading automotive cybersecurity solutions provider, announced that the company’s automotive software testing tool, AutoCrypt CSTP Fuzzer, successfully received the Amazon Web Services (AWS) Foundational Technical Review (FTR) validation, enabling the solution to earn Partner Software Path Certification. The FTR is a rigorous technical assessment conducted by AWS to ensure that solutions meet best practices in areas such as security, reliability, and operational compliance. This achievement lays the groundwork for offering the solution in a cloud-based Software as a Service (SaaS) format.  

The AutoCrypt CSTP Fuzzer solution is a key component of the AUTOCRYPT’s Cybersecurity Testing Platform (CSTP), a security diagnostic tool that leverages fuzzing techniques to automatically detect and analyze potential vulnerabilities around vehicle communications. By passing the AWS FTR validation process, the solution has demonstrated compliance with AWS standards for Security, Reliability and Operational Excellence.  

Strengthening Global Presence with AWS Integration 

Through listing the solution on the AWS Marketplace, AUTOCRYPT anticipates expanded opportunities to serve international markets by making it easier for customers to access its authorized software solutions. With the solution accessible through virtual Windows environments based on Amazon WorkSpaces, a fully managed desktop computing service, users can perform security testing and proof-of-concept (PoC) activities in a SaaS environment without complex installation or hardware setup.

Cybersecurity Mandates Fuel Demand for SaaS solutions  

With automotive cybersecurity regulations set to become mandatory by 2028 for most vehicles sold globally — and the Cyber Resilience Act (CRA) extending security requirements across all digitally connected industries — demand for cloud-based SaaS solutions have emerged as a strategic choice for stakeholders seeking to balance development efficiency and regulatory compliance.  

In response to these shifts, AUTOCRYPT is pursuing broader cloud-based deployment of its automotive cybersecurity solutions, starting with the launch of AWS-certified SaaS products. This supports the company’s long-term strategy to scale its SaaS business model, diversify revenue streams, and accelerate international growth.  

Founder and CEO, Seokwoo Lee said, “This marks a significant milestone for Autocrypt as it validates the reliability of our technology within the cloud ecosystem. With the global SaaS market projected to reach USD 370 billion, and the automotive software market estimated at USD 600 trillion by 2030, we are committed to reinforcing our global footprint by positioning cloud-based security solutions as a key pillar of future growth.”   

Learn more about the AutoCrypt CSTP Fuzzer solution and Autocrypt’s security solutions at autocrypt.io. 

About Autocrypt Co., Ltd. 

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, as well as other emerging global standards.  

14 August, 2025 . 6 mins read

An Integrated Approach to Automated Driving System (ADS) Validation

As we enter an era increasingly populated by highly autonomous vehicles, there is a vast range of dynamic driving scenarios that Automated Driving Systems (ADS) may encounter. From hazardous environmental conditions to internal system failures and external cybersecurity risks, ensuring ADS safety across diverse operating situations is essential for enabling safe autonomous driving experiences.

The recent release of “ISO 34505: 2025” underscores this need by providing a structured framework for generating, evaluating and managing test scenarios that reflect real world driving conditions. By standardizing how test scenarios should be defined and tested, the initiative aims to enable consistent, repeatable validation practices across the industry and thereby support development of robust ADS provision.

As autonomous systems grow more complex, the need for robust, scalable validation practices become increasingly critical. In response, an integrated approach — combining regulatory audits, system-level testing and adversarial simulations — provides OEMs and Tier 1 suppliers a structured path for both vehicle safety and regulatory compliance. Focusing on cybersecurity, this blog outlines the key components and methodologies of ADS Validation, and demonstrates how an integrated approach can be effectively executed.

Automated Driving System (ADS) Validation: Approach & Methodology

According to “SAE J3016: 2021”, Autonomous Driving System (ADS) refer to the collective technology stack responsible for performing dynamic driving tasks (DDT) at SAE Level 3 and above. With the system taking full responsibility for autonomous decision-making and vehicle control, validating ADS safety calls for identifying diverse validation targets and a multidisciplinary process for executing them.

I. Approach

The UNECE WP.29 Working Group emphasizes ADS Validation should be approached from multiple angles, including audit and assessment, simulation and virtual testing, real-world testing and more. Drawing on key industry whitepapers (e.g. The Autonomous Working Group, Association for Standardization of Automation and Measuring Systems, Mercedes-Benz), validation efforts can be broadly categorized into three core pillars: functional performance, internal system reliability and external cybersecurity resilience.

The first pillar, Functional Performance, focuses on ensuring the embedded vehicle system behaves as expected across a full range of driving conditions — particularly under abnormal scenarios such as complex environments or sensor limitations. In alignment with the “ISO 34505: 2025” standard, which outlines scenario-based ADS testing, this pillar evaluates system capabilities in perception, decision making and control execution under realistic conditions.

The second pillar, Internal System Reliability, addresses resilience against system-level faults. This includes the inspection of fault detection mechanisms, hardware failure mitigation strategies, and adherence with Automotive Safety Integrity Level (ASIL) grades. Relevant to the “ISO 26262: 2018” standard defining the framework around electrical/electronic (E/E) system failures, this pillar assesses the system’s ability to maintain safety in the presence of internal malfunctions.

The third factor, External Cybersecurity Resilience, evaluates the system’s tolerance against external cybersecurity threats. Verification over secure communication and data integrity under potential attacks such as vehicle hacking, spoofing and denial-of-service (DoS)) is a key objective of this pillar. Associated with the “ISO/SAE 21434: 2021” standard illustrating cybersecurity risk management for vehicle E/E systems across the lifecycle, this phase assesses the system’s ability to proactively mitigate attack vectors targeting sensors, ECUs and OTA updates.

II. Techniques

While various techniques exist to evaluate functional performance, system reliability and external attack resilience, this blog focuses on three core cybersecurity validation methods — Compliance Auditing, Software-in-the-Loop (SiL) Module Testing, Hardware-in-the-Loop (HiL) Penetration Testing — to better illustrate the differences across diverse validation approaches.

The first technique, Compliance Auditing, focuses on verifying whether development practices and system architectures align with established safety and cybersecurity regulations (e.g. ISO/SAE 21434, UN R155). This method is widely used by OEMs and Tier 1 suppliers to conduct gap analyses during early-development stages or in preparation for CSMS Certification audits, to check whether internal processes conform to regulatory requirements.

AutoCrypt CSTP Compliance serves as a representative tool to accommodate these needs by validating vehicle vulnerabilities on a unified platform. It supports multiple testing domains including Security Validation, Functional Testing, Penetration Testing, Fuzz Testing and Vulnerability Testing and consolidates results into a comprehensive report suitable for regulatory submission. By combining testing execution and documentation, it reduces redundant tasks and streamlines the compliance process.

Another key validation technique is Software-in-the-Loop (SiL) Module Testing, which assesses robustness of embedded security components in virtualized test environments before hardware integration. Commonly applied to TEE (Trusted Execution Environment) based key management testing and V2X certificate handling simulation, this technique enables rapid iteration and early validation of security logic in controlled conditions, before advancing to high-cost hardware testing.

In accordance with these needs, the AutoCrypt CSTP Functional Tester validates hardware-dependent security functions using virtual ECU models in a Software-in-the-Loop (SiL) environment. By integrating communication interfaces, debugging tools, ECU source code and test code, this solution facilitates early detection of design flaws and integration issues well before mass production.

Another core testing approach is Hardware-in-the-Loop (HiL) Penetration Testing, which evaluates cybersecurity resilience of physical ECUs by simulating real-world attack vectors in controlled HiL testing environments. Often applied for in-vehicle network fuzz testing and Telematics Control Units (TCUs) penetration testing, this technique identifies system vulnerabilities under actual runtime configurations, moving beyond theoretical scenarios.

Serving this purpose, the AutoCrypt CSTP Fuzzer solution actively injects malformed, unexpected inputs into in-vehicle networks to test ECU-level resistance to cyber intrusions. Covering a broad spectrum of communication layers including the Network Layer (e.g. CAN, CAN-FD, Automotive Ethernet), Application Layer (e.g. UDSonCAN, UDSonCAN-FD) and Transport/Data Layer (e.g. VehicleCAN, VehicleCAN-FD), the tool enables precise testing of vehicle systems under a wide range of adversarial conditions.

Effective ADS Validation through an Integrated Approach

With a wide range of checkpoints to address and multiple techniques available, establishing a cohesive and effective strategy for ADS validation is essential. To meet this need, a structured progression — from Compliance Auditing to Software-in-the loop Testing and finally to Penetration Testing — offers a practical pathway for comprehensive and efficient ADS validation.

At the first stage, Compliance Auditing defines the baseline and sets the strategic direction through regulatory compliance and process control.
Next, software design implementation and testing activities are supported through Software-in-the-Loop (SiL) Module Testing, which enables validation before hardware integration.
Lastly, Hardware-in-the-Loop (HiL) Penetration Testing technique can be utilized to observe real-world cybersecurity readiness under adversarial conditions.

This layered approach demonstrates how each phase builds upon and reinforces the next, enabling a robust and scalable validation framework.

With AUTOCRYPT being an authorized Vehicle Type Approval (VTA) Technical Service (TS) Provider , the firm is uniquely positioned to integrate diverse testing techniques and facilitate comprehensive ADS validation through the AutoCrypt CSTP Platform. From the AutoCrypt CSTP Compliance, which ensures design-level safety, to the AutoCrypt CTSP Functional Tester, which verifies correct functional behavior and the AutoCrypt CSTP Fuzzer able to test attack resilience, the platform enables a unified security analysis by consolidating all validation layers into a single, integrated platform.

Supporting a streamlined process for Vehicle Type Approval from ADS validation to export of results into compliance documents (e.g. TARA Report, Cybersecurity Test Report), the whole approval process can be effectively managed.

To learn more about the Autocrypt CSTP platform, check this page. For more information about our comprehensive suite of our automotive products & offerings, check this page.