An introduction to Automotive Identity 4.0

How innovating automotive identity will open many doors to agile, data-driven automotive businesses tomorrow and beyond

Ricky Thiermann
Jan 23, 2020 · 11 min read

Today’s centralized system of automotive identity is anchored in a paper birth certificate and conventional databases administered by state authorities and insurance companies. These straightforward systems have served the industry well for decades, but a more multi-dimensional, multi-stakeholder digital twin model is needed to enable and coordinate the transformations of the Auto Industry 4.0. Spherity is participating in the elaboration and adoption of such a model, which will make automotive data flows more agile and flexible, enabling the data-driven, silo-free use cases that today’s automotive industry is carefully retooling to build.

Since Ford invented the first modern assembly line in 1913, our mental image of car manufacturing has been the face of modern industry: exact, coordinated, impersonal, and consistent. But cars have gotten astronomically more complex in the century since Ford, as has the global supply chain feeding that assembly line with components and subsystems. Hundreds of corporations are involved in the designing, testing, and manufacturing of any given model of car (and the machines that assemble that car), even if only one ornament is attached to the hood and one brand name gets written on the trunk.

The day each unique car rolls off the assembly line, it is “born” and an original title (sometimes called a car’s “birth certificate”) is issued to it, much like a human birth certificate. In essentially all countries where cars are manufactured, this process is strictly controlled to make sure a unique serial number engraved on both the chassis and the engine block matches the unique record number of that car’s title.

Depending on the jurisdiction, an original title can also include specific model/submodel information, manufacturing history, serial numbers of required safety, self-diagnosing, or tracking components, and ownership information. Most importantly, though, these “birth records” are filed directly with government agencies and contractors that track cars, serving as the root of a chain of linked ownership records, which get updated over time until the end of the car’s life.

A car is not a unitary, “manufactured” thing, but instead as a kind of organic collection, an ensemble of systems and subsystems with many parts that get replaced or upgraded over the life of a car. As more and more of these parts produce, record, and exchange data, or even transmit data to the outside world, the identity needs of this ensemble grow exponentially! After all, the identity of physical parts can only be compromised by unscrupulous repairs, but the data coming from inside a car can be intercepted, impersonated, or adulterated wherever that data travels.

This is why a Spherity digital twin for a car is less a unitary data storage concept than a hub of identities linked to internal and external data stores. All the key data-producing and self-diagnosing components need to be uniquely identified and tracked in case of future recalls or other aftermarket remediation efforts. As the frequency of software and firmware specific aftermarket remediations increases over time, and as the supply chains for this critical hardware and software gets more and more independent of specific car manufacturers, this kind of tracking will grow more and more critical to guaranteeing reliable data at its points of origins within cars.

Particularly when you consider the potential for malicious code to enter this growing intercontinental ecosystem, strong identity for data-producing components looks more and more like the lynchpin of a whole emerging machine economy hanging on the integrity of automotive data. In a sense, that machine economy is already here, or at least, Spherity is helping to lay the groundwork and infrastructure for that economy. Based on our work to date, we foresee this economy’s rollout as coming in three distinct, sequential phases:

  1. Data acquisition
  2. Data sovereignty & mobility services
  3. Data marketplaces

Phase 1: Data acquisition

The first phase will focus strictly on the capture of existing data and the secure digitization of existing processes. For this to happen, process changes must be organized by taking into account the sensitivity of each kind of automotive data, which includes the privacy of car owners and end-users but also the confidentiality of the countless vendors, suppliers, and service providers involved before and after manufacturing of any given car. This is particularly complex for the growing portion of today’s cars and trucks that are insured, serviced, rented, and fractionally-owned in fleets.

Even if vendors and their suppliers have significant confidentiality requirements along the value chain before a car’s birth certificate is minted, that data can still be captured along the way and saved for later discreetly and securely. Given the complexities of ownership, insurance, and analytics that affect more and more vehicles after manufacturing, having robust and detailed pre-manufacturing traceability can add a lot of value, which justifies the legal and dataflow complexity.

To give a simple, real-world example, we could say that a car’s end-customer who buys the car new, the second owner who buys the car 5 years later, and the mechanics who work on these cars when either owner suspects a manufacturing defect would all want concrete information about the sourcing and manufacturing of critical parts built by subcontractors and third-party vendors. Today, that information is time-consuming to get and limited, since it is either in the public domain or in industrial reference libraries. Getting this information in the right hands, while still preserving the market niche and confidentiality that these vendors require vis-a-vis their competitors is entirely possible with our “digital twin” data model. This allows different kinds of auditors (including mechanics and insurers) to get different cross-sections of the history of the car, with anonymity or pseudonymity as needed for trade secrets of stakeholders or the personal data of others.

Relatively secure and efficient processes are already in place to apportion each car with a globally unique vehicle identity number and check the integrity and origins of all key parts at the time a deed is issued. These processes evolved over the decades with strong, centralized authorities (usually governmental) carry out these checks to ensure safety; the main shortcoming of these systems is not overhead or privacy but speed and flexibility. Digitizing these processes can address these shortcomings without adding much complexity or new friction. The same information that goes on a paper deed can go into a DID-controlled digital twin where it can be verified or selectively disclosed like any other sensitive information Spherity handles.

The resulting digital twin offers a kind of identity “anchor” and starting point for new kinds of remote, digital-first, and low-trust business transactions that would not have been possible with traditional paper-based identity. Designed in close, deliberative collaboration with all the shareholders represented in the international mobility open blockchain initiative​ (dltMOBI/, our automotive digital twins offer a kind of “firewalled”, multimodal identity for each car. All the participants in the initiative, from data infrastructure companies to OEMs to carsharing platforms to service providers, contribute in different ways to the list of use cases and data flows that this industry-wide, multimodal data model needs to be flexible enough to support. For privacy and compliance reasons, ownership information, government registration, financing, and insurance information are not written directly to the car’s digital twin, but stored in the responsible parties’ identity wallets, which are linked to it by pairwise DIDs.

This means that each relationship is, by default, separately encrypted and authenticated, making each relationship “confidential” to each other relationship until information is shared or individual access rights are granted. The legal requirements for disclosures about a car’s financing, ownership history, and component sourcing vary widely, and will diverge even more as new regulations demand higher levels of auditing and traceability. A flexible and automatable data flow is increasingly required of cars, which is why the first phase of Spherity’s vision is a future-proof data model for automotive identity.

Phase 2: Data sovereignty & mobility services

Once we’ve made the leap from a paper birth certificate to a decentralized digital twin and input all its ownership and insurance information, that car is ready to become a first-class citizen of the dynamic mobility ecosystem of the 21st century. The car’s identity and all the data it produces are “self-sovereign” in the sense that the digital twin’s rightful controller(s) can manage many different levels of access to its identity, data, and history as appropriate to a wide group of stakeholders. These arrangements vary according to the applicable legal and ownership frameworks, including new ones not yet designed!

One form this takes is a responsive and dynamic rental systems, allowing “last-mile” urban services like hourly rentals to be initiated spontaneously, without involving lots of intermediaries and overhead, if the renter and the rented car can share the relevant information and liability via decentralized identities. Indeed, the more dynamically and selectively cars and drivers can expose to one another the relevant information, the more frictionless and low-overhead we can assume these systems will grow.

As these systems are “roadtested” and grow more sophisticated, we can expect other forms of renting and fractional ownership to evolve as well. Fleet management, long-term rentals, self-driving cars and freight movers, and long-haul trucking are all sectors where partial ownership and information-sharing between stakeholders are already common, although highly frictious. More refined and powerful sharing of information will be pivotal in the further evolution of governance, efficiency-increasing secondary markets, and security audits in these sectors. Decentralized enterprise identity solutions like ours are designed to be extensible and customizable enough for these types of multi-stakeholder, low-trust contexts.

Phase 3: Data marketplaces

This last point about security audits might seem like a minor point to the untrained eye, but the control of a car’s historical repair data and the data produced by its internal sensors is as valuable as it is sensitive. Just as the shift towards electrical engines is terraforming the supply chains and economics of the historically gasoline-based industry, so too does the rapid evolution of insurance-tech, artificial intelligence, and real-time driving data affect the industry’s fundamental power dynamics.

Many recent analyses have shown the major data-trading companies are increasingly claiming a stake in the profits of the automotive industry. For instance, a 2016 McKinsey report predicts that the “paradigm shift to mobility as a service, along with new entrants, will inevitably force traditional car manufacturers to compete on multiple fronts. Mobility providers (Uber, for example), tech giants (such as Apple, Google), and specialty OEMs (Tesla, for instance) increase the complexity of the competitive landscape.” Partly, this has to do with data required by and produced by the rental market itself, but the same also applies to many other kinds of automotive data.

If the automotive industry fails to make strategic investments in data infrastructure, particularly decentralized infrastructure, they risk an expensive dependency developing over time. This dependency is easy to imagine: data giants like those that currently control most of the cloud and internet backbone could readily become essential middlemen and infrastructure providers by controlling the standards, the formats, or the transport of delicate driving data. So far, the most successful strategy for protecting against this risk of shared data utilities becoming “tollroads” has been to spread governance across (but within) the automotive industry: the for-profit HERE system for mapping/GIS data and the Linux Foundation’s Automotive Linux project are two such examples of industry-wide collaboration keeping governance of automotive data infrastructure in the industry’s hands while preserving healthy competition within the industry.

As we have argued elsewhere in broader macroeconomic terms, the best defense against this kind of rent-seeking “platformification” of driving data is supporting open standards and decentralization at the lowest level possible. The best way to protect the privacy of data subject (under GDPR and other European privacy frameworks), and the best way to resist the market power of the digital giants, is for OEMs to take a pivot role in building business models that directly interact with the data of car-owners and end-users.

We believe the most direct and unmediated relationship between an OEM and its end-users is one built on self-sovereignty, true data portability, trust, and respect. As we sketched out in our article on product identity, decentralized identity will build and deepen this relationship, changing the way we think about brands, recalls, customer loyalty, and even the design process. Cars will likely be the industry vertical where this gets implemented first, largely because of the relatively simple privacy requirements and the many uses and afterlives of driving data.

This disintermediation of the OEM-customer relationship will restructure what used to be a much more linear economy of middlemen and tollroads to a more distributed and interdependent ecosystem of service providers adding value. In large part, this is because various subsets, cross-sections, and aggregations of this granular driving data will prove increasingly valuable to traffic systems, safety auditors, researchers, designers, insurance companies, predictive repair systems, as well as to the evolution of the models generating that data. This demand will drive and incentivize unsiloed data exchange in many directions with many new players, creating a highly agile marketplace, provided credentialized trust supports and accelerates such business relationships beyond security perimeters.

Identity and trust fabrics are only one requisite for such an agile, unsiloed data marketplace. The driving data itself (the “raw material” or “oil” of such a marketplace) needs to be refined to be portable, usable, and salable. This includes “cleaning,” aggregated, collating it reliably to other data sets, and using it to train and refine algorithms. It also requires further technological advancement on anonymization and resilience to correlation and tracking, which is a non-trivial problem that decentralized identity will support and enable but not solve automatically.

The evolution of anonymization techniques, as well as the legal and ethic issues inherent to any new form of data involving real humans, are two nontrivial bottlenecks to this development. These problems, while serious, are also equally important to many other industry verticals and Spherity research areas. As decentralized identity becomes a shared utility and metaplatform between these industries, they will naturally pool resources and finding cross-industry technical and legal solutions. From this will naturally arise data processing service providers as an economic niche across all data marketplaces, accelerating the move to more data-driven and non-linear ecosystems around mobility and design, particularly in the vehicle space.

For all these reasons, we believe that further development of the decentralized identities in the mobility area will modernize this solid and sedimented industry, opening it securely to new business cases and value chains. In upcoming articles, we will elaborate on these identity-enabled forms of business, drawing lessons from our carsharing research to sketch the complex governance of tomorrow’s splintered and agile rental marketplaces. We hope this introduction to our big picture for automotive identity has sparked your curiosity, particularly if mobility topics are central to your livelihood or your passions.

If so, please reach out and talk to a representative for access to our enterprise-identity testbed where you can mock up an automotive (or a driving-data) use case today! Say

If you just want to stay sphered, feel free joining Spherity’s Newsletter list and following us on Linkedin.

Thanks to Juan Caballero


Boost Your Compliance and Security with Digital Identities.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store