Digital Key Use Cases
Go Beyond the Key Fob
The CCC Digital Key enables all the great features you currently experience with key fobs and smartphone-based proprietary key apps today, as well as unlocking a future of enhancements not available anywhere else. Security and privacy are at the core of the CCC Digital Key Specification, based on open state-of-the-art public key protocols, hardware-based key storage, and radio standards that ensure the proximity of the key with the vehicle. Furthermore, the architecture scales smoothly to the world’s mobility without placing an extra burden on backend services.
Read on to learn about each important aspect of how the CCC Digital Key operates in both the essential features of access and operation and the potential for new levels of convenience and safety.
Seamless key provisioning is an integral part of the overall user experience of CCC Digital Key, as it is likely the first interaction a vehicle owner will have with the CCC Digital Key System. Any mobile device that meets the technology and security requirements of the CCC Digital Key can be paired with a similarly equipped vehicle. Each vehicle can have only one ‘owner’ device, but multiple CCC Digital Keys are associated with it on ‘friend devices’ – great for sharing, car hire, and other business uses.
Hands-Free & Proximity Vehicle Access
The CCC Digital Key enables hands-free passive keyless entry at the same level of comfort and safety as classic hands-free passive entry and start, provided by many vehicle models today. The CCC Digital Key can be used to access a vehicle, start the engine, immobilize the vehicle, or authorize any other operation. No interaction with the mobile device is required. The smartphone can stay in the user’s pocket.
The mobile device and vehicle mutually authenticate for hands-free access, and the vehicle verifies that the mobile device’s CCC Digital Key authorizes the requested operation. Ultra-wideband radio (UWB) time-of-flight measurement prevents attackers from using relay attacks (based on signal amplification) to trick the vehicle into thinking that the mobile device is nearby when it is not – this protection is called ‘secure ranging.’
Alternatively, CCC Digital Key may be used by simply placing a mobile device near the vehicle’s NFC reader. The limited operational range of NFC prevents attackers from fooling the car into thinking the device is closer than it is. The UWB – BLE combination and NFC utilize the authentication protocol’s privacy to ensure that anyone monitoring wireless communications cannot track the user or their mobile device. When a user’s phone shuts down due to a low-battery condition, the NFC access will continue to operate, eliminating any anxiety due to a flat battery.
Today, people can share their car keys with friends and family by simply giving them the physical key or key fob. Sharing digital keys should be just as effortless, seamless, unrestricted – and, yet, better. The CCC Digital Key improves the sharing experience by enabling users to share multiple keys without giving someone anything physical. For example, I can give my friends access to my vehicle, so they can use it while I’m far away on vacation, or I can give my child access without authorization to start the engine.
How does this work? The owner sets up smartphones for other people as ‘friend devices’ by sending a sharing link. Several friend devices can be added for a given vehicle, but recipients may not share this access onward. The CCC Digital Key framework establishes a secure communications channel between the two devices, through which the owner device signs (approves) the friend device’s digital key (public key), and necessary signatures (approvals) are obtained from the vehicle OEM server. To ensure that the shared CCC Digital Key is usable only by the intended recipient, the owner may optionally provide them with sharing passwords and/or PINs communicated on a different channel than the sharing link.
This sharing capability also provides the necessary underpinnings to support fleet, ridesharing, rental, and other commercial services.
Unlike physical keys and key fobs, CCC Digital Keys can be quickly terminated or suspended anytime from friend devices, owner devices, vehicles, and/or OEM servers. There are many reasons that CCC Digital Keys may need to be terminated or suspended. For example, a user may decide that they or a friend no longer need access to a vehicle, or they may want to terminate all CCC Digital Keys associated with a stolen or compromised mobile device – or suspend them if the device is lost. The user may have sold their vehicle or may want to factory reset it, and so on.
Because the life cycle of a mobile phone is typically shorter than a car, a user may need to change the owner’s phone. CCC Digital Key can be reactivated on a new owner’s phone, while CCC Digital Keys on friend devices remain — something quite impossible with traditional keys. Termination is permanent and requires sharing a new CCC Digital Key to restore access. At the same time, suspension is temporary and disables a CCC Digital Key until it is resumed.
Each CCC Digital Key contains several attributes and authorizations, encapsulated in standard access entitlement profiles, that describe how and when it can be used. These properties allow each CCC Digital Key to be customized, enabling new use cases, features, and personalization.
In addition to standard properties, custom entitlements (if provided by the vehicle OEM) may also be used to enable additional use cases or to include service-specific information. An owner can restrict how the shared CCC Digital Key can be used. An owner can:
- Share access with anyone for a specific amount of time
- Allow entry into a vehicle but not the ability to start the engine
- Lock and unlock a vehicle
- Give permission and ability to drive a vehicle
- Adjust the maximum speed for a driver
- Only allow access to the trunk or another specific compartment (such as for delivery or pick-up services)
- Permit cabin access but not engine start or mobilization
CCC Digital Keys also provide a secure storage container to store vehicle-related personalization settings, preferences, and other metadata, to provide a customized experience.
The basic properties of Friend Keys described above enable many car-sharing use cases, especially those for a private owner. But what if the actual owner of the vehicle is a company with a fleet of vehicles? The CCC Digital Key architecture provides for a Server-Based Owner Device, actually no ‘device’ at all, but a list of owner keys associated with vehicles on a computer server controlled by the fleet owner. Fleet owners may be as small as the local plumbing shop with a few trucks to as large as global car rental agencies. The entitlements associated with ‘friend’ keys (an employee or renter, for instance) can allow new capabilities, instantly replacing lost ‘keys’ – due to phone loss – or limiting speed and geographic areas of operation.
What if? You may be thinking...
You are considerably better positioned with a CCC Digital Key than a traditional key fob. Upon verifying you as the rightful owner, your owner key can be replaced on any device meeting the hardware and software requirements of the CCC Digital Key. If you lost a ‘friend’ key, it might even be easier. Your key can be backed up along with the rest of your phone device’s data, or the owner can reissue it.
When a mobile phone or watch device shuts down due to a ‘dead’ battery, it still contains enough energy to operate the Near-Field Communications sub-system. Thus, even though your phone is not operating otherwise, bringing it close to the NFC Reader on your vehicle will allow access with the same security level as when the phone was working normally.
The CCC Digital Key architecture provides for initial Owner Pairing and vehicle operation without access to the Internet. Recognizing the myriad of situations that may inhibit Internet access and overcoming these limitations as much as possible was a key design requirement for the developers. Sharing a key does require Internet access, and various reprovisioning and entitlement changes would also need access.