Hyundai and Volkswagen Partner with Trustonic to Enable Digital Key Solution

Hyundai has become the latest Original Equipment Manufacturer (OEM) to add a digital key feature to a flagship model, following an earlier announcement from Volkswagen. The system, which will first be made available in the 2020 Sonata model, is enabled by a combination of Near-Field Communication (NFC) readers in the vehicle’s door handle and an application running on the user’s smartphone. This application is secured by Trustonic Application Protection (TAP), a cybersecurity approach that isolates sensitive processes, data, and interactions within the Trusted Execution Environment (TEE) of the smartphone.

In the short term, digital keys will play an important role within the key personalization trend in connected infotainment. In the longer term, digital keys will prove a critical enabler of smart mobility platforms, allowing consumers to access vehicles that they do not own through temporary and instantly provisionable keys delivered Over-the-Air (OTA) to the ubiquitous smartphone.

Within the digital cockpit, the user experience is defined largely by software, providing considerable opportunities for personalization through the reconfiguration of this software. Features such as Advanced Driver Assistance Systems (ADAS) activation, navigation presets, access to cloud content accounts, and lighting can all be assigned to one of any number of driver profiles. Motorization and actuation can further extend the scope of reconfiguration to the position and orientation of chairs and mirrors. Therefore, the ability to quickly identify drivers can enable a shared vehicle to be readily personalized for multiple users.

In the past, many premium OEMs enabled driver profiles to be stored on physical keys, with each driver of a vehicle owning their own unique physical key. In practice, however, these passenger cars would be shared among a handful of users at most—generally members of a single household—with all but one of these keys lost or misplaced until all users shared a single physical key. Therefore, a physical key’s ability to provide quick identification is limited by typical consumer behavior.

A more robust method of smoothly identifying users lies with biometrics, as technologies such as facial and fingerprint recognition require little or no interaction from users and can rely on the identification of features that are highly unique to different individuals. However, the cost of such sensors and limited number of related use cases in the short- to mid-term limits their market potential in personalized infotainment.

Smarthphone-based digital keys are the clear answer in the short- to mid-term. The smartphone is, in practice, a highly personal device, and is rarely shared between multiple users. Therefore, a digital key stored aboard a smartphone is a far better indication of the current user that its physical equivalent. Meanwhile, the adaptive TAP approach used by Trustonic, which allows a software TEE to isolate sensitive processes and data wherever the mobile devices lacks a physical TEE, or wherever the physical TEE cannot be accessed by third party applications, such as in Apple devices. By leveraging the ubiquitous smartphone, and with the majority of passenger vehicles already featuring Secure Elements (SEs) for the secure storage of keys, the simple addition of NFC and Bluetooth Low Energy (NFC/BLE) communication between the consumer’s device and vehicle can make smartphone-based digital keys a powerful tool to enable the rapid personalization of software-defined user experiences.

In the longer term, smartphone-based keys will prove to be a core component of the smart mobility user experience. While there will be many form factors through which users will book rides, including kiosks and concierge desks, the most popular form factor will be the smartphone. Having used a smart phone to book a ride or to reserve the use of a mobility mode, the same smartphone will logically serve as the means for granting access.

When considering the widespread use of vehicles by users who do not own them, and the possibility of a single journey using multiple mobility modes, physical keys are obviously not a practical option. A remotely provisionable digital key is clearly required, and the smartphone is the most obvious candidate for the storage of such keys.

However, as ubiquitous as smartphones are, from a security perspective, they are not homogenous. There is no doubt that the most secure approach to key storage is the use of a hardware TEE featured on the many smartphones, which enables critical application code to be executed in an isolated environment, with the most popular use case being payments and mobile banking. However, this hardware TEE is not featured in all new devices and has certainly not reached a full penetration of the smartphone installed base. Furthermore, Apple restricts third-party access to its hardware TEE. As mentioned before, Trustonic is able to support the isolation of secure functions in a software TEE.

Indeed, it is this flexible approach which has likely driven Trustonic’s traction in the automotive world. When dealing with automotive OEMs, the digital key supply chain must be very conscious of the fragmented nature of the smartphone market and develop approaches that are robustly secure, but that can also disentangle for variations in the hardware specification of their device and their device manufacturer’s policy towards TEE access. Automotive OEMs are unlikely to adopt a digital key strategy that alienates owners of a certain handset or exposes their vehicles and brand to greater risk through the rigid requirement of a hardware TEE.

In conclusion, digital keys can be supported on most Apple and Android devices sitting in consumers’ pockets, but with two separate tiers of security. It is now up to the the OEMs to decide whether to restrict the use of digital keys to TEE-equipped Android devices or enable a digital key function that can be based on either a hardware or pure software security foundation. There is always the possibility of providing a two-tier service, in which users who own TEE-equipped Android devices gain access to greater feature richness while owners of other smartphones find some features “greyed-out.” For example, in the context of passenger-owned vehicles, users with lower-spec devices could enjoy all of the rapid personalization features discussed above, but not have the option to share their vehicle with another user. However, OEMs must be cautious about how restrictive their approach is, correctly balancing the importance of security with the need to minimize the friction incurred by the consumer when adopting new smart mobility services.