First we had hand cranks. Then real keys, followed by key fobs. And now we have “digital keys,” which enables you to lock, unlock, and start your car from your phone.

Digital keys are still rare, only offered in a handful of models. Before digital key technology can reach ubiquity, there are still a lot of issues that need to be worked out. What kinds of technology should be used: Near-field communication (NFC)? Ultra wideband (UWB)? Bluetooth? How do we ensure it’s safe from hackers? And what happens when your phone runs out of batteries? (Spoiler: it will still work.)

Many automakers already offer digital keys, but it hasn’t always worked flawlessly. Tesla said it was only going to do digital keys for the Model 3, but later opted for good old-fashioned key fobs because customers wanted them.

The need for global standards and solutions for smartphone and in-vehicle connectivity is what’s spurring the industry to come together to formulate a plan for the future. Recently, two industry consortiums joined forces to create a working group with the mission to create standards around digital keys: the Car Connectivity Consortium (CCC), which includes most major car companies, as well as Apple, Samsung, and Xiaomi; and FiRa Consortium, a nonprofit that supports ultra wideband and includes Apple, Google, Cisco, Samsung, Qualcomm, and others as members.

Daniel Knobloch is the vice president and a board member at CCC. Before that, he worked for over seven years as a wireless systems architect at BMW. We spoke to Knobloch about digital keys, the different types of technology they rely on, and when digital keys will replace physical keys — if at all.

This interview has been edited for length and clarity.

What are some of the advantages of this technology? Why do we need something like a digital key, and why do we need technical specifications around the use case?

So, very good question. In 2017, when we started with that technical specification, standardization was not on our plan. But our plan was that we wanted to have a flexible technology, which can be integrated in cars and in phones. Whatever you drive, you can use any phone, whether it’s an Apple or Google or Samsung phone. We want to have an ecosystem which works across all the phones, across all the devices.

And in order to achieve that, we could not get around standardization at all, because you have to agree on one technology across all the device OEMs [original equipment manufacturers] and all the vehicles … in order not to have to switch to different technologies. You have multiple technologies in the car installed. You have multiple technologies on the phone and every car uses a different app, a different methodology, a different user experience. And that is the main driver.

Second is that the use of performance and security is hardly achievable if you don’t involve the other side. We can sit down with one device OEM and create this perfect digital key, which works securely, which works accurately. But that wouldn’t scale across all of the devices. And that’s why we had to sit together and agree on a technology amongst all the device OEMs and car OEMs which also integrates deeply into device OEMs.

Creating a digital key technology inside the phone, which is accurate and secure, is actually not possible without integrating the device OEM. You need extra hardware in the phone, you need access to the secure element, you need access to special sensors in the phone. So that’s like a super deep integrated topic, which requires the involvement of the device OEM. And if you want to have it across all device OEMs, then it needs standardization.

We’ve seen the way that phone manufacturers approach things like messaging protocols. They’re very reluctant to create a standard that allows one device to speak to another device on different platforms. Apple said it’s going to start supporting RCS, which I think surprised a lot of people. Do you think that there’s more cooperation in this space around digital keys than some of these other protocol debates?

I would definitely say that when we had this breakthrough in 2020, we agreed on one technology. I definitely had the feeling that this is something which does not happen very often. And I don’t want to compare it to others because I’m sure there are other examples. But I agree with your view that achieving that, getting device OEMs to agree on one protocol, is something which doesn’t go easy.

This reminds me a lot of the transition to electric vehicles and the way that EV makers are trying to figure out a standard for charging their vehicles. Was that also something that you wanted to avoid, by putting these groups together and making sure that there was cooperation among all these different companies?

Definitely. Technology fragmentation is always bad. It’s always bad for the customer at the end because the customer is the one who suffers, by higher prices, by obstacles, by inconvenience. And so we want to make sure that this is avoided. 

But this is only possible to the extent of the agenda of every member company. So you have to respect everyone’s plans, everyone’s visions, juggling around that. It’s definitely the vision to make this ecosystem as lean as possible. And so, we want to make sure that we make the CCC digital key ecosystem as sustainable and as long-term-proof as possible.

We’ve seen over the years that there have been some examples of hackers and car thieves spoofing key fobs and keyless entry tech with various car OEMs. How can people trust this technology is not going to confront similar problems?

This whole protocol was designed with a large focus on that point — that it is secure, that it can be made secure. And parts of that are that inside the phone are the cryptographic calculations and keys are a secure element, which is a separate isolated hardware piece. Even if a phone is compromised, that’s not compromised. We are using ultra wideband, which allows a cryptographically secured distance measurement. 

If you know where the key is and you can actually listen to the signals, the key is like 100 meters away from the car. There’s literally no way to relay or shorten the distance measurement, because actually their time-of-flight, [which is] the time the signal needs to travel to the car and back, is measured in a cryptographic way.

Would the wide adoption of this technology actually help reduce car thefts in the future?

It’s hard to give a general answer here because on key fobs, you have a variety of protocols. So what I want to say is that the same technology with the same level of security is also used in key fobs.

When you’re out somewhere away from home and your phone runs out of batteries, is there still a way to start your car?

The phone OEMs implement different low battery technologies, so if the phone dies, it still operates. What happens now, if you buy a device, in the car which supports this WCC 3 [see photo], the full blown solution, which allows you passive walk away. The typical fallback is that if the phone dies, it falls back to NFC. It’s only possible to operate an NFC for some time. And so in this case, you have to pull out your phone and tap it to the handle to open the car. But it still works — the performance may be degraded but will always work.

What sense are you getting from the auto industry in terms of how they’re approaching this tech? Is this something that they see as standard or are you seeing some discussion about subscription service that customers should have to pay extra for?

What I’ve seen in the market is that it’s rather open so far, but there’s no way we can tell. I mean, you can look at the options that car OEMs show at that time. The intention of CCC is clearly that this is something which has as low entry barriers as possible. But at the end, it’s a decision by the vehicle OEMs and device OEMs how to get that to the customer. 

What does the immediate future look like for this technology? We’ve seen it in a few cars. But it doesn’t have wide adoption quite yet? Do you think we’re on the cusp of wider adoption in the near term?

It’s a rapidly growing technology and hard to keep up with the organization growth and getting everything in place. So we don’t have yet a list of certified devices out there. But all of that has already started. And companies are coming together in PlugFests where they test their hardware vehicles as device OEMs. I can just read out here the names that I see: Denso, Google, Samsung, Volvo, Apple, BMW, BYD, NIO, Xiaomi, Continental, Rivian, Mercedes Benz…

What about people with older phones. Will they be able to access this technology?

The solution which we built here is a long-term, backward-compatible solution. The first phones with NFC support, they came out in 2020. And now there may be new cars being released in 2023, 2024, which only support ultra wideband. Still those old phones which only support NFC with the door handle tap, they will still work on those new cars with ultra wideband. So it’s an ecosystem which builds from the lower and easier user performance, user experience… builds up to higher user experiences still keeping backward to create an ecosystem where if you have a digital key, it’s going to work on your new digital key card. This is something I think people need to know because it sometimes creates a bit of confusion.