Now, smartphones to act as secure and versatile keys
Researchers have developed a new software that makes the technology of opening car and home doors using smartphone apps more secure and versatile.
Researchers from the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, Germany, will be demonstrating their ShareKey software, a solution to popularise the method.
"In essence, ShareKey offers two new functions: users can issue digital keys remotely and assign these keys certain user permissions. For instance, I can grant the building superintendent access to my apartment for a short period so that he can open the door for the gas meter to be read while I'm at work," said Alexandra Dmitrienko from the SIT.
"The solution is built around modern security technologies and can be easily integrated into existing access control systems," Dmitrienko said in a statement.
ShareKey sends electronic keys directly to the user's mobile phone, in the form of a QR code attached to an e-mail or MMS.
"Recently, users of parcel stations have fallen victim to phishing attacks. Equally, hackers continue to target their efforts on smartphones. In light of this, the big challenge was to protect the electronic keys without compromising the intuitive operation of such devices," said Dmitrienko.
ShareKey works using the Near Field Communication (NFC) transmission standard, which allows data to be exchanged wirelessly over short ranges of up to a few centimeters.
"To open a door, all you need to do is hold your mobile phone close to the lock," said Dmitrienko.
NFC interface and door locks only operate within a narrow bandwidth and have limited computing power.
Scientists at the SIT have equipped ShareKey with particularly resource-efficient communication protocols.
Electronic keys are reliably protected on the smartphone from malware and unauthorised access. This is achieved by leveraging advanced technologies which keep sensitive data on the smartphone separate from other data and apps.
Communication between the mobile phone and a central server is protected by established security protocols.
"And even if this communication is hacked into, it's impossible for unauthorised people to gain access to the digital key," he said.
