Turning smartphones into secure and versatile keys
04 January 2013
It’s already possible to open doors using an app, but we are a long way from seeing widespread acceptance. Now, new software will make the technology even more secure and versatile.
At this year’s CeBIT trade fair in Hannover (March 5-9, 2013), researchers from the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt will be demonstrating their ShareKey software, a solution which will make the key app concept even more versatile and secure.
“In essence, ShareKey offers two new functions: users can issue digital keys remotely and assign these keys certain user permissions. For instance, I can grant the building superintendent access to my apartment for a short period so that he can open the door for the gas meter to be read while I’m at work,” explains Alexandra Dmitrienko from the SIT.
“The solution is built around modern security technologies and can be easily integrated into existing access control systems.” ShareKey sends electronic keys directly to the user’s mobile phone, in the form of a QR code attached to an e-mail or MMS.
Protecting parcel stations from phishing
One thing that Dmitrienko and her team will also be demonstrating at CeBIT (Hall 9, Booth E08) is a parcel station where access rights to individual compartments are issued using ShareKey.
“Recently, users of parcel stations have fallen victim to phishing attacks. Equally, hackers continue to target their efforts on smartphones. In light of this, the big challenge was to protect the electronic keys without compromising the intuitive operation of such devices,” explains Dmitrienko.
ShareKey works using the Near Field Communication (NFC) transmission standard, which allows data to be exchanged wirelessly over short ranges of up to a few centimeters.“To open a door, all you need to do is hold your mobile phone close to the lock,” says Dmitrienko.
NFC interface and door locks only operate within a narrow bandwidth and have limited computing power. Consequently, scientists at the SIT have equipped ShareKey with particularly resource-efficient communication protocols. Further, electronic keys are reliably protected on the smartphone from malware and unauthorised access. This is achieved by leveraging advanced technologies which keep sensitive data on the smartphone separate from other data and apps (eg Fraunhofer’s BizzTrust).
Communication between the mobile phone and a central server is protected by established security protocols. “And even if this communication is hacked into, it’s impossible for unauthorized people to gain access to the digital key. This is because opening the door requires information contained both in the encrypted token sent to the user and in the app installed on their smartphone,” clarifies Dmitrienko.
Alongside front doors and parcel or locker compartments, the research scientist also suggests that the technology could potentially be applied to help administer keys in hotels or as part of car-sharing schemes. “The trend towards a ‘shareconomy’ will benefit the further development of this technology,” concludes Dmitrienko. So the era of mobile phones as keys is one step closer.