Key2Share is a system that allows smartphones to be used for access control via Near Field Communication (NFC). It issues digital keys that are represented as QR codes and can be shared remotely. This provides flexible access control with options for easy key delegation, remote revocation of access, and management of access rights. A proof of concept has been developed with Bosch Security Systems to integrate Key2Share into their existing access control infrastructure. The system aims to provide secure access control via smartphones while balancing security and compatibility with mobile devices.
Key2Share: NFC-enabled Smartphone-based Access Control
1. Key2Share: NFC-enabled
Smartphone-based Access Control
Alexandra Dmitrienko
Cyberphysical Mobile Systems Security Group
Fraunhofer SIT, Darmstadt
In collaboration with TU Darmstadt, Center for Advanced Security
Research in Darmstadt (CASED), Intel Collaborative Research Institute for
Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems
6. Smartphone as a Car Key/Immobilizer
Fleet management by enterprises
Car sharing with family members or friends
6
7. Smartphone as a Car Key/Immobilizer
Car sharing by rental/car sharing companies
7
8. Smartphone for Access to Storage
Facilities
Access to safes in hotel rooms
Lockers in luggage storage at train stations/airports
DHL packing stations
8
11. Usual Keys vs. SmartCards vs. Key2Share
Usual Keys SmartCards Key2Share
Distribution Requires physical Requires physical Remote
access access
Revocation Requires physical Remote Remote
access or replacement
of the lock
Delegation Not possible Not possible Possible
Context-aware Not possible Possible Possible
access (e.g.,
time frame)
11
12. Key2Share: System Architecture
Issuer 1. Employ the employee/sell the car
Users
Key2Share 2. One-time registration
web-service
3. Electronic key issued
5. Share key
4. User Authentication
with the issued key
6. User Authentication
with the shared key
Resources
Delegated users
12
13. Key Sharing
The key to be shared is represented as a QR-code
Can be sent to the recipient per e-mail, MMS
or scanned by a camera of another device
14. QR Code: What’s Inside?
Electronic keys of Key2Share are similar to passports
Issued by a central authority Government Enterprise
Issued for a particular entity Citizen Employee
Public (not a secret) Yes Yes (encrypted)
Has binding to an identity of Cryptographic key
Photo
an entity it is issued for bound to the platform
14
17. Platform Security
Different trade-offs between security and requirements
to a mobile device
Less secure More secure
Built-in Security System level software-based Hardware-based
Mechanisms of Mobile OS security extensions security extensions
No extra requirements to Requires update of system Requires support in
mobile hardware and software (e.g., OS) hardware. Available
system software (e.g., only on some
operating system) mobile platforms
17
18. Platform Security
Software-based security Hardware-based security
extensions extensions
provided by BizzTrust Require support in hardware
architecture e.g., Giesecke & Devrient Mobile
Security Card http://www.gd-
http://www.bizztrust.de/ sfs.com/the-mobile-security-
card/
Can be attached to the device
via microSD card slot 18
21. Current Work
Proof of Concept with Bosch Security Systems:
Key2Share as Access Pass
Key2Share as Building Block in Bosch‘s
„Access-Control-as-a-Service“
Compatibility with already deployed
infrastructure (wireless readers, management
software)