Mobile phones are everywhere you look, and because of their massive adoption, carmakers have tried to make them a more integral part of the driving experience.
The automotive industry looks ready to move to the next step of mobile device integration. Digital keys allow owners to unlock their cars without needing a traditional key. The UWB support powers a secure implementation already available on select models, including from BMW and Hyundai, on Android and Apple smartphones.
Toyota believes that digital car keys are integral to the next-gen driving experience. Still, at the same time, it warns that the current versions lack advanced security protections.
The company has recently patented a new technology called “systems and methods for activating a digital key based on vital signs,” explaining that malicious actors can obtain owner biometric data (including fingerprint or facial scans) and bypass the existing security layers. Toyota also warns that smartphones allow digital key activation without mobile device unlocking, and as a result, “digital keys have security deficiencies.”
The new patent tries to address this shortcoming. “There is a need for systems and methods for activating a digital key based on a vital sign.”
Toyota is not the first company that turned to more advanced biometric data to grant access to a vehicle, as others have previously explored similar options. A concept developed last year allowed owners to unlock their vehicle doors by having their veins scanned, eliminating the digital keys.
The Japanese carmaker believes biometric data can double as an extra security layer for digital car keys, eventually obtaining two levels of security that hackers can’t bypass (or, at least, have a harder time doing it).
The company says the existing devices, such as wearables (like the smartwatch on your wrist), can already read vital signs, such as pulse rate, respiratory rate, and body temperature. The data is not unique to each individual, but Toyota says that longer monitoring could help generate baselines representing a specific user. The system can create a profile, and each profile would store vital signs at the vehicle level.
When an individual tries to access digital keys, the new protection layer can compare their vital signs with the information stored in the database. If the system calculates a match, the digital keys are unlocked. If it doesn’t, the technology can run extra security verifications to determine if the user is authorized to access the digital keys. Toyota says vehicles must sport new hardware, including a wireless transceiver and a processor, to allow real-time data exchange. The car must receive vital signs from a wearable device and then run the data comparison locally.
Toyota’s proposal makes sense considering the rapid adoption of digital car keys, but relying solely on vital signs would work as long as it’s paired with other security protections. A smartwatch reading, such as the pulse rate, is extremely dynamic and could easily generate authentication errors because it doesn’t match the information stored in the user profile. At the same time, the vital signs are not unique to a specific individual – pulse rates typically fall within a certain range for different age groups.
Toyota suggests the existing biometric authentication methods aren’t secure enough to protect digital car keys, but bypassing fingerprint and facial recognition systems has already proved challenging, even for scientists.
Apple’s Face ID is one of the most advanced biometric systems to date, as it creates a 3D map of a user’s face and stores it in a secure sandbox that’s impossible to breach. Researchers have tried to bypass Face ID using 3D models, and while the initial attempts offered mixed results, Apple has already updated its system with enhanced security. Face ID now includes an option that requires the user to look at the camera to obtain access to the device and access the wallet or the digital keys.
Toyota’s proposal is currently in the patent stage, and for now, there’s no evidence that the company is pursuing this idea and planning to bring the technology to mass-produced models. Most likely, Toyota wants to protect its idea as it prepares to expand digital car keys across its entire lineup in the long term.
On the other hand, digital keys quickly gain traction, and in the coming years, their adoption should increase significantly. Toyota is one of the companies that bet big on this new technology, but I don’t expect the carmaker to adopt anything other than the existing protocols on the market. If anything, most auto manufacturers will stick with the current security protections, which come down to the biometric systems available on smartphones.