It is one of the oldest pieces of car technology still carried by millions of drivers; supposedly dropped in a bowl at swingers’ parties in the 1960s and flipped as the ultimate symbol of cool by Steve McQueen in Bullitt. Yet digitalising the humble car key using IoT has proved far harder than expected.
The idea behind the digital key revolution was simple: a smartphone could become a secure identity device, allowing drivers to unlock vehicles, start engines, and share access without carrying a separate fob. The reality has been much more complicated.
That’s not because of any technical issues in getting a phone to open a car door. Many luxury car brands have been using mobile phone-based digital keys for the best part of the last decade.
Instead, the challenge, it seems, is getting the majority of car makers and mobile phone companies to agree a set of unlocking rules that can be used across both the phone and car markets.
“Imagine you are a parent of two high school-aged kids who share a vehicle and want to start using digital keys,” says Alysia Johnson, President of the Car Connectivity Consortium.
“They have different smartphone brands with different operating systems, and the car’s digital key technology only works with one of them. The sibling with the compatible digital key can take advantage of the security and experience benefits, but the other sibling must continue using the physical key. This makes wider adoption of digital keys in the family more difficult.”
The IoT behind the key
Certainly, at a technical level, a smartphone-based digital car key is an IoT system where the phone and vehicle act as two connected endpoints that securely authenticate each other before allowing physical access in a similar way to using your phone for contactless payment.
Unlike many IoT deployments, where connected devices primarily collect or transmit data, digital car keys perform something far more critical: they control access to a valuable physical asset. The smartphone becomes a trusted identity device, while the vehicle becomes an edge endpoint capable of making its own security decisions without relying on cloud connectivity.
However, although digital car keys borrow the trust model of contactless payments, they apply it to a more complex IoT environment: rather than tapping and authorising a single transaction, a connected vehicle must decide not only whether a device is authorised, but whether it is physically present and allowed to control it.
Bluetooth Low Energy is typically used to establish communication between the phone and vehicle, while Ultra-Wideband verifies that the device is genuinely nearby rather than responding to a relayed signal. If necessary, NFC provides a fallback by allowing the driver to tap the phone against the vehicle.
“Not all digital key implementations are interoperable,” Johnson says. “When non-certified solutions are limited to specific vehicles, smart devices, or proprietary apps, the experience becomes fragmented, making it harder for consumers to rely on digital keys the same way they rely on other digital wallet experiences.”
Trust across connected devices
The move also raises a strategic question: who controls access to the vehicle when the key becomes software?
A smartphone manufacturer, a car maker, a chip supplier, and a security company may all have a role in a single unlocking experience, but each has slightly different priorities; ease of use, security, or promoting their own commercial interests.
“Interoperability cannot scale if each company approaches digital access differently,” Johnson says. “True interoperability requires a standard that is adopted, tested and certified across the ecosystem.”
Inside the standards battle
Enter the Car Connectivity Consortium (CCC) a group of more than 300 vehicle, consumer electronics and technology companies, which is working together to come up with universal standards that can be used by pretty much all cars and all phones.
This is a familiar problem across the IoT industry. Whether the device is a smart thermostat, an industrial sensor, or a connected vehicle, the technology only delivers on its promise when products from competing manufacturers can trust one another. Digital keys are simply the automotive industry’s latest interoperability challenge.
At a meeting last month in Germany, the organisation brought together automakers, smartphone companies, suppliers, testing laboratories, and security specialists to thrash out any problems with its CCC Digital Key.
The latest testing programme includes new interoperability test cases, compatibility testing between earlier and newer versions, and expanded validation of technologies including near-field communication, Bluetooth Low Energy, and ultra-wideband.
Access becomes software
Like a credit card or flight boarding pass, the car key lives in a phone’s digital wallet and is designed to allow hands free passive entry and start, meaning that a driver can still unlock his or her car while carrying bags full of shopping or small children.
Moreover, according to the CCC, one of the key strengths of the digital key is that it turns vehicle access into software. Once access becomes a digital permission rather than a physical object, it can be shared, revoked, audited, or limited in ways that were impossible with traditional keys. Johnson says that the tech allows users to share access with friends and family directly from their device, a bit like sending a link or sharing a photo. And, unlike a physical key, shared access can then be limited, suspended or terminated when no longer needed, or when the car is sold.
The CCC says that it certified a total of 115 products from car makers or component makers through its certification programme last year and another 140 in the first half of 2026. Companies include Audi, AUMOVIO, BMW, Hyundai, Ingeek, Kia, Lotus, Mercedes-Benz, NXP Semiconductors, Polestar, Qualcomm, Texas Instruments, Volvo and ZEEKR.
“This growth shows that interoperable digital vehicle access is moving towards broader scale,” says Johnson. “It will not be every car and every smart device overnight, but each additional certified product expands the ecosystem of vehicles, devices and technologies that support interoperable digital vehicle access.”
Defending against digital attacks
Johnson adds that CCC certified digital car keys include security and convenience features not found with physical keys.
“The CCC digital key is not prone to relay attacks. It uses Ultra-Wideband (UWB) for sensing when the right device is in proximity. UWB includes a cryptographically secure time-of-flight measurement for determining distance, which allows secure localisation and helps protect against man-in-the-middle attacks,” she says. “Using Bluetooth LE, the vehicle securely determines the device position before executing an action. The key is stored in the device’s secure element within the device hardware, so it’s as secure as using the phone’s wallet to pay at POS terminals.”
Winning over drivers
Yet customers continue to voice mixed feeling about a widespread switch to digital car keys. Reddit users expressed a series of concerns regarding security and operability as well as the fear that manufacturers could start to demand regular subscriptions for their services.
“They’re finally solving another problem I never wanted them to attempt to solve,” complained one user. “Products in the future will be even worse than today.” Another worried about increasing dependence on “hardware made and controlled by a handful of companies.” A third argued “Anyone who had a ‘smart’ door lock will know this is a bad idea.”
Nonetheless, Johnson says that as more new cars come off production lines, car keys, like video recorders, type writers, and mix tapes before them, are likely to become the stuff of nostalgia.
“Digital keys represent the next evolution of vehicle access,” she says. “It’s a similar shift from cash to contactless payments. Cash still works as a suitable form of payment, yet contactless payment is a more convenient and secure way to complete the same everyday action.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
