-
Explore UWB-based car keys
Discover how to create digital car keys that support Ultra Wideband (UWB), allowing people to unlock and start their car while leaving iPhone in their bag or pocket or Apple Watch on their wrist. We'll show you how to integrate UWB, add proximity actions and distance unlock features, and help people personalize their vehicle settings by identifying which key someone uses on the driver-side door. To get the most out of this session, we recommend watching the session “Introducing Car Keys” from WWDC20, which details the basics of pairing, key management, and server actions.
Resources
Related Videos
WWDC20
-
Download
Hi, my name is Arun, and I'm a system engineer in the Wireless team. Today, I'm gonna take you on a journey to explore UWB-based car keys.
Last year, we launched car keys with the ability to use your iPhone or Apple Watch to unlock, lock, and start your car, share your keys with family and friends, and even manage them remotely. And you can do all of that knowing that the system has been designed to be secure and private. This year, we are excited to extend the capabilities of car keys. In this session, we will look at the new features and how to integrate them. If you want to learn the basics of the car keys, including provisioning, key management, and NFC, check out last year's talk, "Introducing car keys." One of the key features we are enabling this year is passive entry. Using UWB technology, you can now lock, unlock, and start your car while leaving iPhone in your bag or pocket, or Apple Watch on your wrist. RKE, or remote keyless entry controls, allow you to use your iPhone or Watch to lock, unlock, and perform other actions when you're in Bluetooth range of your car. And cars can now personalize settings by identifying which digital key is entering the car through which door. There are other features that we will not be able to cover in this session, such as pairing your device as Car Key and Friend First Approach, but experiences for these features have also been upgraded. Now, let's take a look at the technologies that enable these features. The U1 chip with UWB technology allows cars to determine the precise location of nearby car key. UWB is also the basis of a secure-ranging protocol for stronger protection against replay and relay attacks. The Secure Element is a protected hardware unit integrated into Apple devices. In addition to storing car keys and authenticating credentials, we have expanded the use of Secure Element to derive session-specific UWB ranging keys. Bluetooth LE, or BLE, is used as communication channel between the car and the Apple device, to exchange data during authentication and to manage secure-ranging sessions. BLE's also used as the anchor point to initialize a secure-ranging time grid. And finally, to ensure a common solution with cross-platform support, Apple, along with other industry partners, has been leading efforts to create a standard specification at the Car Connectivity Consortium. At Apple, security and privacy are part of our core values. This UWB passive entry solution was designed with both in mind. Keys are unique to each session and are derived upon each connection. Some of these session keys are used to encrypt messages at the link layer, while others to ensure that your devices can't be tracked using UWB or BLE. We use random identifiers, derived from these session keys. These identifiers are then periodically rotated. And most importantly, we strengthened the security of UWB-based localization by building a secure-ranging protocol. This secure-ranging protocol is a two-way ranging protocol with a three-packet exchange. Think of it as "ping-pong-ping" where iPhone sends a poll message, and the car answers with a respond message, and iPhone sends another poll message for added accuracy. Each of these messages carry a scrambled time stamp, or STS, which is a cryptographically-generated and time-bounded packet, meaning that even a verified packet can only be accepted for the time slot slot which was used to generate this STS, providing extra security against replay and relay attacks. So, how do we bring all of this together? Well, each car defines a series of virtual zones. These zones have associated features that can be triggered when a device with a valid and active key is localized entering or exiting these zones. The wider zone activates welcome features, such as turning on lights or pre-warming the cabin when you approach the car. The zone closest to the car typically unlocks the door when you approach. And the lock zone secures the cars when you walk away.
So, how does a car detect you in these zones? Well, to localize the paired device inside these virtual zones, cars are equipped with multiple UWB and BLE transceivers to ensure 360-degree coverage. When the user first approaches the car, your iPhone or Apple Watch is detected using BLE. Upon proximity detection, a communication channel with the car is established. Upon connection, car authenticates the device, and a shared ranging key is derived on both sides. This operation takes place inside the Secure Element, and generates a key that is unique to each session. The derived key is used to start a secure-ranging session with UWB transceivers, which allows the car to localize the device and map its trajectory. This is computed by the localization algorithm that runs inside the car. We'll come back to it later. The car continues to map the trajectory of the device as the user approaches the car. Based on the location and trajectory of the device, the car can decide to trigger welcome features, such as turning on lights or adjusting seats. And when the device is localized inside the unlock zone, the car can initiate unlock operations before the user touches the door handle. With precise knowledge of whether the user's device is inside or outside the car, the engine only starts when a device with a valid key is detected inside the car. And one of my favorite features, now you get to enjoy this UWB-based experience even when your phone is in power reserve mode. So, after a long day of hiking or backpacking, if you find that your phone needs to be charged, there may still be enough power in the battery to get you back on the road. Now that you've seen how passive entry works, let's take a look at the remote keyless entry controls. Remote actions are useful when you're farther from the car. You can use them by preheating the cabin in the winter, or find your car by honking the horn. And many actions can be triggered directly from within Wallet. You can also use device to view information about the car, such as lock state, its fuel level, or battery-charging state. Remote actions are sent over Bluetooth LE. Since they are independent of UWB, they work even outside of UWB range. And finally, remote actions are standardized at the Car Connectivity Consortium, so there's a common implementation for all the cars and devices. For the best experience, we recommend that automakers implement all the applicable remote actions, and not just remote lock and unlock. Let's look at how does Remote Keyless entry control works. To trigger a remote command, the device requests a challenge for the associated action, which is used as an input to generate the device signature. The car verifies the device signature against the challenge, the associated action, and other information. If verification succeeds, the car performs the action and notifies the device. With digital car keys, cars can now automatically personalize settings, like cabin temperature, seat position, seat heating, and more, by observing which digital key is approaching the driver's door. Today's car keys can support personalization, too, but they rely on drivers always knowing which key fob has which user setting. Now, with your car key on iPhone or Apple Watch, you don't have to worry about that. With precise trajectory and the knowledge and the knowledge that the personal devices are strongly tied to individual users, cars can personalize experiences with greater confidence than ever before. And this works seamlessly, even when multiple users are approaching the car. To sum it up, we are excited about these new features and look forward to automakers launching UWB-based cars, so our users can start enjoying these features on iPhones and Apple Watches equipped with U1 chip. Now, let's shift gears and talk about how automakers can get on-boarded on the Apple platform, and some of the areas you will want to focus on when designing a car key solution. As part of this discussion, we'll cover system architecture, time synchronization, transceiver synchronization, and about building a good localization algorithm. Let's start with system architecture. Since the passive entry solution relies on reliable and accurate localization, it's essential that your system has good performance and low latency. As we saw earlier, each car is equipped with multiple transceivers, and one of your first decisions will be to select a suitable transceiver. First, you need to ensure that the transceivers can provide sufficient link budget. Since the car key protocol is bi-directional, this means evaluating both the Tx-radiated power and Rx sensitivity for good uplink and downlink performance.
By fine-tuning the antenna directivity, you can ensure that transceiver's antenna supports the entire field of view for the required coverage. Antenna diversity is critical to achieve good operating range. For example, the use of two or more antennas with different polarization or separation can help improve received signal strength. Finally, you need to ensure that the 3D time-of-flight measurements are highly accurate. Passive entry and localization features rely on time-of-flight in their calculations. Therefore, the accuracy must be within defined bounds, regardless of the approach angle. Since even well-designed individual transceivers can result in insufficient coverage around the car, or coverage in unwanted areas if they are poorly installed, you will need to identify the best possible positions to place transceivers around the car to provide necessary coverage and, at the same time, you will want to limit the number of transceivers to a minimum to keep costs down. Be sure to consider height and orientation. In general, the greater the installation height, the farther the fading point, and better the range. This obviously has to be done within the design constraints of the car. Similarly, poor orientation can result in gaps in coverage or coverage in unwanted areas, such as above the car. Once you have the suitable transceivers and potential positions, the next step is to verify the system RF performance. Examine the radiation pattern of the transceivers installed around the car to ensure a symmetrical coverage on all sides. You also want to pay attention to the maximum range covered by the system. This is important for long distance features, such as welcome lights or preconditioning the cabin. And most importantly, you will want to ensure that the system has sufficient link margin buffer, to ensure an unlock operation can take place, regardless of damping caused by the human body, channel shadowing, fading, or other variables. Another area you need to consider is system latency. When you approach the car, a complex sequence of events begins, starting with the setup of a BLE connection, authentication, and key derivation, followed by a secure-ranging session setup, where each UWB transceiver starts scanning, so the car can determine the location of the device. All these tasks must be completed before the user attempts to open the door. To keep the system latency within the required bounds, you will need a high-performance crypto processor for authentication and key management. The bus system that connects your ECU to each transceiver must be of low latency; a slow bus can really impact system op performance. Finally, you will need a flexible software architecture that allows you to support optimization techniques, be it multi-threaded applications or incorporation of time synchronization. Now, let's quickly talk about time synchronization. UWB transceivers needs to be actively scanning to detect ranging packets. Without good time synchronization, long-scanning windows are needed to reliably capture incoming packets. This consumes power and processing time. By implementing a precise time synchronization across your system, each transceiver can know when incoming packets are expected to an accuracy of tens of microsecond. By only scanning during these time windows, not only can you conserve power, and improve performance in multi-session and congested environments, but it also helps you localize the device faster. It does that by ensuring successful ranging from the very first detected cycle by keeping the transceivers tightly synchronized. Another important technique is transceiver synchronization. Sometimes, some transceivers may fail to connect or become out of sync. By implementing transceiver synchronization, transceivers that are successfully synchronized with the device can share timing information with other transceivers in the car, and help them quickly connect, or even compute time-of-flight, even when they have failed to finish the full-ranging cycle. Last but not least, localization algorithm. One of the most important task when designing a passive-entry solution is the development of a localization algorithm that can pinpoint the location of approaching devices relative to the car. A localization algorithm is a piece of code running on your car's ECU. It collects device's distance from each connected UWB transceivers and process them to locate the iPhone or Apple Watch in space. There are many ways to do this. One simple example of this is true-range multi-lateration. The localization algorithm is one of the most crucial pieces of the solution that you need to develop. So, you will need to ensure that your localization algorithm is fast and accurate, whether it wants to follow the trajectory of the user as they approach the car, or determine whether the device is inside or outside the cabin. Speed, accuracy, and precision are the key to a good localization solution, even when you are adding support for a single transceiver-based unlock system. You may also need to adjust your localization algorithm for different cabin types and physical characteristics of the car. Now, you've seen how the car key feature works. If you're interested in development, we recommend the following workflow for an organic progression of software development and qualification. First, focus on UWB interoperability and ensure that it follows the specification. We have created a tool that helps you test this. It also lets you progressively enable cryptographic operations, so you can develop your system in a step-by-step manner. Next, integrate the BLE layer for connection management and owner pairing. Then, focus on secure-ranging management, which is crucial for passive entry. Last but not least, support remote actions for control at a distance. If you're interested in learning more, we encourage you to participate in the Car Connectivity Consortium, and enroll in the MFi Program for specific details on working with iPhone and Apple Watch. The MFi Program is where you can obtain additional documents and tools to assist in your development. Thank you, and have a great day! [music]
-
-
Looking for something specific? Enter a topic above and jump straight to the good stuff.