Fraunhofer offers secure NFC keys that can be shared via QR codes

Key2Share allows virtual keys stored on NFC phones to be shared securely using QR codes that can be sent by email or MMS message — or even in the mail.

Key2Share

KEY2SHARE: "It's impossible for unauthorized people to gain access to the digital key"

Fraunhofer Institute for Secure Information Technology has launched Key2Share, a token-based NFC access control system that enables keys to be shared securely via QR codes.

Keys are issued by the Key2Share server and then sent to a registered user's smartphone over the air. Once stored on the user's NFC phone, access rights can be shared with friends, colleagues and employees who are also registered with Key2Share by simply sending a QR code via email, MMS messages or even regular postal mail.

The QR codes can be automatically generated using the Key2Share app and can have restrictions applied, so that the key can only be used at particular dates and times. Keys can also be shared between two mobile phones.

"One device can display the QR code while another scans it with its camera and processes using QR code scanning software," research assistant Alexandra Dmitrienko has told NFC World.

"Alternatively, the QR code in JPEG form is directly imported to the Key2Share app from an email or MMS message and does not require a camera or QR scanning software."

A video produced by Fraunhofer shows the system in action:

"The big challenge was to protect the electronic keys without compromising the intuitive operation of such devices," Dmitrienko explained.

"It's impossible for unauthorized people to gain access to the digital key. This is because opening the door requires information contained both in the encrypted token sent to the user and in the app installed on their smartphone."

"The key is signed with the signature of the central server. The lock can verify the signature and hence can ensure that the key is not forged. The lock has to additionally verify that the key, which is written for the user, is submitted by that user. This check is achieved by means of cryptographic authentication."

"We have different approaches for protecting these keys on the platform, ranging from pure software-based solutions such as obfuscation and application hardening, to solutions with support in hardware, such as secure elements providing secure storage for cryptographic secrets and secure execution for security sensitive code," says Dmitrienko.

Fraunhofer SIT is currently developing Key2Share for Android phones and plans to expand it to other operating systems in the future.