The Car Connectivity Consortium (CCC), an organization dedicated to advancing device-to-car connectivity solutions across industries, has announced that its CCC Digital Key™ Applet Protection Profile has achieved certification from the German Federal Office for Information Security (BSI), making it the sole digital key app to meet this rigorous security standard. This certification ensures that this aspect of the broader CCC Digital Key framework meets the highest security criteria, enabling device and vehicle Original Equipment Manufacturers (OEMs) to ensure secure and dependable access to vehicles. Users can securely create, delete, and share digital keys, as well as start their vehicles. Manufacturers must ensure that their digital key implementations are resilient against known hardware and software-based attacks, including tampering, storage breaches, cloning, relay attacks, and unauthorized access.
Dr. Gerhard Schabhüser from BSI commented, “We appreciate CCC’s commitment to integrating top-tier cybersecurity standards into its protocols from the outset. Our objective is to shape information security in digitalization by prioritizing prevention, detection, and response. By adopting a ‘Secure by Design’ approach, as demonstrated in the CCC Digital Key, we move closer to achieving this goal. We are pleased to endorse its protection profile, further safeguarding consumers.”
Alysia Johnson, President of CCC, emphasized, “Ensuring uncompromising security has been paramount in crafting the CCC Digital Key specification. Obtaining validation for key components of our specification from a trusted government agency empowers device manufacturers worldwide with CCC Digital Key certification to showcase the security and reliability of their implementations.”
The BSI validation applies to CCC Digital Key Version 3, defining a standardized interface between vehicles and devices via an NFC-based wireless interface facilitating direct communication. This will be integrated into future specification updates.