The Key to Virtual Car Keys

Virtual car keys


Anyone who has lost a smartphone knows how crippling it could be for your day-to-day life. After all, a smartphone is no longer just a device to send and receive phone calls and messages. It’s a camera, calendar, PDA, bank branch, music player, laptop, health monitor and a myriad of other tools rolled into one. And soon, it could also be your car key.

With the Internet of Things (IoT) taking the world by storm, the day isn’t far when you use an app to unlock and start your vehicle – the car key is on its way to becoming virtual. Some manufacturers have already started offering this innovative solution. But having your car controlled by virtual keys could prove to be way more stressful than by physical keys. Not allowing your teenagers to take your expensive car for a spin could need more than just grabbing the keys off their hands.

Worse still, even if the virtual key hasn’t left your pocket, a hacker could gain control of your vehicle.

It is the first time that IoT and the entire ecosystem around it are gaining access deep into the vehicle’s electronic system, not only to the infotainment system. Does this mean you will have to fear remote theft?

Then, there’s the question of insurance. If a car is stolen, how will the claims process work? To address the challenges experts at Allianz Center for Technology (AZT), the company’s research center for automotive technology, have formulated guidelines for the design of virtual car keys and storage and processing of related data.

AZT has submitted these guidelines to the Research Council for Automobile Repairs (RCAR), an international body of automotive research centers with 25 members from Europe, Asia, North America, South America and Australia.

RCAR’s Vehicle Cyber Crime Working Group will consider adopting these guidelines as the international standards for virtual car keys.

With virtual keys, filing an insurance claim if a car is stolen could come with additional layers. Currently, if a car is stolen, the customer provides his or her car keys to the insurer for filing a claim. In principle, the process could be extended to a virtual key. However, a customer is very likely to be hesitant to hand over the smartphone carrying the key to the insurer.

Also, there might be more than one virtual key for a vehicle in circulation. So the insurer would need the smartphones of everyone who has a virtual key, which might not be realistic. So a defined process for withdrawal is needed and documentation might be required by an independent party, for example, the automaker. If the authorization was withdrawn after a theft, the proof of that would have to be submitted for the claims process instead of the smartphones.

"We have to ensure that we can reimburse our customers without complication in the case of theft, even if a virtual key is used,” says Jochen Haug, responsible for Claims at Allianz Versicherungs-AG, a division of Allianz Germany.

Convenience is one thing but trust is a bigger factor that will influence the adoption of virtual car keys. “That will only happen if data security is guaranteed,” says Christoph Lauterwasser, Managing Director of the AZT and Chairman of RCAR’s steering committee.

To ensure data and IT-security, AZT has proposed some guidelines. Among them are:

  • It should not be possible to ‘copy’ the virtual key and there should be transparency on how many such keys exist for a particular vehicle.

  • A clear, transparent and fixed list of all authorized users of the key must be provided to the customer and the insurer if the vehicle is lost. Furthermore, if the vehicle is stolen, the customer should be able to immediately revoke all authorizations.

  • Authorization to enter the vehicle should be separate from the authorization to drive the vehicle. This not only enhances security but also enables future service models such as "Delivery to the car boot".

  • The data environment for storing and accessing the virtual key should be completely separate from other applications. Critical data, such as authorizations and key calculations, must be confined to a secure storage and execution environment.

“Risks related to virtual keys are not limited to countries but are international and global,” says Lauterwasser. “These guidelines are designed to be independent of specific technology and of specific vehicle manufacturers. They address the worldwide car manufacturing industry.”

Virtual keys are just one example of how the AZT is interacting with the automotive industry on addressing new technologies Founded in 1971, AZT investigates automotive technologies relevant to motor insurance with a scientific approach. Experts there connect the auto manufacturing and repair industries, academia and the insurance industry.

“We are seeing a rapid increase in the pace of development of new technologies in modern vehicles. Many of them have a direct impact on our insured risks as well as repairs and the way claims are handled,” says Lauterwasser.

Currently, AZT’s focus topics are vehicle automation, driver assistance systems, vehicle electronics and data, and electrical vehicles, among others.

All of these raise many questions that need close collaboration with original equipment manufacturers (OEMs) to create sustainable solutions and safety and security for customers.

As with all content published on this site, these statements are subject to our Forward Looking Statement disclaimer:


Susanne Seemann
Allianz SE
Phone +49 89 3800 18170

Send email

Aug 05, 2022

Allianz achieves 3.5 billion euros operating profit in 2Q

read more

Aug 03, 2022

Investing in the energy highway: Allianz and the energy transition

read more

Jul 27, 2022

What is a sustainable investment? Allianz contributes to defining this under the EU Taxonomy framework

read more