Skip to content

Keyslink

Last updated: October 20, 2023

2024+ Model 3 has the following changes on the basis of 2017-2023 Model 3:

  • The Security Controller (VCSEC) is moved to be inside of the left vehicle controller (VCLEFT).
  • An additional rear left endpoint is introduced.
  • Ultra-Wide Band (UWB) is introduced for iphone 10 or higher versions.
  • UHF Antenna is moved from charge port door to a rear Bluetooth Low Energy (BLE) endpoint.

Overviewlink

There are 4 methods of interacting with the vehicle security system:

  • Phone Key
  • Near Field Communication (NFC) Key Card
  • Key Fob
  • Remote Access

The phone key enables passive entry and traditional remote keyless entry (RKE) features via the Tesla Tesla Mobile App on the customer's phone.

The NFC key card is a secondary means of authentication should the customer's phone not be available or not desired to be used. 2 NFC key cards can be paired with the vehicle. The key card contains passive hardware that must be presented to vehicle's key readers.

The key fob is another secondary means of authentication should the customer's phone not be available or not desired to be used. A key fob is an accessory available for purchase from the Tesla shop and does not standard with the vehicle. The key fob enables passive entry and traditional remote keyless entry (RKE). It pairs with an already-paired NFC card and communicates with VCSEC via Bluetooth Low Energy (BLE) for vehicle locking/unlocking.

Customers can use the Tesla Tesla Mobile App to remotely manage their vehicle, including locking, unlocking, and starting. Customer support can assist with these features upon customer permission. Remote access relies on the vehicle's internet connection, unlike Phone Key, NFC key card, and key fob which operate independently.

Security Controller (VCSEC)link

The security controller (VCSEC) is an integrated chip with the left vehicle controller (VCLEFT).

The VCLEFT provides power to three Bluetooth Low Energy (BLE) endpoints:

  • left B-pillar BLE endpoint
  • rear left BLE endpoint
  • rear BLE endpoint

The right BLE endpoint is powered by VCRIGHT and the A-Header (interior) BLE endpoint is powered by the VCSEC chip. The security controller enters sleep mode only when no BLE authentication device is connected to the interior BLE endpoint.
VCSEC Chip Location in VCLEFT

The security controller manages all aspects of vehicle security and maintains communication with the customer's authentication device (phone key, key card and key fob) through 12 endpoints located throughout the vehicle:

  • 5 BLE endpoints
  • 2 Near Field communication (NFC) antennas
  • 5 Ultra-Wide Band (UWB) endpoints

Bluetooth Low Energy Endpointslink

The five Bluetooth Low Energy (BLE) endpoints on the vehicle are at the following locations:

  • Left B-Pillar beneath the camera
  • Right B-Pillar beneath the camera
  • Interior BLE endpoint located front overhead module
  • Rear BLE endpoint attached to the rear bumper beam
  • Rear left BLE endpoint situated near charge port door on fascia

All BLE endpoints are connected to the security controller (VCSEC) and communicate with VCSEC via a dedicated Universal Asynchronous Receiver / Transmitter (UART) serial bus. VCSEC establishes communication with the remaining vehicle components via the Vehicle Controller Area Network (CAN) and Remote CAN buses. In instances when the signals become invalid (SNA) or the message reception ceases (MIA), VCSEC retains the last known values of these signals. VCSEC relies on the last valid values if a valid value has not been received since the last controller reboot.

To reduce battery energy consumption and alleviate issues stemming from phones attempting to connect to multiple endpoints, a BLE connection exclusively links to the internal BLE endpoint A-Header. Since a BLE connection only establishes between a BLE authentication device and A-Header, the remaining BLE endpoints serve as peripherals. These endpoints function as sniffers to actively search for BLE signals and relay them to the center BLE endpoint.

Once the phone and center BLE are connected, vehicle exterior endpoints start sensing BLE and report Received Signal Strength Indicator (RSSI) values.

Ultra-Wide Band Endpointlink

Ultra-Wide Band (UWB) is a short-range wireless communication protocol for object tracking. It calculates locations by measuring the time taken for radio pulses to travel between devices. Unlike Bluetooth Low Energy, UWB relies on travel time rather than signal strength, making it more accurate due to reduced interference from bodies and objects. UWB also enhances security by using time-of-flight technology to counter relay attacks.

Near Field Communication Readerlink

The two Near Field Communication (NFC) readers on the vehicle are at the following locations:

  • Beneath the B-pillar camera on the driver's side (left side for LHD vehicles and right side for RHD vehicles)
  • Integrated into the wireless charging board of the center console
Component Location and Communication Architecture

Ultra-High Frequencylink

Ultra-High Frequency (UHF) describes a range of electromagnetic waves. These waves have frequencies between 300 MHz and 3 GHz (3000 MHz) and wavelengths that measure from 0.1 to 1.

UHF is used to communicate between the charge cable and the vehicle. The UHF chip is mounted on the rear BLE endpoint and communicates to the security controller (VCSEC). When the button on the charge cable is pressed, a UHF signal (315MHz for North America regions, 433Mhz for EMEA and APAC regions) will be sent to the UHF chip. The UHF chip passes the message to VCSEC and VCSEC checks if the vehicle is unlocked or can be unlocked. If yes, UHF sends a request to the charge port ECU to open the charge port door.

Provisioning and Key Managementlink

The security controller is provisioned either at the factory or in a service center (if the unit has been replaced).The provisioning process links the security controller to the VIN and creates a record of the action as certificate in the server-side. The server permits only one certificate to be associated with a VIN. If a controller needs to be replaced, the provisioning process overwrites the previous certificate. Provisioning is critical for proper operation of phone key, as the VIN information is encrypted for successfully pairing. Provisioning does not affect NFC key cards or the immobilizer.

When a phone key or an NFC key card is paired with VCSEC, it shares an encrypted key unique to the device and store the key in a "key slot" on the VCSEC. There are 19 useable key slots for the customer, in any combination of phone key and NFC key card if there is at least 1 NFC key card in the system.

Customers can view and manage paired keys on the vehicle User Interface (UI) or by visiting Service Centers. Keys can be assigned with a set of permissions to enable certain vehicle features. These features are provided by default and cannot be customized by customers.

Device Localizationlink

The active key is to be determined by VCSEC based on the following precedence:

  • An authenticated NFC device.
  • An authenticated BLE device via Remote Keyless Entry (RKE).

The closest passively authenticated device based on the Received Signal Strength Indicator (RSSI) reported by the internal BLE endpoint. Signal strength must be greater than -80dB so that VCSEC can determine whether the device is close enough.

RSSI signal ranges:

  • No signal (RSSI) → -127dB
  • Very poor signal strength (RSSI) → less than -80dB
  • Poor signal strength (RSSI) → less than -70dB
  • Fair signal strength (RSSI) → between -70dB and -60dB
  • Good signal strength (RSSI) → between -60dB and -50dB
  • Excellent signal strength (RSSI) → greater than -50dB

Note

The more positive the RSSI value, the better the signal strength (e.g. an RSSI value of -50dB is greater than an RSSI value of -80dB).

After UWB function is complete, distance can be more accurately determined by UWB-related signals.

Phone Keylink

Overviewlink

Phone key extends the capabilities of the Tesla App on compatible mobile devices to act as both a passive and active local key to the vehicle in addition to existing Remote Access features. Once paired to the vehicle, the mobile device is automatically connected with the vehicle and the customer's Tesla account is registered as long as the requirements are met.

The vehicle continually advertises its identity via the 5 BLE endpoints. This advertisement is read by the Tesla App. The phone key automatically communicates with Model 3 vehicles nearby. When the phone key receives an encrypted message from the security controller (VCSEC), the phone key replies with its encrypted response. If the response is validated by the VCSEC, the vehicle is authenticated, activating passive and active features. If multiple vehicles are registered to the same Tesla account, the phone key will only connect to the vehicle that is selected by the owner.

The vehicle automatically unlocks when the phone key is present, authenticated, or a door handle is pulled. A signal strength threshold must be exceeded by at least 1 of the BLE endpoints to determine if the phone key is present. Similarly, if the connected device is determined to be leaving and Walk Away Lock is enabled, the vehicle will lock. Phone key will authenticate the vehicle for Drive and disarm the immobilizer once the vehicle determines the device is present.

Apart from the convenience of passive features, the phone key also supports local Remote Keyless Entry(RKE) commands via the BLE connection with the vehicle. RKE commands include locking and unlocking, and opening the front or rear trunk. Notably it excludes remote start, which is always sent via Remote Access, because the driver must press the brake pedal to start the vehicle with a paired phone key present. These RKE commands use the same buttons as the Remote Access commands, offering a seamless interface to the end user. The following images show local RKE commands over Bluetooth.
Tesla Mobile App Home Page Tesla Mobile App Control Panel

Unique Behaviorslink

Because the phone key takes the place of the key fob, many of the behaviors associated with key fobs also apply to phone key, such as:

  • If the phone key is left inside the vehicle, the vehicle will remain unlocked.

  • If the phone key is present for a period of inactivity longer than 5 minutes, the vehicle will stop monitoring its location. It will resume if interaction with the vehicle begins again.

  • If the bluetooth of the phone is off or the Tesla Mobile App is not running in the backend, then passive unlock and walk away lock will not work.

  • If the mobile device battery dies outside of the 5 minute period, the vehicle would not see the phone key leave the vehicle vicinity. A passive lock, if enabled, would not be triggered.

  • If Remote Access or an NFC key card is used to lock the vehicle while the phone key is inside the vehicle, the vehicle will lock. However, the passive features will still be active and a handle pull would trigger a passive unlock.

Note

A touchscreen lock from the interior disables passive unlock.

Pairing And Removallink

In order for the initial pairing of the phone key with the vehicle is successful, the following must be true:

  • The vehicle must be associated with the customer's Tesla account.

  • The customer must be signed into the Tesla Mobile App on a compatible device and open the intended vehicle if the customer owns multiple Teslas.

  • Bluetooth must be enabled on the mobile device.

  • An NFC key card that is already paired is no longer required for initial pairing with the phone key if the phone has internet connection. If the phone does not have internet, an NFC card is still required for phone key pairing.

In order to remove a paired phone key, navigate to the Key Management UI via the center display under Vehicle Settings>Locks. Find the device to remove, and select the Trash icon to proceed. A mobile device may "forget" a vehicle phone key pairing by clicking the information icon next to the phone key line on the Tesla App, and selecting "Forget this vehicle" at the bottom. The identification key and pairing to the vehicle will be removed from the device if the Tesla Mobile App is uninstalled. However, the identification key will not be removed from the vehicle, and the device would have to be paired again if the Tesla Mobile App is reinstalled.

Requirementslink

If the Security Controller (VCSEC) is replaced, the phone key will need to be paired to the vehicle again. And if the phone key supports UWB, then customer will also need to go through UWB pairing process again.

  • Phone key requires a mobile device that supports Bluetooth Low Energy (BLE).

  • Phone key is compatible with devices running Apple iOS 10 or later and Android v5.0 Lollipop or later.

  • Phone key is compatible with the latest version of the Tesla App.

  • Bluetooth must be enabled for phone key operation.

  • The mobile device must have been unlocked after restarting.

  • The customer must be signed into the Tesla Mobile App.

  • The correct vehicle must be selected or active in the Tesla Mobile App.

  • For passive features, the Tesla App must have permission to run in the background.

  • Android OS requires that location permissions are enabled.

  • Android OS requires that location services are enabled.

Near Field Communication Key Cardlink

The Near Field Communication (NFC) key card is a durable, waterproof device that contains no power source of its own. It functions using electromagnetic induction, which facilitates wireless power transfer and communication with a powered key card reader. NFC technology requires close proximity to the reader antenna to function, usually within 4 cm. There are two NFC readers on the vehicle, one in the driver side B-pillar applique half way down (under the camera), and the other in the center console behind the cup holders. The orientation of the NFC key card is important in order to achieve optimal detection distance and authentication time. It should be oriented vertically at the B-Pillar, and horizontally at the center console as shown. Tapping or "presenting" the NFC key card to the reader is the preferred usage method. Swiping may cause failure to complete the authentication process. Some items, such as NFC enabled cards like badges and credit cards, other metallic objects, or even a thick layer of ice and snow, can interfere with the electromagnetic field and cause severe degradation of performance. Severe bending, cracking, cutting, melting, or other mutilation of the NFC key card will cause permanent damage to the key card and may prevent proper operation. This includes a hole punch for a keyring.

Presenting the key card at either reader will authenticate the vehicle for Drive, although only presenting the key card at the B-Pillar reader will trigger a lock or unlock sequence. Authentication for Drive will expire after two minutes of inactivity, at which point the NFC key card would have to be presented to the reader again. This means that the driver only needs to present the key card to the B-Pillar reader to unlock and authenticate the vehicle for Drive. They do not need to present it again to the center console reader unless the 2 minute timer expires. If the timer does expire, the driver will receive a pop up prompt on the UI instructing them to tap the NFC card to the reader. A paired NFC key card is required in order to pair a new phone key for the first time.

The NFC readers on the vehicle have multiple power states to reduce power consumption and prevent unwanted interaction with NFC devices if already authenticated. The reader performance is at maximum in the Always Read power state, which it enters when it can anticipate user interaction (door handle pull for B-Pillar reader or Accessory state for center console reader) or when it attempts to read an NFC card from the low power state (Read on Wake). Pulling the driver door handle will keep the B-Pillar reader in Always Read for 20 seconds, and can improve key card authentication performance if the first attempt does not succeed.

Pairing And Removallink

Pairing of two NFC key cards occurs at the factory and is included with every Model 3. However, additional cards can be purchased and paired if the customer desires additional cards or has lost or damaged one. In order to pair a new NFC key card, the new card must be placed on the center console reader to initiate the pairing process. To remove a lost key card, the corresponding key slot must be identified and erased. Both pairing and removal processes can be performed by Service and customers if at least one NFC key card has been paired to the vehicle.

Note

NFC key cards can be paired to any number of Model 3 vehicles.

Key Foblink

The key fob is the traditional way for customers to access their vehicle and is ideal for those who do not use the Phone Key feature. It is available as an optional equipment on the Tesla Shop and includes a coin cell battery. There are two key fob generations which both offer RKE features, locking the vehicle when pressing the key fob top area once and unlocking it when pressing twice. But only the latest generation is equipped with Passive Entry hardware, unlocking and locking the vehicle when the key fob is within 1 meter. Both generations can also be used like a NFC key card.
Model 3 Key Fob

The key fob is powered with a coin cell battery (type CR2032) and is estimated to last with normal use for around five years for the first generation and around two years for the second one. This lower battery life is due to the Passive Entry feature. If not used, it will last longer. To replace the battery, place the key fob button-side down on a soft surface and use a small flat-bladed tool to release the bottom cover. Remove the battery by gently lifting it away from the retaining clips and insert the new battery with the '+' side facing up.
Changing the Key Fob Battery

Key fobs can be paired to any number of vehicles and their NFC feature can be used at any time with any vehicle that it is paired with. The RKE and PE features only work on the last vehicle the key fob had NFC interaction with. Tapping the key fob to another paired vehicle will switch it to that vehicle.

Remote Keyless Entrylink

The key fob communicates via Bluetooth to the 3 BLE endpoints of the vehicle whenever one of its buttons is actuated. Radio equipment with a similar frequency can affect the key fob operation. If this happens, move the key at least 30cm away from other electronic devices.

The three numerated buttons correspond to:

  1. Front trunk button
    • Double-press to open the front trunk.
  2. Lock/Unlock button
    • Single-press to lock doors and trunks (all doors and trunks must be closed).
    • Double-press to unlock doors and trunks.
  3. Rear trunk button
    • Double-press to open the rear trunk.
    • Hold down for one to two seconds to open the charge port.

The key fob can also be used to prime summon the vehicle if enabled. Hold down the top button to activate prime summon, and press the frunk or trunk button to move the vehicle forward or backward after priming.

Note

Summon activation via key fob is only available in the following countries: USA, Mexico, Canada, China, Australia, New Zealand, and South Korea.

Passive Entrylink

The second generation of key fobs is equipped with Passive Entry hardware. If enabled in the vehicle security settings, the vehicle automatically unlocks when a key fob is present, authenticated, and a door handle is pulled. Key fob presence is determined using the signal strength measured by BLE endpoints. If one the three BLE endpoints signal strength value exceeds a define threshold, key fob will be considered as present. Similarly, if a key fob is determined to be leaving and Walk Away Lock is enabled, the vehicle will lock. When present, the key fob authenticates the vehicle for drive and disarms the immobilizer.

Second generation key fobs have a built-in Inertial Measurement Unit which monitors key fob movement. The key fob will enter Sleep state after five minutes of being stationary while in range. This functionality increases the key fob battery life. Shake or press a button of the key fob to wake it up.

Reminder

First generation key fobs do not have Passive Entry hardware and are only RKE capable. If customers desire the Passive Entry feature, they should buy the latest generation key fob.

Dead Key Foblink

In the event the battery dies, the key fob can be used like a NFC key card to unlock the vehicle and authenticate for Drive. Place the key fob flat-side on the B-pillar reader to unlock the vehicle and authenticate for Drive. This will remain active for 2 minutes. If there is no activity during this time, the vehicle will need another authentication to enter Drive at either the center console or B-pillar reader.

Vehicle Behaviorslink

This section is dedicated to interpreting Tesla behavior specifications regarding vehicle security.

Authentication and Drivelink

The vehicle will automatically immobilize and exit Drive when a drive cycle is complete, requiring an authenticated device to be present to re-enter Drive and disable the immobilizer. If the vehicle drives away after authenticating with the phone key, and no devices are detected inside the cabin, the vehicle will display a user-facing alert indicating the key is no longer present.

Authentication devices include an NFC card, a key fob, or a customer's mobile device. The authentication time is 120 seconds. For active unlock and drive from phone key, the phone must be detected within the last second to authenticate for drive.
Vehicle Authentication Process

Alarmlink

2024+ Model 3 features an alarm system. The alarm functionality can be disabled by the customer if they do not wish to use the feature, providing the alarm is not armed at the time. The alarm will arm when the vehicle turns off and is locked, either passively by Walk Away Lock or actively via an authenticated device (phone key or NFC Key Card). The alarm becomes fully armed 1 minute after the vehicle becomes secured. The alarm will become disarmed when the vehicle is unlocked or enters Drive mode. The alarm will trigger when either armed or any door, frunk, or trunk is open, except when these closures are commanded to open via an authenticated device. While the alarm is active, the horn will sound once per second and the turn signals will flash.

Door Locking and Unlockinglink

When the vehicle receives an RKE lock or unlock request, the hazard lights will flash along with an audible indication. A mislock will occur if any cabin closure (doors or trunk) is detected to be open at the time of the lock request.

  • Lock: One flash and audible indication.
  • Unlock: Double flash and double audible indication.
  • Mislock (failure to lock): Triple flash and triple audible indication.

Locking Featureslink

  • The Walk Away Lock feature will lock the vehicle if:
  • The vehicle is not in Accessory or Drive Mode.
  • The mobile device has not been detected inside the vehicle for 7 seconds.
  • All doors and trunks are closed.

Note

If the phone key is not connected with any antenna for at least 5 minutes, the vehicle will lock immediately after the device disconnects.

  • Drive Away Lock will lock the vehicle if the vehicle speed exceeds 5 mph. Passive Entry features will be disabled.
  • The center display lock icon can be pressed to lock all closures. Passive Entry features will be disabled.
  • If the child lock is enabled, the rear doors will not unlock from an interior open request.

Unlocking Featureslink

  • If Unlock on Park is enabled, the vehicle will unlock all closures when the vehicle shifts to Park or if the Park button is pressed while in Park.

  • Passive unlock can be disabled through a toggle switch in the Tesla Tesla Mobile App, so if this is disabled, phone key cannot lock/unlock vehicle even with bluetooth turned on.
Passive unlock can be disabled with bluetooth on
  • If the vehicle is locked, an open request from inside the vehicle will be honored, with the exception of the Child lock feature. However, the closure will remain locked and will not be able to be opened from the exterior.

Crash Scenarioslink

  • If a crash is detected by the vehicle, all doors and trunks will immediately be unlocked and the hazard lights will turn on.

  • If a crash is detected, the exterior door handles will be disabled until 10 seconds after the event to prevent unintentional latch opening.

  • If a crash is detected, the Walk Away Lock and Drive Away Lock features will be disabled.

  • If a crash is detected, the glove box latch will release after a short period of time.

Serviceabilitylink

For authentication related issues, the following signals are available:

Signal name Description
VCSEC_BLEDevicePresence* which and whether BLE device is detected
VCSEC_UWB*RadioConfigState* state of UWB endpoint
×
Back to top