Skip to content

Keyslink

Last updated: October 20, 2023

Component Overviewlink

Security Controller (VCSEC)link
Location of Security Controller (VCSEC)

Power Distributionlink

The security controller is powered by a dedicated E-Fuse on the left vehicle controller, the Left Hand (LH) B-Pillar and rear endpoints receive power from the left vehicle controller, and the RH B-Pillar endpoint receives dedicated power from the right vehicle controller. The security controller will only sleep when there is no Bluetooth Low Energy (BLE) authentication device connected to the center BLE endpoint.

Note

The security controller is an always on component, meaning it receives power during sleep and is "always-on". For more information, see Sleep Architecture.

Communicationlink

The security controller manages all vehicle security and communicates with the customer's authentication device of choice (Phone, Key Fob, Key card) via multiple endpoints located throughout the vehicle. In addition to the BLE antenna and NFC reader integrated into the security controller itself, there are 3 other BLE antennas, commonly referred to as endpoints, in the vehicle:

  • Left B-Pillar below the camera.
  • Right B-Pillar below the camera.
  • Mounted to the rear bumper beam.

Each of the endpoints connected to the security controller communicates to the security controller via a dedicated UART (Universal Asynchronous Reciever/Transmitter) serial bus while the security controller communicates with the rest of the vehicle via the VEH CAN bus. The security controller retains the last known values of some signals incase they become invalid (SNA) or the message stops being received (MIA) and will use the last valid values if a valid value has not been received since the last controller reboot.

To reduce battery energy consumption and prevent issues with phones trying to connect to multiple endpoints, a BLE connection is only ever made with the central BLE endpoint in the VCSEC. Since a BLE connection is only made between a BLE authentication device and the center endpoint, the other BLE endpoints act as peripherals, running sniffers to search for BLE signals which they relay to the center BLE endpoint.

A BLE sniffer is program that runs on BLE chips in the endpoints that only receive BLE signals but does not transmit. After sniffers have been initiated on the left, right, or rear endpoints the VCSEC will request Received Signal Strength Indicator (RSSI) values from the sniffers every 50ms. If the RSSI value has not been updated on the sniffer for 2s, the VCSEC will consider the RSSI value not valid (SNA).

RSSI signal ranges:

  • No Signal (RSSI) -> -127dB
  • Very Poor Signal Strength (RSSI) -> Less than -80dB
  • Poor Signal Strength (RSSI) -> Less Than -70dB
  • Fair Signal Strength (RSSI) -> Between -70dB and -60dB
  • Good Signal Strength (RSSI) -> Between -60dB and -50dB
  • Excellent Signal Strength (RSSI) -> Greater than -50dB
BLE Endpoints
1. Red objects along vehicle perimeter are the endpoints, LH B-Pillar,RH B-Pillar, and Rear. The center red object is the security controller.
2. The blue objects are Left and Right vehicle controllers.

Keys and Vehicle Securitylink

Overviewlink

There are 4 methods of interacting with the Model Y security system:

  1. Phone Key:
    • Communicates via Bluetooth Low Energy (BLE) for both its passive and active features.
  2. Near Field Communication (NFC) Key Card:
    • Communicates via the electromagnetic field induced between the antenna in the vehicle (B-Pillar, or Center Console) and the antenna in the key card and is powered when placed close to the readers.
  3. Key Fob:
    • Communicates via Bluetooth Low Energy (BLE).
  4. Remote Access:
    • Communicates via the internet and requires connectivity of both devices, typically cellular or Wi-Fi.

Behaviorslink

Device Localizationlink

The active key is be determined by the security controller based on the following precedence:

  • An authenticated NFC device.
  • An authenticated BLE device via RKE.
  • The closest passively authenticated device based on the Received Signal Strength Indicator (RSSI) reported by driver side B-pillar endpoint and center endpoint in the center console with both having to be greater than -80dB.

RSSI signal ranges:

  • No Signal (RSSI) -> -127dB
  • Very Poor Signal Strength (RSSI) -> Less than -80dB
  • Poor Signal Strength (RSSI) -> Less Than -70dB
  • Fair Signal Strength (RSSI) -> Between -70dB and -60dB
  • Good Signal Strength (RSSI) -> Between -60dB and -50dB
  • Excellent Signal Strength (RSSI) -> Greater than -50dB

Note

The more positive the RSSI value the better the signal strength (i.e. an RSSI value of -50dB is greater than an RSSI value of -80dB).

Authenticationlink

An Authentication Device consists of an NFC Card, Key Fob, or a user's mobile device.

  • The security controller supports up to eight paired NFC cards.
  • The security controller supports up to eight paired mobile devices.
  • The center BLE endpoint is allowed to connect to up to four keyfobs.
Vehicle Authentication

Door Locking and Unlockinglink

When the vehicle receives an RKE lock or unlock request, the hazard lights will flash along with an audible indication. A mislock will occur if any vehicle closure (doors, frunk, trunk) are detected to be open at the time of the lock request.

  • Lock: One flash and audible indication.
  • Unlock: Double flash and double audible indication.
  • Mislock (failure to lock): Triple flash and triple audible indication.

Active vs. Passive Lock/Unlock:

  • An "Active Lock / Unlock" is defined as a user press on the mobile device lock/unlock button, the key fob lock / unlock button, or a user touch of the NFC card on a reader.
  • A "Passive Lock/Unlock" is defined as any automatic locking / unlocking of the vehicle which was not initiated by a specific user, such as walk-up-unlock or walk-away-lock

Locking Features:

  • The Walk Away Lock feature will lock the vehicle if:

  • The feature is enabled on the UI.

  • The vehicle is not in Accessory or Drive Mode.
  • The mobile device has not been detected inside the vehicle for 7 seconds.
  • All doors and trunk are closed. -

Note

Any RKE Unlock request will temporarily disable Walk Away Lock for 60 seconds, or until the vehicle enters Drive mode or the vehicle is RKE or Remote Locked.

Any Interior Unlock request will temporarily disable Walk Away Lock for 60 seconds, or until the vehicle enters Drive mode or the vehicle is RKE or Remote Locked.

If the Phone Key is not detected by any BLE endpoint antenna for at least 5 minutes, the vehicle will lock immediately after the device disconnects.

  • Drive-Away lock will lock the vehicle when the vehicle under the following conditions:
    • Vehicle speed exceeds 5 mph.
    • Vehicle power state is in Drive.
    • Driver is in the vehicle.
    • All the doors are closed.
  • If Child lock is enabled, the rear doors will not unlock from an interior handle open request.

Unlocking Features:

  • If Unlock on Park is enabled, the vehicle will unlock all closures when the vehicle shifts to Park or if the park button is pressed while in Park.
  • Passive unlock is always active and will unlock the vehicle when a handle is pulled as long as Phone Key, or Key Fob is present and authenticated.
  • If the vehicle is locked, an open request from inside the vehicle will be honored, with the exception of the child lock feature. However, the closure will remain locked and will not be able to be opened from the exterior.

Alarmlink

Please refer to the Alarm System document for more details about the alarm features.

Crash Scenarioslink

  • If a crash is detected by the vehicle, all doors and trunk will immediately unlock, and the hazard lights will turn on.
  • If a crash is detected, the exterior door handles will be disabled until 10 seconds after the event to prevent unintentional latch opening.
  • If a crash is detected, the Walk-Away Lock and Drive Away Lock features will be disabled.
  • If a crash is detected, the glove box latch will release after a short duration.

Phone Keylink

The phone key extends the capabilities of the Tesla App on compatible mobile devices to act as both a passive and active local key to the vehicle, in addition to existing Remote Access features. Once paired to the vehicle, the mobile device automatically connects to the Model Y registered to the Customer's myTesla account, as long as the requirements are met. The Model Y continually advertises its identity via the 3 BLE endpoints. This advertisement is read by the Tesla Mobile App. The phone key automatically communicates with nearby Model Y and when it receives an encrypted challenge from the security controller, the phone key replies with its encrypted response. If the response is validated by the security controller, the vehicle is authenticated, activating passive and active features. If multiple vehicles are registered to the same myTesla account, the phone key will only connect to the actively selected vehicle.

Unique Behaviorslink

Because Phone Key takes the place of the key fob, many of the behaviors associated with key fobs will also apply to Phone Key, such as:

  • If the Phone Key is left inside the Model Y, the Model Y will remain unlocked.
  • If the Phone Key is present for a period of inactivity longer than 5 minutes, the Model Y will stop monitoring its location. It will resume if interaction with the vehicle begins again.
    • If the mobile device battery dies within the 5 minute period, it would appear as if Phone Key left the vehicle vicinity, triggering a passive lock if enabled.
    • If the mobile device battery dies outside of the 5 minute period, the Model Y would not see the Phone Key leave the vehicle vicinity. A passive lock, if enabled, would not be triggered.
  • If Remote Access or an NFC key card is used to lock the Model Y while the Phone Key is inside the vehicle, the vehicle will lock. However, the passive features will still be active and a handle pull would trigger a passive unlock.

Note

A UI lock from the interior disables the passive unlock.

Pairing And Removallink

In order to initially pair Phone Key to the vehicle, the following must be true:

  • The vehicle must be associated with the customer's myTesla account.
  • The customer must be signed into the Tesla Mobile App on a compatible device and have the Model Y selected if the customer owns multiple vehicles.
  • Bluetooth must be enabled on the mobile device.
  • An already paired NFC key card must be present to authenticate when requested.

In order to remove a paired Phone Key, navigate to the Key Management UI via the center display. Go to Vehicle Settings → Locks. Find the device to remove, and select the Trash icon to begin the removal process. A paired NFC key card is required to remove a device, similar to the pairing procedure. A mobile device may also "forget" a vehicle Phone Key pairing by clicking the information icon next to the Phone Key line on the Tesla App, and selecting "Forget this vehicle" at the bottom. Deleting and reinstalling the Tesla Mobile App on a mobile device will delete the old identification key and pairing to the vehicle on the device. However, it will not remove the old identification key from the vehicle, and the device would have to be paired again.

Requirementslink

If the Security controller is replaced, the Phone Key will need to be re-paired to the vehicle.

  • Phone Key requires a mobile device that supports Bluetooth Low Energy (BLE).
  • Phone Key is compatible with devices running Apple iOS 10 or later and Android v5.0 Lollipop or later.
  • Phone Key is compatible with the latest version of the Tesla App.
  • Bluetooth must be enabled for Phone Key operation.
  • The mobile device must have been unlocked after restarting.
  • The customer must be signed into the Tesla Mobile App.
  • The correct vehicle must be selected or active in the app.
  • For passive features, the Tesla App must have permission to run in the background.
  • Android OS requires that location permissions are enabled.
  • Android OS requires that location services are enabled.

Near Field Communication (NFC) Key Cardlink

The NFC key card is a durable, waterproof device that contains no power source of its own. It functions using electromagnetic induction, which facilitates wireless power transfer and communication with a powered key card reader. NFC technology requires close proximity to the reader antenna to function, usually within about 4 cm. There are two NFC readers on the Model Y, one in the driver side B-Pillar applique half way down (under the camera), and the other in the center console behind the cup holders. The orientation of the NFC key card is important in order to achieve optimal detection distance and authentication time. It should be oriented vertically at the B-Pillar, and horizontally at the center console as shown. Tapping or "presenting" the NFC key card to the reader is the preferred usage method. Swiping may cause failure to complete the authentication process. Some items, such as NFC enabled cards like badges and credit cards, other metallic objects, or even a thick layer of ice and snow, can interfere with the electromagnetic field and cause severe degradation of performance. Severe bending, cracking, cutting, melting, or other mutilation of the NFC key card will cause permanent damage to the key card and may prevent proper operation. This includes a hole punch for a keyring.

Presenting the key card at either reader will authenticate the vehicle for Drive, although only presenting the key card at the B-Pillar reader will trigger a lock or unlock sequence. Authentication for Drive will expire after two minutes of inactivity, at which point the NFC key card would have to be presented to the reader again. This means that the driver need only present the key card to the B-Pillar reader to unlock and authenticate the vehicle for Drive. The driver does not need to present the key card again to the center console reader unless the 2 minute timer expires. If the timer does expire, the driver will receive a pop up prompt on the UI instructing them to tap the NFC card to the reader. A paired NFC key card is required in order to pair a new Phone Key for the first time.

The NFC readers on the vehicle have multiple power states to reduce power consumption and prevent unwanted interaction with NFC devices if already authenticated. The reader performance is at maximum in the Always Read power state, which it enters when it can anticipate user interaction (door handle pull for B-Pillar reader or Accessory state for center console reader) or when it attempts to read an NFC card from the low power state (Read on Wake). Pulling the driver door handle will keep the B-Pillar reader in Always Read for 20 seconds, and can improve key card authentication performance if the first attempt does not succeed.

Note

The location of the B-Pillar NFC card reader is lower on the B-pillar on the Model Y compared to the Model 3.
B-Pillar NFC Key Card Reader Location
Center Console NFC Key Card Reader Location

Pairing and Removallink

Pairing of two NFC key cards occurs at the factory and is included with every Model Y. However, additional cards can be purchased and paired if the customer desires additional cards or has lost or damaged one. In order to pair a new NFC key card, the new card must be placed on the center console reader and the pairing routine initiated. In order to remove a lost key card, the corresponding key slot must be identified and erased. Both pairing and removal are processes that can be performed by the customer via the UI on the center display.

Key Foblink

The key fob is the traditional way for customers to access their vehicle and is ideal for those who do not use the Phone Key feature. It is available as optional equipment on the Tesla Shop and includes a coin cell battery. The key fob offers RKE features, locking the Model Y when pressing the key fob top area once and unlocking it when pressing twice. It is equipped with Passive Entry hardware, unlocking and locking the Model Y when the key fob is within one meter. The key fob can also be used like a NFC key card.
Model Y Key Fob

The key fob is powered with a coin cell battery (type CR2032) and is estimated to last with normal use for two years (if passive entry features it not used, it will last longer). To replace the battery, place the key fob button-side down on a soft surface and use a small flat-bladed tool to release the bottom cover. Remove the battery by gently lifting it away from the retaining clips and insert the new battery with the '+' side facing up.
Changing the key fob battery

Key fobs can be paired to any number of vehicle and the NFC feature can be used at any time with any vehicle paired. The RKE and PE features only work on the last vehicle the key fob had NFC interaction with. Tapping the key fob to another paired vehicle will switch it to that vehicle.

Note

Key fobs are also compatible with the Model 3, and can be paired to any number of Model Y and Model 3 vehicles.

Remote Keyless Entrylink

The key fob communicates via Bluetooth to the three BLE endpoints of the vehicle whenever one of its button is actuated. Radio equipment with a similar frequency can affect the key fob operation. If this happens, move the key at least 30cm away from other electronic devices.

The three numerated buttons correspond to:

  1. Front trunk button
    • Double-press to open the front trunk.
  2. Lock/Unlock button
    • Single-press to lock doors and trunks (all doors and trunks must be closed).
    • Double-press to unlock doors and trunks.
  3. Rear trunk button
    • Double-press to open or close the powered rear trunk.
    • If moving, press once to stop the powered trunk movement.
    • Hold down for one to two seconds to open the charge port.

The key fob can also be used to prime summon the vehicle if enabled. Hold down the top button to activate prime summon, and press frunk or trunk button to move the vehicle forward or backward after priming.

Note

Summon activation via key fob is only available in the following countries: USA, Mexico, Canada, China, Australia, New Zealand, South Korea and Taiwan

Passive Entrylink

If enabled in the vehicle security settings, the Model Y automatically unlocks when a key fob is present, authenticated, and a door handle is pulled. Key fob presence is determined using the signal strength measured by BLE endpoints. If one the three BLE endpoints signal strength value exceeds a define threshold, the key fob will be considered as present. Similarly, if a key fob is determined to be leaving and Walk Away Lock is enabled, the vehicle will lock. When present, the key fob authenticates the vehicle for drive and disarms the immobilizer.

The key fob has a built-in Inertial Measurement Unit monitors key fob movement and will enter the Sleep state after five minutes of being stationary while in range. This functionality increases the key fob battery life. Shake or press a button of the key fob to wake it up.

Dead Key Foblink

In the event the battery dies, the key fob can be used like a NFC key card to unlock the vehicle and authenticate for Drive. Place the key fob flat-side on the B-pillar reader to unlock the vehicle and authenticate for Drive during 2 minutes. If there is no activity during this time, the vehicle will need another authentication to enter drive at either the center console or B-pillar reader.

×
Back to top