Many aspects of the tokens used to control modern cars are imperfect. Car keys are not, and never really have been, unique. Since there are so many cars out there, just randomly trying your key in the locks of cars you see won’t usually get you inside. But with the right knowledge or a big enough key ring, criminals exploit weaknesses of modern keys every day.

Physical keys can be lost, so they must always be replaceable. And only one person can hold a physical key at any given instant. To acquire the key, someone needs to give it to you somehow, or you need to retrieve it from the place the last person left it. That place must be protected so that only someone authorized to use the vehicle has access. You get the idea.

I’m not exaggerating when I say that cryptographic tokens change everything.

Imagine instead of a physical key, the car is controlled by a one-of-a-kind-unique token built on the counterparty platform that controls the door, locks, and ignition of your car. On your phone you have an application with pockets, bitcoin addresses that can hold access tokens and empower you to cryptographically sign requests. You place the token in your digital pocket and walk up to your car; your phone lets the car know you're nearby and the car sends a request for a signed message from the digital pocket (bitcoin address) that controls the token key; your pocket controls the token which controls the car. Your phone uses the address containing the token to sign and broadcast a transaction back to your car to unlock the doors. Voila, you are in control of the car and enabled to press a button that toggles the ignition, or do anything else the current operator of the car should be able to do.

That might sound complex, but your phone and your car handle almost all of it without you even knowing. You just have to make sure you have the right token.

Okay, so you can use your phone to open and turn on a push-button car. That’s just the start. 

There are two levels of ownership when it comes to a token:
 

1. Token Possession

   Whoever holds the token (right now) can use it.

    

2. Asset Authority

   The true owner of the car, and thus the token, even when they do not hold it.  If the token is late, lost or stolen they can invalidate the old one and create a new and unique one for about $0.05 

Tokens, unlike cryptocurrencies, can be designed to be basically disposable by whoever holds the asset authority which means there's really no problem if the key does get lost or stolen.  In the future, instead of replacing the lost or stolen token with a new one, Key-Tokens will be designed as recallable "smart contracts" which can be given to anybody but then automatically "reeled in" and sent to the next person who has scheduled access.   In the event that a key is either "reeled in" or replaced, the vehicle doesn't just stop wherever it is but the driver will no longer be able to authorize any car functions that check authorization such as starting the vehicle.

This process is not geography dependent and can be automated. The process is resilient to hacking because the correct signal being sent from the key to the car requires a cryptographically signed message that can only come from the proper address. An advantage of a disposable token is that if stolen, the token can be quickly and cheaply replaced, then sent to an uncompromised address.

Forging or counterfeiting tokens in real life only requires making a replicate that appears indistinguishable to what you’re trying to imitate. Appearance matters, and important tokens like US dollars go to great lengths to embed features to make them difficult to mimic.

Forging cryptographic tokens? Don’t even bother. If you could check a dollar like you can a cryptographic token, even the slightest, most insignificant deviation from how that particular bill should look would be highlighted in electric green. A big booming voice would shout “That dude is lying to you”. It’s that obvious.

So we have a car key that cannot be lost, stolen, or forged and that can be retrieved and sent, automatically and remotely.

Let’s think about a typical family situation: two cars for two adults and three kids. Both adults are done with the cars most nights by 5pm and it’s alright for the kids to use them until 9pm, but then they should be home. In the conventional key situation, possession is 9/10ths of the law and good enough for the kids to stay out with the car until at least 10 without getting in too much trouble.

With a tokenized key, access lasts until the key is remotely pulled either by a preset timer or a watchful parent. The car remains on until turned off, but the door locks can no longer be controlled and the car can’t be started once stopped without a baleful call to the parents asking for the key to drive home.

One of the services we plan on building at Tokenly is called TokenTime—a multi-token scheduling service where availability can be bought and sold for tokens. Let’s imagine that concept applied to the family cars.

The family has a private calendar that shows the booking schedule for their vehicles. From 9pm–7am the keys are kept in a secure wallet. From 7am–5pm each car is assigned to the adults, from 5pm–9pm there are bookable hours in both vehicles. On the weekends there is usually one car available the whole 10 hour day. In total, the kids have access to 60 bookable hours between the two vehicles per week.

At the beginning of each week, the kids receive 20 "Smith Family Car Reserving" tokens each. One token represents one hour, and they use an app to book desired/available times. They pay for it with the tokens, and once paid for, the slot is no longer available to the siblings. If their plans change, they can relist the timeslot, and someone else can buy it from the original purchaser, trading the new owner's unbooked time for the already booked spot. If someone runs out of time, they can call their brother or sister to be bailed out rather than the parents. The system itself can incentivize not overstaying your reservation by automatically adjusting the disbursement of time in the next week based on non-adherence to the conditions of use.  Flexibility is very possible, but not unlimited.

The cost in terms of tokens for a day's use does not have to be fixed. It could cost more tokens to be out in the last two hours of the five hour window than the first three hour window. Adherence to rules can be incentivized through a more natural process than the current system where people are presented with the opportunity to fail, they take that opportunity, and a cycle of negative reinforcement perpetuates because there is no way to enforce the rules. Tokens and automation present an opportunity not just to families and vehicles, but to nearly every voluntary person-to-person interaction

Why stop at the kids? Open up the free hours to your neighbors or people driving by in the street who place a refundable deposit and have sufficient reputation.  You’ll notice that nowhere in this scenario does the car necessarily have to track anybody doing anything with the car. Remote control of the key means you don’t need to know where people are to remain in control should the situation go wrong. The only thing that doesn’t exist yet is the key and ignition interface plus the app.  

I actually wrote this paper more than a year ago, this is one of the further out the ideas we’re exploring at Tokenly and demonstrates how even non-monetary relationships will be empowered by Tokens, simply because they are so cheap and fast.  I say fast even assuming we're talking about the Bitcoin blockchain because this type of application, like pretty much all Token Controlled Access applications, doesn't need to wait for even a single blockchain confirmation before applying its benefit.  

Imagine it's my turn for the car and i'm standing outside, ready for it. My phone "BLEEPS" that the key-token has been sent to it and then alerts the car.  The car checks its controlling token on the blockchain and sees that there is an unconfirmed send of the key to a new address.  The fact that the key-token has been sent at all means that it was attempted by someone with the appropriate authority to do so, so there's really no need to wait for the bitcoin network before treating them like the current owner.

In a worst case scenario, the person is granted authority until it becomes clear that for whatever reason the transaction is not going to stick, at which point it can be re-sent automatically if authentic or invalidated and reeled in.

Token technology is at a place where nearly anything is possible: we can build anything we devote the resources to building. Our challenge is to expand our thinking to incorporate new possibilities and then drag them into our lives because they are better ways to accomplish the things we do every day.