This paper presents a cybersecurity assessment of the owner-pairing process in the CCC Digital Key standard, focusing on the first NFC session where a digital key is provisioned to a smartphone. The study combines protocol-level simulation with real NFC testing using a Proxmark3, enabling analysis of both logical behavior and RF-level interactions. The methodology consists of reproducing the SPAKE2+ handshake, examining APDU command flows and exploring scenarios such as replay, command reordering, malformed frames and key revocation delays. The results aim to enhance protocol implementation, state-transition control and cloud synchronization, supporting compliance with ISO/SAE-21434 and UNECE R155 cybersecurity engineering practices.

• Learn how NFC owner-pairing works in CCC Digital Key, including SPAKE2+ and APDU sequencing
• Understand which NFC attacks are feasible and how tools like Proxmark3 can test them
• See why protocol correctness (freshness, sequencing, teardown) is essential for NFC security
• Learn how to reproduce a combined software and RF-layer testing methodology for validation
• Understand how findings align with ISO/SAE 21434 and UNECE R155 cybersecurity requirements