OEM Partner Toolkit

The OEM toolkit for identity-powered products.

The Enablement Platform is KeyShare's technology suite for hardware manufacturers. Embed identity verification, credential delivery, and access control into your products — locks, readers, kiosks, and terminals — using KeyShare's hardware modules, SDKs, firmware libraries, and the Panel Application.

Discuss OEM Partnership See the Reader Library

Not a manufacturer? If you're a system integrator → Channel Partner Program. If you're evaluating integration → Technology Partners.

0Platform Components
0Certification Programs
0PII Stored at Edge
0Offline Manifest Cache
Components 5 Architecture Certification 3 Support 7 FAQ
Platform Components

What's in the platform.

The Enablement Platform includes five components. OEM partners license the components relevant to their product category — you don't need all five.

01

Reader Communication Module

HARDWARE

A hardware module that handles NFC communication with mobile devices. The RCM manages antenna control, NFC field generation, session establishment, and raw data exchange with the phone. It's the NFC frontend that the Reader Library firmware runs on.

For: Reader manufacturers building NFC-capable access control readers.

Relationship: The RCM provides the NFC hardware layer. The Reader Library provides the firmware layer. Together, they turn a reader into a "KeyShare Ready" identity verification endpoint.

Specifications
NFC StandardsISO 14443 A/B, ISO 18013-5
InterfaceSPI or UART to host MCU
Form FactorModule (PCB-mountable)
AntennaReference design provided
Temperature-40°C to +85°C
02

Lock Communication Module

HARDWARE

A hardware module for electronic lock manufacturers. Handles NFC communication with guest phones and communicates with the lock's controller to trigger lock/unlock operations.

For: Lock manufacturers building electronic locks with NFC capability.

Specifications
NFC StandardsISO 14443 A/B, ISO 18013-5
InterfaceSPI or UART to lock controller
Form FactorModule (door-handle form)
PowerLow-power (battery-operated)
CredentialsWallet keys, mDL
03

Reader Library

FIRMWARE

Embedded firmware for NFC-capable access control readers. Handles ISO 18013-5 identity verification — NFC session, selective disclosure, cryptographic signature verification — and reports via OSDP v2.2.

For: Reader manufacturers integrating identity verification.

Integration model: HAL (Hardware Abstraction Layer). Reference implementation on TI CC26X2R1. Full detail →

Specifications
LanguageC (MISRA C:2012)
ProtocolOSDP v2.2 / RS-485 (AES-128)
IdentityISO 18013-5 (mDL)
CryptowolfSSL (FIPS 140-2)
Min HardwareCortex-M4, 128 KB, 80 KB RAM
OTAVia Panel Application (OSDP)
04

Panel Application

CORE SOFTWARE — CENTERPIECE

Software that runs on access control panels. The intelligence layer between the reader edge and the PACS — receives verified identity data from readers via OSDP, derives a site-specific UUID, validates against a locally cached manifest, and passes a standard credential number to the PACS through the panel's native interface.

For: Access control panel manufacturers considering KeyShare integration.

Why this matters: Access decisions happen on the panel, not in the cloud. Doors open during cloud outages. The PACS is unchanged — it receives standard credential numbers.

Roadmap: Mercury Security (current) · HID (in progress) · Honeywell NetAXS (planned — gateway model)

Specifications
DeploymentContainerized (OCI)
PlatformMercury LP/MP (MercOS)
ArchitectureController Derivation
Panel CommCoAP / localhost (CDP API)
Reader CommOSDP v2.2
Cloud CommmTLS (TLS 1.3) to Connect
Offline72-hour manifest cache
Memory24 MB
Credentials50,000 per panel
SecuritySite-specific UUID, 0 PII
05

Mobile SDKs

iOS & ANDROID

Native iOS and Android SDKs for building applications that interact with the KeyShare Puck. The Wallet SDK (hotel brand apps) and Digital ID Mobile SDKs (citizen wallet apps) are part of the Enablement Platform when licensed by OEM partners.

For: OEMs building branded check-in terminals, kiosk applications, or guest/citizen-facing apps.

Wallet SDK → · Developer Hub →

iOS 15+ · Android 8+
Full Puck feature parity

The Puck as reference implementation

The KeyShare Puck — the countertop NFC terminal — is the reference implementation of the Enablement Platform. It contains the RCM hardware, the identity verification firmware, and communicates with GEP via USB. See the Puck →

Architecture

How the components fit together.

OEM PRODUCT
Lock · Reader · Kiosk · Terminal
Hardware Module
RCM or LCM
Firmware / SDK
Reader Library or Mobile SDK
OSDP v2.2 / USB
Panel Application
UUID derivation · Manifest cache · Access decisions on-premise
Native panel API
PACS / GEP
Existing infrastructure — unchanged
mTLS (manifest sync — not in access path)
Connect / GEP Cloud
Enrollment · Manifest distribution · Analytics

Key architectural properties

On-premise access decisions

Panel Application makes all access decisions locally. No cloud round-trip for any door opening.

Zero PII at the edge

Reader processes identity in transient memory. No PII stored on reader or panel.

Standard credential output

PACS receives standard credential numbers. No API changes to PACS.

Cloud not in critical path

Connect handles enrollment and manifest distribution. Never required for a door to open.

Site-specific UUIDs

Cross-site tracking architecturally impossible. A UUID from one site cannot be correlated with another. Each deployment derives unique identifiers — correlation across sites is prevented by design, not policy.

Certification

Certification and go-to-market.

Every product built on the Enablement Platform goes through certification before going to market — validating protocol implementation, security requirements, and end-user experience.

KeyShare Ready
READER MANUFACTURERS

Reader Library integration. NFC session, OSDP communication, identity verification accuracy.

KeyShare Powered
LOCK / KIOSK / TERMINAL OEMs

Hardware module integration. NFC session, credential delivery, wallet provisioning.

Panel Certified
PANEL MANUFACTURERS

Panel Application integration. Credential injection, manifest caching, UUID derivation, offline operation.

Licensing terms are structured per OEM partner's business model. KeyShare does not apply per-unit licensing that taxes hardware margins.

Discuss OEM partnership and licensing →
Engineering Support

Engineering support for OEM partners.

Dedicated integration engineer

Assigned for the initial development cycle. Available for architecture review, code review, and joint debugging.

Reference implementations

Working code on reference hardware platforms (TI CC26X2R1 for readers). Runnable on dev boards before committing to production hardware.

Sandbox environment

Simulated end-to-end testing: NFC session → OSDP → Panel Application → PACS. Cloud-connected for manifest sync testing.

Technical documentation

HAL specifications, API references, integration guides, architecture documents. Available under NDA upon partnership agreement.

OTA update infrastructure

Firmware updates delivered through the Panel Application over OSDP (readers) or through Connect (Panel Application). No direct cloud connection required.

Versioning protection

Semantic versioning with formal deprecation policy. OTA updates never break integrations. Major version upgrades coordinated with certified partners.

Ongoing escalation

Direct engineering escalation path for certified OEM partners.

FAQ

Frequently asked questions.

No. The Puck is a finished product — it's a countertop NFC terminal for hotel check-in. The Enablement Platform provides the components that the Puck is built from (hardware modules, firmware, SDKs) so that OEM manufacturers can build their own products.

You license only the components relevant to your product. A reader manufacturer typically needs just the Reader Library. A lock manufacturer needs the Lock Communication Module. Panel manufacturers need the Panel Application.

KeyShare Ready is for access control reader manufacturers integrating the Reader Library. KeyShare Powered is for lock manufacturers, kiosk OEMs, and terminal builders integrating hardware modules.

No. The Panel Application caches credential manifests locally (72-hour cache). Access decisions happen on-premise. Cloud connectivity is used for enrollment and manifest sync — it is never in the critical path for a door opening.

Minimum: ARM Cortex-M4 or equivalent, 128 KB flash, 80 KB RAM. A reference implementation on the TI CC26X2R1 development platform is provided.
ISO 18013-5 compliant FIPS 140-2 validated MISRA C:2012 OSDP v2.2 native

Build with KeyShare.

Whether you're embedding NFC identity verification into a reader, adding wallet key delivery to a lock, or building a "KeyShare Powered" kiosk — the Enablement Platform provides the components, engineering support, and certification path.

Discuss OEM Partnership See the Reader Library
See Building Access Solution → Channel Partner Program (for SIs) →