Assessing Existing Master Key Systems

Two powerful techniques can assist locksmiths when assessing existing master key systems. These techniques work on all types of pin-tumbler locks, regardless of chamber counts, or progressions under the TMK.


Most facility managers or building owners rely on locksmiths to maintain their keying systems. In most cases these keying systems will involve master keying. The details and plans of master keying are complicated and sometimes arcane, and always non-intelligible to the customers of...


To access the remainder of this piece of premium content, you must be registered with Locksmith Ledger. Already have an account? Login

Register in seconds by connecting with your preferred Social Network.

OR

Complete the registration form.

Required
Required
Required
Required
Required
Required
Required
Required
Optional
Required
Required

Vendor audits and assessments

Audits will determine the level of compliance relative to: key issuance and retention policies, working procedures, record-keeping, and key-generation.
There is always policy relating to key control, ranging from verbal and informal to written and formal. Key policy refers to:
• Persons authorized to order the locksmith to issue keys and rekey locks;
 • Persons who approve keying plans;
 • Who has access to key-generation resources;
• Who keeps the records; and
• Who has access to key records.

Additional policies relate to: how keys that are lost are replaced; if keys are recovered when no longer needed or when keys are turned in; and who sets key policies. The audit should establish that there is a key policy in place, what exactly the key policy is, and the level of compliance regarding the policy.

There are always working procedures. The audit should determine that procedures are cost-effective and yield results. Examining procedures sometimes identify needless repetitive tasks that can be eliminated.
Record-keeping ranges from inaccurate to precise. If the issuance of keys has not been logged into a formal list or database, then key issuance may be generally tracked referring to invoices. Sometimes there are no records at all. An important value to the audit is identifying where improvements can be made that will lower liability and increase integrity.

How keys in the system are generated is very important. Keys can be selected from lists of keys and sub-master keys provided by the hardware company that initiated the original system; keys can be generated from after-market software applications, suited for this purpose; the locksmith that services the system can apply a custom-built application using spreadsheets or hand-written lists; or keys randomly selected out of a bucket can be “mastered” to a Top Master Key (the highest key in the system).

The latter means of key generation is as bad as it gets and unfortunately is more common than it should be. I know of two school districts where this method is still used. This especially happens on old Schlage systems where there initially was a lot of integrity but over time, and without proper oversight, pair of keys that were salvaged and gathered in a bucket were simply selected at random and then “forced” to be master keyed with the TMK.
Usually when negligence is revealed after the audit, it is because of improper key generation or lack of record keeping.

No Records?
Twenty years ago, the facility manager of a university contacted me in a panic as their in-house locksmith went “rogue;” he destroyed all the key registers and original key bitting charts. This was done two weeks before the start of a new school year. Timing-wise, this was critical as instructors would soon need keys to their new rooms.

To this day I have never seen a worse case of destruction. The night before leaving, the locksmith gathered thousands of original keys (from organized key cabinets) and literally shoveled them into a mountainous pile in the middle of the key shop. At the top of the pile he formed a cavity in which he dropped all the key registers, and key-generation lists. He essentially created a hibachi and used it in that manner by setting the registers and lists on fire.

When he was done, there wasn’t so much as a hint of a key reference. Even the key bitting of the TMK was not readily available as everybody’s master keys were worn beyond accurate reading.
Obviously swift action was needed. Because of the size of the campus, immediate rekey could not have been accomplished in time. A decision was made to decode every lock cylinder on campus, essentially recreating the original bitting charts, so keys could be manufactured and immediately distributed.

I could guarantee results in a timely manner as I was privy to an expert technique that I had perfected. It would allow me to determine the exact change key that was intended for each lock cylinder without the need to disassemble and decode the cylinder. I promised that within 24 hours, I would deliver sets of “diagnostic keys” that maintenance persons could effectively use without training or skill. Persons using the diagnostic keys would simply try each key (24 in a set) and note which keys operated the lock. That information would be delivered to the department secretary and she would compose a list of those keys that worked. From the secretary’s list, I could recreate the original bitting chart.

It took two hours to develop and cut four sets of diagnostic keys. I did not disassemble a single lock cylinder. The keys were distributed among four persons who worked all night to try every lock cylinder.
By the morning the project was completed. I spent the next week cutting hundreds of keys for instructors. The campus was then casually rekeyed to a new master key system the next six months.

We Recommend