When reading trade magazines and attending trade shows, the electronic lock is ubiquitous. An abundance of products have been introduced to solve the problems associated with key control – who has keys to your facility and who has the authority to make new or duplicate keys.
The hotel industry first drew attention to the benefits of electronic locks in the 1980s following several instances where mechanical locks and keys were compromised. This resulted in serious safety and security issues for guests as well as major liability and lawsuits for hotel operators. Electronic hotel locks solved this dilemma by utilizing magnetic keycards that are only valid for a specific time frame and for a specific door. These keycards are harder to duplicate than mechanical keys and have a unique coding for each room and length of stay. Electronic locks also provided the benefit of an audit trail, enabling the hotel operator to investigate any guest’s claim for a loss in a particular room or a breach in security.
In addition to the traditional electronic hotel locks, many electronic locks utilize personal identification numbers (PIN) or other credentials such as Prox or RFID (Radio Frequency Identification) cards and smart cards (contact or contactless). These electronic locks share common limitations. In the case of magnetic keycards, Prox cards and similar credentials, the user has to be physically given a token to hold in his possession and present to the lock for access. For PIN locks and most credential-based locks, the lock administrator also has to visit the lock to add or delete the user. This is often accomplished using a hand held device, which has received a configuration file from a PC-based software system. Although some newer PIN locks have pre-programmed or “one-shot” service codes, once these codes are used, they have to be reprogrammed by visiting the lock.
These limitations are quite acceptable in hotels where a front desk staff hands you a keycard. Similarly, a University with a fully staffed Campus Card office, or a hospital with an in-house security department to manage and reprogram their locks as personnel changes occur, can find this process acceptable.
The Need for Remote Access
However, there are a growing number of ‘remote’ access control applications where the elimination of mechanical keys and the associated key control issues is paramount, but the use of traditional electronic locks is not suitable since:
Lock users are far away from any location that could issue a credential to them in a practical manner.
Lock users only require temporary and/or infrequent access.
The users may not be suitable for permanent credentials (service people, subcontractors etc).
There is no group to visit the locks to add/delete credentials or otherwise manage the lock.
Some possible examples of these access control scenarios include remote and unmanned sites such as cell towers, telephone switching equipment buildings, water treatment buildings, pump rooms, corporate apartments, store or warehouses that require after-hours deliveries, conference centers, utility rooms and vacation rentals.
The advent of cellular and other Radio Frequency technology has opened up the opportunity to add or delete credentials and manage electronic locks via a wireless connection. However, issues of signal reception in remote or indoor locations and battery power requirements limit the viability of this technology.
A unique solution to these problems and access control scenarios is the Oracode Intelligent Electronic Pushbutton Locking system from Kaba Access Control. It operates using time-sensitive, PIN-based credentials that are issued remotely using web-based software. Once installed, locks can be located and managed anywhere in the world without ever having to visit the lock. The system requires just three components: door locks, web based software, and any Personal Digital Assistant (PDA) running PALM OS5.X.
Door Lock. The heart of the Oracode system is the heavy-duty electronic door lock, suitable for both interior and fully exterior applications. Three standard AA batteries produce in excess of 100,000 openings. Users are warned of the low battery level by flashing LEDs. The lock is equipped with an emergency key override and the latest plating technologies are used to ensure the lock finish withstands the harshest climates. The lock tracks the last 1,000 entries to provide audit trails that can be extracted by visiting the lock and downloading with the PDA.
Oracode E-Code Web-Based Software. Kaba’s E-Code web-based software is easy to use and can be operated on a computer equipped with an internet connection, 128 bit encryption pack enabled browser, and a USB port to connect to the PALM PDA. Transactions with the E-Code site are secured via the 128 bit SSL encryption. Since it is a web-based application, there is no software to install on the administrator’s PC. This minimizes the technical problems due to operating system service packs.
The E-Code web site is divided into two sections. The first sections deals with site set-up, lock configuration, user attributes and reports. Each site can manage up to 750 locks. The second section deals with generating user access codes via the secure web site by selecting the start and finish parameters. This section permits managing the lock without ever having to go to the lock and entering pre-determined codes.
Each Oracode lock has 128 user levels permitting 128 codes to be concurrently active at the same time in the lock at any one time. With these 128 user levels, you can assign different access privileges to each one via the web server such as passage mode activation, deadbolt override, time zones for access, etc.
System Set-Up. Locks must be initially “synched” to the E-Code web site that will be used to manage it. A PDA is used to upload a unique “digital key” that is specific to the lock. This “synchs” the lock with the system. Each Oracode lock in an installation will have its own “digital key.”
During this set-up process, you also select the time granularity for the lock. The granularity is a specific time block that the lock works with to establish access periods. For example, if you are setting up a vacation resort property, you may choose to set this to one week since most your rentals are weekly. However, if you are a cell tower operator, you could choose to select days since your technicians work in periods of less than a day at the site. The maximum length of time for a valid access code that can be generated is 31 times the time granularity setting. Therefore in the preceding two examples, the vacation property could be given a code valid for 31 weeks and the cell tower a code for 31 days. Providing access for periods longer than these time periods can be accomplished by providing new codes.
Additionally, the Oracode is designed to support two Time Granularity settings concurrently. This allows you to provide user access based on two time periods. For example, you can give permanent employees a longer access duration and give temporary contractors shorter access.
Oracode Operation. Once your lock is set-up, you can generate user codes for specific doors by selecting the proper menu items and specifying your future start and finish parameters. The E-Code site generates a six-digit code that embodies all the information you entered; however, it is encrypted based on the “digital key” that was initially synched into the lock. Once this PIN has been generated, it can be sent to the user via e-mail, fax, voice, SMS and the like. Codes can be generated weeks, months or years in advance of the planned use yet will only work between the start and finish parameters that were used to originally generate the code.
When the user enters the six-digit code into the lock, the lock uses the stored matching “digital key” to decrypt the code and then read the lock ID along with start and finish parameters. If the lock ID matches and the lock’s real-time clock says that the current time is in between the just decrypted start and finish parameters, the lock will open. Otherwise it will remain locked and secure.
In applications where the user is going to use the Oracode lock repeatedly during a time period, remembering the generated 6-digit code may be taxing. This is not a problem with the Oracode. The lock allows the user to enter a simple keystroke sequence to set their own personal code based on a number they can easily remember, such as a birthday. The user then enters their own number for access and the Oracode lock automatically links that to the originally generated code and it’s encrypted time-sensitive parameters.
The Oracode System from KABA permits the generation of time sensitive codes via the Internet for months or even years in advance. Installations can be located anywhere in the world and you never have to re-visit the lock!
Michael Kincaid is vice-president and general manager of KABA Access Control, Winston-Salem, NC. He can be reached via E-mail at firstname.lastname@example.org. For more information on Kaba, visit www.kaba-ilco.com.