Adding an Electronic Layer

Jan. 3, 2020
Plug-in electronic systems can stand alone or enhance existing electronic access control

I was disappointed at the customer’s lack of interest in my glorious new product.  When I finally asked what HE wanted, I was handed a very large order for something completely off my radar.  It taught me to quit selling what I had, and ask about the customer’s concerns.

In this article, we’ll discuss how your customer can add an electronic security layer around his or her existing mechanical lock.  Recent developments provide you with some new, cost-effective, quick-install electronic upgrades.

Since different needs drive different solutions, three basic technologies have emerged, and each has its role.  Read  the 2012 Locksmith Ledger article; “High Security Cylinders and Keys Go Electronic”  at Since that time Near field Communication (NFC) and Bluetooth® Low Energy (BLE) technologies have matured, creating some exciting new market options. 

Pricing, product selection and integration into the customer’s existing systems will probably drive his or her decision making process.  Find out what’s on the customer’s mind. 

Hardened Vs. Layered

Customer preferences are often driven by an industry’s security perspective and needs.  Here are some of the options you’ll find.  Electrical, water, pipeline, and communication utilities, and customers who have unattended remote sites tend to want very robust defeat-resistance with products like the CyberKey®, and the Medeco® XT. 

Larger office, manufacturing, transportation, government, and institutional facilities are likely to have a more layered security process.  They need flexibility, documentation, and the ability to quickly change and recover.

Intelligent keys like the CyberKey®, and the Medeco® XT serve a high-security market that focuses on high levels of physical defeat resistance and accountability.  A wide variety of locking devices must often be accommodated.  Battery power is contained in the key, which also provides the shoe-leather or Wi-Fi network to transfer information between the lock and the head-end management system. 

Federal, state and industry regulations or standards often mandate specific physical and electronic security issues.  NERC dictates security issues for power utilities, DHS regulates traffic control cabinets, EPA/AWWA covers water utilities, HIPPA dictates healthcare security issues, and the Sarbanes-Oxley includes server security in financial institutions.  Utilities, high-value remote sites, and users with a wide variety of locking devices are often good prospects for these solutions. 

This technology provides solid electronic access enhancements for sites that already have robust physical security.  Key costs are higher and may limit the number of users that can have access. Keys generally provide several hundred operations between charges.

CyberLock® pioneered battery-powered smart keys, cylinders and cores about 20 years ago. The product was developed to provide traditional electronic access control functions in non-traditional applications like padlocks, narcotics and cash drawers, ATMs, remote utility locations, traffic control cabinets, server racks and high-risk locations where hard wired systems were not practical.  As it turns out, there are many millions of these applications.  More than 384 housing designs are currently available.   CyberLock distribution is through certified channels, and system integrators.

Early on, the company elected to build a mini-solenoid that was more resistant to weather and environmental conditions to drive the locking lug.  Solid stainless steel housings, plus drill and tamper resistant plugs, and harsh environment options allow the products to be used in challenging applications.  Twelve different CyberKey® options provide a variety of network communication options including; IR, BLE, and 802.11 bgn at 2.4GHz with high level encryption. 

The CyberLock Flex System® allows 13.56 MHz RFID cards to be used in standard hard- wired card reader applications as well. The unique FlashLock® Mortise cylinder is operated by IR fob, or by optical code sent to smart phone for one-time use.  This stand-alone cylinder allows guests, property management, real estate or maintenance staff to be authorized for a limited or one-time access to remote sites, with complete audit trail.

Medeco provides the XT smart key system with battery power and communication also connected by inserting the key into the lock’s contact points.   The XT system can be quickly installed in just about any type of lock, including those with SFIC cores.  Hundreds of high-security housings accept the XT key. 

Extensive vault, core, and peripheral components are available.  Keys are available that can also communicate with mobile apps via BLE for updates and data download.  Medeco products are well known in the lock industry for their defeat-resistant qualities, and sold through normal lock distribution channels.

Hybrid keys like Medeco Cliq® likewise provide battery power and transfers data between electronic equipped locks and the Cliq web manager system.  The unique system also allows the key to operate existing Medeco M3 or X4 mechanical locks.  Cliq equipped locks provide a dual authentication process with both the electronic and mechanical fit being required.  Once the key is fully inserted, the key’s battery power’s up the core.  Encrypted communication with the core’s RFID chip takes about 300 milliseconds.  Keys hold about 1,000 audit events.

Bluetooth Low Energy network communication uplink is also available for the Cliq key.  Like the XT, the Cliq core contains an RFID chip that stores local data and its own audit trail.  Power is provided by the key which is rated for 20,000 cycles or two years.

Mobile credentials (smart phones) are now carried by virtually everyone, with more than 3.5-billion currently in use.  Recent developments in high-speed Bluetooth Low Energy, encryption techniques, and “secure element” chips have made this vehicle a secure credential technology.  BLE technology allows mobile credentials to provide a very high level of integrity to the access control process through secure chips, encryption, and applications.

Several technology developments are driving the process.  The first one is that nearly everyone has a smart phone capable of sending and receiving high speed BLE transmission.  Mobile credentials can now include two-factor authentication with PIN or biometrics as well.  This allows hundreds or even thousands of users to be in the system with minimal key cost.

The second development is that Secure Element chips can be installed in the lock containing fault-detection, and countermeasures to defend against software attacks that seek to alter, disable, or steal crypto assets.  These defend against side-channel and other attacks that seek to uncover cryptographic keys.  Chip security is rated by Evaluation Assurance LevelEAL5+ is the highest military and commercial security level, and assures that the element can generate and digitally sign transactions without the private keys ever leaving the secure chip.  Search: Evaluation Assurance Level, Tech Target.   Search: The Secure Element – withstanding security attacks.

A third element is that multiple and very high layers of encryption can be employed.  Data residing in the lock and in the mobile credential are encrypted, as are transmissions between devices.  The software in the mobile app and lock can be updated at any time.  An excellent primer on the subject can be found by searching: “The Evolution of Cards and Credentials in Physical Access. “  At the bottom of the HID link, you’ll find a PDF “white paper” that outlines past, current, and emerging mobile credential technologies.

The Best Switch™ Core using Bluetooth Low Energy communication from your mobile phone is being introduced as this is written.  Since everybody has a smart phone, additional keys are not required. Very large numbers of users can be in the system with high levels of security and very low cost.

Industry research found that there are more than 100 million locks with Best or compatible SFIC cores in use in North America (some imply considerably more).  Larger office, industrial, institutional and military users tended to pay close attention to total key control issues.  These organizations were concerned with key availability, ongoing documentation, and the ability to quickly re-key when changes were made. 

Customers wanted to provide high levels of electronic security to existing SFIC locks, or to any lock or exit device with a mortise or rim cylinder.  They also wanted compatibility with existing and future electronic access control systems.

An electronic SFIC core that was both capable and portable would allow users of these larger systems to quickly add individual elements to their electronic access control system, and at low cost. Extensive research and engineering effort went into including EAL5+ chip security, multi-level encryption, update capability, ease of operation, and robust physical characteristics.  A revealing video shows dramatic sledgehammer attacks during ANSI certification tests for A156.5, A156.25, and A156.33. 

How it works:  The Switch core contains an easily replaced long-life battery.  When an authorized user is in close proximity (about 3-4 feet), he or she touches the Switch core to wake it up.  The user’s mobile credential communicates via encrypted Bluetooth (BLE) to the Switch™ Core, which responds based on the credential’s access rights. Two-way transmission is faster than you can blink.

Two factor authentication provides positive defense against unauthorized operation. Low to medium BLE range settings limit communication to 3-4 feet, preventing unobserved operation by some other person.  A “background mode” allows “hands free” interaction with the core. For additional security, a notification alert is sent to the phone of the credential holder whenever lock activation occurs. 

The Switch technology and critical parts are contained within the SFIC core housing.  The hardened external stainless steel portion contains the battery, recessed LEDs and a thumb lever.  These are slightly larger to allow easy keyway operation – when authorized.

A micro-motor in the thumb turn drives the locking lug that allows the lock operation. Internal memory performs standard electronic access control functions with user, time zones, and 3,200 event audit trail.

The interesting part of this system is the Switch app on the mobile phone which remains in constant communication with the user’s access control system or cloud via the local wi-fi network, or cell tower.  BLE software in both phone and lock are constantly updated to keep current with security and encryption improvements.  All transactions are instantly reported to the head end, and the user.   Similarly, updated access rights are downloaded to mobile credentials for use by the local lock upon the next activation. 

The Best Switch Core is currently focused on organizations that have a lot of locks, people, and something of value to defend.  Distribution is through your normal lock supply channels.

SALTO, a Spanish based company, uses primarily “data on card” RFID technology,  but also uses a variety of hardwired and RF communications methods, including Bluetooth Low Energy (BLE) and Near Field Communication (NFC).  Their XS4-GEO Mortise cylinder accepts data from cards, fobs, NFC, or BLE. 

MIFARE, DESFire EV1, NFC, and HID iCLASS protocols are accommodated in the SALTO product.   The battery operated mortise cylinder reader transmits to smart phones via encrypted BLE short range communication.  This product can be integrated into existing SALTO access control systems.  Distribution is through authorized business partners and Anixter.

Bottom line:  In addition to the familiar stand-alone electronic access control devices, you now have some very interesting plug-in electronic systems that can stand alone or enhance existing electronic access control. 

  • Direct contact devices like the CyberKey and Medeco XT work especially well for unattended, remote sites and others that need to be substantially hardened. 
  • The Cliq electronic key works well where highly tamper resistant Medeco keying is mixed with electronic accountability.  A single key can handle both.
  • Mobile credential applications like the Best Switch Core and SALTO XS4 GEO can provide effective low-cost electronic access control, especially to larger facilities that have layered security systems.

You don’t need to up-sell anything, just help your customers solve their problems.

Cameron Sharpe, CPP-Life Certified worked 30-years in the commercial lock and electronic access industry. He advised many educational, military, industrial, and utility organizations on key control processes. [email protected]   

About the Author

Cameron Sharpe

Cameron Sharpe, CPP, worked 30 years in the commercial lock and electronic access industry. Contact him at [email protected].