01 September, 2003
On campuses across the country, metal keys are disappearing in favor of plastic cards. As witnessed by the hotel industry in the preceding two decades, these offline electronic locks are revolutionizing door access in college dormitories. And the growing flexibility of these systems is taking them beyond the dorms and into a variety of multi-access areas such as labs, recreational facilities, offices, and classrooms.
The technology is even having impacts on the design of new housing construction. A new trend in campus housing is the suite model in which a number of individual rooms share a common area (e.g. living room, study area) and a common front door. Under this model, an electronic offline lock can be used to secure the front door to the series of rooms while the individual sleeping room doors use a traditional keyed lock. This model further reduces the expense of implementing an access control system–effectively securing four rooms with a single lock.
Can I install one of these locks in an existing door or do I have to install a new door?
Doors have holes drilled into them to accept handles and locks. There are two basic types of hole patterns, mortise and cylindrical. The lock on your office is almost certainly one of these varieties. They are standardized such that one lock mechanism can easily be removed and replaced with another. Should you wish to simply replace the mechanism with another keyed variety, you could purchase any brand lock assuming you selected the correct type–mortise or cylindrical. Or you could replace it with offline electronic lock that also is manufactured to fit either a mortise or a cylindrical door. In short if you have a door that currently has a lock on it, you can most likely replace the lock with a card-based electronic mechanism–without replacing or modifying the door.
How do offline electronic locks work?
At the most basic level, these mechanisms consist of normal door hardware as well as card reading equipment, electronic memory, a battery, and electronic signal circuitry. When a card is inserted into the reader, a unique code or identification number is read from the card and checked against the authorized numbers held in the lock’s memory or mathematically checked for validity. If the number is authorized, a signal is sent to the locking mechanism to trigger the opening process. A transaction record is written to the lock’s memory noting such information as the date, time, and card number.
I already have a security system. How is this different?
Traditional security and access control systems operate online, with each and every reader-equipped point of entry connected via wire to a central host computer. Because these systems are online, they can be in constant communication with the brains of the security system–the host computer. Information such as who has entered a facility or has a door been propped open can be known as it occurs, providing the critical “perimeter security” layer. In an ideal world, all access readers would be deployed in this manner as the level of control and ultimate security is maximized with this type host-based system. In the real world, however, it is often impractical to wire up each and every door to a central security system. It is often cost prohibitive and requires far greater installation labor, construction, and time. Offline locks are, in essence, a bridge between an online security system and traditional key-based systems. They offer significant security and flexibility advantages over key-based systems but do not require the expense of online security.
How do the costs compare with online systems?
As mentioned earlier, the costs associated with wiring every door on a campus to an online system can be overwhelming. While the offline hotel-style locks can cost less than $500 per door, online readers typically cost more than double this amount due to the added wiring and installation expenses.
In a four-floor dormitory with 100 rooms per floor, it could easily cost an additional $200,000 to wire each door to the online system. Campus-wide, this can amount to millions of dollars in added expense as all dorms and buildings are considered.
Few can afford this luxury, so many opt to combine the best of both worlds– using the online security system to control access at external doors where control is most critical and the cheaper offline electronic locks on internal doors. This hybrid solution provides a solid yet cost-effective system.
While the cost discrepancies described above are significant, others suggest the difference to be even greater. A Stanford University committee investigating access control options found that each online door could cost the institution between $3000 and $7000, compared with $500 to $600 per offline door.
What types of card technologies can be used?
Hotel-style mechanisms are available to read a variety of identification technologies. Early on, plastic cards with a specific pattern of holes punched into them were common. Other locks simply had a series of numbered buttons and a numeric code was physically entered into the lock. Today magnetic stripes, smart cards, proximity cards, and contactless cards can all be used in these mechanisms. Typically, however, only one technology can be used in any one lock. Thus, you must decide the technology you’ll be using prior to selecting the manufacturer and model of lock.
The most common technology used in these locks is the magnetic stripe. The lock will read data from a card’s magnetic stripe and use that to determine if access is to granted or denied. In general, the locks have their own proprietary data that they use. Thus, with few exceptions, a card will need to have a dedicated track on the magnetic stripe for offline lock usage. As a rule, this track cannot be shared with other applications. Most commonly, lock manufacturers have elected to utilize track three on the magnetic stripe. On most campuses, the third track is not utilized for other applications as most choose to use track two or tracks one and two for the data elements required by mealplan, library, banking, and other applications. Thus this use of track three has worked well. Except, however, on those campuses with two-track magnetic stripes on their existing cards. In these cases, the manufacturer must enable the locks to read track one or the campus has been unable to use the vendor’s locks.
You may ask, “why don’t the lock manufacturers utilize the same standard encoding schemes that the banks, many campus cards, and other organizations have agreed to use?” For good reason, some argue, in that a lock that read the standard ISO number and used it for identification would be far too easy to defraud, creating fake cards to gain access to secured facilities.
Locks are available for smart cards, proximity cards (such as HID’s prox cards used by many campuses), and contactless smart cards. There is even an offline electronic lock that reads the data from the Speedpass–the keychain token that more than 6 million people use to initiate payments at the gas pump. Other options include a combination of technologies including metal key overrides, biometric sensors, and on-board numeric keypads. Regardless of the technology or technologies used, be cautious and make certain that your specific card type will work with the reader you are evaluating.
Who are the providers of these offline locks?
Best Access, Persona (formerly VingCard Persona), Onity (formerly Tesa Entry Systems), Locknetics, Saflok, and a handful of other companies offer hotel-style door locks to the campus market. While all serve fundamentally the same purpose and operate in similar manners, there are real and significant differences between the vendors.
What are the key parts of an offline lock system?
Obviously there is the lock mechanism itself, but of equal importance is the management system and the data collection system. The management system is the software package that enables the creation and issuance of keys or card ID codes, the programming of individual locks, and the handling of lost/stolen/expired cards. The data collection system is used to collect transaction histories from and enable reprogramming of locks in the field.
Are these locks really sturdy enough to withstand the abuse of college dorm life?
Hundreds of campuses across the country have installed these locks in locations on the campus. While isolated problems with vandalism and failure certainly occur, the general impression is that the units tend to hold up well. To ruggedize the devices for campus life, some vendors use a different physical chassis and card reading component for the campus market than they use for other markets. You should understand the differences and feel comfortable that the physical makeup of the lock will meet the rugged requirements of dormitory life.
What type of battery is used in the lock?
Some vendors utilize standard batteries (e.g. AAs, AAAs) to power the locks while others use less common battery type not used in consumer devices. Several lock vendors have shared their experience with individuals opening the locks to remove the standard batteries for use in portable CD/MP3 players or other consumer electronic devices. If this is going to be a problem anywhere, it will certainly arise in college dormitories.
What happens if a battery is removed or dies?
Nearly all locks are protected by a backup power supply to ensure that transaction and programming data are maintained when the batteries fail or are removed. The lock, however, becomes disabled for this time. This is not an issue for exiting a room as, like normal locks, the entrance for the outside is controlled but the exit from within is freely available via the handle. It will, however, require new batteries or a manual override to gain entrance to the room. In most cases, as battery power is getting low, a warning is provided by audible sound or blinking light. Under normal circumstances, this provides plenty of advanced warning for battery replacement.
What options are available in these locks beyond the Mortise and Cylindrical choice– in other words, what else will I have to decide?
While each vendor will differ to an extent, there are a couple of basic options. Many vendors provide a couple of options with regard finish and color (e.g. brass or pewter). The locks can come with or without a built-in deadbolt that provides extra security–not controlled by the card–when locked from within the room. Locks are often available with or without a numeric keypad to enable the added security of a code number to be used either alone or in concert with the card.
What type of data is collected in the locks?
In general, the locks keep a log of transactions for both accepted and rejected openings. At a minimum, each transaction will track card number, date and time, and result (accepted or rejected). The number of transactions stored is limited by the unit’s memory capacity and the volume of customized optional data held in the unit. Once the maximum number of transactions is reached, the lock will overwrite existing records starting with the oldest (first in, first out).
How, when, and why is data extracted from the locks?
Each manufacturer offers some form of portable data collection device to retrieve records from the locks. This can be a laptop computer, a handheld computer, or a personal digital assistant (PDA). The collection device is attached to the lock via a port most often hidden on the underside of the chassis. Data can be extracted from the locks at anytime, however, in practice data collection is rare. Most installations only collect data in cases of suspicious activity (e.g. a crime has occurred in the secured location, theft is suspected, employee abuse of facilities). In these cases, the logs can be monitored to determine which cards were used to enter the premises at what times. The same device used to collect this data is often used to reprogram locks in the field with customized functions and data. The retention and use of the residual data from these locks should be outlined in an appropriate institutional policy.
What type of customized functions can be added to the locks?
While differences exist in the specific functions and the handling of these functions, a number of extremely useful customizable options can be available. First, locks can be programmed to lockout valid cards for a given period to keep students out of dorms during mandatory vacation periods. Locks can be set to deactivate a previously valid card when a next-in-line valid card is presented. In practice, this can allow a new student to be assigned to a dorm room and given a key that invalidates the previous occupant’s key. Thus, the need to collect keys or visit and re-key a lock for which a key was lost or not returned is eliminated. These are just a few of the powerful uses of the customizable features available on many of these locks.
How can I grant access to staff and security personnel like I have in the past with master keys?
The use of varying access levels can enable the creation of staff cards and security personnel cards with different privileges. For example, a member of the housekeeping staff might have a single card providing access to all rooms on a given floor of a specific dorm during approved working hours while a security officer might have complete access to all locks during all time periods.
What are the functions of the management software?
The management software handles the key issuance process, sets parameters for expiration of keys, coordinates the linking of locks/rooms and keys, manages lost and stolen key handling, and creates master keys for staff and security personnel. Most are PC-based packages with attached encoders. Recently, the integration of these management systems into the card issuance and management systems provided by card system vendors has been gaining ground.
What have we learned?
If you are considering a move to an offline security system, there are many elements to consider. Understand the current key issuance process on your campus. Talk to the people that run your key bank and learn what the challenges and strengths of the current physical key distribution and collection process. Remember that some may feel threatened by a new system that changes the role of any campus locksmith, security, or key handling staff.
Evaluate the vendors and find out which best meet your needs. As we have stated repeatedly, each has different ways for handling key features of the system and some may better match your situation than others. Find out how each system will interact with your current card issuance process. Do you want the card office staff to distribute the keys (encode the keys on the cards) or do you want this process to continue through housing or security? Will the system tie in with your current software and processes?
Finally, if you are currently utilizing a two-track magnetic stripe consider switching to a three-track stripe next time you reorder cards. It will not impact your current efforts but it will better prepare you should the move to offline locks occur on your campus. This move is happening with greater and greater frequency as the cost efficiencies are realized and the focus on campus security continues to grow.